Jump to content


Photo
- - - - -

Help - google redirect virus


  • This topic is locked This topic is locked
22 replies to this topic

#1 sgeorge

sgeorge

    New Member

  • Members
  • Pip
  • 14 posts

Posted 22 February 2012 - 09:34 PM

Hi,
I have the google re-direct virus. Anytime I try to search in a search engine, it re-directs me to a spam page (usually askthecrew.com or gimmeanswers.com).

I've run the Malwarebytes anti-malware scan (below).

The anti-malware traps the c:\windows\svchost.exe trojan.agent. I can quarantine it. I can click the "remove" on the trojan viruses and it forces me to reboot. When I reboot, the viruses are back.

Can anyone suggest any other tools?
Thanks
Sheila



Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.21.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Roo :: ROO-SOXLAPTOP [administrator]
2/20/2012 9:54:49 PM
mbam-log-2012-02-20 (21-54-49).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 193615
Time elapsed: 7 minute(s), 55 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4876 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
(end)

#2 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 907 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 23 February 2012 - 02:24 AM

Hy
my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.
  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.


Posted Image
Download DDS and save it to your desktop from here or here
Double click dds to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop and post them in your next reply




Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.



Please post in your next reply
dds.txt
attach.txt
TDSSKiller Log

regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 


#3 sgeorge

sgeorge

    New Member

  • Members
  • Pip
  • 14 posts

Posted 23 February 2012 - 07:26 AM

Hy
my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Posted Image
Download DDS and save it to your desktop from here or here
Double click dds to run the tool.
  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop and post them in your next reply
    Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

    Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
Please post the contents of that log in your next reply.



Please post in your next reply
dds.txt
attach.txt
TDSSKiller Log




Thank you Daniel. I am adding my log files.

DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Roo at 7:15:34 on 2012-02-23
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6109.4112 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\AOL 9.5\waol.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\aol\1262054950\ee\aolsoftware.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\AOL 9.5\shellmon.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120112184243.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SimpleAdblock Class: {ffcb3198-32f3-4e8b-9539-4324694ed664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler
uRun: [AOL Fast Start] "C:\Program Files (x86)\AOL 9.5\AOL.EXE" -b
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1262054950\ee\AOLSoftware.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamgui.exe" /starttray
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
StartupFolder: C:\Users\Roo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{F292B776-5071-4241-B5B2-47B1A9AD68F6} : DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{F292B776-5071-4241-B5B2-47B1A9AD68F6}\378616B65637 : DhcpNameServer = 68.237.161.12 71.243.0.12
TCP: Interfaces\{F292B776-5071-4241-B5B2-47B1A9AD68F6}\B4566796E67456F6277656 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{F292B776-5071-4241-B5B2-47B1A9AD68F6}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120112184243.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [HostManager] C:\Program Files (x86)\Common Files\AOL\1262054950\ee\AOLSoftware.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 94.63.240.133 www.google.com
Hosts: 94.63.240.134 www.bing.com
.
============= SERVICES / DRIVERS ===============
.
R0 dlkmdldr;dlkmdldr;C:\Windows\system32\drivers\dlkmdldr.sys --> C:\Windows\system32\drivers\dlkmdldr.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AbsoluteNotifier;Absolute Notifier;C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-8 10408]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2009-12-8 8551272]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2012-2-20 652360]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-4 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-4 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-4 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-8-13 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-8-13 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-8-13 161168]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-9-15 88576]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-12-2 705856]
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-1-21 130048]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 dlkmd;dlkmd;C:\Windows\system32\drivers\dlkmd.sys --> C:\Windows\system32\drivers\dlkmd.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]
S3 DisplayLinkUsbPort;DisplayLink USB Device;C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.22617.0.sys --> C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.22617.0.sys [?]
S3 dlcdbus;DisplayLink Composite USB Bus Driver driver (WDM);C:\Windows\system32\DRIVERS\dlcdbus.sys --> C:\Windows\system32\DRIVERS\dlcdbus.sys [?]
S3 FlyUsb;FLY Fusion;C:\Windows\system32\DRIVERS\FlyUsb.sys --> C:\Windows\system32\DRIVERS\FlyUsb.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 LAN9500;LAN9500 USB 2.0 to Ethernet 10/100 Adapter Service;C:\Windows\system32\DRIVERS\lan9500-x64-n51f.sys --> C:\Windows\system32\DRIVERS\lan9500-x64-n51f.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-02-23 02:43:07 20480 ----a-w- C:\Windows\svchost.exe
2012-02-22 11:04:31 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-02-22 11:04:28 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7BF13FF4-C811-473C-BD31-349C3E0EA235}\mpengine.dll
2012-02-21 03:20:49 -------- d-----w- C:\Program Files (x86)\Common Files\Simple Adblock
2012-02-21 02:32:01 -------- d-----w- C:\Users\Roo\AppData\Roaming\Malwarebytes
2012-02-21 02:31:46 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-21 02:31:44 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-21 02:31:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2012-02-19 18:25:47 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-17 15:08:41 -------- d-----w- C:\Users\Roo\AppData\Roaming\57168
2012-02-17 15:07:55 -------- d-----w- C:\Users\Roo\AppData\Roaming\B8457
2012-02-16 02:16:36 -------- d-----w- C:\63146ec7b3a033f4356ca48e
2012-02-16 02:08:20 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-16 02:08:19 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-16 02:08:07 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-16 02:08:06 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-16 02:08:00 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-16 02:07:54 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-16 02:07:45 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-16 02:07:44 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-14 03:14:29 -------- d-----w- C:\Program Files (x86)\LP
2012-02-14 03:00:27 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\52A1.tmp
2012-02-14 03:00:27 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\52A0.tmp
2012-02-06 00:08:26 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-05 23:30:37 -------- d-----w- C:\Users\Roo\AppData\Roaming\Macrovision
2012-01-25 20:25:19 -------- d-----w- C:\Program Files\iPod
2012-01-25 20:25:18 -------- d-----w- C:\Program Files\iTunes
2012-01-25 20:25:18 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M ====================
.
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-06-02 21:26:20 23384 ----a-w- C:\Program Files (x86)\QuickenOLBackupLauncher.exe
2010-06-02 21:25:34 48472 ----a-w- C:\Program Files (x86)\InetTools.dll
2010-06-02 21:24:32 537944 ----a-w- C:\Program Files (x86)\UpdateContent.dll
2010-06-02 21:24:28 57176 ----a-w- C:\Program Files (x86)\RestartExe.exe
2010-06-02 21:24:28 46424 ----a-w- C:\Program Files (x86)\BindContent.exe
2010-06-02 21:24:24 312664 ----a-w- C:\Program Files (x86)\SendError.dll
2010-06-02 21:24:22 32088 ----a-w- C:\Program Files (x86)\qwutilnet.dll
2010-06-02 21:24:12 359768 ----a-w- C:\Program Files (x86)\qwplan.dll
2010-06-02 21:24:10 129880 ----a-w- C:\Program Files (x86)\qwonlineFeatures.dll
2010-06-02 21:24:04 76120 ----a-w- C:\Program Files (x86)\qwipa.dll
2010-06-02 21:22:58 28504 ----a-w- C:\Program Files (x86)\lbt.dll
2010-06-02 21:22:58 129880 ----a-w- C:\Program Files (x86)\QCustomAction.dll
2010-06-02 21:22:46 39768 ----a-w- C:\Program Files (x86)\convert_stub.dll
2010-06-02 21:22:46 155992 ----a-w- C:\Program Files (x86)\cashgen.dll
2010-06-02 21:22:44 34136 ----a-w- C:\Program Files (x86)\CalendarSync.dll
2010-06-02 21:22:42 116568 ----a-w- C:\Program Files (x86)\billmind_qwrmnd.dll
2010-06-02 21:22:40 47448 ----a-w- C:\Program Files (x86)\billmind_alrtpkg.dll
2010-06-02 21:22:40 26456 ----a-w- C:\Program Files (x86)\billmind.exe
2010-06-02 21:22:38 77656 ----a-w- C:\Program Files (x86)\bagent.exe
2010-06-02 21:22:34 354136 ----a-w- C:\Program Files (x86)\alert.dll
2010-06-02 21:22:30 38744 ----a-w- C:\Program Files (x86)\printenv.exe
2010-06-02 21:22:20 1035608 ----a-w- C:\Program Files (x86)\dbghelp.dll
2010-06-02 21:22:18 71000 ----a-w- C:\Program Files (x86)\techhelp.exe
2010-01-04 23:40:10 433976 ----a-w- C:\Program Files (x86)\EmergencyRecordsOrganizer.exe
2010-01-04 23:40:08 861432 ----a-w- C:\Program Files (x86)\QuickenHomeInventory.exe
2009-09-08 17:43:28 15720 ----a-w- C:\Program Files (x86)\mvut14n.dll
2009-09-08 17:42:26 223584 ----a-w- C:\Program Files (x86)\patchw32.dll
2009-09-08 17:40:54 41320 ----a-w- C:\Program Files (x86)\lbt_excite.dll
2009-09-08 17:40:38 23912 ----a-w- C:\Program Files (x86)\dellid.dll
2009-09-08 17:40:28 78184 ----a-w- C:\Program Files (x86)\bgt.dll
2009-09-08 17:40:26 34152 ----a-w- C:\Program Files (x86)\atwork.dll
.
============= FINISH: 7:17:06.35 ===============


Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 12/11/2009 7:29:39 PM
System Uptime: 2/23/2012 7:02:22 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0C234M
Processor: Intel® Core™2 Duo CPU P7450 @ 2.13GHz | U2E1 | 2133/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 323.966 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP167: 2/13/2012 8:29:09 AM - Scheduled Checkpoint
RP168: 2/15/2012 9:08:31 PM - Windows Update
RP169: 2/16/2012 3:00:23 AM - Windows Update
RP170: 2/16/2012 10:30:07 AM - Windows Update
RP171: 2/18/2012 11:11:51 PM - Restore Operation
RP172: 2/19/2012 1:25:15 PM - Windows Update
RP174: 2/19/2012 1:50:58 PM - Windows Defender Checkpoint
RP175: 2/20/2012 11:42:58 PM - Windows Update
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
Absolute Notifier
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.2
Advanced Audio FX Engine
AnswerWorks 5.0 English Runtime
AnyDVD
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Software Update
ATI Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Citrix Presentation Server Client - Web Only
CloneDVDmobile
Compatibility Pack for the 2007 Office system
Consumer In-Home Service Agreement
Coupon Printer for Windows
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Getting Started Guide
Dell Webcam Central
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
Internet TV for Windows Media Center
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java™ 6 Update 26
Junk Mail filter update
LeapFrog Connect
LeapFrog Tag Plugin
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee SecurityCenter
McAfee Virtual Technician
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
PowerDVD DX
Quicken 2010
QuickTime
Roxio Burn
Roxio Update Manager
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Simple Adblock
Skins
Skype Toolbars
Skype™ 4.2
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
Uninstall AOL Emergency Connect Utility 1.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
Viewpoint Media Player
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
2/22/2012 9:51:46 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
2/19/2012 10:33:59 AM, Error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
2/19/2012 1:55:55 PM, Error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 7 time(s).
2/19/2012 1:37:34 PM, Error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 6 time(s).
2/19/2012 1:34:54 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
2/19/2012 1:32:55 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
2/19/2012 1:30:47 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
2/19/2012 1:28:47 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
2/19/2012 1:22:19 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
2/18/2012 11:28:05 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
2/18/2012 11:25:08 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
2/18/2012 11:11:41 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff800032c0b5a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 021812-25864-01.
.
==== End Of File ===========================

#4 sgeorge

sgeorge

    New Member

  • Members
  • Pip
  • 14 posts

Posted 23 February 2012 - 07:38 AM

TDSS Killer Log

07:36:49.0721 9032 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
07:36:52.0252 9032 ============================================================
07:36:52.0252 9032 Current date / time: 2012/02/23 07:36:52.0252
07:36:52.0252 9032 SystemInfo:
07:36:52.0252 9032
07:36:52.0252 9032 OS Version: 6.1.7601 ServicePack: 1.0
07:36:52.0252 9032 Product type: Workstation
07:36:52.0262 9032 ComputerName: ROO-SOXLAPTOP
07:36:52.0262 9032 UserName: Roo
07:36:52.0262 9032 Windows directory: C:\Windows
07:36:52.0262 9032 System windows directory: C:\Windows
07:36:52.0262 9032 Running under WOW64
07:36:52.0262 9032 Processor architecture: Intel x64
07:36:52.0262 9032 Number of processors: 2
07:36:52.0262 9032 Page size: 0x1000
07:36:52.0262 9032 Boot type: Normal boot
07:36:52.0262 9032 ============================================================
07:36:54.0113 9032 Initialize success
07:36:56.0883 6232 ============================================================
07:36:56.0883 6232 Scan started
07:36:56.0883 6232 Mode: Manual;
07:36:56.0883 6232 ============================================================
07:37:01.0073 6232 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
07:37:01.0093 6232 1394ohci - ok
07:37:01.0233 6232 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
07:37:01.0253 6232 ACPI - ok
07:37:01.0373 6232 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
07:37:01.0373 6232 AcpiPmi - ok
07:37:01.0523 6232 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
07:37:01.0553 6232 adp94xx - ok
07:37:02.0923 6232 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
07:37:02.0943 6232 adpahci - ok
07:37:03.0503 6232 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
07:37:03.0513 6232 adpu320 - ok
07:37:03.0713 6232 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
07:37:03.0743 6232 AFD - ok
07:37:03.0833 6232 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
07:37:03.0843 6232 agp440 - ok
07:37:03.0923 6232 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
07:37:03.0923 6232 aliide - ok
07:37:04.0023 6232 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
07:37:04.0033 6232 amdide - ok
07:37:04.0263 6232 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
07:37:04.0263 6232 AmdK8 - ok
07:37:04.0373 6232 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
07:37:04.0383 6232 AmdPPM - ok
07:37:04.0463 6232 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
07:37:04.0473 6232 amdsata - ok
07:37:04.0513 6232 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
07:37:04.0523 6232 amdsbs - ok
07:37:04.0553 6232 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
07:37:04.0553 6232 amdxata - ok
07:37:04.0643 6232 AnyDVD (2d71d1eed26923802c1c1b26e603fe0c) C:\Windows\system32\Drivers\AnyDVD.sys
07:37:04.0653 6232 AnyDVD - ok
07:37:04.0733 6232 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
07:37:04.0743 6232 AppID - ok
07:37:04.0903 6232 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
07:37:04.0923 6232 arc - ok
07:37:04.0953 6232 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
07:37:04.0963 6232 arcsas - ok
07:37:05.0043 6232 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
07:37:05.0053 6232 AsyncMac - ok
07:37:05.0103 6232 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
07:37:05.0103 6232 atapi - ok
07:37:05.0183 6232 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys
07:37:05.0183 6232 AtiHdmiService - ok
07:37:05.0493 6232 atikmdag (a08339ae90972e268b9622c668f450e8) C:\Windows\system32\DRIVERS\atikmdag.sys
07:37:05.0753 6232 atikmdag - ok
07:37:05.0903 6232 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
07:37:05.0933 6232 b06bdrv - ok
07:37:05.0973 6232 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
07:37:05.0983 6232 b57nd60a - ok
07:37:06.0053 6232 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
07:37:06.0063 6232 BCM42RLY - ok
07:37:06.0363 6232 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
07:37:06.0553 6232 BCM43XX - ok
07:37:06.0643 6232 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
07:37:06.0643 6232 Beep - ok
07:37:06.0733 6232 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
07:37:06.0743 6232 blbdrive - ok
07:37:06.0833 6232 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
07:37:06.0843 6232 bowser - ok
07:37:06.0873 6232 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:37:06.0873 6232 BrFiltLo - ok
07:37:06.0973 6232 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:37:06.0973 6232 BrFiltUp - ok
07:37:07.0013 6232 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
07:37:07.0033 6232 Brserid - ok
07:37:07.0073 6232 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
07:37:07.0083 6232 BrSerWdm - ok
07:37:07.0103 6232 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:37:07.0103 6232 BrUsbMdm - ok
07:37:07.0143 6232 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
07:37:07.0143 6232 BrUsbSer - ok
07:37:07.0163 6232 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
07:37:07.0173 6232 BTHMODEM - ok
07:37:07.0223 6232 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
07:37:07.0233 6232 cdfs - ok
07:37:07.0403 6232 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
07:37:07.0413 6232 cdrom - ok
07:37:07.0503 6232 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
07:37:07.0503 6232 cfwids - ok
07:37:07.0543 6232 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
07:37:07.0553 6232 circlass - ok
07:37:07.0613 6232 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
07:37:07.0633 6232 CLFS - ok
07:37:07.0723 6232 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
07:37:07.0733 6232 CmBatt - ok
07:37:07.0803 6232 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
07:37:07.0803 6232 cmdide - ok
07:37:07.0873 6232 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
07:37:07.0903 6232 CNG - ok
07:37:07.0963 6232 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
07:37:07.0973 6232 Compbatt - ok
07:37:08.0043 6232 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
07:37:08.0043 6232 CompositeBus - ok
07:37:08.0203 6232 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
07:37:08.0213 6232 crcdisk - ok
07:37:08.0293 6232 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
07:37:08.0333 6232 CSC - ok
07:37:08.0413 6232 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
07:37:08.0413 6232 CtClsFlt - ok
07:37:08.0573 6232 dc3d (76e02db615a03801d698199a2bc4a06a) C:\Windows\system32\DRIVERS\dc3d.sys
07:37:08.0583 6232 dc3d - ok
07:37:08.0703 6232 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
07:37:08.0713 6232 DfsC - ok
07:37:08.0803 6232 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
07:37:08.0803 6232 discache - ok
07:37:08.0843 6232 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
07:37:08.0843 6232 Disk - ok
07:37:08.0943 6232 DisplayLinkUsbPort (15d38bfec1c6db925a9427052ac2bd77) C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.22617.0.sys
07:37:08.0953 6232 DisplayLinkUsbPort - ok
07:37:09.0013 6232 dlcdbus (0e787242686a9fc890ed420c9c287686) C:\Windows\system32\DRIVERS\dlcdbus.sys
07:37:09.0013 6232 dlcdbus - ok
07:37:09.0063 6232 dlkmd (f7b3c3e03d957d73d41947402d9cd406) C:\Windows\system32\drivers\dlkmd.sys
07:37:09.0063 6232 dlkmd - ok
07:37:09.0103 6232 dlkmdldr (389fb1d69a1b0e2403327590bf50084b) C:\Windows\system32\drivers\dlkmdldr.sys
07:37:09.0103 6232 dlkmdldr - ok
07:37:09.0203 6232 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
07:37:09.0203 6232 drmkaud - ok
07:37:09.0263 6232 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
07:37:09.0293 6232 DXGKrnl - ok
07:37:09.0463 6232 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
07:37:09.0593 6232 ebdrv - ok
07:37:09.0693 6232 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
07:37:09.0703 6232 ElbyCDIO - ok
07:37:09.0743 6232 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
07:37:09.0763 6232 elxstor - ok
07:37:09.0843 6232 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
07:37:09.0843 6232 ErrDev - ok
07:37:09.0913 6232 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
07:37:09.0923 6232 exfat - ok
07:37:10.0013 6232 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
07:37:10.0023 6232 fastfat - ok
07:37:10.0113 6232 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
07:37:10.0113 6232 fdc - ok
07:37:10.0153 6232 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
07:37:10.0163 6232 FileInfo - ok
07:37:10.0193 6232 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
07:37:10.0193 6232 Filetrace - ok
07:37:10.0223 6232 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
07:37:10.0223 6232 flpydisk - ok
07:37:10.0323 6232 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
07:37:10.0343 6232 FltMgr - ok
07:37:10.0403 6232 FlyUsb (6cd6bb45bd3e0eef6ce496bf52854ff1) C:\Windows\system32\DRIVERS\FlyUsb.sys
07:37:10.0403 6232 FlyUsb - ok
07:37:10.0443 6232 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
07:37:10.0443 6232 FsDepends - ok
07:37:10.0493 6232 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
07:37:10.0503 6232 fssfltr - ok
07:37:10.0533 6232 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
07:37:10.0563 6232 Fs_Rec - ok
07:37:10.0623 6232 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
07:37:10.0633 6232 fvevol - ok
07:37:10.0663 6232 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
07:37:10.0673 6232 gagp30kx - ok
07:37:10.0733 6232 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:37:10.0733 6232 GEARAspiWDM - ok
07:37:10.0853 6232 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
07:37:10.0873 6232 hcw85cir - ok
07:37:11.0023 6232 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
07:37:11.0033 6232 HDAudBus - ok
07:37:11.0063 6232 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
07:37:11.0073 6232 HidBatt - ok
07:37:11.0093 6232 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
07:37:11.0103 6232 HidBth - ok
07:37:11.0133 6232 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
07:37:11.0133 6232 HidIr - ok
07:37:11.0193 6232 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
07:37:11.0203 6232 HidUsb - ok
07:37:11.0253 6232 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
07:37:11.0263 6232 HpSAMD - ok
07:37:11.0323 6232 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
07:37:11.0333 6232 HTCAND64 - ok
07:37:11.0423 6232 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
07:37:11.0423 6232 htcnprot - ok
07:37:11.0543 6232 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
07:37:11.0563 6232 HTTP - ok
07:37:11.0623 6232 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
07:37:11.0623 6232 hwpolicy - ok
07:37:11.0703 6232 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
07:37:11.0703 6232 i8042prt - ok
07:37:11.0783 6232 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
07:37:11.0813 6232 iaStorV - ok
07:37:11.0883 6232 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
07:37:11.0893 6232 iirsp - ok
07:37:11.0943 6232 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
07:37:11.0953 6232 intelide - ok
07:37:12.0083 6232 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
07:37:12.0093 6232 intelppm - ok
07:37:12.0183 6232 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:37:12.0183 6232 IpFilterDriver - ok
07:37:12.0253 6232 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
07:37:12.0253 6232 IPMIDRV - ok
07:37:12.0293 6232 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
07:37:12.0293 6232 IPNAT - ok
07:37:12.0353 6232 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
07:37:12.0353 6232 IRENUM - ok
07:37:12.0393 6232 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
07:37:12.0403 6232 isapnp - ok
07:37:12.0453 6232 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
07:37:12.0463 6232 iScsiPrt - ok
07:37:12.0523 6232 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\Windows\system32\DRIVERS\k57nd60a.sys
07:37:12.0523 6232 k57nd60a - ok
07:37:12.0563 6232 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
07:37:12.0563 6232 kbdclass - ok
07:37:12.0593 6232 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
07:37:12.0593 6232 kbdhid - ok
07:37:12.0653 6232 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
07:37:12.0653 6232 KSecDD - ok
07:37:12.0693 6232 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
07:37:12.0703 6232 KSecPkg - ok
07:37:12.0743 6232 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
07:37:12.0743 6232 ksthunk - ok
07:37:12.0803 6232 LAN9500 (bc2539d1f5f6b7def2f736d93a9a0938) C:\Windows\system32\DRIVERS\lan9500-x64-n51f.sys
07:37:12.0803 6232 LAN9500 - ok
07:37:12.0878 6232 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
07:37:12.0878 6232 lltdio - ok
07:37:12.0908 6232 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
07:37:12.0918 6232 LSI_FC - ok
07:37:12.0928 6232 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
07:37:12.0938 6232 LSI_SAS - ok
07:37:12.0958 6232 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:37:12.0968 6232 LSI_SAS2 - ok
07:37:13.0008 6232 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:37:13.0008 6232 LSI_SCSI - ok
07:37:13.0068 6232 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
07:37:13.0068 6232 luafv - ok
07:37:13.0148 6232 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
07:37:13.0158 6232 MBAMProtector - ok
07:37:13.0258 6232 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
07:37:13.0268 6232 megasas - ok
07:37:13.0288 6232 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
07:37:13.0288 6232 MegaSR - ok
07:37:13.0338 6232 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
07:37:13.0338 6232 mfeapfk - ok
07:37:13.0398 6232 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
07:37:13.0398 6232 mfeavfk - ok
07:37:13.0428 6232 mfeavfk01 - ok
07:37:13.0478 6232 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
07:37:13.0488 6232 mfefirek - ok
07:37:13.0538 6232 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
07:37:13.0558 6232 mfehidk - ok
07:37:13.0598 6232 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
07:37:13.0608 6232 mfenlfk - ok
07:37:13.0658 6232 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
07:37:13.0658 6232 mferkdet - ok
07:37:13.0698 6232 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
07:37:13.0698 6232 mfewfpk - ok
07:37:13.0758 6232 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
07:37:13.0758 6232 Modem - ok
07:37:13.0808 6232 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
07:37:13.0808 6232 monitor - ok
07:37:13.0868 6232 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
07:37:13.0868 6232 mouclass - ok
07:37:13.0908 6232 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
07:37:13.0918 6232 mouhid - ok
07:37:13.0968 6232 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
07:37:13.0968 6232 mountmgr - ok
07:37:14.0018 6232 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
07:37:14.0028 6232 mpio - ok
07:37:14.0048 6232 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
07:37:14.0048 6232 mpsdrv - ok
07:37:14.0088 6232 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
07:37:14.0088 6232 MRxDAV - ok
07:37:14.0138 6232 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:37:14.0138 6232 mrxsmb - ok
07:37:14.0178 6232 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:37:14.0178 6232 mrxsmb10 - ok
07:37:14.0198 6232 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:37:14.0198 6232 mrxsmb20 - ok
07:37:14.0218 6232 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
07:37:14.0228 6232 msahci - ok
07:37:14.0248 6232 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
07:37:14.0248 6232 msdsm - ok
07:37:14.0298 6232 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
07:37:14.0298 6232 Msfs - ok
07:37:14.0318 6232 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
07:37:14.0318 6232 mshidkmdf - ok
07:37:14.0358 6232 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
07:37:14.0358 6232 msisadrv - ok
07:37:14.0408 6232 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
07:37:14.0408 6232 MSKSSRV - ok
07:37:14.0458 6232 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
07:37:14.0458 6232 MSPCLOCK - ok
07:37:14.0478 6232 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
07:37:14.0488 6232 MSPQM - ok
07:37:14.0558 6232 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
07:37:14.0558 6232 MsRPC - ok
07:37:14.0578 6232 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
07:37:14.0588 6232 mssmbios - ok
07:37:14.0608 6232 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
07:37:14.0608 6232 MSTEE - ok
07:37:14.0628 6232 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
07:37:14.0628 6232 MTConfig - ok
07:37:14.0648 6232 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
07:37:14.0658 6232 Mup - ok
07:37:14.0698 6232 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
07:37:14.0708 6232 NativeWifiP - ok
07:37:14.0788 6232 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
07:37:14.0808 6232 NDIS - ok
07:37:14.0828 6232 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
07:37:14.0838 6232 NdisCap - ok
07:37:14.0878 6232 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
07:37:14.0878 6232 NdisTapi - ok
07:37:14.0908 6232 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
07:37:14.0918 6232 Ndisuio - ok
07:37:14.0948 6232 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
07:37:14.0958 6232 NdisWan - ok
07:37:14.0998 6232 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
07:37:14.0998 6232 NDProxy - ok
07:37:15.0018 6232 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
07:37:15.0018 6232 NetBIOS - ok
07:37:15.0068 6232 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
07:37:15.0068 6232 NetBT - ok
07:37:15.0118 6232 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
07:37:15.0128 6232 nfrd960 - ok
07:37:15.0168 6232 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
07:37:15.0178 6232 Npfs - ok
07:37:15.0198 6232 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
07:37:15.0198 6232 nsiproxy - ok
07:37:15.0278 6232 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
07:37:15.0318 6232 Ntfs - ok
07:37:15.0378 6232 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
07:37:15.0388 6232 NuidFltr - ok
07:37:15.0408 6232 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
07:37:15.0408 6232 Null - ok
07:37:15.0448 6232 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
07:37:15.0448 6232 nvraid - ok
07:37:15.0478 6232 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
07:37:15.0478 6232 nvstor - ok
07:37:15.0518 6232 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
07:37:15.0528 6232 nv_agp - ok
07:37:15.0558 6232 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
07:37:15.0558 6232 ohci1394 - ok
07:37:15.0618 6232 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
07:37:15.0618 6232 Parport - ok
07:37:15.0648 6232 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
07:37:15.0648 6232 partmgr - ok
07:37:15.0758 6232 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
07:37:15.0798 6232 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
07:37:15.0828 6232 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
07:37:15.0838 6232 pci - ok
07:37:15.0868 6232 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
07:37:15.0879 6232 pciide - ok
07:37:15.0919 6232 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
07:37:15.0919 6232 pcmcia - ok
07:37:15.0949 6232 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
07:37:15.0949 6232 pcw - ok
07:37:15.0979 6232 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
07:37:15.0999 6232 PEAUTH - ok
07:37:16.0079 6232 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
07:37:16.0079 6232 Point64 - ok
07:37:16.0139 6232 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
07:37:16.0139 6232 PptpMiniport - ok
07:37:16.0159 6232 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
07:37:16.0169 6232 Processor - ok
07:37:16.0229 6232 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
07:37:16.0229 6232 Psched - ok
07:37:16.0279 6232 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
07:37:16.0279 6232 PxHlpa64 - ok
07:37:16.0329 6232 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
07:37:16.0359 6232 ql2300 - ok
07:37:16.0379 6232 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
07:37:16.0389 6232 ql40xx - ok
07:37:16.0399 6232 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
07:37:16.0399 6232 QWAVEdrv - ok
07:37:16.0419 6232 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
07:37:16.0429 6232 RasAcd - ok
07:37:16.0459 6232 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:37:16.0459 6232 RasAgileVpn - ok
07:37:16.0499 6232 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:37:16.0509 6232 Rasl2tp - ok
07:37:16.0529 6232 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
07:37:16.0529 6232 RasPppoe - ok
07:37:16.0559 6232 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
07:37:16.0559 6232 RasSstp - ok
07:37:16.0599 6232 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
07:37:16.0609 6232 rdbss - ok
07:37:16.0629 6232 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
07:37:16.0629 6232 rdpbus - ok
07:37:16.0639 6232 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:37:16.0639 6232 RDPCDD - ok
07:37:16.0689 6232 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
07:37:16.0699 6232 RDPDR - ok
07:37:16.0739 6232 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
07:37:16.0739 6232 RDPENCDD - ok
07:37:16.0759 6232 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
07:37:16.0759 6232 RDPREFMP - ok
07:37:16.0829 6232 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
07:37:16.0829 6232 RdpVideoMiniport - ok
07:37:16.0899 6232 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
07:37:16.0909 6232 RDPWD - ok
07:37:16.0979 6232 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
07:37:16.0989 6232 rdyboost - ok
07:37:17.0029 6232 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
07:37:17.0029 6232 rimmptsk - ok
07:37:17.0049 6232 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
07:37:17.0059 6232 rimsptsk - ok
07:37:17.0099 6232 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
07:37:17.0099 6232 RimUsb - ok
07:37:17.0139 6232 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
07:37:17.0149 6232 rismxdp - ok
07:37:17.0209 6232 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
07:37:17.0209 6232 rspndr - ok
07:37:17.0249 6232 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
07:37:17.0249 6232 s3cap - ok
07:37:17.0279 6232 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
07:37:17.0279 6232 sbp2port - ok
07:37:17.0329 6232 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
07:37:17.0329 6232 scfilter - ok
07:37:17.0359 6232 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
07:37:17.0359 6232 sdbus - ok
07:37:17.0399 6232 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
07:37:17.0399 6232 secdrv - ok
07:37:17.0439 6232 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
07:37:17.0439 6232 Serenum - ok
07:37:17.0469 6232 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
07:37:17.0469 6232 Serial - ok
07:37:17.0509 6232 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
07:37:17.0509 6232 sermouse - ok
07:37:17.0539 6232 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
07:37:17.0539 6232 sffdisk - ok
07:37:17.0559 6232 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
07:37:17.0559 6232 sffp_mmc - ok
07:37:17.0579 6232 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
07:37:17.0589 6232 sffp_sd - ok
07:37:17.0609 6232 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
07:37:17.0609 6232 sfloppy - ok
07:37:17.0699 6232 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:37:17.0699 6232 SiSRaid2 - ok
07:37:17.0739 6232 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
07:37:17.0739 6232 SiSRaid4 - ok
07:37:17.0789 6232 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
07:37:17.0799 6232 Smb - ok
07:37:17.0849 6232 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
07:37:17.0859 6232 spldr - ok
07:37:17.0909 6232 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
07:37:17.0919 6232 srv - ok
07:37:17.0959 6232 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
07:37:17.0969 6232 srv2 - ok
07:37:18.0009 6232 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
07:37:18.0009 6232 srvnet - ok
07:37:18.0069 6232 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
07:37:18.0069 6232 stexstor - ok
07:37:18.0109 6232 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
07:37:18.0119 6232 STHDA - ok
07:37:18.0169 6232 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
07:37:18.0179 6232 storflt - ok
07:37:18.0189 6232 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
07:37:18.0199 6232 storvsc - ok
07:37:18.0239 6232 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
07:37:18.0239 6232 swenum - ok
07:37:18.0279 6232 Synth3dVsc - ok
07:37:18.0319 6232 SynTP (1657b7442d5ce30533f5c4317716b468) C:\Windows\system32\DRIVERS\SynTP.sys
07:37:18.0329 6232 SynTP - ok
07:37:18.0419 6232 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
07:37:18.0449 6232 Tcpip - ok
07:37:18.0519 6232 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
07:37:18.0529 6232 TCPIP6 - ok
07:37:18.0569 6232 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
07:37:18.0569 6232 tcpipreg - ok
07:37:18.0609 6232 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
07:37:18.0609 6232 TDPIPE - ok
07:37:18.0639 6232 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
07:37:18.0639 6232 TDTCP - ok
07:37:18.0689 6232 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
07:37:18.0689 6232 tdx - ok
07:37:18.0729 6232 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
07:37:18.0729 6232 TermDD - ok
07:37:18.0789 6232 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:37:18.0789 6232 tssecsrv - ok
07:37:18.0829 6232 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
07:37:18.0839 6232 TsUsbFlt - ok
07:37:18.0849 6232 tsusbhub - ok
07:37:18.0910 6232 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
07:37:18.0910 6232 tunnel - ok
07:37:18.0930 6232 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
07:37:18.0940 6232 uagp35 - ok
07:37:18.0980 6232 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
07:37:18.0990 6232 udfs - ok
[size="1"]07:37:19.0020 6232 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys[/size]
[size="1"]07:37:19.0020 6232 uliagpkx - ok[/size]
[size="1"]07:37:19.0060 6232 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys[/size]
[size="1"]07:37:19.0060 6232 umbus - ok[/size]
[size="1"]07:37:19.0080 6232 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys[/size]
[size="1"]07:37:19.0080 6232 UmPass - ok[/size]
[size="1"]07:37:19.0140 6232 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys[/size]
[size="1"]07:37:19.0140 6232 USBAAPL64 - ok[/size]
[size="1"]07:37:19.0170 6232 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys[/size]
[size="1"]07:37:19.0170 6232 usbccgp - ok[/size]
[size="1"]07:37:19.0210 6232 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys[/size]
[size="1"]07:37:19.0210 6232 usbcir - ok[/size]
[size="1"]07:37:19.0230 6232 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys[/size]
[size="1"]07:37:19.0240 6232 usbehci - ok[/size]
[size="1"]07:37:19.0260 6232 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys[/size]
[size="1"]07:37:19.0260 6232 usbhub - ok[/size]
[size="1"]07:37:19.0280 6232 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys[/size]
[size="1"]07:37:19.0290 6232 usbohci - ok[/size]
[size="1"]07:37:19.0310 6232 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys[/size]
[size="1"]07:37:19.0310 6232 usbprint - ok[/size]
[size="1"]07:37:19.0330 6232 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS[/size]
[size="1"]07:37:19.0330 6232 USBSTOR - ok[/size]
[size="1"]07:37:19.0460 6232 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys[/size]
[size="1"]07:37:19.0460 6232 usbuhci - ok[/size]
[size="1"]07:37:19.0520 6232 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys[/size]
[size="1"]07:37:19.0520 6232 usbvideo - ok[/size]
[size="1"]07:37:19.0550 6232 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys[/size]
[size="1"]07:37:19.0550 6232 vdrvroot - ok[/size]
[size="1"]07:37:19.0590 6232 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys[/size]
[size="1"]07:37:19.0590 6232 vga - ok[/size]
[size="1"]07:37:19.0610 6232 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys[/size]
[size="1"]07:37:19.0620 6232 VgaSave - ok[/size]
[size="1"]07:37:19.0640 6232 VGPU - ok[/size]
[size="1"]07:37:19.0670 6232 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys[/size]
[size="1"]07:37:19.0680 6232 vhdmp - ok[/size]
[size="1"]07:37:19.0720 6232 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys[/size]
[size="1"]07:37:19.0720 6232 viaide - ok[/size]
[size="1"]07:37:19.0760 6232 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys[/size]
[size="1"]07:37:19.0770 6232 vmbus - ok[/size]
[size="1"]07:37:19.0780 6232 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys[/size]
[size="1"]07:37:19.0790 6232 VMBusHID - ok[/size]
[size="1"]07:37:19.0810 6232 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys[/size]
[size="1"]07:37:19.0810 6232 volmgr - ok[/size]
[size="1"]07:37:19.0870 6232 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys[/size]
[size="1"]07:37:19.0870 6232 volmgrx - ok[/size]
[size="1"]07:37:19.0890 6232 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys[/size]
[size="1"]07:37:19.0900 6232 volsnap - ok[/size]
[size="1"]07:37:19.0920 6232 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys[/size]
[size="1"]07:37:19.0920 6232 vsmraid - ok[/size]
[size="1"]07:37:19.0970 6232 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys[/size]
[size="1"]07:37:19.0970 6232 vwifibus - ok[/size]
[size="1"]07:37:19.0990 6232 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys[/size]
[size="1"]07:37:20.0000 6232 vwififlt - ok[/size]
[size="1"]07:37:20.0040 6232 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys[/size]
[size="1"]07:37:20.0040 6232 vwifimp - ok[/size]
[size="1"]07:37:20.0080 6232 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys[/size]
[size="1"]07:37:20.0080 6232 WacomPen - ok[/size]
[size="1"]07:37:20.0120 6232 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys[/size]
[size="1"]07:37:20.0130 6232 WANARP - ok[/size]
[size="1"]07:37:20.0150 6232 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys[/size]
[size="1"]07:37:20.0150 6232 Wanarpv6 - ok[/size]
[size="1"]07:37:20.0190 6232 wanatw (eceb715bece47e101ddec06b11126066) C:\Windows\system32\DRIVERS\wanatw64.sys[/size]
[size="1"]07:37:20.0190 6232 wanatw - ok[/size]
[size="1"]07:37:20.0280 6232 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys[/size]
[size="1"]07:37:20.0280 6232 Wd - ok[/size]
[size="1"]07:37:20.0320 6232 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys[/size]
[size="1"]07:37:20.0320 6232 WDC_SAM - ok[/size]
[size="1"]07:37:20.0370 6232 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys[/size]
[size="1"]07:37:20.0380 6232 Wdf01000 - ok[/size]
[size="1"]07:37:20.0440 6232 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys[/size]
[size="1"]07:37:20.0440 6232 WfpLwf - ok[/size]
[size="1"]07:37:20.0480 6232 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys[/size]
[size="1"]07:37:20.0490 6232 WimFltr - ok[/size]
[size="1"]07:37:20.0510 6232 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys[/size]
[size="1"]07:37:20.0510 6232 WIMMount - ok[/size]
[size="1"]07:37:20.0590 6232 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys[/size]
[size="1"]07:37:20.0590 6232 WinUsb - ok[/size]
[size="1"]07:37:20.0640 6232 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys[/size]
[size="1"]07:37:20.0650 6232 WmiAcpi - ok[/size]
[size="1"]07:37:20.0680 6232 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys[/size]
[size="1"]07:37:20.0690 6232 ws2ifsl - ok[/size]
[size="1"]07:37:20.0740 6232 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys[/size]
[size="1"]07:37:20.0740 6232 WudfPf - ok[/size]
[size="1"]07:37:20.0790 6232 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys[/size]
[size="1"]07:37:20.0800 6232 WUDFRd - ok[/size]
[size="1"]07:37:20.0860 6232 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0[/size]
[size="1"]07:37:20.0921 6232 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - warning[/size]
[size="1"]07:37:20.0921 6232 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1)[/size]
[size="1"]07:37:20.0931 6232 Boot (0x1200) (d7378bf694d12b3be92b25933efd13fa) \Device\Harddisk0\DR0\Partition0[/size]
[size="1"]07:37:20.0931 6232 \Device\Harddisk0\DR0\Partition0 - ok[/size]
[size="1"]07:37:20.0941 6232 Boot (0x1200) (ebbe15e9ac9bd469cb60522a92bcc846) \Device\Harddisk0\DR0\Partition1[/size]
[size="1"]07:37:20.0951 6232 \Device\Harddisk0\DR0\Partition1 - ok[/size]
[size="1"]07:37:20.0951 6232 ============================================================[/size]
[size="1"]07:37:20.0951 6232 Scan finished[/size]
[size="1"]07:37:20.0951 6232 ============================================================[/size]
[size="1"]07:37:20.0961 8560 Detected object count: 1[/size]
[size="1"]07:37:20.0961 8560 Actual detected object count: 1[/size]
[size="1"]07:37:31.0192 8560 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - skipped by user[/size]
[size="1"]07:37:31.0192 8560 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - User select action: Skip [/size]

#5 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 907 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 23 February 2012 - 03:13 PM

You are welcome. No need to quote my posts. :)

Execute TDSSKiller.exe and press Start Scan.
  • Ensure Cure is selected ( it should be by default )
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed
  • Click Continue then click Reboot now.

Once complete, a log will be produced at the root drive which is typically C:\
For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt.

Please post the contents of that log in your next reply.



Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.



Please post in your next reply
TDSSKiller Log
Combofix.txt

regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 


#6 sgeorge

sgeorge

    New Member

  • Members
  • Pip
  • 14 posts

Posted 23 February 2012 - 04:36 PM

TDSSKiller Log is below. I'm getting the other next.


16:28:11.0234 4404 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
16:28:14.0755 4404 ============================================================
16:28:14.0755 4404 Current date / time: 2012/02/23 16:28:14.0755
16:28:14.0755 4404 SystemInfo:
16:28:14.0755 4404
16:28:14.0755 4404 OS Version: 6.1.7601 ServicePack: 1.0
16:28:14.0755 4404 Product type: Workstation
16:28:14.0755 4404 ComputerName: ROO-SOXLAPTOP
16:28:14.0755 4404 UserName: Roo
16:28:14.0755 4404 Windows directory: C:\Windows
16:28:14.0755 4404 System windows directory: C:\Windows
16:28:14.0755 4404 Running under WOW64
16:28:14.0755 4404 Processor architecture: Intel x64
16:28:14.0755 4404 Number of processors: 2
16:28:14.0755 4404 Page size: 0x1000
16:28:14.0755 4404 Boot type: Normal boot
16:28:14.0755 4404 ============================================================
16:28:17.0145 4404 Initialize success
16:28:30.0968 5620 ============================================================
16:28:30.0968 5620 Scan started
16:28:30.0968 5620 Mode: Manual;
16:28:30.0968 5620 ============================================================
16:28:32.0348 5620 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:28:32.0398 5620 1394ohci - ok
16:28:32.0458 5620 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:28:32.0508 5620 ACPI - ok
16:28:32.0548 5620 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:28:32.0588 5620 AcpiPmi - ok
16:28:32.0648 5620 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:28:32.0658 5620 adp94xx - ok
16:28:32.0678 5620 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:28:32.0688 5620 adpahci - ok
16:28:32.0718 5620 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:28:32.0718 5620 adpu320 - ok
16:28:32.0798 5620 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:28:32.0848 5620 AFD - ok
16:28:32.0878 5620 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:28:32.0878 5620 agp440 - ok
16:28:32.0928 5620 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:28:32.0928 5620 aliide - ok
16:28:32.0968 5620 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:28:32.0978 5620 amdide - ok
16:28:33.0018 5620 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:28:33.0018 5620 AmdK8 - ok
16:28:33.0048 5620 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:28:33.0048 5620 AmdPPM - ok
16:28:33.0088 5620 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:28:33.0138 5620 amdsata - ok
16:28:33.0168 5620 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:28:33.0178 5620 amdsbs - ok
16:28:33.0188 5620 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:28:33.0238 5620 amdxata - ok
16:28:33.0308 5620 AnyDVD (2d71d1eed26923802c1c1b26e603fe0c) C:\Windows\system32\Drivers\AnyDVD.sys
16:28:33.0358 5620 AnyDVD - ok
16:28:33.0438 5620 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:28:33.0488 5620 AppID - ok
16:28:33.0568 5620 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:28:33.0578 5620 arc - ok
16:28:33.0588 5620 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:28:33.0598 5620 arcsas - ok
16:28:33.0628 5620 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:28:33.0638 5620 AsyncMac - ok
16:28:33.0668 5620 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:28:33.0668 5620 atapi - ok
16:28:33.0718 5620 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys
16:28:33.0768 5620 AtiHdmiService - ok
16:28:33.0908 5620 atikmdag (a08339ae90972e268b9622c668f450e8) C:\Windows\system32\DRIVERS\atikmdag.sys
16:28:34.0008 5620 atikmdag - ok
16:28:34.0068 5620 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:28:34.0078 5620 b06bdrv - ok
16:28:34.0118 5620 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:28:34.0128 5620 b57nd60a - ok
16:28:34.0158 5620 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
16:28:34.0208 5620 BCM42RLY - ok
16:28:34.0308 5620 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
16:28:34.0378 5620 BCM43XX - ok
16:28:34.0438 5620 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:28:34.0448 5620 Beep - ok
16:28:34.0518 5620 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:28:34.0528 5620 blbdrive - ok
16:28:34.0618 5620 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:28:34.0658 5620 bowser - ok
16:28:34.0698 5620 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:28:34.0698 5620 BrFiltLo - ok
16:28:34.0718 5620 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:28:34.0728 5620 BrFiltUp - ok
16:28:34.0768 5620 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:28:34.0788 5620 Brserid - ok
16:28:34.0808 5620 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:28:34.0808 5620 BrSerWdm - ok
16:28:34.0838 5620 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:28:34.0838 5620 BrUsbMdm - ok
16:28:34.0858 5620 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:28:34.0858 5620 BrUsbSer - ok
16:28:34.0888 5620 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:28:34.0888 5620 BTHMODEM - ok
16:28:34.0928 5620 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:28:34.0928 5620 cdfs - ok
16:28:34.0988 5620 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:28:35.0038 5620 cdrom - ok
16:28:35.0098 5620 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
16:28:35.0148 5620 cfwids - ok
16:28:35.0188 5620 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:28:35.0188 5620 circlass - ok
16:28:35.0238 5620 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:28:35.0238 5620 CLFS - ok
16:28:35.0298 5620 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:28:35.0308 5620 CmBatt - ok
16:28:35.0348 5620 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:28:35.0358 5620 cmdide - ok
16:28:35.0388 5620 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:28:35.0428 5620 CNG - ok
16:28:35.0468 5620 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:28:35.0468 5620 Compbatt - ok
16:28:35.0508 5620 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:28:35.0558 5620 CompositeBus - ok
16:28:35.0598 5620 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:28:35.0598 5620 crcdisk - ok
16:28:35.0728 5620 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:28:35.0778 5620 CSC - ok
16:28:35.0858 5620 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
16:28:35.0908 5620 CtClsFlt - ok
16:28:35.0978 5620 dc3d (76e02db615a03801d698199a2bc4a06a) C:\Windows\system32\DRIVERS\dc3d.sys
16:28:36.0038 5620 dc3d - ok
16:28:36.0098 5620 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:28:36.0148 5620 DfsC - ok
16:28:36.0178 5620 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:28:36.0178 5620 discache - ok
16:28:36.0208 5620 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:28:36.0218 5620 Disk - ok
16:28:36.0278 5620 DisplayLinkUsbPort (15d38bfec1c6db925a9427052ac2bd77) C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.22617.0.sys
16:28:36.0328 5620 DisplayLinkUsbPort - ok
16:28:36.0358 5620 dlcdbus (0e787242686a9fc890ed420c9c287686) C:\Windows\system32\DRIVERS\dlcdbus.sys
16:28:36.0408 5620 dlcdbus - ok
16:28:36.0468 5620 dlkmd (f7b3c3e03d957d73d41947402d9cd406) C:\Windows\system32\drivers\dlkmd.sys
16:28:36.0518 5620 dlkmd - ok
16:28:36.0528 5620 dlkmdldr (389fb1d69a1b0e2403327590bf50084b) C:\Windows\system32\drivers\dlkmdldr.sys
16:28:36.0578 5620 dlkmdldr - ok
16:28:36.0648 5620 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:28:36.0658 5620 drmkaud - ok
16:28:36.0718 5620 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:28:36.0778 5620 DXGKrnl - ok
16:28:36.0868 5620 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:28:36.0908 5620 ebdrv - ok
16:28:36.0978 5620 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
16:28:37.0028 5620 ElbyCDIO - ok
16:28:37.0078 5620 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:28:37.0088 5620 elxstor - ok
16:28:37.0118 5620 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:28:37.0128 5620 ErrDev - ok
16:28:37.0178 5620 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:28:37.0188 5620 exfat - ok
16:28:37.0218 5620 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:28:37.0228 5620 fastfat - ok
16:28:37.0268 5620 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:28:37.0268 5620 fdc - ok
16:28:37.0298 5620 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:28:37.0298 5620 FileInfo - ok
16:28:37.0318 5620 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:28:37.0328 5620 Filetrace - ok
16:28:37.0338 5620 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:28:37.0348 5620 flpydisk - ok
16:28:37.0388 5620 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:28:37.0428 5620 FltMgr - ok
16:28:37.0478 5620 FlyUsb (6cd6bb45bd3e0eef6ce496bf52854ff1) C:\Windows\system32\DRIVERS\FlyUsb.sys
16:28:37.0528 5620 FlyUsb - ok
16:28:37.0558 5620 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:28:37.0558 5620 FsDepends - ok
16:28:37.0588 5620 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
16:28:37.0638 5620 fssfltr - ok
16:28:37.0658 5620 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:28:37.0658 5620 Fs_Rec - ok
16:28:37.0718 5620 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:28:37.0758 5620 fvevol - ok
16:28:37.0788 5620 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:28:37.0798 5620 gagp30kx - ok
16:28:37.0838 5620 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:28:37.0888 5620 GEARAspiWDM - ok
16:28:37.0958 5620 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:28:37.0958 5620 hcw85cir - ok
16:28:38.0018 5620 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:28:38.0058 5620 HDAudBus - ok
16:28:38.0078 5620 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:28:38.0088 5620 HidBatt - ok
16:28:38.0118 5620 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:28:38.0128 5620 HidBth - ok
16:28:38.0138 5620 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:28:38.0148 5620 HidIr - ok
16:28:38.0188 5620 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:28:38.0238 5620 HidUsb - ok
16:28:38.0278 5620 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:28:38.0328 5620 HpSAMD - ok
16:28:38.0368 5620 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
16:28:38.0408 5620 HTCAND64 - ok
16:28:38.0478 5620 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
16:28:38.0518 5620 htcnprot - ok
16:28:38.0578 5620 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:28:38.0578 5620 HTTP - ok
16:28:38.0618 5620 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:28:38.0658 5620 hwpolicy - ok
16:28:38.0718 5620 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:28:38.0718 5620 i8042prt - ok
16:28:38.0798 5620 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:28:38.0858 5620 iaStorV - ok
16:28:38.0918 5620 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:28:38.0918 5620 iirsp - ok
16:28:38.0948 5620 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:28:38.0948 5620 intelide - ok
16:28:38.0978 5620 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:28:38.0988 5620 intelppm - ok
16:28:39.0048 5620 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:28:39.0088 5620 IpFilterDriver - ok
16:28:39.0118 5620 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:28:39.0168 5620 IPMIDRV - ok
16:28:39.0188 5620 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:28:39.0198 5620 IPNAT - ok
16:28:39.0248 5620 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:28:39.0258 5620 IRENUM - ok
16:28:39.0278 5620 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:28:39.0288 5620 isapnp - ok
16:28:39.0308 5620 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:28:39.0358 5620 iScsiPrt - ok
16:28:39.0408 5620 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\Windows\system32\DRIVERS\k57nd60a.sys
16:28:39.0418 5620 k57nd60a - ok
16:28:39.0458 5620 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:28:39.0468 5620 kbdclass - ok
16:28:39.0488 5620 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:28:39.0538 5620 kbdhid - ok
16:28:39.0578 5620 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:28:39.0608 5620 KSecDD - ok
16:28:39.0648 5620 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:28:39.0707 5620 KSecPkg - ok
16:28:39.0739 5620 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:28:39.0739 5620 ksthunk - ok
16:28:39.0809 5620 LAN9500 (bc2539d1f5f6b7def2f736d93a9a0938) C:\Windows\system32\DRIVERS\lan9500-x64-n51f.sys
16:28:39.0859 5620 LAN9500 - ok
16:28:39.0919 5620 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:28:39.0929 5620 lltdio - ok
16:28:39.0959 5620 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:28:39.0969 5620 LSI_FC - ok
16:28:39.0979 5620 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:28:39.0989 5620 LSI_SAS - ok
16:28:40.0009 5620 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:28:40.0009 5620 LSI_SAS2 - ok
16:28:40.0059 5620 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:28:40.0059 5620 LSI_SCSI - ok
16:28:40.0099 5620 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:28:40.0099 5620 luafv - ok
16:28:40.0169 5620 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
16:28:40.0219 5620 MBAMProtector - ok
16:28:40.0319 5620 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:28:40.0319 5620 megasas - ok
16:28:40.0349 5620 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:28:40.0359 5620 MegaSR - ok
16:28:40.0399 5620 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
16:28:40.0449 5620 mfeapfk - ok
16:28:40.0499 5620 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
16:28:40.0559 5620 mfeavfk - ok
16:28:40.0589 5620 mfeavfk01 - ok
16:28:40.0659 5620 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
16:28:40.0719 5620 mfefirek - ok
16:28:40.0769 5620 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
16:28:40.0849 5620 mfehidk - ok
16:28:40.0889 5620 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
16:28:40.0939 5620 mfenlfk - ok
16:28:40.0979 5620 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
16:28:41.0029 5620 mferkdet - ok
16:28:41.0059 5620 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
16:28:41.0109 5620 mfewfpk - ok
16:28:41.0169 5620 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:28:41.0169 5620 Modem - ok
16:28:41.0219 5620 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:28:41.0219 5620 monitor - ok
16:28:41.0269 5620 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:28:41.0279 5620 mouclass - ok
16:28:41.0319 5620 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:28:41.0329 5620 mouhid - ok
16:28:41.0379 5620 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:28:41.0429 5620 mountmgr - ok
16:28:41.0469 5620 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:28:41.0529 5620 mpio - ok
16:28:41.0559 5620 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:28:41.0559 5620 mpsdrv - ok
16:28:41.0609 5620 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:28:41.0669 5620 MRxDAV - ok
16:28:41.0709 5620 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:28:41.0759 5620 mrxsmb - ok
16:28:41.0789 5620 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:28:41.0849 5620 mrxsmb10 - ok
16:28:41.0869 5620 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:28:41.0909 5620 mrxsmb20 - ok
16:28:41.0929 5620 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:28:41.0979 5620 msahci - ok
16:28:42.0009 5620 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:28:42.0059 5620 msdsm - ok
16:28:42.0109 5620 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:28:42.0109 5620 Msfs - ok
16:28:42.0149 5620 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:28:42.0159 5620 mshidkmdf - ok
16:28:42.0169 5620 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:28:42.0179 5620 msisadrv - ok
16:28:42.0229 5620 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:28:42.0239 5620 MSKSSRV - ok
16:28:42.0269 5620 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:28:42.0279 5620 MSPCLOCK - ok
16:28:42.0299 5620 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:28:42.0299 5620 MSPQM - ok
16:28:42.0339 5620 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:28:42.0389 5620 MsRPC - ok
16:28:42.0409 5620 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:28:42.0409 5620 mssmbios - ok
16:28:42.0450 5620 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:28:42.0460 5620 MSTEE - ok
16:28:42.0480 5620 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:28:42.0480 5620 MTConfig - ok
16:28:42.0520 5620 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:28:42.0520 5620 Mup - ok
16:28:42.0570 5620 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:28:42.0580 5620 NativeWifiP - ok
16:28:42.0650 5620 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:28:42.0650 5620 NDIS - ok
16:28:42.0680 5620 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:28:42.0690 5620 NdisCap - ok
16:28:42.0720 5620 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:28:42.0720 5620 NdisTapi - ok
16:28:42.0750 5620 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:28:42.0800 5620 Ndisuio - ok
16:28:42.0851 5620 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:28:42.0901 5620 NdisWan - ok
16:28:42.0941 5620 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:28:42.0981 5620 NDProxy - ok
16:28:43.0001 5620 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:28:43.0001 5620 NetBIOS - ok
16:28:43.0041 5620 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:28:43.0081 5620 NetBT - ok
16:28:43.0141 5620 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:28:43.0141 5620 nfrd960 - ok
16:28:43.0181 5620 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:28:43.0181 5620 Npfs - ok
16:28:43.0201 5620 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:28:43.0201 5620 nsiproxy - ok
16:28:43.0271 5620 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:28:43.0381 5620 Ntfs - ok
16:28:43.0441 5620 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
16:28:43.0491 5620 NuidFltr - ok
16:28:43.0511 5620 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:28:43.0521 5620 Null - ok
16:28:43.0561 5620 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:28:43.0611 5620 nvraid - ok
16:28:43.0631 5620 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:28:43.0681 5620 nvstor - ok
16:28:43.0721 5620 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:28:43.0721 5620 nv_agp - ok
16:28:43.0791 5620 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:28:43.0801 5620 ohci1394 - ok
16:28:43.0891 5620 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:28:43.0901 5620 Parport - ok
16:28:43.0941 5620 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:28:43.0991 5620 partmgr - ok
16:28:44.0111 5620 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
16:28:44.0111 5620 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
16:28:44.0141 5620 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:28:44.0141 5620 pci - ok
16:28:44.0181 5620 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:28:44.0191 5620 pciide - ok
16:28:44.0211 5620 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:28:44.0221 5620 pcmcia - ok
16:28:44.0241 5620 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:28:44.0251 5620 pcw - ok
16:28:44.0271 5620 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:28:44.0291 5620 PEAUTH - ok
16:28:44.0371 5620 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
16:28:44.0421 5620 Point64 - ok
16:28:44.0471 5620 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:28:44.0521 5620 PptpMiniport - ok
16:28:44.0541 5620 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:28:44.0541 5620 Processor - ok
16:28:44.0601 5620 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:28:44.0601 5620 Psched - ok
16:28:44.0651 5620 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
16:28:44.0711 5620 PxHlpa64 - ok
16:28:44.0751 5620 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:28:44.0791 5620 ql2300 - ok
16:28:44.0821 5620 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:28:44.0821 5620 ql40xx - ok
16:28:44.0842 5620 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:28:44.0842 5620 QWAVEdrv - ok
16:28:44.0862 5620 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:28:44.0872 5620 RasAcd - ok
16:28:44.0922 5620 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:28:44.0922 5620 RasAgileVpn - ok
16:28:44.0962 5620 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:28:45.0012 5620 Rasl2tp - ok
16:28:45.0032 5620 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:28:45.0032 5620 RasPppoe - ok
16:28:45.0062 5620 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:28:45.0062 5620 RasSstp - ok
16:28:45.0102 5620 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:28:45.0152 5620 rdbss - ok
16:28:45.0172 5620 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:28:45.0182 5620 rdpbus - ok
16:28:45.0202 5620 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:28:45.0202 5620 RDPCDD - ok
16:28:45.0252 5620 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:28:45.0292 5620 RDPDR - ok
16:28:45.0332 5620 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:28:45.0342 5620 RDPENCDD - ok
16:28:45.0362 5620 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:28:45.0362 5620 RDPREFMP - ok
16:28:45.0422 5620 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
16:28:45.0472 5620 RdpVideoMiniport - ok
16:28:45.0512 5620 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
16:28:45.0562 5620 RDPWD - ok
16:28:45.0602 5620 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:28:45.0652 5620 rdyboost - ok
16:28:45.0692 5620 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
16:28:45.0742 5620 rimmptsk - ok
16:28:45.0762 5620 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
16:28:45.0802 5620 rimsptsk - ok
16:28:45.0852 5620 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
16:28:45.0892 5620 RimUsb - ok
16:28:45.0932 5620 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
16:28:45.0982 5620 rismxdp - ok
16:28:46.0052 5620 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:28:46.0052 5620 rspndr - ok
16:28:46.0092 5620 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:28:46.0132 5620 s3cap - ok
16:28:46.0162 5620 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:28:46.0212 5620 sbp2port - ok
16:28:46.0252 5620 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:28:46.0302 5620 scfilter - ok
16:28:46.0332 5620 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
16:28:46.0372 5620 sdbus - ok
16:28:46.0422 5620 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:28:46.0422 5620 secdrv - ok
16:28:46.0452 5620 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:28:46.0452 5620 Serenum - ok
16:28:46.0482 5620 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:28:46.0482 5620 Serial - ok
16:28:46.0522 5620 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:28:46.0522 5620 sermouse - ok
16:28:46.0562 5620 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:28:46.0562 5620 sffdisk - ok
16:28:46.0582 5620 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:28:46.0582 5620 sffp_mmc - ok
16:28:46.0602 5620 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:28:46.0652 5620 sffp_sd - ok
16:28:46.0662 5620 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:28:46.0672 5620 sfloppy - ok
16:28:46.0712 5620 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:28:46.0732 5620 SiSRaid2 - ok
16:28:46.0752 5620 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:28:46.0762 5620 SiSRaid4 - ok
16:28:46.0802 5620 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:28:46.0802 5620 Smb - ok
16:28:46.0832 5620 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:28:46.0832 5620 spldr - ok
16:28:46.0913 5620 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:28:46.0963 5620 srv - ok
16:28:47.0013 5620 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:28:47.0063 5620 srv2 - ok
16:28:47.0113 5620 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:28:47.0163 5620 srvnet - ok
16:28:47.0223 5620 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:28:47.0223 5620 stexstor - ok
16:28:47.0283 5620 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
16:28:47.0333 5620 STHDA - ok
16:28:47.0363 5620 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:28:47.0413 5620 storflt - ok
16:28:47.0433 5620 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:28:47.0483 5620 storvsc - ok
16:28:47.0523 5620 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:28:47.0523 5620 swenum - ok
16:28:47.0583 5620 Synth3dVsc - ok
16:28:47.0633 5620 SynTP (1657b7442d5ce30533f5c4317716b468) C:\Windows\system32\DRIVERS\SynTP.sys
16:28:47.0773 5620 SynTP - ok
16:28:47.0963 5620 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:28:48.0153 5620 Tcpip - ok
16:28:48.0263 5620 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:28:48.0283 5620 TCPIP6 - ok
16:28:48.0343 5620 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:28:48.0463 5620 tcpipreg - ok
16:28:48.0503 5620 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:28:48.0523 5620 TDPIPE - ok
16:28:48.0553 5620 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:28:48.0563 5620 TDTCP - ok
16:28:48.0623 5620 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:28:48.0743 5620 tdx - ok
16:28:48.0783 5620 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:28:48.0883 5620 TermDD - ok
16:28:48.0973 5620 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:28:49.0093 5620 tssecsrv - ok
16:28:49.0143 5620 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:28:49.0273 5620 TsUsbFlt - ok
16:28:49.0293 5620 tsusbhub - ok
16:28:49.0353 5620 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:28:49.0473 5620 tunnel - ok
16:28:49.0503 5620 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:28:49.0523 5620 uagp35 - ok
16:28:49.0573 5620 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:28:49.0693 5620 udfs - ok
16:28:49.0743 5620 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:28:49.0763 5620 uliagpkx - ok
16:28:49.0813 5620 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:28:49.0933 5620 umbus - ok
16:28:49.0963 5620 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:28:49.0963 5620 UmPass - ok
16:28:50.0033 5620 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
16:28:50.0153 5620 USBAAPL64 - ok
16:28:50.0183 5620 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:28:50.0313 5620 usbccgp - ok
16:28:50.0363 5620 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:28:50.0383 5620 usbcir - ok
16:28:50.0413 5620 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:28:50.0533 5620 usbehci - ok
16:28:50.0583 5620 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:28:50.0753 5620 usbhub - ok
16:28:50.0783 5620 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:28:50.0913 5620 usbohci - ok
16:28:50.0933 5620 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:28:50.0943 5620 usbprint - ok
16:28:50.0973 5620 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:28:51.0103 5620 USBSTOR - ok
16:28:51.0133 5620 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
16:28:51.0253 5620 usbuhci - ok
16:28:51.0303 5620 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:28:51.0433 5620 usbvideo - ok
16:28:51.0513 5620 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:28:51.0523 5620 vdrvroot - ok
16:28:51.0583 5620 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:28:51.0593 5620 vga - ok
16:28:51.0623 5620 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:28:51.0633 5620 VgaSave - ok
16:28:51.0683 5620 VGPU - ok
16:28:51.0733 5620 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:28:52.0003 5620 vhdmp - ok
16:28:52.0053 5620 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:28:52.0073 5620 viaide - ok
16:28:52.0143 5620 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:28:52.0403 5620 vmbus - ok
16:28:52.0443 5620 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:28:52.0703 5620 VMBusHID - ok
16:28:52.0793 5620 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:28:53.0053 5620 volmgr - ok
16:28:53.0133 5620 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:28:53.0423 5620 volmgrx - ok
16:28:53.0473 5620 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:28:53.0743 5620 volsnap - ok
16:28:53.0843 5620 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:28:53.0883 5620 vsmraid - ok
16:28:54.0013 5620 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:28:54.0033 5620 vwifibus - ok
16:28:54.0093 5620 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:28:54.0123 5620 vwififlt - ok
16:28:54.0183 5620 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:28:54.0243 5620 vwifimp - ok
16:28:54.0313 5620 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:28:54.0353 5620 WacomPen - ok
16:28:54.0423 5620 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:28:54.0663 5620 WANARP - ok
16:28:54.0703 5620 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:28:54.0703 5620 Wanarpv6 - ok
16:28:54.0793 5620 wanatw (eceb715bece47e101ddec06b11126066) C:\Windows\system32\DRIVERS\wanatw64.sys
16:28:55.0003 5620 wanatw - ok
16:28:55.0173 5620 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:28:55.0213 5620 Wd - ok
16:28:55.0283 5620 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
16:28:55.0523 5620 WDC_SAM - ok
16:28:55.0633 5620 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:28:55.0703 5620 Wdf01000 - ok
16:28:55.0933 5620 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:28:55.0953 5620 WfpLwf - ok
16:28:56.0003 5620 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
16:28:56.0213 5620 WimFltr - ok
16:28:56.0243 5620 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:28:56.0263 5620 WIMMount - ok
16:28:56.0483 5620 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:28:56.0653 5620 WinUsb - ok
16:28:56.0763 5620 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:28:56.0783 5620 WmiAcpi - ok
16:28:56.0873 5620 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:28:56.0893 5620 ws2ifsl - ok
16:28:56.0993 5620 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:28:57.0173 5620 WudfPf - ok
16:28:57.0233 5620 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:28:57.0413 5620 WUDFRd - ok
16:28:57.0603 5620 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0
16:28:57.0693 5620 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - warning
16:28:57.0693 5620 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1)
16:28:57.0703 5620 Boot (0x1200) (d7378bf694d12b3be92b25933efd13fa) \Device\Harddisk0\DR0\Partition0
16:28:57.0713 5620 \Device\Harddisk0\DR0\Partition0 - ok
16:28:57.0733 5620 Boot (0x1200) (ebbe15e9ac9bd469cb60522a92bcc846) \Device\Harddisk0\DR0\Partition1
16:28:57.0733 5620 \Device\Harddisk0\DR0\Partition1 - ok
16:28:57.0733 5620 ============================================================
16:28:57.0733 5620 Scan finished
16:28:57.0733 5620 ============================================================
16:28:57.0783 3544 Detected object count: 1
16:28:57.0783 3544 Actual detected object count: 1
16:29:28.0129 3544 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - skipped by user
16:29:28.0129 3544 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - User select action: Skip
16:29:47.0843 7248 Deinitialize success

#7 sgeorge

sgeorge

    New Member

  • Members
  • Pip
  • 14 posts

Posted 23 February 2012 - 05:21 PM

The combofix has been sitting in the blue dos like window for about an hour.

It says...
Please wait.
ComboFix is preparing to run.

Is it normal for it to take a long time?
Thanks

#8 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 907 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 23 February 2012 - 06:40 PM

Hy there.

Please abort Combofix and rerun TDSSKiller as instructed in my last post. You choosed Skip instead Cure.

If Cure is not an option, choose Delete

regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 


#9 sgeorge

sgeorge

    New Member

  • Members
  • Pip
  • 14 posts

Posted 23 February 2012 - 07:01 PM

Hi,
Cure and Delete are not options for me. My options were skip, copy to quarantine, and restore. I chose copy to quarantine.

18:55:43.0746 8072 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
18:55:45.0752 8072 ============================================================
18:55:45.0752 8072 Current date / time: 2012/02/23 18:55:45.0752
18:55:45.0752 8072 SystemInfo:
18:55:45.0752 8072
18:55:45.0752 8072 OS Version: 6.1.7601 ServicePack: 1.0
18:55:45.0752 8072 Product type: Workstation
18:55:45.0752 8072 ComputerName: ROO-SOXLAPTOP
18:55:45.0753 8072 UserName: Roo
18:55:45.0753 8072 Windows directory: C:\Windows
18:55:45.0753 8072 System windows directory: C:\Windows
18:55:45.0753 8072 Running under WOW64
18:55:45.0753 8072 Processor architecture: Intel x64
18:55:45.0753 8072 Number of processors: 2
18:55:45.0753 8072 Page size: 0x1000
18:55:45.0753 8072 Boot type: Normal boot
18:55:45.0753 8072 ============================================================
18:55:49.0619 8072 Initialize success
18:56:04.0295 4736 ============================================================
18:56:04.0295 4736 Scan started
18:56:04.0295 4736 Mode: Manual;
18:56:04.0295 4736 ============================================================
18:56:14.0034 4736 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:56:14.0037 4736 1394ohci - ok
18:56:14.0200 4736 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:56:14.0206 4736 ACPI - ok
18:56:14.0325 4736 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:56:14.0327 4736 AcpiPmi - ok
18:56:14.0462 4736 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:56:14.0480 4736 adp94xx - ok
18:56:14.0541 4736 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:56:14.0547 4736 adpahci - ok
18:56:14.0599 4736 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:56:14.0608 4736 adpu320 - ok
18:56:14.0690 4736 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:56:14.0697 4736 AFD - ok
18:56:14.0722 4736 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:56:14.0725 4736 agp440 - ok
18:56:14.0768 4736 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:56:14.0770 4736 aliide - ok
18:56:14.0808 4736 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:56:14.0810 4736 amdide - ok
18:56:14.0834 4736 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:56:14.0837 4736 AmdK8 - ok
18:56:14.0857 4736 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:56:14.0859 4736 AmdPPM - ok
18:56:14.0877 4736 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:56:14.0880 4736 amdsata - ok
18:56:14.0898 4736 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:56:14.0904 4736 amdsbs - ok
18:56:14.0922 4736 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:56:14.0922 4736 amdxata - ok
18:56:14.0986 4736 AnyDVD (2d71d1eed26923802c1c1b26e603fe0c) C:\Windows\system32\Drivers\AnyDVD.sys
18:56:14.0987 4736 AnyDVD - ok
18:56:15.0070 4736 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:56:15.0073 4736 AppID - ok
18:56:15.0152 4736 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:56:15.0156 4736 arc - ok
18:56:15.0194 4736 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:56:15.0197 4736 arcsas - ok
18:56:15.0275 4736 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:56:15.0280 4736 AsyncMac - ok
18:56:15.0332 4736 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:56:15.0333 4736 atapi - ok
18:56:15.0381 4736 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys
18:56:15.0382 4736 AtiHdmiService - ok
18:56:15.0561 4736 atikmdag (a08339ae90972e268b9622c668f450e8) C:\Windows\system32\DRIVERS\atikmdag.sys
18:56:15.0689 4736 atikmdag - ok
18:56:16.0286 4736 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:56:16.0302 4736 b06bdrv - ok
18:56:16.0384 4736 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:56:16.0389 4736 b57nd60a - ok
18:56:16.0474 4736 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
18:56:16.0475 4736 BCM42RLY - ok
18:56:16.0611 4736 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
18:56:16.0627 4736 BCM43XX - ok
18:56:16.0772 4736 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:56:16.0775 4736 Beep - ok
18:56:16.0832 4736 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:56:16.0834 4736 blbdrive - ok
18:56:16.0901 4736 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:56:16.0903 4736 bowser - ok
18:56:16.0985 4736 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:56:16.0987 4736 BrFiltLo - ok
18:56:17.0003 4736 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:56:17.0004 4736 BrFiltUp - ok
18:56:17.0055 4736 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:56:17.0059 4736 BridgeMP - ok
18:56:17.0087 4736 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:56:17.0093 4736 Brserid - ok
18:56:17.0113 4736 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:56:17.0116 4736 BrSerWdm - ok
18:56:17.0132 4736 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:56:17.0134 4736 BrUsbMdm - ok
18:56:17.0158 4736 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:56:17.0166 4736 BrUsbSer - ok
18:56:17.0200 4736 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:56:17.0202 4736 BTHMODEM - ok
18:56:17.0232 4736 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:56:17.0235 4736 cdfs - ok
18:56:17.0287 4736 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:56:17.0291 4736 cdrom - ok
18:56:17.0368 4736 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
18:56:17.0369 4736 cfwids - ok
18:56:17.0411 4736 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:56:17.0414 4736 circlass - ok
18:56:17.0490 4736 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:56:17.0504 4736 CLFS - ok
18:56:17.0593 4736 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:56:17.0597 4736 CmBatt - ok
18:56:17.0632 4736 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:56:17.0641 4736 cmdide - ok
18:56:17.0731 4736 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:56:17.0746 4736 CNG - ok
18:56:17.0796 4736 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:56:17.0797 4736 Compbatt - ok
18:56:17.0843 4736 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:56:17.0849 4736 CompositeBus - ok
18:56:17.0913 4736 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:56:17.0915 4736 crcdisk - ok
18:56:18.0010 4736 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
18:56:18.0041 4736 CSC - ok
18:56:18.0200 4736 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
18:56:18.0211 4736 CtClsFlt - ok
18:56:18.0327 4736 dc3d (76e02db615a03801d698199a2bc4a06a) C:\Windows\system32\DRIVERS\dc3d.sys
18:56:18.0328 4736 dc3d - ok
18:56:18.0545 4736 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:56:18.0553 4736 DfsC - ok
18:56:18.0631 4736 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:56:18.0632 4736 discache - ok
18:56:18.0706 4736 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:56:18.0709 4736 Disk - ok
18:56:18.0844 4736 DisplayLinkUsbPort (15d38bfec1c6db925a9427052ac2bd77) C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.22617.0.sys
18:56:18.0846 4736 DisplayLinkUsbPort - ok
18:56:18.0892 4736 dlcdbus (0e787242686a9fc890ed420c9c287686) C:\Windows\system32\DRIVERS\dlcdbus.sys
18:56:18.0896 4736 dlcdbus - ok
18:56:18.0945 4736 dlkmd (f7b3c3e03d957d73d41947402d9cd406) C:\Windows\system32\drivers\dlkmd.sys
18:56:18.0946 4736 dlkmd - ok
18:56:18.0970 4736 dlkmdldr (389fb1d69a1b0e2403327590bf50084b) C:\Windows\system32\drivers\dlkmdldr.sys
18:56:18.0971 4736 dlkmdldr - ok
18:56:19.0123 4736 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:56:19.0131 4736 drmkaud - ok
18:56:19.0263 4736 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:56:19.0270 4736 DXGKrnl - ok
18:56:19.0621 4736 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:56:19.0880 4736 ebdrv - ok
18:56:20.0248 4736 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
18:56:20.0249 4736 ElbyCDIO - ok
18:56:20.0349 4736 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:56:20.0363 4736 elxstor - ok
18:56:20.0549 4736 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:56:20.0558 4736 ErrDev - ok
18:56:20.0641 4736 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:56:20.0646 4736 exfat - ok
18:56:20.0681 4736 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:56:20.0688 4736 fastfat - ok
18:56:20.0753 4736 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:56:20.0756 4736 fdc - ok
18:56:20.0815 4736 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:56:20.0818 4736 FileInfo - ok
18:56:20.0888 4736 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:56:20.0891 4736 Filetrace - ok
18:56:20.0984 4736 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:56:20.0991 4736 flpydisk - ok
18:56:21.0056 4736 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:56:21.0061 4736 FltMgr - ok
18:56:21.0117 4736 FlyUsb (6cd6bb45bd3e0eef6ce496bf52854ff1) C:\Windows\system32\DRIVERS\FlyUsb.sys
18:56:21.0120 4736 FlyUsb - ok
18:56:21.0183 4736 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:56:21.0189 4736 FsDepends - ok
18:56:21.0244 4736 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
18:56:21.0247 4736 fssfltr - ok
18:56:21.0312 4736 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:56:21.0313 4736 Fs_Rec - ok
18:56:21.0378 4736 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:56:21.0382 4736 fvevol - ok
18:56:21.0405 4736 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:56:21.0409 4736 gagp30kx - ok
18:56:21.0480 4736 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:56:21.0481 4736 GEARAspiWDM - ok
18:56:21.0734 4736 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:56:21.0738 4736 hcw85cir - ok
18:56:21.0800 4736 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:56:21.0804 4736 HDAudBus - ok
18:56:21.0856 4736 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:56:21.0861 4736 HidBatt - ok
18:56:21.0887 4736 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:56:21.0895 4736 HidBth - ok
18:56:21.0990 4736 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:56:21.0994 4736 HidIr - ok
18:56:22.0158 4736 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:56:22.0164 4736 HidUsb - ok
18:56:22.0316 4736 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:56:22.0322 4736 HpSAMD - ok
18:56:22.0545 4736 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
18:56:22.0549 4736 HTCAND64 - ok
18:56:22.0786 4736 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
18:56:22.0789 4736 htcnprot - ok
18:56:23.0634 4736 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:56:23.0680 4736 HTTP - ok
18:56:25.0081 4736 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:56:25.0082 4736 hwpolicy - ok
18:56:25.0211 4736 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:56:25.0214 4736 i8042prt - ok
18:56:25.0473 4736 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:56:25.0518 4736 iaStorV - ok
18:56:25.0812 4736 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:56:25.0818 4736 iirsp - ok
18:56:25.0856 4736 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:56:25.0863 4736 intelide - ok
18:56:25.0910 4736 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:56:25.0912 4736 intelppm - ok
18:56:26.0459 4736 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:56:26.0493 4736 IpFilterDriver - ok
18:56:26.0584 4736 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:56:26.0587 4736 IPMIDRV - ok
18:56:26.0668 4736 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:56:26.0773 4736 IPNAT - ok
18:56:27.0243 4736 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:56:27.0245 4736 IRENUM - ok
18:56:27.0296 4736 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:56:27.0298 4736 isapnp - ok
18:56:27.0334 4736 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:56:27.0343 4736 iScsiPrt - ok
18:56:27.0635 4736 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\Windows\system32\DRIVERS\k57nd60a.sys
18:56:27.0649 4736 k57nd60a - ok
18:56:27.0916 4736 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:56:27.0917 4736 kbdclass - ok
18:56:28.0160 4736 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:56:28.0167 4736 kbdhid - ok
18:56:28.0259 4736 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:56:28.0263 4736 KSecDD - ok
18:56:28.0321 4736 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:56:28.0324 4736 KSecPkg - ok
18:56:28.0380 4736 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:56:28.0387 4736 ksthunk - ok
18:56:28.0497 4736 LAN9500 (bc2539d1f5f6b7def2f736d93a9a0938) C:\Windows\system32\DRIVERS\lan9500-x64-n51f.sys
18:56:28.0526 4736 LAN9500 - ok
18:56:28.0634 4736 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:56:28.0637 4736 lltdio - ok
18:56:28.0725 4736 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:56:28.0731 4736 LSI_FC - ok
18:56:28.0755 4736 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:56:28.0759 4736 LSI_SAS - ok
18:56:28.0786 4736 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:56:28.0793 4736 LSI_SAS2 - ok
18:56:28.0839 4736 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:56:28.0842 4736 LSI_SCSI - ok
18:56:28.0880 4736 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:56:28.0885 4736 luafv - ok
18:56:29.0042 4736 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
18:56:29.0043 4736 MBAMProtector - ok
18:56:29.0199 4736 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:56:29.0207 4736 megasas - ok
18:56:29.0283 4736 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:56:29.0289 4736 MegaSR - ok
18:56:29.0355 4736 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
18:56:29.0356 4736 mfeapfk - ok
18:56:29.0433 4736 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
18:56:29.0436 4736 mfeavfk - ok
18:56:29.0556 4736 mfeavfk01 - ok
18:56:29.0908 4736 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
18:56:29.0912 4736 mfefirek - ok
18:56:30.0024 4736 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
18:56:30.0040 4736 mfehidk - ok
18:56:30.0125 4736 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
18:56:30.0126 4736 mfenlfk - ok
18:56:30.0199 4736 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
18:56:30.0206 4736 mferkdet - ok
18:56:30.0260 4736 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
18:56:30.0265 4736 mfewfpk - ok
18:56:30.0330 4736 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:56:30.0335 4736 Modem - ok
18:56:30.0388 4736 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:56:30.0389 4736 monitor - ok
18:56:30.0447 4736 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:56:30.0448 4736 mouclass - ok
18:56:30.0503 4736 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:56:30.0505 4736 mouhid - ok
18:56:30.0542 4736 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:56:30.0546 4736 mountmgr - ok
18:56:30.0669 4736 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:56:30.0701 4736 mpio - ok
18:56:30.0726 4736 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:56:30.0728 4736 mpsdrv - ok
18:56:30.0769 4736 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:56:30.0772 4736 MRxDAV - ok
18:56:30.0815 4736 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:56:30.0820 4736 mrxsmb - ok
18:56:30.0864 4736 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:56:30.0872 4736 mrxsmb10 - ok
18:56:30.0945 4736 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:56:30.0949 4736 mrxsmb20 - ok
18:56:31.0002 4736 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:56:31.0003 4736 msahci - ok
18:56:31.0045 4736 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:56:31.0049 4736 msdsm - ok
18:56:31.0118 4736 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:56:31.0121 4736 Msfs - ok
18:56:31.0148 4736 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:56:31.0150 4736 mshidkmdf - ok
18:56:31.0203 4736 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:56:31.0204 4736 msisadrv - ok
18:56:31.0253 4736 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:56:31.0256 4736 MSKSSRV - ok
18:56:31.0294 4736 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:56:31.0297 4736 MSPCLOCK - ok
18:56:31.0328 4736 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:56:31.0330 4736 MSPQM - ok
18:56:31.0398 4736 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:56:31.0414 4736 MsRPC - ok
18:56:31.0472 4736 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:56:31.0472 4736 mssmbios - ok
18:56:31.0909 4736 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:56:31.0915 4736 MSTEE - ok
18:56:32.0044 4736 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:56:32.0047 4736 MTConfig - ok
18:56:32.0149 4736 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:56:32.0150 4736 Mup - ok
18:56:32.0242 4736 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:56:32.0259 4736 NativeWifiP - ok
18:56:32.0360 4736 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:56:32.0392 4736 NDIS - ok
18:56:32.0453 4736 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:56:32.0462 4736 NdisCap - ok
18:56:32.0530 4736 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:56:32.0534 4736 NdisTapi - ok
18:56:32.0614 4736 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:56:32.0618 4736 Ndisuio - ok
18:56:32.0715 4736 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:56:32.0721 4736 NdisWan - ok
18:56:32.0785 4736 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:56:32.0788 4736 NDProxy - ok
18:56:32.0886 4736 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:56:32.0890 4736 NetBIOS - ok
18:56:32.0989 4736 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:56:33.0002 4736 NetBT - ok
18:56:33.0174 4736 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:56:33.0176 4736 nfrd960 - ok
18:56:33.0249 4736 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:56:33.0252 4736 Npfs - ok
18:56:33.0368 4736 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:56:33.0369 4736 nsiproxy - ok
18:56:34.0550 4736 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:56:34.0603 4736 Ntfs - ok
18:56:34.0769 4736 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
18:56:34.0778 4736 NuidFltr - ok
18:56:34.0852 4736 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:56:34.0861 4736 Null - ok
18:56:35.0001 4736 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:56:35.0011 4736 nvraid - ok
18:56:35.0091 4736 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:56:35.0101 4736 nvstor - ok
18:56:35.0141 4736 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:56:35.0151 4736 nv_agp - ok
18:56:35.0211 4736 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:56:35.0221 4736 ohci1394 - ok
18:56:35.0321 4736 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:56:35.0321 4736 Parport - ok
18:56:35.0431 4736 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:56:35.0431 4736 partmgr - ok
18:56:36.0081 4736 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
18:56:36.0291 4736 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
18:56:36.0451 4736 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:56:36.0461 4736 pci - ok
18:56:36.0511 4736 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:56:36.0521 4736 pciide - ok
18:56:36.0601 4736 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:56:36.0621 4736 pcmcia - ok
18:56:36.0901 4736 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:56:36.0901 4736 pcw - ok
18:56:37.0252 4736 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:56:37.0277 4736 PEAUTH - ok
18:56:38.0160 4736 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
18:56:38.0170 4736 Point64 - ok
18:56:38.0620 4736 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:56:38.0630 4736 PptpMiniport - ok
18:56:38.0800 4736 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:56:38.0810 4736 Processor - ok
18:56:38.0920 4736 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:56:38.0930 4736 Psched - ok
18:56:39.0040 4736 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
18:56:39.0050 4736 PxHlpa64 - ok
18:56:39.0260 4736 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:56:39.0330 4736 ql2300 - ok
18:56:39.0400 4736 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:56:39.0420 4736 ql40xx - ok
18:56:39.0470 4736 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:56:39.0480 4736 QWAVEdrv - ok
18:56:39.0610 4736 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:56:39.0610 4736 RasAcd - ok
18:56:39.0790 4736 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:56:39.0800 4736 RasAgileVpn - ok
18:56:39.0910 4736 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:56:39.0920 4736 Rasl2tp - ok
18:56:40.0000 4736 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:56:40.0010 4736 RasPppoe - ok
18:56:40.0040 4736 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:56:40.0050 4736 RasSstp - ok
18:56:40.0130 4736 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:56:40.0160 4736 rdbss - ok
18:56:40.0210 4736 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:56:40.0210 4736 rdpbus - ok
18:56:40.0270 4736 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:56:40.0280 4736 RDPCDD - ok
18:56:40.0350 4736 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
18:56:40.0360 4736 RDPDR - ok
18:56:40.0400 4736 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:56:40.0400 4736 RDPENCDD - ok
18:56:40.0470 4736 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:56:40.0480 4736 RDPREFMP - ok
18:56:40.0590 4736 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
18:56:40.0600 4736 RdpVideoMiniport - ok
18:56:40.0670 4736 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
18:56:40.0680 4736 RDPWD - ok
18:56:40.0810 4736 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:56:40.0830 4736 rdyboost - ok
18:56:41.0100 4736 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
18:56:41.0100 4736 rimmptsk - ok
18:56:41.0140 4736 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
18:56:41.0150 4736 rimsptsk - ok
18:56:41.0200 4736 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
18:56:41.0210 4736 RimUsb - ok
18:56:41.0280 4736 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
18:56:41.0290 4736 rismxdp - ok
18:56:41.0410 4736 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:56:41.0420 4736 rspndr - ok
18:56:41.0510 4736 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
18:56:41.0510 4736 s3cap - ok
18:56:41.0680 4736 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:56:41.0690 4736 sbp2port - ok
18:56:41.0840 4736 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:56:41.0840 4736 scfilter - ok
18:56:41.0940 4736 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
18:56:41.0950 4736 sdbus - ok
18:56:42.0060 4736 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:56:42.0070 4736 secdrv - ok
18:56:42.0190 4736 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:56:42.0190 4736 Serenum - ok
18:56:42.0250 4736 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:56:42.0260 4736 Serial - ok
18:56:42.0450 4736 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:56:42.0460 4736 sermouse - ok
18:56:42.0590 4736 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:56:42.0590 4736 sffdisk - ok
18:56:42.0660 4736 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:56:42.0670 4736 sffp_mmc - ok
18:56:42.0750 4736 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:56:42.0750 4736 sffp_sd - ok
18:56:42.0930 4736 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:56:42.0930 4736 sfloppy - ok
18:56:43.0020 4736 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:56:43.0030 4736 SiSRaid2 - ok
18:56:43.0080 4736 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:56:43.0090 4736 SiSRaid4 - ok
18:56:43.0170 4736 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:56:43.0170 4736 Smb - ok
18:56:43.0320 4736 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:56:43.0330 4736 spldr - ok
18:56:43.0470 4736 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:56:43.0530 4736 srv - ok
18:56:43.0620 4736 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:56:43.0650 4736 srv2 - ok
18:56:43.0830 4736 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:56:43.0840 4736 srvnet - ok
18:56:44.0010 4736 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:56:44.0020 4736 stexstor - ok
18:56:44.0110 4736 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
18:56:44.0150 4736 STHDA - ok
18:56:44.0250 4736 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
18:56:44.0250 4736 storflt - ok
18:56:44.0340 4736 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
18:56:44.0350 4736 storvsc - ok
18:56:44.0420 4736 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:56:44.0420 4736 swenum - ok
18:56:44.0560 4736 Synth3dVsc - ok
18:56:44.0660 4736 SynTP (1657b7442d5ce30533f5c4317716b468) C:\Windows\system32\DRIVERS\SynTP.sys
18:56:44.0670 4736 SynTP - ok
18:56:44.0890 4736 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:56:44.0970 4736 Tcpip - ok
18:56:45.0140 4736 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:56:45.0260 4736 TCPIP6 - ok
18:56:45.0380 4736 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:56:45.0380 4736 tcpipreg - ok
18:56:45.0450 4736 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:56:45.0460 4736 TDPIPE - ok
18:56:45.0520 4736 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:56:45.0530 4736 TDTCP - ok
18:56:45.0700 4736 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:56:45.0720 4736 tdx - ok
18:56:45.0810 4736 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:56:45.0810 4736 TermDD - ok
18:56:45.0950 4736 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:56:45.0950 4736 tssecsrv - ok
18:56:46.0020 4736 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:56:46.0030 4736 TsUsbFlt - ok
18:56:46.0060 4736 tsusbhub - ok
18:56:46.0150 4736 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:56:46.0150 4736 tunnel - ok
18:56:46.0290 4736 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:56:46.0290 4736 uagp35 - ok
18:56:46.0370 4736 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:56:46.0390 4736 udfs - ok
18:56:46.0510 4736 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:56:46.0510 4736 uliagpkx - ok
18:56:46.0590 4736 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:56:46.0590 4736 umbus - ok
18:56:46.0630 4736 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:56:46.0640 4736 UmPass - ok
18:56:46.0760 4736 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
18:56:46.0770 4736 USBAAPL64 - ok
18:56:46.0840 4736 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:56:46.0850 4736 usbccgp - ok
18:56:46.0880 4736 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:56:46.0890 4736 usbcir - ok
18:56:46.0920 4736 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:56:46.0930 4736 usbehci - ok
18:56:46.0990 4736 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:56:47.0010 4736 usbhub - ok
18:56:47.0050 4736 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:56:47.0050 4736 usbohci - ok
18:56:47.0110 4736 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:56:47.0110 4736 usbprint - ok
18:56:47.0150 4736 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:56:47.0150 4736 USBSTOR - ok
18:56:47.0180 4736 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
18:56:47.0180 4736 usbuhci - ok
18:56:47.0240 4736 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
18:56:47.0250 4736 usbvideo - ok
18:56:47.0330 4736 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:56:47.0330 4736 vdrvroot - ok
18:56:47.0460 4736 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:56:47.0460 4736 vga - ok
18:56:47.0490 4736 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:56:47.0500 4736 VgaSave - ok
18:56:47.0560 4736 VGPU - ok
18:56:47.0710 4736 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:56:47.0720 4736 vhdmp - ok
18:56:47.0780 4736 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:56:47.0790 4736 viaide - ok
18:56:47.0910 4736 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
18:56:47.0920 4736 vmbus - ok
18:56:47.0950 4736 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
18:56:47.0960 4736 VMBusHID - ok
18:56:48.0010 4736 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:56:48.0020 4736 volmgr - ok
18:56:48.0100 4736 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:56:48.0110 4736 volmgrx - ok
18:56:48.0270 4736 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:56:48.0280 4736 volsnap - ok
18:56:48.0360 4736 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:56:48.0370 4736 vsmraid - ok
18:56:48.0460 4736 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:56:48.0460 4736 vwifibus - ok
18:56:48.0540 4736 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:56:48.0540 4736 vwififlt - ok
18:56:48.0610 4736 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
18:56:48.0610 4736 vwifimp - ok
18:56:48.0680 4736 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:56:48.0690 4736 WacomPen - ok
18:56:48.0760 4736 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:56:48.0760 4736 WANARP - ok
18:56:48.0790 4736 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:56:48.0790 4736 Wanarpv6 - ok
18:56:48.0860 4736 wanatw (eceb715bece47e101ddec06b11126066) C:\Windows\system32\DRIVERS\wanatw64.sys
18:56:48.0860 4736 wanatw - ok
18:56:49.0020 4736 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:56:49.0020 4736 Wd - ok
18:56:49.0090 4736 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
18:56:49.0090 4736 WDC_SAM - ok
18:56:49.0190 4736 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:56:49.0220 4736 Wdf01000 - ok
18:56:49.0340 4736 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:56:49.0350 4736 WfpLwf - ok
18:56:49.0400 4736 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
18:56:49.0400 4736 WimFltr - ok
18:56:49.0440 4736 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:56:49.0450 4736 WIMMount - ok
18:56:49.0640 4736 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:56:49.0650 4736 WinUsb - ok
18:56:49.0750 4736 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:56:49.0760 4736 WmiAcpi - ok
18:56:49.0910 4736 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:56:49.0910 4736 ws2ifsl - ok
18:56:50.0010 4736 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:56:50.0010 4736 WudfPf - ok
18:56:50.0080 4736 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:56:50.0090 4736 WUDFRd - ok
18:56:50.0210 4736 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0
18:56:50.0300 4736 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - warning
18:56:50.0300 4736 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1)
18:56:50.0320 4736 Boot (0x1200) (d7378bf694d12b3be92b25933efd13fa) \Device\Harddisk0\DR0\Partition0
18:56:50.0320 4736 \Device\Harddisk0\DR0\Partition0 - ok
18:56:50.0340 4736 Boot (0x1200) (ebbe15e9ac9bd469cb60522a92bcc846) \Device\Harddisk0\DR0\Partition1
18:56:50.0350 4736 \Device\Harddisk0\DR0\Partition1 - ok
18:56:50.0350 4736 ============================================================
18:56:50.0350 4736 Scan finished
18:56:50.0350 4736 ============================================================
18:56:50.0390 6592 Detected object count: 1
18:56:50.0390 6592 Actual detected object count: 1
19:00:34.0706 6592 \Device\Harddisk0\DR0 - copied to quarantine
19:00:34.0706 6592 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - User select action: Quarantine
19:00:42.0328 8060 Deinitialize success

#10 sgeorge

sgeorge

    New Member

  • Members
  • Pip
  • 14 posts

Posted 23 February 2012 - 09:13 PM

I did not have the latest version of TDSSKiller. I upgraded to the latest version and I now have the Cure option. Here is the log with the Cure option picked.

21:05:28.0665 7556 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
21:05:29.0515 7556 ============================================================
21:05:29.0515 7556 Current date / time: 2012/02/23 21:05:29.0515
21:05:29.0515 7556 SystemInfo:
21:05:29.0515 7556
21:05:29.0515 7556 OS Version: 6.1.7601 ServicePack: 1.0
21:05:29.0515 7556 Product type: Workstation
21:05:29.0515 7556 ComputerName: ROO-SOXLAPTOP
21:05:29.0515 7556 UserName: Roo
21:05:29.0515 7556 Windows directory: C:\Windows
21:05:29.0515 7556 System windows directory: C:\Windows
21:05:29.0515 7556 Running under WOW64
21:05:29.0515 7556 Processor architecture: Intel x64
21:05:29.0515 7556 Number of processors: 2
21:05:29.0515 7556 Page size: 0x1000
21:05:29.0515 7556 Boot type: Normal boot
21:05:29.0515 7556 ============================================================
21:05:30.0855 7556 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:05:30.0865 7556 \Device\Harddisk0\DR0:
21:05:30.0865 7556 MBR used
21:05:30.0865 7556 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
21:05:30.0865 7556 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x38625E6B
21:05:30.0885 7556 Initialize success
21:05:30.0885 7556 ============================================================
21:05:33.0656 0400 ============================================================
21:05:33.0656 0400 Scan started
21:05:33.0656 0400 Mode: Manual;
21:05:33.0656 0400 ============================================================
21:05:35.0236 0400 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:05:35.0306 0400 1394ohci - ok
21:05:35.0366 0400 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:05:35.0426 0400 ACPI - ok
21:05:35.0456 0400 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:05:35.0496 0400 AcpiPmi - ok
21:05:35.0556 0400 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:05:35.0576 0400 adp94xx - ok
21:05:35.0606 0400 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:05:35.0616 0400 adpahci - ok
21:05:35.0676 0400 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:05:35.0696 0400 adpu320 - ok
21:05:35.0766 0400 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:05:35.0826 0400 AFD - ok
21:05:35.0856 0400 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:05:35.0856 0400 agp440 - ok
21:05:35.0896 0400 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:05:35.0916 0400 aliide - ok
21:05:35.0946 0400 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:05:35.0946 0400 amdide - ok
21:05:36.0006 0400 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:05:36.0006 0400 AmdK8 - ok
21:05:36.0026 0400 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:05:36.0036 0400 AmdPPM - ok
21:05:36.0086 0400 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:05:36.0146 0400 amdsata - ok
21:05:36.0176 0400 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:05:36.0186 0400 amdsbs - ok
21:05:36.0206 0400 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:05:36.0246 0400 amdxata - ok
21:05:36.0306 0400 AnyDVD (2d71d1eed26923802c1c1b26e603fe0c) C:\Windows\system32\Drivers\AnyDVD.sys
21:05:36.0366 0400 AnyDVD - ok
21:05:36.0446 0400 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:05:36.0496 0400 AppID - ok
21:05:36.0566 0400 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:05:36.0576 0400 arc - ok
21:05:36.0596 0400 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:05:36.0616 0400 arcsas - ok
21:05:36.0656 0400 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:05:36.0666 0400 AsyncMac - ok
21:05:36.0706 0400 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:05:36.0706 0400 atapi - ok
21:05:36.0766 0400 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys
21:05:36.0836 0400 AtiHdmiService - ok
21:05:36.0996 0400 atikmdag (a08339ae90972e268b9622c668f450e8) C:\Windows\system32\DRIVERS\atikmdag.sys
21:05:37.0096 0400 atikmdag - ok
21:05:37.0186 0400 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:05:37.0196 0400 b06bdrv - ok
21:05:37.0246 0400 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:05:37.0256 0400 b57nd60a - ok
21:05:37.0306 0400 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
21:05:37.0366 0400 BCM42RLY - ok
21:05:37.0466 0400 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
21:05:37.0526 0400 BCM43XX - ok
21:05:37.0596 0400 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:05:37.0606 0400 Beep - ok
21:05:37.0666 0400 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:05:37.0686 0400 blbdrive - ok
21:05:37.0766 0400 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:05:37.0826 0400 bowser - ok
21:05:37.0866 0400 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:05:37.0866 0400 BrFiltLo - ok
21:05:37.0886 0400 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:05:37.0896 0400 BrFiltUp - ok
21:05:37.0936 0400 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:05:37.0946 0400 BridgeMP - ok
21:05:37.0986 0400 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:05:37.0996 0400 Brserid - ok
21:05:38.0036 0400 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:05:38.0046 0400 BrSerWdm - ok
21:05:38.0066 0400 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:05:38.0066 0400 BrUsbMdm - ok
21:05:38.0126 0400 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:05:38.0136 0400 BrUsbSer - ok
21:05:38.0166 0400 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:05:38.0166 0400 BTHMODEM - ok
21:05:38.0206 0400 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:05:38.0216 0400 cdfs - ok
21:05:38.0266 0400 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:05:38.0306 0400 cdrom - ok
21:05:38.0366 0400 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
21:05:38.0426 0400 cfwids - ok
21:05:38.0446 0400 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:05:38.0446 0400 circlass - ok
21:05:38.0486 0400 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:05:38.0506 0400 CLFS - ok
21:05:38.0546 0400 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:05:38.0546 0400 CmBatt - ok
21:05:38.0566 0400 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:05:38.0566 0400 cmdide - ok
21:05:38.0616 0400 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:05:38.0686 0400 CNG - ok
21:05:38.0716 0400 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:05:38.0716 0400 Compbatt - ok
21:05:38.0776 0400 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:05:38.0846 0400 CompositeBus - ok
21:05:38.0896 0400 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:05:38.0906 0400 crcdisk - ok
21:05:38.0976 0400 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
21:05:39.0046 0400 CSC - ok
21:05:39.0096 0400 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
21:05:39.0146 0400 CtClsFlt - ok
21:05:39.0206 0400 dc3d (76e02db615a03801d698199a2bc4a06a) C:\Windows\system32\DRIVERS\dc3d.sys
21:05:39.0266 0400 dc3d - ok
21:05:39.0306 0400 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:05:39.0346 0400 DfsC - ok
21:05:39.0386 0400 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:05:39.0396 0400 discache - ok
21:05:39.0446 0400 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:05:39.0456 0400 Disk - ok
21:05:39.0517 0400 DisplayLinkUsbPort (15d38bfec1c6db925a9427052ac2bd77) C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.22617.0.sys
21:05:39.0567 0400 DisplayLinkUsbPort - ok
21:05:39.0607 0400 dlcdbus (0e787242686a9fc890ed420c9c287686) C:\Windows\system32\DRIVERS\dlcdbus.sys
21:05:39.0657 0400 dlcdbus - ok
21:05:39.0707 0400 dlkmd (f7b3c3e03d957d73d41947402d9cd406) C:\Windows\system32\drivers\dlkmd.sys
21:05:39.0757 0400 dlkmd - ok
21:05:39.0787 0400 dlkmdldr (389fb1d69a1b0e2403327590bf50084b) C:\Windows\system32\drivers\dlkmdldr.sys
21:05:39.0837 0400 dlkmdldr - ok
21:05:39.0917 0400 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:05:39.0917 0400 drmkaud - ok
21:05:39.0977 0400 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:05:40.0037 0400 DXGKrnl - ok
21:05:40.0307 0400 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:05:40.0347 0400 ebdrv - ok
21:05:40.0417 0400 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
21:05:40.0487 0400 ElbyCDIO - ok
21:05:40.0517 0400 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:05:40.0527 0400 elxstor - ok
21:05:40.0567 0400 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:05:40.0577 0400 ErrDev - ok
21:05:40.0617 0400 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:05:40.0627 0400 exfat - ok
21:05:40.0687 0400 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:05:40.0697 0400 fastfat - ok
21:05:40.0737 0400 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:05:40.0747 0400 fdc - ok
21:05:40.0797 0400 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:05:40.0797 0400 FileInfo - ok
21:05:40.0827 0400 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:05:40.0827 0400 Filetrace - ok
21:05:40.0847 0400 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:05:40.0847 0400 flpydisk - ok
21:05:40.0897 0400 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:05:40.0937 0400 FltMgr - ok
21:05:40.0987 0400 FlyUsb (6cd6bb45bd3e0eef6ce496bf52854ff1) C:\Windows\system32\DRIVERS\FlyUsb.sys
21:05:41.0037 0400 FlyUsb - ok
21:05:41.0057 0400 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:05:41.0067 0400 FsDepends - ok
21:05:41.0117 0400 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
21:05:41.0177 0400 fssfltr - ok
21:05:41.0197 0400 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:05:41.0197 0400 Fs_Rec - ok
21:05:41.0257 0400 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:05:41.0307 0400 fvevol - ok
21:05:41.0327 0400 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:05:41.0327 0400 gagp30kx - ok
21:05:41.0367 0400 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:05:41.0427 0400 GEARAspiWDM - ok
21:05:41.0567 0400 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:05:41.0567 0400 hcw85cir - ok
21:05:41.0647 0400 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:05:41.0697 0400 HDAudBus - ok
21:05:41.0727 0400 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:05:41.0727 0400 HidBatt - ok
21:05:41.0767 0400 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:05:41.0767 0400 HidBth - ok
21:05:41.0807 0400 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:05:41.0817 0400 HidIr - ok
21:05:41.0867 0400 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:05:41.0917 0400 HidUsb - ok
21:05:41.0957 0400 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:05:42.0007 0400 HpSAMD - ok
21:05:42.0047 0400 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
21:05:42.0117 0400 HTCAND64 - ok
21:05:42.0197 0400 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
21:05:42.0247 0400 htcnprot - ok
21:05:42.0287 0400 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:05:42.0397 0400 HTTP - ok
21:05:42.0437 0400 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:05:42.0467 0400 hwpolicy - ok
21:05:42.0507 0400 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:05:42.0528 0400 i8042prt - ok
21:05:42.0568 0400 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:05:42.0638 0400 iaStorV - ok
21:05:42.0718 0400 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:05:42.0728 0400 iirsp - ok
21:05:42.0778 0400 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:05:42.0778 0400 intelide - ok
21:05:42.0808 0400 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:05:42.0828 0400 intelppm - ok
21:05:42.0898 0400 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:05:42.0938 0400 IpFilterDriver - ok
21:05:42.0958 0400 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:05:43.0008 0400 IPMIDRV - ok
21:05:43.0038 0400 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:05:43.0048 0400 IPNAT - ok
21:05:43.0108 0400 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:05:43.0108 0400 IRENUM - ok
21:05:43.0128 0400 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:05:43.0138 0400 isapnp - ok
21:05:43.0158 0400 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:05:43.0208 0400 iScsiPrt - ok
21:05:43.0268 0400 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\Windows\system32\DRIVERS\k57nd60a.sys
21:05:43.0288 0400 k57nd60a - ok
21:05:43.0308 0400 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:05:43.0318 0400 kbdclass - ok
21:05:43.0328 0400 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:05:43.0388 0400 kbdhid - ok
21:05:43.0418 0400 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:05:43.0468 0400 KSecDD - ok
21:05:43.0508 0400 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:05:43.0548 0400 KSecPkg - ok
21:05:43.0578 0400 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:05:43.0588 0400 ksthunk - ok
21:05:43.0658 0400 LAN9500 (bc2539d1f5f6b7def2f736d93a9a0938) C:\Windows\system32\DRIVERS\lan9500-x64-n51f.sys
21:05:43.0708 0400 LAN9500 - ok
21:05:43.0778 0400 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:05:43.0788 0400 lltdio - ok
21:05:43.0838 0400 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:05:43.0838 0400 LSI_FC - ok
21:05:43.0858 0400 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:05:43.0858 0400 LSI_SAS - ok
21:05:43.0888 0400 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:05:43.0888 0400 LSI_SAS2 - ok
21:05:43.0928 0400 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:05:43.0938 0400 LSI_SCSI - ok
21:05:43.0968 0400 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:05:43.0968 0400 luafv - ok
21:05:44.0028 0400 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
21:05:44.0098 0400 MBAMProtector - ok
21:05:44.0198 0400 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:05:44.0208 0400 megasas - ok
21:05:44.0238 0400 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:05:44.0248 0400 MegaSR - ok
21:05:44.0288 0400 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
21:05:44.0328 0400 mfeapfk - ok
21:05:44.0368 0400 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
21:05:44.0418 0400 mfeavfk - ok
21:05:44.0438 0400 mfeavfk01 - ok
21:05:44.0488 0400 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
21:05:44.0558 0400 mfefirek - ok
21:05:44.0578 0400 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
21:05:44.0628 0400 mfehidk - ok
21:05:44.0688 0400 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
21:05:44.0758 0400 mfenlfk - ok
21:05:44.0808 0400 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
21:05:44.0858 0400 mferkdet - ok
21:05:44.0888 0400 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
21:05:44.0938 0400 mfewfpk - ok
21:05:45.0008 0400 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:05:45.0008 0400 Modem - ok
21:05:45.0068 0400 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:05:45.0078 0400 monitor - ok
21:05:45.0148 0400 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:05:45.0148 0400 mouclass - ok
21:05:45.0198 0400 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:05:45.0208 0400 mouhid - ok
21:05:45.0278 0400 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:05:45.0358 0400 mountmgr - ok
21:05:45.0388 0400 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:05:45.0448 0400 mpio - ok
21:05:45.0478 0400 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:05:45.0478 0400 mpsdrv - ok
21:05:45.0528 0400 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:05:45.0598 0400 MRxDAV - ok
21:05:45.0628 0400 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:05:45.0688 0400 mrxsmb - ok
21:05:45.0738 0400 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:05:45.0808 0400 mrxsmb10 - ok
21:05:45.0828 0400 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:05:45.0868 0400 mrxsmb20 - ok
21:05:45.0908 0400 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:05:45.0968 0400 msahci - ok
21:05:45.0988 0400 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:05:46.0048 0400 msdsm - ok
21:05:46.0088 0400 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:05:46.0098 0400 Msfs - ok
21:05:46.0118 0400 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:05:46.0128 0400 mshidkmdf - ok
21:05:46.0138 0400 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:05:46.0138 0400 msisadrv - ok
21:05:46.0198 0400 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:05:46.0208 0400 MSKSSRV - ok
21:05:46.0248 0400 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:05:46.0258 0400 MSPCLOCK - ok
21:05:46.0288 0400 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:05:46.0298 0400 MSPQM - ok
21:05:46.0338 0400 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:05:46.0398 0400 MsRPC - ok
21:05:46.0418 0400 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:05:46.0418 0400 mssmbios - ok
21:05:46.0438 0400 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:05:46.0438 0400 MSTEE - ok
21:05:46.0458 0400 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:05:46.0468 0400 MTConfig - ok
21:05:46.0488 0400 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:05:46.0498 0400 Mup - ok
21:05:46.0569 0400 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:05:46.0589 0400 NativeWifiP - ok
21:05:46.0719 0400 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:05:46.0789 0400 NDIS - ok
21:05:46.0819 0400 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:05:46.0829 0400 NdisCap - ok
21:05:46.0869 0400 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:05:46.0869 0400 NdisTapi - ok
21:05:46.0919 0400 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:05:46.0979 0400 Ndisuio - ok
21:05:47.0019 0400 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:05:47.0089 0400 NdisWan - ok
21:05:47.0129 0400 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:05:47.0189 0400 NDProxy - ok
21:05:47.0209 0400 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:05:47.0209 0400 NetBIOS - ok
21:05:47.0239 0400 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:05:47.0309 0400 NetBT - ok
21:05:47.0349 0400 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:05:47.0349 0400 nfrd960 - ok
21:05:47.0379 0400 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:05:47.0389 0400 Npfs - ok
21:05:47.0409 0400 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:05:47.0419 0400 nsiproxy - ok
21:05:47.0479 0400 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:05:47.0659 0400 Ntfs - ok
21:05:47.0739 0400 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
21:05:47.0819 0400 NuidFltr - ok
21:05:47.0839 0400 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:05:47.0849 0400 Null - ok
21:05:47.0889 0400 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:05:47.0939 0400 nvraid - ok
21:05:47.0979 0400 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:05:48.0019 0400 nvstor - ok
21:05:48.0059 0400 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:05:48.0069 0400 nv_agp - ok
21:05:48.0089 0400 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:05:48.0099 0400 ohci1394 - ok
21:05:48.0149 0400 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:05:48.0179 0400 Parport - ok
21:05:48.0219 0400 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:05:48.0309 0400 partmgr - ok
21:05:48.0449 0400 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
21:05:48.0499 0400 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
21:05:48.0539 0400 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:05:48.0589 0400 pci - ok
21:05:48.0619 0400 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:05:48.0619 0400 pciide - ok
21:05:48.0689 0400 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:05:48.0709 0400 pcmcia - ok
21:05:48.0729 0400 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:05:48.0729 0400 pcw - ok
21:05:48.0759 0400 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:05:48.0769 0400 PEAUTH - ok
21:05:48.0849 0400 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
21:05:48.0899 0400 Point64 - ok
21:05:48.0959 0400 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:05:49.0039 0400 PptpMiniport - ok
21:05:49.0059 0400 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:05:49.0059 0400 Processor - ok
21:05:49.0109 0400 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:05:49.0169 0400 Psched - ok
21:05:49.0219 0400 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
21:05:49.0259 0400 PxHlpa64 - ok
21:05:49.0299 0400 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:05:49.0359 0400 ql2300 - ok
21:05:49.0379 0400 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:05:49.0379 0400 ql40xx - ok
21:05:49.0399 0400 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:05:49.0409 0400 QWAVEdrv - ok
21:05:49.0429 0400 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:05:49.0429 0400 RasAcd - ok
21:05:49.0479 0400 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:05:49.0489 0400 RasAgileVpn - ok
21:05:49.0539 0400 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:05:49.0590 0400 Rasl2tp - ok
21:05:49.0610 0400 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:05:49.0620 0400 RasPppoe - ok
21:05:49.0660 0400 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:05:49.0670 0400 RasSstp - ok
21:05:49.0740 0400 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:05:49.0800 0400 rdbss - ok
21:05:49.0820 0400 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:05:49.0820 0400 rdpbus - ok
21:05:49.0850 0400 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:05:49.0850 0400 RDPCDD - ok
21:05:49.0900 0400 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
21:05:49.0950 0400 RDPDR - ok
21:05:49.0970 0400 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:05:49.0970 0400 RDPENCDD - ok
21:05:50.0010 0400 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:05:50.0020 0400 RDPREFMP - ok
21:05:50.0070 0400 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
21:05:50.0130 0400 RdpVideoMiniport - ok
21:05:50.0160 0400 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:05:50.0220 0400 RDPWD - ok
21:05:50.0280 0400 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:05:50.0340 0400 rdyboost - ok
21:05:50.0400 0400 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
21:05:50.0460 0400 rimmptsk - ok
21:05:50.0480 0400 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
21:05:50.0520 0400 rimsptsk - ok
21:05:50.0570 0400 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
21:05:50.0630 0400 RimUsb - ok
21:05:50.0690 0400 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
21:05:50.0760 0400 rismxdp - ok
21:05:50.0830 0400 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:05:50.0830 0400 rspndr - ok
21:05:50.0880 0400 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
21:05:50.0940 0400 s3cap - ok
21:05:50.0970 0400 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:05:51.0020 0400 sbp2port - ok
21:05:51.0060 0400 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:05:51.0120 0400 scfilter - ok
21:05:51.0150 0400 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
21:05:51.0200 0400 sdbus - ok
21:05:51.0240 0400 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:05:51.0250 0400 secdrv - ok
21:05:51.0290 0400 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:05:51.0300 0400 Serenum - ok
21:05:51.0320 0400 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:05:51.0320 0400 Serial - ok
21:05:51.0350 0400 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:05:51.0360 0400 sermouse - ok
21:05:51.0410 0400 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:05:51.0410 0400 sffdisk - ok
21:05:51.0430 0400 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:05:51.0430 0400 sffp_mmc - ok
21:05:51.0460 0400 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:05:51.0510 0400 sffp_sd - ok
21:05:51.0530 0400 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:05:51.0540 0400 sfloppy - ok
21:05:51.0580 0400 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:05:51.0590 0400 SiSRaid2 - ok
21:05:51.0610 0400 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:05:51.0620 0400 SiSRaid4 - ok
21:05:51.0700 0400 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:05:51.0710 0400 Smb - ok
21:05:51.0760 0400 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:05:51.0770 0400 spldr - ok
21:05:51.0820 0400 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:05:51.0890 0400 srv - ok
21:05:51.0940 0400 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:05:51.0990 0400 srv2 - ok
21:05:52.0020 0400 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:05:52.0080 0400 srvnet - ok
21:05:52.0130 0400 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:05:52.0130 0400 stexstor - ok
21:05:52.0190 0400 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
21:05:52.0260 0400 STHDA - ok
21:05:52.0300 0400 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
21:05:52.0350 0400 storflt - ok
21:05:52.0380 0400 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
21:05:52.0420 0400 storvsc - ok
21:05:52.0460 0400 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:05:52.0460 0400 swenum - ok
21:05:52.0520 0400 Synth3dVsc - ok
21:05:52.0570 0400 SynTP (1657b7442d5ce30533f5c4317716b468) C:\Windows\system32\DRIVERS\SynTP.sys
21:05:52.0650 0400 SynTP - ok
21:05:52.0740 0400 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:05:52.0880 0400 Tcpip - ok
21:05:52.0960 0400 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:05:52.0980 0400 TCPIP6 - ok
21:05:53.0030 0400 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:05:53.0090 0400 tcpipreg - ok
21:05:53.0130 0400 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:05:53.0150 0400 TDPIPE - ok
21:05:53.0170 0400 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:05:53.0170 0400 TDTCP - ok
21:05:53.0210 0400 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:05:53.0260 0400 tdx - ok
21:05:53.0300 0400 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:05:53.0330 0400 TermDD - ok
21:05:53.0390 0400 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:05:53.0430 0400 tssecsrv - ok
21:05:53.0470 0400 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:05:53.0510 0400 TsUsbFlt - ok
21:05:53.0520 0400 tsusbhub - ok
21:05:53.0590 0400 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:05:53.0660 0400 tunnel - ok
21:05:53.0690 0400 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:05:53.0690 0400 uagp35 - ok
21:05:53.0740 0400 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:05:53.0810 0400 udfs - ok
21:05:53.0870 0400 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:05:53.0880 0400 uliagpkx - ok
21:05:53.0950 0400 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:05:54.0020 0400 umbus - ok
21:05:54.0050 0400 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:05:54.0050 0400 UmPass - ok
21:05:54.0130 0400 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
21:05:54.0190 0400 USBAAPL64 - ok
21:05:54.0230 0400 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:05:54.0300 0400 usbccgp - ok
21:05:54.0330 0400 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:05:54.0340 0400 usbcir - ok
21:05:54.0360 0400 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:05:54.0420 0400 usbehci - ok
21:05:54.0440 0400 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:05:54.0510 0400 usbhub - ok
21:05:54.0530 0400 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:05:54.0590 0400 usbohci - ok
21:05:54.0610 0400 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:05:54.0620 0400 usbprint - ok
21:05:54.0680 0400 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:05:54.0740 0400 USBSTOR - ok
21:05:54.0760 0400 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
21:05:54.0810 0400 usbuhci - ok
21:05:54.0850 0400 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:05:54.0920 0400 usbvideo - ok
21:05:54.0950 0400 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:05:54.0950 0400 vdrvroot - ok
21:05:55.0000 0400 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:05:55.0010 0400 vga - ok
21:05:55.0040 0400 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:05:55.0050 0400 VgaSave - ok
21:05:55.0070 0400 VGPU - ok
21:05:55.0090 0400 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:05:55.0140 0400 vhdmp - ok
21:05:55.0170 0400 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:05:55.0180 0400 viaide - ok
21:05:55.0230 0400 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
21:05:55.0300 0400 vmbus - ok
21:05:55.0320 0400 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
21:05:55.0370 0400 VMBusHID - ok
21:05:55.0390 0400 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:05:55.0440 0400 volmgr - ok
21:05:55.0490 0400 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:05:55.0570 0400 volmgrx - ok
21:05:55.0590 0400 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:05:55.0640 0400 volsnap - ok
21:05:55.0680 0400 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:05:55.0710 0400 vsmraid - ok
21:05:55.0760 0400 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:05:55.0760 0400 vwifibus - ok
21:05:55.0790 0400 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:05:55.0810 0400 vwififlt - ok
21:05:55.0850 0400 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:05:55.0860 0400 vwifimp - ok
21:05:55.0910 0400 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:05:55.0910 0400 WacomPen - ok
21:05:55.0970 0400 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:05:56.0030 0400 WANARP - ok
21:05:56.0050 0400 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:05:56.0050 0400 Wanarpv6 - ok
21:05:56.0110 0400 wanatw (eceb715bece47e101ddec06b11126066) C:\Windows\system32\DRIVERS\wanatw64.sys
21:05:56.0170 0400 wanatw - ok
21:05:56.0230 0400 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:05:56.0230 0400 Wd - ok
21:05:56.0270 0400 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
21:05:56.0330 0400 WDC_SAM - ok
21:05:56.0370 0400 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:05:56.0390 0400 Wdf01000 - ok
21:05:56.0450 0400 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:05:56.0450 0400 WfpLwf - ok
21:05:56.0490 0400 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
21:05:56.0550 0400 WimFltr - ok
21:05:56.0571 0400 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:05:56.0571 0400 WIMMount - ok
21:05:56.0661 0400 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:05:56.0731 0400 WinUsb - ok
21:05:56.0771 0400 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:05:56.0781 0400 WmiAcpi - ok
21:05:56.0811 0400 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:05:56.0811 0400 ws2ifsl - ok
21:05:56.0871 0400 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:05:56.0931 0400 WudfPf - ok
21:05:56.0971 0400 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:05:57.0031 0400 WUDFRd - ok
21:05:57.0061 0400 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0
21:05:57.0091 0400 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
21:05:57.0091 0400 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
21:05:57.0131 0400 Boot (0x1200) (d7378bf694d12b3be92b25933efd13fa) \Device\Harddisk0\DR0\Partition0
21:05:57.0141 0400 \Device\Harddisk0\DR0\Partition0 - ok
21:05:57.0161 0400 Boot (0x1200) (ebbe15e9ac9bd469cb60522a92bcc846) \Device\Harddisk0\DR0\Partition1
21:05:57.0161 0400 \Device\Harddisk0\DR0\Partition1 - ok
21:05:57.0161 0400 ============================================================
21:05:57.0161 0400 Scan finished
21:05:57.0161 0400 ============================================================
21:05:57.0201 6892 Detected object count: 1
21:05:57.0201 6892 Actual detected object count: 1
21:06:18.0525 6892 \Device\Harddisk0\DR0\# - copied to quarantine
21:06:18.0525 6892 \Device\Harddisk0\DR0 - copied to quarantine
21:06:18.0725 6892 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
21:06:24.0346 6892 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
21:06:30.0049 6892 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
21:06:30.0129 6892 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
21:06:30.0189 6892 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
21:06:35.0769 6892 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
21:06:41.0391 6892 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
21:06:41.0391 6892 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
21:06:41.0401 6892 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
21:06:41.0411 6892 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
21:06:47.0103 6892 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
21:06:52.0683 6892 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
21:06:52.0713 6892 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
21:06:52.0713 6892 \Device\Harddisk0\DR0 - ok
21:06:52.0963 6892 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
21:07:35.0597 3984 Deinitialize success

#11 sgeorge

sgeorge

    New Member

  • Members
  • Pip
  • 14 posts

Posted 23 February 2012 - 09:47 PM

Now the combofix works. Here is the log.

ComboFix 12-02-23.01 - Roo 02/23/2012 21:19:41.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6109.4279 [GMT -5:00]
Running from: c:\users\Roo\Software\ComboFix\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\program files (x86)\LP\015B\4BEF.tmp
c:\program files (x86)\LP\015B\54F2.tmp
c:\program files (x86)\LP\015B\607A.tmp
c:\program files (x86)\LP\015B\67A8.tmp
c:\program files (x86)\LP\015B\A4F8.tmp
c:\program files (x86)\LP\015B\BBFE.tmp
c:\program files (x86)\LP\015B\FAA5.tmp
c:\programdata\PCDr\5907\Downloads\f8338de4-40cb-4494-bc70-93db3ab9e32d.dll
c:\programdata\PCDr\5907\Downloads\fa2ff61b-2c58-4071-916b-f881289a3959.dll
c:\users\Roo\AppData\Roaming\Install.dat
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-24 to 2012-02-24 )))))))))))))))))))))))))))))))
.
.
2012-02-24 02:30 . 2012-02-24 02:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-24 00:00 . 2012-02-24 02:06 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-23 12:34 . 2012-02-23 12:34 -------- d-----w- c:\programdata\AVG Secure Search
2012-02-23 12:34 . 2012-02-23 12:34 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-02-23 12:34 . 2012-02-23 12:34 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-02-23 12:34 . 2012-02-23 12:34 -------- d--h--w- c:\programdata\Common Files
2012-02-22 11:04 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7BF13FF4-C811-473C-BD31-349C3E0EA235}\mpengine.dll
2012-02-21 03:20 . 2012-02-21 03:28 -------- d-----w- c:\program files (x86)\Common Files\Simple Adblock
2012-02-21 02:32 . 2012-02-21 02:32 -------- d-----w- c:\users\Roo\AppData\Roaming\Malwarebytes
2012-02-21 02:31 . 2012-02-21 02:31 -------- d-----w- c:\programdata\Malwarebytes
2012-02-21 02:31 . 2012-02-21 02:31 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2012-02-21 02:31 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-19 18:25 . 2012-01-29 10:10 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 15:08 . 2012-02-19 02:13 -------- d-----w- c:\users\Roo\AppData\Roaming\57168
2012-02-17 15:07 . 2012-02-19 02:12 -------- d-----w- c:\users\Roo\AppData\Roaming\B8457
2012-02-16 02:16 . 2012-02-16 02:16 -------- d-----w- C:\63146ec7b3a033f4356ca48e
2012-02-16 02:08 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 02:08 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-16 02:08 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 02:08 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-16 02:08 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 02:07 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 02:07 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 02:07 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-14 03:00 . 2012-02-14 03:00 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\52A1.tmp
2012-02-14 03:00 . 2012-02-14 03:00 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\52A0.tmp
2012-02-06 00:08 . 2012-02-06 00:08 -------- d-----w- c:\program files\Google
2012-02-06 00:08 . 2012-02-06 00:08 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-06 00:08 . 2012-02-06 00:08 -------- d-----w- c:\windows\system32\Macromed
2012-02-05 23:30 . 2012-02-05 23:30 -------- d-----w- c:\users\Roo\AppData\Roaming\Macrovision
2012-01-25 20:25 . 2012-01-25 20:25 -------- d-----w- c:\program files\iPod
2012-01-25 20:25 . 2012-01-25 20:26 -------- d-----w- c:\program files\iTunes
2012-01-25 20:25 . 2012-01-25 20:26 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-02 21:27 . 2009-09-08 17:43 31064 ----a-w- c:\program files (x86)\xsell.dll
2010-06-02 21:27 . 2009-09-08 17:43 133976 ----a-w- c:\program files (x86)\xmlparse_tok.dll
2010-06-02 21:27 . 2009-09-08 17:43 107864 ----a-w- c:\program files (x86)\xmlparse.dll
2010-06-02 21:27 . 2009-09-08 17:43 946520 ----a-w- c:\program files (x86)\ttaximp.dll
2010-06-02 21:27 . 2009-09-08 17:43 91992 ----a-w- c:\program files (x86)\qwsnap.dll
2010-06-02 21:27 . 2009-09-08 17:43 810328 ----a-w- c:\program files (x86)\qwwin.dll
2010-06-02 21:27 . 2009-09-08 17:43 78680 ----a-w- c:\program files (x86)\qwinver.dll
2010-06-02 21:27 . 2009-09-08 17:43 70488 ----a-w- c:\program files (x86)\qwcntr.dll
2010-06-02 21:27 . 2009-09-08 17:43 48984 ----a-w- c:\program files (x86)\QWVER.DLL
2010-06-02 21:27 . 2009-09-08 17:43 321368 ----a-w- c:\program files (x86)\qwpr.dll
2010-06-02 21:27 . 2009-09-08 17:43 2832728 ----a-w- c:\program files (x86)\qwutil.dll
2010-06-02 21:27 . 2009-09-08 17:43 2603352 ----a-w- c:\program files (x86)\qwonline.dll
2010-06-02 21:27 . 2009-09-08 17:43 229208 ----a-w- c:\program files (x86)\qwapp.dll
2010-06-02 21:27 . 2009-09-08 17:43 13656 ----a-w- c:\program files (x86)\qwsync.dll
2010-06-02 21:27 . 2009-09-08 17:43 133976 ----a-w- c:\program files (x86)\qwxmlparse_tok.dll
2010-06-02 21:27 . 2009-09-08 17:43 111960 ----a-w- c:\program files (x86)\qwinet.dll
2010-06-02 21:27 . 2009-09-08 17:43 107864 ----a-w- c:\program files (x86)\qwxmlparse.dll
2010-06-02 21:27 . 2009-09-08 17:43 879448 ----a-w- c:\program files (x86)\qvault.dll
2010-06-02 21:27 . 2009-09-08 17:43 82264 ----a-w- c:\program files (x86)\QShowHelp.dll
2010-06-02 21:27 . 2009-09-08 17:43 330072 ----a-w- c:\program files (x86)\qtax.dll
2010-06-02 21:27 . 2009-09-08 17:43 27480 ----a-w- c:\program files (x86)\qsapi_eng.dll
2010-06-02 21:27 . 2009-09-08 17:43 25432 ----a-w- c:\program files (x86)\qsapi.dll
2010-06-02 21:27 . 2009-09-08 17:43 136024 ----a-w- c:\program files (x86)\qrep.dll
2010-06-02 21:27 . 2009-09-08 17:43 132952 ----a-w- c:\program files (x86)\qsac.dll
2010-06-02 21:27 . 2009-09-08 17:43 127832 ----a-w- c:\program files (x86)\Qsetup.dll
2010-06-02 21:27 . 2009-09-08 17:43 1163096 ----a-w- c:\program files (x86)\qreports.dll
2010-06-02 21:27 . 2009-09-08 17:43 89432 ----a-w- c:\program files (x86)\qindex.dll
2010-06-02 21:27 . 2009-09-08 17:43 79192 ----a-w- c:\program files (x86)\mvmc14n.dll
2010-06-02 21:27 . 2009-09-08 17:43 74072 ----a-w- c:\program files (x86)\mvix14n.dll
2010-06-02 21:27 . 2009-09-08 17:43 71512 ----a-w- c:\program files (x86)\qdapp.dll
2010-06-02 21:27 . 2009-09-08 17:43 631640 ----a-w- c:\program files (x86)\qdb.dll
2010-06-02 21:27 . 2009-09-08 17:43 61784 ----a-w- c:\program files (x86)\mvfs14n.dll
2010-06-02 21:27 . 2009-09-08 17:43 56664 ----a-w- c:\program files (x86)\mvsr14n.dll
2010-06-02 21:27 . 2009-09-08 17:43 56152 ----a-w- c:\program files (x86)\mvtl14n.dll
2010-06-02 21:27 . 2009-09-08 17:43 42840 ----a-w- c:\program files (x86)\onlncall.dll
2010-06-02 21:27 . 2009-09-08 17:43 38232 ----a-w- c:\program files (x86)\mvmg14n.dll
2010-06-02 21:27 . 2009-09-08 17:43 380248 ----a-w- c:\program files (x86)\qcomutil.dll
2010-06-02 21:27 . 2009-09-08 17:43 31064 ----a-w- c:\program files (x86)\mvbk14n.dll
2010-06-02 21:27 . 2009-09-08 17:43 2778968 ----a-w- c:\program files (x86)\ofxsdk_qw.dll
2010-06-02 21:27 . 2009-09-08 17:43 26968 ----a-w- c:\program files (x86)\qdappui.dll
2010-06-02 21:27 . 2009-09-08 17:43 1492312 ----a-w- c:\program files (x86)\online.dll
2010-06-02 21:27 . 2009-09-08 17:43 148824 ----a-w- c:\program files (x86)\olbservice.dll
2010-06-02 21:27 . 2009-09-08 17:43 1262424 ----a-w- c:\program files (x86)\qaccess.dll
2010-06-02 21:27 . 2009-09-08 17:43 117592 ----a-w- c:\program files (x86)\mvcl14n.dll
2010-06-02 21:27 . 2009-09-08 17:43 114008 ----a-w- c:\program files (x86)\QCONNECT.DLL
2010-06-02 21:27 . 2009-09-08 17:43 77144 ----a-w- c:\program files (x86)\graphs.dll
2010-06-02 21:27 . 2009-09-08 17:43 66904 ----a-w- c:\program files (x86)\atwork_xprint.dll
2010-06-02 21:27 . 2009-09-08 17:43 63320 ----a-w- c:\program files (x86)\dllapps_dedfnd.dll
2010-06-02 21:27 . 2009-09-08 17:43 53592 ----a-w- c:\program files (x86)\dllapps_savgol.dll
2010-06-02 21:27 . 2009-09-08 17:43 38232 ----a-w- c:\program files (x86)\bgt_pnf.dll
2010-06-02 21:27 . 2009-09-08 17:43 275288 ----a-w- c:\program files (x86)\lbtmngr.dll
2010-06-02 21:27 . 2009-09-08 17:43 26968 ----a-w- c:\program files (x86)\gdipapi.dll
2010-06-02 21:27 . 2009-09-08 17:43 26968 ----a-w- c:\program files (x86)\calnote.dll
2010-06-02 21:27 . 2009-09-08 17:43 16728 ----a-w- c:\program files (x86)\custprof.dll
2010-06-02 21:27 . 2009-09-08 17:43 166232 ----a-w- c:\program files (x86)\cashflow.dll
2010-06-02 21:27 . 2009-09-08 17:43 115032 ----a-w- c:\program files (x86)\dllapps_frcast.dll
2010-06-02 21:27 . 2009-09-08 17:43 107352 ----a-w- c:\program files (x86)\dllapps_dbtred.dll
2010-06-02 21:27 . 2009-09-08 17:43 105816 ----a-w- c:\program files (x86)\dllapps_plan.dll
2010-06-02 21:26 . 2009-09-08 17:42 23384 ----a-w- c:\program files (x86)\QuickenOLBackupLauncher.exe
2010-06-02 21:25 . 2009-09-08 17:42 48472 ----a-w- c:\program files (x86)\InetTools.dll
2010-06-02 21:24 . 2009-09-08 17:41 537944 ----a-w- c:\program files (x86)\UpdateContent.dll
2010-06-02 21:24 . 2009-09-08 17:41 46424 ----a-w- c:\program files (x86)\BindContent.exe
2010-06-02 21:24 . 2009-09-08 17:41 57176 ----a-w- c:\program files (x86)\RestartExe.exe
2010-06-02 21:24 . 2009-09-08 17:41 312664 ----a-w- c:\program files (x86)\SendError.dll
2010-06-02 21:24 . 2009-11-13 05:39 32088 ----a-w- c:\program files (x86)\qwutilnet.dll
2010-06-02 21:24 . 2009-09-08 17:41 359768 ----a-w- c:\program files (x86)\qwplan.dll
2010-06-02 21:24 . 2009-09-08 17:41 129880 ----a-w- c:\program files (x86)\qwonlineFeatures.dll
2010-06-02 21:24 . 2009-09-08 17:41 76120 ----a-w- c:\program files (x86)\qwipa.dll
2010-06-02 21:23 . 2009-09-08 17:41 10163032 ----a-w- c:\program files (x86)\qwmain.dll
2010-06-02 21:23 . 2009-09-08 17:41 103256 ----a-w- c:\program files (x86)\qnet.dll
2010-06-02 21:23 . 2009-09-08 17:41 114008 ----a-w- c:\program files (x86)\qcon32.dll
2010-06-02 21:23 . 2009-09-08 17:41 680792 ----a-w- c:\program files (x86)\decapi.dll
2010-06-02 21:23 . 2009-09-08 17:41 173400 ----a-w- c:\program files (x86)\xport.dll
2010-06-02 21:23 . 2009-09-08 17:41 185176 ----a-w- c:\program files (x86)\sport.dll
2010-06-02 21:23 . 2009-09-08 17:41 155992 ----a-w- c:\program files (x86)\MoneyFileReader.dll
2010-06-02 21:23 . 2009-09-08 17:41 142680 ----a-w- c:\program files (x86)\MoneyFileConverter.dll
2010-06-02 21:23 . 2009-09-08 17:41 63320 ----a-w- c:\program files (x86)\lbt_ux.dll
2010-06-02 21:23 . 2009-09-08 17:41 60248 ----a-w- c:\program files (x86)\txstuff.dll
2010-06-02 21:23 . 2009-09-08 17:41 315736 ----a-w- c:\program files (x86)\lbt_webrequest.dll
2010-06-02 21:23 . 2009-09-08 17:40 66904 ----a-w- c:\program files (x86)\lbt_rte.dll
2010-06-02 21:23 . 2009-09-08 17:40 71512 ----a-w- c:\program files (x86)\lbt_qupddir.dll
2010-06-02 21:23 . 2009-09-08 17:40 80728 ----a-w- c:\program files (x86)\lbt_qplus.dll
2010-06-02 21:23 . 2009-09-08 17:40 68440 ----a-w- c:\program files (x86)\lbt_pvsync.dll
2010-06-02 21:23 . 2009-09-08 17:40 63832 ----a-w- c:\program files (x86)\lbt_decompression.dll
2010-06-02 21:23 . 2009-09-08 17:40 357720 ----a-w- c:\program files (x86)\lbt_customerCentral.dll
2010-06-02 21:23 . 2009-09-08 17:40 64344 ----a-w- c:\program files (x86)\lbt_bullseye.dll
2010-06-02 21:23 . 2009-09-08 17:40 61784 ----a-w- c:\program files (x86)\lbt_Auto1Way.dll
2010-06-02 21:22 . 2009-09-08 17:40 28504 ----a-w- c:\program files (x86)\lbt.dll
2010-06-02 21:22 . 2009-09-08 17:40 129880 ----a-w- c:\program files (x86)\QCustomAction.dll
2010-06-02 21:22 . 2009-09-08 17:40 39768 ----a-w- c:\program files (x86)\convert_stub.dll
2010-06-02 21:22 . 2009-09-08 17:40 155992 ----a-w- c:\program files (x86)\cashgen.dll
2010-06-02 21:22 . 2009-09-08 17:40 34136 ----a-w- c:\program files (x86)\CalendarSync.dll
2010-06-02 21:22 . 2009-09-08 17:40 116568 ----a-w- c:\program files (x86)\billmind_qwrmnd.dll
2010-06-02 21:22 . 2009-09-08 17:40 47448 ----a-w- c:\program files (x86)\billmind_alrtpkg.dll
2010-06-02 21:22 . 2009-09-08 17:40 26456 ----a-w- c:\program files (x86)\billmind.exe
2010-06-02 21:22 . 2009-09-08 17:40 77656 ----a-w- c:\program files (x86)\bagent.exe
2010-06-02 21:22 . 2009-09-08 17:40 354136 ----a-w- c:\program files (x86)\alert.dll
2010-06-02 21:22 . 2009-09-08 17:40 38744 ----a-w- c:\program files (x86)\printenv.exe
2010-06-02 21:22 . 2009-09-08 17:40 1035608 ----a-w- c:\program files (x86)\dbghelp.dll
2010-06-02 21:22 . 2009-09-08 17:40 71000 ----a-w- c:\program files (x86)\techhelp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-02-23 12:34 1574240 ----a-w- c:\program files (x86)\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll" [2012-02-23 1574240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\11\ISUSPM.exe" [2008-09-26 210208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HostManager"="c:\program files (x86)\Common Files\AOL\1262054950\ee\AOLSoftware.exe" [2009-07-20 41264]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
"Absolute Notifier"="c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2010-10-08 86184]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-02-23 892768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-09 559616]
.
c:\users\Roo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2119488]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.22617.0.sys [x]
R3 dlcdbus;DisplayLink Composite USB Bus Driver driver (WDM);c:\windows\system32\DRIVERS\dlcdbus.sys [x]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 LAN9500;LAN9500 USB 2.0 to Ethernet 10/100 Adapter Service;c:\windows\system32\DRIVERS\lan9500-x64-n51f.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-02-01 25072]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-08 10408]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2009-12-08 8551272]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-10-18 161168]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2012-02-23 869216]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 130048]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 14:59]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 14:59]
.
2012-02-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
2012-02-23 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={646EDEB7-C6E6-46C2-A086-E04BC1D1462E}&mid=e59cecda502947d18dced14acce4e9e6-49b99d1abb4251dc0f4c8caac757d6570d3d621e&lang=en&ds=ft011&pr=sa&d=2012-02-23 07:34&v=9.0.0.23&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
Wow6432Node-HKLM-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-TurboTax 2009 - f:\program files\Turbo Tax 09\Installer\TurboTax 2009 Installer.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2012-02-23 21:37:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-24 02:37
.
Pre-Run: 346,189,152,256 bytes free
Post-Run: 347,227,086,848 bytes free
.
- - End Of File - - E99B284C1C36575D5CA27A833B10ED39

#12 sgeorge

sgeorge

    New Member

  • Members
  • Pip
  • 14 posts

Posted 23 February 2012 - 10:37 PM

Hi Daniel,
Thanks so much for your help. I think the virus is gone. I've run a scan in McAfee that came back clean. I've also run a scan in Malwarebytes that came back clean.

I'm not sure how my PC became infected with this horrid thing. Can you recommend any other/different software besides the McAfee virus software and the Malwarebytes? I'm trying to do my best to avoid this in the future.
Thanks so much
Sheila

#13 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 907 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 24 February 2012 - 01:53 AM

Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.

Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.


Good that they updated TDSSKiller. The first reports indicated, that the kind of rootkit is "unknown" so need to choose "Restore" but this will create a default MBR code on your OS which can cause problems.
We have to work very carefully with this kind of infections :)



Open notepad and copy/paste the text in the Code-box below into it:

DirLook::
c:\users\Roo\AppData\Roaming\57168
c:\users\Roo\AppData\Roaming\B8457
C:\63146ec7b3a033f4356ca48e

File::
c:\programdata\Microsoft\Windows\DRM\52A1.tmp
c:\programdata\Microsoft\Windows\DRM\52A0.tmp

  • Save this as CFScript.txt, in the same location as ComboFix.exe.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Please post in your next reply
Combofix.txt

regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 


#14 sgeorge

sgeorge

    New Member

  • Members
  • Pip
  • 14 posts

Posted 25 February 2012 - 08:01 AM

ComboFix log

ComboFix 12-02-23.01 - Roo 02/25/2012 7:35.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6109.4118 [GMT -5:00]
Running from: c:\users\Roo\Software\ComboFix\ComboFix.exe
Command switches used :: c:\users\Roo\Software\ComboFix\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Microsoft\Windows\DRM\52A0.tmp"
"c:\programdata\Microsoft\Windows\DRM\52A1.tmp"
.
.
((((((((((((((((((((((((( Files Created from 2012-01-25 to 2012-02-25 )))))))))))))))))))))))))))))))
.
.
2012-02-25 12:45 . 2012-02-25 12:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-25 12:30 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6D72B1B-06BC-4E7D-89EA-124F9DC92755}\mpengine.dll
2012-02-24 00:00 . 2012-02-24 02:06 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-23 12:34 . 2012-02-25 12:25 -------- d-----w- c:\programdata\AVG Secure Search
2012-02-23 12:34 . 2012-02-23 12:34 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-02-23 12:34 . 2012-02-25 12:25 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-02-23 12:34 . 2012-02-23 12:34 -------- d--h--w- c:\programdata\Common Files
2012-02-21 03:20 . 2012-02-21 03:28 -------- d-----w- c:\program files (x86)\Common Files\Simple Adblock
2012-02-21 02:32 . 2012-02-21 02:32 -------- d-----w- c:\users\Roo\AppData\Roaming\Malwarebytes
2012-02-21 02:31 . 2012-02-21 02:31 -------- d-----w- c:\programdata\Malwarebytes
2012-02-21 02:31 . 2012-02-21 02:31 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2012-02-21 02:31 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-19 18:25 . 2012-01-29 10:10 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 15:08 . 2012-02-19 02:13 -------- d-----w- c:\users\Roo\AppData\Roaming\57168
2012-02-17 15:07 . 2012-02-19 02:12 -------- d-----w- c:\users\Roo\AppData\Roaming\B8457
2012-02-16 02:16 . 2012-02-16 02:16 -------- d-----w- C:\63146ec7b3a033f4356ca48e
2012-02-16 02:08 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 02:08 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-16 02:08 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 02:08 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-16 02:08 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 02:07 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 02:07 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 02:07 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-14 03:00 . 2012-02-14 03:00 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\52A1.tmp
2012-02-14 03:00 . 2012-02-14 03:00 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\52A0.tmp
2012-02-06 00:08 . 2012-02-06 00:08 -------- d-----w- c:\program files\Google
2012-02-06 00:08 . 2012-02-06 00:08 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-06 00:08 . 2012-02-06 00:08 -------- d-----w- c:\windows\system32\Macromed
2012-02-05 23:30 . 2012-02-05 23:30 -------- d-----w- c:\users\Roo\AppData\Roaming\Macrovision
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-02 21:27 . 2009-09-08 17:43 31064 ----a-w- c:\program files (x86)\xsell.dll
2010-06-02 21:27 . 2009-09-08 17:43 133976 ----a-w- c:\program files (x86)\xmlparse_tok.dll
2010-06-02 21:27 . 2009-09-08 17:43 107864 ----a-w- c:\program files (x86)\xmlparse.dll
2010-06-02 21:27 . 2009-09-08 17:43 946520 ----a-w- c:\program files (x86)\ttaximp.dll
2010-06-02 21:27 . 2009-09-08 17:43 91992 ----a-w- c:\program files (x86)\qwsnap.dll
2010-06-02 21:27 . 2009-09-08 17:43 810328 ----a-w- c:\program files (x86)\qwwin.dll
2010-06-02 21:27 . 2009-09-08 17:43 78680 ----a-w- c:\program files (x86)\qwinver.dll
2010-06-02 21:27 . 2009-09-08 17:43 70488 ----a-w- c:\program files (x86)\qwcntr.dll
2010-06-02 21:27 . 2009-09-08 17:43 48984 ----a-w- c:\program files (x86)\QWVER.DLL
2010-06-02 21:27 . 2009-09-08 17:43 321368 ----a-w- c:\program files (x86)\qwpr.dll
2010-06-02 21:27 . 2009-09-08 17:43 2832728 ----a-w- c:\program files (x86)\qwutil.dll
2010-06-02 21:27 . 2009-09-08 17:43 2603352 ----a-w- c:\program files (x86)\qwonline.dll
2010-06-02 21:27 . 2009-09-08 17:43 229208 ----a-w- c:\program files (x86)\qwapp.dll
2010-06-02 21:27 . 2009-09-08 17:43 13656 ----a-w- c:\program files (x86)\qwsync.dll
2010-06-02 21:27 . 2009-09-08 17:43 133976 ----a-w- c:\program files (x86)\qwxmlparse_tok.dll
2010-06-02 21:27 . 2009-09-08 17:43 111960 ----a-w- c:\program files (x86)\qwinet.dll
2010-06-02 21:27 . 2009-09-08 17:43 107864 ----a-w- c:\program files (x86)\qwxmlparse.dll
2010-06-02 21:27 . 2009-09-08 17:43 879448 ----a-w- c:\program files (x86)\qvault.dll
2010-06-02 21:27 . 2009-09-08 17:43 82264 ----a-w- c:\program files (x86)\QShowHelp.dll
2010-06-02 21:27 . 2009-09-08 17:43 330072 ----a-w- c:\program files (x86)\qtax.dll
2010-06-02 21:27 . 2009-09-08 17:43 27480 ----a-w- c:\program files (x86)\qsapi_eng.dll
2010-06-02 21:27 . 2009-09-08 17:43 25432 ----a-w- c:\program files (x86)\qsapi.dll
2010-06-02 21:27 . 2009-09-08 17:43 136024 ----a-w- c:\program files (x86)\qrep.dll
2010-06-02 21:27 . 2009-09-08 17:43 132952 ----a-w- c:\program files (x86)\qsac.dll
2010-06-02 21:27 . 2009-09-08 17:43 127832 ----a-w- c:\program files (x86)\Qsetup.dll
2010-06-02 21:27 . 2009-09-08 17:43 1163096 ----a-w- c:\program files (x86)\qreports.dll
2010-06-02 21:27 . 2009-09-08 17:43 89432 ----a-w- c:\program files (x86)\qindex.dll
2010-06-02 21:27 . 2009-09-08 17:43 79192 ----a-w- c:\program files (x86)\mvmc14n.dll
2010-06-02 21:27 . 2009-09-08 17:43 74072 ----a-w- c:\program files (x86)\mvix14n.dll
2010-06-02 21:27 . 2009-09-08 17:43 71512 ----a-w- c:\program files (x86)\qdapp.dll
2010-06-02 21:27 . 2009-09-08 17:43 631640 ----a-w- c:\program files (x86)\qdb.dll
2010-06-02 21:27 . 2009-09-08 17:43 61784 ----a-w- c:\program files (x86)\mvfs14n.dll
2010-06-02 21:27 . 2009-09-08 17:43 56664 ----a-w- c:\program files (x86)\mvsr14n.dll
2010-06-02 21:27 . 2009-09-08 17:43 56152 ----a-w- c:\program files (x86)\mvtl14n.dll
2010-06-02 21:27 . 2009-09-08 17:43 42840 ----a-w- c:\program files (x86)\onlncall.dll
2010-06-02 21:27 . 2009-09-08 17:43 38232 ----a-w- c:\program files (x86)\mvmg14n.dll
2010-06-02 21:27 . 2009-09-08 17:43 380248 ----a-w- c:\program files (x86)\qcomutil.dll
2010-06-02 21:27 . 2009-09-08 17:43 31064 ----a-w- c:\program files (x86)\mvbk14n.dll
2010-06-02 21:27 . 2009-09-08 17:43 2778968 ----a-w- c:\program files (x86)\ofxsdk_qw.dll
2010-06-02 21:27 . 2009-09-08 17:43 26968 ----a-w- c:\program files (x86)\qdappui.dll
2010-06-02 21:27 . 2009-09-08 17:43 1492312 ----a-w- c:\program files (x86)\online.dll
2010-06-02 21:27 . 2009-09-08 17:43 148824 ----a-w- c:\program files (x86)\olbservice.dll
2010-06-02 21:27 . 2009-09-08 17:43 1262424 ----a-w- c:\program files (x86)\qaccess.dll
2010-06-02 21:27 . 2009-09-08 17:43 117592 ----a-w- c:\program files (x86)\mvcl14n.dll
2010-06-02 21:27 . 2009-09-08 17:43 114008 ----a-w- c:\program files (x86)\QCONNECT.DLL
2010-06-02 21:27 . 2009-09-08 17:43 77144 ----a-w- c:\program files (x86)\graphs.dll
2010-06-02 21:27 . 2009-09-08 17:43 66904 ----a-w- c:\program files (x86)\atwork_xprint.dll
2010-06-02 21:27 . 2009-09-08 17:43 63320 ----a-w- c:\program files (x86)\dllapps_dedfnd.dll
2010-06-02 21:27 . 2009-09-08 17:43 53592 ----a-w- c:\program files (x86)\dllapps_savgol.dll
2010-06-02 21:27 . 2009-09-08 17:43 38232 ----a-w- c:\program files (x86)\bgt_pnf.dll
2010-06-02 21:27 . 2009-09-08 17:43 275288 ----a-w- c:\program files (x86)\lbtmngr.dll
2010-06-02 21:27 . 2009-09-08 17:43 26968 ----a-w- c:\program files (x86)\gdipapi.dll
2010-06-02 21:27 . 2009-09-08 17:43 26968 ----a-w- c:\program files (x86)\calnote.dll
2010-06-02 21:27 . 2009-09-08 17:43 16728 ----a-w- c:\program files (x86)\custprof.dll
2010-06-02 21:27 . 2009-09-08 17:43 166232 ----a-w- c:\program files (x86)\cashflow.dll
2010-06-02 21:27 . 2009-09-08 17:43 115032 ----a-w- c:\program files (x86)\dllapps_frcast.dll
2010-06-02 21:27 . 2009-09-08 17:43 107352 ----a-w- c:\program files (x86)\dllapps_dbtred.dll
2010-06-02 21:27 . 2009-09-08 17:43 105816 ----a-w- c:\program files (x86)\dllapps_plan.dll
2010-06-02 21:26 . 2009-09-08 17:42 23384 ----a-w- c:\program files (x86)\QuickenOLBackupLauncher.exe
2010-06-02 21:25 . 2009-09-08 17:42 48472 ----a-w- c:\program files (x86)\InetTools.dll
2010-06-02 21:24 . 2009-09-08 17:41 537944 ----a-w- c:\program files (x86)\UpdateContent.dll
2010-06-02 21:24 . 2009-09-08 17:41 46424 ----a-w- c:\program files (x86)\BindContent.exe
2010-06-02 21:24 . 2009-09-08 17:41 57176 ----a-w- c:\program files (x86)\RestartExe.exe
2010-06-02 21:24 . 2009-09-08 17:41 312664 ----a-w- c:\program files (x86)\SendError.dll
2010-06-02 21:24 . 2009-11-13 05:39 32088 ----a-w- c:\program files (x86)\qwutilnet.dll
2010-06-02 21:24 . 2009-09-08 17:41 359768 ----a-w- c:\program files (x86)\qwplan.dll
2010-06-02 21:24 . 2009-09-08 17:41 129880 ----a-w- c:\program files (x86)\qwonlineFeatures.dll
2010-06-02 21:24 . 2009-09-08 17:41 76120 ----a-w- c:\program files (x86)\qwipa.dll
2010-06-02 21:23 . 2009-09-08 17:41 10163032 ----a-w- c:\program files (x86)\qwmain.dll
2010-06-02 21:23 . 2009-09-08 17:41 103256 ----a-w- c:\program files (x86)\qnet.dll
2010-06-02 21:23 . 2009-09-08 17:41 114008 ----a-w- c:\program files (x86)\qcon32.dll
2010-06-02 21:23 . 2009-09-08 17:41 680792 ----a-w- c:\program files (x86)\decapi.dll
2010-06-02 21:23 . 2009-09-08 17:41 173400 ----a-w- c:\program files (x86)\xport.dll
2010-06-02 21:23 . 2009-09-08 17:41 185176 ----a-w- c:\program files (x86)\sport.dll
2010-06-02 21:23 . 2009-09-08 17:41 155992 ----a-w- c:\program files (x86)\MoneyFileReader.dll
2010-06-02 21:23 . 2009-09-08 17:41 142680 ----a-w- c:\program files (x86)\MoneyFileConverter.dll
2010-06-02 21:23 . 2009-09-08 17:41 63320 ----a-w- c:\program files (x86)\lbt_ux.dll
2010-06-02 21:23 . 2009-09-08 17:41 60248 ----a-w- c:\program files (x86)\txstuff.dll
2010-06-02 21:23 . 2009-09-08 17:41 315736 ----a-w- c:\program files (x86)\lbt_webrequest.dll
2010-06-02 21:23 . 2009-09-08 17:40 66904 ----a-w- c:\program files (x86)\lbt_rte.dll
2010-06-02 21:23 . 2009-09-08 17:40 71512 ----a-w- c:\program files (x86)\lbt_qupddir.dll
2010-06-02 21:23 . 2009-09-08 17:40 80728 ----a-w- c:\program files (x86)\lbt_qplus.dll
2010-06-02 21:23 . 2009-09-08 17:40 68440 ----a-w- c:\program files (x86)\lbt_pvsync.dll
2010-06-02 21:23 . 2009-09-08 17:40 63832 ----a-w- c:\program files (x86)\lbt_decompression.dll
2010-06-02 21:23 . 2009-09-08 17:40 357720 ----a-w- c:\program files (x86)\lbt_customerCentral.dll
2010-06-02 21:23 . 2009-09-08 17:40 64344 ----a-w- c:\program files (x86)\lbt_bullseye.dll
2010-06-02 21:23 . 2009-09-08 17:40 61784 ----a-w- c:\program files (x86)\lbt_Auto1Way.dll
2010-06-02 21:22 . 2009-09-08 17:40 28504 ----a-w- c:\program files (x86)\lbt.dll
2010-06-02 21:22 . 2009-09-08 17:40 129880 ----a-w- c:\program files (x86)\QCustomAction.dll
2010-06-02 21:22 . 2009-09-08 17:40 39768 ----a-w- c:\program files (x86)\convert_stub.dll
2010-06-02 21:22 . 2009-09-08 17:40 155992 ----a-w- c:\program files (x86)\cashgen.dll
2010-06-02 21:22 . 2009-09-08 17:40 34136 ----a-w- c:\program files (x86)\CalendarSync.dll
2010-06-02 21:22 . 2009-09-08 17:40 116568 ----a-w- c:\program files (x86)\billmind_qwrmnd.dll
2010-06-02 21:22 . 2009-09-08 17:40 47448 ----a-w- c:\program files (x86)\billmind_alrtpkg.dll
2010-06-02 21:22 . 2009-09-08 17:40 26456 ----a-w- c:\program files (x86)\billmind.exe
2010-06-02 21:22 . 2009-09-08 17:40 77656 ----a-w- c:\program files (x86)\bagent.exe
2010-06-02 21:22 . 2009-09-08 17:40 354136 ----a-w- c:\program files (x86)\alert.dll
2010-06-02 21:22 . 2009-09-08 17:40 38744 ----a-w- c:\program files (x86)\printenv.exe
2010-06-02 21:22 . 2009-09-08 17:40 1035608 ----a-w- c:\program files (x86)\dbghelp.dll
2010-06-02 21:22 . 2009-09-08 17:40 71000 ----a-w- c:\program files (x86)\techhelp.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\63146ec7b3a033f4356ca48e ----
.
2012-02-16 02:16 . 2012-02-16 02:16 788 ---ha-w- c:\63146ec7b3a033f4356ca48e\$shtdwn$.req
2011-10-26 21:39 . 2011-10-26 21:39 36530 ----a-w- c:\63146ec7b3a033f4356ca48e\1046\LocalizedData.xml
2011-10-26 21:39 . 2011-10-26 21:39 37394 ----a-w- c:\63146ec7b3a033f4356ca48e\1049\LocalizedData.xml
2011-10-26 21:39 . 2011-10-26 21:39 36014 ----a-w- c:\63146ec7b3a033f4356ca48e\1053\LocalizedData.xml
2011-10-26 21:39 . 2011-10-26 21:39 36274 ----a-w- c:\63146ec7b3a033f4356ca48e\1055\LocalizedData.xml
2011-10-26 21:39 . 2011-10-26 21:39 28414 ----a-w- c:\63146ec7b3a033f4356ca48e\2052\LocalizedData.xml
2011-10-26 21:39 . 2011-10-26 21:39 37332 ----a-w- c:\63146ec7b3a033f4356ca48e\2070\LocalizedData.xml
2011-10-26 21:39 . 2011-10-26 21:39 37096 ----a-w- c:\63146ec7b3a033f4356ca48e\3082\LocalizedData.xml
2011-10-26 21:39 . 2011-10-26 21:39 33028 ----a-w- c:\63146ec7b3a033f4356ca48e\1037\LocalizedData.xml
2011-10-26 21:39 . 2011-10-26 21:39 37692 ----a-w- c:\63146ec7b3a033f4356ca48e\1038\LocalizedData.xml
2011-10-26 21:39 . 2011-10-26 21:39 37048 ----a-w- c:\63146ec7b3a033f4356ca48e\1040\LocalizedData.xml
2011-10-26 21:39 . 2011-10-26 21:39 31424 ----a-w- c:\63146ec7b3a033f4356ca48e\1041\LocalizedData.xml
2011-10-26 21:39 . 2011-10-26 21:39 30504 ----a-w- c:\63146ec7b3a033f4356ca48e\1042\LocalizedData.xml
2011-10-26 21:39 . 2011-10-26 21:39 36850 ----a-w- c:\63146ec7b3a033f4356ca48e\1043\LocalizedData.xml
2011-10-26 21:39 . 2011-10-26 21:39 36546 ----a-w- c:\63146ec7b3a033f4356ca48e\1044\LocalizedData.xml
2011-10-26 21:39 . 2011-10-26 21:39 37132 ----a-w- c:\63146ec7b3a033f4356ca48e\1045\LocalizedData.xml
2011-10-26 21:39 . 2011-10-26 21:39 28422 ----a-w- c:\63146ec7b3a033f4356ca48e\1028\LocalizedData.xml
2011-10-26 21:39 . 2011-10-26 21:39 36716 ----a-w- c:\63146ec7b3a033f4356ca48e\1029\LocalizedData.xml
2011-10-26 21:39 . 2011-10-26 21:39 36020 ----a-w- c:\63146ec7b3a033f4356ca48e\1030\LocalizedData.xml
2011-10-26 21:39 . 2011-10-26 21:39 37858 ----a-w- c:\63146ec7b3a033f4356ca48e\1031\LocalizedData.xml
2011-10-26 21:39 . 2011-10-26 21:39 38668 ----a-w- c:\63146ec7b3a033f4356ca48e\1032\LocalizedData.xml
2011-10-26 21:39 . 2011-10-26 21:39 36066 ----a-w- c:\63146ec7b3a033f4356ca48e\1035\LocalizedData.xml
2011-10-26 21:39 . 2011-10-26 21:39 37676 ----a-w- c:\63146ec7b3a033f4356ca48e\1036\LocalizedData.xml
2011-10-26 21:39 . 2011-10-26 21:39 28422 ----a-w- c:\63146ec7b3a033f4356ca48e\3076\LocalizedData.xml
2011-10-26 21:38 . 2011-10-26 21:38 34118 ----a-w- c:\63146ec7b3a033f4356ca48e\1025\LocalizedData.xml
2011-10-26 21:38 . 2011-10-26 21:38 24926 ----a-w- c:\63146ec7b3a033f4356ca48e\ParameterInfo.xml
2011-10-26 21:38 . 2011-10-26 21:38 35802 ----a-w- c:\63146ec7b3a033f4356ca48e\1033\LocalizedData.xml
2011-10-26 21:36 . 2011-10-26 21:36 2829312 ----a-w- c:\63146ec7b3a033f4356ca48e\NDP40-KB2633870.msp
2011-10-26 20:41 . 2011-10-26 20:41 3628 ----a-w- c:\63146ec7b3a033f4356ca48e\header.bmp
2011-10-26 20:41 . 2011-10-26 20:41 196662 ----a-w- c:\63146ec7b3a033f4356ca48e\SplashScreen.bmp
2011-10-26 20:41 . 2011-10-26 20:41 13606 ----a-w- c:\63146ec7b3a033f4356ca48e\Strings.xml
2011-10-26 20:41 . 2011-10-26 20:41 36180 ----a-w- c:\63146ec7b3a033f4356ca48e\UiInfo.xml
2011-10-26 20:41 . 2011-10-26 20:41 104072 ----a-w- c:\63146ec7b3a033f4356ca48e\watermark.bmp
2011-10-26 20:41 . 2011-10-26 20:41 123035 ----a-w- c:\63146ec7b3a033f4356ca48e\1025\eula.rtf
2011-10-26 20:41 . 2011-10-26 20:41 128333 ----a-w- c:\63146ec7b3a033f4356ca48e\1028\eula.rtf
2011-10-26 20:41 . 2011-10-26 20:41 101146 ----a-w- c:\63146ec7b3a033f4356ca48e\1029\eula.rtf
2011-10-26 20:41 . 2011-10-26 20:41 109464 ----a-w- c:\63146ec7b3a033f4356ca48e\1030\eula.rtf
2011-10-26 20:41 . 2011-10-26 20:41 91719 ----a-w- c:\63146ec7b3a033f4356ca48e\1031\eula.rtf
2011-10-26 20:41 . 2011-10-26 20:41 102048 ----a-w- c:\63146ec7b3a033f4356ca48e\1032\eula.rtf
2011-10-26 20:41 . 2011-10-26 20:41 138595 ----a-w- c:\63146ec7b3a033f4356ca48e\1033\eula.rtf
2011-10-26 20:41 . 2011-10-26 20:41 111176 ----a-w- c:\63146ec7b3a033f4356ca48e\1035\eula.rtf
2011-10-26 20:41 . 2011-10-26 20:41 133172 ----a-w- c:\63146ec7b3a033f4356ca48e\1036\eula.rtf
2011-10-26 20:41 . 2011-10-26 20:41 125351 ----a-w- c:\63146ec7b3a033f4356ca48e\1037\eula.rtf
2011-10-26 20:41 . 2011-10-26 20:41 110879 ----a-w- c:\63146ec7b3a033f4356ca48e\1038\eula.rtf
2011-10-26 20:41 . 2011-10-26 20:41 124974 ----a-w- c:\63146ec7b3a033f4356ca48e\1040\eula.rtf
2011-10-26 20:41 . 2011-10-26 20:41 111958 ----a-w- c:\63146ec7b3a033f4356ca48e\1041\eula.rtf
2011-10-26 20:41 . 2011-10-26 20:41 149503 ----a-w- c:\63146ec7b3a033f4356ca48e\1042\eula.rtf
2011-10-26 20:41 . 2011-10-26 20:41 35285 ----a-w- c:\63146ec7b3a033f4356ca48e\1043\eula.rtf
2011-10-26 20:41 . 2011-10-26 20:41 36083 ----a-w- c:\63146ec7b3a033f4356ca48e\1044\eula.rtf
2011-10-26 20:41 . 2011-10-26 20:41 126541 ----a-w- c:\63146ec7b3a033f4356ca48e\1045\eula.rtf
2011-10-26 20:41 . 2011-10-26 20:41 109574 ----a-w- c:\63146ec7b3a033f4356ca48e\1046\eula.rtf
2011-10-26 20:41 . 2011-10-26 20:41 49319 ----a-w- c:\63146ec7b3a033f4356ca48e\1049\eula.rtf
2011-10-26 20:41 . 2011-10-26 20:41 125073 ----a-w- c:\63146ec7b3a033f4356ca48e\1053\eula.rtf
2011-10-26 20:41 . 2011-10-26 20:41 112947 ----a-w- c:\63146ec7b3a033f4356ca48e\1055\eula.rtf
2011-10-26 20:41 . 2011-10-26 20:41 110754 ----a-w- c:\63146ec7b3a033f4356ca48e\2052\eula.rtf
2011-10-26 20:41 . 2011-10-26 20:41 125196 ----a-w- c:\63146ec7b3a033f4356ca48e\2070\eula.rtf
2011-10-26 20:41 . 2011-10-26 20:41 2060 ----a-w- c:\63146ec7b3a033f4356ca48e\3076\eula.rtf
2011-10-26 20:41 . 2011-10-26 20:41 108174 ----a-w- c:\63146ec7b3a033f4356ca48e\3082\eula.rtf
2011-10-26 19:42 . 2011-10-26 19:42 19032 ----a-w- c:\63146ec7b3a033f4356ca48e\3082\SetupResources.dll
2011-10-26 19:42 . 2011-10-26 19:42 14424 ----a-w- c:\63146ec7b3a033f4356ca48e\2052\SetupResources.dll
2011-10-26 19:42 . 2011-10-26 19:42 19032 ----a-w- c:\63146ec7b3a033f4356ca48e\2070\SetupResources.dll
2011-10-26 19:42 . 2011-10-26 19:42 18008 ----a-w- c:\63146ec7b3a033f4356ca48e\1053\SetupResources.dll
2011-10-26 19:42 . 2011-10-26 19:42 18008 ----a-w- c:\63146ec7b3a033f4356ca48e\1055\SetupResources.dll
2011-10-26 19:42 . 2011-10-26 19:42 18520 ----a-w- c:\63146ec7b3a033f4356ca48e\1045\SetupResources.dll
2011-10-26 19:42 . 2011-10-26 19:42 18520 ----a-w- c:\63146ec7b3a033f4356ca48e\1046\SetupResources.dll
2011-10-26 19:42 . 2011-10-26 19:42 19032 ----a-w- c:\63146ec7b3a033f4356ca48e\1049\SetupResources.dll
2011-10-26 19:42 . 2011-10-26 19:42 18008 ----a-w- c:\63146ec7b3a033f4356ca48e\1044\SetupResources.dll
2011-10-26 19:42 . 2011-10-26 19:42 15448 ----a-w- c:\63146ec7b3a033f4356ca48e\1042\SetupResources.dll
2011-10-26 19:42 . 2011-10-26 19:42 19544 ----a-w- c:\63146ec7b3a033f4356ca48e\1043\SetupResources.dll
2011-10-26 19:42 . 2011-10-26 19:42 18520 ----a-w- c:\63146ec7b3a033f4356ca48e\1040\SetupResources.dll
2011-10-26 19:42 . 2011-10-26 19:42 15960 ----a-w- c:\63146ec7b3a033f4356ca48e\1041\SetupResources.dll
2011-10-26 19:42 . 2011-10-26 19:42 19032 ----a-w- c:\63146ec7b3a033f4356ca48e\1038\SetupResources.dll
2011-10-26 19:41 . 2011-10-26 19:41 16984 ----a-w- c:\63146ec7b3a033f4356ca48e\1037\SetupResources.dll
2011-10-26 19:41 . 2011-10-26 19:41 18520 ----a-w- c:\63146ec7b3a033f4356ca48e\1035\SetupResources.dll
2011-10-26 19:41 . 2011-10-26 19:41 19032 ----a-w- c:\63146ec7b3a033f4356ca48e\1036\SetupResources.dll
2011-10-26 19:41 . 2011-10-26 19:41 19544 ----a-w- c:\63146ec7b3a033f4356ca48e\1032\SetupResources.dll
2011-10-26 19:41 . 2011-10-26 19:41 17496 ----a-w- c:\63146ec7b3a033f4356ca48e\1033\SetupResources.dll
2011-10-26 19:41 . 2011-10-26 19:41 19032 ----a-w- c:\63146ec7b3a033f4356ca48e\1031\SetupResources.dll
2011-10-26 19:41 . 2011-10-26 19:41 18520 ----a-w- c:\63146ec7b3a033f4356ca48e\1030\SetupResources.dll
2011-10-26 19:41 . 2011-10-26 19:41 18520 ----a-w- c:\63146ec7b3a033f4356ca48e\1029\SetupResources.dll
2011-10-26 19:41 . 2011-10-26 19:41 14424 ----a-w- c:\63146ec7b3a033f4356ca48e\1028\SetupResources.dll
2011-10-26 19:41 . 2011-10-26 19:41 14424 ----a-w- c:\63146ec7b3a033f4356ca48e\3076\SetupResources.dll
2011-10-26 19:41 . 2011-10-26 19:41 296520 ----a-w- c:\63146ec7b3a033f4356ca48e\SetupUi.dll
2011-10-26 19:41 . 2011-10-26 19:41 17496 ----a-w- c:\63146ec7b3a033f4356ca48e\1025\SetupResources.dll
2011-10-26 19:41 . 2011-10-26 19:41 810064 ----a-w- c:\63146ec7b3a033f4356ca48e\SetupEngine.dll
2011-10-26 19:41 . 2011-10-26 19:41 78912 ----a-w- c:\63146ec7b3a033f4356ca48e\Setup.exe
2011-10-26 19:24 . 2011-10-26 19:24 16118 ----a-w- c:\63146ec7b3a033f4356ca48e\DHtmlHeader.html
2011-10-26 19:24 . 2011-10-26 19:24 30120 ----a-w- c:\63146ec7b3a033f4356ca48e\SetupUi.xsd
2011-10-26 19:24 . 2011-10-26 19:24 144416 ----a-w- c:\63146ec7b3a033f4356ca48e\sqmapi.dll
2011-10-26 19:24 . 2011-10-26 19:24 96848 ----a-w- c:\63146ec7b3a033f4356ca48e\SetupUtility.exe
2011-10-26 19:20 . 2011-10-26 19:20 1150 ----a-w- c:\63146ec7b3a033f4356ca48e\Graphics\Print.ico
2011-10-26 19:20 . 2011-10-26 19:20 894 ----a-w- c:\63146ec7b3a033f4356ca48e\Graphics\Rotate1.ico
2011-10-26 19:20 . 2011-10-26 19:20 894 ----a-w- c:\63146ec7b3a033f4356ca48e\Graphics\Rotate2.ico
2011-10-26 19:20 . 2011-10-26 19:20 894 ----a-w- c:\63146ec7b3a033f4356ca48e\Graphics\Rotate3.ico
2011-10-26 19:20 . 2011-10-26 19:20 894 ----a-w- c:\63146ec7b3a033f4356ca48e\Graphics\Rotate4.ico
2011-10-26 19:20 . 2011-10-26 19:20 894 ----a-w- c:\63146ec7b3a033f4356ca48e\Graphics\Rotate5.ico
2011-10-26 19:20 . 2011-10-26 19:20 894 ----a-w- c:\63146ec7b3a033f4356ca48e\Graphics\Rotate6.ico
2011-10-26 19:20 . 2011-10-26 19:20 894 ----a-w- c:\63146ec7b3a033f4356ca48e\Graphics\Rotate7.ico
2011-10-26 19:20 . 2011-10-26 19:20 894 ----a-w- c:\63146ec7b3a033f4356ca48e\Graphics\Rotate8.ico
2011-10-26 19:20 . 2011-10-26 19:20 1150 ----a-w- c:\63146ec7b3a033f4356ca48e\Graphics\Save.ico
2011-10-26 19:20 . 2011-10-26 19:20 36710 ----a-w- c:\63146ec7b3a033f4356ca48e\Graphics\Setup.ico
2011-10-26 19:20 . 2011-10-26 19:20 10134 ----a-w- c:\63146ec7b3a033f4356ca48e\Graphics\stop.ico
2011-10-26 19:20 . 2011-10-26 19:20 1150 ----a-w- c:\63146ec7b3a033f4356ca48e\Graphics\SysReqMet.ico
2011-10-26 19:20 . 2011-10-26 19:20 1150 ----a-w- c:\63146ec7b3a033f4356ca48e\Graphics\SysReqNotMet.ico
2011-10-26 19:20 . 2011-10-26 19:20 10134 ----a-w- c:\63146ec7b3a033f4356ca48e\Graphics\warn.ico
.
---- Directory of c:\users\Roo\AppData\Roaming\57168 ----
.
.
---- Directory of c:\users\Roo\AppData\Roaming\B8457 ----
.
2012-02-17 15:07 . 2012-02-18 16:14 9011 ----a-w- c:\users\Roo\AppData\Roaming\B8457\7168.845
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-24_02.32.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-02 15:37 . 2012-02-25 12:48 59854 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-25 12:25 43822 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-12 01:40 . 2012-02-25 12:25 15986 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3099364093-3267457688-942095451-1001_UserData.bin
- 2009-12-12 00:21 . 2012-02-24 02:08 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-12 00:21 . 2012-02-25 12:23 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-12 00:21 . 2012-02-24 02:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-12 00:21 . 2012-02-25 12:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-25 12:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-24 02:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-25 12:46 . 2012-02-25 12:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-24 02:32 . 2012-02-24 02:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-24 02:32 . 2012-02-24 02:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-25 12:46 . 2012-02-25 12:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-02-24 00:18 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-25 12:24 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 05:01 . 2012-02-24 02:31 406024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-25 12:45 406024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-02-24 00:18 4456448 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-25 12:24 4456448 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-21 07:18 . 2012-02-25 12:45 9811865 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3099364093-3267457688-942095451-1001-8192.dat
- 2009-07-14 04:54 . 2012-02-24 00:18 15761408 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-25 12:24 15761408 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-02-25 12:24 1811296 ----a-w- c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-02-25 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\11\ISUSPM.exe" [2008-09-26 210208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HostManager"="c:\program files (x86)\Common Files\AOL\1262054950\ee\AOLSoftware.exe" [2009-07-20 41264]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
"Absolute Notifier"="c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2010-10-08 86184]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-02-25 939872]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-25 928096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-09 559616]
.
c:\users\Roo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2119488]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.22617.0.sys [x]
R3 dlcdbus;DisplayLink Composite USB Bus Driver driver (WDM);c:\windows\system32\DRIVERS\dlcdbus.sys [x]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 LAN9500;LAN9500 USB 2.0 to Ethernet 10/100 Adapter Service;c:\windows\system32\DRIVERS\lan9500-x64-n51f.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-02-01 25072]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-08 10408]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2009-12-08 8551272]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-10-18 161168]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-02-25 909152]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 130048]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 14:59]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 14:59]
.
2012-02-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
2012-02-25 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={646EDEB7-C6E6-46C2-A086-E04BC1D1462E}&mid=e59cecda502947d18dced14acce4e9e6-49b99d1abb4251dc0f4c8caac757d6570d3d621e&lang=en&ds=ft011&pr=sa&d=2012-02-23 07:34&v=9.0.0.23&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2012-02-25 07:52:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-25 12:52
ComboFix2.txt 2012-02-24 02:37
.
Pre-Run: 348,107,100,160 bytes free
Post-Run: 347,640,123,392 bytes free
.
- - End Of File - - 02F40E42BCBF93276C38436032106538

#15 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 907 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 25 February 2012 - 09:18 AM

Open notepad and copy/paste the text in the Code-box below into it:

Rootkit::
c:\programdata\Microsoft\Windows\DRM\52A1.tmp
c:\programdata\Microsoft\Windows\DRM\52A0.tmp

Folder::
c:\users\Roo\AppData\Roaming\57168
c:\users\Roo\AppData\Roaming\B8457


  • Save this as CFScript.txt, in the same location as ComboFix.exe.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Please post in your next reply
Combofix.txt
Note any open issues

regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 


#16 sgeorge

sgeorge

    New Member

  • Members
  • Pip
  • 14 posts

Posted 25 February 2012 - 10:50 AM

Thanks. ComboFix Log

ComboFix 12-02-23.01 - Roo 02/25/2012 10:27:03.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6109.4093 [GMT -5:00]
Running from: c:\users\Roo\Software\ComboFix\ComboFix.exe
Command switches used :: c:\users\Roo\Software\ComboFix\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Roo\AppData\Roaming\57168
c:\users\Roo\AppData\Roaming\B8457
c:\users\Roo\AppData\Roaming\B8457\7168.845
.
.
((((((((((((((((((((((((( Files Created from 2012-01-25 to 2012-02-25 )))))))))))))))))))))))))))))))
.
.
2012-02-25 15:34 . 2012-02-25 15:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-25 12:30 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6D72B1B-06BC-4E7D-89EA-124F9DC92755}\mpengine.dll
2012-02-24 00:00 . 2012-02-24 02:06 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-23 12:34 . 2012-02-25 12:25 -------- d-----w- c:\programdata\AVG Secure Search
2012-02-23 12:34 . 2012-02-23 12:34 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-02-23 12:34 . 2012-02-25 12:25 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-02-23 12:34 . 2012-02-23 12:34 -------- d--h--w- c:\programdata\Common Files
2012-02-21 03:20 . 2012-02-21 03:28 -------- d-----w- c:\program files (x86)\Common Files\Simple Adblock
2012-02-21 02:32 . 2012-02-21 02:32 -------- d-----w- c:\users\Roo\AppData\Roaming\Malwarebytes
2012-02-21 02:31 . 2012-02-21 02:31 -------- d-----w- c:\programdata\Malwarebytes
2012-02-21 02:31 . 2012-02-21 02:31 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2012-02-21 02:31 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-19 18:25 . 2012-01-29 10:10 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-16 02:16 . 2012-02-16 02:16 -------- d-----w- C:\63146ec7b3a033f4356ca48e
2012-02-16 02:08 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 02:08 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-16 02:08 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 02:08 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-16 02:08 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 02:07 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 02:07 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 02:07 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-06 00:08 . 2012-02-06 00:08 -------- d-----w- c:\program files\Google
2012-02-06 00:08 . 2012-02-06 00:08 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-06 00:08 . 2012-02-06 00:08 -------- d-----w- c:\windows\system32\Macromed
2012-02-05 23:30 . 2012-02-05 23:30 -------- d-----w- c:\users\Roo\AppData\Roaming\Macrovision
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-02 21:27 . 2009-09-08 17:43 31064 ----a-w- c:\program files (x86)\xsell.dll
2010-06-02 21:27 . 2009-09-08 17:43 133976 ----a-w- c:\program files (x86)\xmlparse_tok.dll
2010-06-02 21:27 . 2009-09-08 17:43 107864 ----a-w- c:\program files (x86)\xmlparse.dll
2010-06-02 21:27 . 2009-09-08 17:43 946520 ----a-w- c:\program files (x86)\ttaximp.dll
2010-06-02 21:27 . 2009-09-08 17:43 91992 ----a-w- c:\program files (x86)\qwsnap.dll
2010-06-02 21:27 . 2009-09-08 17:43 810328 ----a-w- c:\program files (x86)\qwwin.dll
2010-06-02 21:27 . 2009-09-08 17:43 78680 ----a-w- c:\program files (x86)\qwinver.dll
2010-06-02 21:27 . 2009-09-08 17:43 70488 ----a-w- c:\program files (x86)\qwcntr.dll
2010-06-02 21:27 . 2009-09-08 17:43 48984 ----a-w- c:\program files (x86)\QWVER.DLL
2010-06-02 21:27 . 2009-09-08 17:43 321368 ----a-w- c:\program files (x86)\qwpr.dll
2010-06-02 21:27 . 2009-09-08 17:43 2832728 ----a-w- c:\program files (x86)\qwutil.dll
2010-06-02 21:27 . 2009-09-08 17:43 2603352 ----a-w- c:\program files (x86)\qwonline.dll
2010-06-02 21:27 . 2009-09-08 17:43 229208 ----a-w- c:\program files (x86)\qwapp.dll
2010-06-02 21:27 . 2009-09-08 17:43 13656 ----a-w- c:\program files (x86)\qwsync.dll
2010-06-02 21:27 . 2009-09-08 17:43 133976 ----a-w- c:\program files (x86)\qwxmlparse_tok.dll
2010-06-02 21:27 . 2009-09-08 17:43 111960 ----a-w- c:\program files (x86)\qwinet.dll
2010-06-02 21:27 . 2009-09-08 17:43 107864 ----a-w- c:\program files (x86)\qwxmlparse.dll
2010-06-02 21:27 . 2009-09-08 17:43 879448 ----a-w- c:\program files (x86)\qvault.dll
2010-06-02 21:27 . 2009-09-08 17:43 82264 ----a-w- c:\program files (x86)\QShowHelp.dll
2010-06-02 21:27 . 2009-09-08 17:43 330072 ----a-w- c:\program files (x86)\qtax.dll
2010-06-02 21:27 . 2009-09-08 17:43 27480 ----a-w- c:\program files (x86)\qsapi_eng.dll
2010-06-02 21:27 . 2009-09-08 17:43 25432 ----a-w- c:\program files (x86)\qsapi.dll
2010-06-02 21:27 . 2009-09-08 17:43 136024 ----a-w- c:\program files (x86)\qrep.dll
2010-06-02 21:27 . 2009-09-08 17:43 132952 ----a-w- c:\program files (x86)\qsac.dll
2010-06-02 21:27 . 2009-09-08 17:43 127832 ----a-w- c:\program files (x86)\Qsetup.dll
2010-06-02 21:27 . 2009-09-08 17:43 1163096 ----a-w- c:\program files (x86)\qreports.dll
2010-06-02 21:27 . 2009-09-08 17:43 89432 ----a-w- c:\program files (x86)\qindex.dll
2010-06-02 21:27 . 2009-09-08 17:43 79192 ----a-w- c:\program files (x86)\mvmc14n.dll
2010-06-02 21:27 . 2009-09-08 17:43 74072 ----a-w- c:\program files (x86)\mvix14n.dll
2010-06-02 21:27 . 2009-09-08 17:43 71512 ----a-w- c:\program files (x86)\qdapp.dll
2010-06-02 21:27 . 2009-09-08 17:43 631640 ----a-w- c:\program files (x86)\qdb.dll
2010-06-02 21:27 . 2009-09-08 17:43 61784 ----a-w- c:\program files (x86)\mvfs14n.dll
2010-06-02 21:27 . 2009-09-08 17:43 56664 ----a-w- c:\program files (x86)\mvsr14n.dll
2010-06-02 21:27 . 2009-09-08 17:43 56152 ----a-w- c:\program files (x86)\mvtl14n.dll
2010-06-02 21:27 . 2009-09-08 17:43 42840 ----a-w- c:\program files (x86)\onlncall.dll
2010-06-02 21:27 . 2009-09-08 17:43 38232 ----a-w- c:\program files (x86)\mvmg14n.dll
2010-06-02 21:27 . 2009-09-08 17:43 380248 ----a-w- c:\program files (x86)\qcomutil.dll
2010-06-02 21:27 . 2009-09-08 17:43 31064 ----a-w- c:\program files (x86)\mvbk14n.dll
2010-06-02 21:27 . 2009-09-08 17:43 2778968 ----a-w- c:\program files (x86)\ofxsdk_qw.dll
2010-06-02 21:27 . 2009-09-08 17:43 26968 ----a-w- c:\program files (x86)\qdappui.dll
2010-06-02 21:27 . 2009-09-08 17:43 1492312 ----a-w- c:\program files (x86)\online.dll
2010-06-02 21:27 . 2009-09-08 17:43 148824 ----a-w- c:\program files (x86)\olbservice.dll
2010-06-02 21:27 . 2009-09-08 17:43 1262424 ----a-w- c:\program files (x86)\qaccess.dll
2010-06-02 21:27 . 2009-09-08 17:43 117592 ----a-w- c:\program files (x86)\mvcl14n.dll
2010-06-02 21:27 . 2009-09-08 17:43 114008 ----a-w- c:\program files (x86)\QCONNECT.DLL
2010-06-02 21:27 . 2009-09-08 17:43 77144 ----a-w- c:\program files (x86)\graphs.dll
2010-06-02 21:27 . 2009-09-08 17:43 66904 ----a-w- c:\program files (x86)\atwork_xprint.dll
2010-06-02 21:27 . 2009-09-08 17:43 63320 ----a-w- c:\program files (x86)\dllapps_dedfnd.dll
2010-06-02 21:27 . 2009-09-08 17:43 53592 ----a-w- c:\program files (x86)\dllapps_savgol.dll
2010-06-02 21:27 . 2009-09-08 17:43 38232 ----a-w- c:\program files (x86)\bgt_pnf.dll
2010-06-02 21:27 . 2009-09-08 17:43 275288 ----a-w- c:\program files (x86)\lbtmngr.dll
2010-06-02 21:27 . 2009-09-08 17:43 26968 ----a-w- c:\program files (x86)\gdipapi.dll
2010-06-02 21:27 . 2009-09-08 17:43 26968 ----a-w- c:\program files (x86)\calnote.dll
2010-06-02 21:27 . 2009-09-08 17:43 16728 ----a-w- c:\program files (x86)\custprof.dll
2010-06-02 21:27 . 2009-09-08 17:43 166232 ----a-w- c:\program files (x86)\cashflow.dll
2010-06-02 21:27 . 2009-09-08 17:43 115032 ----a-w- c:\program files (x86)\dllapps_frcast.dll
2010-06-02 21:27 . 2009-09-08 17:43 107352 ----a-w- c:\program files (x86)\dllapps_dbtred.dll
2010-06-02 21:27 . 2009-09-08 17:43 105816 ----a-w- c:\program files (x86)\dllapps_plan.dll
2010-06-02 21:26 . 2009-09-08 17:42 23384 ----a-w- c:\program files (x86)\QuickenOLBackupLauncher.exe
2010-06-02 21:25 . 2009-09-08 17:42 48472 ----a-w- c:\program files (x86)\InetTools.dll
2010-06-02 21:24 . 2009-09-08 17:41 537944 ----a-w- c:\program files (x86)\UpdateContent.dll
2010-06-02 21:24 . 2009-09-08 17:41 46424 ----a-w- c:\program files (x86)\BindContent.exe
2010-06-02 21:24 . 2009-09-08 17:41 57176 ----a-w- c:\program files (x86)\RestartExe.exe
2010-06-02 21:24 . 2009-09-08 17:41 312664 ----a-w- c:\program files (x86)\SendError.dll
2010-06-02 21:24 . 2009-11-13 05:39 32088 ----a-w- c:\program files (x86)\qwutilnet.dll
2010-06-02 21:24 . 2009-09-08 17:41 359768 ----a-w- c:\program files (x86)\qwplan.dll
2010-06-02 21:24 . 2009-09-08 17:41 129880 ----a-w- c:\program files (x86)\qwonlineFeatures.dll
2010-06-02 21:24 . 2009-09-08 17:41 76120 ----a-w- c:\program files (x86)\qwipa.dll
2010-06-02 21:23 . 2009-09-08 17:41 10163032 ----a-w- c:\program files (x86)\qwmain.dll
2010-06-02 21:23 . 2009-09-08 17:41 103256 ----a-w- c:\program files (x86)\qnet.dll
2010-06-02 21:23 . 2009-09-08 17:41 114008 ----a-w- c:\program files (x86)\qcon32.dll
2010-06-02 21:23 . 2009-09-08 17:41 680792 ----a-w- c:\program files (x86)\decapi.dll
2010-06-02 21:23 . 2009-09-08 17:41 173400 ----a-w- c:\program files (x86)\xport.dll
2010-06-02 21:23 . 2009-09-08 17:41 185176 ----a-w- c:\program files (x86)\sport.dll
2010-06-02 21:23 . 2009-09-08 17:41 155992 ----a-w- c:\program files (x86)\MoneyFileReader.dll
2010-06-02 21:23 . 2009-09-08 17:41 142680 ----a-w- c:\program files (x86)\MoneyFileConverter.dll
2010-06-02 21:23 . 2009-09-08 17:41 63320 ----a-w- c:\program files (x86)\lbt_ux.dll
2010-06-02 21:23 . 2009-09-08 17:41 60248 ----a-w- c:\program files (x86)\txstuff.dll
2010-06-02 21:23 . 2009-09-08 17:41 315736 ----a-w- c:\program files (x86)\lbt_webrequest.dll
2010-06-02 21:23 . 2009-09-08 17:40 66904 ----a-w- c:\program files (x86)\lbt_rte.dll
2010-06-02 21:23 . 2009-09-08 17:40 71512 ----a-w- c:\program files (x86)\lbt_qupddir.dll
2010-06-02 21:23 . 2009-09-08 17:40 80728 ----a-w- c:\program files (x86)\lbt_qplus.dll
2010-06-02 21:23 . 2009-09-08 17:40 68440 ----a-w- c:\program files (x86)\lbt_pvsync.dll
2010-06-02 21:23 . 2009-09-08 17:40 63832 ----a-w- c:\program files (x86)\lbt_decompression.dll
2010-06-02 21:23 . 2009-09-08 17:40 357720 ----a-w- c:\program files (x86)\lbt_customerCentral.dll
2010-06-02 21:23 . 2009-09-08 17:40 64344 ----a-w- c:\program files (x86)\lbt_bullseye.dll
2010-06-02 21:23 . 2009-09-08 17:40 61784 ----a-w- c:\program files (x86)\lbt_Auto1Way.dll
2010-06-02 21:22 . 2009-09-08 17:40 28504 ----a-w- c:\program files (x86)\lbt.dll
2010-06-02 21:22 . 2009-09-08 17:40 129880 ----a-w- c:\program files (x86)\QCustomAction.dll
2010-06-02 21:22 . 2009-09-08 17:40 39768 ----a-w- c:\program files (x86)\convert_stub.dll
2010-06-02 21:22 . 2009-09-08 17:40 155992 ----a-w- c:\program files (x86)\cashgen.dll
2010-06-02 21:22 . 2009-09-08 17:40 34136 ----a-w- c:\program files (x86)\CalendarSync.dll
2010-06-02 21:22 . 2009-09-08 17:40 116568 ----a-w- c:\program files (x86)\billmind_qwrmnd.dll
2010-06-02 21:22 . 2009-09-08 17:40 47448 ----a-w- c:\program files (x86)\billmind_alrtpkg.dll
2010-06-02 21:22 . 2009-09-08 17:40 26456 ----a-w- c:\program files (x86)\billmind.exe
2010-06-02 21:22 . 2009-09-08 17:40 77656 ----a-w- c:\program files (x86)\bagent.exe
2010-06-02 21:22 . 2009-09-08 17:40 354136 ----a-w- c:\program files (x86)\alert.dll
2010-06-02 21:22 . 2009-09-08 17:40 38744 ----a-w- c:\program files (x86)\printenv.exe
2010-06-02 21:22 . 2009-09-08 17:40 1035608 ----a-w- c:\program files (x86)\dbghelp.dll
2010-06-02 21:22 . 2009-09-08 17:40 71000 ----a-w- c:\program files (x86)\techhelp.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-24_02.32.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-02 15:37 . 2012-02-25 15:38 60108 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-25 15:38 43878 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-12 01:40 . 2012-02-25 15:38 16070 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3099364093-3267457688-942095451-1001_UserData.bin
- 2009-12-12 00:21 . 2012-02-24 02:08 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-12 00:21 . 2012-02-25 15:32 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-12 00:21 . 2012-02-24 02:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-12 00:21 . 2012-02-25 15:32 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-25 15:32 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-24 02:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-25 15:36 . 2012-02-25 15:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-24 02:32 . 2012-02-24 02:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-24 02:32 . 2012-02-24 02:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-25 15:36 . 2012-02-25 15:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-02-24 00:18 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-25 12:24 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 05:01 . 2012-02-24 02:31 406024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-25 15:35 406024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-02-24 00:18 4456448 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-25 12:24 4456448 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-21 07:18 . 2012-02-25 15:35 9834984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3099364093-3267457688-942095451-1001-8192.dat
- 2009-07-14 04:54 . 2012-02-24 00:18 15761408 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-25 12:24 15761408 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-02-25 12:24 1811296 ----a-w- c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-02-25 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\11\ISUSPM.exe" [2008-09-26 210208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HostManager"="c:\program files (x86)\Common Files\AOL\1262054950\ee\AOLSoftware.exe" [2009-07-20 41264]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
"Absolute Notifier"="c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2010-10-08 86184]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-02-25 939872]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-25 928096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-09 559616]
.
c:\users\Roo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2119488]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.22617.0.sys [x]
R3 dlcdbus;DisplayLink Composite USB Bus Driver driver (WDM);c:\windows\system32\DRIVERS\dlcdbus.sys [x]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 LAN9500;LAN9500 USB 2.0 to Ethernet 10/100 Adapter Service;c:\windows\system32\DRIVERS\lan9500-x64-n51f.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-02-01 25072]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-08 10408]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2009-12-08 8551272]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-10-18 161168]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-02-25 909152]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 130048]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 14:59]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 14:59]
.
2012-02-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
2012-02-25 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={646EDEB7-C6E6-46C2-A086-E04BC1D1462E}&mid=e59cecda502947d18dced14acce4e9e6-49b99d1abb4251dc0f4c8caac757d6570d3d621e&lang=en&ds=ft011&pr=sa&d=2012-02-23 07:34&v=9.0.0.23&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2012-02-25 10:41:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-25 15:41
ComboFix2.txt 2012-02-25 12:52
ComboFix3.txt 2012-02-24 02:37
.
Pre-Run: 347,814,957,056 bytes free
Post-Run: 347,760,558,080 bytes free
.
- - End Of File - - D086C03146B7452B8E7EF3E219566F47

#17 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 907 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 27 February 2012 - 08:32 AM

Hy there,



Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Start
  • Wait for the scan to finish
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name.
  • Push the Back button.
  • Push Finish

Please post this logfile in your next reply



Please launch DDS
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop and post both in your next reply



Please post in your next reply
ESET Log
dds.txt
attach.txt
Note any open issues

regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 


#18 sgeorge

sgeorge

    New Member

  • Members
  • Pip
  • 14 posts

Posted 27 February 2012 - 03:19 PM

Thanks. I ran the ESET tool. It didn't find any threats and so I had no option to save a file to my PC.

It has this....
Scan Results
No Threats found.
Scanned Files: 265031
Infected Files: 0
Cleaned Files: 0
Total Scan Time: 01:12:31
Scan Status: Finished


DDS Log
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Roo at 15:13:58 on 2012-02-27
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6109.3939 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\aol\1262054950\ee\aolsoftware.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamgui.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Common Files\aol\1262054950\ee\aolsoftware.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files (x86)\AOL 9.5\waol.exe
C:\Program Files (x86)\AOL 9.5\shellmon.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120112184243.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SimpleAdblock Class: {ffcb3198-32f3-4e8b-9539-4324694ed664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler
uRun: [AOL Fast Start] "C:\Program Files (x86)\AOL 9.5\AOL.EXE" -b
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1262054950\ee\AOLSoftware.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamgui.exe" /starttray
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\Roo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{F292B776-5071-4241-B5B2-47B1A9AD68F6} : DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{F292B776-5071-4241-B5B2-47B1A9AD68F6}\378616B65637 : DhcpNameServer = 68.237.161.12 71.243.0.12
TCP: Interfaces\{F292B776-5071-4241-B5B2-47B1A9AD68F6}\B4566796E67456F6277656 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{F292B776-5071-4241-B5B2-47B1A9AD68F6}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120112184243.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [HostManager] C:\Program Files (x86)\Common Files\AOL\1262054950\ee\AOLSoftware.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 dlkmdldr;dlkmdldr;C:\Windows\system32\drivers\dlkmdldr.sys --> C:\Windows\system32\drivers\dlkmdldr.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AbsoluteNotifier;Absolute Notifier;C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-8 10408]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2009-12-8 8551272]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2012-2-20 652360]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-4 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-4 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-4 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-8-13 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-8-13 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-8-13 161168]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-9-15 88576]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-12-2 705856]
R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-2-25 909152]
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-1-21 130048]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 dlkmd;dlkmd;C:\Windows\system32\drivers\dlkmd.sys --> C:\Windows\system32\drivers\dlkmd.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-2-1 25072]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]
S3 DisplayLinkUsbPort;DisplayLink USB Device;C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.22617.0.sys --> C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.22617.0.sys [?]
S3 dlcdbus;DisplayLink Composite USB Bus Driver driver (WDM);C:\Windows\system32\DRIVERS\dlcdbus.sys --> C:\Windows\system32\DRIVERS\dlcdbus.sys [?]
S3 FlyUsb;FLY Fusion;C:\Windows\system32\DRIVERS\FlyUsb.sys --> C:\Windows\system32\DRIVERS\FlyUsb.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 LAN9500;LAN9500 USB 2.0 to Ethernet 10/100 Adapter Service;C:\Windows\system32\DRIVERS\lan9500-x64-n51f.sys --> C:\Windows\system32\DRIVERS\lan9500-x64-n51f.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-02-27 18:45:11 -------- d-----w- C:\Program Files (x86)\ESET
2012-02-25 18:07:26 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F6D72B1B-06BC-4E7D-89EA-124F9DC92755}\offreg.dll
2012-02-25 15:45:56 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-25 12:30:22 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F6D72B1B-06BC-4E7D-89EA-124F9DC92755}\mpengine.dll
2012-02-24 00:00:34 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-23 21:45:09 98816 ----a-w- C:\Windows\sed.exe
2012-02-23 21:45:09 518144 ----a-w- C:\Windows\SWREG.exe
2012-02-23 21:45:09 256000 ----a-w- C:\Windows\PEV.exe
2012-02-23 21:45:09 208896 ----a-w- C:\Windows\MBR.exe
2012-02-23 12:34:29 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-02-23 12:34:23 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-02-23 12:34:21 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-02-23 12:34:10 -------- d--h--w- C:\ProgramData\Common Files
2012-02-22 11:04:31 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-02-21 03:20:49 -------- d-----w- C:\Program Files (x86)\Common Files\Simple Adblock
2012-02-21 02:32:01 -------- d-----w- C:\Users\Roo\AppData\Roaming\Malwarebytes
2012-02-21 02:31:46 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-21 02:31:44 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-21 02:31:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2012-02-19 18:25:47 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-16 02:16:36 -------- d-----w- C:\63146ec7b3a033f4356ca48e
2012-02-16 02:08:20 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-16 02:08:19 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-16 02:08:07 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-16 02:08:06 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-16 02:08:00 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-16 02:07:54 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-16 02:07:45 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-16 02:07:44 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-06 00:08:26 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-05 23:30:37 -------- d-----w- C:\Users\Roo\AppData\Roaming\Macrovision
.
==================== Find3M ====================
.
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-06-02 21:26:20 23384 ----a-w- C:\Program Files (x86)\QuickenOLBackupLauncher.exe
2010-06-02 21:25:34 48472 ----a-w- C:\Program Files (x86)\InetTools.dll
2010-06-02 21:24:32 537944 ----a-w- C:\Program Files (x86)\UpdateContent.dll
2010-06-02 21:24:28 57176 ----a-w- C:\Program Files (x86)\RestartExe.exe
2010-06-02 21:24:28 46424 ----a-w- C:\Program Files (x86)\BindContent.exe
2010-06-02 21:24:24 312664 ----a-w- C:\Program Files (x86)\SendError.dll
2010-06-02 21:24:22 32088 ----a-w- C:\Program Files (x86)\qwutilnet.dll
2010-06-02 21:24:12 359768 ----a-w- C:\Program Files (x86)\qwplan.dll
2010-06-02 21:24:10 129880 ----a-w- C:\Program Files (x86)\qwonlineFeatures.dll
2010-06-02 21:24:04 76120 ----a-w- C:\Program Files (x86)\qwipa.dll
2010-06-02 21:22:58 28504 ----a-w- C:\Program Files (x86)\lbt.dll
2010-06-02 21:22:58 129880 ----a-w- C:\Program Files (x86)\QCustomAction.dll
2010-06-02 21:22:46 39768 ----a-w- C:\Program Files (x86)\convert_stub.dll
2010-06-02 21:22:46 155992 ----a-w- C:\Program Files (x86)\cashgen.dll
2010-06-02 21:22:44 34136 ----a-w- C:\Program Files (x86)\CalendarSync.dll
2010-06-02 21:22:42 116568 ----a-w- C:\Program Files (x86)\billmind_qwrmnd.dll
2010-06-02 21:22:40 47448 ----a-w- C:\Program Files (x86)\billmind_alrtpkg.dll
2010-06-02 21:22:40 26456 ----a-w- C:\Program Files (x86)\billmind.exe
2010-06-02 21:22:38 77656 ----a-w- C:\Program Files (x86)\bagent.exe
2010-06-02 21:22:34 354136 ----a-w- C:\Program Files (x86)\alert.dll
2010-06-02 21:22:30 38744 ----a-w- C:\Program Files (x86)\printenv.exe
2010-06-02 21:22:20 1035608 ----a-w- C:\Program Files (x86)\dbghelp.dll
2010-06-02 21:22:18 71000 ----a-w- C:\Program Files (x86)\techhelp.exe
2010-01-04 23:40:10 433976 ----a-w- C:\Program Files (x86)\EmergencyRecordsOrganizer.exe
2010-01-04 23:40:08 861432 ----a-w- C:\Program Files (x86)\QuickenHomeInventory.exe
2009-09-08 17:43:28 15720 ----a-w- C:\Program Files (x86)\mvut14n.dll
2009-09-08 17:42:26 223584 ----a-w- C:\Program Files (x86)\patchw32.dll
2009-09-08 17:40:54 41320 ----a-w- C:\Program Files (x86)\lbt_excite.dll
2009-09-08 17:40:38 23912 ----a-w- C:\Program Files (x86)\dellid.dll
2009-09-08 17:40:28 78184 ----a-w- C:\Program Files (x86)\bgt.dll
2009-09-08 17:40:26 34152 ----a-w- C:\Program Files (x86)\atwork.dll
.
============= FINISH: 15:14:27.04 ===============


Attach Log
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 12/11/2009 7:29:39 PM
System Uptime: 2/26/2012 1:41:24 PM (26 hours ago)
.
Motherboard: Dell Inc. | | 0C234M
Processor: Intel® Core™2 Duo CPU P7450 @ 2.13GHz | U2E1 | 2133/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 323.304 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP169: 2/16/2012 3:00:23 AM - Windows Update
RP170: 2/16/2012 10:30:07 AM - Windows Update
RP171: 2/18/2012 11:11:51 PM - Restore Operation
RP172: 2/19/2012 1:25:15 PM - Windows Update
RP174: 2/19/2012 1:50:58 PM - Windows Defender Checkpoint
RP175: 2/20/2012 11:42:58 PM - Windows Update
RP176: 2/23/2012 4:45:25 PM - ComboFix created restore point
RP177: 2/25/2012 7:28:40 AM - Windows Update
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
Absolute Notifier
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.2
Advanced Audio FX Engine
AnswerWorks 5.0 English Runtime
AnyDVD
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Software Update
ATI Catalyst Control Center
AVG Security Toolbar
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Citrix Presentation Server Client - Web Only
CloneDVDmobile
Compatibility Pack for the 2007 Office system
Consumer In-Home Service Agreement
Coupon Printer for Windows
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Getting Started Guide
Dell Webcam Central
ESET Online Scanner v3
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
Internet TV for Windows Media Center
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java™ 6 Update 26
Junk Mail filter update
LeapFrog Connect
LeapFrog Tag Plugin
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee SecurityCenter
McAfee Virtual Technician
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
PowerDVD DX
Quicken 2010
QuickTime
Roxio Burn
Roxio Update Manager
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Simple Adblock
Skins
Skype Toolbars
Skype™ 4.2
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
Uninstall AOL Emergency Connect Utility 1.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
Viewpoint Media Player
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
2/25/2012 7:55:32 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
2/25/2012 7:38:02 AM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: A device attached to the system is not functioning.
2/25/2012 11:00:27 AM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
2/25/2012 10:56:10 AM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
2/25/2012 10:46:44 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
2/25/2012 10:36:37 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
2/25/2012 10:34:44 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
2/25/2012 10:33:57 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
2/22/2012 9:51:46 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
.
==== End Of File ===========================

#19 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 907 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 28 February 2012 - 07:43 AM

Hy there


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Enviroment 6 Update 31 and save it to your desktop.
  • Scroll down to where it says Java SE 6 Update 31
  • Click the red Download JRE button on the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u31-windows-i586 to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are three options in the window to clear the cache - Make sure all are checked
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

There is a newer version of Adobe Acrobat Reader available.
  • Please go to this link Adobe Acrobat Reader Download Link
  • Untick Free McAfee® Security Scan Plus if you do not wish to include this in the installation.
  • Click Download
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts

When the installation is complete go to Add/Remove Programs and uninstall all previous versions.



Please post in your next reply
Note any open issues

regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 


#20 sgeorge

sgeorge

    New Member

  • Members
  • Pip
  • 14 posts

Posted 28 February 2012 - 08:08 PM

Thanks.

I now have Java™ 6 Update 31 installed and Adobe Reader X (10.1.2) installed.
I had no issues installing either.


DDS Log
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Roo at 20:01:33 on 2012-02-28
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6109.4463 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe
C:\Program Files (x86)\AOL 9.5\waol.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\aol\1262054950\ee\aolsoftware.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamgui.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\AOL 9.5\shellmon.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120112184243.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SimpleAdblock Class: {ffcb3198-32f3-4e8b-9539-4324694ed664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler
uRun: [AOL Fast Start] "C:\Program Files (x86)\AOL 9.5\AOL.EXE" -b
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1262054950\ee\AOLSoftware.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamgui.exe" /starttray
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\Roo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{F292B776-5071-4241-B5B2-47B1A9AD68F6} : DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{F292B776-5071-4241-B5B2-47B1A9AD68F6}\378616B65637 : DhcpNameServer = 68.237.161.12 71.243.0.12
TCP: Interfaces\{F292B776-5071-4241-B5B2-47B1A9AD68F6}\B4566796E67456F6277656 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{F292B776-5071-4241-B5B2-47B1A9AD68F6}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120112184243.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [HostManager] C:\Program Files (x86)\Common Files\AOL\1262054950\ee\AOLSoftware.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 dlkmdldr;dlkmdldr;C:\Windows\system32\drivers\dlkmdldr.sys --> C:\Windows\system32\drivers\dlkmdldr.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AbsoluteNotifier;Absolute Notifier;C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-8 10408]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2009-12-8 8551272]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2012-2-20 652360]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-4 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-4 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-4 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-8-13 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-8-13 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-8-13 161168]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-9-15 88576]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-12-2 705856]
R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-2-25 909152]
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-1-21 130048]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 dlkmd;dlkmd;C:\Windows\system32\drivers\dlkmd.sys --> C:\Windows\system32\drivers\dlkmd.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]
S3 DisplayLinkUsbPort;DisplayLink USB Device;C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.22617.0.sys --> C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.22617.0.sys [?]
S3 dlcdbus;DisplayLink Composite USB Bus Driver driver (WDM);C:\Windows\system32\DRIVERS\dlcdbus.sys --> C:\Windows\system32\DRIVERS\dlcdbus.sys [?]
S3 FlyUsb;FLY Fusion;C:\Windows\system32\DRIVERS\FlyUsb.sys --> C:\Windows\system32\DRIVERS\FlyUsb.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 LAN9500;LAN9500 USB 2.0 to Ethernet 10/100 Adapter Service;C:\Windows\system32\DRIVERS\lan9500-x64-n51f.sys --> C:\Windows\system32\DRIVERS\lan9500-x64-n51f.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-2-1 25072]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-02-29 00:22:42 -------- d-----w- C:\Windows\System32\appmgmt
2012-02-28 11:27:37 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{63BDA4D9-6A27-463F-8CA5-9960F2542DBE}\mpengine.dll
2012-02-27 18:45:11 -------- d-----w- C:\Program Files (x86)\ESET
2012-02-25 15:45:56 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-24 00:00:34 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-23 21:45:09 98816 ----a-w- C:\Windows\sed.exe
2012-02-23 21:45:09 518144 ----a-w- C:\Windows\SWREG.exe
2012-02-23 21:45:09 256000 ----a-w- C:\Windows\PEV.exe
2012-02-23 21:45:09 208896 ----a-w- C:\Windows\MBR.exe
2012-02-23 12:34:29 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-02-23 12:34:23 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-02-23 12:34:21 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-02-23 12:34:10 -------- d--h--w- C:\ProgramData\Common Files
2012-02-22 11:04:31 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-02-21 03:20:49 -------- d-----w- C:\Program Files (x86)\Common Files\Simple Adblock
2012-02-21 02:32:01 -------- d-----w- C:\Users\Roo\AppData\Roaming\Malwarebytes
2012-02-21 02:31:46 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-21 02:31:44 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-21 02:31:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2012-02-19 18:25:47 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-16 02:16:36 -------- d-----w- C:\63146ec7b3a033f4356ca48e
2012-02-16 02:08:20 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-16 02:08:19 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-16 02:08:07 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-16 02:08:06 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-16 02:08:00 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-16 02:07:54 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-16 02:07:45 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-16 02:07:44 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-06 00:08:26 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-05 23:30:37 -------- d-----w- C:\Users\Roo\AppData\Roaming\Macrovision
.
==================== Find3M ====================
.
2012-02-29 00:33:40 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-06-02 21:26:20 23384 ----a-w- C:\Program Files (x86)\QuickenOLBackupLauncher.exe
2010-06-02 21:25:34 48472 ----a-w- C:\Program Files (x86)\InetTools.dll
2010-06-02 21:24:32 537944 ----a-w- C:\Program Files (x86)\UpdateContent.dll
2010-06-02 21:24:28 57176 ----a-w- C:\Program Files (x86)\RestartExe.exe
2010-06-02 21:24:28 46424 ----a-w- C:\Program Files (x86)\BindContent.exe
2010-06-02 21:24:24 312664 ----a-w- C:\Program Files (x86)\SendError.dll
2010-06-02 21:24:22 32088 ----a-w- C:\Program Files (x86)\qwutilnet.dll
2010-06-02 21:24:12 359768 ----a-w- C:\Program Files (x86)\qwplan.dll
2010-06-02 21:24:10 129880 ----a-w- C:\Program Files (x86)\qwonlineFeatures.dll
2010-06-02 21:24:04 76120 ----a-w- C:\Program Files (x86)\qwipa.dll
2010-06-02 21:22:58 28504 ----a-w- C:\Program Files (x86)\lbt.dll
2010-06-02 21:22:58 129880 ----a-w- C:\Program Files (x86)\QCustomAction.dll
2010-06-02 21:22:46 39768 ----a-w- C:\Program Files (x86)\convert_stub.dll
2010-06-02 21:22:46 155992 ----a-w- C:\Program Files (x86)\cashgen.dll
2010-06-02 21:22:44 34136 ----a-w- C:\Program Files (x86)\CalendarSync.dll
2010-06-02 21:22:42 116568 ----a-w- C:\Program Files (x86)\billmind_qwrmnd.dll
2010-06-02 21:22:40 47448 ----a-w- C:\Program Files (x86)\billmind_alrtpkg.dll
2010-06-02 21:22:40 26456 ----a-w- C:\Program Files (x86)\billmind.exe
2010-06-02 21:22:38 77656 ----a-w- C:\Program Files (x86)\bagent.exe
2010-06-02 21:22:34 354136 ----a-w- C:\Program Files (x86)\alert.dll
2010-06-02 21:22:30 38744 ----a-w- C:\Program Files (x86)\printenv.exe
2010-06-02 21:22:20 1035608 ----a-w- C:\Program Files (x86)\dbghelp.dll
2010-06-02 21:22:18 71000 ----a-w- C:\Program Files (x86)\techhelp.exe
2010-01-04 23:40:10 433976 ----a-w- C:\Program Files (x86)\EmergencyRecordsOrganizer.exe
2010-01-04 23:40:08 861432 ----a-w- C:\Program Files (x86)\QuickenHomeInventory.exe
2009-09-08 17:43:28 15720 ----a-w- C:\Program Files (x86)\mvut14n.dll
2009-09-08 17:42:26 223584 ----a-w- C:\Program Files (x86)\patchw32.dll
2009-09-08 17:40:54 41320 ----a-w- C:\Program Files (x86)\lbt_excite.dll
2009-09-08 17:40:38 23912 ----a-w- C:\Program Files (x86)\dellid.dll
2009-09-08 17:40:28 78184 ----a-w- C:\Program Files (x86)\bgt.dll
2009-09-08 17:40:26 34152 ----a-w- C:\Program Files (x86)\atwork.dll
.
============= FINISH: 20:02:50.30 ===============



Attach Log
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 12/11/2009 7:29:39 PM
System Uptime: 2/28/2012 7:25:55 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0C234M
Processor: Intel® Core™2 Duo CPU P7450 @ 2.13GHz | U2E1 | 2133/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 323.609 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP171: 2/18/2012 11:11:51 PM - Restore Operation
RP172: 2/19/2012 1:25:15 PM - Windows Update
RP174: 2/19/2012 1:50:58 PM - Windows Defender Checkpoint
RP175: 2/20/2012 11:42:58 PM - Windows Update
RP176: 2/23/2012 4:45:25 PM - ComboFix created restore point
RP177: 2/25/2012 7:28:40 AM - Windows Update
RP178: 2/27/2012 10:01:59 PM - Installed TurboTax 2011 wrapper
RP179: 2/28/2012 7:21:36 PM - Removed Java™ 6 Update 14 (64-bit)
RP180: 2/28/2012 7:23:29 PM - Removed Java™ 6 Update 26
RP181: 2/28/2012 7:31:05 PM - Installed Java™ 6 Update 31
RP182: 2/28/2012 7:55:54 PM - Installed Adobe Reader X (10.1.0).
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
Absolute Notifier
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.2)
Advanced Audio FX Engine
AnswerWorks 5.0 English Runtime
AnyDVD
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Software Update
ATI Catalyst Control Center
AVG Security Toolbar
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Citrix Presentation Server Client - Web Only
CloneDVDmobile
Compatibility Pack for the 2007 Office system
Consumer In-Home Service Agreement
Coupon Printer for Windows
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Getting Started Guide
Dell Webcam Central
ESET Online Scanner v3
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
Internet TV for Windows Media Center
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
LeapFrog Connect
LeapFrog Tag Plugin
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee SecurityCenter
McAfee Virtual Technician
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
PowerDVD DX
Quicken 2010
QuickTime
Roxio Burn
Roxio Update Manager
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Simple Adblock
Skins
Skype Toolbars
Skype™ 4.2
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
Uninstall AOL Emergency Connect Utility 1.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
Viewpoint Media Player
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
2/28/2012 7:49:50 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
2/28/2012 7:33:40 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
2/28/2012 5:41:07 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
2/25/2012 7:55:32 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
2/25/2012 7:38:02 AM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: A device attached to the system is not functioning.
2/25/2012 11:00:27 AM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
2/25/2012 10:46:44 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
2/25/2012 10:36:37 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
2/25/2012 10:34:44 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
2/25/2012 10:33:57 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users