Jump to content


Photo
- - - - -

Here are the log files.


  • This topic is locked This topic is locked
21 replies to this topic

#1 rjones315

rjones315

    New Member

  • Members
  • Pip
  • 15 posts

Posted 04 April 2012 - 07:22 AM

Merged post


I've attached the log files. It seems to be something infecting my hosts file. I get 404 error messages when trying to go to certain web sites. Please let me know what you find.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/7/2011 6:26:33 PM
System Uptime: 4/3/2012 9:58:44 PM (3 hours ago)
.
Motherboard: Dell Inc. | | 0PJTXT
Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz | U2E1 | 2399/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 412.962 GiB free.
D: is CDROM ()
V: is NetworkDisk (NTFS) - 1397 GiB total, 537.484 GiB free.
W: is NetworkDisk (NTFS) - 1851 GiB total, 939.265 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP118: 4/2/2012 10:35:22 PM - Installed Java™ 6 Update 31
RP119: 4/2/2012 11:51:53 PM - Removed Google Talk Plugin
RP120: 4/3/2012 12:19:28 AM - Removed AVG 2012
RP121: 4/3/2012 12:21:54 AM - Removed AVG 2012
RP122: 4/3/2012 12:29:11 AM - Removed Eye-Fi Center 3.4
RP123: 4/3/2012 12:45:13 AM - Windows Update
RP124: 4/3/2012 1:15:48 AM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
688I Hunter Killer
Adobe AIR
Adobe Community Help
Adobe Flash Media Live Encoder 3.1
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.5.0
Advanced Audio FX Engine
Akamai NetSession Interface
Akamai NetSession Interface Service
Amazon Games & Software Downloader
Angry Birds
Apple Application Support
Apple Software Update
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
ATI Catalyst Control Center
avast! Free Antivirus
Carbonite
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Consumer In-Home Service Agreement
Core FTP LE 2.1
Cozi
Cricket Broadband EC1705
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Webcam Central
eBay
Flickr Uploadr 2.5.0.14
Google Chrome
GoToAssist 8.0.0.514
Intel AppUp(SM) center
Intel® Management Engine Components
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
jZip
LinkedIn Outlook Connector
Live! Cam Avatar Creator
LoJack Factory Installer
Malwarebytes Anti-Malware version 1.60.1.1000
Media Player Codec Pack 4.1.1
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office FrontPage 2003
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Thunderbird 10.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Octoshape add-in for Adobe Flash Player
OLYMPUS Studio 2
PDF Settings CS5
Photomatix Pro version 3.2.7
QuickTime
Realtek High Definition Audio Driver
Roxio Burn
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Skins
Skype Click to Call
Skype™ 5.5
SPAMfighter
SPAMfighter Client
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Visual Studio 2008 x64 Redistributables
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
XnView 1.98.5
.
==== Event Viewer Messages From Past Week ========
.
4/4/2012 12:31:35 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
.
==== End Of File ===========================



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Bob Jones at 0:30:13 on 2012-04-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6005.2608 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCService.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Users\Bob Jones\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Users\Bob Jones\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StickyNotes.exe
C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Users\Bob Jones\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.exe
C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\ProgramData\Cricket Broadband EC1705\userdata\ouc.exe
C:\Program Files (x86)\Fighters\FighterSuiteService.exe
-netsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\vssvc.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = g.msn.com/USCON/1
uDefault_Page_URL = g.msn.com/USCON/1
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Google Update] "C:\Users\Bob Jones\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] "C:\Users\Bob Jones\AppData\Local\Akamai\netsession_win.exe"
uRun: [HW_OPENEYE_OUC_] "C:\Program Files (x86)\Cricket Broadband EC1705\UpdateDog\ouc.exe"
uRun: [Eye-Fi] "C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [sfagent] C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk"
mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\BOBJON~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\BOBJON~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\Bob Jones\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StickyNotes.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL
Trusted Zone: adp.com
Trusted Zone: adpcorp.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{0CE4C873-7E98-468F-988E-0D8459C0F61E} : NameServer = 10.133.20.11 10.132.20.11
TCP: Interfaces\{15E654EB-EF3C-44D0-A173-5EC50785E479} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC}\4457E6B696E60244F6E6574737 : DhcpNameServer = 192.168.91.1
TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC}\4657E6E647962756 : DhcpNameServer = 208.67.220.220 208.67.222.222 10.0.0.10
TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC}\775676D616E637 : DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC}\A5F6F6D6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC}\A7F6F6D6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{874EAB87-1252-46AB-8067-C7883711D19B} : NameServer = 10.133.20.11 10.132.20.11
TCP: Interfaces\{A3146EDD-7284-4647-8F82-EFAB9CC7F267} : NameServer = 10.133.20.11 10.132.20.11
TCP: Interfaces\{B38B24DA-233E-49AC-B4C4-4212DAA38564} : NameServer = 10.133.20.11 10.132.20.11
TCP: Interfaces\{CA0D7AB7-D4D2-42EA-BFFE-7C088762B930} : NameServer = 10.133.20.11 10.132.20.11
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [sfagent] C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe
mRun-x64: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk"
mRun-x64: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-2-18 98208]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-4-3 401920]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-4-3 44768]
R2 DCService.exe;DCService.exe;C:\ProgramData\DatacardService\DCService.exe [2009-12-22 225280]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-3 652360]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-2-18 1692480]
R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe [2010-11-16 214664]
R2 Suite Service;Suite Service;C:\Program Files (x86)\Fighters\FighterSuiteService.exe [2010-11-16 1145992]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-18 2533400]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]
S3 OlyUsbCam;OLYMPUS USB Camera;C:\Windows\system32\DRIVERS\OlyUsbCam.sys --> C:\Windows\system32\DRIVERS\OlyUsbCam.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-04 01:03:44 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-04-04 01:03:40 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{98DC1D1E-C247-4AAE-B2EF-7F1699394DA6}\mpengine.dll
2012-04-03 06:24:58 20480 ----a-w- C:\Windows\svchost.exe
2012-04-03 06:01:02 -------- d-----w- C:\Users\Bob Jones\AppData\Roaming\Malwarebytes
2012-04-03 06:00:53 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-03 06:00:52 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-03 06:00:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-03 05:17:08 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-04-03 05:17:05 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-04-03 05:17:03 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-04-03 05:16:42 41184 ----a-w- C:\Windows\avastSS.scr
2012-04-03 05:16:20 -------- d-----w- C:\ProgramData\AVAST Software
2012-04-03 05:16:20 -------- d-----w- C:\Program Files\AVAST Software
2012-04-03 04:46:13 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-04-03 02:37:03 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll
2012-03-31 02:34:49 -------- d-----w- C:\Users\Bob Jones\AppData\Roaming\Titanium
2012-03-31 02:33:46 -------- d-----w- C:\Users\Bob Jones\AppData\Local\Eye-Fi
2012-03-31 02:31:14 -------- d-----w- C:\Users\Bob Jones\AppData\Roaming\Eye-Fi
2012-03-24 20:48:00 -------- d-----w- C:\Users\Bob Jones\AppData\Local\{AD9BF85B-CCDD-4BF7-BD11-5940C4575453}
2012-03-20 01:22:52 0 ----a-w- C:\Windows\SysWow64\sho69DC.tmp
2012-03-19 23:08:35 -------- d-----w- C:\ProgramData\App4rTemp
2012-03-19 23:07:52 -------- d-----w- C:\Users\Bob Jones\AppData\Roaming\Lexmark Productivity Studio
2012-03-19 22:49:41 -------- d-----w- C:\ProgramData\Ezprint
2012-03-19 22:49:25 -------- d-----w- C:\Program Files (x86)\Lexmark Toolbar
2012-03-19 22:41:58 -------- d-----w- C:\ProgramData\Lx_cats
2012-03-19 22:41:02 81920 ----a-w- C:\Windows\SysWow64\lxdxcaps.dll
2012-03-19 22:41:02 782336 ----a-w- C:\Windows\SysWow64\lxdxdrs.dll
2012-03-19 22:41:02 77906 ----a-w- C:\Windows\SysWow64\lxdxcfg.dll
2012-03-19 22:41:02 69632 ----a-w- C:\Windows\SysWow64\lxdxcnv4.dll
2012-03-19 22:41:02 65536 ----a-w- C:\Windows\System32\lxdxcfg64.dll
2012-03-19 22:41:02 54784 ----a-w- C:\Windows\System32\lxdxcnv464.dll
2012-03-19 22:41:02 25600 ----a-w- C:\Windows\System32\lxdxcaps64.dll
2012-03-19 22:41:02 1024512 ----a-w- C:\Windows\System32\lxdxdrs64.dll
2012-03-19 22:39:11 -------- d-----w- C:\logs
2012-03-19 22:36:36 -------- d-----w- C:\lexmark
2012-03-17 03:04:51 -------- d-----w- C:\Users\Bob Jones\AppData\Roaming\AVG
2012-03-14 07:05:12 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 07:05:10 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:05:09 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 04:01:15 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 04:01:14 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 04:01:13 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 04:01:01 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 04:01:00 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 04:01:00 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 04:00:33 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 04:00:32 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 04:00:31 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 04:00:31 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-11 17:14:44 0 ----a-w- C:\Windows\SysWow64\sho64D5.tmp
2012-03-11 16:53:03 -------- d-----w- C:\Program Files\iPod
2012-03-11 16:53:02 -------- d-----w- C:\Program Files\iTunes
2012-03-11 16:53:02 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M ====================
.
2012-04-03 02:36:30 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-26 17:55:46 0 ----a-w- C:\Windows\SysWow64\sho2F79.tmp
2012-02-26 02:58:40 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 0:31:32.43 ===============

Attached Files



#2 rjones315

rjones315

    New Member

  • Members
  • Pip
  • 15 posts

Posted 05 April 2012 - 07:21 AM

Bump

#3 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 05 April 2012 - 07:32 AM

Hello rjones315 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#4 rjones315

rjones315

    New Member

  • Members
  • Pip
  • 15 posts

Posted 05 April 2012 - 07:29 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Bob Jones at 20:18:37 on 2012-04-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6005.3586 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCService.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Fighters\FighterSuiteService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Users\Bob Jones\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Bob Jones\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.exe
C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Users\Bob Jones\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StickyNotes.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Bob Jones\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = g.msn.com/USCON/1
uDefault_Page_URL = g.msn.com/USCON/1
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Google Update] "C:\Users\Bob Jones\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] "C:\Users\Bob Jones\AppData\Local\Akamai\netsession_win.exe"
uRun: [HW_OPENEYE_OUC_] "C:\Program Files (x86)\Cricket Broadband EC1705\UpdateDog\ouc.exe"
uRun: [Eye-Fi] "C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [sfagent] C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk"
mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\BOBJON~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\BOBJON~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\Bob Jones\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StickyNotes.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL
Trusted Zone: adp.com
Trusted Zone: adpcorp.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{0CE4C873-7E98-468F-988E-0D8459C0F61E} : NameServer = 10.133.20.11 10.132.20.11
TCP: Interfaces\{15E654EB-EF3C-44D0-A173-5EC50785E479} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC}\4457E6B696E60244F6E6574737 : DhcpNameServer = 192.168.91.1
TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC}\4657E6E647962756 : DhcpNameServer = 208.67.220.220 208.67.222.222 10.0.0.10
TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC}\775676D616E637 : DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC}\A5F6F6D6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC}\A7F6F6D6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{874EAB87-1252-46AB-8067-C7883711D19B} : NameServer = 10.133.20.11 10.132.20.11
TCP: Interfaces\{A3146EDD-7284-4647-8F82-EFAB9CC7F267} : NameServer = 10.133.20.11 10.132.20.11
TCP: Interfaces\{B38B24DA-233E-49AC-B4C4-4212DAA38564} : NameServer = 10.133.20.11 10.132.20.11
TCP: Interfaces\{CA0D7AB7-D4D2-42EA-BFFE-7C088762B930} : NameServer = 10.133.20.11 10.132.20.11
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [sfagent] C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe
mRun-x64: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk"
mRun-x64: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-2-18 98208]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-4-3 401920]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-4-3 44768]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DCService.exe;DCService.exe;C:\ProgramData\DatacardService\DCService.exe [2009-12-22 225280]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-3 652360]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-2-18 1692480]
R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe [2010-11-16 214664]
R2 Suite Service;Suite Service;C:\Program Files (x86)\Fighters\FighterSuiteService.exe [2010-11-16 1145992]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-18 2533400]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]
S3 OlyUsbCam;OLYMPUS USB Camera;C:\Windows\system32\DRIVERS\OlyUsbCam.sys --> C:\Windows\system32\DRIVERS\OlyUsbCam.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-06 00:10:30 20480 ----a-w- C:\Windows\svchost.exe
2012-04-05 23:35:00 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-04 06:21:17 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{98DC1D1E-C247-4AAE-B2EF-7F1699394DA6}\offreg.dll
2012-04-04 01:03:44 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-04-04 01:03:40 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{98DC1D1E-C247-4AAE-B2EF-7F1699394DA6}\mpengine.dll
2012-04-03 06:01:02 -------- d-----w- C:\Users\Bob Jones\AppData\Roaming\Malwarebytes
2012-04-03 06:00:53 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-03 06:00:52 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-03 06:00:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-03 05:17:08 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-04-03 05:17:05 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-04-03 05:17:03 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-04-03 05:16:42 41184 ----a-w- C:\Windows\avastSS.scr
2012-04-03 05:16:20 -------- d-----w- C:\ProgramData\AVAST Software
2012-04-03 05:16:20 -------- d-----w- C:\Program Files\AVAST Software
2012-04-03 04:46:13 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-04-03 02:37:03 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll
2012-03-31 02:34:49 -------- d-----w- C:\Users\Bob Jones\AppData\Roaming\Titanium
2012-03-31 02:33:46 -------- d-----w- C:\Users\Bob Jones\AppData\Local\Eye-Fi
2012-03-31 02:31:14 -------- d-----w- C:\Users\Bob Jones\AppData\Roaming\Eye-Fi
2012-03-24 20:48:00 -------- d-----w- C:\Users\Bob Jones\AppData\Local\{AD9BF85B-CCDD-4BF7-BD11-5940C4575453}
2012-03-20 01:22:52 0 ----a-w- C:\Windows\SysWow64\sho69DC.tmp
2012-03-19 23:08:35 -------- d-----w- C:\ProgramData\App4rTemp
2012-03-19 23:07:52 -------- d-----w- C:\Users\Bob Jones\AppData\Roaming\Lexmark Productivity Studio
2012-03-19 22:49:41 -------- d-----w- C:\ProgramData\Ezprint
2012-03-19 22:49:25 -------- d-----w- C:\Program Files (x86)\Lexmark Toolbar
2012-03-19 22:41:58 -------- d-----w- C:\ProgramData\Lx_cats
2012-03-19 22:41:02 81920 ----a-w- C:\Windows\SysWow64\lxdxcaps.dll
2012-03-19 22:41:02 782336 ----a-w- C:\Windows\SysWow64\lxdxdrs.dll
2012-03-19 22:41:02 77906 ----a-w- C:\Windows\SysWow64\lxdxcfg.dll
2012-03-19 22:41:02 69632 ----a-w- C:\Windows\SysWow64\lxdxcnv4.dll
2012-03-19 22:41:02 65536 ----a-w- C:\Windows\System32\lxdxcfg64.dll
2012-03-19 22:41:02 54784 ----a-w- C:\Windows\System32\lxdxcnv464.dll
2012-03-19 22:41:02 25600 ----a-w- C:\Windows\System32\lxdxcaps64.dll
2012-03-19 22:41:02 1024512 ----a-w- C:\Windows\System32\lxdxdrs64.dll
2012-03-19 22:39:11 -------- d-----w- C:\logs
2012-03-19 22:36:36 -------- d-----w- C:\lexmark
2012-03-17 03:04:51 -------- d-----w- C:\Users\Bob Jones\AppData\Roaming\AVG
2012-03-14 07:05:12 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 07:05:10 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:05:09 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 04:01:15 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 04:01:14 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 04:01:13 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 04:01:01 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 04:01:00 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 04:01:00 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 04:00:33 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 04:00:32 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 04:00:31 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 04:00:31 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-11 17:14:44 0 ----a-w- C:\Windows\SysWow64\sho64D5.tmp
2012-03-11 16:53:03 -------- d-----w- C:\Program Files\iPod
2012-03-11 16:53:02 -------- d-----w- C:\Program Files\iTunes
2012-03-11 16:53:02 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M ====================
.
2012-04-03 02:36:30 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-26 17:55:46 0 ----a-w- C:\Windows\SysWow64\sho2F79.tmp
2012-02-26 02:58:40 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 20:21:05.11 ===============

#5 rjones315

rjones315

    New Member

  • Members
  • Pip
  • 15 posts

Posted 05 April 2012 - 07:29 PM

19:32:23.0213 15076 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
19:32:23.0572 15076 ============================================================
19:32:23.0572 15076 Current date / time: 2012/04/05 19:32:23.0572
19:32:23.0572 15076 SystemInfo:
19:32:23.0572 15076
19:32:23.0572 15076 OS Version: 6.1.7601 ServicePack: 1.0
19:32:23.0572 15076 Product type: Workstation
19:32:23.0572 15076 ComputerName: DELL-LAPTOP
19:32:23.0572 15076 UserName: Bob Jones
19:32:23.0572 15076 Windows directory: C:\Windows
19:32:23.0572 15076 System windows directory: C:\Windows
19:32:23.0572 15076 Running under WOW64
19:32:23.0572 15076 Processor architecture: Intel x64
19:32:23.0572 15076 Number of processors: 4
19:32:23.0572 15076 Page size: 0x1000
19:32:23.0572 15076 Boot type: Normal boot
19:32:23.0572 15076 ============================================================
19:32:24.0196 15076 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:32:24.0211 15076 \Device\Harddisk0\DR0:
19:32:24.0211 15076 MBR used
19:32:24.0211 15076 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x1D4C000
19:32:24.0211 15076 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7EFCD, BlocksNum 0x48AD8AE3
19:32:24.0243 15076 Initialize success
19:32:24.0243 15076 ============================================================
19:32:57.0985 16288 ============================================================
19:32:57.0985 16288 Scan started
19:32:57.0985 16288 Mode: Manual; SigCheck; TDLFS;
19:32:57.0985 16288 ============================================================
19:32:58.0391 16288 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:32:58.0563 16288 1394ohci - ok
19:32:58.0656 16288 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:32:58.0687 16288 ACPI - ok
19:32:58.0781 16288 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:32:58.0875 16288 AcpiPmi - ok
19:32:58.0984 16288 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:32:59.0015 16288 adp94xx - ok
19:32:59.0062 16288 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:32:59.0077 16288 adpahci - ok
19:32:59.0124 16288 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:32:59.0155 16288 adpu320 - ok
19:32:59.0187 16288 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:32:59.0327 16288 AeLookupSvc - ok
19:32:59.0358 16288 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
19:32:59.0389 16288 AERTFilters - ok
19:32:59.0467 16288 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:32:59.0577 16288 AFD - ok
19:32:59.0686 16288 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:32:59.0717 16288 agp440 - ok
19:32:59.0904 16288 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll
19:32:59.0904 16288 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
19:32:59.0904 16288 Akamai ( HiddenFile.Multi.Generic ) - warning
19:32:59.0904 16288 Akamai - detected HiddenFile.Multi.Generic (1)
19:32:59.0982 16288 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:33:00.0060 16288 ALG - ok
19:33:00.0123 16288 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:33:00.0154 16288 aliide - ok
19:33:00.0388 16288 Amazon Download Agent (ff6f0f6a2d72065ae4300426fa414693) C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
19:33:00.0419 16288 Amazon Download Agent ( UnsignedFile.Multi.Generic ) - warning
19:33:00.0419 16288 Amazon Download Agent - detected UnsignedFile.Multi.Generic (1)
19:33:00.0497 16288 AMD External Events Utility (3d90cf67db75823a8480e56bbcd2e028) C:\Windows\system32\atiesrxx.exe
19:33:00.0591 16288 AMD External Events Utility - ok
19:33:00.0669 16288 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:33:00.0684 16288 amdide - ok
19:33:00.0731 16288 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:33:00.0793 16288 AmdK8 - ok
19:33:00.0981 16288 amdkmdag (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atipmdag.sys
19:33:01.0215 16288 amdkmdag - ok
19:33:01.0261 16288 amdkmdap (414e0788920a8c856032be2cbf29f984) C:\Windows\system32\DRIVERS\atikmpag.sys
19:33:01.0324 16288 amdkmdap - ok
19:33:01.0433 16288 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:33:01.0480 16288 AmdPPM - ok
19:33:01.0542 16288 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:33:01.0573 16288 amdsata - ok
19:33:01.0605 16288 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:33:01.0620 16288 amdsbs - ok
19:33:01.0636 16288 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:33:01.0651 16288 amdxata - ok
19:33:01.0698 16288 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:33:01.0901 16288 AppID - ok
19:33:01.0979 16288 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:33:02.0073 16288 AppIDSvc - ok
19:33:02.0151 16288 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:33:02.0213 16288 Appinfo - ok
19:33:02.0322 16288 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:33:02.0353 16288 Apple Mobile Device - ok
19:33:02.0447 16288 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:33:02.0463 16288 arc - ok
19:33:02.0494 16288 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:33:02.0525 16288 arcsas - ok
19:33:02.0603 16288 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
19:33:02.0650 16288 aswFsBlk - ok
19:33:02.0728 16288 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
19:33:02.0743 16288 aswMonFlt - ok
19:33:02.0806 16288 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
19:33:02.0837 16288 aswRdr - ok
19:33:02.0946 16288 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
19:33:02.0977 16288 aswSnx - ok
19:33:03.0055 16288 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
19:33:03.0087 16288 aswSP - ok
19:33:03.0165 16288 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
19:33:03.0196 16288 aswTdi - ok
19:33:03.0258 16288 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:33:03.0336 16288 AsyncMac - ok
19:33:03.0383 16288 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:33:03.0414 16288 atapi - ok
19:33:03.0492 16288 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
19:33:03.0523 16288 AtiHdmiService - ok
19:33:03.0586 16288 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:33:03.0711 16288 AudioEndpointBuilder - ok
19:33:03.0742 16288 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:33:03.0789 16288 AudioSrv - ok
19:33:03.0898 16288 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:33:03.0929 16288 avast! Antivirus - ok
19:33:04.0023 16288 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:33:04.0147 16288 AxInstSV - ok
19:33:04.0257 16288 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:33:04.0335 16288 b06bdrv - ok
19:33:04.0428 16288 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:33:04.0506 16288 b57nd60a - ok
19:33:04.0615 16288 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys
19:33:04.0631 16288 BCM42RLY - ok
19:33:04.0740 16288 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
19:33:04.0803 16288 BCM43XX - ok
19:33:04.0881 16288 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys
19:33:04.0896 16288 BcmVWL - ok
19:33:04.0943 16288 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:33:04.0974 16288 BDESVC - ok
19:33:05.0021 16288 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:33:05.0130 16288 Beep - ok
19:33:05.0224 16288 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:33:05.0302 16288 BFE - ok
19:33:05.0364 16288 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
19:33:05.0489 16288 BITS - ok
19:33:05.0567 16288 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:33:05.0614 16288 blbdrive - ok
19:33:05.0723 16288 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:33:05.0770 16288 Bonjour Service - ok
19:33:05.0863 16288 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:33:05.0895 16288 bowser - ok
19:33:05.0941 16288 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:33:06.0019 16288 BrFiltLo - ok
19:33:06.0035 16288 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:33:06.0051 16288 BrFiltUp - ok
19:33:06.0097 16288 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:33:06.0207 16288 Browser - ok
19:33:06.0300 16288 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:33:06.0378 16288 Brserid - ok
19:33:06.0472 16288 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:33:06.0519 16288 BrSerWdm - ok
19:33:06.0565 16288 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:33:06.0612 16288 BrUsbMdm - ok
19:33:06.0659 16288 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:33:06.0706 16288 BrUsbSer - ok
19:33:06.0799 16288 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
19:33:06.0877 16288 BthEnum - ok
19:33:06.0924 16288 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:33:06.0987 16288 BTHMODEM - ok
19:33:07.0033 16288 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
19:33:07.0096 16288 BthPan - ok
19:33:07.0221 16288 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
19:33:07.0314 16288 BTHPORT - ok
19:33:07.0392 16288 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:33:07.0455 16288 bthserv - ok
19:33:07.0517 16288 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
19:33:07.0564 16288 BTHUSB - ok
19:33:07.0611 16288 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys
19:33:07.0642 16288 btusbflt - ok
19:33:07.0704 16288 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
19:33:07.0720 16288 btwaudio - ok
19:33:07.0751 16288 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys
19:33:07.0782 16288 btwavdt - ok
19:33:07.0860 16288 btwdins (10ffb5fa51d5713d872b41a59dfc2213) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
19:33:07.0907 16288 btwdins - ok
19:33:07.0985 16288 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
19:33:08.0016 16288 btwl2cap - ok
19:33:08.0063 16288 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
19:33:08.0079 16288 btwrchid - ok
19:33:08.0266 16288 CarboniteService (39dbdd8e86caf1cd03c00d5c931fd3fa) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
19:33:08.0469 16288 CarboniteService - ok
19:33:08.0562 16288 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:33:08.0640 16288 cdfs - ok
19:33:08.0718 16288 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:33:08.0765 16288 cdrom - ok
19:33:08.0827 16288 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:33:08.0937 16288 CertPropSvc - ok
19:33:09.0015 16288 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:33:09.0061 16288 circlass - ok
19:33:09.0124 16288 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:33:09.0155 16288 CLFS - ok
19:33:09.0217 16288 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:33:09.0249 16288 clr_optimization_v2.0.50727_32 - ok
19:33:09.0280 16288 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:33:09.0311 16288 clr_optimization_v2.0.50727_64 - ok
19:33:09.0389 16288 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:33:09.0420 16288 clr_optimization_v4.0.30319_32 - ok
19:33:09.0467 16288 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:33:09.0498 16288 clr_optimization_v4.0.30319_64 - ok
19:33:09.0576 16288 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:33:09.0623 16288 CmBatt - ok
19:33:09.0685 16288 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:33:09.0717 16288 cmdide - ok
19:33:09.0810 16288 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:33:09.0857 16288 CNG - ok
19:33:09.0935 16288 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:33:09.0951 16288 Compbatt - ok
19:33:10.0013 16288 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:33:10.0060 16288 CompositeBus - ok
19:33:10.0107 16288 COMSysApp - ok
19:33:10.0169 16288 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:33:10.0185 16288 crcdisk - ok
19:33:10.0263 16288 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
19:33:10.0341 16288 CryptSvc - ok
19:33:10.0450 16288 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
19:33:10.0528 16288 CtClsFlt - ok
19:33:10.0637 16288 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:33:10.0699 16288 cvhsvc - ok
19:33:10.0777 16288 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:33:10.0887 16288 DcomLaunch - ok
19:33:10.0996 16288 DCService.exe (00eaf3956092a8008608ca6e2c5d649d) C:\ProgramData\DatacardService\DCService.exe
19:33:11.0027 16288 DCService.exe ( UnsignedFile.Multi.Generic ) - warning
19:33:11.0027 16288 DCService.exe - detected UnsignedFile.Multi.Generic (1)
19:33:11.0089 16288 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:33:11.0183 16288 defragsvc - ok
19:33:11.0245 16288 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:33:11.0339 16288 DfsC - ok
19:33:11.0433 16288 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:33:11.0495 16288 Dhcp - ok
19:33:11.0542 16288 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:33:11.0604 16288 discache - ok
19:33:11.0698 16288 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:33:11.0729 16288 Disk - ok
19:33:11.0776 16288 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:33:11.0838 16288 Dnscache - ok
19:33:11.0901 16288 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
19:33:11.0932 16288 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
19:33:11.0932 16288 DockLoginService - detected UnsignedFile.Multi.Generic (1)
19:33:12.0010 16288 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:33:12.0088 16288 dot3svc - ok
19:33:12.0119 16288 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:33:12.0213 16288 DPS - ok
19:33:12.0259 16288 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:33:12.0322 16288 drmkaud - ok
19:33:12.0384 16288 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:33:12.0431 16288 DXGKrnl - ok
19:33:12.0478 16288 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:33:12.0571 16288 EapHost - ok
19:33:12.0681 16288 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:33:12.0837 16288 ebdrv - ok
19:33:12.0868 16288 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:33:12.0930 16288 EFS - ok
19:33:13.0039 16288 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:33:13.0133 16288 ehRecvr - ok
19:33:13.0180 16288 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:33:13.0227 16288 ehSched - ok
19:33:13.0305 16288 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:33:13.0351 16288 elxstor - ok
19:33:13.0429 16288 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:33:13.0492 16288 ErrDev - ok
19:33:13.0554 16288 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:33:13.0679 16288 EventSystem - ok
19:33:13.0788 16288 ewusbnet (da7cef9ffbbd6498df106bcab84eb10a) C:\Windows\system32\DRIVERS\ewusbnet.sys
19:33:13.0851 16288 ewusbnet - ok
19:33:13.0944 16288 ew_hwusbdev (e2cbb821c7cae0ef8b56de28ed85c740) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
19:33:14.0007 16288 ew_hwusbdev - ok
19:33:14.0053 16288 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:33:14.0116 16288 exfat - ok
19:33:14.0131 16288 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:33:14.0225 16288 fastfat - ok
19:33:14.0287 16288 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:33:14.0381 16288 Fax - ok
19:33:14.0459 16288 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:33:14.0506 16288 fdc - ok
19:33:14.0553 16288 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:33:14.0615 16288 fdPHost - ok
19:33:14.0631 16288 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:33:14.0709 16288 FDResPub - ok
19:33:14.0755 16288 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:33:14.0787 16288 FileInfo - ok
19:33:14.0818 16288 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:33:14.0911 16288 Filetrace - ok
19:33:14.0958 16288 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:33:14.0974 16288 flpydisk - ok
19:33:15.0005 16288 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:33:15.0036 16288 FltMgr - ok
19:33:15.0099 16288 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:33:15.0208 16288 FontCache - ok
19:33:15.0333 16288 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:33:15.0348 16288 FontCache3.0.0.0 - ok
19:33:15.0395 16288 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:33:15.0426 16288 FsDepends - ok
19:33:15.0457 16288 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:33:15.0489 16288 Fs_Rec - ok
19:33:15.0582 16288 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:33:15.0613 16288 fvevol - ok
19:33:15.0645 16288 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:33:15.0676 16288 gagp30kx - ok
19:33:15.0769 16288 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
19:33:15.0801 16288 GameConsoleService - ok
19:33:15.0879 16288 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:33:15.0894 16288 GEARAspiWDM - ok
19:33:15.0941 16288 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
19:33:15.0957 16288 GoToAssist - ok
19:33:16.0066 16288 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:33:16.0191 16288 gpsvc - ok
19:33:16.0238 16288 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:33:16.0300 16288 hcw85cir - ok
19:33:16.0347 16288 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:33:16.0394 16288 HDAudBus - ok
19:33:16.0440 16288 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
19:33:16.0456 16288 HECIx64 - ok
19:33:16.0503 16288 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:33:16.0550 16288 HidBatt - ok
19:33:16.0565 16288 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:33:16.0628 16288 HidBth - ok
19:33:16.0706 16288 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:33:16.0752 16288 HidIr - ok
19:33:16.0799 16288 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
19:33:16.0893 16288 hidserv - ok
19:33:17.0002 16288 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:33:17.0018 16288 HidUsb - ok
19:33:17.0080 16288 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:33:17.0189 16288 hkmsvc - ok
19:33:17.0252 16288 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:33:17.0330 16288 HomeGroupListener - ok
19:33:17.0361 16288 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:33:17.0423 16288 HomeGroupProvider - ok
19:33:17.0517 16288 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:33:17.0548 16288 HpSAMD - ok
19:33:17.0610 16288 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:33:17.0704 16288 HTTP - ok
19:33:17.0813 16288 huawei_enumerator (6dbd08bc1331c78548298e82c4b667c5) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
19:33:17.0876 16288 huawei_enumerator - ok
19:33:17.0985 16288 hwdatacard (6e5cd3984742a922d0c183c7e82c3c94) C:\Windows\system32\DRIVERS\ewusbmdm.sys
19:33:18.0063 16288 hwdatacard - ok
19:33:18.0141 16288 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:33:18.0172 16288 hwpolicy - ok
19:33:18.0281 16288 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:33:18.0328 16288 i8042prt - ok
19:33:18.0375 16288 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
19:33:18.0406 16288 iaStor - ok
19:33:18.0468 16288 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:33:18.0500 16288 iaStorV - ok
19:33:18.0593 16288 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:33:18.0656 16288 idsvc - ok
19:33:18.0734 16288 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:33:18.0749 16288 iirsp - ok
19:33:18.0827 16288 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:33:18.0921 16288 IKEEXT - ok
19:33:19.0014 16288 IntcAzAudAddService (6e4ccb3aff07e2b9f2a937385c84b573) C:\Windows\system32\drivers\RTKVHD64.sys
19:33:19.0077 16288 IntcAzAudAddService - ok
19:33:19.0264 16288 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:33:19.0295 16288 intelide - ok
19:33:19.0326 16288 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:33:19.0373 16288 intelppm - ok
19:33:19.0467 16288 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:33:19.0545 16288 IPBusEnum - ok
19:33:19.0607 16288 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:33:19.0685 16288 IpFilterDriver - ok
19:33:19.0763 16288 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:33:19.0857 16288 iphlpsvc - ok
19:33:19.0950 16288 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:33:20.0013 16288 IPMIDRV - ok
19:33:20.0060 16288 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:33:20.0122 16288 IPNAT - ok
19:33:20.0200 16288 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
19:33:20.0262 16288 iPod Service - ok
19:33:20.0496 16288 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:33:20.0543 16288 IRENUM - ok
19:33:20.0590 16288 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:33:20.0621 16288 isapnp - ok
19:33:20.0637 16288 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:33:20.0684 16288 iScsiPrt - ok
19:33:20.0715 16288 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:33:20.0730 16288 kbdclass - ok
19:33:20.0824 16288 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:33:20.0871 16288 kbdhid - ok
19:33:20.0933 16288 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:33:20.0964 16288 KeyIso - ok
19:33:21.0011 16288 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:33:21.0042 16288 KSecDD - ok
19:33:21.0074 16288 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:33:21.0105 16288 KSecPkg - ok
19:33:21.0136 16288 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:33:21.0214 16288 ksthunk - ok
19:33:21.0245 16288 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:33:21.0354 16288 KtmRm - ok
19:33:21.0448 16288 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys
19:33:21.0464 16288 L1C - ok
19:33:21.0542 16288 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
19:33:21.0635 16288 LanmanServer - ok
19:33:21.0682 16288 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:33:21.0776 16288 LanmanWorkstation - ok
19:33:21.0869 16288 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:33:21.0932 16288 lltdio - ok
19:33:21.0978 16288 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:33:22.0056 16288 lltdsvc - ok
19:33:22.0088 16288 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:33:22.0150 16288 lmhosts - ok
19:33:22.0212 16288 LMS (23d990150d56b670a62b21b9abdd45ee) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
19:33:22.0228 16288 LMS - ok
19:33:22.0322 16288 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:33:22.0337 16288 LSI_FC - ok
19:33:22.0384 16288 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:33:22.0415 16288 LSI_SAS - ok
19:33:22.0462 16288 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:33:22.0493 16288 LSI_SAS2 - ok
19:33:22.0524 16288 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:33:22.0556 16288 LSI_SCSI - ok
19:33:22.0602 16288 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:33:22.0680 16288 luafv - ok
19:33:22.0805 16288 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
19:33:22.0821 16288 MBAMProtector - ok
19:33:22.0914 16288 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:33:22.0961 16288 MBAMService - ok
19:33:23.0024 16288 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:33:23.0086 16288 Mcx2Svc - ok
19:33:23.0164 16288 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
19:33:23.0195 16288 MDM - ok
19:33:23.0273 16288 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:33:23.0289 16288 megasas - ok
19:33:23.0336 16288 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:33:23.0367 16288 MegaSR - ok
19:33:23.0414 16288 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:33:23.0507 16288 MMCSS - ok
19:33:23.0538 16288 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:33:23.0601 16288 Modem - ok
19:33:23.0648 16288 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:33:23.0710 16288 monitor - ok
19:33:23.0788 16288 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:33:23.0804 16288 mouclass - ok
19:33:23.0897 16288 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:33:23.0944 16288 mouhid - ok
19:33:24.0006 16288 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:33:24.0038 16288 mountmgr - ok
19:33:24.0069 16288 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:33:24.0100 16288 mpio - ok
19:33:24.0131 16288 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:33:24.0194 16288 mpsdrv - ok
19:33:24.0240 16288 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:33:24.0350 16288 MpsSvc - ok
19:33:24.0584 16288 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:33:24.0646 16288 MRxDAV - ok
19:33:24.0708 16288 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:33:24.0755 16288 mrxsmb - ok
19:33:24.0818 16288 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:33:24.0864 16288 mrxsmb10 - ok
19:33:24.0896 16288 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:33:24.0927 16288 mrxsmb20 - ok
19:33:24.0958 16288 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:33:24.0989 16288 msahci - ok
19:33:25.0036 16288 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:33:25.0067 16288 msdsm - ok
19:33:25.0083 16288 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:33:25.0145 16288 MSDTC - ok
19:33:25.0192 16288 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:33:25.0254 16288 Msfs - ok
19:33:25.0270 16288 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:33:25.0317 16288 mshidkmdf - ok
19:33:25.0348 16288 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:33:25.0348 16288 msisadrv - ok
19:33:25.0395 16288 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:33:25.0473 16288 MSiSCSI - ok
19:33:25.0473 16288 msiserver - ok
19:33:25.0520 16288 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:33:25.0582 16288 MSKSSRV - ok
19:33:25.0598 16288 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:33:25.0691 16288 MSPCLOCK - ok
19:33:25.0785 16288 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:33:25.0863 16288 MSPQM - ok
19:33:25.0925 16288 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:33:25.0956 16288 MsRPC - ok
19:33:26.0019 16288 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:33:26.0050 16288 mssmbios - ok
19:33:26.0081 16288 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:33:26.0159 16288 MSTEE - ok
19:33:26.0190 16288 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:33:26.0206 16288 MTConfig - ok
19:33:26.0222 16288 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:33:26.0253 16288 Mup - ok
19:33:26.0300 16288 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:33:26.0393 16288 napagent - ok
19:33:26.0502 16288 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:33:26.0549 16288 NativeWifiP - ok
19:33:26.0643 16288 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:33:26.0690 16288 NDIS - ok
19:33:26.0736 16288 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:33:26.0814 16288 NdisCap - ok
19:33:26.0877 16288 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:33:26.0924 16288 NdisTapi - ok
19:33:26.0986 16288 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:33:27.0064 16288 Ndisuio - ok
19:33:27.0126 16288 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:33:27.0204 16288 NdisWan - ok
19:33:27.0267 16288 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:33:27.0329 16288 NDProxy - ok
19:33:27.0423 16288 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:33:27.0485 16288 NetBIOS - ok
19:33:27.0532 16288 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:33:27.0641 16288 NetBT - ok
19:33:27.0672 16288 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:33:27.0704 16288 Netlogon - ok
19:33:27.0766 16288 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:33:27.0875 16288 Netman - ok
19:33:27.0969 16288 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:33:28.0047 16288 netprofm - ok
19:33:28.0109 16288 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:33:28.0140 16288 NetTcpPortSharing - ok
19:33:28.0203 16288 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:33:28.0234 16288 nfrd960 - ok
19:33:28.0296 16288 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:33:28.0374 16288 NlaSvc - ok
19:33:28.0406 16288 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:33:28.0468 16288 Npfs - ok
19:33:28.0499 16288 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:33:28.0593 16288 nsi - ok
19:33:28.0624 16288 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:33:28.0671 16288 nsiproxy - ok
19:33:28.0764 16288 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:33:28.0842 16288 Ntfs - ok
19:33:28.0920 16288 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:33:28.0998 16288 Null - ok
19:33:29.0061 16288 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:33:29.0092 16288 nvraid - ok
19:33:29.0123 16288 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:33:29.0154 16288 nvstor - ok
19:33:29.0232 16288 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:33:29.0264 16288 nv_agp - ok
19:33:29.0279 16288 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:33:29.0342 16288 ohci1394 - ok
19:33:29.0420 16288 OlyUsbCam (ed74264b8b3ba640ce97130862732b4e) C:\Windows\system32\DRIVERS\OlyUsbCam.sys
19:33:29.0451 16288 OlyUsbCam - ok
19:33:29.0513 16288 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:33:29.0529 16288 ose - ok
19:33:29.0700 16288 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:33:29.0872 16288 osppsvc - ok
19:33:29.0981 16288 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:33:30.0075 16288 p2pimsvc - ok
19:33:30.0122 16288 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:33:30.0168 16288 p2psvc - ok
19:33:30.0262 16288 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:33:30.0293 16288 Parport - ok
19:33:30.0356 16288 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:33:30.0387 16288 partmgr - ok
19:33:30.0434 16288 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:33:30.0496 16288 PcaSvc - ok
19:33:30.0558 16288 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:33:30.0574 16288 pci - ok
19:33:30.0621 16288 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:33:30.0636 16288 pciide - ok
19:33:30.0683 16288 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:33:30.0699 16288 pcmcia - ok
19:33:30.0714 16288 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:33:30.0730 16288 pcw - ok
19:33:30.0761 16288 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:33:30.0839 16288 PEAUTH - ok
19:33:30.0948 16288 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:33:30.0995 16288 PerfHost - ok
19:33:31.0089 16288 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:33:31.0182 16288 pla - ok
19:33:31.0229 16288 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:33:31.0323 16288 PlugPlay - ok
19:33:31.0385 16288 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:33:31.0416 16288 PNRPAutoReg - ok
19:33:31.0432 16288 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:33:31.0463 16288 PNRPsvc - ok
19:33:31.0494 16288 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:33:31.0588 16288 PolicyAgent - ok
19:33:31.0666 16288 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:33:31.0760 16288 Power - ok
19:33:31.0838 16288 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:33:31.0916 16288 PptpMiniport - ok
19:33:32.0025 16288 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:33:32.0072 16288 Processor - ok
19:33:32.0134 16288 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
19:33:32.0243 16288 ProfSvc - ok
19:33:32.0274 16288 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:33:32.0306 16288 ProtectedStorage - ok
19:33:32.0384 16288 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:33:32.0462 16288 Psched - ok
19:33:32.0493 16288 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
19:33:32.0524 16288 PxHlpa64 - ok
19:33:32.0633 16288 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:33:32.0696 16288 ql2300 - ok
19:33:32.0711 16288 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:33:32.0727 16288 ql40xx - ok
19:33:32.0758 16288 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:33:32.0805 16288 QWAVE - ok
19:33:32.0820 16288 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:33:32.0867 16288 QWAVEdrv - ok
19:33:32.0898 16288 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:33:32.0930 16288 RasAcd - ok
19:33:32.0976 16288 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:33:33.0023 16288 RasAgileVpn - ok
19:33:33.0101 16288 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:33:33.0195 16288 RasAuto - ok
19:33:33.0242 16288 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:33:33.0320 16288 Rasl2tp - ok
19:33:33.0382 16288 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:33:33.0491 16288 RasMan - ok
19:33:33.0538 16288 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:33:33.0616 16288 RasPppoe - ok
19:33:33.0663 16288 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:33:33.0725 16288 RasSstp - ok
19:33:33.0772 16288 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:33:33.0834 16288 rdbss - ok
19:33:33.0912 16288 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:33:33.0975 16288 rdpbus - ok
19:33:34.0068 16288 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:33:34.0162 16288 RDPCDD - ok
19:33:34.0240 16288 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:33:34.0287 16288 RDPENCDD - ok
19:33:34.0334 16288 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:33:34.0380 16288 RDPREFMP - ok
19:33:34.0427 16288 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
19:33:34.0505 16288 RDPWD - ok
19:33:34.0536 16288 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:33:34.0568 16288 rdyboost - ok
19:33:34.0599 16288 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:33:34.0692 16288 RemoteAccess - ok
19:33:34.0724 16288 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:33:34.0802 16288 RemoteRegistry - ok
19:33:34.0880 16288 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
19:33:34.0926 16288 RFCOMM - ok
19:33:35.0004 16288 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:33:35.0098 16288 RpcEptMapper - ok
19:33:35.0145 16288 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:33:35.0207 16288 RpcLocator - ok
19:33:35.0238 16288 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:33:35.0301 16288 RpcSs - ok
19:33:35.0332 16288 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:33:35.0394 16288 rspndr - ok
19:33:35.0441 16288 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys
19:33:35.0472 16288 RSUSBSTOR - ok
19:33:35.0504 16288 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:33:35.0535 16288 SamSs - ok
19:33:35.0566 16288 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:33:35.0597 16288 sbp2port - ok
19:33:35.0628 16288 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:33:35.0722 16288 SCardSvr - ok
19:33:35.0769 16288 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:33:35.0847 16288 scfilter - ok
19:33:35.0925 16288 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:33:36.0065 16288 Schedule - ok
19:33:36.0159 16288 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:33:36.0206 16288 SCPolicySvc - ok
19:33:36.0268 16288 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:33:36.0315 16288 SDRSVC - ok
19:33:36.0377 16288 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
19:33:36.0408 16288 SeaPort - ok
19:33:36.0486 16288 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:33:36.0549 16288 secdrv - ok
19:33:36.0580 16288 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:33:36.0674 16288 seclogon - ok
19:33:36.0736 16288 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
19:33:36.0798 16288 SENS - ok
19:33:36.0845 16288 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:33:36.0923 16288 SensrSvc - ok
19:33:37.0001 16288 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:33:37.0048 16288 Serenum - ok
19:33:37.0110 16288 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:33:37.0157 16288 Serial - ok
19:33:37.0220 16288 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:33:37.0251 16288 sermouse - ok
19:33:37.0298 16288 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:33:37.0376 16288 SessionEnv - ok
19:33:37.0407 16288 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:33:37.0469 16288 sffdisk - ok
19:33:37.0563 16288 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:33:37.0610 16288 sffp_mmc - ok
19:33:37.0641 16288 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:33:37.0688 16288 sffp_sd - ok
19:33:37.0750 16288 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:33:37.0781 16288 sfloppy - ok
19:33:37.0859 16288 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
19:33:37.0875 16288 Sftfs - ok
19:33:37.0937 16288 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:33:37.0968 16288 sftlist - ok
19:33:38.0046 16288 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:33:38.0078 16288 Sftplay - ok
19:33:38.0140 16288 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:33:38.0171 16288 Sftredir - ok
19:33:38.0280 16288 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
19:33:38.0343 16288 SftService - ok
19:33:38.0421 16288 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
19:33:38.0452 16288 Sftvol - ok
19:33:38.0514 16288 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:33:38.0530 16288 sftvsa - ok
19:33:38.0592 16288 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:33:38.0639 16288 SharedAccess - ok
19:33:38.0686 16288 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:33:38.0764 16288 ShellHWDetection - ok
19:33:38.0811 16288 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:33:38.0826 16288 SiSRaid2 - ok
19:33:38.0842 16288 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:33:38.0858 16288 SiSRaid4 - ok
19:33:38.0889 16288 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:33:38.0936 16288 Smb - ok
19:33:38.0967 16288 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:33:39.0029 16288 SNMPTRAP - ok
19:33:39.0107 16288 SPAMfighter Update Service (ed9f035593588b6fec21478c6b9e0452) C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe
19:33:39.0138 16288 SPAMfighter Update Service - ok
19:33:39.0232 16288 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:33:39.0248 16288 spldr - ok
19:33:39.0326 16288 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:33:39.0404 16288 Spooler - ok
19:33:39.0528 16288 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:33:39.0685 16288 sppsvc - ok
19:33:39.0732 16288 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:33:39.0841 16288 sppuinotify - ok
19:33:39.0904 16288 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
19:33:39.0919 16288 sprtsvc_DellSupportCenter - ok
19:33:40.0013 16288 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:33:40.0091 16288 srv - ok
19:33:40.0138 16288 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:33:40.0185 16288 srv2 - ok
19:33:40.0231 16288 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:33:40.0278 16288 srvnet - ok
19:33:40.0356 16288 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:33:40.0450 16288 SSDPSRV - ok
19:33:40.0481 16288 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:33:40.0528 16288 SstpSvc - ok
19:33:40.0575 16288 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:33:40.0590 16288 stexstor - ok
19:33:40.0654 16288 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:33:40.0747 16288 stisvc - ok
19:33:40.0856 16288 Suite Service (e567825c5f3934e13c8d755611954a7e) C:\Program Files (x86)\Fighters\FighterSuiteService.exe
19:33:40.0903 16288 Suite Service - ok
19:33:40.0997 16288 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:33:41.0012 16288 swenum - ok
19:33:41.0106 16288 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:33:41.0153 16288 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
19:33:41.0153 16288 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
19:33:41.0246 16288 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:33:41.0371 16288 swprv - ok
19:33:41.0434 16288 SynTP (c25866bdf0e818e02bb8e76845d26e54) C:\Windows\system32\DRIVERS\SynTP.sys
19:33:41.0465 16288 SynTP - ok
19:33:41.0527 16288 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:33:41.0652 16288 SysMain - ok
19:33:41.0699 16288 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:33:41.0746 16288 TabletInputService - ok
19:33:41.0761 16288 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:33:41.0870 16288 TapiSrv - ok
19:33:41.0902 16288 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:33:41.0948 16288 TBS - ok
19:33:42.0026 16288 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
19:33:42.0120 16288 Tcpip - ok
19:33:42.0198 16288 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
19:33:42.0260 16288 TCPIP6 - ok
19:33:42.0292 16288 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:33:42.0385 16288 tcpipreg - ok
19:33:42.0416 16288 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:33:42.0463 16288 TDPIPE - ok
19:33:42.0510 16288 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:33:42.0541 16288 TDTCP - ok
19:33:42.0572 16288 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:33:42.0635 16288 tdx - ok
19:33:42.0682 16288 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:33:42.0697 16288 TermDD - ok
19:33:42.0744 16288 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:33:42.0853 16288 TermService - ok
19:33:42.0884 16288 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:33:42.0947 16288 Themes - ok
19:33:42.0994 16288 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:33:43.0056 16288 THREADORDER - ok
19:33:43.0072 16288 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:33:43.0134 16288 TrkWks - ok
19:33:43.0212 16288 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:33:43.0306 16288 TrustedInstaller - ok
19:33:43.0399 16288 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:33:43.0508 16288 tssecsrv - ok
19:33:43.0571 16288 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:33:43.0618 16288 TsUsbFlt - ok
19:33:43.0711 16288 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:33:43.0805 16288 tunnel - ok
19:33:43.0836 16288 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:33:43.0852 16288 uagp35 - ok
19:33:43.0914 16288 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:33:43.0976 16288 udfs - ok
19:33:44.0054 16288 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:33:44.0086 16288 UI0Detect - ok
19:33:44.0148 16288 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:33:44.0195 16288 uliagpkx - ok
19:33:44.0210 16288 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
19:33:44.0273 16288 umbus - ok
19:33:44.0351 16288 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:33:44.0413 16288 UmPass - ok
19:33:44.0538 16288 UNS (cbdee152d73200ee49031a26310b9d3e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:33:44.0647 16288 UNS - ok
19:33:44.0725 16288 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:33:44.0850 16288 upnphost - ok
19:33:44.0928 16288 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
19:33:44.0975 16288 usbaudio - ok
19:33:45.0037 16288 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:33:45.0115 16288 usbccgp - ok
19:33:45.0162 16288 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:33:45.0193 16288 usbcir - ok
19:33:45.0271 16288 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
19:33:45.0334 16288 usbehci - ok
19:33:45.0380 16288 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:33:45.0443 16288 usbhub - ok
19:33:45.0490 16288 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:33:45.0521 16288 usbohci - ok
19:33:45.0552 16288 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:33:45.0614 16288 usbprint - ok
19:33:45.0646 16288 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:33:45.0708 16288 usbscan - ok
19:33:45.0755 16288 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:33:45.0833 16288 USBSTOR - ok
19:33:45.0911 16288 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:33:45.0973 16288 usbuhci - ok
19:33:46.0036 16288 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
19:33:46.0082 16288 usbvideo - ok
19:33:46.0114 16288 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:33:46.0192 16288 UxSms - ok
19:33:46.0223 16288 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:33:46.0238 16288 VaultSvc - ok
19:33:46.0316 16288 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:33:46.0348 16288 vdrvroot - ok
19:33:46.0410 16288 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:33:46.0519 16288 vds - ok
19:33:46.0613 16288 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:33:46.0660 16288 vga - ok
19:33:46.0691 16288 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:33:46.0769 16288 VgaSave - ok
19:33:46.0987 16288 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:33:47.0050 16288 vhdmp - ok
19:33:47.0159 16288 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:33:47.0190 16288 viaide - ok
19:33:47.0252 16288 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:33:47.0299 16288 volmgr - ok
19:33:47.0674 16288 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:33:47.0705 16288 volmgrx - ok
19:33:47.0892 16288 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:33:47.0923 16288 volsnap - ok
19:33:48.0017 16288 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:33:48.0064 16288 vsmraid - ok
19:33:48.0142 16288 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:33:48.0344 16288 VSS - ok
19:33:48.0422 16288 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:33:48.0485 16288 vwifibus - ok
19:33:48.0532 16288 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:33:48.0578 16288 vwififlt - ok
19:33:48.0641 16288 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:33:48.0781 16288 W32Time - ok
19:33:48.0844 16288 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:33:48.0875 16288 WacomPen - ok
19:33:48.0953 16288 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:33:49.0046 16288 WANARP - ok
19:33:49.0046 16288 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:33:49.0093 16288 Wanarpv6 - ok
19:33:49.0561 16288 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:33:49.0655 16288 WatAdminSvc - ok
19:33:50.0014 16288 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:33:50.0170 16288 wbengine - ok
19:33:50.0248 16288 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:33:50.0326 16288 WbioSrvc - ok
19:33:50.0372 16288 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:33:50.0419 16288 wcncsvc - ok
19:33:50.0466 16288 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:33:50.0544 16288 WcsPlugInService - ok
19:33:50.0591 16288 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:33:50.0622 16288 Wd - ok
19:33:50.0669 16288 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:33:50.0716 16288 Wdf01000 - ok
19:33:50.0747 16288 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:33:50.0887 16288 WdiServiceHost - ok
19:33:50.0887 16288 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:33:50.0918 16288 WdiSystemHost - ok
19:33:50.0950 16288 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:33:51.0028 16288 WebClient - ok
19:33:51.0059 16288 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:33:51.0152 16288 Wecsvc - ok
19:33:51.0184 16288 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:33:51.0277 16288 wercplsupport - ok
19:33:51.0324 16288 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:33:51.0371 16288 WerSvc - ok
19:33:51.0433 16288 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:33:51.0511 16288 WfpLwf - ok
19:33:51.0620 16288 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
19:33:51.0652 16288 WimFltr - ok
19:33:51.0714 16288 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:33:51.0761 16288 WIMMount - ok
19:33:51.0808 16288 WinDefend - ok
19:33:51.0808 16288 WinHttpAutoProxySvc - ok
19:33:52.0010 16288 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:33:52.0088 16288 Winmgmt - ok
19:33:52.0213 16288 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:33:52.0369 16288 WinRM - ok
19:33:52.0697 16288 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:33:52.0775 16288 WinUsb - ok
19:33:53.0274 16288 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:33:53.0352 16288 Wlansvc - ok
19:33:53.0820 16288 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:33:53.0914 16288 wlidsvc - ok
19:33:53.0960 16288 wltrysvc (de816a0624d54d68e1fb8a9028dcf81a) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
19:33:53.0992 16288 wltrysvc ( UnsignedFile.Multi.Generic ) - warning
19:33:53.0992 16288 wltrysvc - detected UnsignedFile.Multi.Generic (1)
19:33:54.0101 16288 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:33:54.0132 16288 WmiAcpi - ok
19:33:54.0413 16288 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:33:54.0475 16288 wmiApSrv - ok
19:33:54.0538 16288 WMPNetworkSvc - ok
19:33:54.0756 16288 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:33:54.0803 16288 WPCSvc - ok
19:33:54.0850 16288 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:33:54.0881 16288 WPDBusEnum - ok
19:33:54.0959 16288 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:33:55.0037 16288 ws2ifsl - ok
19:33:55.0099 16288 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
19:33:55.0146 16288 wscsvc - ok
19:33:55.0208 16288 WSearch - ok
19:33:55.0723 16288 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
19:33:55.0973 16288 wuauserv - ok
19:33:56.0581 16288 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:33:56.0675 16288 WudfPf - ok
19:33:57.0112 16288 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:33:57.0158 16288 WUDFRd - ok
19:33:57.0408 16288 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:33:57.0455 16288 wudfsvc - ok
19:33:57.0704 16288 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:33:57.0736 16288 WwanSvc - ok
19:33:57.0892 16288 MBR (0x1B8) (e9f67288208d53ef770f82e186904857) \Device\Harddisk0\DR0
19:33:57.0923 16288 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
19:33:57.0923 16288 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
19:33:58.0048 16288 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:33:58.0048 16288 \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:33:58.0094 16288 Boot (0x1200) (968d613a98673a9b1e5aff3358e72170) \Device\Harddisk0\DR0\Partition0
19:33:58.0094 16288 \Device\Harddisk0\DR0\Partition0 - ok
19:33:58.0110 16288 Boot (0x1200) (ec7a06e888a1b22ccdee0d0b2ee5ec30) \Device\Harddisk0\DR0\Partition1
19:33:58.0110 16288 \Device\Harddisk0\DR0\Partition1 - ok
19:33:58.0110 16288 ============================================================
19:33:58.0110 16288 Scan finished
19:33:58.0110 16288 ============================================================
19:33:58.0141 14888 Detected object count: 8
19:33:58.0141 14888 Actual detected object count: 8
19:35:00.0198 14888 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
19:35:00.0198 14888 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
19:35:00.0198 14888 Amazon Download Agent ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:00.0198 14888 Amazon Download Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:00.0198 14888 DCService.exe ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:00.0198 14888 DCService.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:00.0198 14888 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:00.0198 14888 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:00.0198 14888 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:00.0198 14888 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:00.0198 14888 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:00.0198 14888 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:00.0494 14888 \Device\Harddisk0\DR0\# - copied to quarantine
19:35:00.0494 14888 \Device\Harddisk0\DR0 - copied to quarantine
19:35:00.0635 14888 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
19:35:00.0650 14888 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
19:35:00.0682 14888 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
19:35:00.0697 14888 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
19:35:00.0775 14888 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
19:35:00.0791 14888 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
19:35:00.0791 14888 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
19:35:00.0806 14888 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
19:35:00.0806 14888 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
19:35:00.0806 14888 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
19:35:00.0806 14888 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
19:35:00.0822 14888 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
19:35:00.0869 14888 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
19:35:00.0869 14888 \Device\Harddisk0\DR0 - ok
19:35:01.0025 14888 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
19:35:01.0040 14888 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:35:01.0040 14888 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
19:35:21.0414 16352 Deinitialize success

#6 rjones315

rjones315

    New Member

  • Members
  • Pip
  • 15 posts

Posted 05 April 2012 - 07:30 PM

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.04.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Bob Jones :: DELL-LAPTOP [administrator]

Protection: Disabled

4/5/2012 7:50:58 PM
mbam-log-2012-04-05 (19-50-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201845
Time elapsed: 5 minute(s), 40 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 5144 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

#7 rjones315

rjones315

    New Member

  • Members
  • Pip
  • 15 posts

Posted 05 April 2012 - 11:37 PM

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.04.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Bob Jones :: DELL-LAPTOP [administrator]

Protection: Disabled

4/5/2012 7:50:58 PM
mbam-log-2012-04-05 (19-50-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201845
Time elapsed: 5 minute(s), 40 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 5144 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)


Yes. It's disabled because I keep getting messages about infection.

Am looking to get rid of this. It keeps acting like vundo right now

#8 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 06 April 2012 - 07:11 AM

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#9 rjones315

rjones315

    New Member

  • Members
  • Pip
  • 15 posts

Posted 06 April 2012 - 05:25 PM

ComboFix 12-04-06.02 - Bob Jones 04/06/2012 18:01:30.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6005.4333 [GMT -4:00]
Running from: c:\users\Bob Jones\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bob Jones\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3E7850DB-C7B6-48FB-AE0B-D5E0FA69C642}.xps
c:\users\Bob Jones\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E11E957C-3852-4DE5-B6A7-9EE9FBAC0185}.xps
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))
.
.
2012-04-06 22:09 . 2012-04-06 22:09 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-04-06 22:09 . 2012-04-06 22:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-05 23:35 . 2012-04-05 23:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-04 06:21 . 2012-04-05 09:59 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98DC1D1E-C247-4AAE-B2EF-7F1699394DA6}\offreg.dll
2012-04-04 01:03 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98DC1D1E-C247-4AAE-B2EF-7F1699394DA6}\mpengine.dll
2012-04-03 06:01 . 2012-04-03 06:01 -------- d-----w- c:\users\Bob Jones\AppData\Roaming\Malwarebytes
2012-04-03 06:00 . 2012-04-03 06:00 -------- d-----w- c:\programdata\Malwarebytes
2012-04-03 06:00 . 2012-04-03 06:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-03 06:00 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 05:17 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-03 05:17 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-03 05:17 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-03 05:17 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-03 05:17 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-03 05:17 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-03 05:17 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-03 05:16 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-03 05:16 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-04-03 05:16 . 2012-04-03 05:16 -------- d-----w- c:\programdata\AVAST Software
2012-04-03 05:16 . 2012-04-03 05:16 -------- d-----w- c:\program files\AVAST Software
2012-04-03 04:46 . 2012-02-23 13:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-04-03 02:37 . 2012-04-03 02:37 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-03 02:37 . 2012-04-03 02:36 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll
2012-03-31 02:34 . 2012-04-02 23:59 -------- d-----w- c:\users\Bob Jones\AppData\Roaming\Titanium
2012-03-31 02:33 . 2012-04-03 04:30 -------- d-----w- c:\users\Bob Jones\AppData\Local\Eye-Fi
2012-03-31 02:31 . 2012-04-02 04:01 -------- d-----w- c:\users\Bob Jones\AppData\Roaming\Eye-Fi
2012-03-29 10:30 . 2012-03-29 10:30 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
2012-03-29 10:30 . 2012-03-29 10:30 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer
2012-03-24 20:19 . 2007-03-22 23:24 26785 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\STRINGS.JS
2012-03-24 20:19 . 2007-03-22 23:24 23534 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\PRELOAD.JS
2012-03-24 20:19 . 2007-03-22 23:24 23063 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\SETTEXT.JS
2012-03-24 20:19 . 2007-03-22 23:24 19244 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\FPLIB.JS
2012-03-24 20:19 . 2007-03-22 23:24 19856 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\_PRELOAD.JS
2012-03-24 20:19 . 2007-03-22 23:24 18621 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\DOM.JS
2012-03-24 20:19 . 2007-03-22 23:24 16836 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\GETOBJ.JS
2012-03-24 20:19 . 2007-03-22 23:24 16565 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\_JMPMENU.JS
2012-03-20 01:22 . 2012-03-20 01:22 0 ----a-w- c:\windows\SysWow64\sho69DC.tmp
2012-03-19 23:08 . 2012-03-19 23:08 -------- d-----w- c:\programdata\App4rTemp
2012-03-19 23:07 . 2012-03-19 23:07 -------- d-----w- c:\users\Bob Jones\AppData\Roaming\Lexmark Productivity Studio
2012-03-19 22:49 . 2012-03-19 22:49 -------- d-----w- c:\programdata\Ezprint
2012-03-19 22:49 . 2012-03-19 22:49 -------- d-----w- c:\program files (x86)\Lexmark Toolbar
2012-03-19 22:41 . 2012-03-19 23:08 -------- d-----w- c:\programdata\Lx_cats
2012-03-19 22:41 . 2009-08-19 18:06 25600 ----a-w- c:\windows\system32\lxdxcaps64.dll
2012-03-19 22:41 . 2009-08-19 18:06 81920 ----a-w- c:\windows\SysWow64\lxdxcaps.dll
2012-03-19 22:41 . 2009-08-19 18:06 1024512 ----a-w- c:\windows\system32\lxdxdrs64.dll
2012-03-19 22:41 . 2009-08-19 18:06 782336 ----a-w- c:\windows\SysWow64\lxdxdrs.dll
2012-03-19 22:41 . 2009-08-19 18:00 54784 ----a-w- c:\windows\system32\lxdxcnv464.dll
2012-03-19 22:41 . 2009-08-19 18:00 77906 ----a-w- c:\windows\SysWow64\lxdxcfg.dll
2012-03-19 22:41 . 2009-08-19 18:00 69632 ----a-w- c:\windows\SysWow64\lxdxcnv4.dll
2012-03-19 22:41 . 2009-08-19 18:00 65536 ----a-w- c:\windows\system32\lxdxcfg64.dll
2012-03-19 22:39 . 2012-03-19 22:39 -------- d-----w- C:\logs
2012-03-19 22:36 . 2012-03-19 22:36 -------- d-----w- C:\lexmark
2012-03-17 03:04 . 2012-03-17 03:12 -------- d-----w- c:\users\Bob Jones\AppData\Roaming\AVG
2012-03-14 07:05 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 07:05 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:05 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 04:01 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 04:01 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 04:01 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 04:01 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 04:01 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 04:01 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 04:00 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 04:00 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 04:00 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 04:00 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-11 17:14 . 2012-03-11 17:14 0 ----a-w- c:\windows\SysWow64\sho64D5.tmp
2012-03-11 16:53 . 2012-03-11 16:53 -------- d-----w- c:\program files\iPod
2012-03-11 16:53 . 2012-03-11 16:53 -------- d-----w- c:\program files\iTunes
2012-03-11 16:53 . 2012-03-11 16:53 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-03 02:36 . 2011-02-18 17:53 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-26 17:55 . 2012-02-26 17:55 0 ----a-w- c:\windows\SysWow64\sho2F79.tmp
2012-02-26 02:58 . 2011-09-11 12:11 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-02-03 20:24 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-02-03 20:24 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-02-03 20:24 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Bob Jones\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
"HW_OPENEYE_OUC_"="c:\program files (x86)\Cricket Broadband EC1705\UpdateDog\ouc.exe" [2011-03-09 196608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"sfagent"="c:\program files (x86)\Fighters\SPAMfighter\sfagent.exe" [2010-11-16 821384]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" [2011-03-24 1304]
"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-02-03 1059472]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-08 559616]
.
c:\users\Bob Jones\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
StickyNotes.exe [2009-5-19 483328]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2009-12-22 225280]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 OlyUsbCam;OLYMPUS USB Camera;c:\windows\system32\DRIVERS\OlyUsbCam.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files (x86)\Fighters\SPAMfighter\sfus.exe service [x]
S2 Suite Service;Suite Service;c:\program files (x86)\Fighters\FighterSuiteService.exe [2010-11-16 1145992]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4079509864-593231484-137279154-1000Core.job
- c:\users\Bob Jones\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-07 23:56]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4079509864-593231484-137279154-1000UA.job
- c:\users\Bob Jones\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-07 23:56]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-02-03 20:18 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-02-03 20:18 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-02-03 20:18 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-04-06 3203440]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = g.msn.com/USCON/1
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: adp.com
Trusted Zone: adpcorp.com
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{0CE4C873-7E98-468F-988E-0D8459C0F61E}: NameServer = 10.133.20.11 10.132.20.11
TCP: Interfaces\{874EAB87-1252-46AB-8067-C7883711D19B}: NameServer = 10.133.20.11 10.132.20.11
TCP: Interfaces\{A3146EDD-7284-4647-8F82-EFAB9CC7F267}: NameServer = 10.133.20.11 10.132.20.11
TCP: Interfaces\{B38B24DA-233E-49AC-B4C4-4212DAA38564}: NameServer = 10.133.20.11 10.132.20.11
TCP: Interfaces\{CA0D7AB7-D4D2-42EA-BFFE-7C088762B930}: NameServer = 10.133.20.11 10.132.20.11
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Eye-Fi - c:\program files (x86)\Eye-Fi\Helper\EyeFiHelper.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Bob Jones\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-06 18:13:34
ComboFix-quarantined-files.txt 2012-04-06 22:13
.
Pre-Run: 435,307,405,312 bytes free
Post-Run: 436,917,424,128 bytes free
.
- - End Of File - - 61BAA36FE8C2180CEE3BD4EB53D558ED

#10 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 07 April 2012 - 03:38 AM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\users\Bob Jones\AppData\Roaming\AVG

Registry::
[-HKEY_LOCAL_MACHINE\software\McAfee]

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#11 rjones315

rjones315

    New Member

  • Members
  • Pip
  • 15 posts

Posted 07 April 2012 - 06:46 AM

ComboFix 12-04-06.02 - Bob Jones 04/07/2012 7:28.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6005.4214 [GMT -4:00]
Running from: c:\users\Bob Jones\Desktop\ComboFix.exe
Command switches used :: c:\users\Bob Jones\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bob Jones\AppData\Roaming\AVG
c:\users\Bob Jones\AppData\Roaming\AVG\PC Tuneup\Logs\PC Tuneup_SN.log
c:\users\Bob Jones\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120316231220524.rsc
c:\users\Bob Jones\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120316231313673.rsc
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 )))))))))))))))))))))))))))))))
.
.
2012-04-07 11:39 . 2012-04-07 11:39 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-04-07 11:39 . 2012-04-07 11:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 22:26 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D2F362FB-3626-4517-A2A8-E01BEFD67EA8}\mpengine.dll
2012-04-05 23:35 . 2012-04-05 23:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-03 06:01 . 2012-04-03 06:01 -------- d-----w- c:\users\Bob Jones\AppData\Roaming\Malwarebytes
2012-04-03 06:00 . 2012-04-03 06:00 -------- d-----w- c:\programdata\Malwarebytes
2012-04-03 06:00 . 2012-04-03 06:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-03 06:00 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 05:17 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-03 05:17 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-03 05:17 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-03 05:17 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-03 05:17 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-03 05:17 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-03 05:17 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-03 05:16 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-03 05:16 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-04-03 05:16 . 2012-04-03 05:16 -------- d-----w- c:\programdata\AVAST Software
2012-04-03 05:16 . 2012-04-03 05:16 -------- d-----w- c:\program files\AVAST Software
2012-04-03 04:46 . 2012-02-23 13:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-04-03 02:37 . 2012-04-03 02:37 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-03 02:37 . 2012-04-03 02:36 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll
2012-03-31 02:34 . 2012-04-02 23:59 -------- d-----w- c:\users\Bob Jones\AppData\Roaming\Titanium
2012-03-31 02:33 . 2012-04-03 04:30 -------- d-----w- c:\users\Bob Jones\AppData\Local\Eye-Fi
2012-03-31 02:31 . 2012-04-02 04:01 -------- d-----w- c:\users\Bob Jones\AppData\Roaming\Eye-Fi
2012-03-29 10:30 . 2012-03-29 10:30 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
2012-03-29 10:30 . 2012-03-29 10:30 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer
2012-03-24 20:19 . 2007-03-22 23:24 26785 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\STRINGS.JS
2012-03-24 20:19 . 2007-03-22 23:24 23534 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\PRELOAD.JS
2012-03-24 20:19 . 2007-03-22 23:24 23063 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\SETTEXT.JS
2012-03-24 20:19 . 2007-03-22 23:24 19244 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\FPLIB.JS
2012-03-24 20:19 . 2007-03-22 23:24 19856 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\_PRELOAD.JS
2012-03-24 20:19 . 2007-03-22 23:24 18621 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\DOM.JS
2012-03-24 20:19 . 2007-03-22 23:24 16836 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\GETOBJ.JS
2012-03-24 20:19 . 2007-03-22 23:24 16565 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\_JMPMENU.JS
2012-03-20 01:22 . 2012-03-20 01:22 0 ----a-w- c:\windows\SysWow64\sho69DC.tmp
2012-03-19 23:08 . 2012-03-19 23:08 -------- d-----w- c:\programdata\App4rTemp
2012-03-19 23:07 . 2012-03-19 23:07 -------- d-----w- c:\users\Bob Jones\AppData\Roaming\Lexmark Productivity Studio
2012-03-19 22:49 . 2012-03-19 22:49 -------- d-----w- c:\programdata\Ezprint
2012-03-19 22:49 . 2012-03-19 22:49 -------- d-----w- c:\program files (x86)\Lexmark Toolbar
2012-03-19 22:41 . 2012-03-19 23:08 -------- d-----w- c:\programdata\Lx_cats
2012-03-19 22:41 . 2009-08-19 18:06 25600 ----a-w- c:\windows\system32\lxdxcaps64.dll
2012-03-19 22:41 . 2009-08-19 18:06 81920 ----a-w- c:\windows\SysWow64\lxdxcaps.dll
2012-03-19 22:41 . 2009-08-19 18:06 1024512 ----a-w- c:\windows\system32\lxdxdrs64.dll
2012-03-19 22:41 . 2009-08-19 18:06 782336 ----a-w- c:\windows\SysWow64\lxdxdrs.dll
2012-03-19 22:41 . 2009-08-19 18:00 54784 ----a-w- c:\windows\system32\lxdxcnv464.dll
2012-03-19 22:41 . 2009-08-19 18:00 77906 ----a-w- c:\windows\SysWow64\lxdxcfg.dll
2012-03-19 22:41 . 2009-08-19 18:00 69632 ----a-w- c:\windows\SysWow64\lxdxcnv4.dll
2012-03-19 22:41 . 2009-08-19 18:00 65536 ----a-w- c:\windows\system32\lxdxcfg64.dll
2012-03-19 22:39 . 2012-03-19 22:39 -------- d-----w- C:\logs
2012-03-19 22:36 . 2012-03-19 22:36 -------- d-----w- C:\lexmark
2012-03-14 07:05 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 07:05 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:05 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 04:01 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 04:01 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 04:01 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 04:01 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 04:01 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 04:01 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 04:00 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 04:00 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 04:00 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 04:00 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-11 17:14 . 2012-03-11 17:14 0 ----a-w- c:\windows\SysWow64\sho64D5.tmp
2012-03-11 16:53 . 2012-03-11 16:53 -------- d-----w- c:\program files\iPod
2012-03-11 16:53 . 2012-03-11 16:53 -------- d-----w- c:\program files\iTunes
2012-03-11 16:53 . 2012-03-11 16:53 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-03 02:36 . 2011-02-18 17:53 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-26 17:55 . 2012-02-26 17:55 0 ----a-w- c:\windows\SysWow64\sho2F79.tmp
2012-02-26 02:58 . 2011-09-11 12:11 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-06_22.10.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-07 11:25 . 2012-04-07 11:22 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040720120408\index.dat
+ 2012-04-06 11:48 . 2012-04-06 21:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040620120407\index.dat
- 2012-04-06 11:48 . 2012-04-06 11:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040620120407\index.dat
- 2012-03-29 09:54 . 2012-04-06 11:44 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-03-29 09:54 . 2012-04-07 11:22 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2009-07-14 05:10 . 2012-04-07 11:24 32440 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-03-08 00:12 . 2012-04-06 21:53 17596 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4079509864-593231484-137279154-1000_UserData.bin
+ 2011-03-08 00:12 . 2012-04-07 11:24 17596 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4079509864-593231484-137279154-1000_UserData.bin
+ 2012-02-26 17:58 . 2012-04-07 11:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
- 2012-02-26 17:58 . 2012-04-06 21:52 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
+ 2011-03-07 23:03 . 2012-04-07 11:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-07 23:03 . 2012-04-06 21:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-02-26 17:58 . 2012-04-06 21:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
+ 2012-02-26 17:58 . 2012-04-07 11:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
+ 2011-03-07 23:03 . 2012-04-07 11:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-03-07 23:03 . 2012-04-06 21:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-26 17:58 . 2012-04-07 11:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
- 2012-02-26 17:58 . 2012-04-06 21:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-07 11:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-06 21:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-08 00:03 . 2012-04-07 11:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-08 00:03 . 2012-04-06 21:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-29 09:50 . 2012-04-07 11:23 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-29 09:50 . 2012-04-06 21:52 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-29 09:50 . 2012-04-07 11:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2012-03-29 09:50 . 2012-04-06 21:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2012-03-29 09:50 . 2012-04-07 11:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2012-03-29 09:50 . 2012-04-06 21:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2011-03-08 00:03 . 2012-04-06 21:52 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-08 00:03 . 2012-04-07 11:23 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-03-08 00:03 . 2012-04-06 21:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-08 00:03 . 2012-04-07 11:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-03-08 00:47 . 2012-04-06 21:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-08 00:47 . 2012-04-07 11:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-08 00:47 . 2012-04-07 11:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-03-08 00:47 . 2012-04-06 21:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-06 00:09 . 2012-04-07 11:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-06 00:09 . 2012-04-06 21:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-06 00:09 . 2012-04-06 21:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-06 00:09 . 2012-04-07 11:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-15 07:26 . 2012-04-07 11:27 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-04-15 07:26 . 2012-04-06 21:57 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-04-07 11:27 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-06 21:57 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-07 23:41 . 2012-04-07 03:13 362620 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-04-06 21:56 640400 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-07 03:16 640400 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-06 21:56 112198 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-07 03:16 112198 c:\windows\system32\perfc009.dat
- 2009-07-14 04:54 . 2012-04-06 21:57 5570560 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-07 11:27 5570560 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-06 21:57 1097728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-07 11:27 1097728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-02-03 20:24 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-02-03 20:24 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-02-03 20:24 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Bob Jones\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
"HW_OPENEYE_OUC_"="c:\program files (x86)\Cricket Broadband EC1705\UpdateDog\ouc.exe" [2011-03-09 196608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"sfagent"="c:\program files (x86)\Fighters\SPAMfighter\sfagent.exe" [2010-11-16 821384]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" [2011-03-24 1304]
"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-02-03 1059472]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-08 559616]
.
c:\users\Bob Jones\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
StickyNotes.exe [2009-5-19 483328]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2009-12-22 225280]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 OlyUsbCam;OLYMPUS USB Camera;c:\windows\system32\DRIVERS\OlyUsbCam.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files (x86)\Fighters\SPAMfighter\sfus.exe service [x]
S2 Suite Service;Suite Service;c:\program files (x86)\Fighters\FighterSuiteService.exe [2010-11-16 1145992]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4079509864-593231484-137279154-1000Core.job
- c:\users\Bob Jones\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-07 23:56]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4079509864-593231484-137279154-1000UA.job
- c:\users\Bob Jones\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-07 23:56]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-02-03 20:18 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-02-03 20:18 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-02-03 20:18 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = g.msn.com/USCON/1
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: adp.com
Trusted Zone: adpcorp.com
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{0CE4C873-7E98-468F-988E-0D8459C0F61E}: NameServer = 10.133.20.11 10.132.20.11
TCP: Interfaces\{874EAB87-1252-46AB-8067-C7883711D19B}: NameServer = 10.133.20.11 10.132.20.11
TCP: Interfaces\{A3146EDD-7284-4647-8F82-EFAB9CC7F267}: NameServer = 10.133.20.11 10.132.20.11
TCP: Interfaces\{B38B24DA-233E-49AC-B4C4-4212DAA38564}: NameServer = 10.133.20.11 10.132.20.11
TCP: Interfaces\{CA0D7AB7-D4D2-42EA-BFFE-7C088762B930}: NameServer = 10.133.20.11 10.132.20.11
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-07 07:43:40
ComboFix-quarantined-files.txt 2012-04-07 11:43
ComboFix2.txt 2012-04-06 22:13
.
Pre-Run: 436,656,099,328 bytes free
Post-Run: 436,233,515,008 bytes free
.
- - End Of File - - A1E91C7CC67ECEF24363DE80D8E0BFF0

#12 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 07 April 2012 - 04:09 PM

How are things now?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#13 rjones315

rjones315

    New Member

  • Members
  • Pip
  • 15 posts

Posted 07 April 2012 - 09:56 PM

Still have the virus.

#14 rjones315

rjones315

    New Member

  • Members
  • Pip
  • 15 posts

Posted 07 April 2012 - 11:17 PM

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.06.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Bob Jones :: DELL-LAPTOP [administrator]

Protection: Disabled

4/7/2012 10:56:24 PM
mbam-log-2012-04-07 (23-00-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205482
Time elapsed: 3 minute(s), 56 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 1480 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)

#15 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 08 April 2012 - 02:16 AM

Please manually delete your TDSSKiller copy, download a new fresh one and re-run it. Post the log file in your next reply.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#16 rjones315

rjones315

    New Member

  • Members
  • Pip
  • 15 posts

Posted 08 April 2012 - 01:33 PM

14:06:57.0336 1456 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
14:06:57.0352 1456 ============================================================
14:06:57.0352 1456 Current date / time: 2012/04/08 14:06:57.0352
14:06:57.0352 1456 SystemInfo:
14:06:57.0352 1456
14:06:57.0352 1456 OS Version: 6.1.7601 ServicePack: 1.0
14:06:57.0352 1456 Product type: Workstation
14:06:57.0352 1456 ComputerName: DELL-LAPTOP
14:06:57.0352 1456 UserName: Bob Jones
14:06:57.0352 1456 Windows directory: C:\Windows
14:06:57.0352 1456 System windows directory: C:\Windows
14:06:57.0352 1456 Running under WOW64
14:06:57.0352 1456 Processor architecture: Intel x64
14:06:57.0352 1456 Number of processors: 4
14:06:57.0352 1456 Page size: 0x1000
14:06:57.0352 1456 Boot type: Safe boot
14:06:57.0352 1456 ============================================================
14:06:57.0757 1456 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:06:57.0773 1456 \Device\Harddisk0\DR0:
14:06:57.0773 1456 MBR used
14:06:57.0773 1456 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x1D4C000
14:06:57.0773 1456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7EFCD, BlocksNum 0x48AD8AE3
14:06:57.0804 1456 Initialize success
14:06:57.0804 1456 ============================================================
14:08:09.0439 1672 ============================================================
14:08:09.0439 1672 Scan started
14:08:09.0439 1672 Mode: Manual; SigCheck; TDLFS;
14:08:09.0439 1672 ============================================================
14:08:09.0892 1672 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:08:09.0985 1672 1394ohci - ok
14:08:10.0141 1672 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:08:10.0157 1672 ACPI - ok
14:08:10.0219 1672 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:08:10.0266 1672 AcpiPmi - ok
14:08:10.0360 1672 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:08:10.0375 1672 adp94xx - ok
14:08:10.0407 1672 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:08:10.0422 1672 adpahci - ok
14:08:10.0438 1672 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:08:10.0453 1672 adpu320 - ok
14:08:10.0500 1672 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:08:10.0625 1672 AeLookupSvc - ok
14:08:10.0703 1672 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
14:08:10.0719 1672 AERTFilters - ok
14:08:10.0828 1672 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:08:10.0859 1672 AFD - ok
14:08:10.0937 1672 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:08:10.0953 1672 agp440 - ok
14:08:11.0187 1672 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll
14:08:11.0187 1672 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
14:08:11.0187 1672 Akamai ( HiddenFile.Multi.Generic ) - warning
14:08:11.0187 1672 Akamai - detected HiddenFile.Multi.Generic (1)
14:08:11.0265 1672 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:08:11.0296 1672 ALG - ok
14:08:11.0374 1672 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:08:11.0389 1672 aliide - ok
14:08:11.0499 1672 Amazon Download Agent (ff6f0f6a2d72065ae4300426fa414693) C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
14:08:11.0530 1672 Amazon Download Agent ( UnsignedFile.Multi.Generic ) - warning
14:08:11.0530 1672 Amazon Download Agent - detected UnsignedFile.Multi.Generic (1)
14:08:11.0592 1672 AMD External Events Utility (3d90cf67db75823a8480e56bbcd2e028) C:\Windows\system32\atiesrxx.exe
14:08:11.0639 1672 AMD External Events Utility - ok
14:08:11.0701 1672 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:08:11.0717 1672 amdide - ok
14:08:11.0779 1672 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:08:11.0811 1672 AmdK8 - ok
14:08:11.0998 1672 amdkmdag (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atipmdag.sys
14:08:12.0201 1672 amdkmdag - ok
14:08:12.0294 1672 amdkmdap (414e0788920a8c856032be2cbf29f984) C:\Windows\system32\DRIVERS\atikmpag.sys
14:08:12.0325 1672 amdkmdap - ok
14:08:12.0372 1672 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:08:12.0403 1672 AmdPPM - ok
14:08:12.0481 1672 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:08:12.0481 1672 amdsata - ok
14:08:12.0528 1672 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:08:12.0528 1672 amdsbs - ok
14:08:12.0559 1672 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:08:12.0559 1672 amdxata - ok
14:08:12.0606 1672 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:08:12.0778 1672 AppID - ok
14:08:12.0840 1672 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:08:12.0903 1672 AppIDSvc - ok
14:08:12.0981 1672 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:08:13.0043 1672 Appinfo - ok
14:08:13.0199 1672 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:08:13.0215 1672 Apple Mobile Device - ok
14:08:13.0324 1672 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:08:13.0339 1672 arc - ok
14:08:13.0386 1672 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:08:13.0402 1672 arcsas - ok
14:08:13.0527 1672 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
14:08:13.0605 1672 aswFsBlk - ok
14:08:13.0714 1672 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
14:08:13.0714 1672 aswMonFlt - ok
14:08:13.0807 1672 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
14:08:13.0807 1672 aswRdr - ok
14:08:13.0979 1672 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
14:08:13.0995 1672 aswSnx - ok
14:08:14.0104 1672 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
14:08:14.0104 1672 aswSP - ok
14:08:14.0244 1672 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
14:08:14.0260 1672 aswTdi - ok
14:08:14.0338 1672 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:08:14.0385 1672 AsyncMac - ok
14:08:14.0463 1672 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:08:14.0478 1672 atapi - ok
14:08:14.0587 1672 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
14:08:14.0587 1672 AtiHdmiService - ok
14:08:14.0650 1672 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:08:14.0728 1672 AudioEndpointBuilder - ok
14:08:14.0775 1672 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:08:14.0821 1672 AudioSrv - ok
14:08:14.0931 1672 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:08:14.0946 1672 avast! Antivirus - ok
14:08:15.0055 1672 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:08:15.0118 1672 AxInstSV - ok
14:08:15.0227 1672 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:08:15.0383 1672 b06bdrv - ok
14:08:15.0477 1672 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:08:15.0523 1672 b57nd60a - ok
14:08:15.0617 1672 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys
14:08:15.0617 1672 BCM42RLY - ok
14:08:15.0726 1672 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
14:08:15.0835 1672 BCM43XX - ok
14:08:15.0913 1672 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys
14:08:15.0929 1672 BcmVWL - ok
14:08:15.0976 1672 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:08:15.0991 1672 BDESVC - ok
14:08:16.0054 1672 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:08:16.0116 1672 Beep - ok
14:08:16.0225 1672 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:08:16.0288 1672 BFE - ok
14:08:16.0350 1672 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
14:08:16.0444 1672 BITS - ok
14:08:16.0553 1672 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:08:16.0584 1672 blbdrive - ok
14:08:16.0693 1672 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:08:16.0709 1672 Bonjour Service - ok
14:08:16.0803 1672 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:08:16.0803 1672 bowser - ok
14:08:16.0865 1672 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:08:16.0896 1672 BrFiltLo - ok
14:08:16.0927 1672 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:08:16.0943 1672 BrFiltUp - ok
14:08:17.0052 1672 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:08:17.0115 1672 BridgeMP - ok
14:08:17.0177 1672 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:08:17.0239 1672 Browser - ok
14:08:17.0317 1672 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:08:17.0349 1672 Brserid - ok
14:08:17.0380 1672 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:08:17.0411 1672 BrSerWdm - ok
14:08:17.0489 1672 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:08:17.0520 1672 BrUsbMdm - ok
14:08:17.0567 1672 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:08:17.0583 1672 BrUsbSer - ok
14:08:17.0692 1672 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
14:08:17.0723 1672 BthEnum - ok
14:08:17.0785 1672 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:08:17.0817 1672 BTHMODEM - ok
14:08:17.0863 1672 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
14:08:17.0879 1672 BthPan - ok
14:08:18.0004 1672 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
14:08:18.0035 1672 BTHPORT - ok
14:08:18.0113 1672 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:08:18.0160 1672 bthserv - ok
14:08:18.0207 1672 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
14:08:18.0238 1672 BTHUSB - ok
14:08:18.0269 1672 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys
14:08:18.0285 1672 btusbflt - ok
14:08:18.0347 1672 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
14:08:18.0363 1672 btwaudio - ok
14:08:18.0378 1672 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys
14:08:18.0394 1672 btwavdt - ok
14:08:18.0456 1672 btwdins (10ffb5fa51d5713d872b41a59dfc2213) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
14:08:18.0487 1672 btwdins - ok
14:08:18.0565 1672 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
14:08:18.0565 1672 btwl2cap - ok
14:08:18.0612 1672 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
14:08:18.0628 1672 btwrchid - ok
14:08:18.0799 1672 CarboniteService (39dbdd8e86caf1cd03c00d5c931fd3fa) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
14:08:18.0971 1672 CarboniteService - ok
14:08:19.0111 1672 catchme - ok
14:08:19.0189 1672 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:08:19.0236 1672 cdfs - ok
14:08:19.0314 1672 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:08:19.0345 1672 cdrom - ok
14:08:19.0455 1672 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:08:19.0517 1672 CertPropSvc - ok
14:08:19.0595 1672 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:08:19.0626 1672 circlass - ok
14:08:19.0689 1672 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:08:19.0704 1672 CLFS - ok
14:08:19.0767 1672 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:08:19.0782 1672 clr_optimization_v2.0.50727_32 - ok
14:08:19.0829 1672 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:08:19.0845 1672 clr_optimization_v2.0.50727_64 - ok
14:08:19.0923 1672 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:08:19.0985 1672 clr_optimization_v4.0.30319_32 - ok
14:08:20.0079 1672 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:08:20.0094 1672 clr_optimization_v4.0.30319_64 - ok
14:08:20.0157 1672 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:08:20.0188 1672 CmBatt - ok
14:08:20.0250 1672 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:08:20.0250 1672 cmdide - ok
14:08:20.0313 1672 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:08:20.0344 1672 CNG - ok
14:08:20.0437 1672 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:08:20.0437 1672 Compbatt - ok
14:08:20.0500 1672 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:08:20.0531 1672 CompositeBus - ok
14:08:20.0578 1672 COMSysApp - ok
14:08:20.0609 1672 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:08:20.0625 1672 crcdisk - ok
14:08:20.0687 1672 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:08:20.0734 1672 CryptSvc - ok
14:08:20.0827 1672 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
14:08:20.0859 1672 CtClsFlt - ok
14:08:20.0952 1672 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
14:08:20.0983 1672 cvhsvc - ok
14:08:21.0077 1672 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:08:21.0139 1672 DcomLaunch - ok
14:08:21.0233 1672 DCService.exe (00eaf3956092a8008608ca6e2c5d649d) C:\ProgramData\DatacardService\DCService.exe
14:08:21.0264 1672 DCService.exe ( UnsignedFile.Multi.Generic ) - warning
14:08:21.0264 1672 DCService.exe - detected UnsignedFile.Multi.Generic (1)
14:08:21.0358 1672 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:08:21.0420 1672 defragsvc - ok
14:08:21.0483 1672 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:08:21.0529 1672 DfsC - ok
14:08:21.0607 1672 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:08:21.0654 1672 Dhcp - ok
14:08:21.0701 1672 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:08:21.0732 1672 discache - ok
14:08:21.0763 1672 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:08:21.0763 1672 Disk - ok
14:08:21.0795 1672 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:08:21.0826 1672 Dnscache - ok
14:08:21.0888 1672 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
14:08:21.0904 1672 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
14:08:21.0904 1672 DockLoginService - detected UnsignedFile.Multi.Generic (1)
14:08:22.0013 1672 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:08:22.0060 1672 dot3svc - ok
14:08:22.0107 1672 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:08:22.0169 1672 DPS - ok
14:08:22.0231 1672 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:08:22.0263 1672 drmkaud - ok
14:08:22.0372 1672 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:08:22.0403 1672 DXGKrnl - ok
14:08:22.0465 1672 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:08:22.0512 1672 EapHost - ok
14:08:22.0606 1672 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:08:22.0715 1672 ebdrv - ok
14:08:22.0762 1672 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:08:22.0777 1672 EFS - ok
14:08:22.0902 1672 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:08:22.0933 1672 ehRecvr - ok
14:08:22.0980 1672 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:08:22.0996 1672 ehSched - ok
14:08:23.0058 1672 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:08:23.0074 1672 elxstor - ok
14:08:23.0121 1672 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:08:23.0152 1672 ErrDev - ok
14:08:23.0245 1672 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:08:23.0308 1672 EventSystem - ok
14:08:23.0386 1672 ewusbnet (da7cef9ffbbd6498df106bcab84eb10a) C:\Windows\system32\DRIVERS\ewusbnet.sys
14:08:23.0417 1672 ewusbnet - ok
14:08:23.0542 1672 ew_hwusbdev (e2cbb821c7cae0ef8b56de28ed85c740) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
14:08:23.0573 1672 ew_hwusbdev - ok
14:08:23.0667 1672 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:08:23.0698 1672 exfat - ok
14:08:23.0729 1672 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:08:23.0791 1672 fastfat - ok
14:08:23.0854 1672 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:08:23.0901 1672 Fax - ok
14:08:23.0979 1672 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:08:24.0010 1672 fdc - ok
14:08:24.0041 1672 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:08:24.0088 1672 fdPHost - ok
14:08:24.0103 1672 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:08:24.0166 1672 FDResPub - ok
14:08:24.0213 1672 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:08:24.0213 1672 FileInfo - ok
14:08:24.0228 1672 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:08:24.0291 1672 Filetrace - ok
14:08:24.0337 1672 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:08:24.0337 1672 flpydisk - ok
14:08:24.0384 1672 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:08:24.0400 1672 FltMgr - ok
14:08:24.0478 1672 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:08:24.0540 1672 FontCache - ok
14:08:24.0696 1672 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:08:24.0712 1672 FontCache3.0.0.0 - ok
14:08:24.0759 1672 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:08:24.0774 1672 FsDepends - ok
14:08:24.0805 1672 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:08:24.0821 1672 Fs_Rec - ok
14:08:24.0883 1672 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:08:24.0899 1672 fvevol - ok
14:08:24.0930 1672 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:08:24.0946 1672 gagp30kx - ok
14:08:25.0024 1672 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
14:08:25.0039 1672 GameConsoleService - ok
14:08:25.0117 1672 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:08:25.0117 1672 GEARAspiWDM - ok
14:08:25.0164 1672 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
14:08:25.0180 1672 GoToAssist - ok
14:08:25.0242 1672 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:08:25.0320 1672 gpsvc - ok
14:08:25.0351 1672 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:08:25.0383 1672 hcw85cir - ok
14:08:25.0445 1672 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:08:25.0476 1672 HDAudBus - ok
14:08:25.0539 1672 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
14:08:25.0554 1672 HECIx64 - ok
14:08:25.0601 1672 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:08:25.0632 1672 HidBatt - ok
14:08:25.0679 1672 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:08:25.0695 1672 HidBth - ok
14:08:25.0741 1672 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:08:25.0788 1672 HidIr - ok
14:08:25.0819 1672 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:08:25.0882 1672 hidserv - ok
14:08:25.0991 1672 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:08:25.0991 1672 HidUsb - ok
14:08:26.0053 1672 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:08:26.0116 1672 hkmsvc - ok
14:08:26.0163 1672 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:08:26.0194 1672 HomeGroupListener - ok
14:08:26.0225 1672 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:08:26.0256 1672 HomeGroupProvider - ok
14:08:26.0303 1672 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:08:26.0319 1672 HpSAMD - ok
14:08:26.0365 1672 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:08:26.0412 1672 HTTP - ok
14:08:26.0459 1672 huawei_enumerator (6dbd08bc1331c78548298e82c4b667c5) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
14:08:26.0490 1672 huawei_enumerator - ok
14:08:26.0599 1672 hwdatacard (6e5cd3984742a922d0c183c7e82c3c94) C:\Windows\system32\DRIVERS\ewusbmdm.sys
14:08:26.0631 1672 hwdatacard - ok
14:08:26.0677 1672 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:08:26.0693 1672 hwpolicy - ok
14:08:26.0818 1672 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:08:26.0833 1672 i8042prt - ok
14:08:26.0911 1672 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
14:08:26.0911 1672 iaStor - ok
14:08:26.0974 1672 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:08:26.0989 1672 iaStorV - ok
14:08:27.0067 1672 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:08:27.0099 1672 idsvc - ok
14:08:27.0161 1672 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:08:27.0177 1672 iirsp - ok
14:08:27.0239 1672 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:08:27.0317 1672 IKEEXT - ok
14:08:27.0411 1672 IntcAzAudAddService (6e4ccb3aff07e2b9f2a937385c84b573) C:\Windows\system32\drivers\RTKVHD64.sys
14:08:27.0473 1672 IntcAzAudAddService - ok
14:08:27.0504 1672 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:08:27.0520 1672 intelide - ok
14:08:27.0598 1672 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:08:27.0629 1672 intelppm - ok
14:08:27.0676 1672 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:08:27.0738 1672 IPBusEnum - ok
14:08:27.0801 1672 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:08:27.0847 1672 IpFilterDriver - ok
14:08:27.0894 1672 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:08:27.0957 1672 iphlpsvc - ok
14:08:28.0003 1672 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:08:28.0035 1672 IPMIDRV - ok
14:08:28.0113 1672 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:08:28.0159 1672 IPNAT - ok
14:08:28.0253 1672 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
14:08:28.0300 1672 iPod Service - ok
14:08:28.0378 1672 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:08:28.0393 1672 IRENUM - ok
14:08:28.0471 1672 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:08:28.0487 1672 isapnp - ok
14:08:28.0534 1672 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:08:28.0549 1672 iScsiPrt - ok
14:08:28.0612 1672 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:08:28.0612 1672 kbdclass - ok
14:08:28.0674 1672 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:08:28.0705 1672 kbdhid - ok
14:08:28.0768 1672 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:08:28.0783 1672 KeyIso - ok
14:08:28.0815 1672 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:08:28.0830 1672 KSecDD - ok
14:08:28.0877 1672 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:08:28.0877 1672 KSecPkg - ok
14:08:28.0924 1672 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:08:28.0971 1672 ksthunk - ok
14:08:29.0002 1672 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:08:29.0064 1672 KtmRm - ok
14:08:29.0142 1672 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys
14:08:29.0158 1672 L1C - ok
14:08:29.0236 1672 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:08:29.0283 1672 LanmanServer - ok
14:08:29.0329 1672 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:08:29.0376 1672 LanmanWorkstation - ok
14:08:29.0470 1672 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:08:29.0532 1672 lltdio - ok
14:08:29.0610 1672 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:08:29.0657 1672 lltdsvc - ok
14:08:29.0673 1672 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:08:29.0719 1672 lmhosts - ok
14:08:29.0797 1672 LMS (23d990150d56b670a62b21b9abdd45ee) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:08:29.0797 1672 LMS - ok
14:08:29.0891 1672 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:08:29.0907 1672 LSI_FC - ok
14:08:29.0953 1672 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:08:29.0953 1672 LSI_SAS - ok
14:08:29.0985 1672 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:08:30.0000 1672 LSI_SAS2 - ok
14:08:30.0047 1672 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:08:30.0063 1672 LSI_SCSI - ok
14:08:30.0094 1672 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:08:30.0156 1672 luafv - ok
14:08:30.0265 1672 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
14:08:30.0281 1672 MBAMProtector - ok
14:08:30.0343 1672 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:08:30.0390 1672 MBAMService - ok
14:08:30.0468 1672 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:08:30.0499 1672 Mcx2Svc - ok
14:08:30.0593 1672 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
14:08:30.0593 1672 MDM - ok
14:08:30.0687 1672 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:08:30.0687 1672 megasas - ok
14:08:30.0733 1672 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:08:30.0749 1672 MegaSR - ok
14:08:30.0796 1672 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:08:30.0843 1672 MMCSS - ok
14:08:30.0905 1672 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:08:30.0967 1672 Modem - ok
14:08:30.0999 1672 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:08:31.0030 1672 monitor - ok
14:08:31.0108 1672 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:08:31.0108 1672 mouclass - ok
14:08:31.0186 1672 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:08:31.0217 1672 mouhid - ok
14:08:31.0279 1672 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:08:31.0295 1672 mountmgr - ok
14:08:31.0326 1672 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:08:31.0342 1672 mpio - ok
14:08:31.0357 1672 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:08:31.0420 1672 mpsdrv - ok
14:08:31.0482 1672 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:08:31.0560 1672 MpsSvc - ok
14:08:31.0654 1672 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:08:31.0701 1672 MRxDAV - ok
14:08:31.0779 1672 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:08:31.0794 1672 mrxsmb - ok
14:08:31.0872 1672 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:08:31.0872 1672 mrxsmb10 - ok
14:08:31.0903 1672 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:08:31.0919 1672 mrxsmb20 - ok
14:08:31.0966 1672 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:08:31.0981 1672 msahci - ok
14:08:32.0028 1672 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:08:32.0044 1672 msdsm - ok
14:08:32.0106 1672 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:08:32.0137 1672 MSDTC - ok
14:08:32.0215 1672 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:08:32.0247 1672 Msfs - ok
14:08:32.0278 1672 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:08:32.0325 1672 mshidkmdf - ok
14:08:32.0371 1672 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:08:32.0371 1672 msisadrv - ok
14:08:32.0418 1672 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:08:32.0465 1672 MSiSCSI - ok
14:08:32.0481 1672 msiserver - ok
14:08:32.0527 1672 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:08:32.0574 1672 MSKSSRV - ok
14:08:32.0605 1672 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:08:32.0668 1672 MSPCLOCK - ok
14:08:32.0715 1672 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:08:32.0777 1672 MSPQM - ok
14:08:32.0839 1672 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:08:32.0855 1672 MsRPC - ok
14:08:32.0917 1672 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:08:32.0933 1672 mssmbios - ok
14:08:32.0980 1672 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:08:33.0027 1672 MSTEE - ok
14:08:33.0058 1672 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:08:33.0089 1672 MTConfig - ok
14:08:33.0120 1672 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:08:33.0136 1672 Mup - ok
14:08:33.0183 1672 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:08:33.0229 1672 napagent - ok
14:08:33.0339 1672 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:08:33.0385 1672 NativeWifiP - ok
14:08:33.0479 1672 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:08:33.0526 1672 NDIS - ok
14:08:33.0557 1672 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:08:33.0604 1672 NdisCap - ok
14:08:33.0635 1672 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:08:33.0666 1672 NdisTapi - ok
14:08:33.0713 1672 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:08:33.0775 1672 Ndisuio - ok
14:08:33.0807 1672 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:08:33.0869 1672 NdisWan - ok
14:08:33.0947 1672 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:08:33.0994 1672 NDProxy - ok
14:08:34.0056 1672 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:08:34.0119 1672 NetBIOS - ok
14:08:34.0181 1672 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:08:34.0228 1672 NetBT - ok
14:08:34.0321 1672 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:08:34.0321 1672 Netlogon - ok
14:08:34.0368 1672 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:08:34.0431 1672 Netman - ok
14:08:34.0509 1672 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:08:34.0555 1672 netprofm - ok
14:08:34.0618 1672 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:08:34.0633 1672 NetTcpPortSharing - ok
14:08:34.0711 1672 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:08:34.0711 1672 nfrd960 - ok
14:08:34.0774 1672 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:08:34.0836 1672 NlaSvc - ok
14:08:34.0867 1672 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:08:34.0914 1672 Npfs - ok
14:08:34.0930 1672 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:08:34.0992 1672 nsi - ok
14:08:35.0039 1672 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:08:35.0070 1672 nsiproxy - ok
14:08:35.0148 1672 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:08:35.0195 1672 Ntfs - ok
14:08:35.0257 1672 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:08:35.0304 1672 Null - ok
14:08:35.0335 1672 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:08:35.0351 1672 nvraid - ok
14:08:35.0382 1672 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:08:35.0398 1672 nvstor - ok
14:08:35.0429 1672 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:08:35.0445 1672 nv_agp - ok
14:08:35.0476 1672 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:08:35.0491 1672 ohci1394 - ok
14:08:35.0569 1672 OlyUsbCam (ed74264b8b3ba640ce97130862732b4e) C:\Windows\system32\DRIVERS\OlyUsbCam.sys
14:08:35.0585 1672 OlyUsbCam - ok
14:08:35.0647 1672 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:08:35.0647 1672 ose - ok
14:08:35.0788 1672 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:08:35.0944 1672 osppsvc - ok
14:08:36.0037 1672 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:08:36.0069 1672 p2pimsvc - ok
14:08:36.0100 1672 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:08:36.0115 1672 p2psvc - ok
14:08:36.0162 1672 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:08:36.0178 1672 Parport - ok
14:08:36.0225 1672 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:08:36.0225 1672 partmgr - ok
14:08:36.0271 1672 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:08:36.0303 1672 PcaSvc - ok
14:08:36.0349 1672 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:08:36.0349 1672 pci - ok
14:08:36.0365 1672 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:08:36.0381 1672 pciide - ok
14:08:36.0412 1672 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:08:36.0427 1672 pcmcia - ok
14:08:36.0459 1672 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:08:36.0474 1672 pcw - ok
14:08:36.0490 1672 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:08:36.0552 1672 PEAUTH - ok
14:08:36.0615 1672 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:08:36.0693 1672 PerfHost - ok
14:08:36.0895 1672 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\ComboFix\pev.3XE
14:08:36.0927 1672 PEVSystemStart ( UnsignedFile.Multi.Generic ) - warning
14:08:36.0927 1672 PEVSystemStart - detected UnsignedFile.Multi.Generic (1)
14:08:37.0020 1672 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:08:37.0114 1672 pla - ok
14:08:37.0161 1672 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:08:37.0192 1672 PlugPlay - ok
14:08:37.0239 1672 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:08:37.0239 1672 PNRPAutoReg - ok
14:08:37.0270 1672 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:08:37.0285 1672 PNRPsvc - ok
14:08:37.0317 1672 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:08:37.0379 1672 PolicyAgent - ok
14:08:37.0426 1672 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:08:37.0473 1672 Power - ok
14:08:37.0535 1672 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:08:37.0597 1672 PptpMiniport - ok
14:08:37.0629 1672 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:08:37.0660 1672 Processor - ok
14:08:37.0691 1672 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:08:37.0753 1672 ProfSvc - ok
14:08:37.0785 1672 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:08:37.0800 1672 ProtectedStorage - ok
14:08:37.0863 1672 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:08:37.0909 1672 Psched - ok
14:08:37.0987 1672 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
14:08:38.0003 1672 PxHlpa64 - ok
14:08:38.0065 1672 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:08:38.0112 1672 ql2300 - ok
14:08:38.0159 1672 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:08:38.0175 1672 ql40xx - ok
14:08:38.0221 1672 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:08:38.0237 1672 QWAVE - ok
14:08:38.0268 1672 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:08:38.0299 1672 QWAVEdrv - ok
14:08:38.0331 1672 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:08:38.0393 1672 RasAcd - ok
14:08:38.0409 1672 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:08:38.0455 1672 RasAgileVpn - ok
14:08:38.0487 1672 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:08:38.0533 1672 RasAuto - ok
14:08:38.0627 1672 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:08:38.0689 1672 Rasl2tp - ok
14:08:38.0783 1672 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:08:38.0814 1672 RasMan - ok
14:08:38.0845 1672 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:08:38.0908 1672 RasPppoe - ok
14:08:38.0923 1672 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:08:38.0986 1672 RasSstp - ok
14:08:39.0189 1672 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:08:39.0251 1672 rdbss - ok
14:08:39.0438 1672 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:08:39.0469 1672 rdpbus - ok
14:08:39.0594 1672 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:08:39.0657 1672 RDPCDD - ok
14:08:39.0813 1672 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:08:39.0844 1672 RDPENCDD - ok
14:08:39.0969 1672 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:08:40.0015 1672 RDPREFMP - ok
14:08:40.0062 1672 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:08:40.0093 1672 RDPWD - ok
14:08:40.0156 1672 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:08:40.0156 1672 rdyboost - ok
14:08:40.0203 1672 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:08:40.0265 1672 RemoteAccess - ok
14:08:40.0296 1672 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:08:40.0343 1672 RemoteRegistry - ok
14:08:40.0421 1672 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
14:08:40.0452 1672 RFCOMM - ok
14:08:40.0483 1672 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:08:40.0530 1672 RpcEptMapper - ok
14:08:40.0577 1672 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:08:40.0608 1672 RpcLocator - ok
14:08:40.0639 1672 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:08:40.0686 1672 RpcSs - ok
14:08:40.0733 1672 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:08:40.0780 1672 rspndr - ok
14:08:40.0811 1672 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys
14:08:40.0827 1672 RSUSBSTOR - ok
14:08:40.0858 1672 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:08:40.0858 1672 SamSs - ok
14:08:40.0920 1672 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:08:40.0920 1672 sbp2port - ok
14:08:40.0967 1672 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:08:41.0029 1672 SCardSvr - ok
14:08:41.0076 1672 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:08:41.0139 1672 scfilter - ok
14:08:41.0217 1672 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:08:41.0295 1672 Schedule - ok
14:08:41.0341 1672 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:08:41.0373 1672 SCPolicySvc - ok
14:08:41.0419 1672 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:08:41.0435 1672 SDRSVC - ok
14:08:41.0497 1672 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
14:08:41.0513 1672 SeaPort - ok
14:08:41.0591 1672 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:08:41.0622 1672 secdrv - ok
14:08:41.0669 1672 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:08:41.0700 1672 seclogon - ok
14:08:41.0763 1672 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
14:08:41.0809 1672 SENS - ok
14:08:41.0887 1672 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:08:41.0919 1672 SensrSvc - ok
14:08:41.0981 1672 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:08:42.0012 1672 Serenum - ok
14:08:42.0043 1672 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:08:42.0059 1672 Serial - ok
14:08:42.0121 1672 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:08:42.0121 1672 sermouse - ok
14:08:42.0199 1672 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:08:42.0262 1672 SessionEnv - ok
14:08:42.0324 1672 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:08:42.0355 1672 sffdisk - ok
14:08:42.0402 1672 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:08:42.0433 1672 sffp_mmc - ok
14:08:42.0465 1672 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:08:42.0496 1672 sffp_sd - ok
14:08:42.0574 1672 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:08:42.0589 1672 sfloppy - ok
14:08:42.0667 1672 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
14:08:42.0683 1672 Sftfs - ok
14:08:42.0745 1672 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
14:08:42.0761 1672 sftlist - ok
14:08:42.0792 1672 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
14:08:42.0808 1672 Sftplay - ok
14:08:42.0855 1672 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
14:08:42.0855 1672 Sftredir - ok
14:08:42.0933 1672 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
14:08:42.0995 1672 SftService - ok
14:08:43.0073 1672 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
14:08:43.0089 1672 Sftvol - ok
14:08:43.0135 1672 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
14:08:43.0151 1672 sftvsa - ok
14:08:43.0213 1672 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:08:43.0245 1672 SharedAccess - ok
14:08:43.0291 1672 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:08:43.0354 1672 ShellHWDetection - ok
14:08:43.0385 1672 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:08:43.0401 1672 SiSRaid2 - ok
14:08:43.0416 1672 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:08:43.0432 1672 SiSRaid4 - ok
14:08:43.0463 1672 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:08:43.0494 1672 Smb - ok
14:08:43.0541 1672 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:08:43.0572 1672 SNMPTRAP - ok
14:08:43.0650 1672 SPAMfighter Update Service (ed9f035593588b6fec21478c6b9e0452) C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe
14:08:43.0650 1672 SPAMfighter Update Service - ok
14:08:43.0728 1672 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:08:43.0744 1672 spldr - ok
14:08:43.0806 1672 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:08:43.0853 1672 Spooler - ok
14:08:43.0978 1672 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:08:44.0103 1672 sppsvc - ok
14:08:44.0134 1672 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:08:44.0196 1672 sppuinotify - ok
14:08:44.0259 1672 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
14:08:44.0274 1672 sprtsvc_DellSupportCenter - ok
14:08:44.0352 1672 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:08:44.0399 1672 srv - ok
14:08:44.0461 1672 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:08:44.0477 1672 srv2 - ok
14:08:44.0508 1672 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:08:44.0539 1672 srvnet - ok
14:08:44.0617 1672 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:08:44.0664 1672 SSDPSRV - ok
14:08:44.0711 1672 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:08:44.0742 1672 SstpSvc - ok
14:08:44.0773 1672 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:08:44.0789 1672 stexstor - ok
14:08:44.0836 1672 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:08:44.0883 1672 stisvc - ok
14:08:44.0976 1672 Suite Service (e567825c5f3934e13c8d755611954a7e) C:\Program Files (x86)\Fighters\FighterSuiteService.exe
14:08:45.0023 1672 Suite Service - ok
14:08:45.0117 1672 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:08:45.0117 1672 swenum - ok
14:08:45.0226 1672 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:08:45.0241 1672 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
14:08:45.0241 1672 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
14:08:45.0335 1672 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:08:45.0397 1672 swprv - ok
14:08:45.0444 1672 SynTP (c25866bdf0e818e02bb8e76845d26e54) C:\Windows\system32\DRIVERS\SynTP.sys
14:08:45.0460 1672 SynTP - ok
14:08:45.0522 1672 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:08:45.0600 1672 SysMain - ok
14:08:45.0647 1672 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:08:45.0663 1672 TabletInputService - ok
14:08:45.0709 1672 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:08:45.0756 1672 TapiSrv - ok
14:08:45.0787 1672 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:08:45.0819 1672 TBS - ok
14:08:45.0897 1672 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:08:45.0959 1672 Tcpip - ok
14:08:46.0053 1672 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:08:46.0099 1672 TCPIP6 - ok
14:08:46.0146 1672 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:08:46.0193 1672 tcpipreg - ok
14:08:46.0224 1672 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:08:46.0255 1672 TDPIPE - ok
14:08:46.0302 1672 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:08:46.0302 1672 TDTCP - ok
14:08:46.0365 1672 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:08:46.0396 1672 tdx - ok
14:08:46.0427 1672 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:08:46.0427 1672 TermDD - ok
14:08:46.0474 1672 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:08:46.0536 1672 TermService - ok
14:08:46.0567 1672 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:08:46.0599 1672 Themes - ok
14:08:46.0630 1672 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:08:46.0661 1672 THREADORDER - ok
14:08:46.0692 1672 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:08:46.0739 1672 TrkWks - ok
14:08:46.0801 1672 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:08:46.0848 1672 TrustedInstaller - ok
14:08:46.0911 1672 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:08:46.0973 1672 tssecsrv - ok
14:08:47.0051 1672 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:08:47.0051 1672 TsUsbFlt - ok
14:08:47.0113 1672 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:08:47.0160 1672 tunnel - ok
14:08:47.0207 1672 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:08:47.0207 1672 uagp35 - ok
14:08:47.0269 1672 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:08:47.0316 1672 udfs - ok
14:08:47.0347 1672 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:08:47.0363 1672 UI0Detect - ok
14:08:47.0410 1672 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:08:47.0425 1672 uliagpkx - ok
14:08:47.0457 1672 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:08:47.0488 1672 umbus - ok
14:08:47.0566 1672 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:08:47.0581 1672 UmPass - ok
14:08:47.0691 1672 UNS (cbdee152d73200ee49031a26310b9d3e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:08:47.0784 1672 UNS - ok
14:08:47.0862 1672 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:08:47.0925 1672 upnphost - ok
14:08:48.0018 1672 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
14:08:48.0049 1672 usbaudio - ok
14:08:48.0096 1672 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:08:48.0127 1672 usbccgp - ok
14:08:48.0237 1672 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:08:48.0252 1672 usbcir - ok
14:08:48.0283 1672 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:08:48.0315 1672 usbehci - ok
14:08:48.0361 1672 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:08:48.0393 1672 usbhub - ok
14:08:48.0424 1672 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:08:48.0439 1672 usbohci - ok
14:08:48.0471 1672 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:08:48.0502 1672 usbprint - ok
14:08:48.0533 1672 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:08:48.0564 1672 usbscan - ok
14:08:48.0611 1672 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:08:48.0627 1672 USBSTOR - ok
14:08:48.0673 1672 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:08:48.0705 1672 usbuhci - ok
14:08:48.0783 1672 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
14:08:48.0798 1672 usbvideo - ok
14:08:48.0845 1672 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:08:48.0892 1672 UxSms - ok
14:08:48.0939 1672 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:08:48.0954 1672 VaultSvc - ok
14:08:49.0017 1672 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:08:49.0017 1672 vdrvroot - ok
14:08:49.0095 1672 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:08:49.0157 1672 vds - ok
14:08:49.0219 1672 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:08:49.0235 1672 vga - ok
14:08:49.0251 1672 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:08:49.0313 1672 VgaSave - ok
14:08:49.0344 1672 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:08:49.0360 1672 vhdmp - ok
14:08:49.0391 1672 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:08:49.0391 1672 viaide - ok
14:08:49.0422 1672 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:08:49.0422 1672 volmgr - ok
14:08:49.0469 1672 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:08:49.0485 1672 volmgrx - ok
14:08:49.0531 1672 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:08:49.0547 1672 volsnap - ok
14:08:49.0578 1672 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:08:49.0594 1672 vsmraid - ok
14:08:49.0656 1672 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:08:49.0750 1672 VSS - ok
14:08:49.0797 1672 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:08:49.0828 1672 vwifibus - ok
14:08:49.0906 1672 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:08:49.0921 1672 vwififlt - ok
14:08:49.0984 1672 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:08:50.0015 1672 W32Time - ok
14:08:50.0077 1672 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:08:50.0093 1672 WacomPen - ok
14:08:50.0140 1672 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:08:50.0187 1672 WANARP - ok
14:08:50.0218 1672 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:08:50.0249 1672 Wanarpv6 - ok
14:08:50.0358 1672 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:08:50.0405 1672 WatAdminSvc - ok
14:08:50.0499 1672 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:08:50.0561 1672 wbengine - ok
14:08:50.0623 1672 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:08:50.0639 1672 WbioSrvc - ok
14:08:50.0701 1672 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:08:50.0717 1672 wcncsvc - ok
14:08:50.0748 1672 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:08:50.0764 1672 WcsPlugInService - ok
14:08:50.0811 1672 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:08:50.0826 1672 Wd - ok
14:08:50.0857 1672 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:08:50.0889 1672 Wdf01000 - ok
14:08:50.0920 1672 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:08:51.0013 1672 WdiServiceHost - ok
14:08:51.0013 1672 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:08:51.0029 1672 WdiSystemHost - ok
14:08:51.0138 1672 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:08:51.0185 1672 WebClient - ok
14:08:51.0232 1672 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:08:51.0279 1672 Wecsvc - ok
14:08:51.0310 1672 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:08:51.0357 1672 wercplsupport - ok
14:08:51.0435 1672 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:08:51.0481 1672 WerSvc - ok
14:08:51.0544 1672 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:08:51.0575 1672 WfpLwf - ok
14:08:51.0669 1672 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
14:08:51.0669 1672 WimFltr - ok
14:08:51.0700 1672 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:08:51.0715 1672 WIMMount - ok
14:08:51.0731 1672 WinDefend - ok
14:08:51.0747 1672 WinHttpAutoProxySvc - ok
14:08:51.0793 1672 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:08:51.0840 1672 Winmgmt - ok
14:08:51.0965 1672 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:08:52.0074 1672 WinRM - ok
14:08:52.0183 1672 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:08:52.0199 1672 WinUsb - ok
14:08:52.0261 1672 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:08:52.0308 1672 Wlansvc - ok
14:08:52.0417 1672 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:08:52.0495 1672 wlidsvc - ok
14:08:52.0542 1672 wltrysvc (de816a0624d54d68e1fb8a9028dcf81a) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
14:08:52.0558 1672 wltrysvc ( UnsignedFile.Multi.Generic ) - warning
14:08:52.0558 1672 wltrysvc - detected UnsignedFile.Multi.Generic (1)
14:08:52.0667 1672 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:08:52.0698 1672 WmiAcpi - ok
14:08:52.0761 1672 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:08:52.0792 1672 wmiApSrv - ok
14:08:52.0839 1672 WMPNetworkSvc - ok
14:08:52.0885 1672 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:08:52.0901 1672 WPCSvc - ok
14:08:52.0932 1672 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:08:52.0948 1672 WPDBusEnum - ok
14:08:52.0995 1672 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:08:53.0057 1672 ws2ifsl - ok
14:08:53.0088 1672 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:08:53.0119 1672 wscsvc - ok
14:08:53.0166 1672 WSearch - ok
14:08:53.0275 1672 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:08:53.0385 1672 wuauserv - ok
14:08:53.0463 1672 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:08:53.0525 1672 WudfPf - ok
14:08:53.0650 1672 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:08:53.0681 1672 WUDFRd - ok
14:08:53.0712 1672 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:08:53.0759 1672 wudfsvc - ok
14:08:53.0775 1672 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:08:53.0806 1672 WwanSvc - ok
14:08:53.0884 1672 MBR (0x1B8) (e9f67288208d53ef770f82e186904857) \Device\Harddisk0\DR0
14:08:53.0931 1672 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
14:08:53.0931 1672 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
14:08:53.0977 1672 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:08:53.0977 1672 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:08:54.0009 1672 Boot (0x1200) (968d613a98673a9b1e5aff3358e72170) \Device\Harddisk0\DR0\Partition0
14:08:54.0009 1672 \Device\Harddisk0\DR0\Partition0 - ok
14:08:54.0024 1672 Boot (0x1200) (ec7a06e888a1b22ccdee0d0b2ee5ec30) \Device\Harddisk0\DR0\Partition1
14:08:54.0024 1672 \Device\Harddisk0\DR0\Partition1 - ok
14:08:54.0024 1672 ============================================================
14:08:54.0024 1672 Scan finished
14:08:54.0024 1672 ============================================================
14:08:54.0024 1664 Detected object count: 9
14:08:54.0024 1664 Actual detected object count: 9
14:09:28.0999 1664 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
14:09:28.0999 1664 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
14:09:28.0999 1664 Amazon Download Agent ( UnsignedFile.Multi.Generic ) - skipped by user
14:09:28.0999 1664 Amazon Download Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:09:29.0015 1664 DCService.exe ( UnsignedFile.Multi.Generic ) - skipped by user
14:09:29.0015 1664 DCService.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:09:29.0031 1664 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
14:09:29.0031 1664 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:09:29.0046 1664 PEVSystemStart ( UnsignedFile.Multi.Generic ) - skipped by user
14:09:29.0046 1664 PEVSystemStart ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:09:29.0062 1664 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
14:09:29.0062 1664 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:09:29.0077 1664 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:09:29.0077 1664 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:09:29.0249 1664 \Device\Harddisk0\DR0\# - copied to quarantine
14:09:29.0249 1664 \Device\Harddisk0\DR0 - copied to quarantine
14:09:29.0311 1664 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
14:09:29.0327 1664 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
14:09:29.0327 1664 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
14:09:29.0343 1664 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
14:09:29.0405 1664 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
14:09:29.0421 1664 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
14:09:29.0421 1664 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
14:09:29.0421 1664 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
14:09:29.0436 1664 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
14:09:29.0436 1664 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
14:09:29.0436 1664 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
14:09:29.0436 1664 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
14:09:29.0483 1664 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
14:09:29.0483 1664 \Device\Harddisk0\DR0 - ok
14:09:29.0483 1664 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
14:09:29.0483 1664 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:09:29.0483 1664 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
14:09:38.0375 1452 Deinitialize success

#17 rjones315

rjones315

    New Member

  • Members
  • Pip
  • 15 posts

Posted 08 April 2012 - 01:36 PM

I reran the kdsskiller in safe mode
I also ran malwarebytes in safe mode


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.06.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Bob Jones :: DELL-LAPTOP [administrator]

Protection: Disabled

4/8/2012 2:26:57 PM
mbam-log-2012-04-08 (14-26-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204742
Time elapsed: 4 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#18 rjones315

rjones315

    New Member

  • Members
  • Pip
  • 15 posts

Posted 08 April 2012 - 01:39 PM

After rebooting to normal bootup, I reran malwarebytes again and it didn't fine any errors.
I SEEM to be running ok now. Will keep an eye on it.
If I have further problems I will post to this thread

Also, I registered my malwarebytes, but never got my key. How can I get a copy of it?

#19 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 08 April 2012 - 01:44 PM

These steps, it is important to be executed in normal mode. Please repeat to make sure that results are those.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#20 rjones315

rjones315

    New Member

  • Members
  • Pip
  • 15 posts

Posted 08 April 2012 - 06:26 PM

I did them also in normal mode - they appear fine.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users