Jump to content


Photo
- - - - -

SVChost.exe Virus and I are still not Friends


  • This topic is locked This topic is locked
30 replies to this topic

#1 SoulAmiss

SoulAmiss

    New Member

  • Members
  • Pip
  • 25 posts

Posted 26 June 2012 - 07:30 PM

Old post, correct forum: Like a lot of people on here, I have gotten infected by the svchost.exe. Maleware finds it but nothnig else does. I quarantine it, I remove it, Maleware asks me to start over, and it's still there. Maleware thinks it's getting rid of it but it's not. I tried running rkill then maleware and that didn't do it. I've tried to run maleware in safe mode but my screen goes dark before it's done and I have to do a hard reboot to get it back. I turned off the screen saver and played with the power saving settings telling it not to go dark but something's not listening. I've followed the advice in other trheads and can't shake this thing. What do I do? Here is the DDS list.

DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/22/2010 8:49:00 PM
System Uptime: 6/22/2012 6:40:22 PM (16 hours ago)
.
Motherboard: DELL Inc. | | 0X501H
Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz | CPU 1 | 1574/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 587 GiB total, 302.402 GiB free.
F: is FIXED (NTFS) - 112 GiB total, 58.334 GiB free.
G: is FIXED (FAT32) - 466 GiB total, 354.164 GiB free.
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMHL-DT-ST_DVD-ROM_DH20N__________________A102____\4&D7DB6A6&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: HL-DT-ST DVD-ROM DH20N
PNP Device ID: IDE\CDROMHL-DT-ST_DVD-ROM_DH20N__________________A102____\4&D7DB6A6&0&0.0.0
Service: cdrom
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\5&4051B8C&0&3
Manufacturer: (Standard USB Host Controller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\5&4051B8C&0&3
Service:
.
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMPLDS_DVD+-RW_DH-16AAS___________________JD12____\4&D7DB6A6&0&0.1.0
Manufacturer: (Standard CD-ROM drives)
Name: PLDS DVD+-RW DH-16AAS
PNP Device ID: IDE\CDROMPLDS_DVD+-RW_DH-16AAS___________________JD12____\4&D7DB6A6&0&0.1.0
Service: cdrom
.
==== System Restore Points ===================
.
RP212: 6/21/2012 3:00:28 AM - Windows Update
RP213: 6/21/2012 6:47:20 AM - Windows Update
RP214: 6/21/2012 10:40:06 AM - Windows Update
RP215: 6/21/2012 10:42:51 AM - Windows Update
RP216: 6/21/2012 8:33:01 PM - Windows Update
RP217: 6/22/2012 3:00:24 AM - Windows Update
RP218: 6/23/2012 3:00:26 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Creative Suite 4 Master Collection
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader 9.5.1
Adobe Setup
Adobe Shockwave Player 11.5
Akamai NetSession Interface
Akamai NetSession Interface Service
Amazon MP3 Downloader 1.0.12
Apple Application Support
Apple Software Update
Banctec Service Agreement
Complete Care Consumer Service Agreement
ConvertHelper 2.2
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Getting Started Guide
DirectXInstallService
EA Download Manager
EA Download Manager UI
EMC 10 Content
Facebook Plug-In
GoToAssist 8.0.0.514
HMA! Pro VPN 2.6.9
IrfanView (remove only)
Java Auto Updater
Java™ 6 Update 30
Junk Mail filter update
Lexmark 640 Series
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee SecurityCenter
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSN Toolbar
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NavNet
NirSoft Mail PassView
NVIDIA PhysX
PatchBeam
PowerArchiver 2011
QuickTime
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy CD and DVD Burning
Roxio Express Labeler 3
Roxio Update Manager
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Sonic CinePlayer Decoder Pack
SoulSeek 157 NS 13e
Spelling Dictionaries Support For Adobe Reader 9
STK03N
The Sims™ 2 Double Deluxe
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.2
Vuze
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WordPerfect Office 2002
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
6/23/2012 3:00:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error

0x80070643: Security Update for Windows 7 for x64-based Systems (KB2709715).
6/23/2012 3:00:32 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
6/22/2012 5:57:13 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service

might not be installed.
6/21/2012 8:42:27 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed

to start because of the following error: The dependency service or group failed to start.
6/21/2012 8:41:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in

order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/21/2012 8:41:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in

order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/21/2012 8:41:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in

order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/21/2012 8:41:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in

order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
6/21/2012 8:41:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments

"" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/21/2012 8:41:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with

arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/21/2012 8:40:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdrom DfsC discache mfehidk

mfenlfk NetBIOS NetBT nsiproxy Psched rdbss RxFilter spldr tdx vwififlt Wanarpv6 WfpLwf
6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start

because of the following error: The dependency service or group failed to start.
6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service

which failed to start because of the following error: A device attached to the system is not functioning.
6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub

Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine

service which failed to start because of the following error: The dependency service or group failed to start.
6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine

service which failed to start because of the following error: The dependency service or group failed to start.
6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which

failed to start because of the following error: A device attached to the system is not functioning.
6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service

which failed to start because of the following error: The dependency service or group failed to start.
6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk

service which failed to start because of the following error: A device attached to the system is not functioning.
6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed

to start because of the following error: The dependency service or group failed to start.
6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service

which failed to start because of the following error: The dependency service or group failed to start.
6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection

Service service which failed to start because of the following error: The dependency service or group failed to start.
6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which

failed to start because of the following error: The dependency service or group failed to start.
6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to

start because of the following error: A device attached to the system is not functioning.
6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed

to start because of the following error: A device attached to the system is not functioning.
6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the

following error: The dependency service or group failed to start.
6/21/2012 8:34:12 PM, Error: Microsoft-Windows-WMPNSS-Service [14329] - Service 'WMPNetworkSvc' did not start correctly because the registry could not be

updated due to error '0x80070006'. If possible, reinstall Windows Media Player.
6/21/2012 8:29:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom RxFilter
6/21/2012 8:29:54 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be

installed.
6/21/2012 8:29:54 PM, Error: Service Control Manager [7002] - The Unibrain 1394 SBM Driver service depends on the UB1394 Miniport group and no member of

this group started.
6/21/2012 8:29:54 PM, Error: Service Control Manager [7002] - The Unibrain 1394 FireAPI Driver service depends on the UB1394 Miniport group and no member

of this group started.
6/21/2012 8:29:54 PM, Error: Service Control Manager [7000] - The Unibrain 1394 OHCI Driver service failed to start due to the following error: Unibrain 1394

OHCI Driver is not a valid Win32 application.
6/21/2012 8:29:54 PM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the

file specified.
6/21/2012 8:29:53 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not

exist as an installed service.
6/21/2012 8:29:53 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service

might not be installed.
6/21/2012 8:28:40 PM, Error: Service Control Manager [7016] - The NVIDIA Display Driver Service service has reported an invalid current state 32.
6/21/2012 8:13:48 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.
6/21/2012 2:09:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments ""

in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
6/21/2012 12:58:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments ""

in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
6/21/2012 1:37:23 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
6/19/2012 2:27:49 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was:

0x00000050 (0xfffff8a00087f000, 0x0000000000000000, 0xfffff800028d8a0a, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report

Id: 061912-32947-01.
6/19/2012 12:34:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file.
6/19/2012 12:34:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was:

0x0000001e (0xffffffffc0000005, 0xfffff800034c482f, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report

Id: .
6/17/2012 2:26:37 PM, Error: sbp2port [20] - A transport driver received a frame which violated the protocol.
.
==== End Of File ===========================

#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,194 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 27 June 2012 - 05:08 AM

Welcome to the forum, can you post the DDS log....what you posted is the Attach.txt.

also.......
Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system (don't run any other options, they're not all bad!!!!!!!)
Post back the report.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 SoulAmiss

SoulAmiss

    New Member

  • Members
  • Pip
  • 25 posts

Posted 27 June 2012 - 06:32 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by I'm Lee at 18:27:12 on 2012-06-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6557 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\p2csvc.exe
C:\Windows\SysWOW64\p2csvc32.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Panasonic P2\Drivers\App\P2TaskTray.exe
C:\Windows\STK03N\STK03NM.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\McAfee\Core\mchost.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
c:\program files (x86)\common files\installshield\updateservice\isuspm.exe
c:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622190405.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
uRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [Akamai NetSession Interface] "C:\Users\I'm Lee\AppData\Local\Akamai\netsession_win.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\I'MLEE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\P2CARD~1.LNK - C:\Program Files (x86)\Panasonic P2\Drivers\App\P2TaskTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STK03N~1.LNK - C:\Windows\STK03N\STK03NM.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 97.64.168.12 97.64.183.165
TCP: Interfaces\{B9043A83-41BB-4C35-AE2C-9C08648EE55B} : DhcpNameServer = 97.64.168.12 97.64.183.165
TCP: Interfaces\{B9043A83-41BB-4C35-AE2C-9C08648EE55B}\A6F6E65637 : DhcpNameServer = 97.64.168.12 97.64.183.165
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files (x86)\NavNetApp\ComUtilities.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622190405.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\I'm Lee\AppData\Roaming\Mozilla\Firefox\Profiles\vv00rrof.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15623
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.photobucket.com
FF - prefs.js: keyword.URL - hxxp://utils.babylon.com/abt/index.php?url=
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\I'm Lee\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-1-14 92160]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-17 654408]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-17 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-17 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-8-21 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-8-21 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 p2csvc;p2csvc;C:\Windows\system32\p2csvc.exe -service --> C:\Windows\system32\p2csvc.exe -service [?]
R2 p2csvc32;p2csvc32;C:\Windows\SysWOW64\p2csvc32.exe -service --> C:\Windows\SysWOW64\p2csvc32.exe -service [?]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-1-14 656624]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 0323841340409849mcinstcleanup;McAfee Application Installer Cleanup (0323841340409849);C:\Windows\TEMP\032384~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Windows\TEMP\032384~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-17 249936]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S2 ubsbm;Unibrain 1394 SBM Driver;C:\Windows\system32\DRIVERS\ubsbm.sys --> C:\Windows\system32\DRIVERS\ubsbm.sys [?]
S2 ubumapi;Unibrain 1394 FireAPI Driver;C:\Windows\system32\DRIVERS\ubumapi.sys --> C:\Windows\system32\DRIVERS\ubumapi.sys [?]
S3 65897487;65897487;C:\Windows\system32\drivers\16495956.sys --> C:\Windows\system32\drivers\16495956.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-17 250056]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-13 113120]
S3 p2usb;Panasonic P2 Series USB Device;C:\Windows\system32\DRIVERS\p2usb.sys --> C:\Windows\system32\DRIVERS\p2usb.sys [?]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 ubohci;Unibrain 1394 OHCI Driver;C:\Windows\system32\DRIVERS\ubohci.sys --> C:\Windows\system32\DRIVERS\ubohci.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam.sys --> C:\Windows\system32\DRIVERS\wdcsam.sys [?]
.
=============== Created Last 30 ================
.
2012-06-25 22:49:01 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-25 22:49:01 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-23 00:04:04 29312 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
2012-06-22 01:46:07 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{7A309D0B-6E35-459E-864E-BD63F06F962A}
2012-06-22 01:45:29 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{AC47AFA3-4464-4D38-AB93-0F56FBACA8D5}
2012-06-22 01:30:53 20480 ----a-w- C:\Windows\svchost.exe
2012-06-21 19:37:51 -------- d-sh--w- C:\found.000
2012-06-21 18:42:17 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{EC406987-BACA-4C27-A98E-A1A9B032BC4C}
2012-06-21 11:50:53 -------- d-----w- C:\Program Files\CCleaner
2012-06-21 11:47:47 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 11:47:38 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 11:47:32 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 11:47:32 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-21 01:27:25 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{CE3110ED-418A-4636-86ED-CF0EF17642E3}
2012-06-21 01:27:14 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{6493A9FB-BE82-439E-A228-9336C9918B6F}
2012-06-20 03:07:24 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{82C31541-7A8D-4480-A1DE-07F0968697BA}
2012-06-19 18:12:08 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{F92F40AA-2781-4D7E-BEAB-79B4FD5AAA22}
2012-06-19 18:11:57 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{09CFE355-3036-4E43-BF73-3B4C5360C9D2}
2012-06-17 14:10:16 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-17 14:10:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-17 13:52:22 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-17 13:52:22 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-16 16:32:43 -------- d-----w- C:\ProgramData\Caphyon
2012-06-16 16:32:41 -------- d-----w- C:\Program Files (x86)\PatchBeam
2012-06-16 16:32:34 -------- d-----w- C:\Program Files (x86)\PowerArchiver
2012-06-15 22:18:54 -------- d-----w- C:\AdobeTemp
2012-06-15 22:03:24 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{46650B5C-2A6B-433B-A455-7EA74CAA389C}
2012-06-15 21:59:35 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{3D2FAC68-74B7-4611-B90E-A0786D0850C4}
2012-06-15 21:55:02 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{F559CC18-D9BF-414F-94EA-3C5AD63F290F}
2012-06-14 22:15:58 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{90C0F824-304F-46BC-8196-E94BC43BBC79}
2012-06-14 22:15:47 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{CEA53AF8-AF48-4BAF-B683-1201B0EA331F}
2012-06-14 01:15:24 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-12 00:21:14 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{ED9C34BB-B248-416F-911F-0252B3CA11C9}
2012-06-12 00:21:03 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{6E87F58A-F06E-4F7E-904B-E9B232589742}
2012-06-11 23:16:26 -------- d-----w- C:\Windows\en
2012-06-11 23:14:24 19736 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-11 23:11:46 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\92a1b4ad1cd482704\DSETUP.dll
2012-06-11 23:11:46 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\92a1b4ad1cd482704\DXSETUP.exe
2012-06-11 23:11:46 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\92a1b4ad1cd482704\dsetup32.dll
2012-06-11 23:11:03 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{7861E9A2-A6E1-40C8-8F11-1B2409998164}
2012-06-11 23:10:52 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{DF72AC91-5AAA-4306-B699-BEDAE93935E6}
2012-06-11 23:04:17 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-06-11 23:04:17 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-06-11 23:04:17 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-06-11 23:03:33 -------- d-----w- C:\Program Files\iPod
2012-06-11 23:03:31 -------- d-----w- C:\Program Files\iTunes
2012-06-11 00:19:31 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{98EDC165-034E-4B7C-98DF-0B09558F026B}
2012-06-11 00:07:50 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{C5B656A9-27B1-49A5-92A7-EBC9C73403F3}
2012-06-10 20:45:41 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{536B35C2-8D33-4525-9574-A31B550DBB01}
2012-06-10 20:34:17 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{222EA398-8B77-47F8-864F-3A0ED802A226}
2012-06-10 20:34:04 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{5E25C2AB-744C-40AD-B148-92187C9288A8}
2012-06-10 20:17:23 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{C1B7FE04-7F60-4C2D-A536-73F7CCA42F04}
2012-06-10 14:21:46 -------- d-----w- C:\Users\I'm Lee\AppData\Local\Macromedia
2012-06-10 14:05:38 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{C1D1668E-8283-4DE3-95D8-506D3D4313EB}
2012-06-10 14:05:26 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{D01AE271-FAA1-43CB-888A-C529A9E94A03}
2012-06-10 13:51:44 -------- d-----w- C:\Users\I'm Lee\AppData\Local\ElevatedDiagnostics
2012-06-10 13:41:15 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{72C6AAB1-1053-4A29-ABCC-48F6EE70D8FC}
2012-06-10 13:41:03 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{9C03DE12-EEF6-4038-A2C3-491B29614432}
2012-06-10 12:28:41 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{E1F60980-6FE4-463B-BC18-638EF2C75F6D}
2012-06-06 18:56:24 -------- d-----w- C:\Users\I'm Lee\PhotoFucket
2012-06-06 18:24:01 -------- d-----w- C:\Program Files (x86)\PhotoFucket
2012-05-30 01:02:18 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{E4FC379C-E78A-4C09-92C6-1166BA1139EC}
.
==================== Find3M ====================
.
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-19 01:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 01:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 18:27:58.04 ===============

#4 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,194 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 27 June 2012 - 06:51 PM

Can you post the log from RogueKiller.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5 SoulAmiss

SoulAmiss

    New Member

  • Members
  • Pip
  • 25 posts

Posted 27 June 2012 - 07:25 PM

RogueKiller V7.6.0 [06/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: I'm Lee [Admin rights]
Mode: Scan -- Date: 06/27/2012 18:33:34

¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 6 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : Root.MBR ¤¤¤
¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD642JJ +++++
--- User ---
[MBR] bc17261b85527aa1356e67a794d2bfcb
[BSP] 03e305809de40ceaf54bfec6cdaeba67 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 9342 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 19214336 | Size: 601097 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] 45bed0fe84cb6bb45ca9c2050579b918
[BSP] 03e305809de40ceaf54bfec6cdaeba67 : Windows Vista MBR Code
Partition table:
1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 9342 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 19214336 | Size: 601097 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] 45bed0fe84cb6bb45ca9c2050579b918
[BSP] 03e305809de40ceaf54bfec6cdaeba67 : Windows Vista MBR Code
Partition table:
1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 9342 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 19214336 | Size: 601097 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt


#6 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,194 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 27 June 2012 - 08:32 PM

Please make sure system restore is running and create a new restore point before continuing.
XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Posted Image

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

Posted Image

------------------------

Click the Start Scan button.

Posted Image

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

Posted Image

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


Posted Image


--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:


If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#7 SoulAmiss

SoulAmiss

    New Member

  • Members
  • Pip
  • 25 posts

Posted 28 June 2012 - 08:35 PM

20:22:47.0092 4460 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
20:22:47.0092 4460 ============================================================
20:22:47.0092 4460 Current date / time: 2012/06/28 20:22:47.0092
20:22:47.0092 4460 SystemInfo:
20:22:47.0092 4460
20:22:47.0092 4460 OS Version: 6.1.7601 ServicePack: 1.0
20:22:47.0092 4460 Product type: Workstation
20:22:47.0092 4460 ComputerName: SASSAFRASQUATCH
20:22:47.0092 4460 UserName: I'm Lee
20:22:47.0092 4460 Windows directory: C:\Windows
20:22:47.0092 4460 System windows directory: C:\Windows
20:22:47.0092 4460 Running under WOW64
20:22:47.0092 4460 Processor architecture: Intel x64
20:22:47.0092 4460 Number of processors: 8
20:22:47.0092 4460 Page size: 0x1000
20:22:47.0092 4460 Boot type: Normal boot
20:22:47.0092 4460 ============================================================
20:22:49.0073 4460 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:22:49.0088 4460 ============================================================
20:22:49.0088 4460 \Device\Harddisk0\DR0:
20:22:49.0088 4460 MBR partitions:
20:22:49.0088 4460 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x123F000
20:22:49.0088 4460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1253000, BlocksNum 0x49604800
20:22:49.0088 4460 ============================================================
20:22:49.0135 4460 C: <-> \Device\Harddisk0\DR0\Partition1
20:22:49.0135 4460 ============================================================
20:22:49.0135 4460 Initialize success
20:22:49.0135 4460 ============================================================
20:22:55.0812 4512 ============================================================
20:22:55.0812 4512 Scan started
20:22:55.0812 4512 Mode: Manual; SigCheck; TDLFS;
20:22:55.0812 4512 ============================================================
20:22:56.0935 4512 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:23:05.0500 4512 1394ohci - ok
20:23:05.0546 4512 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
20:23:05.0624 4512 61883 - ok
20:23:05.0687 4512 65897487 (a76e27c387a1309564349992ea5462c0) C:\Windows\system32\drivers\16495956.sys
20:23:05.0734 4512 65897487 - ok
20:23:05.0796 4512 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:23:05.0827 4512 ACPI - ok
20:23:05.0858 4512 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:23:05.0936 4512 AcpiPmi - ok
20:23:05.0983 4512 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys
20:23:05.0999 4512 adfs - ok
20:23:06.0170 4512 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:23:06.0186 4512 AdobeFlashPlayerUpdateSvc - ok
20:23:06.0264 4512 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:23:06.0280 4512 adp94xx - ok
20:23:06.0358 4512 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:23:06.0389 4512 adpahci - ok
20:23:06.0404 4512 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:23:06.0436 4512 adpu320 - ok
20:23:06.0467 4512 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:23:06.0592 4512 AeLookupSvc - ok
20:23:06.0685 4512 AERTFilters (3ac22a3dfa8a050e35f0e3cd99d0cdf2) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
20:23:06.0763 4512 AERTFilters - ok
20:23:06.0857 4512 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:23:06.0935 4512 AFD - ok
20:23:06.0997 4512 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:23:07.0028 4512 agp440 - ok
20:23:07.0372 4512 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll
20:23:07.0372 4512 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af
20:23:07.0372 4512 Akamai ( HiddenFile.Multi.Generic ) - warning
20:23:07.0372 4512 Akamai - detected HiddenFile.Multi.Generic (1)
20:23:07.0481 4512 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:23:07.0543 4512 ALG - ok
20:23:07.0606 4512 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:23:07.0637 4512 aliide - ok
20:23:07.0637 4512 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:23:07.0652 4512 amdide - ok
20:23:07.0684 4512 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:23:07.0746 4512 AmdK8 - ok
20:23:07.0762 4512 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:23:07.0808 4512 AmdPPM - ok
20:23:07.0840 4512 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:23:07.0855 4512 amdsata - ok
20:23:07.0886 4512 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:23:07.0902 4512 amdsbs - ok
20:23:07.0918 4512 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:23:07.0933 4512 amdxata - ok
20:23:07.0980 4512 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:23:08.0120 4512 AppID - ok
20:23:08.0136 4512 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:23:08.0214 4512 AppIDSvc - ok
20:23:08.0261 4512 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:23:08.0308 4512 Appinfo - ok
20:23:08.0417 4512 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:23:08.0432 4512 Apple Mobile Device - ok
20:23:08.0479 4512 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:23:08.0495 4512 arc - ok
20:23:08.0510 4512 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:23:08.0526 4512 arcsas - ok
20:23:08.0557 4512 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:23:08.0604 4512 AsyncMac - ok
20:23:08.0666 4512 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:23:08.0682 4512 atapi - ok
20:23:08.0822 4512 athr (195786ed7a26e1913a4f9799fdbc2c71) C:\Windows\system32\DRIVERS\athrx.sys
20:23:08.0916 4512 athr - ok
20:23:09.0072 4512 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:23:09.0150 4512 AudioEndpointBuilder - ok
20:23:09.0150 4512 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:23:09.0181 4512 AudioSrv - ok
20:23:09.0244 4512 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
20:23:09.0290 4512 Avc - ok
20:23:09.0353 4512 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:23:09.0431 4512 AxInstSV - ok
20:23:09.0509 4512 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:23:09.0556 4512 b06bdrv - ok
20:23:09.0634 4512 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:23:09.0665 4512 b57nd60a - ok
20:23:09.0712 4512 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:23:09.0758 4512 BDESVC - ok
20:23:09.0774 4512 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:23:09.0836 4512 Beep - ok
20:23:09.0914 4512 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
20:23:10.0008 4512 BITS - ok
20:23:10.0055 4512 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:23:10.0086 4512 blbdrive - ok
20:23:10.0195 4512 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:23:10.0226 4512 Bonjour Service - ok
20:23:10.0273 4512 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:23:10.0289 4512 bowser - ok
20:23:10.0320 4512 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:23:10.0351 4512 BrFiltLo - ok
20:23:10.0367 4512 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:23:10.0398 4512 BrFiltUp - ok
20:23:10.0429 4512 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:23:10.0492 4512 Browser - ok
20:23:10.0538 4512 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:23:10.0601 4512 Brserid - ok
20:23:10.0616 4512 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:23:10.0648 4512 BrSerWdm - ok
20:23:10.0663 4512 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:23:10.0694 4512 BrUsbMdm - ok
20:23:10.0726 4512 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:23:10.0757 4512 BrUsbSer - ok
20:23:10.0772 4512 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:23:10.0819 4512 BTHMODEM - ok
20:23:10.0866 4512 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:23:10.0913 4512 bthserv - ok
20:23:10.0960 4512 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:23:11.0006 4512 cdfs - ok
20:23:11.0053 4512 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:23:11.0100 4512 cdrom - ok
20:23:11.0147 4512 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:23:11.0209 4512 CertPropSvc - ok
20:23:11.0256 4512 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
20:23:11.0287 4512 cfwids - ok
20:23:11.0303 4512 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:23:11.0334 4512 circlass - ok
20:23:11.0381 4512 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:23:11.0412 4512 CLFS - ok
20:23:11.0490 4512 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:23:11.0506 4512 clr_optimization_v2.0.50727_32 - ok
20:23:11.0568 4512 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:23:11.0584 4512 clr_optimization_v2.0.50727_64 - ok
20:23:11.0677 4512 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:23:11.0724 4512 clr_optimization_v4.0.30319_32 - ok
20:23:11.0755 4512 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:23:11.0771 4512 clr_optimization_v4.0.30319_64 - ok
20:23:11.0802 4512 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:23:11.0833 4512 CmBatt - ok
20:23:11.0864 4512 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:23:11.0864 4512 cmdide - ok
20:23:11.0942 4512 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:23:11.0989 4512 CNG - ok
20:23:12.0005 4512 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:23:12.0020 4512 Compbatt - ok
20:23:12.0067 4512 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:23:12.0098 4512 CompositeBus - ok
20:23:12.0114 4512 COMSysApp - ok
20:23:12.0130 4512 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:23:12.0145 4512 crcdisk - ok
20:23:12.0192 4512 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
20:23:12.0239 4512 CryptSvc - ok
20:23:12.0301 4512 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:23:12.0348 4512 DcomLaunch - ok
20:23:12.0395 4512 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:23:12.0473 4512 defragsvc - ok
20:23:12.0504 4512 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:23:12.0566 4512 DfsC - ok
20:23:12.0644 4512 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:23:12.0691 4512 Dhcp - ok
20:23:12.0738 4512 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:23:12.0800 4512 discache - ok
20:23:12.0832 4512 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:23:12.0847 4512 Disk - ok
20:23:12.0894 4512 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:23:12.0956 4512 Dnscache - ok
20:23:13.0034 4512 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
20:23:13.0066 4512 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
20:23:13.0066 4512 DockLoginService - detected UnsignedFile.Multi.Generic (1)
20:23:13.0112 4512 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:23:13.0175 4512 dot3svc - ok
20:23:13.0222 4512 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:23:13.0284 4512 DPS - ok
20:23:13.0300 4512 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:23:13.0346 4512 drmkaud - ok
20:23:13.0456 4512 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:23:13.0471 4512 DXGKrnl - ok
20:23:13.0518 4512 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:23:13.0580 4512 EapHost - ok
20:23:13.0846 4512 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:23:13.0892 4512 ebdrv - ok
20:23:14.0002 4512 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:23:14.0064 4512 EFS - ok
20:23:14.0173 4512 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:23:14.0236 4512 ehRecvr - ok
20:23:14.0267 4512 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:23:14.0298 4512 ehSched - ok
20:23:14.0407 4512 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:23:14.0423 4512 elxstor - ok
20:23:14.0454 4512 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:23:14.0501 4512 ErrDev - ok
20:23:14.0548 4512 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:23:14.0610 4512 EventSystem - ok
20:23:14.0641 4512 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:23:14.0688 4512 exfat - ok
20:23:14.0719 4512 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:23:14.0750 4512 fastfat - ok
20:23:14.0860 4512 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:23:14.0922 4512 Fax - ok
20:23:14.0938 4512 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:23:14.0984 4512 fdc - ok
20:23:15.0016 4512 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:23:15.0078 4512 fdPHost - ok
20:23:15.0094 4512 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:23:15.0140 4512 FDResPub - ok
20:23:15.0172 4512 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:23:15.0187 4512 FileInfo - ok
20:23:15.0187 4512 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:23:15.0234 4512 Filetrace - ok
20:23:15.0250 4512 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:23:15.0250 4512 flpydisk - ok
20:23:15.0312 4512 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:23:15.0328 4512 FltMgr - ok
20:23:15.0452 4512 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:23:15.0484 4512 FontCache - ok
20:23:15.0562 4512 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:23:15.0577 4512 FontCache3.0.0.0 - ok
20:23:15.0624 4512 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:23:15.0655 4512 FsDepends - ok
20:23:15.0686 4512 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:23:15.0702 4512 Fs_Rec - ok
20:23:15.0764 4512 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:23:15.0796 4512 fvevol - ok
20:23:15.0811 4512 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:23:15.0842 4512 gagp30kx - ok
20:23:15.0920 4512 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
20:23:15.0936 4512 GoToAssist - ok
20:23:16.0014 4512 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:23:16.0076 4512 gpsvc - ok
20:23:16.0108 4512 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:23:16.0154 4512 hcw85cir - ok
20:23:16.0201 4512 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:23:16.0248 4512 HDAudBus - ok
20:23:16.0264 4512 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:23:16.0279 4512 HidBatt - ok
20:23:16.0295 4512 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:23:16.0310 4512 HidBth - ok
20:23:16.0342 4512 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:23:16.0373 4512 HidIr - ok
20:23:16.0404 4512 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:23:16.0466 4512 hidserv - ok
20:23:16.0498 4512 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:23:16.0513 4512 HidUsb - ok
20:23:16.0544 4512 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:23:16.0607 4512 hkmsvc - ok
20:23:16.0669 4512 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:23:16.0716 4512 HomeGroupListener - ok
20:23:16.0763 4512 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:23:16.0794 4512 HomeGroupProvider - ok
20:23:16.0810 4512 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:23:16.0825 4512 HpSAMD - ok
20:23:16.0919 4512 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:23:16.0981 4512 HTTP - ok
20:23:17.0012 4512 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:23:17.0044 4512 hwpolicy - ok
20:23:17.0090 4512 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:23:17.0106 4512 i8042prt - ok
20:23:17.0215 4512 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
20:23:17.0231 4512 IAANTMON - ok
20:23:17.0278 4512 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
20:23:17.0309 4512 iaStor - ok
20:23:17.0371 4512 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:23:17.0387 4512 iaStorV - ok
20:23:17.0652 4512 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:23:17.0683 4512 idsvc - ok
20:23:17.0699 4512 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:23:17.0714 4512 iirsp - ok
20:23:17.0808 4512 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:23:17.0870 4512 IKEEXT - ok
20:23:18.0026 4512 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys
20:23:18.0073 4512 IntcAzAudAddService - ok
20:23:18.0214 4512 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:23:18.0229 4512 intelide - ok
20:23:18.0260 4512 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:23:18.0292 4512 intelppm - ok
20:23:18.0323 4512 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:23:18.0354 4512 IPBusEnum - ok
20:23:18.0401 4512 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:23:18.0448 4512 IpFilterDriver - ok
20:23:18.0479 4512 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:23:18.0510 4512 IPMIDRV - ok
20:23:18.0541 4512 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:23:18.0588 4512 IPNAT - ok
20:23:18.0728 4512 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
20:23:18.0760 4512 iPod Service - ok
20:23:18.0791 4512 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:23:18.0853 4512 IRENUM - ok
20:23:18.0884 4512 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:23:18.0900 4512 isapnp - ok
20:23:18.0947 4512 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:23:18.0962 4512 iScsiPrt - ok
20:23:18.0994 4512 JRAID (71235f7baa7e5e79d38157df7a0f806a) C:\Windows\system32\DRIVERS\jraid.sys
20:23:19.0009 4512 JRAID - ok
20:23:19.0040 4512 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:23:19.0056 4512 kbdclass - ok
20:23:19.0087 4512 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:23:19.0118 4512 kbdhid - ok
20:23:19.0134 4512 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:23:19.0150 4512 KeyIso - ok
20:23:19.0181 4512 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:23:19.0212 4512 KSecDD - ok
20:23:19.0243 4512 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:23:19.0259 4512 KSecPkg - ok
20:23:19.0274 4512 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:23:19.0321 4512 ksthunk - ok
20:23:19.0399 4512 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:23:19.0462 4512 KtmRm - ok
20:23:19.0524 4512 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
20:23:19.0602 4512 LanmanServer - ok
20:23:19.0649 4512 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:23:19.0711 4512 LanmanWorkstation - ok
20:23:19.0742 4512 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:23:19.0820 4512 lltdio - ok
20:23:19.0883 4512 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:23:19.0945 4512 lltdsvc - ok
20:23:19.0976 4512 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:23:20.0008 4512 lmhosts - ok
20:23:20.0039 4512 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:23:20.0054 4512 LSI_FC - ok
20:23:20.0086 4512 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:23:20.0086 4512 LSI_SAS - ok
20:23:20.0101 4512 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:23:20.0101 4512 LSI_SAS2 - ok
20:23:20.0117 4512 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:23:20.0132 4512 LSI_SCSI - ok
20:23:20.0148 4512 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:23:20.0195 4512 luafv - ok
20:23:20.0242 4512 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
20:23:20.0273 4512 MBAMProtector - ok
20:23:20.0382 4512 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:23:20.0398 4512 MBAMService - ok
20:23:20.0522 4512 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:23:20.0569 4512 McMPFSvc - ok
20:23:20.0569 4512 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:23:20.0585 4512 mcmscsvc - ok
20:23:20.0585 4512 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:23:20.0600 4512 McNaiAnn - ok
20:23:20.0616 4512 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:23:20.0632 4512 McNASvc - ok
20:23:20.0725 4512 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\McAfee\VirusScan\mcods.exe
20:23:20.0756 4512 McODS - ok
20:23:20.0772 4512 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:23:20.0788 4512 McProxy - ok
20:23:20.0850 4512 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
20:23:20.0881 4512 McShield - ok
20:23:20.0990 4512 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:23:21.0037 4512 Mcx2Svc - ok
20:23:21.0084 4512 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:23:21.0100 4512 megasas - ok
20:23:21.0115 4512 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:23:21.0146 4512 MegaSR - ok
20:23:21.0209 4512 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
20:23:21.0224 4512 mfeapfk - ok
20:23:21.0271 4512 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
20:23:21.0287 4512 mfeavfk - ok
20:23:21.0302 4512 mfeavfk01 - ok
20:23:21.0396 4512 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
20:23:21.0427 4512 mfefire - ok
20:23:21.0474 4512 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
20:23:21.0490 4512 mfefirek - ok
20:23:21.0568 4512 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
20:23:21.0599 4512 mfehidk - ok
20:23:21.0630 4512 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
20:23:21.0661 4512 mfenlfk - ok
20:23:21.0677 4512 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
20:23:21.0708 4512 mferkdet - ok
20:23:21.0755 4512 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe
20:23:21.0770 4512 mfevtp - ok
20:23:21.0817 4512 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
20:23:21.0833 4512 mfewfpk - ok
20:23:21.0864 4512 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:23:21.0926 4512 MMCSS - ok
20:23:21.0958 4512 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:23:22.0020 4512 Modem - ok
20:23:22.0051 4512 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:23:22.0082 4512 monitor - ok
20:23:22.0129 4512 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:23:22.0145 4512 mouclass - ok
20:23:22.0176 4512 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:23:22.0207 4512 mouhid - ok
20:23:22.0238 4512 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:23:22.0254 4512 mountmgr - ok
20:23:22.0363 4512 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:23:22.0379 4512 MozillaMaintenance - ok
20:23:22.0426 4512 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:23:22.0441 4512 mpio - ok
20:23:22.0457 4512 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:23:22.0488 4512 mpsdrv - ok
20:23:22.0519 4512 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:23:22.0550 4512 MRxDAV - ok
20:23:22.0582 4512 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:23:22.0628 4512 mrxsmb - ok
20:23:22.0675 4512 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:23:22.0722 4512 mrxsmb10 - ok
20:23:22.0753 4512 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:23:22.0769 4512 mrxsmb20 - ok
20:23:22.0800 4512 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:23:22.0816 4512 msahci - ok
20:23:22.0847 4512 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:23:22.0862 4512 msdsm - ok
20:23:22.0894 4512 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:23:22.0940 4512 MSDTC - ok
20:23:23.0003 4512 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
20:23:23.0050 4512 MSDV - ok
20:23:23.0065 4512 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:23:23.0097 4512 Msfs - ok
20:23:23.0112 4512 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:23:23.0159 4512 mshidkmdf - ok
20:23:23.0175 4512 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:23:23.0190 4512 msisadrv - ok
20:23:23.0221 4512 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:23:23.0268 4512 MSiSCSI - ok
20:23:23.0284 4512 msiserver - ok
20:23:23.0409 4512 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:23:23.0440 4512 MSK80Service - ok
20:23:23.0455 4512 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:23:23.0518 4512 MSKSSRV - ok
20:23:23.0518 4512 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:23:23.0549 4512 MSPCLOCK - ok
20:23:23.0549 4512 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:23:23.0596 4512 MSPQM - ok
20:23:23.0658 4512 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:23:23.0674 4512 MsRPC - ok
20:23:23.0721 4512 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:23:23.0736 4512 mssmbios - ok
20:23:23.0736 4512 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:23:23.0783 4512 MSTEE - ok
20:23:23.0799 4512 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:23:23.0830 4512 MTConfig - ok
20:23:23.0845 4512 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:23:23.0861 4512 Mup - ok
20:23:23.0908 4512 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:23:23.0970 4512 napagent - ok
20:23:24.0033 4512 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:23:24.0079 4512 NativeWifiP - ok
20:23:24.0189 4512 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:23:24.0235 4512 NDIS - ok
20:23:24.0251 4512 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:23:24.0267 4512 NdisCap - ok
20:23:24.0298 4512 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:23:24.0329 4512 NdisTapi - ok
20:23:24.0360 4512 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:23:24.0407 4512 Ndisuio - ok
20:23:24.0454 4512 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:23:24.0501 4512 NdisWan - ok
20:23:24.0532 4512 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:23:24.0563 4512 NDProxy - ok
20:23:24.0579 4512 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:23:24.0625 4512 NetBIOS - ok
20:23:24.0657 4512 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:23:24.0719 4512 NetBT - ok
20:23:24.0750 4512 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:23:24.0766 4512 Netlogon - ok
20:23:24.0797 4512 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:23:24.0859 4512 Netman - ok
20:23:24.0922 4512 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:23:24.0984 4512 netprofm - ok
20:23:25.0062 4512 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:23:25.0078 4512 NetTcpPortSharing - ok
20:23:25.0125 4512 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:23:25.0156 4512 nfrd960 - ok
20:23:25.0218 4512 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:23:25.0281 4512 NlaSvc - ok
20:23:25.0296 4512 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:23:25.0327 4512 Npfs - ok
20:23:25.0359 4512 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:23:25.0374 4512 nsi - ok
20:23:25.0390 4512 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:23:25.0421 4512 nsiproxy - ok
20:23:25.0561 4512 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:23:25.0593 4512 Ntfs - ok
20:23:25.0733 4512 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:23:25.0795 4512 Null - ok
20:23:26.0544 4512 nvlddmkm (feffc8474be060ea7349a172b9810415) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:23:26.0669 4512 nvlddmkm - ok
20:23:26.0825 4512 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:23:26.0841 4512 nvraid - ok
20:23:26.0872 4512 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:23:26.0887 4512 nvstor - ok
20:23:26.0950 4512 nvsvc (18aa5ff4ee3fe45a64b98589c62b7fc0) C:\Windows\system32\nvvsvc.exe
20:23:26.0965 4512 nvsvc - ok
20:23:27.0012 4512 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:23:27.0043 4512 nv_agp - ok
20:23:27.0199 4512 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:23:27.0262 4512 ohci1394 - ok
20:23:27.0433 4512 OpenVPNService (d8a0164a79d4bfd6083945c5431e41e7) C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe
20:23:27.0480 4512 OpenVPNService ( UnsignedFile.Multi.Generic ) - warning
20:23:27.0480 4512 OpenVPNService - detected UnsignedFile.Multi.Generic (1)
20:23:27.0496 4512 p2csvc - ok
20:23:27.0589 4512 p2csvc32 - ok
20:23:27.0636 4512 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:23:27.0699 4512 p2pimsvc - ok
20:23:27.0745 4512 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:23:27.0777 4512 p2psvc - ok
20:23:27.0839 4512 p2usb (5035825b9217a087ea70497066385fe7) C:\Windows\system32\DRIVERS\p2usb.sys
20:23:27.0886 4512 p2usb - ok
20:23:27.0917 4512 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:23:27.0933 4512 Parport - ok
20:23:27.0979 4512 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:23:27.0995 4512 partmgr - ok
20:23:28.0026 4512 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:23:28.0057 4512 PcaSvc - ok
20:23:28.0104 4512 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:23:28.0120 4512 pci - ok
20:23:28.0151 4512 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:23:28.0182 4512 pciide - ok
20:23:28.0198 4512 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:23:28.0198 4512 pcmcia - ok
20:23:28.0213 4512 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:23:28.0229 4512 pcw - ok
20:23:28.0276 4512 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:23:28.0338 4512 PEAUTH - ok
20:23:28.0416 4512 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:23:28.0463 4512 PerfHost - ok
20:23:28.0603 4512 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:23:28.0681 4512 pla - ok
20:23:28.0744 4512 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:23:28.0806 4512 PlugPlay - ok
20:23:28.0837 4512 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:23:28.0853 4512 PNRPAutoReg - ok
20:23:28.0884 4512 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:23:28.0900 4512 PNRPsvc - ok
20:23:28.0962 4512 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:23:29.0040 4512 PolicyAgent - ok
20:23:29.0071 4512 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:23:29.0118 4512 Power - ok
20:23:29.0196 4512 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:23:29.0243 4512 PptpMiniport - ok
20:23:29.0274 4512 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:23:29.0305 4512 Processor - ok
20:23:29.0352 4512 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
20:23:29.0415 4512 ProfSvc - ok
20:23:29.0446 4512 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:23:29.0461 4512 ProtectedStorage - ok
20:23:29.0524 4512 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:23:29.0571 4512 Psched - ok
20:23:29.0602 4512 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
20:23:29.0617 4512 PxHlpa64 - ok
20:23:29.0758 4512 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:23:29.0805 4512 ql2300 - ok
20:23:29.0929 4512 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:23:29.0945 4512 ql40xx - ok
20:23:29.0992 4512 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:23:30.0023 4512 QWAVE - ok
20:23:30.0023 4512 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:23:30.0054 4512 QWAVEdrv - ok
20:23:30.0070 4512 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:23:30.0117 4512 RasAcd - ok
20:23:30.0148 4512 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:23:30.0179 4512 RasAgileVpn - ok
20:23:30.0195 4512 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:23:30.0241 4512 RasAuto - ok
20:23:30.0288 4512 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:23:30.0351 4512 Rasl2tp - ok
20:23:30.0397 4512 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:23:30.0444 4512 RasMan - ok
20:23:30.0460 4512 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:23:30.0507 4512 RasPppoe - ok
20:23:30.0538 4512 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:23:30.0585 4512 RasSstp - ok
20:23:30.0631 4512 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:23:30.0694 4512 rdbss - ok
20:23:30.0725 4512 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:23:30.0756 4512 rdpbus - ok
20:23:30.0787 4512 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:23:30.0834 4512 RDPCDD - ok
20:23:30.0850 4512 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:23:30.0912 4512 RDPENCDD - ok
20:23:30.0928 4512 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:23:30.0959 4512 RDPREFMP - ok
20:23:31.0006 4512 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
20:23:31.0053 4512 RDPWD - ok
20:23:31.0115 4512 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:23:31.0131 4512 rdyboost - ok
20:23:31.0162 4512 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:23:31.0224 4512 RemoteAccess - ok
20:23:31.0255 4512 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:23:31.0287 4512 RemoteRegistry - ok
20:23:31.0489 4512 RoxMediaDB10 (05fc44d32a144925eae45570029fd6e1) c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
20:23:31.0521 4512 RoxMediaDB10 - ok
20:23:31.0552 4512 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:23:31.0599 4512 RpcEptMapper - ok
20:23:31.0614 4512 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:23:31.0630 4512 RpcLocator - ok
20:23:31.0692 4512 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:23:31.0739 4512 RpcSs - ok
20:23:31.0786 4512 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:23:31.0848 4512 rspndr - ok
20:23:31.0895 4512 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys
20:23:31.0926 4512 RSUSBSTOR - ok
20:23:31.0957 4512 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:23:32.0004 4512 RTL8167 - ok
20:23:32.0020 4512 RxFilter - ok
20:23:32.0051 4512 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:23:32.0051 4512 SamSs - ok
20:23:32.0098 4512 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:23:32.0113 4512 sbp2port - ok
20:23:32.0145 4512 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:23:32.0176 4512 SCardSvr - ok
20:23:32.0191 4512 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:23:32.0223 4512 scfilter - ok
20:23:32.0332 4512 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:23:32.0394 4512 Schedule - ok
20:23:32.0425 4512 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:23:32.0457 4512 SCPolicySvc - ok
20:23:32.0503 4512 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:23:32.0550 4512 SDRSVC - ok
20:23:32.0659 4512 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
20:23:32.0691 4512 SeaPort - ok
20:23:32.0753 4512 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:23:32.0815 4512 secdrv - ok
20:23:32.0847 4512 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:23:32.0878 4512 seclogon - ok
20:23:32.0909 4512 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:23:32.0925 4512 SENS - ok
20:23:32.0940 4512 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:23:32.0987 4512 SensrSvc - ok
20:23:33.0018 4512 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:23:33.0049 4512 Serenum - ok
20:23:33.0065 4512 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:23:33.0096 4512 Serial - ok
20:23:33.0127 4512 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:23:33.0143 4512 sermouse - ok
20:23:33.0190 4512 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:23:33.0237 4512 SessionEnv - ok
20:23:33.0268 4512 SessionLauncher - ok
20:23:33.0299 4512 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:23:33.0346 4512 sffdisk - ok
20:23:33.0361 4512 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:23:33.0393 4512 sffp_mmc - ok
20:23:33.0408 4512 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:23:33.0455 4512 sffp_sd - ok
20:23:33.0471 4512 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:23:33.0502 4512 sfloppy - ok
20:23:33.0595 4512 SftService (7f475425582163602ef1589c0071e521) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
20:23:33.0611 4512 SftService - ok
20:23:33.0673 4512 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:23:33.0736 4512 SharedAccess - ok
20:23:33.0798 4512 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:23:33.0861 4512 ShellHWDetection - ok
20:23:33.0923 4512 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:23:33.0939 4512 SiSRaid2 - ok
20:23:33.0954 4512 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:23:33.0970 4512 SiSRaid4 - ok
20:23:33.0985 4512 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:23:34.0048 4512 Smb - ok
20:23:34.0095 4512 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:23:34.0126 4512 SNMPTRAP - ok
20:23:34.0141 4512 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:23:34.0173 4512 spldr - ok
20:23:34.0235 4512 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:23:34.0282 4512 Spooler - ok
20:23:34.0547 4512 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:23:34.0625 4512 sppsvc - ok
20:23:34.0750 4512 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:23:34.0797 4512 sppuinotify - ok
20:23:34.0890 4512 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:23:34.0953 4512 srv - ok
20:23:34.0999 4512 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:23:35.0015 4512 srv2 - ok
20:23:35.0046 4512 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:23:35.0062 4512 srvnet - ok
20:23:35.0093 4512 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:23:35.0155 4512 SSDPSRV - ok
20:23:35.0171 4512 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:23:35.0218 4512 SstpSvc - ok
20:23:35.0233 4512 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:23:35.0249 4512 stexstor - ok
20:23:35.0327 4512 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:23:35.0374 4512 stisvc - ok
20:23:35.0452 4512 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
20:23:35.0467 4512 stllssvr - ok
20:23:35.0670 4512 Stuffit Archive Name Service (1db60cb3e53e2491d5d6c43c06676ca2) C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe
20:23:35.0717 4512 Stuffit Archive Name Service - ok
20:23:35.0842 4512 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:23:35.0857 4512 swenum - ok
20:23:35.0920 4512 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:23:35.0982 4512 swprv - ok
20:23:36.0123 4512 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:23:36.0185 4512 SysMain - ok
20:23:36.0310 4512 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:23:36.0357 4512 TabletInputService - ok
20:23:36.0403 4512 tap0901 (3b73c849b41fb20d77b0e553214061a5) C:\Windows\system32\DRIVERS\tap0901.sys
20:23:36.0466 4512 tap0901 - ok
20:23:36.0513 4512 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:23:36.0559 4512 TapiSrv - ok
20:23:36.0591 4512 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:23:36.0622 4512 TBS - ok
20:23:36.0793 4512 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:23:36.0840 4512 Tcpip - ok
20:23:37.0074 4512 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:23:37.0105 4512 TCPIP6 - ok
20:23:37.0183 4512 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:23:37.0246 4512 tcpipreg - ok
20:23:37.0293 4512 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:23:37.0324 4512 TDPIPE - ok
20:23:37.0355 4512 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:23:37.0402 4512 TDTCP - ok
20:23:37.0433 4512 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:23:37.0464 4512 tdx - ok
20:23:37.0527 4512 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:23:37.0542 4512 TermDD - ok
20:23:37.0620 4512 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:23:37.0683 4512 TermService - ok
20:23:37.0714 4512 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:23:37.0745 4512 Themes - ok
20:23:37.0792 4512 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:23:37.0823 4512 THREADORDER - ok
20:23:37.0854 4512 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:23:37.0885 4512 TrkWks - ok
20:23:37.0948 4512 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:23:37.0995 4512 TrustedInstaller - ok
20:23:38.0026 4512 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:23:38.0073 4512 tssecsrv - ok
20:23:38.0119 4512 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:23:38.0151 4512 TsUsbFlt - ok
20:23:38.0197 4512 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:23:38.0244 4512 tunnel - ok
20:23:38.0275 4512 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:23:38.0291 4512 uagp35 - ok
20:23:38.0322 4512 ubohci (0ae9dd39a559359897541e2d4b8ec491) C:\Windows\system32\DRIVERS\ubohci.sys
20:23:38.0322 4512 Suspicious file (Forged): C:\Windows\system32\DRIVERS\ubohci.sys. Real md5: 0ae9dd39a559359897541e2d4b8ec491, Fake md5: 1e2e55e1b3bf2160d617e854a7b4950b
20:23:38.0322 4512 ubohci ( ForgedFile.Multi.Generic ) - warning
20:23:38.0322 4512 ubohci - detected ForgedFile.Multi.Generic (1)
20:23:38.0353 4512 ubsbm (a7e0b68f49650372910083e5697b7e99) C:\Windows\system32\DRIVERS\ubsbm.sys
20:23:38.0353 4512 Suspicious file (Forged): C:\Windows\system32\DRIVERS\ubsbm.sys. Real md5: a7e0b68f49650372910083e5697b7e99, Fake md5: b30147ca21ab2d10a14dc36a9aa17fd9
20:23:38.0353 4512 ubsbm ( ForgedFile.Multi.Generic ) - warning
20:23:38.0353 4512 ubsbm - detected ForgedFile.Multi.Generic (1)
20:23:38.0385 4512 ubumapi (db4a752a3d03c3b48bb8b23b0c53745d) C:\Windows\system32\DRIVERS\ubumapi.sys
20:23:38.0385 4512 Suspicious file (Forged): C:\Windows\system32\DRIVERS\ubumapi.sys. Real md5: db4a752a3d03c3b48bb8b23b0c53745d, Fake md5: b2a7a65cbd4803bbdb552620e57cd1bd
20:23:38.0385 4512 ubumapi ( ForgedFile.Multi.Generic ) - warning
20:23:38.0385 4512 ubumapi - detected ForgedFile.Multi.Generic (1)
20:23:38.0447 4512 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:23:38.0494 4512 udfs - ok
20:23:38.0509 4512 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:23:38.0525 4512 UI0Detect - ok
20:23:38.0572 4512 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:23:38.0587 4512 uliagpkx - ok
20:23:38.0619 4512 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:23:38.0665 4512 umbus - ok
20:23:38.0697 4512 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:23:38.0728 4512 UmPass - ok
20:23:38.0775 4512 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:23:38.0837 4512 upnphost - ok
20:23:38.0884 4512 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
20:23:38.0931 4512 USBAAPL64 - ok
20:23:38.0946 4512 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:23:38.0977 4512 usbccgp - ok
20:23:39.0024 4512 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:23:39.0055 4512 usbcir - ok
20:23:39.0071 4512 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:23:39.0071 4512 usbehci - ok
20:23:39.0118 4512 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:23:39.0149 4512 usbhub - ok
20:23:39.0165 4512 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:23:39.0196 4512 usbohci - ok
20:23:39.0227 4512 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:23:39.0258 4512 usbprint - ok
20:23:39.0289 4512 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:23:39.0352 4512 USBSTOR - ok
20:23:39.0352 4512 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
20:23:39.0383 4512 usbuhci - ok
20:23:39.0414 4512 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:23:39.0477 4512 UxSms - ok
20:23:39.0508 4512 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:23:39.0523 4512 VaultSvc - ok
20:23:39.0539 4512 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:23:39.0555 4512 vdrvroot - ok
20:23:39.0633 4512 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:23:39.0679 4512 vds - ok
20:23:39.0711 4512 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:23:39.0726 4512 vga - ok
20:23:39.0757 4512 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:23:39.0804 4512 VgaSave - ok
20:23:39.0851 4512 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:23:39.0867 4512 vhdmp - ok
20:23:39.0898 4512 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:23:39.0913 4512 viaide - ok
20:23:39.0945 4512 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:23:39.0976 4512 volmgr - ok
20:23:40.0023 4512 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:23:40.0054 4512 volmgrx - ok
20:23:40.0116 4512 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:23:40.0147 4512 volsnap - ok
20:23:40.0210 4512 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:23:40.0241 4512 vsmraid - ok
20:23:40.0397 4512 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:23:40.0459 4512 VSS - ok
20:23:40.0600 4512 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:23:40.0631 4512 vwifibus - ok
20:23:40.0662 4512 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:23:40.0693 4512 vwififlt - ok
20:23:40.0725 4512 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
20:23:40.0771 4512 vwifimp - ok
20:23:40.0818 4512 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:23:40.0865 4512 W32Time - ok
20:23:40.0881 4512 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:23:40.0881 4512 WacomPen - ok
20:23:40.0943 4512 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:23:41.0005 4512 WANARP - ok
20:23:41.0005 4512 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:23:41.0021 4512 Wanarpv6 - ok
20:23:41.0161 4512 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:23:41.0193 4512 WatAdminSvc - ok
20:23:41.0333 4512 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:23:41.0395 4512 wbengine - ok
20:23:41.0520 4512 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:23:41.0536 4512 WbioSrvc - ok
20:23:41.0598 4512 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:23:41.0645 4512 wcncsvc - ok
20:23:41.0676 4512 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:23:41.0723 4512 WcsPlugInService - ok
20:23:41.0770 4512 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:23:41.0785 4512 Wd - ok
20:23:41.0832 4512 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam.sys
20:23:41.0879 4512 WDC_SAM - ok
20:23:41.0926 4512 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:23:41.0957 4512 Wdf01000 - ok
20:23:41.0973 4512 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:23:42.0300 4512 WdiServiceHost - ok
20:23:42.0300 4512 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:23:42.0331 4512 WdiSystemHost - ok
20:23:42.0643 4512 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:23:42.0675 4512 WebClient - ok
20:23:42.0706 4512 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

#8 SoulAmiss

SoulAmiss

    New Member

  • Members
  • Pip
  • 25 posts

Posted 28 June 2012 - 08:35 PM

20:23:42.0753 4512 Wecsvc - ok
20:23:42.0784 4512 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:23:42.0831 4512 wercplsupport - ok
20:23:42.0862 4512 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:23:42.0893 4512 WerSvc - ok
20:23:42.0940 4512 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:23:42.0987 4512 WfpLwf - ok
20:23:43.0033 4512 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
20:23:43.0049 4512 WimFltr - ok
20:23:43.0065 4512 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:23:43.0080 4512 WIMMount - ok
20:23:43.0080 4512 WinHttpAutoProxySvc - ok
20:23:43.0143 4512 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:23:43.0221 4512 Winmgmt - ok
20:23:43.0377 4512 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:23:43.0455 4512 WinRM - ok
20:23:43.0626 4512 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:23:43.0673 4512 Wlansvc - ok
20:23:43.0923 4512 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:23:43.0954 4512 wlidsvc - ok
20:23:44.0094 4512 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:23:44.0125 4512 WmiAcpi - ok
20:23:44.0188 4512 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:23:44.0235 4512 wmiApSrv - ok
20:23:44.0281 4512 WMPNetworkSvc - ok
20:23:44.0328 4512 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:23:44.0344 4512 WPCSvc - ok
20:23:44.0391 4512 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:23:44.0422 4512 WPDBusEnum - ok
20:23:44.0453 4512 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:23:44.0484 4512 ws2ifsl - ok
20:23:44.0484 4512 WSearch - ok
20:23:44.0687 4512 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:23:44.0734 4512 wuauserv - ok
20:23:44.0874 4512 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:23:44.0937 4512 WudfPf - ok
20:23:44.0983 4512 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:23:45.0046 4512 WUDFRd - ok
20:23:45.0093 4512 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:23:45.0108 4512 wudfsvc - ok
20:23:45.0155 4512 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:23:45.0186 4512 WwanSvc - ok
20:23:45.0217 4512 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
20:23:45.0529 4512 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:23:45.0529 4512 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:23:45.0529 4512 Boot (0x1200) (cd38b1383ea78deb6866c65cbde2f1b9) \Device\Harddisk0\DR0\Partition0
20:23:45.0529 4512 \Device\Harddisk0\DR0\Partition0 - ok
20:23:45.0561 4512 Boot (0x1200) (0f3f6a544d31d87c2419ebbb2422dfd1) \Device\Harddisk0\DR0\Partition1
20:23:45.0561 4512 \Device\Harddisk0\DR0\Partition1 - ok
20:23:45.0561 4512 ============================================================
20:23:45.0561 4512 Scan finished
20:23:45.0561 4512 ============================================================
20:23:45.0576 4504 Detected object count: 7
20:23:45.0576 4504 Actual detected object count: 7
20:24:04.0515 4504 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
20:24:04.0515 4504 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
20:24:04.0515 4504 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
20:24:04.0515 4504 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:24:04.0515 4504 OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user
20:24:04.0515 4504 OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:24:04.0515 4504 ubohci ( ForgedFile.Multi.Generic ) - skipped by user
20:24:04.0515 4504 ubohci ( ForgedFile.Multi.Generic ) - User select action: Skip
20:24:04.0515 4504 ubsbm ( ForgedFile.Multi.Generic ) - skipped by user
20:24:04.0515 4504 ubsbm ( ForgedFile.Multi.Generic ) - User select action: Skip
20:24:04.0515 4504 ubumapi ( ForgedFile.Multi.Generic ) - skipped by user
20:24:04.0515 4504 ubumapi ( ForgedFile.Multi.Generic ) - User select action: Skip
20:24:04.0577 4504 \Device\Harddisk0\DR0\TDLFS - deleted
20:24:04.0577 4504 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
20:24:19.0974 0860 ============================================================
20:24:19.0974 0860 Scan started
20:24:19.0974 0860 Mode: Manual; SigCheck; TDLFS;
20:24:19.0974 0860 ============================================================
20:24:20.0333 0860 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:24:20.0364 0860 1394ohci - ok
20:24:20.0395 0860 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
20:24:20.0411 0860 61883 - ok
20:24:20.0442 0860 65897487 (a76e27c387a1309564349992ea5462c0) C:\Windows\system32\drivers\16495956.sys
20:24:20.0473 0860 65897487 - ok
20:24:20.0520 0860 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:24:20.0551 0860 ACPI - ok
20:24:20.0583 0860 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:24:20.0598 0860 AcpiPmi - ok
20:24:20.0629 0860 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys
20:24:20.0645 0860 adfs - ok
20:24:20.0785 0860 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:24:20.0817 0860 AdobeFlashPlayerUpdateSvc - ok
20:24:20.0863 0860 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:24:20.0895 0860 adp94xx - ok
20:24:20.0941 0860 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:24:20.0957 0860 adpahci - ok
20:24:20.0988 0860 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:24:21.0004 0860 adpu320 - ok
20:24:21.0035 0860 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:24:21.0066 0860 AeLookupSvc - ok
20:24:21.0129 0860 AERTFilters (3ac22a3dfa8a050e35f0e3cd99d0cdf2) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
20:24:21.0144 0860 AERTFilters - ok
20:24:21.0222 0860 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:24:21.0238 0860 AFD - ok
20:24:21.0285 0860 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:24:21.0300 0860 agp440 - ok
20:24:21.0612 0860 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll
20:24:21.0612 0860 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af
20:24:21.0612 0860 Akamai ( HiddenFile.Multi.Generic ) - warning
20:24:21.0612 0860 Akamai - detected HiddenFile.Multi.Generic (1)
20:24:21.0737 0860 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:24:21.0753 0860 ALG - ok
20:24:21.0799 0860 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:24:21.0815 0860 aliide - ok
20:24:21.0831 0860 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:24:21.0846 0860 amdide - ok
20:24:21.0877 0860 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:24:21.0877 0860 AmdK8 - ok
20:24:21.0909 0860 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:24:21.0909 0860 AmdPPM - ok
20:24:21.0955 0860 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:24:21.0971 0860 amdsata - ok
20:24:22.0002 0860 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:24:22.0033 0860 amdsbs - ok
20:24:22.0065 0860 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:24:22.0080 0860 amdxata - ok
20:24:22.0111 0860 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:24:22.0158 0860 AppID - ok
20:24:22.0189 0860 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:24:22.0221 0860 AppIDSvc - ok
20:24:22.0267 0860 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:24:22.0283 0860 Appinfo - ok
20:24:22.0392 0860 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:24:22.0408 0860 Apple Mobile Device - ok
20:24:22.0439 0860 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:24:22.0455 0860 arc - ok
20:24:22.0486 0860 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:24:22.0501 0860 arcsas - ok
20:24:22.0517 0860 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:24:22.0548 0860 AsyncMac - ok
20:24:22.0579 0860 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:24:22.0579 0860 atapi - ok
20:24:22.0720 0860 athr (195786ed7a26e1913a4f9799fdbc2c71) C:\Windows\system32\DRIVERS\athrx.sys
20:24:22.0751 0860 athr - ok
20:24:22.0907 0860 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:24:22.0938 0860 AudioEndpointBuilder - ok
20:24:22.0954 0860 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:24:22.0985 0860 AudioSrv - ok
20:24:23.0032 0860 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
20:24:23.0063 0860 Avc - ok
20:24:23.0094 0860 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:24:23.0110 0860 AxInstSV - ok
20:24:23.0172 0860 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:24:23.0203 0860 b06bdrv - ok
20:24:23.0250 0860 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:24:23.0281 0860 b57nd60a - ok
20:24:23.0313 0860 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:24:23.0328 0860 BDESVC - ok
20:24:23.0359 0860 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:24:23.0391 0860 Beep - ok
20:24:23.0469 0860 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
20:24:23.0515 0860 BITS - ok
20:24:23.0531 0860 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:24:23.0547 0860 blbdrive - ok
20:24:23.0625 0860 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:24:23.0640 0860 Bonjour Service - ok
20:24:23.0671 0860 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:24:23.0703 0860 bowser - ok
20:24:23.0703 0860 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:24:23.0718 0860 BrFiltLo - ok
20:24:23.0734 0860 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:24:23.0749 0860 BrFiltUp - ok
20:24:23.0765 0860 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:24:23.0796 0860 Browser - ok
20:24:23.0827 0860 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:24:23.0843 0860 Brserid - ok
20:24:23.0859 0860 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:24:23.0874 0860 BrSerWdm - ok
20:24:23.0890 0860 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:24:23.0905 0860 BrUsbMdm - ok
20:24:23.0921 0860 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:24:23.0952 0860 BrUsbSer - ok
20:24:23.0968 0860 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:24:23.0983 0860 BTHMODEM - ok
20:24:24.0015 0860 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:24:24.0046 0860 bthserv - ok
20:24:24.0077 0860 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:24:24.0108 0860 cdfs - ok
20:24:24.0155 0860 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:24:24.0171 0860 cdrom - ok
20:24:24.0202 0860 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:24:24.0233 0860 CertPropSvc - ok
20:24:24.0264 0860 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
20:24:24.0280 0860 cfwids - ok
20:24:24.0295 0860 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:24:24.0311 0860 circlass - ok
20:24:24.0342 0860 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:24:24.0373 0860 CLFS - ok
20:24:24.0436 0860 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:24:24.0451 0860 clr_optimization_v2.0.50727_32 - ok
20:24:24.0498 0860 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:24:24.0514 0860 clr_optimization_v2.0.50727_64 - ok
20:24:24.0592 0860 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:24:24.0607 0860 clr_optimization_v4.0.30319_32 - ok
20:24:24.0639 0860 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:24:24.0654 0860 clr_optimization_v4.0.30319_64 - ok
20:24:24.0670 0860 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:24:24.0685 0860 CmBatt - ok
20:24:24.0717 0860 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:24:24.0732 0860 cmdide - ok
20:24:24.0795 0860 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:24:24.0810 0860 CNG - ok
20:24:24.0826 0860 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:24:24.0841 0860 Compbatt - ok
20:24:24.0873 0860 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:24:24.0888 0860 CompositeBus - ok
20:24:24.0888 0860 COMSysApp - ok
20:24:24.0904 0860 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:24:24.0919 0860 crcdisk - ok
20:24:24.0966 0860 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
20:24:24.0982 0860 CryptSvc - ok
20:24:25.0044 0860 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:24:25.0107 0860 DcomLaunch - ok
20:24:25.0153 0860 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:24:25.0200 0860 defragsvc - ok
20:24:25.0231 0860 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:24:25.0278 0860 DfsC - ok
20:24:25.0309 0860 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:24:25.0356 0860 Dhcp - ok
20:24:25.0372 0860 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:24:25.0403 0860 discache - ok
20:24:25.0403 0860 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:24:25.0419 0860 Disk - ok
20:24:25.0465 0860 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:24:25.0481 0860 Dnscache - ok
20:24:25.0559 0860 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
20:24:25.0559 0860 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
20:24:25.0559 0860 DockLoginService - detected UnsignedFile.Multi.Generic (1)
20:24:25.0606 0860 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:24:25.0637 0860 dot3svc - ok
20:24:25.0684 0860 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:24:25.0731 0860 DPS - ok
20:24:25.0746 0860 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:24:25.0762 0860 drmkaud - ok
20:24:25.0855 0860 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:24:25.0887 0860 DXGKrnl - ok
20:24:25.0918 0860 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:24:25.0949 0860 EapHost - ok
20:24:26.0308 0860 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:24:26.0355 0860 ebdrv - ok
20:24:26.0464 0860 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:24:26.0479 0860 EFS - ok
20:24:26.0589 0860 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:24:26.0604 0860 ehRecvr - ok
20:24:26.0635 0860 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:24:26.0651 0860 ehSched - ok
20:24:26.0745 0860 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:24:26.0776 0860 elxstor - ok
20:24:26.0807 0860 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:24:26.0823 0860 ErrDev - ok
20:24:26.0885 0860 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:24:26.0932 0860 EventSystem - ok
20:24:26.0963 0860 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:24:26.0994 0860 exfat - ok
20:24:27.0025 0860 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:24:27.0057 0860 fastfat - ok
20:24:27.0150 0860 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:24:27.0166 0860 Fax - ok
20:24:27.0181 0860 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:24:27.0181 0860 fdc - ok
20:24:27.0197 0860 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:24:27.0228 0860 fdPHost - ok
20:24:27.0244 0860 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:24:27.0259 0860 FDResPub - ok
20:24:27.0275 0860 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:24:27.0291 0860 FileInfo - ok
20:24:27.0306 0860 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:24:27.0322 0860 Filetrace - ok
20:24:27.0337 0860 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:24:27.0337 0860 flpydisk - ok
20:24:27.0384 0860 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:24:27.0400 0860 FltMgr - ok
20:24:27.0509 0860 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:24:27.0540 0860 FontCache - ok
20:24:27.0618 0860 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:24:27.0634 0860 FontCache3.0.0.0 - ok
20:24:27.0681 0860 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:24:27.0696 0860 FsDepends - ok
20:24:27.0712 0860 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:24:27.0727 0860 Fs_Rec - ok
20:24:27.0759 0860 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:24:27.0790 0860 fvevol - ok
20:24:27.0805 0860 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:24:27.0821 0860 gagp30kx - ok
20:24:27.0883 0860 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
20:24:27.0899 0860 GoToAssist - ok
20:24:27.0977 0860 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:24:28.0024 0860 gpsvc - ok
20:24:28.0024 0860 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:24:28.0039 0860 hcw85cir - ok
20:24:28.0086 0860 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:24:28.0086 0860 HDAudBus - ok
20:24:28.0102 0860 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:24:28.0117 0860 HidBatt - ok
20:24:28.0133 0860 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:24:28.0149 0860 HidBth - ok
20:24:28.0149 0860 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:24:28.0164 0860 HidIr - ok
20:24:28.0180 0860 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:24:28.0211 0860 hidserv - ok
20:24:28.0227 0860 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:24:28.0242 0860 HidUsb - ok
20:24:28.0273 0860 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:24:28.0289 0860 hkmsvc - ok
20:24:28.0336 0860 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:24:28.0351 0860 HomeGroupListener - ok
20:24:28.0398 0860 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:24:28.0414 0860 HomeGroupProvider - ok
20:24:28.0445 0860 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:24:28.0461 0860 HpSAMD - ok
20:24:28.0539 0860 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:24:28.0585 0860 HTTP - ok
20:24:28.0617 0860 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:24:28.0632 0860 hwpolicy - ok
20:24:28.0663 0860 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:24:28.0679 0860 i8042prt - ok
20:24:28.0773 0860 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
20:24:28.0804 0860 IAANTMON - ok
20:24:28.0851 0860 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
20:24:28.0882 0860 iaStor - ok
20:24:28.0929 0860 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:24:28.0944 0860 iaStorV - ok
20:24:29.0085 0860 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:24:29.0116 0860 idsvc - ok
20:24:29.0131 0860 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:24:29.0147 0860 iirsp - ok
20:24:29.0241 0860 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:24:29.0287 0860 IKEEXT - ok
20:24:29.0443 0860 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys
20:24:29.0475 0860 IntcAzAudAddService - ok
20:24:29.0615 0860 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:24:29.0631 0860 intelide - ok
20:24:29.0662 0860 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:24:29.0677 0860 intelppm - ok
20:24:29.0709 0860 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:24:29.0755 0860 IPBusEnum - ok
20:24:29.0787 0860 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:24:29.0818 0860 IpFilterDriver - ok
20:24:29.0865 0860 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:24:29.0865 0860 IPMIDRV - ok
20:24:29.0896 0860 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:24:29.0943 0860 IPNAT - ok
20:24:30.0052 0860 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
20:24:30.0083 0860 iPod Service - ok
20:24:30.0099 0860 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:24:30.0114 0860 IRENUM - ok
20:24:30.0130 0860 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:24:30.0130 0860 isapnp - ok
20:24:30.0161 0860 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:24:30.0192 0860 iScsiPrt - ok
20:24:30.0223 0860 JRAID (71235f7baa7e5e79d38157df7a0f806a) C:\Windows\system32\DRIVERS\jraid.sys
20:24:30.0239 0860 JRAID - ok
20:24:30.0255 0860 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:24:30.0270 0860 kbdclass - ok
20:24:30.0270 0860 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:24:30.0286 0860 kbdhid - ok
20:24:30.0317 0860 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:24:30.0333 0860 KeyIso - ok
20:24:30.0379 0860 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:24:30.0395 0860 KSecDD - ok
20:24:30.0442 0860 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:24:30.0457 0860 KSecPkg - ok
20:24:30.0473 0860 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:24:30.0504 0860 ksthunk - ok
20:24:30.0551 0860 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:24:30.0598 0860 KtmRm - ok
20:24:30.0645 0860 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
20:24:30.0691 0860 LanmanServer - ok
20:24:30.0723 0860 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:24:30.0769 0860 LanmanWorkstation - ok
20:24:30.0785 0860 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:24:30.0801 0860 lltdio - ok
20:24:30.0863 0860 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:24:30.0894 0860 lltdsvc - ok
20:24:30.0910 0860 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:24:30.0941 0860 lmhosts - ok
20:24:30.0972 0860 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:24:30.0972 0860 LSI_FC - ok
20:24:30.0988 0860 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:24:31.0003 0860 LSI_SAS - ok
20:24:31.0019 0860 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:24:31.0019 0860 LSI_SAS2 - ok
20:24:31.0035 0860 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:24:31.0050 0860 LSI_SCSI - ok
20:24:31.0066 0860 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:24:31.0097 0860 luafv - ok
20:24:31.0128 0860 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
20:24:31.0144 0860 MBAMProtector - ok
20:24:31.0253 0860 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:24:31.0284 0860 MBAMService - ok
20:24:31.0393 0860 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:24:31.0425 0860 McMPFSvc - ok
20:24:31.0425 0860 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:24:31.0440 0860 mcmscsvc - ok
20:24:31.0440 0860 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:24:31.0456 0860 McNaiAnn - ok
20:24:31.0456 0860 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:24:31.0471 0860 McNASvc - ok
20:24:31.0565 0860 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\McAfee\VirusScan\mcods.exe
20:24:31.0581 0860 McODS - ok
20:24:31.0581 0860 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:24:31.0612 0860 McProxy - ok
20:24:31.0674 0860 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
20:24:31.0705 0860 McShield - ok
20:24:31.0846 0860 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:24:31.0861 0860 Mcx2Svc - ok
20:24:31.0908 0860 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:24:31.0924 0860 megasas - ok
20:24:31.0955 0860 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:24:31.0955 0860 MegaSR - ok
20:24:32.0002 0860 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
20:24:32.0017 0860 mfeapfk - ok
20:24:32.0049 0860 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
20:24:32.0064 0860 mfeavfk - ok
20:24:32.0064 0860 mfeavfk01 - ok
20:24:32.0111 0860 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
20:24:32.0142 0860 mfefire - ok
20:24:32.0189 0860 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
20:24:32.0220 0860 mfefirek - ok
20:24:32.0283 0860 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
20:24:32.0314 0860 mfehidk - ok
20:24:32.0329 0860 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
20:24:32.0345 0860 mfenlfk - ok
20:24:32.0361 0860 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
20:24:32.0376 0860 mferkdet - ok
20:24:32.0423 0860 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe
20:24:32.0439 0860 mfevtp - ok
20:24:32.0470 0860 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
20:24:32.0485 0860 mfewfpk - ok
20:24:32.0517 0860 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:24:32.0548 0860 MMCSS - ok
20:24:32.0579 0860 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:24:32.0595 0860 Modem - ok
20:24:32.0626 0860 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:24:32.0626 0860 monitor - ok
20:24:32.0673 0860 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:24:32.0688 0860 mouclass - ok
20:24:32.0688 0860 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:24:32.0719 0860 mouhid - ok
20:24:32.0751 0860 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:24:32.0766 0860 mountmgr - ok
20:24:32.0844 0860 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:24:32.0860 0860 MozillaMaintenance - ok
20:24:32.0907 0860 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:24:32.0922 0860 mpio - ok
20:24:32.0938 0860 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:24:32.0969 0860 mpsdrv - ok
20:24:33.0016 0860 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:24:33.0031 0860 MRxDAV - ok
20:24:33.0063 0860 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:24:33.0078 0860 mrxsmb - ok
20:24:33.0125 0860 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:24:33.0156 0860 mrxsmb10 - ok
20:24:33.0172 0860 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:24:33.0187 0860 mrxsmb20 - ok
20:24:33.0219 0860 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:24:33.0234 0860 msahci - ok
20:24:33.0250 0860 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:24:33.0265 0860 msdsm - ok
20:24:33.0328 0860 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:24:33.0343 0860 MSDTC - ok
20:24:33.0375 0860 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
20:24:33.0406 0860 MSDV - ok
20:24:33.0421 0860 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:24:33.0453 0860 Msfs - ok
20:24:33.0453 0860 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:24:33.0484 0860 mshidkmdf - ok
20:24:33.0531 0860 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:24:33.0546 0860 msisadrv - ok
20:24:33.0577 0860 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:24:33.0624 0860 MSiSCSI - ok
20:24:33.0624 0860 msiserver - ok
20:24:33.0765 0860 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:24:33.0780 0860 MSK80Service - ok
20:24:33.0796 0860 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:24:33.0827 0860 MSKSSRV - ok
20:24:33.0827 0860 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:24:33.0858 0860 MSPCLOCK - ok
20:24:33.0858 0860 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:24:33.0874 0860 MSPQM - ok
20:24:33.0936 0860 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:24:33.0967 0860 MsRPC - ok
20:24:33.0999 0860 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:24:34.0014 0860 mssmbios - ok
20:24:34.0014 0860 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:24:34.0061 0860 MSTEE - ok
20:24:34.0061 0860 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:24:34.0061 0860 MTConfig - ok
20:24:34.0092 0860 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:24:34.0092 0860 Mup - ok
20:24:34.0155 0860 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:24:34.0201 0860 napagent - ok
20:24:34.0248 0860 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:24:34.0264 0860 NativeWifiP - ok
20:24:34.0373 0860 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:24:34.0404 0860 NDIS - ok
20:24:34.0420 0860 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:24:34.0467 0860 NdisCap - ok
20:24:34.0467 0860 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:24:34.0498 0860 NdisTapi - ok
20:24:34.0545 0860 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:24:34.0591 0860 Ndisuio - ok
20:24:34.0638 0860 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:24:34.0669 0860 NdisWan - ok
20:24:34.0701 0860 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:24:34.0732 0860 NDProxy - ok
20:24:34.0747 0860 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:24:34.0763 0860 NetBIOS - ok
20:24:34.0825 0860 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:24:34.0857 0860 NetBT - ok
20:24:34.0888 0860 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:24:34.0903 0860 Netlogon - ok
20:24:34.0950 0860 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:24:34.0997 0860 Netman - ok
20:24:35.0028 0860 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:24:35.0091 0860 netprofm - ok
20:24:35.0169 0860 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:24:35.0169 0860 NetTcpPortSharing - ok
20:24:35.0200 0860 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:24:35.0215 0860 nfrd960 - ok
20:24:35.0262 0860 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:24:35.0309 0860 NlaSvc - ok
20:24:35.0325 0860 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:24:35.0356 0860 Npfs - ok
20:24:35.0371 0860 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:24:35.0403 0860 nsi - ok
20:24:35.0403 0860 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:24:35.0434 0860 nsiproxy - ok
20:24:35.0590 0860 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:24:35.0621 0860 Ntfs - ok
20:24:35.0746 0860 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:24:35.0777 0860 Null - ok
20:24:36.0573 0860 nvlddmkm (feffc8474be060ea7349a172b9810415) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:24:36.0697 0860 nvlddmkm - ok
20:24:36.0838 0860 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:24:36.0869 0860 nvraid - ok
20:24:36.0885 0860 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:24:36.0900 0860 nvstor - ok
20:24:36.0963 0860 nvsvc (18aa5ff4ee3fe45a64b98589c62b7fc0) C:\Windows\system32\nvvsvc.exe
20:24:36.0978 0860 nvsvc - ok
20:24:37.0009 0860 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:24:37.0041 0860 nv_agp - ok
20:24:37.0072 0860 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:24:37.0087 0860 ohci1394 - ok
20:24:37.0197 0860 OpenVPNService (d8a0164a79d4bfd6083945c5431e41e7) C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe
20:24:37.0197 0860 OpenVPNService ( UnsignedFile.Multi.Generic ) - warning
20:24:37.0197 0860 OpenVPNService - detected UnsignedFile.Multi.Generic (1)
20:24:37.0197 0860 p2csvc - ok
20:24:37.0259 0860 p2csvc32 - ok
20:24:37.0306 0860 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:24:37.0321 0860 p2pimsvc - ok
20:24:37.0368 0860 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:24:37.0399 0860 p2psvc - ok
20:24:37.0446 0860 p2usb (5035825b9217a087ea70497066385fe7) C:\Windows\system32\DRIVERS\p2usb.sys
20:24:37.0462 0860 p2usb - ok
20:24:37.0493 0860 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:24:37.0524 0860 Parport - ok
20:24:37.0555 0860 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:24:37.0571 0860 partmgr - ok
20:24:37.0602 0860 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:24:37.0618 0860 PcaSvc - ok
20:24:37.0665 0860 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:24:37.0680 0860 pci - ok
20:24:37.0711 0860 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:24:37.0727 0860 pciide - ok
20:24:37.0743 0860 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:24:37.0774 0860 pcmcia - ok
20:24:37.0789 0860 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:24:37.0789 0860 pcw - ok
20:24:37.0852 0860 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:24:37.0899 0860 PEAUTH - ok
20:24:37.0977 0860 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:24:37.0992 0860 PerfHost - ok
20:24:38.0133 0860 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:24:38.0179 0860 pla - ok
20:24:38.0242 0860 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:24:38.0257 0860 PlugPlay - ok
20:24:38.0289 0860 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:24:38.0304 0860 PNRPAutoReg - ok
20:24:38.0335 0860 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:24:38.0367 0860 PNRPsvc - ok
20:24:38.0429 0860 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:24:38.0460 0860 PolicyAgent - ok
20:24:38.0491 0860 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:24:38.0538 0860 Power - ok
20:24:38.0601 0860 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:24:38.0632 0860 PptpMiniport - ok
20:24:38.0663 0860 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:24:38.0679 0860 Processor - ok
20:24:38.0725 0860 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
20:24:38.0741 0860 ProfSvc - ok
20:24:38.0772 0860 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:24:38.0788 0860 ProtectedStorage - ok
20:24:38.0819 0860 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:24:38.0866 0860 Psched - ok
20:24:38.0881 0860 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
20:24:38.0913 0860 PxHlpa64 - ok
20:24:39.0022 0860 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:24:39.0053 0860 ql2300 - ok
20:24:39.0178 0860 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:24:39.0193 0860 ql40xx - ok
20:24:39.0240 0860 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:24:39.0271 0860 QWAVE - ok
20:24:39.0271 0860 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:24:39.0287 0860 QWAVEdrv - ok
20:24:39.0287 0860 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:24:39.0318 0860 RasAcd - ok
20:24:39.0349 0860 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:24:39.0365 0860 RasAgileVpn - ok
20:24:39.0396 0860 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:24:39.0412 0860 RasAuto - ok
20:24:39.0459 0860 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:24:39.0490 0860 Rasl2tp - ok
20:24:39.0521 0860 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:24:39.0552 0860 RasMan - ok
20:24:39.0568 0860 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:24:39.0599 0860 RasPppoe - ok
20:24:39.0615 0860 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:24:39.0646 0860 RasSstp - ok
20:24:39.0693 0860 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:24:39.0739 0860 rdbss - ok
20:24:39.0739 0860 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:24:39.0755 0860 rdpbus - ok
20:24:39.0771 0860 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:24:39.0802 0860 RDPCDD - ok
20:24:39.0802 0860 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:24:39.0833 0860 RDPENCDD - ok
20:24:39.0849 0860 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:24:39.0864 0860 RDPREFMP - ok
20:24:39.0911 0860 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
20:24:39.0927 0860 RDPWD - ok
20:24:39.0958 0860 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:24:39.0989 0860 rdyboost - ok
20:24:40.0020 0860 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:24:40.0051 0860 RemoteAccess - ok
20:24:40.0083 0860 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:24:40.0129 0860 RemoteRegistry - ok
20:24:40.0317 0860 RoxMediaDB10 (05fc44d32a144925eae45570029fd6e1) c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
20:24:40.0348 0860 RoxMediaDB10 - ok
20:24:40.0363 0860 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:24:40.0395 0860 RpcEptMapper - ok
20:24:40.0410 0860 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:24:40.0426 0860 RpcLocator - ok
20:24:40.0488 0860 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:24:40.0519 0860 RpcSs - ok
20:24:40.0566 0860 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:24:40.0613 0860 rspndr - ok
20:24:40.0644 0860 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys
20:24:40.0660 0860 RSUSBSTOR - ok
20:24:40.0707 0860 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:24:40.0722 0860 RTL8167 - ok
20:24:40.0722 0860 RxFilter - ok
20:24:40.0769 0860 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:24:40.0785 0860 SamSs - ok
20:24:40.0816 0860 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:24:40.0831 0860 sbp2port - ok
20:24:40.0863 0860 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:24:40.0894 0860 SCardSvr - ok
20:24:40.0925 0860 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:24:40.0941 0860 scfilter - ok
20:24:41.0065 0860 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:24:41.0112 0860 Schedule - ok
20:24:41.0128 0860 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:24:41.0159 0860 SCPolicySvc - ok
20:24:41.0206 0860 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:24:41.0237 0860 SDRSVC - ok
20:24:41.0331 0860 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
20:24:41.0362 0860 SeaPort - ok
20:24:41.0393 0860 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:24:41.0424 0860 secdrv - ok
20:24:41.0487 0860 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:24:41.0533 0860 seclogon - ok
20:24:41.0596 0860 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:24:41.0643 0860 SENS - ok
20:24:41.0674 0860 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:24:41.0689 0860 SensrSvc - ok
20:24:41.0861 0860 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:24:41.0877 0860 Serenum - ok
20:24:41.0908 0860 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:24:41.0923 0860 Serial - ok
20:24:41.0986 0860 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:24:42.0001 0860 sermouse - ok
20:24:42.0157 0860 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:24:42.0204 0860 SessionEnv - ok
20:24:42.0235 0860 SessionLauncher - ok
20:24:42.0298 0860 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:24:42.0313 0860 sffdisk - ok
20:24:42.0329 0860 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:24:42.0345 0860 sffp_mmc - ok
20:24:42.0360 0860 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:24:42.0376 0860 sffp_sd - ok
20:24:42.0423 0860 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:24:42.0438 0860 sfloppy - ok
20:24:42.0532 0860 SftService (7f475425582163602ef1589c0071e521) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
20:24:42.0532 0860 SftService - ok
20:24:42.0594 0860 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:24:42.0625 0860 SharedAccess - ok
20:24:42.0719 0860 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:24:42.0750 0860 ShellHWDetection - ok
20:24:42.0891 0860 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:24:42.0906 0860 SiSRaid2 - ok
20:24:43.0000 0860 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:24:43.0015 0860 SiSRaid4 - ok
20:24:43.0062 0860 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:24:43.0109 0860 Smb - ok
20:24:43.0140 0860 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:24:43.0156 0860 SNMPTRAP - ok
20:24:43.0203 0860 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:24:43.0218 0860 spldr - ok
20:24:43.0452 0860 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:24:43.0483 0860 Spooler - ok
20:24:44.0139 0860 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:24:44.0201 0860 sppsvc - ok
20:24:44.0388 0860 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:24:44.0419 0860 sppuinotify - ok
20:24:44.0529 0860 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:24:44.0560 0860 srv - ok
20:24:44.0685 0860 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:24:44.0700 0860 srv2 - ok
20:24:44.0763 0860 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:24:44.0778 0860 srvnet - ok
20:24:44.0903 0860 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:24:44.0950 0860 SSDPSRV - ok
20:24:44.0981 0860 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:24:45.0028 0860 SstpSvc - ok
20:24:45.0059 0860 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:24:45.0075 0860 stexstor - ok
20:24:45.0246 0860 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:24:45.0277 0860 stisvc - ok
20:24:45.0465 0860 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
20:24:45.0480 0860 stllssvr - ok
20:24:45.0901 0860 Stuffit Archive Name Service (1db60cb3e53e2491d5d6c43c06676ca2) C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe
20:24:45.0933 0860 Stuffit Archive Name Service - ok
20:24:46.0057 0860 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:24:46.0073 0860 swenum - ok
20:24:46.0120 0860 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:24:46.0151 0860 swprv - ok
20:24:46.0307 0860 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:24:46.0338 0860 SysMain - ok
20:24:46.0463 0860 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:24:46.0479 0860 TabletInputService - ok
20:24:46.0635 0860 tap0901 (3b73c849b41fb20d77b0e553214061a5) C:\Windows\system32\DRIVERS\tap0901.sys
20:24:46.0650 0860 tap0901 - ok
20:24:46.0728 0860 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:24:46.0759 0860 TapiSrv - ok
20:24:46.0791 0860 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:24:46.0822 0860 TBS - ok
20:24:47.0227 0860 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:24:47.0259 0860 Tcpip - ok
20:24:48.0351 0860 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:24:48.0382 0860 TCPIP6 - ok
20:24:49.0661 0860 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:24:49.0677 0860 tcpipreg - ok
20:24:49.0755 0860 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:24:49.0755 0860 TDPIPE - ok
20:24:49.0848 0860 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:24:49.0848 0860 TDTCP - ok
20:24:50.0160 0860 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:24:50.0176 0860 tdx - ok
20:24:50.0394 0860 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:24:50.0394 0860 TermDD - ok
20:24:51.0564 0860 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:24:51.0595 0860 TermService - ok
20:24:51.0627 0860 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:24:51.0642 0860 Themes - ok
20:24:51.0673 0860 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:24:51.0705 0860 THREADORDER - ok
20:24:51.0736 0860 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:24:51.0767 0860 TrkWks - ok
20:24:51.0892 0860 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:24:51.0923 0860 TrustedInstaller - ok
20:24:51.0954 0860 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:24:51.0985 0860 tssecsrv - ok
20:24:52.0157 0860 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:24:52.0173 0860 TsUsbFlt - ok
20:24:52.0266 0860 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:24:52.0313 0860 tunnel - ok
20:24:52.0407 0860 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:24:52.0422 0860 uagp35 - ok
20:24:52.0547 0860 ubohci (0ae9dd39a559359897541e2d4b8ec491) C:\Windows\system32\DRIVERS\ubohci.sys
20:24:52.0563 0860 Suspicious file (Forged): C:\Windows\system32\DRIVERS\ubohci.sys. Real md5: 0ae9dd39a559359897541e2d4b8ec491, Fake md5: 1e2e55e1b3bf2160d617e854a7b4950b
20:24:52.0563 0860 ubohci ( ForgedFile.Multi.Generic ) - warning
20:24:52.0563 0860 ubohci - detected ForgedFile.Multi.Generic (1)
20:24:52.0594 0860 ubsbm (a7e0b68f49650372910083e5697b7e99) C:\Windows\system32\DRIVERS\ubsbm.sys
20:24:52.0594 0860 Suspicious file (Forged): C:\Windows\system32\DRIVERS\ubsbm.sys. Real md5: a7e0b68f49650372910083e5697b7e99, Fake md5: b30147ca21ab2d10a14dc36a9aa17fd9
20:24:52.0594 0860 ubsbm ( ForgedFile.Multi.Generic ) - warning
20:24:52.0594 0860 ubsbm - detected ForgedFile.Multi.Generic (1)
20:24:52.0687 0860 ubumapi (db4a752a3d03c3b48bb8b23b0c53745d) C:\Windows\system32\DRIVERS\ubumapi.sys
20:24:52.0687 0860 Suspicious file (Forged): C:\Windows\system32\DRIVERS\ubumapi.sys. Real md5: db4a752a3d03c3b48bb8b23b0c53745d, Fake md5: b2a7a65cbd4803bbdb552620e57cd1bd
20:24:52.0687 0860 ubumapi ( ForgedFile.Multi.Generic ) - warning
20:24:52.0687 0860 ubumapi - detected ForgedFile.Multi.Generic (1)
20:24:52.0953 0860 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:24:52.0999 0860 udfs - ok
20:24:53.0124 0860 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:24:53.0155 0860 UI0Detect - ok
20:24:53.0280 0860 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:24:53.0296 0860 uliagpkx - ok
20:24:53.0343 0860 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:24:53.0374 0860 umbus - ok
20:24:53.0452 0860 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:24:53.0467 0860 UmPass - ok
20:24:53.0873 0860 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:24:53.0920 0860 upnphost - ok
20:24:53.0998 0860 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
20:24:54.0013 0860 USBAAPL64 - ok
20:24:54.0247 0860 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:24:54.0263 0860 usbccgp - ok
20:24:54.0372 0860 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:24:54.0388 0860 usbcir - ok
20:24:54.0435 0860 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:24:54.0450 0860 usbehci - ok
20:24:54.0528 0860 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:24:54.0544 0860 usbhub - ok
20:24:54.0591 0860 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:24:54.0622 0860 usbohci - ok
20:24:54.0715 0860 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:24:54.0731 0860 usbprint - ok
20:24:54.0871 0860 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:24:54.0887 0860 USBSTOR - ok
20:24:54.0934 0860 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
20:24:54.0965 0860 usbuhci - ok
20:24:55.0059 0860 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:24:55.0105 0860 UxSms - ok
20:24:55.0121 0860 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:24:55.0137 0860 VaultSvc - ok
20:24:55.0199 0860 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:24:55.0215 0860 vdrvroot - ok
20:24:55.0324 0860 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:24:55.0355 0860 vds - ok
20:24:55.0386 0860 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:24:55.0402 0860 vga - ok
20:24:55.0417 0860 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:24:55.0449 0860 VgaSave - ok
20:24:55.0495 0860 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:24:55.0511 0860 vhdmp - ok
20:24:55.0542 0860 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:24:55.0558 0860 viaide - ok
20:24:55.0620 0860 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:24:55.0636 0860 volmgr - ok
20:24:55.0683 0860 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:24:55.0698 0860 volmgrx - ok
20:24:55.0729 0860 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:24:55.0745 0860 volsnap - ok
20:24:55.0776 0860 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:24:55.0792 0860 vsmraid - ok
20:24:55.0932 0860 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:24:55.0979 0860 VSS - ok
20:24:56.0229 0860 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:24:56.0244 0860 vwifibus - ok
20:24:56.0260 0860 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:24:56.0275 0860 vwififlt - ok
20:24:56.0291 0860 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
20:24:56.0291 0860 vwifimp - ok
20:24:56.0338 0860 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:24:56.0369 0860 W32Time - ok
20:24:56.0385 0860 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:24:56.0400 0860 WacomPen - ok
20:24:56.0431 0860 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:24:56.0463 0860 WANARP - ok
20:24:56.0463 0860 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:24:56.0494 0860 Wanarpv6 - ok
20:24:56.0821 0860 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:24:56.0837 0860 WatAdminSvc - ok
20:24:56.0962 0860 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:24:56.0993 0860 wbengine - ok
20:24:57.0305 0860 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:24:57.0321 0860 WbioSrvc - ok
20:24:57.0586 0860 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:24:57.0601 0860 wcncsvc - ok
20:24:57.0617 0860 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:24:57.0633 0860 WcsPlugInService - ok
20:24:57.0664 0860 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:24:57.0679 0860 Wd - ok
20:24:57.0711 0860 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam.sys
20:24:57.0711 0860 WDC_SAM - ok
20:24:58.0225 0860 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:24:58.0241 0860 Wdf01000 - ok
20:24:58.0444 0860 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:24:58.0459 0860 WdiServiceHost - ok
20:24:58.0459 0860 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:24:58.0491 0860 WdiSystemHost - ok
20:24:58.0803 0860 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:24:58.0834 0860 WebClient - ok
20:24:58.0943 0860 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:24:58.0990 0860 Wecsvc - ok
20:24:59.0115 0860 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:24:59.0161 0860 wercplsupport - ok
20:24:59.0255 0860 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:24:59.0302 0860 WerSvc - ok
20:24:59.0411 0860 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:24:59.0458 0860 WfpLwf - ok
20:24:59.0848 0860 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
20:24:59.0863 0860 WimFltr - ok
20:24:59.0879 0860 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:24:59.0895 0860 WIMMount - ok
20:24:59.0895 0860 WinHttpAutoProxySvc - ok
20:25:00.0113 0860 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:25:00.0144 0860 Winmgmt - ok
20:25:01.0377 0860 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:25:01.0423 0860 WinRM - ok
20:25:03.0030 0860 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:25:03.0061 0860 Wlansvc - ok
20:25:04.0996 0860 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:25:05.0043 0860 wlidsvc - ok
20:25:05.0745 0860 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:25:05.0760 0860 WmiAcpi - ok
20:25:06.0353 0860 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:25:06.0384 0860 wmiApSrv - ok
20:25:06.0462 0860 WMPNetworkSvc - ok
20:25:06.0509 0860 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:25:06.0540 0860 WPCSvc - ok
20:25:06.0961 0860 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:25:06.0993 0860 WPDBusEnum - ok
20:25:07.0024 0860 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:25:07.0071 0860 ws2ifsl - ok
20:25:07.0071 0860 WSearch - ok
20:25:10.0144 0860 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:25:10.0191 0860 wuauserv - ok
20:25:11.0782 0860 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:25:11.0829 0860 WudfPf - ok
20:25:12.0265 0860 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:25:12.0312 0860 WUDFRd - ok
20:25:12.0453 0860 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:25:12.0499 0860 wudfsvc - ok
20:25:12.0687 0860 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:25:12.0718 0860 WwanSvc - ok
20:25:12.0733 0860 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
20:25:15.0541 0860 \Device\Harddisk0\DR0 - ok
20:25:15.0588 0860 Boot (0x1200) (cd38b1383ea78deb6866c65cbde2f1b9) \Device\Harddisk0\DR0\Partition0
20:25:15.0604 0860 \Device\Harddisk0\DR0\Partition0 - ok
20:25:15.0635 0860 Boot (0x1200) (0f3f6a544d31d87c2419ebbb2422dfd1) \Device\Harddisk0\DR0\Partition1
20:25:15.0651 0860 \Device\Harddisk0\DR0\Partition1 - ok
20:25:15.0651 0860 ============================================================
20:25:15.0651 0860 Scan finished
20:25:15.0651 0860 ============================================================
20:25:15.0651 0592 Detected object count: 6
20:25:15.0651 0592 Actual detected object count: 6
20:25:21.0844 0592 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
20:25:21.0844 0592 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
20:25:21.0844 0592 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:21.0844 0592 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:21.0844 0592 OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:21.0844 0592 OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:21.0844 0592 ubohci ( ForgedFile.Multi.Generic ) - skipped by user
20:25:21.0844 0592 ubohci ( ForgedFile.Multi.Generic ) - User select action: Skip
20:25:21.0844 0592 ubsbm ( ForgedFile.Multi.Generic ) - skipped by user
20:25:21.0844 0592 ubsbm ( ForgedFile.Multi.Generic ) - User select action: Skip
20:25:21.0844 0592 ubumapi ( ForgedFile.Multi.Generic ) - skipped by user
20:25:21.0844 0592 ubumapi ( ForgedFile.Multi.Generic ) - User select action: Skip
20:25:25.0323 4448 Deinitialize success

#9 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,194 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 28 June 2012 - 08:54 PM

Was there a "Cure" option for these files: (you skipped them)

20:25:21.0844 0592 ubohci ( ForgedFile.Multi.Generic ) - skipped by user
20:25:21.0844 0592 ubohci ( ForgedFile.Multi.Generic ) - User select action: Skip
20:25:21.0844 0592 ubsbm ( ForgedFile.Multi.Generic ) - skipped by user
20:25:21.0844 0592 ubsbm ( ForgedFile.Multi.Generic ) - User select action: Skip
20:25:21.0844 0592 ubumapi ( ForgedFile.Multi.Generic ) - skipped by user
20:25:21.0844 0592 ubumapi ( ForgedFile.Multi.Generic ) - User select action: Skip


Run TDSSKiller again and see if a "Cure" option is available.

Let me know, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#10 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,194 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 30 June 2012 - 05:59 AM

How are we doing??

Do you still need help or can I close this post??

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#11 SoulAmiss

SoulAmiss

    New Member

  • Members
  • Pip
  • 25 posts

Posted 30 June 2012 - 01:39 PM

There was not an option to "cure" those, only "delete" or "copy to quarantine". Also, about the same time I noticed this virus, I also updated Itunes and my dvd-roms disappeared. Would this be caused by this virus or the Itunes update? I tried reloading the drivers and it told me the drivers were up to date.

#12 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,194 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 30 June 2012 - 01:52 PM

There was not an option to "cure" those, only "delete" or "copy to quarantine". Also, about the same time I noticed this virus, I also updated Itunes and my dvd-roms disappeared. Would this be caused by this virus or the Itunes update? I tried reloading the drivers and it told me the drivers were up to date.


That's hard to say....please do this.......


Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#13 SoulAmiss

SoulAmiss

    New Member

  • Members
  • Pip
  • 25 posts

Posted 01 July 2012 - 03:13 PM

I keep getting a "Windows cannot find 'NIRKMD'. Make sure you typed the name correctly, and then try again." message wgen I run ComboFix and then nothing happens after that.

#14 SoulAmiss

SoulAmiss

    New Member

  • Members
  • Pip
  • 25 posts

Posted 01 July 2012 - 05:54 PM

Kept clicking through that message until I finally got this:
ComboFix 12-07-01.03 - I'm Lee 07/01/2012 15:19:06.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6143 [GMT -5:00]
Running from: c:\users\I'm Lee\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\313055a4m715j113g838v8avg1e3
c:\users\I'm Lee\AppData\Local\jmd.exe
c:\users\I'm Lee\AppData\Local\txg.exe
c:\users\I'm Lee\AppData\Roaming\Mozilla\Firefox\Profiles\vv00rrof.default\searchplugins\bing-zugo.xml
G:\Autorun.inf
G:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-01 to 2012-07-01 )))))))))))))))))))))))))))))))
.
.
2012-07-01 22:29 . 2012-07-01 22:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-29 01:14 . 2012-06-29 01:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-25 22:49 . 2012-06-25 22:49 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-25 22:49 . 2012-06-25 22:49 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-23 00:04 . 2012-05-25 22:09 29312 ----a-w- c:\program files (x86)\Mozilla Firefox\ScriptFF.dll
2012-06-21 19:37 . 2012-06-21 19:37 -------- d-----w- C:\found.000
2012-06-21 11:50 . 2012-06-21 11:50 -------- d-----w- c:\program files\CCleaner
2012-06-21 11:47 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 11:47 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 11:47 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 11:47 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 11:47 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 11:47 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 11:47 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 11:47 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 11:47 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-17 14:10 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-17 14:10 . 2012-06-17 14:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-17 13:52 . 2012-06-25 01:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-17 13:52 . 2012-06-25 01:03 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-16 16:32 . 2012-06-16 16:32 -------- d-----w- c:\programdata\Caphyon
2012-06-16 16:32 . 2012-06-16 16:32 -------- d-----w- c:\program files (x86)\PatchBeam
2012-06-16 16:32 . 2012-06-16 16:32 -------- d-----w- c:\program files (x86)\PowerArchiver
2012-06-15 22:18 . 2012-06-15 22:53 -------- d-----w- C:\AdobeTemp
2012-06-14 01:15 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-11 23:16 . 2012-06-11 23:16 -------- d-----w- c:\windows\en
2012-06-11 23:14 . 2012-06-11 23:14 -------- d-----w- c:\program files\Windows Live
2012-06-11 23:14 . 2012-06-11 23:14 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-11 23:11 . 2012-06-11 23:11 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\92a1b4ad1cd482704\DSETUP.dll
2012-06-11 23:11 . 2012-06-11 23:11 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\92a1b4ad1cd482704\DXSETUP.exe
2012-06-11 23:11 . 2012-06-11 23:11 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\92a1b4ad1cd482704\dsetup32.dll
2012-06-11 23:04 . 2009-05-18 18:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-06-11 23:04 . 2008-04-17 17:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-06-11 23:04 . 2008-04-17 17:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-06-11 23:03 . 2012-06-11 23:03 -------- d-----w- c:\program files\iPod
2012-06-11 23:03 . 2012-06-11 23:04 -------- d-----w- c:\program files\iTunes
2012-06-10 14:21 . 2012-06-10 14:21 -------- d-----w- c:\users\I'm Lee\AppData\Local\Macromedia
2012-06-10 13:51 . 2012-06-10 13:51 -------- d-----w- c:\users\I'm Lee\AppData\Local\ElevatedDiagnostics
2012-06-06 18:56 . 2012-06-06 19:29 -------- d-----w- c:\users\I'm Lee\PhotoFucket
2012-06-06 18:24 . 2012-06-10 20:43 -------- d-----w- c:\program files (x86)\PhotoFucket
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"Akamai NetSession Interface"="c:\users\I'm Lee\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\I'm Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
P2 Card Manager.lnk - c:\program files\Panasonic P2\Drivers\App\P2TaskTray.exe [2007-3-8 14336]
STK03N PNP Monitor.lnk - c:\windows\STK03N\STK03NM.exe [2011-9-9 163840]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\DRIVERS\ubsbm.sys [2010-02-26 24064]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\DRIVERS\ubumapi.sys [2010-02-26 92160]
R3 65897487;65897487;c:\windows\system32\drivers\16495956.sys [2011-12-02 111408]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 250056]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-25 113120]
R3 p2usb;Panasonic P2 Series USB Device;c:\windows\system32\DRIVERS\p2usb.sys [2011-05-23 30208]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\DRIVERS\ubohci.sys [2010-02-26 132608]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1255736]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S2 p2csvc;p2csvc;c:\windows\system32\p2csvc.exe [2008-07-25 67072]
S2 p2csvc32;p2csvc32;c:\windows\SysWOW64\p2csvc32.exe [2008-07-25 61440]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-09-17 656624]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-04-16 14464]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SBP2PORT
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-17 01:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
TCP: DhcpNameServer = 97.64.168.12 97.64.183.165
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\I'm Lee\AppData\Roaming\Mozilla\Firefox\Profiles\vv00rrof.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15623
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.photobucket.com
FF - prefs.js: keyword.URL - hxxp://utils.babylon.com/abt/index.php?url=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-565956605-2893480571-1785055309-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-565956605-2893480571-1785055309-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2607047~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000000
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2618444~31bf3856ad364e35~amd64~~9.4.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2618451~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2619339~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2620712~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2621146~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000000
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2633952~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2639417~31bf3856ad364e35~amd64~~6.1.1.3]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\01\0a\15\1b8N"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2012-07-01 17:47:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-01 22:47
.
Pre-Run: 330,321,436,672 bytes free
Post-Run: 329,828,888,576 bytes free
.
- - End Of File - - 67B3D0140D098F9626190492F439A070

#15 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,194 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 02 July 2012 - 06:05 AM

Please upload these two files to VirusTotal for a free scan, let me know the results. (just copy back the url)

C:\Windows\system32\DRIVERS\ubohci.sys
C:\Windows\system32\DRIVERS\ubsbm.sys

http://www.virustotal.com/

You may have to enable hidden files to see them:
http://www.howtogeek...-windows-vista/

-----------------------

also......


Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#16 SoulAmiss

SoulAmiss

    New Member

  • Members
  • Pip
  • 25 posts

Posted 03 July 2012 - 08:43 PM

I can see them when I go to the folder manually but when I try to upload them to virustotal, they aren't there. (they are not hidden) No .sys files are.

#17 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,194 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 04 July 2012 - 06:18 AM

Please do this......

Download aswMBR to your desktop.
http://public.avast....erek/aswMBR.exe
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#18 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,194 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 06 July 2012 - 06:23 AM

How are we doing??

Do you still need help or can I close this post??

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#19 SoulAmiss

SoulAmiss

    New Member

  • Members
  • Pip
  • 25 posts

Posted 06 July 2012 - 12:03 PM

Sorry. Been busy. Still don't have dvd-roms.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-06 11:41:08
-----------------------------
11:41:08.683 OS Version: Windows x64 6.1.7601 Service Pack 1
11:41:08.684 Number of processors: 8 586 0x1A05
11:41:08.685 ComputerName: SASSAFRASQUATCH UserName: I'm Lee
11:41:10.094 Initialize success
11:45:53.240 AVAST engine defs: 12070600
11:48:32.730 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
11:48:32.733 Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 3
11:48:32.735 Disk 1 \Device\Harddisk1\DR1 -> \Device\Sbp2\WD&My Book&0&0090a9d7_b813944d_Instance00
11:48:32.737 Disk 1 Vendor: WD______ 1025 Size: 476940MB BusType: 4
11:48:32.752 Disk 0 MBR read successfully
11:48:32.755 Disk 0 MBR scan
11:48:32.759 Disk 0 Windows VISTA default MBR code
11:48:32.761 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
11:48:32.770 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 9342 MB offset 81920
11:48:32.789 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 601097 MB offset 19214336
11:48:32.814 Disk 0 scanning C:\Windows\system32\drivers
11:48:44.342 Service scanning
11:49:02.469 Modules scanning
11:49:02.808 Disk 0 trace - called modules:
11:49:02.831 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
11:49:02.837 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ea3060]
11:49:02.841 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8007b61050]
11:49:04.192 AVAST engine scan C:\Windows
11:49:09.898 AVAST engine scan C:\Windows\system32
11:52:15.517 AVAST engine scan C:\Windows\system32\drivers
11:52:26.217 AVAST engine scan C:\Users\I'm Lee
11:58:58.585 Disk 0 MBR has been saved successfully to "C:\Users\I'm Lee\Desktop\MBR.dat"
11:58:58.595 The log file has been saved successfully to "C:\Users\I'm Lee\Desktop\aswMBR.txt"

#20 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,194 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 06 July 2012 - 01:38 PM

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users