Jump to content

rjones315

Members
  • Posts

    14
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I did them also in normal mode - they appear fine.
  2. After rebooting to normal bootup, I reran malwarebytes again and it didn't fine any errors. I SEEM to be running ok now. Will keep an eye on it. If I have further problems I will post to this thread Also, I registered my malwarebytes, but never got my key. How can I get a copy of it?
  3. I reran the kdsskiller in safe mode I also ran malwarebytes in safe mode Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.04.06.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Bob Jones :: DELL-LAPTOP [administrator] Protection: Disabled 4/8/2012 2:26:57 PM mbam-log-2012-04-08 (14-26-57).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 204742 Time elapsed: 4 minute(s), 53 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  4. 14:06:57.0336 1456 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02 14:06:57.0352 1456 ============================================================ 14:06:57.0352 1456 Current date / time: 2012/04/08 14:06:57.0352 14:06:57.0352 1456 SystemInfo: 14:06:57.0352 1456 14:06:57.0352 1456 OS Version: 6.1.7601 ServicePack: 1.0 14:06:57.0352 1456 Product type: Workstation 14:06:57.0352 1456 ComputerName: DELL-LAPTOP 14:06:57.0352 1456 UserName: Bob Jones 14:06:57.0352 1456 Windows directory: C:\Windows 14:06:57.0352 1456 System windows directory: C:\Windows 14:06:57.0352 1456 Running under WOW64 14:06:57.0352 1456 Processor architecture: Intel x64 14:06:57.0352 1456 Number of processors: 4 14:06:57.0352 1456 Page size: 0x1000 14:06:57.0352 1456 Boot type: Safe boot 14:06:57.0352 1456 ============================================================ 14:06:57.0757 1456 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 14:06:57.0773 1456 \Device\Harddisk0\DR0: 14:06:57.0773 1456 MBR used 14:06:57.0773 1456 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x1D4C000 14:06:57.0773 1456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7EFCD, BlocksNum 0x48AD8AE3 14:06:57.0804 1456 Initialize success 14:06:57.0804 1456 ============================================================ 14:08:09.0439 1672 ============================================================ 14:08:09.0439 1672 Scan started 14:08:09.0439 1672 Mode: Manual; SigCheck; TDLFS; 14:08:09.0439 1672 ============================================================ 14:08:09.0892 1672 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 14:08:09.0985 1672 1394ohci - ok 14:08:10.0141 1672 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 14:08:10.0157 1672 ACPI - ok 14:08:10.0219 1672 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 14:08:10.0266 1672 AcpiPmi - ok 14:08:10.0360 1672 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 14:08:10.0375 1672 adp94xx - ok 14:08:10.0407 1672 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 14:08:10.0422 1672 adpahci - ok 14:08:10.0438 1672 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 14:08:10.0453 1672 adpu320 - ok 14:08:10.0500 1672 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 14:08:10.0625 1672 AeLookupSvc - ok 14:08:10.0703 1672 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe 14:08:10.0719 1672 AERTFilters - ok 14:08:10.0828 1672 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 14:08:10.0859 1672 AFD - ok 14:08:10.0937 1672 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 14:08:10.0953 1672 agp440 - ok 14:08:11.0187 1672 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll 14:08:11.0187 1672 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7 14:08:11.0187 1672 Akamai ( HiddenFile.Multi.Generic ) - warning 14:08:11.0187 1672 Akamai - detected HiddenFile.Multi.Generic (1) 14:08:11.0265 1672 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 14:08:11.0296 1672 ALG - ok 14:08:11.0374 1672 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 14:08:11.0389 1672 aliide - ok 14:08:11.0499 1672 Amazon Download Agent (ff6f0f6a2d72065ae4300426fa414693) C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe 14:08:11.0530 1672 Amazon Download Agent ( UnsignedFile.Multi.Generic ) - warning 14:08:11.0530 1672 Amazon Download Agent - detected UnsignedFile.Multi.Generic (1) 14:08:11.0592 1672 AMD External Events Utility (3d90cf67db75823a8480e56bbcd2e028) C:\Windows\system32\atiesrxx.exe 14:08:11.0639 1672 AMD External Events Utility - ok 14:08:11.0701 1672 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 14:08:11.0717 1672 amdide - ok 14:08:11.0779 1672 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 14:08:11.0811 1672 AmdK8 - ok 14:08:11.0998 1672 amdkmdag (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atipmdag.sys 14:08:12.0201 1672 amdkmdag - ok 14:08:12.0294 1672 amdkmdap (414e0788920a8c856032be2cbf29f984) C:\Windows\system32\DRIVERS\atikmpag.sys 14:08:12.0325 1672 amdkmdap - ok 14:08:12.0372 1672 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 14:08:12.0403 1672 AmdPPM - ok 14:08:12.0481 1672 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 14:08:12.0481 1672 amdsata - ok 14:08:12.0528 1672 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 14:08:12.0528 1672 amdsbs - ok 14:08:12.0559 1672 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 14:08:12.0559 1672 amdxata - ok 14:08:12.0606 1672 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 14:08:12.0778 1672 AppID - ok 14:08:12.0840 1672 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 14:08:12.0903 1672 AppIDSvc - ok 14:08:12.0981 1672 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 14:08:13.0043 1672 Appinfo - ok 14:08:13.0199 1672 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 14:08:13.0215 1672 Apple Mobile Device - ok 14:08:13.0324 1672 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 14:08:13.0339 1672 arc - ok 14:08:13.0386 1672 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 14:08:13.0402 1672 arcsas - ok 14:08:13.0527 1672 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys 14:08:13.0605 1672 aswFsBlk - ok 14:08:13.0714 1672 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys 14:08:13.0714 1672 aswMonFlt - ok 14:08:13.0807 1672 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys 14:08:13.0807 1672 aswRdr - ok 14:08:13.0979 1672 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys 14:08:13.0995 1672 aswSnx - ok 14:08:14.0104 1672 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys 14:08:14.0104 1672 aswSP - ok 14:08:14.0244 1672 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys 14:08:14.0260 1672 aswTdi - ok 14:08:14.0338 1672 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 14:08:14.0385 1672 AsyncMac - ok 14:08:14.0463 1672 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 14:08:14.0478 1672 atapi - ok 14:08:14.0587 1672 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys 14:08:14.0587 1672 AtiHdmiService - ok 14:08:14.0650 1672 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 14:08:14.0728 1672 AudioEndpointBuilder - ok 14:08:14.0775 1672 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 14:08:14.0821 1672 AudioSrv - ok 14:08:14.0931 1672 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe 14:08:14.0946 1672 avast! Antivirus - ok 14:08:15.0055 1672 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 14:08:15.0118 1672 AxInstSV - ok 14:08:15.0227 1672 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 14:08:15.0383 1672 b06bdrv - ok 14:08:15.0477 1672 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 14:08:15.0523 1672 b57nd60a - ok 14:08:15.0617 1672 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys 14:08:15.0617 1672 BCM42RLY - ok 14:08:15.0726 1672 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys 14:08:15.0835 1672 BCM43XX - ok 14:08:15.0913 1672 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys 14:08:15.0929 1672 BcmVWL - ok 14:08:15.0976 1672 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 14:08:15.0991 1672 BDESVC - ok 14:08:16.0054 1672 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 14:08:16.0116 1672 Beep - ok 14:08:16.0225 1672 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 14:08:16.0288 1672 BFE - ok 14:08:16.0350 1672 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll 14:08:16.0444 1672 BITS - ok 14:08:16.0553 1672 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 14:08:16.0584 1672 blbdrive - ok 14:08:16.0693 1672 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 14:08:16.0709 1672 Bonjour Service - ok 14:08:16.0803 1672 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 14:08:16.0803 1672 bowser - ok 14:08:16.0865 1672 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 14:08:16.0896 1672 BrFiltLo - ok 14:08:16.0927 1672 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 14:08:16.0943 1672 BrFiltUp - ok 14:08:17.0052 1672 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 14:08:17.0115 1672 BridgeMP - ok 14:08:17.0177 1672 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 14:08:17.0239 1672 Browser - ok 14:08:17.0317 1672 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 14:08:17.0349 1672 Brserid - ok 14:08:17.0380 1672 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 14:08:17.0411 1672 BrSerWdm - ok 14:08:17.0489 1672 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 14:08:17.0520 1672 BrUsbMdm - ok 14:08:17.0567 1672 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 14:08:17.0583 1672 BrUsbSer - ok 14:08:17.0692 1672 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 14:08:17.0723 1672 BthEnum - ok 14:08:17.0785 1672 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 14:08:17.0817 1672 BTHMODEM - ok 14:08:17.0863 1672 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 14:08:17.0879 1672 BthPan - ok 14:08:18.0004 1672 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys 14:08:18.0035 1672 BTHPORT - ok 14:08:18.0113 1672 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 14:08:18.0160 1672 bthserv - ok 14:08:18.0207 1672 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys 14:08:18.0238 1672 BTHUSB - ok 14:08:18.0269 1672 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys 14:08:18.0285 1672 btusbflt - ok 14:08:18.0347 1672 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys 14:08:18.0363 1672 btwaudio - ok 14:08:18.0378 1672 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys 14:08:18.0394 1672 btwavdt - ok 14:08:18.0456 1672 btwdins (10ffb5fa51d5713d872b41a59dfc2213) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 14:08:18.0487 1672 btwdins - ok 14:08:18.0565 1672 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys 14:08:18.0565 1672 btwl2cap - ok 14:08:18.0612 1672 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys 14:08:18.0628 1672 btwrchid - ok 14:08:18.0799 1672 CarboniteService (39dbdd8e86caf1cd03c00d5c931fd3fa) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe 14:08:18.0971 1672 CarboniteService - ok 14:08:19.0111 1672 catchme - ok 14:08:19.0189 1672 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 14:08:19.0236 1672 cdfs - ok 14:08:19.0314 1672 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 14:08:19.0345 1672 cdrom - ok 14:08:19.0455 1672 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 14:08:19.0517 1672 CertPropSvc - ok 14:08:19.0595 1672 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 14:08:19.0626 1672 circlass - ok 14:08:19.0689 1672 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 14:08:19.0704 1672 CLFS - ok 14:08:19.0767 1672 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:08:19.0782 1672 clr_optimization_v2.0.50727_32 - ok 14:08:19.0829 1672 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 14:08:19.0845 1672 clr_optimization_v2.0.50727_64 - ok 14:08:19.0923 1672 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:08:19.0985 1672 clr_optimization_v4.0.30319_32 - ok 14:08:20.0079 1672 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 14:08:20.0094 1672 clr_optimization_v4.0.30319_64 - ok 14:08:20.0157 1672 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 14:08:20.0188 1672 CmBatt - ok 14:08:20.0250 1672 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 14:08:20.0250 1672 cmdide - ok 14:08:20.0313 1672 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 14:08:20.0344 1672 CNG - ok 14:08:20.0437 1672 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 14:08:20.0437 1672 Compbatt - ok 14:08:20.0500 1672 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 14:08:20.0531 1672 CompositeBus - ok 14:08:20.0578 1672 COMSysApp - ok 14:08:20.0609 1672 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 14:08:20.0625 1672 crcdisk - ok 14:08:20.0687 1672 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 14:08:20.0734 1672 CryptSvc - ok 14:08:20.0827 1672 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys 14:08:20.0859 1672 CtClsFlt - ok 14:08:20.0952 1672 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 14:08:20.0983 1672 cvhsvc - ok 14:08:21.0077 1672 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 14:08:21.0139 1672 DcomLaunch - ok 14:08:21.0233 1672 DCService.exe (00eaf3956092a8008608ca6e2c5d649d) C:\ProgramData\DatacardService\DCService.exe 14:08:21.0264 1672 DCService.exe ( UnsignedFile.Multi.Generic ) - warning 14:08:21.0264 1672 DCService.exe - detected UnsignedFile.Multi.Generic (1) 14:08:21.0358 1672 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 14:08:21.0420 1672 defragsvc - ok 14:08:21.0483 1672 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 14:08:21.0529 1672 DfsC - ok 14:08:21.0607 1672 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 14:08:21.0654 1672 Dhcp - ok 14:08:21.0701 1672 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 14:08:21.0732 1672 discache - ok 14:08:21.0763 1672 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 14:08:21.0763 1672 Disk - ok 14:08:21.0795 1672 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 14:08:21.0826 1672 Dnscache - ok 14:08:21.0888 1672 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe 14:08:21.0904 1672 DockLoginService ( UnsignedFile.Multi.Generic ) - warning 14:08:21.0904 1672 DockLoginService - detected UnsignedFile.Multi.Generic (1) 14:08:22.0013 1672 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 14:08:22.0060 1672 dot3svc - ok 14:08:22.0107 1672 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 14:08:22.0169 1672 DPS - ok 14:08:22.0231 1672 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 14:08:22.0263 1672 drmkaud - ok 14:08:22.0372 1672 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 14:08:22.0403 1672 DXGKrnl - ok 14:08:22.0465 1672 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 14:08:22.0512 1672 EapHost - ok 14:08:22.0606 1672 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 14:08:22.0715 1672 ebdrv - ok 14:08:22.0762 1672 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 14:08:22.0777 1672 EFS - ok 14:08:22.0902 1672 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 14:08:22.0933 1672 ehRecvr - ok 14:08:22.0980 1672 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 14:08:22.0996 1672 ehSched - ok 14:08:23.0058 1672 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 14:08:23.0074 1672 elxstor - ok 14:08:23.0121 1672 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 14:08:23.0152 1672 ErrDev - ok 14:08:23.0245 1672 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 14:08:23.0308 1672 EventSystem - ok 14:08:23.0386 1672 ewusbnet (da7cef9ffbbd6498df106bcab84eb10a) C:\Windows\system32\DRIVERS\ewusbnet.sys 14:08:23.0417 1672 ewusbnet - ok 14:08:23.0542 1672 ew_hwusbdev (e2cbb821c7cae0ef8b56de28ed85c740) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys 14:08:23.0573 1672 ew_hwusbdev - ok 14:08:23.0667 1672 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 14:08:23.0698 1672 exfat - ok 14:08:23.0729 1672 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 14:08:23.0791 1672 fastfat - ok 14:08:23.0854 1672 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 14:08:23.0901 1672 Fax - ok 14:08:23.0979 1672 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 14:08:24.0010 1672 fdc - ok 14:08:24.0041 1672 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 14:08:24.0088 1672 fdPHost - ok 14:08:24.0103 1672 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 14:08:24.0166 1672 FDResPub - ok 14:08:24.0213 1672 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 14:08:24.0213 1672 FileInfo - ok 14:08:24.0228 1672 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 14:08:24.0291 1672 Filetrace - ok 14:08:24.0337 1672 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 14:08:24.0337 1672 flpydisk - ok 14:08:24.0384 1672 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 14:08:24.0400 1672 FltMgr - ok 14:08:24.0478 1672 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 14:08:24.0540 1672 FontCache - ok 14:08:24.0696 1672 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 14:08:24.0712 1672 FontCache3.0.0.0 - ok 14:08:24.0759 1672 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 14:08:24.0774 1672 FsDepends - ok 14:08:24.0805 1672 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 14:08:24.0821 1672 Fs_Rec - ok 14:08:24.0883 1672 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 14:08:24.0899 1672 fvevol - ok 14:08:24.0930 1672 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 14:08:24.0946 1672 gagp30kx - ok 14:08:25.0024 1672 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe 14:08:25.0039 1672 GameConsoleService - ok 14:08:25.0117 1672 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 14:08:25.0117 1672 GEARAspiWDM - ok 14:08:25.0164 1672 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe 14:08:25.0180 1672 GoToAssist - ok 14:08:25.0242 1672 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 14:08:25.0320 1672 gpsvc - ok 14:08:25.0351 1672 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 14:08:25.0383 1672 hcw85cir - ok 14:08:25.0445 1672 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 14:08:25.0476 1672 HDAudBus - ok 14:08:25.0539 1672 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 14:08:25.0554 1672 HECIx64 - ok 14:08:25.0601 1672 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 14:08:25.0632 1672 HidBatt - ok 14:08:25.0679 1672 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 14:08:25.0695 1672 HidBth - ok 14:08:25.0741 1672 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 14:08:25.0788 1672 HidIr - ok 14:08:25.0819 1672 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 14:08:25.0882 1672 hidserv - ok 14:08:25.0991 1672 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 14:08:25.0991 1672 HidUsb - ok 14:08:26.0053 1672 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 14:08:26.0116 1672 hkmsvc - ok 14:08:26.0163 1672 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 14:08:26.0194 1672 HomeGroupListener - ok 14:08:26.0225 1672 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 14:08:26.0256 1672 HomeGroupProvider - ok 14:08:26.0303 1672 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 14:08:26.0319 1672 HpSAMD - ok 14:08:26.0365 1672 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 14:08:26.0412 1672 HTTP - ok 14:08:26.0459 1672 huawei_enumerator (6dbd08bc1331c78548298e82c4b667c5) C:\Windows\system32\DRIVERS\ew_jubusenum.sys 14:08:26.0490 1672 huawei_enumerator - ok 14:08:26.0599 1672 hwdatacard (6e5cd3984742a922d0c183c7e82c3c94) C:\Windows\system32\DRIVERS\ewusbmdm.sys 14:08:26.0631 1672 hwdatacard - ok 14:08:26.0677 1672 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 14:08:26.0693 1672 hwpolicy - ok 14:08:26.0818 1672 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 14:08:26.0833 1672 i8042prt - ok 14:08:26.0911 1672 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys 14:08:26.0911 1672 iaStor - ok 14:08:26.0974 1672 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 14:08:26.0989 1672 iaStorV - ok 14:08:27.0067 1672 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 14:08:27.0099 1672 idsvc - ok 14:08:27.0161 1672 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 14:08:27.0177 1672 iirsp - ok 14:08:27.0239 1672 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 14:08:27.0317 1672 IKEEXT - ok 14:08:27.0411 1672 IntcAzAudAddService (6e4ccb3aff07e2b9f2a937385c84b573) C:\Windows\system32\drivers\RTKVHD64.sys 14:08:27.0473 1672 IntcAzAudAddService - ok 14:08:27.0504 1672 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 14:08:27.0520 1672 intelide - ok 14:08:27.0598 1672 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 14:08:27.0629 1672 intelppm - ok 14:08:27.0676 1672 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 14:08:27.0738 1672 IPBusEnum - ok 14:08:27.0801 1672 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:08:27.0847 1672 IpFilterDriver - ok 14:08:27.0894 1672 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 14:08:27.0957 1672 iphlpsvc - ok 14:08:28.0003 1672 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 14:08:28.0035 1672 IPMIDRV - ok 14:08:28.0113 1672 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 14:08:28.0159 1672 IPNAT - ok 14:08:28.0253 1672 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe 14:08:28.0300 1672 iPod Service - ok 14:08:28.0378 1672 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 14:08:28.0393 1672 IRENUM - ok 14:08:28.0471 1672 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 14:08:28.0487 1672 isapnp - ok 14:08:28.0534 1672 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 14:08:28.0549 1672 iScsiPrt - ok 14:08:28.0612 1672 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 14:08:28.0612 1672 kbdclass - ok 14:08:28.0674 1672 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 14:08:28.0705 1672 kbdhid - ok 14:08:28.0768 1672 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 14:08:28.0783 1672 KeyIso - ok 14:08:28.0815 1672 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 14:08:28.0830 1672 KSecDD - ok 14:08:28.0877 1672 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 14:08:28.0877 1672 KSecPkg - ok 14:08:28.0924 1672 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 14:08:28.0971 1672 ksthunk - ok 14:08:29.0002 1672 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 14:08:29.0064 1672 KtmRm - ok 14:08:29.0142 1672 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys 14:08:29.0158 1672 L1C - ok 14:08:29.0236 1672 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll 14:08:29.0283 1672 LanmanServer - ok 14:08:29.0329 1672 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 14:08:29.0376 1672 LanmanWorkstation - ok 14:08:29.0470 1672 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 14:08:29.0532 1672 lltdio - ok 14:08:29.0610 1672 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 14:08:29.0657 1672 lltdsvc - ok 14:08:29.0673 1672 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 14:08:29.0719 1672 lmhosts - ok 14:08:29.0797 1672 LMS (23d990150d56b670a62b21b9abdd45ee) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 14:08:29.0797 1672 LMS - ok 14:08:29.0891 1672 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 14:08:29.0907 1672 LSI_FC - ok 14:08:29.0953 1672 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 14:08:29.0953 1672 LSI_SAS - ok 14:08:29.0985 1672 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 14:08:30.0000 1672 LSI_SAS2 - ok 14:08:30.0047 1672 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 14:08:30.0063 1672 LSI_SCSI - ok 14:08:30.0094 1672 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 14:08:30.0156 1672 luafv - ok 14:08:30.0265 1672 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys 14:08:30.0281 1672 MBAMProtector - ok 14:08:30.0343 1672 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 14:08:30.0390 1672 MBAMService - ok 14:08:30.0468 1672 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 14:08:30.0499 1672 Mcx2Svc - ok 14:08:30.0593 1672 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 14:08:30.0593 1672 MDM - ok 14:08:30.0687 1672 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 14:08:30.0687 1672 megasas - ok 14:08:30.0733 1672 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 14:08:30.0749 1672 MegaSR - ok 14:08:30.0796 1672 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 14:08:30.0843 1672 MMCSS - ok 14:08:30.0905 1672 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 14:08:30.0967 1672 Modem - ok 14:08:30.0999 1672 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 14:08:31.0030 1672 monitor - ok 14:08:31.0108 1672 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 14:08:31.0108 1672 mouclass - ok 14:08:31.0186 1672 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 14:08:31.0217 1672 mouhid - ok 14:08:31.0279 1672 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 14:08:31.0295 1672 mountmgr - ok 14:08:31.0326 1672 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 14:08:31.0342 1672 mpio - ok 14:08:31.0357 1672 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 14:08:31.0420 1672 mpsdrv - ok 14:08:31.0482 1672 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 14:08:31.0560 1672 MpsSvc - ok 14:08:31.0654 1672 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 14:08:31.0701 1672 MRxDAV - ok 14:08:31.0779 1672 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 14:08:31.0794 1672 mrxsmb - ok 14:08:31.0872 1672 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:08:31.0872 1672 mrxsmb10 - ok 14:08:31.0903 1672 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:08:31.0919 1672 mrxsmb20 - ok 14:08:31.0966 1672 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 14:08:31.0981 1672 msahci - ok 14:08:32.0028 1672 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 14:08:32.0044 1672 msdsm - ok 14:08:32.0106 1672 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 14:08:32.0137 1672 MSDTC - ok 14:08:32.0215 1672 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 14:08:32.0247 1672 Msfs - ok 14:08:32.0278 1672 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 14:08:32.0325 1672 mshidkmdf - ok 14:08:32.0371 1672 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 14:08:32.0371 1672 msisadrv - ok 14:08:32.0418 1672 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 14:08:32.0465 1672 MSiSCSI - ok 14:08:32.0481 1672 msiserver - ok 14:08:32.0527 1672 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 14:08:32.0574 1672 MSKSSRV - ok 14:08:32.0605 1672 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 14:08:32.0668 1672 MSPCLOCK - ok 14:08:32.0715 1672 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 14:08:32.0777 1672 MSPQM - ok 14:08:32.0839 1672 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 14:08:32.0855 1672 MsRPC - ok 14:08:32.0917 1672 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 14:08:32.0933 1672 mssmbios - ok 14:08:32.0980 1672 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 14:08:33.0027 1672 MSTEE - ok 14:08:33.0058 1672 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 14:08:33.0089 1672 MTConfig - ok 14:08:33.0120 1672 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 14:08:33.0136 1672 Mup - ok 14:08:33.0183 1672 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 14:08:33.0229 1672 napagent - ok 14:08:33.0339 1672 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 14:08:33.0385 1672 NativeWifiP - ok 14:08:33.0479 1672 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 14:08:33.0526 1672 NDIS - ok 14:08:33.0557 1672 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 14:08:33.0604 1672 NdisCap - ok 14:08:33.0635 1672 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 14:08:33.0666 1672 NdisTapi - ok 14:08:33.0713 1672 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 14:08:33.0775 1672 Ndisuio - ok 14:08:33.0807 1672 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 14:08:33.0869 1672 NdisWan - ok 14:08:33.0947 1672 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 14:08:33.0994 1672 NDProxy - ok 14:08:34.0056 1672 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 14:08:34.0119 1672 NetBIOS - ok 14:08:34.0181 1672 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 14:08:34.0228 1672 NetBT - ok 14:08:34.0321 1672 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 14:08:34.0321 1672 Netlogon - ok 14:08:34.0368 1672 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 14:08:34.0431 1672 Netman - ok 14:08:34.0509 1672 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 14:08:34.0555 1672 netprofm - ok 14:08:34.0618 1672 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 14:08:34.0633 1672 NetTcpPortSharing - ok 14:08:34.0711 1672 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 14:08:34.0711 1672 nfrd960 - ok 14:08:34.0774 1672 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 14:08:34.0836 1672 NlaSvc - ok 14:08:34.0867 1672 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 14:08:34.0914 1672 Npfs - ok 14:08:34.0930 1672 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 14:08:34.0992 1672 nsi - ok 14:08:35.0039 1672 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 14:08:35.0070 1672 nsiproxy - ok 14:08:35.0148 1672 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 14:08:35.0195 1672 Ntfs - ok 14:08:35.0257 1672 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 14:08:35.0304 1672 Null - ok 14:08:35.0335 1672 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 14:08:35.0351 1672 nvraid - ok 14:08:35.0382 1672 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 14:08:35.0398 1672 nvstor - ok 14:08:35.0429 1672 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 14:08:35.0445 1672 nv_agp - ok 14:08:35.0476 1672 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 14:08:35.0491 1672 ohci1394 - ok 14:08:35.0569 1672 OlyUsbCam (ed74264b8b3ba640ce97130862732b4e) C:\Windows\system32\DRIVERS\OlyUsbCam.sys 14:08:35.0585 1672 OlyUsbCam - ok 14:08:35.0647 1672 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 14:08:35.0647 1672 ose - ok 14:08:35.0788 1672 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 14:08:35.0944 1672 osppsvc - ok 14:08:36.0037 1672 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 14:08:36.0069 1672 p2pimsvc - ok 14:08:36.0100 1672 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 14:08:36.0115 1672 p2psvc - ok 14:08:36.0162 1672 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 14:08:36.0178 1672 Parport - ok 14:08:36.0225 1672 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 14:08:36.0225 1672 partmgr - ok 14:08:36.0271 1672 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 14:08:36.0303 1672 PcaSvc - ok 14:08:36.0349 1672 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 14:08:36.0349 1672 pci - ok 14:08:36.0365 1672 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 14:08:36.0381 1672 pciide - ok 14:08:36.0412 1672 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 14:08:36.0427 1672 pcmcia - ok 14:08:36.0459 1672 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 14:08:36.0474 1672 pcw - ok 14:08:36.0490 1672 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 14:08:36.0552 1672 PEAUTH - ok 14:08:36.0615 1672 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 14:08:36.0693 1672 PerfHost - ok 14:08:36.0895 1672 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\ComboFix\pev.3XE 14:08:36.0927 1672 PEVSystemStart ( UnsignedFile.Multi.Generic ) - warning 14:08:36.0927 1672 PEVSystemStart - detected UnsignedFile.Multi.Generic (1) 14:08:37.0020 1672 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 14:08:37.0114 1672 pla - ok 14:08:37.0161 1672 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 14:08:37.0192 1672 PlugPlay - ok 14:08:37.0239 1672 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 14:08:37.0239 1672 PNRPAutoReg - ok 14:08:37.0270 1672 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 14:08:37.0285 1672 PNRPsvc - ok 14:08:37.0317 1672 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 14:08:37.0379 1672 PolicyAgent - ok 14:08:37.0426 1672 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 14:08:37.0473 1672 Power - ok 14:08:37.0535 1672 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 14:08:37.0597 1672 PptpMiniport - ok 14:08:37.0629 1672 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 14:08:37.0660 1672 Processor - ok 14:08:37.0691 1672 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 14:08:37.0753 1672 ProfSvc - ok 14:08:37.0785 1672 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 14:08:37.0800 1672 ProtectedStorage - ok 14:08:37.0863 1672 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 14:08:37.0909 1672 Psched - ok 14:08:37.0987 1672 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys 14:08:38.0003 1672 PxHlpa64 - ok 14:08:38.0065 1672 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 14:08:38.0112 1672 ql2300 - ok 14:08:38.0159 1672 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 14:08:38.0175 1672 ql40xx - ok 14:08:38.0221 1672 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 14:08:38.0237 1672 QWAVE - ok 14:08:38.0268 1672 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 14:08:38.0299 1672 QWAVEdrv - ok 14:08:38.0331 1672 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 14:08:38.0393 1672 RasAcd - ok 14:08:38.0409 1672 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 14:08:38.0455 1672 RasAgileVpn - ok 14:08:38.0487 1672 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 14:08:38.0533 1672 RasAuto - ok 14:08:38.0627 1672 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 14:08:38.0689 1672 Rasl2tp - ok 14:08:38.0783 1672 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 14:08:38.0814 1672 RasMan - ok 14:08:38.0845 1672 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 14:08:38.0908 1672 RasPppoe - ok 14:08:38.0923 1672 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 14:08:38.0986 1672 RasSstp - ok 14:08:39.0189 1672 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 14:08:39.0251 1672 rdbss - ok 14:08:39.0438 1672 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 14:08:39.0469 1672 rdpbus - ok 14:08:39.0594 1672 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 14:08:39.0657 1672 RDPCDD - ok 14:08:39.0813 1672 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 14:08:39.0844 1672 RDPENCDD - ok 14:08:39.0969 1672 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 14:08:40.0015 1672 RDPREFMP - ok 14:08:40.0062 1672 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 14:08:40.0093 1672 RDPWD - ok 14:08:40.0156 1672 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 14:08:40.0156 1672 rdyboost - ok 14:08:40.0203 1672 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 14:08:40.0265 1672 RemoteAccess - ok 14:08:40.0296 1672 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 14:08:40.0343 1672 RemoteRegistry - ok 14:08:40.0421 1672 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 14:08:40.0452 1672 RFCOMM - ok 14:08:40.0483 1672 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 14:08:40.0530 1672 RpcEptMapper - ok 14:08:40.0577 1672 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 14:08:40.0608 1672 RpcLocator - ok 14:08:40.0639 1672 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 14:08:40.0686 1672 RpcSs - ok 14:08:40.0733 1672 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 14:08:40.0780 1672 rspndr - ok 14:08:40.0811 1672 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys 14:08:40.0827 1672 RSUSBSTOR - ok 14:08:40.0858 1672 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 14:08:40.0858 1672 SamSs - ok 14:08:40.0920 1672 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 14:08:40.0920 1672 sbp2port - ok 14:08:40.0967 1672 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 14:08:41.0029 1672 SCardSvr - ok 14:08:41.0076 1672 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 14:08:41.0139 1672 scfilter - ok 14:08:41.0217 1672 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 14:08:41.0295 1672 Schedule - ok 14:08:41.0341 1672 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 14:08:41.0373 1672 SCPolicySvc - ok 14:08:41.0419 1672 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 14:08:41.0435 1672 SDRSVC - ok 14:08:41.0497 1672 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 14:08:41.0513 1672 SeaPort - ok 14:08:41.0591 1672 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 14:08:41.0622 1672 secdrv - ok 14:08:41.0669 1672 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 14:08:41.0700 1672 seclogon - ok 14:08:41.0763 1672 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 14:08:41.0809 1672 SENS - ok 14:08:41.0887 1672 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 14:08:41.0919 1672 SensrSvc - ok 14:08:41.0981 1672 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 14:08:42.0012 1672 Serenum - ok 14:08:42.0043 1672 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 14:08:42.0059 1672 Serial - ok 14:08:42.0121 1672 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 14:08:42.0121 1672 sermouse - ok 14:08:42.0199 1672 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 14:08:42.0262 1672 SessionEnv - ok 14:08:42.0324 1672 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 14:08:42.0355 1672 sffdisk - ok 14:08:42.0402 1672 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 14:08:42.0433 1672 sffp_mmc - ok 14:08:42.0465 1672 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 14:08:42.0496 1672 sffp_sd - ok 14:08:42.0574 1672 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 14:08:42.0589 1672 sfloppy - ok 14:08:42.0667 1672 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys 14:08:42.0683 1672 Sftfs - ok 14:08:42.0745 1672 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 14:08:42.0761 1672 sftlist - ok 14:08:42.0792 1672 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys 14:08:42.0808 1672 Sftplay - ok 14:08:42.0855 1672 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys 14:08:42.0855 1672 Sftredir - ok 14:08:42.0933 1672 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE 14:08:42.0995 1672 SftService - ok 14:08:43.0073 1672 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys 14:08:43.0089 1672 Sftvol - ok 14:08:43.0135 1672 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 14:08:43.0151 1672 sftvsa - ok 14:08:43.0213 1672 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 14:08:43.0245 1672 SharedAccess - ok 14:08:43.0291 1672 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 14:08:43.0354 1672 ShellHWDetection - ok 14:08:43.0385 1672 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 14:08:43.0401 1672 SiSRaid2 - ok 14:08:43.0416 1672 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 14:08:43.0432 1672 SiSRaid4 - ok 14:08:43.0463 1672 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 14:08:43.0494 1672 Smb - ok 14:08:43.0541 1672 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 14:08:43.0572 1672 SNMPTRAP - ok 14:08:43.0650 1672 SPAMfighter Update Service (ed9f035593588b6fec21478c6b9e0452) C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe 14:08:43.0650 1672 SPAMfighter Update Service - ok 14:08:43.0728 1672 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 14:08:43.0744 1672 spldr - ok 14:08:43.0806 1672 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 14:08:43.0853 1672 Spooler - ok 14:08:43.0978 1672 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 14:08:44.0103 1672 sppsvc - ok 14:08:44.0134 1672 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 14:08:44.0196 1672 sppuinotify - ok 14:08:44.0259 1672 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe 14:08:44.0274 1672 sprtsvc_DellSupportCenter - ok 14:08:44.0352 1672 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 14:08:44.0399 1672 srv - ok 14:08:44.0461 1672 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 14:08:44.0477 1672 srv2 - ok 14:08:44.0508 1672 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 14:08:44.0539 1672 srvnet - ok 14:08:44.0617 1672 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 14:08:44.0664 1672 SSDPSRV - ok 14:08:44.0711 1672 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 14:08:44.0742 1672 SstpSvc - ok 14:08:44.0773 1672 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 14:08:44.0789 1672 stexstor - ok 14:08:44.0836 1672 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 14:08:44.0883 1672 stisvc - ok 14:08:44.0976 1672 Suite Service (e567825c5f3934e13c8d755611954a7e) C:\Program Files (x86)\Fighters\FighterSuiteService.exe 14:08:45.0023 1672 Suite Service - ok 14:08:45.0117 1672 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 14:08:45.0117 1672 swenum - ok 14:08:45.0226 1672 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 14:08:45.0241 1672 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning 14:08:45.0241 1672 SwitchBoard - detected UnsignedFile.Multi.Generic (1) 14:08:45.0335 1672 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 14:08:45.0397 1672 swprv - ok 14:08:45.0444 1672 SynTP (c25866bdf0e818e02bb8e76845d26e54) C:\Windows\system32\DRIVERS\SynTP.sys 14:08:45.0460 1672 SynTP - ok 14:08:45.0522 1672 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 14:08:45.0600 1672 SysMain - ok 14:08:45.0647 1672 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 14:08:45.0663 1672 TabletInputService - ok 14:08:45.0709 1672 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 14:08:45.0756 1672 TapiSrv - ok 14:08:45.0787 1672 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 14:08:45.0819 1672 TBS - ok 14:08:45.0897 1672 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 14:08:45.0959 1672 Tcpip - ok 14:08:46.0053 1672 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 14:08:46.0099 1672 TCPIP6 - ok 14:08:46.0146 1672 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 14:08:46.0193 1672 tcpipreg - ok 14:08:46.0224 1672 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 14:08:46.0255 1672 TDPIPE - ok 14:08:46.0302 1672 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 14:08:46.0302 1672 TDTCP - ok 14:08:46.0365 1672 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 14:08:46.0396 1672 tdx - ok 14:08:46.0427 1672 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 14:08:46.0427 1672 TermDD - ok 14:08:46.0474 1672 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 14:08:46.0536 1672 TermService - ok 14:08:46.0567 1672 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 14:08:46.0599 1672 Themes - ok 14:08:46.0630 1672 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 14:08:46.0661 1672 THREADORDER - ok 14:08:46.0692 1672 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 14:08:46.0739 1672 TrkWks - ok 14:08:46.0801 1672 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 14:08:46.0848 1672 TrustedInstaller - ok 14:08:46.0911 1672 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 14:08:46.0973 1672 tssecsrv - ok 14:08:47.0051 1672 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 14:08:47.0051 1672 TsUsbFlt - ok 14:08:47.0113 1672 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 14:08:47.0160 1672 tunnel - ok 14:08:47.0207 1672 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 14:08:47.0207 1672 uagp35 - ok 14:08:47.0269 1672 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 14:08:47.0316 1672 udfs - ok 14:08:47.0347 1672 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 14:08:47.0363 1672 UI0Detect - ok 14:08:47.0410 1672 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 14:08:47.0425 1672 uliagpkx - ok 14:08:47.0457 1672 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 14:08:47.0488 1672 umbus - ok 14:08:47.0566 1672 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 14:08:47.0581 1672 UmPass - ok 14:08:47.0691 1672 UNS (cbdee152d73200ee49031a26310b9d3e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 14:08:47.0784 1672 UNS - ok 14:08:47.0862 1672 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 14:08:47.0925 1672 upnphost - ok 14:08:48.0018 1672 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 14:08:48.0049 1672 usbaudio - ok 14:08:48.0096 1672 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 14:08:48.0127 1672 usbccgp - ok 14:08:48.0237 1672 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 14:08:48.0252 1672 usbcir - ok 14:08:48.0283 1672 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 14:08:48.0315 1672 usbehci - ok 14:08:48.0361 1672 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 14:08:48.0393 1672 usbhub - ok 14:08:48.0424 1672 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 14:08:48.0439 1672 usbohci - ok 14:08:48.0471 1672 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 14:08:48.0502 1672 usbprint - ok 14:08:48.0533 1672 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 14:08:48.0564 1672 usbscan - ok 14:08:48.0611 1672 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:08:48.0627 1672 USBSTOR - ok 14:08:48.0673 1672 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 14:08:48.0705 1672 usbuhci - ok 14:08:48.0783 1672 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 14:08:48.0798 1672 usbvideo - ok 14:08:48.0845 1672 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 14:08:48.0892 1672 UxSms - ok 14:08:48.0939 1672 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 14:08:48.0954 1672 VaultSvc - ok 14:08:49.0017 1672 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 14:08:49.0017 1672 vdrvroot - ok 14:08:49.0095 1672 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 14:08:49.0157 1672 vds - ok 14:08:49.0219 1672 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 14:08:49.0235 1672 vga - ok 14:08:49.0251 1672 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 14:08:49.0313 1672 VgaSave - ok 14:08:49.0344 1672 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 14:08:49.0360 1672 vhdmp - ok 14:08:49.0391 1672 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 14:08:49.0391 1672 viaide - ok 14:08:49.0422 1672 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 14:08:49.0422 1672 volmgr - ok 14:08:49.0469 1672 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 14:08:49.0485 1672 volmgrx - ok 14:08:49.0531 1672 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 14:08:49.0547 1672 volsnap - ok 14:08:49.0578 1672 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 14:08:49.0594 1672 vsmraid - ok 14:08:49.0656 1672 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 14:08:49.0750 1672 VSS - ok 14:08:49.0797 1672 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 14:08:49.0828 1672 vwifibus - ok 14:08:49.0906 1672 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 14:08:49.0921 1672 vwififlt - ok 14:08:49.0984 1672 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 14:08:50.0015 1672 W32Time - ok 14:08:50.0077 1672 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 14:08:50.0093 1672 WacomPen - ok 14:08:50.0140 1672 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 14:08:50.0187 1672 WANARP - ok 14:08:50.0218 1672 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 14:08:50.0249 1672 Wanarpv6 - ok 14:08:50.0358 1672 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 14:08:50.0405 1672 WatAdminSvc - ok 14:08:50.0499 1672 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 14:08:50.0561 1672 wbengine - ok 14:08:50.0623 1672 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 14:08:50.0639 1672 WbioSrvc - ok 14:08:50.0701 1672 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 14:08:50.0717 1672 wcncsvc - ok 14:08:50.0748 1672 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 14:08:50.0764 1672 WcsPlugInService - ok 14:08:50.0811 1672 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 14:08:50.0826 1672 Wd - ok 14:08:50.0857 1672 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 14:08:50.0889 1672 Wdf01000 - ok 14:08:50.0920 1672 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 14:08:51.0013 1672 WdiServiceHost - ok 14:08:51.0013 1672 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 14:08:51.0029 1672 WdiSystemHost - ok 14:08:51.0138 1672 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 14:08:51.0185 1672 WebClient - ok 14:08:51.0232 1672 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 14:08:51.0279 1672 Wecsvc - ok 14:08:51.0310 1672 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 14:08:51.0357 1672 wercplsupport - ok 14:08:51.0435 1672 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 14:08:51.0481 1672 WerSvc - ok 14:08:51.0544 1672 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 14:08:51.0575 1672 WfpLwf - ok 14:08:51.0669 1672 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys 14:08:51.0669 1672 WimFltr - ok 14:08:51.0700 1672 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 14:08:51.0715 1672 WIMMount - ok 14:08:51.0731 1672 WinDefend - ok 14:08:51.0747 1672 WinHttpAutoProxySvc - ok 14:08:51.0793 1672 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 14:08:51.0840 1672 Winmgmt - ok 14:08:51.0965 1672 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 14:08:52.0074 1672 WinRM - ok 14:08:52.0183 1672 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 14:08:52.0199 1672 WinUsb - ok 14:08:52.0261 1672 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 14:08:52.0308 1672 Wlansvc - ok 14:08:52.0417 1672 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 14:08:52.0495 1672 wlidsvc - ok 14:08:52.0542 1672 wltrysvc (de816a0624d54d68e1fb8a9028dcf81a) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE 14:08:52.0558 1672 wltrysvc ( UnsignedFile.Multi.Generic ) - warning 14:08:52.0558 1672 wltrysvc - detected UnsignedFile.Multi.Generic (1) 14:08:52.0667 1672 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 14:08:52.0698 1672 WmiAcpi - ok 14:08:52.0761 1672 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 14:08:52.0792 1672 wmiApSrv - ok 14:08:52.0839 1672 WMPNetworkSvc - ok 14:08:52.0885 1672 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 14:08:52.0901 1672 WPCSvc - ok 14:08:52.0932 1672 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 14:08:52.0948 1672 WPDBusEnum - ok 14:08:52.0995 1672 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 14:08:53.0057 1672 ws2ifsl - ok 14:08:53.0088 1672 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 14:08:53.0119 1672 wscsvc - ok 14:08:53.0166 1672 WSearch - ok 14:08:53.0275 1672 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 14:08:53.0385 1672 wuauserv - ok 14:08:53.0463 1672 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 14:08:53.0525 1672 WudfPf - ok 14:08:53.0650 1672 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 14:08:53.0681 1672 WUDFRd - ok 14:08:53.0712 1672 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 14:08:53.0759 1672 wudfsvc - ok 14:08:53.0775 1672 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 14:08:53.0806 1672 WwanSvc - ok 14:08:53.0884 1672 MBR (0x1B8) (e9f67288208d53ef770f82e186904857) \Device\Harddisk0\DR0 14:08:53.0931 1672 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected 14:08:53.0931 1672 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0) 14:08:53.0977 1672 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 14:08:53.0977 1672 \Device\Harddisk0\DR0 - detected TDSS File System (1) 14:08:54.0009 1672 Boot (0x1200) (968d613a98673a9b1e5aff3358e72170) \Device\Harddisk0\DR0\Partition0 14:08:54.0009 1672 \Device\Harddisk0\DR0\Partition0 - ok 14:08:54.0024 1672 Boot (0x1200) (ec7a06e888a1b22ccdee0d0b2ee5ec30) \Device\Harddisk0\DR0\Partition1 14:08:54.0024 1672 \Device\Harddisk0\DR0\Partition1 - ok 14:08:54.0024 1672 ============================================================ 14:08:54.0024 1672 Scan finished 14:08:54.0024 1672 ============================================================ 14:08:54.0024 1664 Detected object count: 9 14:08:54.0024 1664 Actual detected object count: 9 14:09:28.0999 1664 Akamai ( HiddenFile.Multi.Generic ) - skipped by user 14:09:28.0999 1664 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 14:09:28.0999 1664 Amazon Download Agent ( UnsignedFile.Multi.Generic ) - skipped by user 14:09:28.0999 1664 Amazon Download Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:09:29.0015 1664 DCService.exe ( UnsignedFile.Multi.Generic ) - skipped by user 14:09:29.0015 1664 DCService.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:09:29.0031 1664 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user 14:09:29.0031 1664 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:09:29.0046 1664 PEVSystemStart ( UnsignedFile.Multi.Generic ) - skipped by user 14:09:29.0046 1664 PEVSystemStart ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:09:29.0062 1664 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user 14:09:29.0062 1664 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:09:29.0077 1664 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user 14:09:29.0077 1664 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:09:29.0249 1664 \Device\Harddisk0\DR0\# - copied to quarantine 14:09:29.0249 1664 \Device\Harddisk0\DR0 - copied to quarantine 14:09:29.0311 1664 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 14:09:29.0327 1664 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine 14:09:29.0327 1664 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 14:09:29.0343 1664 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 14:09:29.0405 1664 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 14:09:29.0421 1664 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine 14:09:29.0421 1664 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 14:09:29.0421 1664 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 14:09:29.0436 1664 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 14:09:29.0436 1664 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 14:09:29.0436 1664 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine 14:09:29.0436 1664 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 14:09:29.0483 1664 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot 14:09:29.0483 1664 \Device\Harddisk0\DR0 - ok 14:09:29.0483 1664 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 14:09:29.0483 1664 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 14:09:29.0483 1664 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 14:09:38.0375 1452 Deinitialize success
  5. Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.04.06.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Bob Jones :: DELL-LAPTOP [administrator] Protection: Disabled 4/7/2012 10:56:24 PM mbam-log-2012-04-07 (23-00-45).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 205482 Time elapsed: 3 minute(s), 56 second(s) Memory Processes Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> 1480 -> No action taken. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> No action taken. (end)
  6. ComboFix 12-04-06.02 - Bob Jones 04/07/2012 7:28.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6005.4214 [GMT -4:00] Running from: c:\users\Bob Jones\Desktop\ComboFix.exe Command switches used :: c:\users\Bob Jones\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Bob Jones\AppData\Roaming\AVG c:\users\Bob Jones\AppData\Roaming\AVG\PC Tuneup\Logs\PC Tuneup_SN.log c:\users\Bob Jones\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120316231220524.rsc c:\users\Bob Jones\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120316231313673.rsc c:\windows\svchost.exe . . ((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 ))))))))))))))))))))))))))))))) . . 2012-04-07 11:39 . 2012-04-07 11:39 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2012-04-07 11:39 . 2012-04-07 11:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-06 22:26 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D2F362FB-3626-4517-A2A8-E01BEFD67EA8}\mpengine.dll 2012-04-05 23:35 . 2012-04-05 23:35 -------- d-----w- C:\TDSSKiller_Quarantine 2012-04-03 06:01 . 2012-04-03 06:01 -------- d-----w- c:\users\Bob Jones\AppData\Roaming\Malwarebytes 2012-04-03 06:00 . 2012-04-03 06:00 -------- d-----w- c:\programdata\Malwarebytes 2012-04-03 06:00 . 2012-04-03 06:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-04-03 06:00 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-03 05:17 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-04-03 05:17 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-04-03 05:17 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-04-03 05:17 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-04-03 05:17 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-04-03 05:17 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe 2012-04-03 05:17 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-04-03 05:16 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr 2012-04-03 05:16 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-04-03 05:16 . 2012-04-03 05:16 -------- d-----w- c:\programdata\AVAST Software 2012-04-03 05:16 . 2012-04-03 05:16 -------- d-----w- c:\program files\AVAST Software 2012-04-03 04:46 . 2012-02-23 13:18 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-04-03 02:37 . 2012-04-03 02:37 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-04-03 02:37 . 2012-04-03 02:36 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll 2012-03-31 02:34 . 2012-04-02 23:59 -------- d-----w- c:\users\Bob Jones\AppData\Roaming\Titanium 2012-03-31 02:33 . 2012-04-03 04:30 -------- d-----w- c:\users\Bob Jones\AppData\Local\Eye-Fi 2012-03-31 02:31 . 2012-04-02 04:01 -------- d-----w- c:\users\Bob Jones\AppData\Roaming\Eye-Fi 2012-03-29 10:30 . 2012-03-29 10:30 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer 2012-03-29 10:30 . 2012-03-29 10:30 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer 2012-03-24 20:19 . 2007-03-22 23:24 26785 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\STRINGS.JS 2012-03-24 20:19 . 2007-03-22 23:24 23534 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\PRELOAD.JS 2012-03-24 20:19 . 2007-03-22 23:24 23063 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\SETTEXT.JS 2012-03-24 20:19 . 2007-03-22 23:24 19244 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\FPLIB.JS 2012-03-24 20:19 . 2007-03-22 23:24 19856 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\_PRELOAD.JS 2012-03-24 20:19 . 2007-03-22 23:24 18621 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\DOM.JS 2012-03-24 20:19 . 2007-03-22 23:24 16836 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\GETOBJ.JS 2012-03-24 20:19 . 2007-03-22 23:24 16565 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\_JMPMENU.JS 2012-03-20 01:22 . 2012-03-20 01:22 0 ----a-w- c:\windows\SysWow64\sho69DC.tmp 2012-03-19 23:08 . 2012-03-19 23:08 -------- d-----w- c:\programdata\App4rTemp 2012-03-19 23:07 . 2012-03-19 23:07 -------- d-----w- c:\users\Bob Jones\AppData\Roaming\Lexmark Productivity Studio 2012-03-19 22:49 . 2012-03-19 22:49 -------- d-----w- c:\programdata\Ezprint 2012-03-19 22:49 . 2012-03-19 22:49 -------- d-----w- c:\program files (x86)\Lexmark Toolbar 2012-03-19 22:41 . 2012-03-19 23:08 -------- d-----w- c:\programdata\Lx_cats 2012-03-19 22:41 . 2009-08-19 18:06 25600 ----a-w- c:\windows\system32\lxdxcaps64.dll 2012-03-19 22:41 . 2009-08-19 18:06 81920 ----a-w- c:\windows\SysWow64\lxdxcaps.dll 2012-03-19 22:41 . 2009-08-19 18:06 1024512 ----a-w- c:\windows\system32\lxdxdrs64.dll 2012-03-19 22:41 . 2009-08-19 18:06 782336 ----a-w- c:\windows\SysWow64\lxdxdrs.dll 2012-03-19 22:41 . 2009-08-19 18:00 54784 ----a-w- c:\windows\system32\lxdxcnv464.dll 2012-03-19 22:41 . 2009-08-19 18:00 77906 ----a-w- c:\windows\SysWow64\lxdxcfg.dll 2012-03-19 22:41 . 2009-08-19 18:00 69632 ----a-w- c:\windows\SysWow64\lxdxcnv4.dll 2012-03-19 22:41 . 2009-08-19 18:00 65536 ----a-w- c:\windows\system32\lxdxcfg64.dll 2012-03-19 22:39 . 2012-03-19 22:39 -------- d-----w- C:\logs 2012-03-19 22:36 . 2012-03-19 22:36 -------- d-----w- C:\lexmark 2012-03-14 07:05 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-14 07:05 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-14 07:05 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-14 04:01 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 04:01 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 04:01 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-03-14 04:01 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-14 04:01 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-14 04:01 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-14 04:00 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-14 04:00 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-03-14 04:00 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-14 04:00 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-11 17:14 . 2012-03-11 17:14 0 ----a-w- c:\windows\SysWow64\sho64D5.tmp 2012-03-11 16:53 . 2012-03-11 16:53 -------- d-----w- c:\program files\iPod 2012-03-11 16:53 . 2012-03-11 16:53 -------- d-----w- c:\program files\iTunes 2012-03-11 16:53 . 2012-03-11 16:53 -------- d-----w- c:\program files (x86)\iTunes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-03 02:36 . 2011-02-18 17:53 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-02-26 17:55 . 2012-02-26 17:55 0 ----a-w- c:\windows\SysWow64\sho2F79.tmp 2012-02-26 02:58 . 2011-09-11 12:11 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((( SnapShot@2012-04-06_22.10.28 ))))))))))))))))))))))))))))))))))))))))) . + 2012-04-07 11:25 . 2012-04-07 11:22 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040720120408\index.dat + 2012-04-06 11:48 . 2012-04-06 21:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040620120407\index.dat - 2012-04-06 11:48 . 2012-04-06 11:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040620120407\index.dat - 2012-03-29 09:54 . 2012-04-06 11:44 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat + 2012-03-29 09:54 . 2012-04-07 11:22 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat + 2009-07-14 05:10 . 2012-04-07 11:24 32440 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2011-03-08 00:12 . 2012-04-06 21:53 17596 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4079509864-593231484-137279154-1000_UserData.bin + 2011-03-08 00:12 . 2012-04-07 11:24 17596 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4079509864-593231484-137279154-1000_UserData.bin + 2012-02-26 17:58 . 2012-04-07 11:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat - 2012-02-26 17:58 . 2012-04-06 21:52 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat + 2011-03-07 23:03 . 2012-04-07 11:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-03-07 23:03 . 2012-04-06 21:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-02-26 17:58 . 2012-04-06 21:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat + 2012-02-26 17:58 . 2012-04-07 11:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat + 2011-03-07 23:03 . 2012-04-07 11:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-03-07 23:03 . 2012-04-06 21:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2012-02-26 17:58 . 2012-04-07 11:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat - 2012-02-26 17:58 . 2012-04-06 21:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat + 2009-07-14 04:54 . 2012-04-07 11:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-04-06 21:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-03-08 00:03 . 2012-04-07 11:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-03-08 00:03 . 2012-04-06 21:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-03-29 09:50 . 2012-04-07 11:23 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat - 2012-03-29 09:50 . 2012-04-06 21:52 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat + 2012-03-29 09:50 . 2012-04-07 11:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat - 2012-03-29 09:50 . 2012-04-06 21:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat + 2012-03-29 09:50 . 2012-04-07 11:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat - 2012-03-29 09:50 . 2012-04-06 21:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat - 2011-03-08 00:03 . 2012-04-06 21:52 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-03-08 00:03 . 2012-04-07 11:23 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-03-08 00:03 . 2012-04-06 21:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-03-08 00:03 . 2012-04-07 11:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-03-08 00:47 . 2012-04-06 21:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-03-08 00:47 . 2012-04-07 11:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-03-08 00:47 . 2012-04-07 11:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-03-08 00:47 . 2012-04-06 21:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-04-06 00:09 . 2012-04-07 11:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-04-06 00:09 . 2012-04-06 21:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-04-06 00:09 . 2012-04-06 21:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-04-06 00:09 . 2012-04-07 11:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-04-15 07:26 . 2012-04-07 11:27 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2011-04-15 07:26 . 2012-04-06 21:57 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-14 04:54 . 2012-04-07 11:27 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-04-06 21:57 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-03-07 23:41 . 2012-04-07 03:13 362620 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2009-07-14 02:36 . 2012-04-06 21:56 640400 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-04-07 03:16 640400 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-04-06 21:56 112198 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-04-07 03:16 112198 c:\windows\system32\perfc009.dat - 2009-07-14 04:54 . 2012-04-06 21:57 5570560 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-04-07 11:27 5570560 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-04-06 21:57 1097728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-04-07 11:27 1097728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2012-02-03 20:24 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2012-02-03 20:24 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2012-02-03 20:24 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\users\Bob Jones\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872] "HW_OPENEYE_OUC_"="c:\program files (x86)\Cricket Broadband EC1705\UpdateDog\ouc.exe" [2011-03-09 196608] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160] "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "sfagent"="c:\program files (x86)\Fighters\SPAMfighter\sfagent.exe" [2010-11-16 821384] "Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" [2011-03-24 1304] "AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736] "Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-02-03 1059472] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-08 559616] . c:\users\Bob Jones\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384] OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712] StickyNotes.exe [2009-5-19 483328] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2009-12-22 225280] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x] R3 OlyUsbCam;OLYMPUS USB Camera;c:\windows\system32\DRIVERS\OlyUsbCam.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480] S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files (x86)\Fighters\SPAMfighter\sfus.exe service [x] S2 Suite Service;Suite Service;c:\program files (x86)\Fighters\FighterSuiteService.exe [2010-11-16 1145992] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2012-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4079509864-593231484-137279154-1000Core.job - c:\users\Bob Jones\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-07 23:56] . 2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4079509864-593231484-137279154-1000UA.job - c:\users\Bob Jones\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-07 23:56] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2012-02-03 20:18 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2012-02-03 20:18 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2012-02-03 20:18 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288] "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = g.msn.com/USCON/1 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: adp.com Trusted Zone: adpcorp.com TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{0CE4C873-7E98-468F-988E-0D8459C0F61E}: NameServer = 10.133.20.11 10.132.20.11 TCP: Interfaces\{874EAB87-1252-46AB-8067-C7883711D19B}: NameServer = 10.133.20.11 10.132.20.11 TCP: Interfaces\{A3146EDD-7284-4647-8F82-EFAB9CC7F267}: NameServer = 10.133.20.11 10.132.20.11 TCP: Interfaces\{B38B24DA-233E-49AC-B4C4-4212DAA38564}: NameServer = 10.133.20.11 10.132.20.11 TCP: Interfaces\{CA0D7AB7-D4D2-42EA-BFFE-7C088762B930}: NameServer = 10.133.20.11 10.132.20.11 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-04-07 07:43:40 ComboFix-quarantined-files.txt 2012-04-07 11:43 ComboFix2.txt 2012-04-06 22:13 . Pre-Run: 436,656,099,328 bytes free Post-Run: 436,233,515,008 bytes free . - - End Of File - - A1E91C7CC67ECEF24363DE80D8E0BFF0
  7. ComboFix 12-04-06.02 - Bob Jones 04/06/2012 18:01:30.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6005.4333 [GMT -4:00] Running from: c:\users\Bob Jones\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Bob Jones\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3E7850DB-C7B6-48FB-AE0B-D5E0FA69C642}.xps c:\users\Bob Jones\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E11E957C-3852-4DE5-B6A7-9EE9FBAC0185}.xps c:\windows\svchost.exe . . ((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 ))))))))))))))))))))))))))))))) . . 2012-04-06 22:09 . 2012-04-06 22:09 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2012-04-06 22:09 . 2012-04-06 22:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-05 23:35 . 2012-04-05 23:35 -------- d-----w- C:\TDSSKiller_Quarantine 2012-04-04 06:21 . 2012-04-05 09:59 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98DC1D1E-C247-4AAE-B2EF-7F1699394DA6}\offreg.dll 2012-04-04 01:03 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98DC1D1E-C247-4AAE-B2EF-7F1699394DA6}\mpengine.dll 2012-04-03 06:01 . 2012-04-03 06:01 -------- d-----w- c:\users\Bob Jones\AppData\Roaming\Malwarebytes 2012-04-03 06:00 . 2012-04-03 06:00 -------- d-----w- c:\programdata\Malwarebytes 2012-04-03 06:00 . 2012-04-03 06:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-04-03 06:00 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-03 05:17 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-04-03 05:17 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-04-03 05:17 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-04-03 05:17 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-04-03 05:17 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-04-03 05:17 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe 2012-04-03 05:17 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-04-03 05:16 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr 2012-04-03 05:16 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-04-03 05:16 . 2012-04-03 05:16 -------- d-----w- c:\programdata\AVAST Software 2012-04-03 05:16 . 2012-04-03 05:16 -------- d-----w- c:\program files\AVAST Software 2012-04-03 04:46 . 2012-02-23 13:18 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-04-03 02:37 . 2012-04-03 02:37 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-04-03 02:37 . 2012-04-03 02:36 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll 2012-03-31 02:34 . 2012-04-02 23:59 -------- d-----w- c:\users\Bob Jones\AppData\Roaming\Titanium 2012-03-31 02:33 . 2012-04-03 04:30 -------- d-----w- c:\users\Bob Jones\AppData\Local\Eye-Fi 2012-03-31 02:31 . 2012-04-02 04:01 -------- d-----w- c:\users\Bob Jones\AppData\Roaming\Eye-Fi 2012-03-29 10:30 . 2012-03-29 10:30 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer 2012-03-29 10:30 . 2012-03-29 10:30 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer 2012-03-24 20:19 . 2007-03-22 23:24 26785 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\STRINGS.JS 2012-03-24 20:19 . 2007-03-22 23:24 23534 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\PRELOAD.JS 2012-03-24 20:19 . 2007-03-22 23:24 23063 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\SETTEXT.JS 2012-03-24 20:19 . 2007-03-22 23:24 19244 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\FPLIB.JS 2012-03-24 20:19 . 2007-03-22 23:24 19856 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\_PRELOAD.JS 2012-03-24 20:19 . 2007-03-22 23:24 18621 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\DOM.JS 2012-03-24 20:19 . 2007-03-22 23:24 16836 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\GETOBJ.JS 2012-03-24 20:19 . 2007-03-22 23:24 16565 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\_JMPMENU.JS 2012-03-20 01:22 . 2012-03-20 01:22 0 ----a-w- c:\windows\SysWow64\sho69DC.tmp 2012-03-19 23:08 . 2012-03-19 23:08 -------- d-----w- c:\programdata\App4rTemp 2012-03-19 23:07 . 2012-03-19 23:07 -------- d-----w- c:\users\Bob Jones\AppData\Roaming\Lexmark Productivity Studio 2012-03-19 22:49 . 2012-03-19 22:49 -------- d-----w- c:\programdata\Ezprint 2012-03-19 22:49 . 2012-03-19 22:49 -------- d-----w- c:\program files (x86)\Lexmark Toolbar 2012-03-19 22:41 . 2012-03-19 23:08 -------- d-----w- c:\programdata\Lx_cats 2012-03-19 22:41 . 2009-08-19 18:06 25600 ----a-w- c:\windows\system32\lxdxcaps64.dll 2012-03-19 22:41 . 2009-08-19 18:06 81920 ----a-w- c:\windows\SysWow64\lxdxcaps.dll 2012-03-19 22:41 . 2009-08-19 18:06 1024512 ----a-w- c:\windows\system32\lxdxdrs64.dll 2012-03-19 22:41 . 2009-08-19 18:06 782336 ----a-w- c:\windows\SysWow64\lxdxdrs.dll 2012-03-19 22:41 . 2009-08-19 18:00 54784 ----a-w- c:\windows\system32\lxdxcnv464.dll 2012-03-19 22:41 . 2009-08-19 18:00 77906 ----a-w- c:\windows\SysWow64\lxdxcfg.dll 2012-03-19 22:41 . 2009-08-19 18:00 69632 ----a-w- c:\windows\SysWow64\lxdxcnv4.dll 2012-03-19 22:41 . 2009-08-19 18:00 65536 ----a-w- c:\windows\system32\lxdxcfg64.dll 2012-03-19 22:39 . 2012-03-19 22:39 -------- d-----w- C:\logs 2012-03-19 22:36 . 2012-03-19 22:36 -------- d-----w- C:\lexmark 2012-03-17 03:04 . 2012-03-17 03:12 -------- d-----w- c:\users\Bob Jones\AppData\Roaming\AVG 2012-03-14 07:05 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-14 07:05 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-14 07:05 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-14 04:01 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 04:01 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 04:01 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-03-14 04:01 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-14 04:01 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-14 04:01 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-14 04:00 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-14 04:00 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-03-14 04:00 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-14 04:00 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-11 17:14 . 2012-03-11 17:14 0 ----a-w- c:\windows\SysWow64\sho64D5.tmp 2012-03-11 16:53 . 2012-03-11 16:53 -------- d-----w- c:\program files\iPod 2012-03-11 16:53 . 2012-03-11 16:53 -------- d-----w- c:\program files\iTunes 2012-03-11 16:53 . 2012-03-11 16:53 -------- d-----w- c:\program files (x86)\iTunes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-03 02:36 . 2011-02-18 17:53 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-02-26 17:55 . 2012-02-26 17:55 0 ----a-w- c:\windows\SysWow64\sho2F79.tmp 2012-02-26 02:58 . 2011-09-11 12:11 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2012-02-03 20:24 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2012-02-03 20:24 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2012-02-03 20:24 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\users\Bob Jones\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872] "HW_OPENEYE_OUC_"="c:\program files (x86)\Cricket Broadband EC1705\UpdateDog\ouc.exe" [2011-03-09 196608] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160] "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "sfagent"="c:\program files (x86)\Fighters\SPAMfighter\sfagent.exe" [2010-11-16 821384] "Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" [2011-03-24 1304] "AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736] "Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-02-03 1059472] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-08 559616] . c:\users\Bob Jones\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384] OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712] StickyNotes.exe [2009-5-19 483328] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2009-12-22 225280] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x] R3 OlyUsbCam;OLYMPUS USB Camera;c:\windows\system32\DRIVERS\OlyUsbCam.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480] S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files (x86)\Fighters\SPAMfighter\sfus.exe service [x] S2 Suite Service;Suite Service;c:\program files (x86)\Fighters\FighterSuiteService.exe [2010-11-16 1145992] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2012-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4079509864-593231484-137279154-1000Core.job - c:\users\Bob Jones\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-07 23:56] . 2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4079509864-593231484-137279154-1000UA.job - c:\users\Bob Jones\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-07 23:56] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2012-02-03 20:18 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2012-02-03 20:18 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2012-02-03 20:18 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288] "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-04-06 3203440] "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = g.msn.com/USCON/1 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: adp.com Trusted Zone: adpcorp.com TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{0CE4C873-7E98-468F-988E-0D8459C0F61E}: NameServer = 10.133.20.11 10.132.20.11 TCP: Interfaces\{874EAB87-1252-46AB-8067-C7883711D19B}: NameServer = 10.133.20.11 10.132.20.11 TCP: Interfaces\{A3146EDD-7284-4647-8F82-EFAB9CC7F267}: NameServer = 10.133.20.11 10.132.20.11 TCP: Interfaces\{B38B24DA-233E-49AC-B4C4-4212DAA38564}: NameServer = 10.133.20.11 10.132.20.11 TCP: Interfaces\{CA0D7AB7-D4D2-42EA-BFFE-7C088762B930}: NameServer = 10.133.20.11 10.132.20.11 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-Eye-Fi - c:\program files (x86)\Eye-Fi\Helper\EyeFiHelper.exe Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Bob Jones\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-04-06 18:13:34 ComboFix-quarantined-files.txt 2012-04-06 22:13 . Pre-Run: 435,307,405,312 bytes free Post-Run: 436,917,424,128 bytes free . - - End Of File - - 61BAA36FE8C2180CEE3BD4EB53D558ED
  8. Yes. It's disabled because I keep getting messages about infection. Am looking to get rid of this. It keeps acting like vundo right now
  9. Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.04.04.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Bob Jones :: DELL-LAPTOP [administrator] Protection: Disabled 4/5/2012 7:50:58 PM mbam-log-2012-04-05 (19-50-58).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 201845 Time elapsed: 5 minute(s), 40 second(s) Memory Processes Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> 5144 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot. (end)
  10. 19:32:23.0213 15076 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02 19:32:23.0572 15076 ============================================================ 19:32:23.0572 15076 Current date / time: 2012/04/05 19:32:23.0572 19:32:23.0572 15076 SystemInfo: 19:32:23.0572 15076 19:32:23.0572 15076 OS Version: 6.1.7601 ServicePack: 1.0 19:32:23.0572 15076 Product type: Workstation 19:32:23.0572 15076 ComputerName: DELL-LAPTOP 19:32:23.0572 15076 UserName: Bob Jones 19:32:23.0572 15076 Windows directory: C:\Windows 19:32:23.0572 15076 System windows directory: C:\Windows 19:32:23.0572 15076 Running under WOW64 19:32:23.0572 15076 Processor architecture: Intel x64 19:32:23.0572 15076 Number of processors: 4 19:32:23.0572 15076 Page size: 0x1000 19:32:23.0572 15076 Boot type: Normal boot 19:32:23.0572 15076 ============================================================ 19:32:24.0196 15076 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 19:32:24.0211 15076 \Device\Harddisk0\DR0: 19:32:24.0211 15076 MBR used 19:32:24.0211 15076 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x1D4C000 19:32:24.0211 15076 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7EFCD, BlocksNum 0x48AD8AE3 19:32:24.0243 15076 Initialize success 19:32:24.0243 15076 ============================================================ 19:32:57.0985 16288 ============================================================ 19:32:57.0985 16288 Scan started 19:32:57.0985 16288 Mode: Manual; SigCheck; TDLFS; 19:32:57.0985 16288 ============================================================ 19:32:58.0391 16288 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 19:32:58.0563 16288 1394ohci - ok 19:32:58.0656 16288 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 19:32:58.0687 16288 ACPI - ok 19:32:58.0781 16288 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 19:32:58.0875 16288 AcpiPmi - ok 19:32:58.0984 16288 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 19:32:59.0015 16288 adp94xx - ok 19:32:59.0062 16288 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 19:32:59.0077 16288 adpahci - ok 19:32:59.0124 16288 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 19:32:59.0155 16288 adpu320 - ok 19:32:59.0187 16288 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 19:32:59.0327 16288 AeLookupSvc - ok 19:32:59.0358 16288 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe 19:32:59.0389 16288 AERTFilters - ok 19:32:59.0467 16288 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 19:32:59.0577 16288 AFD - ok 19:32:59.0686 16288 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 19:32:59.0717 16288 agp440 - ok 19:32:59.0904 16288 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll 19:32:59.0904 16288 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7 19:32:59.0904 16288 Akamai ( HiddenFile.Multi.Generic ) - warning 19:32:59.0904 16288 Akamai - detected HiddenFile.Multi.Generic (1) 19:32:59.0982 16288 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 19:33:00.0060 16288 ALG - ok 19:33:00.0123 16288 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 19:33:00.0154 16288 aliide - ok 19:33:00.0388 16288 Amazon Download Agent (ff6f0f6a2d72065ae4300426fa414693) C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe 19:33:00.0419 16288 Amazon Download Agent ( UnsignedFile.Multi.Generic ) - warning 19:33:00.0419 16288 Amazon Download Agent - detected UnsignedFile.Multi.Generic (1) 19:33:00.0497 16288 AMD External Events Utility (3d90cf67db75823a8480e56bbcd2e028) C:\Windows\system32\atiesrxx.exe 19:33:00.0591 16288 AMD External Events Utility - ok 19:33:00.0669 16288 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 19:33:00.0684 16288 amdide - ok 19:33:00.0731 16288 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 19:33:00.0793 16288 AmdK8 - ok 19:33:00.0981 16288 amdkmdag (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atipmdag.sys 19:33:01.0215 16288 amdkmdag - ok 19:33:01.0261 16288 amdkmdap (414e0788920a8c856032be2cbf29f984) C:\Windows\system32\DRIVERS\atikmpag.sys 19:33:01.0324 16288 amdkmdap - ok 19:33:01.0433 16288 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 19:33:01.0480 16288 AmdPPM - ok 19:33:01.0542 16288 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 19:33:01.0573 16288 amdsata - ok 19:33:01.0605 16288 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 19:33:01.0620 16288 amdsbs - ok 19:33:01.0636 16288 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 19:33:01.0651 16288 amdxata - ok 19:33:01.0698 16288 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 19:33:01.0901 16288 AppID - ok 19:33:01.0979 16288 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 19:33:02.0073 16288 AppIDSvc - ok 19:33:02.0151 16288 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 19:33:02.0213 16288 Appinfo - ok 19:33:02.0322 16288 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 19:33:02.0353 16288 Apple Mobile Device - ok 19:33:02.0447 16288 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 19:33:02.0463 16288 arc - ok 19:33:02.0494 16288 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 19:33:02.0525 16288 arcsas - ok 19:33:02.0603 16288 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys 19:33:02.0650 16288 aswFsBlk - ok 19:33:02.0728 16288 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys 19:33:02.0743 16288 aswMonFlt - ok 19:33:02.0806 16288 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys 19:33:02.0837 16288 aswRdr - ok 19:33:02.0946 16288 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys 19:33:02.0977 16288 aswSnx - ok 19:33:03.0055 16288 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys 19:33:03.0087 16288 aswSP - ok 19:33:03.0165 16288 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys 19:33:03.0196 16288 aswTdi - ok 19:33:03.0258 16288 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 19:33:03.0336 16288 AsyncMac - ok 19:33:03.0383 16288 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 19:33:03.0414 16288 atapi - ok 19:33:03.0492 16288 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys 19:33:03.0523 16288 AtiHdmiService - ok 19:33:03.0586 16288 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 19:33:03.0711 16288 AudioEndpointBuilder - ok 19:33:03.0742 16288 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 19:33:03.0789 16288 AudioSrv - ok 19:33:03.0898 16288 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe 19:33:03.0929 16288 avast! Antivirus - ok 19:33:04.0023 16288 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 19:33:04.0147 16288 AxInstSV - ok 19:33:04.0257 16288 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 19:33:04.0335 16288 b06bdrv - ok 19:33:04.0428 16288 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 19:33:04.0506 16288 b57nd60a - ok 19:33:04.0615 16288 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys 19:33:04.0631 16288 BCM42RLY - ok 19:33:04.0740 16288 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys 19:33:04.0803 16288 BCM43XX - ok 19:33:04.0881 16288 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys 19:33:04.0896 16288 BcmVWL - ok 19:33:04.0943 16288 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 19:33:04.0974 16288 BDESVC - ok 19:33:05.0021 16288 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 19:33:05.0130 16288 Beep - ok 19:33:05.0224 16288 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 19:33:05.0302 16288 BFE - ok 19:33:05.0364 16288 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 19:33:05.0489 16288 BITS - ok 19:33:05.0567 16288 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 19:33:05.0614 16288 blbdrive - ok 19:33:05.0723 16288 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 19:33:05.0770 16288 Bonjour Service - ok 19:33:05.0863 16288 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 19:33:05.0895 16288 bowser - ok 19:33:05.0941 16288 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 19:33:06.0019 16288 BrFiltLo - ok 19:33:06.0035 16288 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 19:33:06.0051 16288 BrFiltUp - ok 19:33:06.0097 16288 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 19:33:06.0207 16288 Browser - ok 19:33:06.0300 16288 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 19:33:06.0378 16288 Brserid - ok 19:33:06.0472 16288 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 19:33:06.0519 16288 BrSerWdm - ok 19:33:06.0565 16288 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 19:33:06.0612 16288 BrUsbMdm - ok 19:33:06.0659 16288 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 19:33:06.0706 16288 BrUsbSer - ok 19:33:06.0799 16288 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 19:33:06.0877 16288 BthEnum - ok 19:33:06.0924 16288 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 19:33:06.0987 16288 BTHMODEM - ok 19:33:07.0033 16288 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 19:33:07.0096 16288 BthPan - ok 19:33:07.0221 16288 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys 19:33:07.0314 16288 BTHPORT - ok 19:33:07.0392 16288 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 19:33:07.0455 16288 bthserv - ok 19:33:07.0517 16288 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys 19:33:07.0564 16288 BTHUSB - ok 19:33:07.0611 16288 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys 19:33:07.0642 16288 btusbflt - ok 19:33:07.0704 16288 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys 19:33:07.0720 16288 btwaudio - ok 19:33:07.0751 16288 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys 19:33:07.0782 16288 btwavdt - ok 19:33:07.0860 16288 btwdins (10ffb5fa51d5713d872b41a59dfc2213) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 19:33:07.0907 16288 btwdins - ok 19:33:07.0985 16288 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys 19:33:08.0016 16288 btwl2cap - ok 19:33:08.0063 16288 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys 19:33:08.0079 16288 btwrchid - ok 19:33:08.0266 16288 CarboniteService (39dbdd8e86caf1cd03c00d5c931fd3fa) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe 19:33:08.0469 16288 CarboniteService - ok 19:33:08.0562 16288 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 19:33:08.0640 16288 cdfs - ok 19:33:08.0718 16288 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 19:33:08.0765 16288 cdrom - ok 19:33:08.0827 16288 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 19:33:08.0937 16288 CertPropSvc - ok 19:33:09.0015 16288 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 19:33:09.0061 16288 circlass - ok 19:33:09.0124 16288 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 19:33:09.0155 16288 CLFS - ok 19:33:09.0217 16288 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 19:33:09.0249 16288 clr_optimization_v2.0.50727_32 - ok 19:33:09.0280 16288 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 19:33:09.0311 16288 clr_optimization_v2.0.50727_64 - ok 19:33:09.0389 16288 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 19:33:09.0420 16288 clr_optimization_v4.0.30319_32 - ok 19:33:09.0467 16288 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 19:33:09.0498 16288 clr_optimization_v4.0.30319_64 - ok 19:33:09.0576 16288 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 19:33:09.0623 16288 CmBatt - ok 19:33:09.0685 16288 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 19:33:09.0717 16288 cmdide - ok 19:33:09.0810 16288 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 19:33:09.0857 16288 CNG - ok 19:33:09.0935 16288 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 19:33:09.0951 16288 Compbatt - ok 19:33:10.0013 16288 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 19:33:10.0060 16288 CompositeBus - ok 19:33:10.0107 16288 COMSysApp - ok 19:33:10.0169 16288 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 19:33:10.0185 16288 crcdisk - ok 19:33:10.0263 16288 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 19:33:10.0341 16288 CryptSvc - ok 19:33:10.0450 16288 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys 19:33:10.0528 16288 CtClsFlt - ok 19:33:10.0637 16288 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 19:33:10.0699 16288 cvhsvc - ok 19:33:10.0777 16288 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 19:33:10.0887 16288 DcomLaunch - ok 19:33:10.0996 16288 DCService.exe (00eaf3956092a8008608ca6e2c5d649d) C:\ProgramData\DatacardService\DCService.exe 19:33:11.0027 16288 DCService.exe ( UnsignedFile.Multi.Generic ) - warning 19:33:11.0027 16288 DCService.exe - detected UnsignedFile.Multi.Generic (1) 19:33:11.0089 16288 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 19:33:11.0183 16288 defragsvc - ok 19:33:11.0245 16288 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 19:33:11.0339 16288 DfsC - ok 19:33:11.0433 16288 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 19:33:11.0495 16288 Dhcp - ok 19:33:11.0542 16288 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 19:33:11.0604 16288 discache - ok 19:33:11.0698 16288 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 19:33:11.0729 16288 Disk - ok 19:33:11.0776 16288 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 19:33:11.0838 16288 Dnscache - ok 19:33:11.0901 16288 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe 19:33:11.0932 16288 DockLoginService ( UnsignedFile.Multi.Generic ) - warning 19:33:11.0932 16288 DockLoginService - detected UnsignedFile.Multi.Generic (1) 19:33:12.0010 16288 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 19:33:12.0088 16288 dot3svc - ok 19:33:12.0119 16288 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 19:33:12.0213 16288 DPS - ok 19:33:12.0259 16288 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 19:33:12.0322 16288 drmkaud - ok 19:33:12.0384 16288 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 19:33:12.0431 16288 DXGKrnl - ok 19:33:12.0478 16288 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 19:33:12.0571 16288 EapHost - ok 19:33:12.0681 16288 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 19:33:12.0837 16288 ebdrv - ok 19:33:12.0868 16288 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 19:33:12.0930 16288 EFS - ok 19:33:13.0039 16288 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 19:33:13.0133 16288 ehRecvr - ok 19:33:13.0180 16288 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 19:33:13.0227 16288 ehSched - ok 19:33:13.0305 16288 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 19:33:13.0351 16288 elxstor - ok 19:33:13.0429 16288 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 19:33:13.0492 16288 ErrDev - ok 19:33:13.0554 16288 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 19:33:13.0679 16288 EventSystem - ok 19:33:13.0788 16288 ewusbnet (da7cef9ffbbd6498df106bcab84eb10a) C:\Windows\system32\DRIVERS\ewusbnet.sys 19:33:13.0851 16288 ewusbnet - ok 19:33:13.0944 16288 ew_hwusbdev (e2cbb821c7cae0ef8b56de28ed85c740) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys 19:33:14.0007 16288 ew_hwusbdev - ok 19:33:14.0053 16288 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 19:33:14.0116 16288 exfat - ok 19:33:14.0131 16288 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 19:33:14.0225 16288 fastfat - ok 19:33:14.0287 16288 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 19:33:14.0381 16288 Fax - ok 19:33:14.0459 16288 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 19:33:14.0506 16288 fdc - ok 19:33:14.0553 16288 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 19:33:14.0615 16288 fdPHost - ok 19:33:14.0631 16288 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 19:33:14.0709 16288 FDResPub - ok 19:33:14.0755 16288 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 19:33:14.0787 16288 FileInfo - ok 19:33:14.0818 16288 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 19:33:14.0911 16288 Filetrace - ok 19:33:14.0958 16288 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 19:33:14.0974 16288 flpydisk - ok 19:33:15.0005 16288 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 19:33:15.0036 16288 FltMgr - ok 19:33:15.0099 16288 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 19:33:15.0208 16288 FontCache - ok 19:33:15.0333 16288 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 19:33:15.0348 16288 FontCache3.0.0.0 - ok 19:33:15.0395 16288 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 19:33:15.0426 16288 FsDepends - ok 19:33:15.0457 16288 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 19:33:15.0489 16288 Fs_Rec - ok 19:33:15.0582 16288 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 19:33:15.0613 16288 fvevol - ok 19:33:15.0645 16288 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 19:33:15.0676 16288 gagp30kx - ok 19:33:15.0769 16288 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe 19:33:15.0801 16288 GameConsoleService - ok 19:33:15.0879 16288 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 19:33:15.0894 16288 GEARAspiWDM - ok 19:33:15.0941 16288 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe 19:33:15.0957 16288 GoToAssist - ok 19:33:16.0066 16288 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 19:33:16.0191 16288 gpsvc - ok 19:33:16.0238 16288 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 19:33:16.0300 16288 hcw85cir - ok 19:33:16.0347 16288 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 19:33:16.0394 16288 HDAudBus - ok 19:33:16.0440 16288 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 19:33:16.0456 16288 HECIx64 - ok 19:33:16.0503 16288 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 19:33:16.0550 16288 HidBatt - ok 19:33:16.0565 16288 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 19:33:16.0628 16288 HidBth - ok 19:33:16.0706 16288 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 19:33:16.0752 16288 HidIr - ok 19:33:16.0799 16288 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 19:33:16.0893 16288 hidserv - ok 19:33:17.0002 16288 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 19:33:17.0018 16288 HidUsb - ok 19:33:17.0080 16288 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 19:33:17.0189 16288 hkmsvc - ok 19:33:17.0252 16288 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 19:33:17.0330 16288 HomeGroupListener - ok 19:33:17.0361 16288 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 19:33:17.0423 16288 HomeGroupProvider - ok 19:33:17.0517 16288 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 19:33:17.0548 16288 HpSAMD - ok 19:33:17.0610 16288 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 19:33:17.0704 16288 HTTP - ok 19:33:17.0813 16288 huawei_enumerator (6dbd08bc1331c78548298e82c4b667c5) C:\Windows\system32\DRIVERS\ew_jubusenum.sys 19:33:17.0876 16288 huawei_enumerator - ok 19:33:17.0985 16288 hwdatacard (6e5cd3984742a922d0c183c7e82c3c94) C:\Windows\system32\DRIVERS\ewusbmdm.sys 19:33:18.0063 16288 hwdatacard - ok 19:33:18.0141 16288 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 19:33:18.0172 16288 hwpolicy - ok 19:33:18.0281 16288 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 19:33:18.0328 16288 i8042prt - ok 19:33:18.0375 16288 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys 19:33:18.0406 16288 iaStor - ok 19:33:18.0468 16288 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 19:33:18.0500 16288 iaStorV - ok 19:33:18.0593 16288 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 19:33:18.0656 16288 idsvc - ok 19:33:18.0734 16288 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 19:33:18.0749 16288 iirsp - ok 19:33:18.0827 16288 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 19:33:18.0921 16288 IKEEXT - ok 19:33:19.0014 16288 IntcAzAudAddService (6e4ccb3aff07e2b9f2a937385c84b573) C:\Windows\system32\drivers\RTKVHD64.sys 19:33:19.0077 16288 IntcAzAudAddService - ok 19:33:19.0264 16288 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 19:33:19.0295 16288 intelide - ok 19:33:19.0326 16288 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 19:33:19.0373 16288 intelppm - ok 19:33:19.0467 16288 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 19:33:19.0545 16288 IPBusEnum - ok 19:33:19.0607 16288 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:33:19.0685 16288 IpFilterDriver - ok 19:33:19.0763 16288 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 19:33:19.0857 16288 iphlpsvc - ok 19:33:19.0950 16288 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 19:33:20.0013 16288 IPMIDRV - ok 19:33:20.0060 16288 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 19:33:20.0122 16288 IPNAT - ok 19:33:20.0200 16288 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe 19:33:20.0262 16288 iPod Service - ok 19:33:20.0496 16288 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 19:33:20.0543 16288 IRENUM - ok 19:33:20.0590 16288 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 19:33:20.0621 16288 isapnp - ok 19:33:20.0637 16288 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 19:33:20.0684 16288 iScsiPrt - ok 19:33:20.0715 16288 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 19:33:20.0730 16288 kbdclass - ok 19:33:20.0824 16288 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 19:33:20.0871 16288 kbdhid - ok 19:33:20.0933 16288 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 19:33:20.0964 16288 KeyIso - ok 19:33:21.0011 16288 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 19:33:21.0042 16288 KSecDD - ok 19:33:21.0074 16288 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 19:33:21.0105 16288 KSecPkg - ok 19:33:21.0136 16288 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 19:33:21.0214 16288 ksthunk - ok 19:33:21.0245 16288 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 19:33:21.0354 16288 KtmRm - ok 19:33:21.0448 16288 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys 19:33:21.0464 16288 L1C - ok 19:33:21.0542 16288 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 19:33:21.0635 16288 LanmanServer - ok 19:33:21.0682 16288 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 19:33:21.0776 16288 LanmanWorkstation - ok 19:33:21.0869 16288 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 19:33:21.0932 16288 lltdio - ok 19:33:21.0978 16288 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 19:33:22.0056 16288 lltdsvc - ok 19:33:22.0088 16288 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 19:33:22.0150 16288 lmhosts - ok 19:33:22.0212 16288 LMS (23d990150d56b670a62b21b9abdd45ee) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 19:33:22.0228 16288 LMS - ok 19:33:22.0322 16288 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 19:33:22.0337 16288 LSI_FC - ok 19:33:22.0384 16288 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 19:33:22.0415 16288 LSI_SAS - ok 19:33:22.0462 16288 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 19:33:22.0493 16288 LSI_SAS2 - ok 19:33:22.0524 16288 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 19:33:22.0556 16288 LSI_SCSI - ok 19:33:22.0602 16288 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 19:33:22.0680 16288 luafv - ok 19:33:22.0805 16288 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys 19:33:22.0821 16288 MBAMProtector - ok 19:33:22.0914 16288 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 19:33:22.0961 16288 MBAMService - ok 19:33:23.0024 16288 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 19:33:23.0086 16288 Mcx2Svc - ok 19:33:23.0164 16288 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 19:33:23.0195 16288 MDM - ok 19:33:23.0273 16288 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 19:33:23.0289 16288 megasas - ok 19:33:23.0336 16288 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 19:33:23.0367 16288 MegaSR - ok 19:33:23.0414 16288 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 19:33:23.0507 16288 MMCSS - ok 19:33:23.0538 16288 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 19:33:23.0601 16288 Modem - ok 19:33:23.0648 16288 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 19:33:23.0710 16288 monitor - ok 19:33:23.0788 16288 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 19:33:23.0804 16288 mouclass - ok 19:33:23.0897 16288 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 19:33:23.0944 16288 mouhid - ok 19:33:24.0006 16288 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 19:33:24.0038 16288 mountmgr - ok 19:33:24.0069 16288 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 19:33:24.0100 16288 mpio - ok 19:33:24.0131 16288 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 19:33:24.0194 16288 mpsdrv - ok 19:33:24.0240 16288 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 19:33:24.0350 16288 MpsSvc - ok 19:33:24.0584 16288 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 19:33:24.0646 16288 MRxDAV - ok 19:33:24.0708 16288 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 19:33:24.0755 16288 mrxsmb - ok 19:33:24.0818 16288 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:33:24.0864 16288 mrxsmb10 - ok 19:33:24.0896 16288 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:33:24.0927 16288 mrxsmb20 - ok 19:33:24.0958 16288 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 19:33:24.0989 16288 msahci - ok 19:33:25.0036 16288 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 19:33:25.0067 16288 msdsm - ok 19:33:25.0083 16288 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 19:33:25.0145 16288 MSDTC - ok 19:33:25.0192 16288 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 19:33:25.0254 16288 Msfs - ok 19:33:25.0270 16288 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 19:33:25.0317 16288 mshidkmdf - ok 19:33:25.0348 16288 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 19:33:25.0348 16288 msisadrv - ok 19:33:25.0395 16288 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 19:33:25.0473 16288 MSiSCSI - ok 19:33:25.0473 16288 msiserver - ok 19:33:25.0520 16288 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 19:33:25.0582 16288 MSKSSRV - ok 19:33:25.0598 16288 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 19:33:25.0691 16288 MSPCLOCK - ok 19:33:25.0785 16288 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 19:33:25.0863 16288 MSPQM - ok 19:33:25.0925 16288 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 19:33:25.0956 16288 MsRPC - ok 19:33:26.0019 16288 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 19:33:26.0050 16288 mssmbios - ok 19:33:26.0081 16288 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 19:33:26.0159 16288 MSTEE - ok 19:33:26.0190 16288 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 19:33:26.0206 16288 MTConfig - ok 19:33:26.0222 16288 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 19:33:26.0253 16288 Mup - ok 19:33:26.0300 16288 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 19:33:26.0393 16288 napagent - ok 19:33:26.0502 16288 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 19:33:26.0549 16288 NativeWifiP - ok 19:33:26.0643 16288 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 19:33:26.0690 16288 NDIS - ok 19:33:26.0736 16288 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 19:33:26.0814 16288 NdisCap - ok 19:33:26.0877 16288 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 19:33:26.0924 16288 NdisTapi - ok 19:33:26.0986 16288 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 19:33:27.0064 16288 Ndisuio - ok 19:33:27.0126 16288 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 19:33:27.0204 16288 NdisWan - ok 19:33:27.0267 16288 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 19:33:27.0329 16288 NDProxy - ok 19:33:27.0423 16288 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 19:33:27.0485 16288 NetBIOS - ok 19:33:27.0532 16288 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 19:33:27.0641 16288 NetBT - ok 19:33:27.0672 16288 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 19:33:27.0704 16288 Netlogon - ok 19:33:27.0766 16288 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 19:33:27.0875 16288 Netman - ok 19:33:27.0969 16288 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 19:33:28.0047 16288 netprofm - ok 19:33:28.0109 16288 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 19:33:28.0140 16288 NetTcpPortSharing - ok 19:33:28.0203 16288 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 19:33:28.0234 16288 nfrd960 - ok 19:33:28.0296 16288 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 19:33:28.0374 16288 NlaSvc - ok 19:33:28.0406 16288 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 19:33:28.0468 16288 Npfs - ok 19:33:28.0499 16288 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 19:33:28.0593 16288 nsi - ok 19:33:28.0624 16288 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 19:33:28.0671 16288 nsiproxy - ok 19:33:28.0764 16288 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 19:33:28.0842 16288 Ntfs - ok 19:33:28.0920 16288 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 19:33:28.0998 16288 Null - ok 19:33:29.0061 16288 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 19:33:29.0092 16288 nvraid - ok 19:33:29.0123 16288 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 19:33:29.0154 16288 nvstor - ok 19:33:29.0232 16288 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 19:33:29.0264 16288 nv_agp - ok 19:33:29.0279 16288 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 19:33:29.0342 16288 ohci1394 - ok 19:33:29.0420 16288 OlyUsbCam (ed74264b8b3ba640ce97130862732b4e) C:\Windows\system32\DRIVERS\OlyUsbCam.sys 19:33:29.0451 16288 OlyUsbCam - ok 19:33:29.0513 16288 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 19:33:29.0529 16288 ose - ok 19:33:29.0700 16288 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 19:33:29.0872 16288 osppsvc - ok 19:33:29.0981 16288 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 19:33:30.0075 16288 p2pimsvc - ok 19:33:30.0122 16288 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 19:33:30.0168 16288 p2psvc - ok 19:33:30.0262 16288 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 19:33:30.0293 16288 Parport - ok 19:33:30.0356 16288 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 19:33:30.0387 16288 partmgr - ok 19:33:30.0434 16288 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 19:33:30.0496 16288 PcaSvc - ok 19:33:30.0558 16288 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 19:33:30.0574 16288 pci - ok 19:33:30.0621 16288 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 19:33:30.0636 16288 pciide - ok 19:33:30.0683 16288 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 19:33:30.0699 16288 pcmcia - ok 19:33:30.0714 16288 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 19:33:30.0730 16288 pcw - ok 19:33:30.0761 16288 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 19:33:30.0839 16288 PEAUTH - ok 19:33:30.0948 16288 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 19:33:30.0995 16288 PerfHost - ok 19:33:31.0089 16288 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 19:33:31.0182 16288 pla - ok 19:33:31.0229 16288 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 19:33:31.0323 16288 PlugPlay - ok 19:33:31.0385 16288 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 19:33:31.0416 16288 PNRPAutoReg - ok 19:33:31.0432 16288 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 19:33:31.0463 16288 PNRPsvc - ok 19:33:31.0494 16288 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 19:33:31.0588 16288 PolicyAgent - ok 19:33:31.0666 16288 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 19:33:31.0760 16288 Power - ok 19:33:31.0838 16288 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 19:33:31.0916 16288 PptpMiniport - ok 19:33:32.0025 16288 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 19:33:32.0072 16288 Processor - ok 19:33:32.0134 16288 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 19:33:32.0243 16288 ProfSvc - ok 19:33:32.0274 16288 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 19:33:32.0306 16288 ProtectedStorage - ok 19:33:32.0384 16288 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 19:33:32.0462 16288 Psched - ok 19:33:32.0493 16288 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys 19:33:32.0524 16288 PxHlpa64 - ok 19:33:32.0633 16288 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 19:33:32.0696 16288 ql2300 - ok 19:33:32.0711 16288 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 19:33:32.0727 16288 ql40xx - ok 19:33:32.0758 16288 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 19:33:32.0805 16288 QWAVE - ok 19:33:32.0820 16288 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 19:33:32.0867 16288 QWAVEdrv - ok 19:33:32.0898 16288 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 19:33:32.0930 16288 RasAcd - ok 19:33:32.0976 16288 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 19:33:33.0023 16288 RasAgileVpn - ok 19:33:33.0101 16288 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 19:33:33.0195 16288 RasAuto - ok 19:33:33.0242 16288 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 19:33:33.0320 16288 Rasl2tp - ok 19:33:33.0382 16288 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 19:33:33.0491 16288 RasMan - ok 19:33:33.0538 16288 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 19:33:33.0616 16288 RasPppoe - ok 19:33:33.0663 16288 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 19:33:33.0725 16288 RasSstp - ok 19:33:33.0772 16288 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 19:33:33.0834 16288 rdbss - ok 19:33:33.0912 16288 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 19:33:33.0975 16288 rdpbus - ok 19:33:34.0068 16288 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 19:33:34.0162 16288 RDPCDD - ok 19:33:34.0240 16288 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 19:33:34.0287 16288 RDPENCDD - ok 19:33:34.0334 16288 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 19:33:34.0380 16288 RDPREFMP - ok 19:33:34.0427 16288 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 19:33:34.0505 16288 RDPWD - ok 19:33:34.0536 16288 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 19:33:34.0568 16288 rdyboost - ok 19:33:34.0599 16288 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 19:33:34.0692 16288 RemoteAccess - ok 19:33:34.0724 16288 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 19:33:34.0802 16288 RemoteRegistry - ok 19:33:34.0880 16288 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 19:33:34.0926 16288 RFCOMM - ok 19:33:35.0004 16288 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 19:33:35.0098 16288 RpcEptMapper - ok 19:33:35.0145 16288 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 19:33:35.0207 16288 RpcLocator - ok 19:33:35.0238 16288 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 19:33:35.0301 16288 RpcSs - ok 19:33:35.0332 16288 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 19:33:35.0394 16288 rspndr - ok 19:33:35.0441 16288 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys 19:33:35.0472 16288 RSUSBSTOR - ok 19:33:35.0504 16288 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 19:33:35.0535 16288 SamSs - ok 19:33:35.0566 16288 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 19:33:35.0597 16288 sbp2port - ok 19:33:35.0628 16288 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 19:33:35.0722 16288 SCardSvr - ok 19:33:35.0769 16288 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 19:33:35.0847 16288 scfilter - ok 19:33:35.0925 16288 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 19:33:36.0065 16288 Schedule - ok 19:33:36.0159 16288 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 19:33:36.0206 16288 SCPolicySvc - ok 19:33:36.0268 16288 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 19:33:36.0315 16288 SDRSVC - ok 19:33:36.0377 16288 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 19:33:36.0408 16288 SeaPort - ok 19:33:36.0486 16288 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 19:33:36.0549 16288 secdrv - ok 19:33:36.0580 16288 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 19:33:36.0674 16288 seclogon - ok 19:33:36.0736 16288 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 19:33:36.0798 16288 SENS - ok 19:33:36.0845 16288 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 19:33:36.0923 16288 SensrSvc - ok 19:33:37.0001 16288 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 19:33:37.0048 16288 Serenum - ok 19:33:37.0110 16288 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 19:33:37.0157 16288 Serial - ok 19:33:37.0220 16288 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 19:33:37.0251 16288 sermouse - ok 19:33:37.0298 16288 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 19:33:37.0376 16288 SessionEnv - ok 19:33:37.0407 16288 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 19:33:37.0469 16288 sffdisk - ok 19:33:37.0563 16288 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 19:33:37.0610 16288 sffp_mmc - ok 19:33:37.0641 16288 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 19:33:37.0688 16288 sffp_sd - ok 19:33:37.0750 16288 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 19:33:37.0781 16288 sfloppy - ok 19:33:37.0859 16288 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys 19:33:37.0875 16288 Sftfs - ok 19:33:37.0937 16288 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 19:33:37.0968 16288 sftlist - ok 19:33:38.0046 16288 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys 19:33:38.0078 16288 Sftplay - ok 19:33:38.0140 16288 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys 19:33:38.0171 16288 Sftredir - ok 19:33:38.0280 16288 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE 19:33:38.0343 16288 SftService - ok 19:33:38.0421 16288 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys 19:33:38.0452 16288 Sftvol - ok 19:33:38.0514 16288 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 19:33:38.0530 16288 sftvsa - ok 19:33:38.0592 16288 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 19:33:38.0639 16288 SharedAccess - ok 19:33:38.0686 16288 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 19:33:38.0764 16288 ShellHWDetection - ok 19:33:38.0811 16288 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 19:33:38.0826 16288 SiSRaid2 - ok 19:33:38.0842 16288 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 19:33:38.0858 16288 SiSRaid4 - ok 19:33:38.0889 16288 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 19:33:38.0936 16288 Smb - ok 19:33:38.0967 16288 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 19:33:39.0029 16288 SNMPTRAP - ok 19:33:39.0107 16288 SPAMfighter Update Service (ed9f035593588b6fec21478c6b9e0452) C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe 19:33:39.0138 16288 SPAMfighter Update Service - ok 19:33:39.0232 16288 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 19:33:39.0248 16288 spldr - ok 19:33:39.0326 16288 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 19:33:39.0404 16288 Spooler - ok 19:33:39.0528 16288 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 19:33:39.0685 16288 sppsvc - ok 19:33:39.0732 16288 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 19:33:39.0841 16288 sppuinotify - ok 19:33:39.0904 16288 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe 19:33:39.0919 16288 sprtsvc_DellSupportCenter - ok 19:33:40.0013 16288 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 19:33:40.0091 16288 srv - ok 19:33:40.0138 16288 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 19:33:40.0185 16288 srv2 - ok 19:33:40.0231 16288 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 19:33:40.0278 16288 srvnet - ok 19:33:40.0356 16288 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 19:33:40.0450 16288 SSDPSRV - ok 19:33:40.0481 16288 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 19:33:40.0528 16288 SstpSvc - ok 19:33:40.0575 16288 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 19:33:40.0590 16288 stexstor - ok 19:33:40.0654 16288 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 19:33:40.0747 16288 stisvc - ok 19:33:40.0856 16288 Suite Service (e567825c5f3934e13c8d755611954a7e) C:\Program Files (x86)\Fighters\FighterSuiteService.exe 19:33:40.0903 16288 Suite Service - ok 19:33:40.0997 16288 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 19:33:41.0012 16288 swenum - ok 19:33:41.0106 16288 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 19:33:41.0153 16288 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning 19:33:41.0153 16288 SwitchBoard - detected UnsignedFile.Multi.Generic (1) 19:33:41.0246 16288 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 19:33:41.0371 16288 swprv - ok 19:33:41.0434 16288 SynTP (c25866bdf0e818e02bb8e76845d26e54) C:\Windows\system32\DRIVERS\SynTP.sys 19:33:41.0465 16288 SynTP - ok 19:33:41.0527 16288 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 19:33:41.0652 16288 SysMain - ok 19:33:41.0699 16288 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 19:33:41.0746 16288 TabletInputService - ok 19:33:41.0761 16288 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 19:33:41.0870 16288 TapiSrv - ok 19:33:41.0902 16288 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 19:33:41.0948 16288 TBS - ok 19:33:42.0026 16288 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 19:33:42.0120 16288 Tcpip - ok 19:33:42.0198 16288 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 19:33:42.0260 16288 TCPIP6 - ok 19:33:42.0292 16288 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 19:33:42.0385 16288 tcpipreg - ok 19:33:42.0416 16288 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 19:33:42.0463 16288 TDPIPE - ok 19:33:42.0510 16288 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 19:33:42.0541 16288 TDTCP - ok 19:33:42.0572 16288 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 19:33:42.0635 16288 tdx - ok 19:33:42.0682 16288 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 19:33:42.0697 16288 TermDD - ok 19:33:42.0744 16288 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 19:33:42.0853 16288 TermService - ok 19:33:42.0884 16288 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 19:33:42.0947 16288 Themes - ok 19:33:42.0994 16288 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 19:33:43.0056 16288 THREADORDER - ok 19:33:43.0072 16288 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 19:33:43.0134 16288 TrkWks - ok 19:33:43.0212 16288 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 19:33:43.0306 16288 TrustedInstaller - ok 19:33:43.0399 16288 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 19:33:43.0508 16288 tssecsrv - ok 19:33:43.0571 16288 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 19:33:43.0618 16288 TsUsbFlt - ok 19:33:43.0711 16288 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 19:33:43.0805 16288 tunnel - ok 19:33:43.0836 16288 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 19:33:43.0852 16288 uagp35 - ok 19:33:43.0914 16288 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 19:33:43.0976 16288 udfs - ok 19:33:44.0054 16288 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 19:33:44.0086 16288 UI0Detect - ok 19:33:44.0148 16288 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 19:33:44.0195 16288 uliagpkx - ok 19:33:44.0210 16288 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 19:33:44.0273 16288 umbus - ok 19:33:44.0351 16288 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 19:33:44.0413 16288 UmPass - ok 19:33:44.0538 16288 UNS (cbdee152d73200ee49031a26310b9d3e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 19:33:44.0647 16288 UNS - ok 19:33:44.0725 16288 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 19:33:44.0850 16288 upnphost - ok 19:33:44.0928 16288 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 19:33:44.0975 16288 usbaudio - ok 19:33:45.0037 16288 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 19:33:45.0115 16288 usbccgp - ok 19:33:45.0162 16288 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 19:33:45.0193 16288 usbcir - ok 19:33:45.0271 16288 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 19:33:45.0334 16288 usbehci - ok 19:33:45.0380 16288 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 19:33:45.0443 16288 usbhub - ok 19:33:45.0490 16288 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 19:33:45.0521 16288 usbohci - ok 19:33:45.0552 16288 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 19:33:45.0614 16288 usbprint - ok 19:33:45.0646 16288 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 19:33:45.0708 16288 usbscan - ok 19:33:45.0755 16288 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:33:45.0833 16288 USBSTOR - ok 19:33:45.0911 16288 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 19:33:45.0973 16288 usbuhci - ok 19:33:46.0036 16288 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 19:33:46.0082 16288 usbvideo - ok 19:33:46.0114 16288 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 19:33:46.0192 16288 UxSms - ok 19:33:46.0223 16288 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 19:33:46.0238 16288 VaultSvc - ok 19:33:46.0316 16288 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 19:33:46.0348 16288 vdrvroot - ok 19:33:46.0410 16288 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 19:33:46.0519 16288 vds - ok 19:33:46.0613 16288 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 19:33:46.0660 16288 vga - ok 19:33:46.0691 16288 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 19:33:46.0769 16288 VgaSave - ok 19:33:46.0987 16288 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 19:33:47.0050 16288 vhdmp - ok 19:33:47.0159 16288 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 19:33:47.0190 16288 viaide - ok 19:33:47.0252 16288 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 19:33:47.0299 16288 volmgr - ok 19:33:47.0674 16288 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 19:33:47.0705 16288 volmgrx - ok 19:33:47.0892 16288 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 19:33:47.0923 16288 volsnap - ok 19:33:48.0017 16288 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 19:33:48.0064 16288 vsmraid - ok 19:33:48.0142 16288 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 19:33:48.0344 16288 VSS - ok 19:33:48.0422 16288 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 19:33:48.0485 16288 vwifibus - ok 19:33:48.0532 16288 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 19:33:48.0578 16288 vwififlt - ok 19:33:48.0641 16288 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 19:33:48.0781 16288 W32Time - ok 19:33:48.0844 16288 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 19:33:48.0875 16288 WacomPen - ok 19:33:48.0953 16288 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 19:33:49.0046 16288 WANARP - ok 19:33:49.0046 16288 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 19:33:49.0093 16288 Wanarpv6 - ok 19:33:49.0561 16288 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 19:33:49.0655 16288 WatAdminSvc - ok 19:33:50.0014 16288 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 19:33:50.0170 16288 wbengine - ok 19:33:50.0248 16288 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 19:33:50.0326 16288 WbioSrvc - ok 19:33:50.0372 16288 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 19:33:50.0419 16288 wcncsvc - ok 19:33:50.0466 16288 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 19:33:50.0544 16288 WcsPlugInService - ok 19:33:50.0591 16288 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 19:33:50.0622 16288 Wd - ok 19:33:50.0669 16288 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 19:33:50.0716 16288 Wdf01000 - ok 19:33:50.0747 16288 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 19:33:50.0887 16288 WdiServiceHost - ok 19:33:50.0887 16288 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 19:33:50.0918 16288 WdiSystemHost - ok 19:33:50.0950 16288 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 19:33:51.0028 16288 WebClient - ok 19:33:51.0059 16288 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 19:33:51.0152 16288 Wecsvc - ok 19:33:51.0184 16288 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 19:33:51.0277 16288 wercplsupport - ok 19:33:51.0324 16288 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 19:33:51.0371 16288 WerSvc - ok 19:33:51.0433 16288 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 19:33:51.0511 16288 WfpLwf - ok 19:33:51.0620 16288 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys 19:33:51.0652 16288 WimFltr - ok 19:33:51.0714 16288 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 19:33:51.0761 16288 WIMMount - ok 19:33:51.0808 16288 WinDefend - ok 19:33:51.0808 16288 WinHttpAutoProxySvc - ok 19:33:52.0010 16288 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 19:33:52.0088 16288 Winmgmt - ok 19:33:52.0213 16288 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 19:33:52.0369 16288 WinRM - ok 19:33:52.0697 16288 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 19:33:52.0775 16288 WinUsb - ok 19:33:53.0274 16288 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 19:33:53.0352 16288 Wlansvc - ok 19:33:53.0820 16288 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 19:33:53.0914 16288 wlidsvc - ok 19:33:53.0960 16288 wltrysvc (de816a0624d54d68e1fb8a9028dcf81a) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE 19:33:53.0992 16288 wltrysvc ( UnsignedFile.Multi.Generic ) - warning 19:33:53.0992 16288 wltrysvc - detected UnsignedFile.Multi.Generic (1) 19:33:54.0101 16288 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 19:33:54.0132 16288 WmiAcpi - ok 19:33:54.0413 16288 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 19:33:54.0475 16288 wmiApSrv - ok 19:33:54.0538 16288 WMPNetworkSvc - ok 19:33:54.0756 16288 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 19:33:54.0803 16288 WPCSvc - ok 19:33:54.0850 16288 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 19:33:54.0881 16288 WPDBusEnum - ok 19:33:54.0959 16288 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 19:33:55.0037 16288 ws2ifsl - ok 19:33:55.0099 16288 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 19:33:55.0146 16288 wscsvc - ok 19:33:55.0208 16288 WSearch - ok 19:33:55.0723 16288 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 19:33:55.0973 16288 wuauserv - ok 19:33:56.0581 16288 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 19:33:56.0675 16288 WudfPf - ok 19:33:57.0112 16288 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 19:33:57.0158 16288 WUDFRd - ok 19:33:57.0408 16288 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 19:33:57.0455 16288 wudfsvc - ok 19:33:57.0704 16288 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 19:33:57.0736 16288 WwanSvc - ok 19:33:57.0892 16288 MBR (0x1B8) (e9f67288208d53ef770f82e186904857) \Device\Harddisk0\DR0 19:33:57.0923 16288 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected 19:33:57.0923 16288 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0) 19:33:58.0048 16288 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 19:33:58.0048 16288 \Device\Harddisk0\DR0 - detected TDSS File System (1) 19:33:58.0094 16288 Boot (0x1200) (968d613a98673a9b1e5aff3358e72170) \Device\Harddisk0\DR0\Partition0 19:33:58.0094 16288 \Device\Harddisk0\DR0\Partition0 - ok 19:33:58.0110 16288 Boot (0x1200) (ec7a06e888a1b22ccdee0d0b2ee5ec30) \Device\Harddisk0\DR0\Partition1 19:33:58.0110 16288 \Device\Harddisk0\DR0\Partition1 - ok 19:33:58.0110 16288 ============================================================ 19:33:58.0110 16288 Scan finished 19:33:58.0110 16288 ============================================================ 19:33:58.0141 14888 Detected object count: 8 19:33:58.0141 14888 Actual detected object count: 8 19:35:00.0198 14888 Akamai ( HiddenFile.Multi.Generic ) - skipped by user 19:35:00.0198 14888 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 19:35:00.0198 14888 Amazon Download Agent ( UnsignedFile.Multi.Generic ) - skipped by user 19:35:00.0198 14888 Amazon Download Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:35:00.0198 14888 DCService.exe ( UnsignedFile.Multi.Generic ) - skipped by user 19:35:00.0198 14888 DCService.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:35:00.0198 14888 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user 19:35:00.0198 14888 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:35:00.0198 14888 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user 19:35:00.0198 14888 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:35:00.0198 14888 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user 19:35:00.0198 14888 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:35:00.0494 14888 \Device\Harddisk0\DR0\# - copied to quarantine 19:35:00.0494 14888 \Device\Harddisk0\DR0 - copied to quarantine 19:35:00.0635 14888 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 19:35:00.0650 14888 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine 19:35:00.0682 14888 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 19:35:00.0697 14888 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 19:35:00.0775 14888 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 19:35:00.0791 14888 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine 19:35:00.0791 14888 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 19:35:00.0806 14888 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 19:35:00.0806 14888 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 19:35:00.0806 14888 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 19:35:00.0806 14888 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine 19:35:00.0822 14888 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 19:35:00.0869 14888 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot 19:35:00.0869 14888 \Device\Harddisk0\DR0 - ok 19:35:01.0025 14888 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 19:35:01.0040 14888 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 19:35:01.0040 14888 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 19:35:21.0414 16352 Deinitialize success
  11. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31 Run by Bob Jones at 20:18:37 on 2012-04-05 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6005.3586 [GMT -4:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\WLANExt.exe C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE C:\Windows\system32\conhost.exe C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Windows\SysWOW64\svchost.exe -k Akamai C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\ProgramData\DatacardService\DCService.exe C:\ProgramData\DatacardService\DCSHelper.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Fighters\FighterSuiteService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE C:\Users\Bob Jones\AppData\Local\Google\Update\GoogleUpdate.exe C:\Users\Bob Jones\AppData\Local\Akamai\netsession_win.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.exe C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe -netsvcs C:\Windows\system32\conhost.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Users\Bob Jones\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StickyNotes.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\msiexec.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Users\Bob Jones\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = g.msn.com/USCON/1 uDefault_Page_URL = g.msn.com/USCON/1 uInternet Settings,ProxyOverride = <local> mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [Google Update] "C:\Users\Bob Jones\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Akamai NetSession Interface] "C:\Users\Bob Jones\AppData\Local\Akamai\netsession_win.exe" uRun: [HW_OPENEYE_OUC_] "C:\Program Files (x86)\Cricket Broadband EC1705\UpdateDog\ouc.exe" uRun: [Eye-Fi] "C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe" mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun: [sfagent] C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe mRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" StartupFolder: C:\Users\BOBJON~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe StartupFolder: C:\Users\BOBJON~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE StartupFolder: C:\Users\Bob Jones\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StickyNotes.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL Trusted Zone: adp.com Trusted Zone: adpcorp.com DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{0CE4C873-7E98-468F-988E-0D8459C0F61E} : NameServer = 10.133.20.11 10.132.20.11 TCP: Interfaces\{15E654EB-EF3C-44D0-A173-5EC50785E479} : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC} : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC}\4457E6B696E60244F6E6574737 : DhcpNameServer = 192.168.91.1 TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC}\4657E6E647962756 : DhcpNameServer = 208.67.220.220 208.67.222.222 10.0.0.10 TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC}\775676D616E637 : DhcpNameServer = 208.67.222.222 208.67.220.220 TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC}\A5F6F6D6 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC}\A7F6F6D6 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{874EAB87-1252-46AB-8067-C7883711D19B} : NameServer = 10.133.20.11 10.132.20.11 TCP: Interfaces\{A3146EDD-7284-4647-8F82-EFAB9CC7F267} : NameServer = 10.133.20.11 10.132.20.11 TCP: Interfaces\{B38B24DA-233E-49AC-B4C4-4212DAA38564} : NameServer = 10.133.20.11 10.132.20.11 TCP: Interfaces\{CA0D7AB7-D4D2-42EA-BFFE-7C088762B930} : NameServer = 10.133.20.11 10.132.20.11 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO-X64: Search Helper - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun-x64: [sfagent] C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe mRun-x64: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" mRun-x64: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?] R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-2-18 98208] R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992] R2 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-4-3 401920] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?] R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-4-3 44768] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 DCService.exe;DCService.exe;C:\ProgramData\DatacardService\DCService.exe [2009-12-22 225280] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-3 652360] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-2-18 1692480] R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe [2010-11-16 214664] R2 Suite Service;Suite Service;C:\Program Files (x86)\Fighters\FighterSuiteService.exe [2010-11-16 1145992] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-18 2533400] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?] S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?] S3 OlyUsbCam;OLYMPUS USB Camera;C:\Windows\system32\DRIVERS\OlyUsbCam.sys --> C:\Windows\system32\DRIVERS\OlyUsbCam.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-04-06 00:10:30 20480 ----a-w- C:\Windows\svchost.exe 2012-04-05 23:35:00 -------- d-----w- C:\TDSSKiller_Quarantine 2012-04-04 06:21:17 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{98DC1D1E-C247-4AAE-B2EF-7F1699394DA6}\offreg.dll 2012-04-04 01:03:44 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-04-04 01:03:40 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{98DC1D1E-C247-4AAE-B2EF-7F1699394DA6}\mpengine.dll 2012-04-03 06:01:02 -------- d-----w- C:\Users\Bob Jones\AppData\Roaming\Malwarebytes 2012-04-03 06:00:53 -------- d-----w- C:\ProgramData\Malwarebytes 2012-04-03 06:00:52 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-04-03 06:00:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-04-03 05:17:08 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2012-04-03 05:17:05 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2012-04-03 05:17:03 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2012-04-03 05:16:42 41184 ----a-w- C:\Windows\avastSS.scr 2012-04-03 05:16:20 -------- d-----w- C:\ProgramData\AVAST Software 2012-04-03 05:16:20 -------- d-----w- C:\Program Files\AVAST Software 2012-04-03 04:46:13 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-04-03 02:37:03 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll 2012-03-31 02:34:49 -------- d-----w- C:\Users\Bob Jones\AppData\Roaming\Titanium 2012-03-31 02:33:46 -------- d-----w- C:\Users\Bob Jones\AppData\Local\Eye-Fi 2012-03-31 02:31:14 -------- d-----w- C:\Users\Bob Jones\AppData\Roaming\Eye-Fi 2012-03-24 20:48:00 -------- d-----w- C:\Users\Bob Jones\AppData\Local\{AD9BF85B-CCDD-4BF7-BD11-5940C4575453} 2012-03-20 01:22:52 0 ----a-w- C:\Windows\SysWow64\sho69DC.tmp 2012-03-19 23:08:35 -------- d-----w- C:\ProgramData\App4rTemp 2012-03-19 23:07:52 -------- d-----w- C:\Users\Bob Jones\AppData\Roaming\Lexmark Productivity Studio 2012-03-19 22:49:41 -------- d-----w- C:\ProgramData\Ezprint 2012-03-19 22:49:25 -------- d-----w- C:\Program Files (x86)\Lexmark Toolbar 2012-03-19 22:41:58 -------- d-----w- C:\ProgramData\Lx_cats 2012-03-19 22:41:02 81920 ----a-w- C:\Windows\SysWow64\lxdxcaps.dll 2012-03-19 22:41:02 782336 ----a-w- C:\Windows\SysWow64\lxdxdrs.dll 2012-03-19 22:41:02 77906 ----a-w- C:\Windows\SysWow64\lxdxcfg.dll 2012-03-19 22:41:02 69632 ----a-w- C:\Windows\SysWow64\lxdxcnv4.dll 2012-03-19 22:41:02 65536 ----a-w- C:\Windows\System32\lxdxcfg64.dll 2012-03-19 22:41:02 54784 ----a-w- C:\Windows\System32\lxdxcnv464.dll 2012-03-19 22:41:02 25600 ----a-w- C:\Windows\System32\lxdxcaps64.dll 2012-03-19 22:41:02 1024512 ----a-w- C:\Windows\System32\lxdxdrs64.dll 2012-03-19 22:39:11 -------- d-----w- C:\logs 2012-03-19 22:36:36 -------- d-----w- C:\lexmark 2012-03-17 03:04:51 -------- d-----w- C:\Users\Bob Jones\AppData\Roaming\AVG 2012-03-14 07:05:12 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-03-14 07:05:10 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-03-14 07:05:09 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-03-14 04:01:15 3145728 ----a-w- C:\Windows\System32\win32k.sys 2012-03-14 04:01:14 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2012-03-14 04:01:13 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-03-14 04:01:01 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-03-14 04:01:00 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-03-14 04:01:00 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-03-14 04:00:33 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-03-14 04:00:32 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-03-14 04:00:31 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-03-14 04:00:31 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-03-11 17:14:44 0 ----a-w- C:\Windows\SysWow64\sho64D5.tmp 2012-03-11 16:53:03 -------- d-----w- C:\Program Files\iPod 2012-03-11 16:53:02 -------- d-----w- C:\Program Files\iTunes 2012-03-11 16:53:02 -------- d-----w- C:\Program Files (x86)\iTunes . ==================== Find3M ==================== . 2012-04-03 02:36:30 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-02-26 17:55:46 0 ----a-w- C:\Windows\SysWow64\sho2F79.tmp 2012-02-26 02:58:40 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl . ============= FINISH: 20:21:05.11 ===============
  12. Merged post I've attached the log files. It seems to be something infecting my hosts file. I get 404 error messages when trying to go to certain web sites. Please let me know what you find. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 3/7/2011 6:26:33 PM System Uptime: 4/3/2012 9:58:44 PM (3 hours ago) . Motherboard: Dell Inc. | | 0PJTXT Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz | U2E1 | 2399/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 581 GiB total, 412.962 GiB free. D: is CDROM () V: is NetworkDisk (NTFS) - 1397 GiB total, 537.484 GiB free. W: is NetworkDisk (NTFS) - 1851 GiB total, 939.265 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP118: 4/2/2012 10:35:22 PM - Installed Java™ 6 Update 31 RP119: 4/2/2012 11:51:53 PM - Removed Google Talk Plugin RP120: 4/3/2012 12:19:28 AM - Removed AVG 2012 RP121: 4/3/2012 12:21:54 AM - Removed AVG 2012 RP122: 4/3/2012 12:29:11 AM - Removed Eye-Fi Center 3.4 RP123: 4/3/2012 12:45:13 AM - Windows Update RP124: 4/3/2012 1:15:48 AM - avast! Free Antivirus Setup . ==== Installed Programs ====================== . 688I Hunter Killer Adobe AIR Adobe Community Help Adobe Flash Media Live Encoder 3.1 Adobe Flash Player 10 ActiveX Adobe Media Player Adobe Photoshop CS5 Adobe Reader 9.5.0 Advanced Audio FX Engine Akamai NetSession Interface Akamai NetSession Interface Service Amazon Games & Software Downloader Angry Birds Apple Application Support Apple Software Update Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver ATI Catalyst Control Center avast! Free Antivirus Carbonite Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Consumer In-Home Service Agreement Core FTP LE 2.1 Cozi Cricket Broadband EC1705 D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Dock Dell Getting Started Guide Dell Support Center (Support Software) Dell Webcam Central eBay Flickr Uploadr 2.5.0.14 Google Chrome GoToAssist 8.0.0.514 Intel AppUp(SM) center Intel® Management Engine Components Java Auto Updater Java™ 6 Update 31 Junk Mail filter update jZip LinkedIn Outlook Connector Live! Cam Avatar Creator LoJack Factory Installer Malwarebytes Anti-Malware version 1.60.1.1000 Media Player Codec Pack 4.1.1 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office FrontPage 2003 Microsoft Office Home and Business 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Mozilla Thunderbird 10.0 (x86 en-US) MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Octoshape add-in for Adobe Flash Player OLYMPUS Studio 2 PDF Settings CS5 Photomatix Pro version 3.2.7 QuickTime Realtek High Definition Audio Driver Roxio Burn Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition Skins Skype Click to Call Skype™ 5.5 SPAMfighter SPAMfighter Client Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition Update for Microsoft Outlook Social Connector (KB2583935) Visual Studio 2008 x64 Redistributables WildTangent Games Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin XnView 1.98.5 . ==== Event Viewer Messages From Past Week ======== . 4/4/2012 12:31:35 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0. . ==== End Of File =========================== . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31 Run by Bob Jones at 0:30:13 on 2012-04-04 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6005.2608 [GMT -4:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Windows\SysWOW64\svchost.exe -k Akamai C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\ProgramData\DatacardService\DCService.exe C:\ProgramData\DatacardService\DCSHelper.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Users\Bob Jones\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Users\Bob Jones\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StickyNotes.exe C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Users\Bob Jones\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.exe C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\ProgramData\Cricket Broadband EC1705\userdata\ouc.exe C:\Program Files (x86)\Fighters\FighterSuiteService.exe -netsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\conhost.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\vssvc.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = g.msn.com/USCON/1 uDefault_Page_URL = g.msn.com/USCON/1 uInternet Settings,ProxyOverride = <local> mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [Google Update] "C:\Users\Bob Jones\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Akamai NetSession Interface] "C:\Users\Bob Jones\AppData\Local\Akamai\netsession_win.exe" uRun: [HW_OPENEYE_OUC_] "C:\Program Files (x86)\Cricket Broadband EC1705\UpdateDog\ouc.exe" uRun: [Eye-Fi] "C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe" mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun: [sfagent] C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe mRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" StartupFolder: C:\Users\BOBJON~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe StartupFolder: C:\Users\BOBJON~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE StartupFolder: C:\Users\Bob Jones\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StickyNotes.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL Trusted Zone: adp.com Trusted Zone: adpcorp.com DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{0CE4C873-7E98-468F-988E-0D8459C0F61E} : NameServer = 10.133.20.11 10.132.20.11 TCP: Interfaces\{15E654EB-EF3C-44D0-A173-5EC50785E479} : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC} : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC}\4457E6B696E60244F6E6574737 : DhcpNameServer = 192.168.91.1 TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC}\4657E6E647962756 : DhcpNameServer = 208.67.220.220 208.67.222.222 10.0.0.10 TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC}\775676D616E637 : DhcpNameServer = 208.67.222.222 208.67.220.220 TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC}\A5F6F6D6 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC}\A7F6F6D6 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{874EAB87-1252-46AB-8067-C7883711D19B} : NameServer = 10.133.20.11 10.132.20.11 TCP: Interfaces\{A3146EDD-7284-4647-8F82-EFAB9CC7F267} : NameServer = 10.133.20.11 10.132.20.11 TCP: Interfaces\{B38B24DA-233E-49AC-B4C4-4212DAA38564} : NameServer = 10.133.20.11 10.132.20.11 TCP: Interfaces\{CA0D7AB7-D4D2-42EA-BFFE-7C088762B930} : NameServer = 10.133.20.11 10.132.20.11 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO-X64: Search Helper - No File BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun-x64: [sfagent] C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe mRun-x64: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" mRun-x64: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?] R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-2-18 98208] R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992] R2 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-4-3 401920] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?] R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-4-3 44768] R2 DCService.exe;DCService.exe;C:\ProgramData\DatacardService\DCService.exe [2009-12-22 225280] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-3 652360] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-2-18 1692480] R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe [2010-11-16 214664] R2 Suite Service;Suite Service;C:\Program Files (x86)\Fighters\FighterSuiteService.exe [2010-11-16 1145992] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-18 2533400] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?] S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?] S3 OlyUsbCam;OLYMPUS USB Camera;C:\Windows\system32\DRIVERS\OlyUsbCam.sys --> C:\Windows\system32\DRIVERS\OlyUsbCam.sys [?] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-04-04 01:03:44 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-04-04 01:03:40 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{98DC1D1E-C247-4AAE-B2EF-7F1699394DA6}\mpengine.dll 2012-04-03 06:24:58 20480 ----a-w- C:\Windows\svchost.exe 2012-04-03 06:01:02 -------- d-----w- C:\Users\Bob Jones\AppData\Roaming\Malwarebytes 2012-04-03 06:00:53 -------- d-----w- C:\ProgramData\Malwarebytes 2012-04-03 06:00:52 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-04-03 06:00:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-04-03 05:17:08 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2012-04-03 05:17:05 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2012-04-03 05:17:03 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2012-04-03 05:16:42 41184 ----a-w- C:\Windows\avastSS.scr 2012-04-03 05:16:20 -------- d-----w- C:\ProgramData\AVAST Software 2012-04-03 05:16:20 -------- d-----w- C:\Program Files\AVAST Software 2012-04-03 04:46:13 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-04-03 02:37:03 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll 2012-03-31 02:34:49 -------- d-----w- C:\Users\Bob Jones\AppData\Roaming\Titanium 2012-03-31 02:33:46 -------- d-----w- C:\Users\Bob Jones\AppData\Local\Eye-Fi 2012-03-31 02:31:14 -------- d-----w- C:\Users\Bob Jones\AppData\Roaming\Eye-Fi 2012-03-24 20:48:00 -------- d-----w- C:\Users\Bob Jones\AppData\Local\{AD9BF85B-CCDD-4BF7-BD11-5940C4575453} 2012-03-20 01:22:52 0 ----a-w- C:\Windows\SysWow64\sho69DC.tmp 2012-03-19 23:08:35 -------- d-----w- C:\ProgramData\App4rTemp 2012-03-19 23:07:52 -------- d-----w- C:\Users\Bob Jones\AppData\Roaming\Lexmark Productivity Studio 2012-03-19 22:49:41 -------- d-----w- C:\ProgramData\Ezprint 2012-03-19 22:49:25 -------- d-----w- C:\Program Files (x86)\Lexmark Toolbar 2012-03-19 22:41:58 -------- d-----w- C:\ProgramData\Lx_cats 2012-03-19 22:41:02 81920 ----a-w- C:\Windows\SysWow64\lxdxcaps.dll 2012-03-19 22:41:02 782336 ----a-w- C:\Windows\SysWow64\lxdxdrs.dll 2012-03-19 22:41:02 77906 ----a-w- C:\Windows\SysWow64\lxdxcfg.dll 2012-03-19 22:41:02 69632 ----a-w- C:\Windows\SysWow64\lxdxcnv4.dll 2012-03-19 22:41:02 65536 ----a-w- C:\Windows\System32\lxdxcfg64.dll 2012-03-19 22:41:02 54784 ----a-w- C:\Windows\System32\lxdxcnv464.dll 2012-03-19 22:41:02 25600 ----a-w- C:\Windows\System32\lxdxcaps64.dll 2012-03-19 22:41:02 1024512 ----a-w- C:\Windows\System32\lxdxdrs64.dll 2012-03-19 22:39:11 -------- d-----w- C:\logs 2012-03-19 22:36:36 -------- d-----w- C:\lexmark 2012-03-17 03:04:51 -------- d-----w- C:\Users\Bob Jones\AppData\Roaming\AVG 2012-03-14 07:05:12 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-03-14 07:05:10 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-03-14 07:05:09 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-03-14 04:01:15 3145728 ----a-w- C:\Windows\System32\win32k.sys 2012-03-14 04:01:14 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2012-03-14 04:01:13 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-03-14 04:01:01 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-03-14 04:01:00 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-03-14 04:01:00 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-03-14 04:00:33 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-03-14 04:00:32 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-03-14 04:00:31 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-03-14 04:00:31 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-03-11 17:14:44 0 ----a-w- C:\Windows\SysWow64\sho64D5.tmp 2012-03-11 16:53:03 -------- d-----w- C:\Program Files\iPod 2012-03-11 16:53:02 -------- d-----w- C:\Program Files\iTunes 2012-03-11 16:53:02 -------- d-----w- C:\Program Files (x86)\iTunes . ==================== Find3M ==================== . 2012-04-03 02:36:30 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-02-26 17:55:46 0 ----a-w- C:\Windows\SysWow64\sho2F79.tmp 2012-02-26 02:58:40 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl . ============= FINISH: 0:31:32.43 =============== Attach.txt DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.