SoulAmiss

Looks like it worked. Malewarebytes isn't finding anything. Adobe Acrobat X Pro - English, Français, Deutsch Adobe AIR Adobe Creative Suite 6 Master Collection Adobe Download Assistant Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Help Manager Adobe Media Player Adobe Reader 9.5.2 Adobe Shockwave Player 11.5 Adobe Widget Browser Adobe® Content Viewer Akamai NetSession Interface Akamai NetSession Interface Service Amazon MP3 Downloader 1.0.17 Apple Application Support Apple Software Update Banctec Service Agreement bl Complete Care Consumer Service Agreement ConvertHelper 2.2 D3DX10 Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell Getting Started Guide DirectXInstallService EA Download Manager EA Download Manager UI EMC 10 Content Facebook Plug-In GoToAssist 8.0.0.514 HiJackThis HMA! Pro VPN 2.6.9 IrfanView (remove only) Java Auto Updater Java 6 Update 30 Junk Mail filter update Lexmark 640 Series Malwarebytes Anti-Malware version 1.65.1.1000 McAfee SecurityCenter Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 Mozilla Firefox 16.0.2 (x86 en-US) Mozilla Maintenance Service MSN Toolbar MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NavNet NirSoft Mail PassView NVIDIA PhysX PatchBeam PDF Settings CS6 ph Photocensoredet PowerArchiver 2011 QuickTime Realtek High Definition Audio Driver Roxio Activation Module Roxio BackOnTrack Roxio Central Audio Roxio Central Copy Roxio Central Core Roxio Central Data Roxio Central Tools Roxio Easy CD and DVD Burning Roxio Express Labeler 3 Roxio Update Manager Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Sonic CinePlayer Decoder Pack SoulSeek 157 NS 13e Spelling Dictionaries Support For Adobe Reader 9 STK03N The Sims™ 2 Double Deluxe Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VLC media player 1.0.2 Vuze Winamp Winamp Detector Plug-in Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin WordPerfect Office 2002 Yahoo! Detect

ComboFix 12-12-02.01 - I'm Lee 12/02/2012 19:08:18.3.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.4786 [GMT -6:00] Running from: c:\users\I'm Lee\Desktop\ComboFix.exe Command switches used :: c:\users\I'm Lee\Desktop\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Resident AV is active . . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\svchost.exe . . ((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 ))))))))))))))))))))))))))))))) . . 2012-12-03 01:17 . 2012-12-03 01:17 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-12-03 01:17 . 2012-12-03 01:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-02 14:33 . 2012-12-02 14:34 856731 ----a-w- c:\users\I'm Lee\AppData\Roaming\Microsoft\Windows\Network Shortcuts\SecurityCheck.exe 2012-12-01 20:12 . 2012-12-01 20:12 388096 ----a-r- c:\users\I'm Lee\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-12-01 20:12 . 2012-12-01 20:12 -------- d-----w- c:\program files (x86)\Trend Micro 2012-12-01 20:10 . 2012-12-01 20:10 1402880 ----a-w- c:\users\I'm Lee\AppData\Roaming\Microsoft\Windows\Network Shortcuts\HiJackThis.msi 2012-11-29 20:09 . 2012-12-01 22:01 -------- d-----w- c:\users\I'm Lee\AppData\Roaming\Sogo 2012-11-29 20:08 . 2012-11-29 20:08 -------- d-----w- c:\windows\Sun 2012-11-15 20:17 . 2012-11-15 20:17 -------- d-----w- c:\users\I'm Lee\AppData\Local\Google 2012-11-15 18:27 . 2008-07-20 21:46 -------- d-----w- c:\program files\FlashOffliner v1.0 2012-11-15 18:25 . 2012-11-15 18:47 -------- d-----w- c:\program files (x86)\FlashOffliner 2012-11-15 17:17 . 2012-11-15 17:17 -------- d-----w- c:\users\I'm Lee\AppData\Roaming\FlashGet 2012-11-15 17:08 . 2012-11-15 19:44 -------- d-----w- c:\program files (x86)\FlashGet 2012-11-15 09:07 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-15 09:07 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-15 09:07 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-15 09:07 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-15 09:00 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-15 09:00 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-15 09:00 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-15 09:00 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-15 09:00 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-15 09:00 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-15 09:00 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-04 13:42 . 2012-11-04 13:42 -------- d-----w- c:\users\I'm Lee\AppData\Roaming\PDAppFlex . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-15 18:58 . 2012-06-17 13:52 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-15 18:58 . 2012-06-17 13:52 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-15 09:01 . 2010-01-24 15:36 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-16 08:38 . 2012-11-28 02:08 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 02:08 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 02:08 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-09-30 00:54 . 2012-06-17 14:10 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-14 19:19 . 2012-10-10 04:33 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 04:33 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184] "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136] "Akamai NetSession Interface"="c:\users\I'm Lee\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] . c:\users\I'm Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ P2 Card Manager.lnk - c:\program files\Panasonic P2\Drivers\App\P2TaskTray.exe [2007-3-8 14336] STK03N PNP Monitor.lnk - c:\windows\STK03N\STK03NM.exe [2011-9-9 163840] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\DRIVERS\ubsbm.sys [2010-02-26 24064] R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\DRIVERS\ubumapi.sys [2010-02-26 92160] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-06-22 106112] R3 p2usb;Panasonic P2 Series USB Device;c:\windows\system32\DRIVERS\p2usb.sys [2011-05-23 30208] R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\DRIVERS\ubohci.sys [2010-02-26 132608] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-04-16 14464] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-06-22 335784] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-06-22 218320] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-06-22 177144] S2 p2csvc;p2csvc;c:\windows\system32\p2csvc.exe [2008-07-25 67072] S2 p2csvc32;p2csvc32;c:\windows\SysWOW64\p2csvc32.exe [2008-07-25 61440] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-09-17 656624] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-06-22 69672] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-06-22 513456] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 57049194 *NewlyCreated* - 65807257 *Deregistered* - 57049194 *Deregistered* - 65807257 *Deregistered* - aswMBR *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2012-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-17 18:58] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html TCP: DhcpNameServer = 97.64.168.12 97.64.183.165 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll FF - ProfilePath - c:\users\I'm Lee\AppData\Roaming\Mozilla\Firefox\Profiles\vv00rrof.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.photobucket.com . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) SafeBoot-65807257.sys . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90, 43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,38,12,74,86,a7, 23,35,7c,cc,00,c6,51,fd,ca,fb,3f,27,bf "{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac, 6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f, aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84, f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:00,21,c9,f8,c8,ce,cd,01 . [HKEY_USERS\S-1-5-21-565956605-2893480571-1785055309-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-565956605-2893480571-1785055309-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2607047~31bf3856ad364e35~amd64~~6.1.1.1] @DACL=(02 0000) "ApplicabilityState"=dword:00000000 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2618444~31bf3856ad364e35~amd64~~9.4.1.0] @DACL=(02 0000) "ApplicabilityState"=dword:00000070 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2618451~31bf3856ad364e35~amd64~~6.1.1.0] @DACL=(02 0000) "ApplicabilityState"=dword:00000070 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2619339~31bf3856ad364e35~amd64~~6.1.1.0] @DACL=(02 0000) "ApplicabilityState"=dword:00000070 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2620712~31bf3856ad364e35~amd64~~6.1.1.0] @DACL=(02 0000) "ApplicabilityState"=dword:00000070 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2621146~31bf3856ad364e35~amd64~~6.1.1.0] @DACL=(02 0000) "ApplicabilityState"=dword:00000000 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2633952~31bf3856ad364e35~amd64~~6.1.1.0] @DACL=(02 0000) "ApplicabilityState"=dword:00000070 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2639417~31bf3856ad364e35~amd64~~6.1.1.3] @DACL=(02 0000) "ApplicabilityState"=dword:00000070 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\0a\01\0a\15\1b8N" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-12-02 19:19:08 ComboFix-quarantined-files.txt 2012-12-03 01:19 ComboFix2.txt 2012-12-02 20:51 ComboFix3.txt 2012-07-01 22:47 . Pre-Run: 247,560,876,032 bytes free Post-Run: 247,516,356,608 bytes free . - - End Of File - - 226D9236A1CD70D5FBC05DB5229918CE

ok. Just took forever. aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-12-02 15:50:49 ----------------------------- 15:50:49.395 OS Version: Windows x64 6.1.7601 Service Pack 1 15:50:49.395 Number of processors: 8 586 0x1A05 15:50:49.395 ComputerName: SASSAFRASQUATCH UserName: I'm Lee 15:50:56.415 Initialize success 15:52:09.904 AVAST engine defs: 12120101 16:08:35.711 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 16:08:35.711 Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 3 16:08:35.727 Disk 0 MBR read successfully 16:08:35.727 Disk 0 MBR scan 16:08:35.727 Disk 0 Windows VISTA default MBR code 16:08:35.743 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63 16:08:35.743 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 9342 MB offset 81920 16:08:35.774 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 601097 MB offset 19214336 16:08:35.789 Disk 0 scanning C:\Windows\system32\drivers 16:08:45.961 Service scanning 16:09:05.586 Modules scanning 16:09:05.586 Disk 0 trace - called modules: 16:09:05.617 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 16:09:06.116 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ea7060] 16:09:06.116 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8007b4d050] 16:09:07.551 AVAST engine scan C:\Windows 16:09:10.609 AVAST engine scan C:\Windows\system32 16:12:21.506 AVAST engine scan C:\Windows\system32\drivers 16:12:33.503 AVAST engine scan C:\Users\I'm Lee 17:18:25.273 AVAST engine scan C:\ProgramData 18:41:33.251 Scan finished successfully 18:54:03.020 Disk 0 MBR has been saved successfully to "C:\Users\I'm Lee\Desktop\MBR.dat" 18:54:03.020 The log file has been saved successfully to "C:\Users\I'm Lee\Desktop\aswMBR.txt"

How do I know when this aswMBR is done running? It's said "scanning: C:\ProgramData\Dell\DellDock\uninstaller.exe" for over an hour now.

15:47:48.0961 3936 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 15:47:49.0476 3936 ============================================================ 15:47:49.0476 3936 Current date / time: 2012/12/02 15:47:49.0476 15:47:49.0476 3936 SystemInfo: 15:47:49.0476 3936 15:47:49.0476 3936 OS Version: 6.1.7601 ServicePack: 1.0 15:47:49.0476 3936 Product type: Workstation 15:47:49.0476 3936 ComputerName: SASSAFRASQUATCH 15:47:49.0476 3936 UserName: I'm Lee 15:47:49.0476 3936 Windows directory: C:\Windows 15:47:49.0476 3936 System windows directory: C:\Windows 15:47:49.0476 3936 Running under WOW64 15:47:49.0476 3936 Processor architecture: Intel x64 15:47:49.0476 3936 Number of processors: 8 15:47:49.0476 3936 Page size: 0x1000 15:47:49.0476 3936 Boot type: Normal boot 15:47:49.0476 3936 ============================================================ 15:47:50.0927 3936 BG loaded 15:47:52.0425 3936 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 15:47:52.0445 3936 ============================================================ 15:47:52.0445 3936 \Device\Harddisk0\DR0: 15:47:52.0445 3936 MBR partitions: 15:47:52.0445 3936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x123F000 15:47:52.0445 3936 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1253000, BlocksNum 0x49604800 15:47:52.0445 3936 ============================================================ 15:47:52.0585 3936 C: <-> \Device\Harddisk0\DR0\Partition2 15:47:52.0585 3936 ============================================================ 15:47:52.0585 3936 Initialize success 15:47:52.0585 3936 ============================================================ 15:48:13.0908 2684 Deinitialize success

ComboFix 12-12-02.01 - I'm Lee 12/02/2012 14:30:36.2.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6463 [GMT -6:00] Running from: c:\users\I'm Lee\Downloads\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Microsoft\Windows\DRM\144F.tmp c:\programdata\Microsoft\Windows\DRM\146F.tmp c:\users\I'm Lee\AppData\Roaming\Doogi c:\users\I'm Lee\AppData\Roaming\Doogi\ingi.ahy c:\users\I'm Lee\AppData\Roaming\PhotoBucketeer.exe c:\users\I'm Lee\AppData\Roaming\Ytpaq c:\users\I'm Lee\AppData\Roaming\Ytpaq\abfiy.exe c:\windows\svchost.exe . . ((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 ))))))))))))))))))))))))))))))) . . 2012-12-02 20:42 . 2012-12-02 20:42 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-12-02 20:42 . 2012-12-02 20:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-02 14:33 . 2012-12-02 14:34 856731 ----a-w- c:\users\I'm Lee\AppData\Roaming\Microsoft\Windows\Network Shortcuts\SecurityCheck.exe 2012-12-01 20:12 . 2012-12-01 20:12 388096 ----a-r- c:\users\I'm Lee\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-12-01 20:12 . 2012-12-01 20:12 -------- d-----w- c:\program files (x86)\Trend Micro 2012-12-01 20:10 . 2012-12-01 20:10 1402880 ----a-w- c:\users\I'm Lee\AppData\Roaming\Microsoft\Windows\Network Shortcuts\HiJackThis.msi 2012-11-29 20:09 . 2012-12-01 22:01 -------- d-----w- c:\users\I'm Lee\AppData\Roaming\Sogo 2012-11-29 20:08 . 2012-11-29 20:08 -------- d-----w- c:\windows\Sun 2012-11-15 20:17 . 2012-11-15 20:17 -------- d-----w- c:\users\I'm Lee\AppData\Local\Google 2012-11-15 18:27 . 2008-07-20 21:46 -------- d-----w- c:\program files\FlashOffliner v1.0 2012-11-15 18:25 . 2012-11-15 18:47 -------- d-----w- c:\program files (x86)\FlashOffliner 2012-11-15 17:17 . 2012-11-15 17:17 -------- d-----w- c:\users\I'm Lee\AppData\Roaming\FlashGet 2012-11-15 17:08 . 2012-11-15 19:44 -------- d-----w- c:\program files (x86)\FlashGet 2012-11-15 09:07 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-15 09:07 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-15 09:07 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-15 09:07 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-15 09:00 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-15 09:00 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-15 09:00 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-15 09:00 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-15 09:00 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-15 09:00 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-15 09:00 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-04 13:42 . 2012-11-04 13:42 -------- d-----w- c:\users\I'm Lee\AppData\Roaming\PDAppFlex . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-15 18:58 . 2012-06-17 13:52 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-15 18:58 . 2012-06-17 13:52 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-15 09:01 . 2010-01-24 15:36 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-16 08:38 . 2012-11-28 02:08 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 02:08 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 02:08 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-09-30 00:54 . 2012-06-17 14:10 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-14 19:19 . 2012-10-10 04:33 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 04:33 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184] "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136] "Akamai NetSession Interface"="c:\users\I'm Lee\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] . c:\users\I'm Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ P2 Card Manager.lnk - c:\program files\Panasonic P2\Drivers\App\P2TaskTray.exe [2007-3-8 14336] STK03N PNP Monitor.lnk - c:\windows\STK03N\STK03NM.exe [2011-9-9 163840] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\DRIVERS\ubsbm.sys [2010-02-26 24064] R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\DRIVERS\ubumapi.sys [2010-02-26 92160] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-06-22 106112] R3 p2usb;Panasonic P2 Series USB Device;c:\windows\system32\DRIVERS\p2usb.sys [2011-05-23 30208] R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\DRIVERS\ubohci.sys [2010-02-26 132608] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-04-16 14464] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-06-22 335784] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-06-22 218320] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-06-22 177144] S2 p2csvc;p2csvc;c:\windows\system32\p2csvc.exe [2008-07-25 67072] S2 p2csvc32;p2csvc32;c:\windows\SysWOW64\p2csvc32.exe [2008-07-25 61440] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-09-17 656624] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-06-22 69672] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-06-22 513456] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2012-12-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-17 18:58] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html TCP: DhcpNameServer = 97.64.168.12 97.64.183.165 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll FF - ProfilePath - c:\users\I'm Lee\AppData\Roaming\Mozilla\Firefox\Profiles\vv00rrof.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.photobucket.com . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-AdobeBridge - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90, 43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,38,12,74,86,a7, 23,35,7c,cc,00,c6,51,fd,ca,fb,3f,27,bf "{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac, 6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f, aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84, f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:00,21,c9,f8,c8,ce,cd,01 . [HKEY_USERS\S-1-5-21-565956605-2893480571-1785055309-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-565956605-2893480571-1785055309-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2607047~31bf3856ad364e35~amd64~~6.1.1.1] @DACL=(02 0000) "ApplicabilityState"=dword:00000000 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2618444~31bf3856ad364e35~amd64~~9.4.1.0] @DACL=(02 0000) "ApplicabilityState"=dword:00000070 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2618451~31bf3856ad364e35~amd64~~6.1.1.0] @DACL=(02 0000) "ApplicabilityState"=dword:00000070 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2619339~31bf3856ad364e35~amd64~~6.1.1.0] @DACL=(02 0000) "ApplicabilityState"=dword:00000070 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2620712~31bf3856ad364e35~amd64~~6.1.1.0] @DACL=(02 0000) "ApplicabilityState"=dword:00000070 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2621146~31bf3856ad364e35~amd64~~6.1.1.0] @DACL=(02 0000) "ApplicabilityState"=dword:00000000 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2633952~31bf3856ad364e35~amd64~~6.1.1.0] @DACL=(02 0000) "ApplicabilityState"=dword:00000070 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2639417~31bf3856ad364e35~amd64~~6.1.1.3] @DACL=(02 0000) "ApplicabilityState"=dword:00000070 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\0a\01\0a\15\1b8N" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\\.\globalroot\systemroot\svchost.exe . ************************************************************************** . Completion time: 2012-12-02 14:51:43 - machine was rebooted ComboFix-quarantined-files.txt 2012-12-02 20:51 ComboFix2.txt 2012-07-01 22:47 . Pre-Run: 185,807,908,864 bytes free Post-Run: 248,776,511,488 bytes free . - - End Of File - - C029463410CB5E88A5F83917635954B5 Do not know if computer is any better yet.

RogueKiller V8.3.1 [Dec 2 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : I'm Lee [Admin rights] Mode : Remove -- Date : 12/02/2012 08:53:20 ¤¤¤ Bad processes : 1 ¤¤¤ [sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 4 ¤¤¤ [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD642JJ +++++ --- User --- [MBR] bc17261b85527aa1356e67a794d2bfcb [bSP] 03e305809de40ceaf54bfec6cdaeba67 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 9342 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 19214336 | Size: 601097 Mo User != LL1 ... KO! --- LL1 --- [MBR] 292c49fbc0afcd788ede36921fb88b9a [bSP] 03e305809de40ceaf54bfec6cdaeba67 : Windows Vista MBR Code Partition table: 1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 9342 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 19214336 | Size: 601097 Mo User != LL2 ... KO! --- LL2 --- [MBR] 292c49fbc0afcd788ede36921fb88b9a [bSP] 03e305809de40ceaf54bfec6cdaeba67 : Windows Vista MBR Code Partition table: 1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 9342 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 19214336 | Size: 601097 Mo Finished : << RKreport[2]_D_12022012_02d0853.txt >> RKreport[1]_S_12022012_02d0853.txt ; RKreport[2]_D_12022012_02d0853.txt

# AdwCleaner v2.010 - Logfile created 12/02/2012 at 08:45:17 # Updated 29/11/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : I'm Lee - SASSAFRASQUATCH # Boot Mode : Normal # Running from : C:\Users\I'm Lee\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v16.0.2 (en-US) Profile name : default File : C:\Users\I'm Lee\AppData\Roaming\Mozilla\Firefox\Profiles\vv00rrof.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [1998 octets] - [01/12/2012 17:41:11] AdwCleaner[R2].txt - [2058 octets] - [01/12/2012 17:41:53] AdwCleaner[R3].txt - [995 octets] - [01/12/2012 18:57:17] AdwCleaner[R4].txt - [1134 octets] - [02/12/2012 08:43:44] AdwCleaner[R5].txt - [1194 octets] - [02/12/2012 08:44:48] AdwCleaner[s1].txt - [2096 octets] - [01/12/2012 17:42:26] AdwCleaner[s2].txt - [1054 octets] - [01/12/2012 18:57:36] AdwCleaner[s3].txt - [1126 octets] - [02/12/2012 08:45:17] ########## EOF - C:\AdwCleaner[s3].txt - [1186 octets] ##########

Here is the security check: Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Java 6 Update 30 Java version out of Date! Adobe Flash Player 11.5.502.110 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox 16.0.2 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````

So, this started with mcafee popping up and telling me that my fireall and real-time scanning has been turned off. It won't stay on. When I tried to log on to my amazon account, I got this message tellni me I needed to insert my credit card info and social security info and whatnot so that Amazon could could verify me as a customer. I entered lots of fake stuff logged off and changed my password on another computer. I ran malware bytes and it found 2 infections. I told it to fix em' and restart the computer. It restarted, I ran it again and they're still there. I tried to do a quick scan in safe mode but the scan never completes. My computer's screen goes dark like it's hibernating or screen saving and doesn't come back from the darkness. I tried to come to this forum but it kept redirecting me to google every time. I've run malwarebytes and a couple other programs a few times now. The phishing scam seems gone and I can access this forum now. However, my firewall and real-time scanning keeps turning off and the two infections are found every time I run malwarebytes. I ran hijack this and have attached the log file. What now? hijackthis.log

Deleted the drives but Windows never tried to refind them when I rebooted. Everything behaved as normal, as if I had no dvd drives.

It's not seeing any drives. Just like me.

When I go to device manager they both have this neat little yellow sign with an exclamation on them. I have the option to disable them, making it appear my PC thinks they're enabled. I have disabled, re-enabled, updated driver, and removed and scanned for new hardware all to no avail. I did system restore after updating Itunes and it brought them back. Itunes no longer recognized my library anymore since it was made by a newer version of Itunes then, so I redownloaded Itunes and then relost my drives. Then I gave up.

It's not finding anything and I still don't have dvd-roms. Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.09.14 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 I'm Lee :: SASSAFRASQUATCH [administrator] Protection: Enabled 7/9/2012 9:13:06 PM mbam-log-2012-07-09 (21-13-06).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 919939 Time elapsed: 3 hour(s), 59 minute(s), 54 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

Sorry. Been busy. Still don't have dvd-roms. aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-06 11:41:08 ----------------------------- 11:41:08.683 OS Version: Windows x64 6.1.7601 Service Pack 1 11:41:08.684 Number of processors: 8 586 0x1A05 11:41:08.685 ComputerName: SASSAFRASQUATCH UserName: I'm Lee 11:41:10.094 Initialize success 11:45:53.240 AVAST engine defs: 12070600 11:48:32.730 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 11:48:32.733 Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 3 11:48:32.735 Disk 1 \Device\Harddisk1\DR1 -> \Device\Sbp2\WD&My Book&0&0090a9d7_b813944d_Instance00 11:48:32.737 Disk 1 Vendor: WD______ 1025 Size: 476940MB BusType: 4 11:48:32.752 Disk 0 MBR read successfully 11:48:32.755 Disk 0 MBR scan 11:48:32.759 Disk 0 Windows VISTA default MBR code 11:48:32.761 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63 11:48:32.770 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 9342 MB offset 81920 11:48:32.789 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 601097 MB offset 19214336 11:48:32.814 Disk 0 scanning C:\Windows\system32\drivers 11:48:44.342 Service scanning 11:49:02.469 Modules scanning 11:49:02.808 Disk 0 trace - called modules: 11:49:02.831 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 11:49:02.837 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ea3060] 11:49:02.841 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8007b61050] 11:49:04.192 AVAST engine scan C:\Windows 11:49:09.898 AVAST engine scan C:\Windows\system32 11:52:15.517 AVAST engine scan C:\Windows\system32\drivers 11:52:26.217 AVAST engine scan C:\Users\I'm Lee 11:58:58.585 Disk 0 MBR has been saved successfully to "C:\Users\I'm Lee\Desktop\MBR.dat" 11:58:58.595 The log file has been saved successfully to "C:\Users\I'm Lee\Desktop\aswMBR.txt"

I can see them when I go to the folder manually but when I try to upload them to virustotal, they aren't there. (they are not hidden) No .sys files are.

Kept clicking through that message until I finally got this: ComboFix 12-07-01.03 - I'm Lee 07/01/2012 15:19:06.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6143 [GMT -5:00] Running from: c:\users\I'm Lee\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point * Resident AV is active . . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\programdata\313055a4m715j113g838v8avg1e3 c:\users\I'm Lee\AppData\Local\jmd.exe c:\users\I'm Lee\AppData\Local\txg.exe c:\users\I'm Lee\AppData\Roaming\Mozilla\Firefox\Profiles\vv00rrof.default\searchplugins\bing-zugo.xml G:\Autorun.inf G:\Setup.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-01 to 2012-07-01 ))))))))))))))))))))))))))))))) . . 2012-07-01 22:29 . 2012-07-01 22:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-29 01:14 . 2012-06-29 01:24 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-25 22:49 . 2012-06-25 22:49 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll 2012-06-25 22:49 . 2012-06-25 22:49 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll 2012-06-23 00:04 . 2012-05-25 22:09 29312 ----a-w- c:\program files (x86)\Mozilla Firefox\ScriptFF.dll 2012-06-21 19:37 . 2012-06-21 19:37 -------- d-----w- C:\found.000 2012-06-21 11:50 . 2012-06-21 11:50 -------- d-----w- c:\program files\CCleaner 2012-06-21 11:47 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 11:47 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 11:47 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 11:47 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 11:47 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 11:47 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 11:47 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 11:47 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 11:47 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-17 14:10 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-17 14:10 . 2012-06-17 14:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-17 13:52 . 2012-06-25 01:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-17 13:52 . 2012-06-25 01:03 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-16 16:32 . 2012-06-16 16:32 -------- d-----w- c:\programdata\Caphyon 2012-06-16 16:32 . 2012-06-16 16:32 -------- d-----w- c:\program files (x86)\PatchBeam 2012-06-16 16:32 . 2012-06-16 16:32 -------- d-----w- c:\program files (x86)\PowerArchiver 2012-06-15 22:18 . 2012-06-15 22:53 -------- d-----w- C:\AdobeTemp 2012-06-14 01:15 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-11 23:16 . 2012-06-11 23:16 -------- d-----w- c:\windows\en 2012-06-11 23:14 . 2012-06-11 23:14 -------- d-----w- c:\program files\Windows Live 2012-06-11 23:14 . 2012-06-11 23:14 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-06-11 23:11 . 2012-06-11 23:11 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\92a1b4ad1cd482704\DSETUP.dll 2012-06-11 23:11 . 2012-06-11 23:11 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\92a1b4ad1cd482704\DXSETUP.exe 2012-06-11 23:11 . 2012-06-11 23:11 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\92a1b4ad1cd482704\dsetup32.dll 2012-06-11 23:04 . 2009-05-18 18:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-06-11 23:04 . 2008-04-17 17:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll 2012-06-11 23:04 . 2008-04-17 17:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll 2012-06-11 23:03 . 2012-06-11 23:03 -------- d-----w- c:\program files\iPod 2012-06-11 23:03 . 2012-06-11 23:04 -------- d-----w- c:\program files\iTunes 2012-06-10 14:21 . 2012-06-10 14:21 -------- d-----w- c:\users\I'm Lee\AppData\Local\Macromedia 2012-06-10 13:51 . 2012-06-10 13:51 -------- d-----w- c:\users\I'm Lee\AppData\Local\ElevatedDiagnostics 2012-06-06 18:56 . 2012-06-06 19:29 -------- d-----w- c:\users\I'm Lee\Photocensoredet 2012-06-06 18:24 . 2012-06-10 20:43 -------- d-----w- c:\program files (x86)\Photocensoredet . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184] "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136] "Akamai NetSession Interface"="c:\users\I'm Lee\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\users\I'm Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ P2 Card Manager.lnk - c:\program files\Panasonic P2\Drivers\App\P2TaskTray.exe [2007-3-8 14336] STK03N PNP Monitor.lnk - c:\windows\STK03N\STK03NM.exe [2011-9-9 163840] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\DRIVERS\ubsbm.sys [2010-02-26 24064] R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\DRIVERS\ubumapi.sys [2010-02-26 92160] R3 65897487;65897487;c:\windows\system32\drivers\16495956.sys [2011-12-02 111408] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 250056] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-25 113120] R3 p2usb;Panasonic P2 Series USB Device;c:\windows\system32\DRIVERS\p2usb.sys [2011-05-23 30208] R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\DRIVERS\ubohci.sys [2010-02-26 132608] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1255736] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192] S2 p2csvc;p2csvc;c:\windows\system32\p2csvc.exe [2008-07-25 67072] S2 p2csvc32;p2csvc32;c:\windows\SysWOW64\p2csvc32.exe [2008-07-25 61440] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-09-17 656624] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-04-16 14464] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - SBP2PORT *NewlyCreated* - WS2IFSL *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2012-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-17 01:03] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> TCP: DhcpNameServer = 97.64.168.12 97.64.183.165 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll FF - ProfilePath - c:\users\I'm Lee\AppData\Roaming\Mozilla\Firefox\Profiles\vv00rrof.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15623 FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.photobucket.com FF - prefs.js: keyword.URL - hxxp://utils.babylon.com/abt/index.php?url= . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-565956605-2893480571-1785055309-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-565956605-2893480571-1785055309-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2607047~31bf3856ad364e35~amd64~~6.1.1.1] @DACL=(02 0000) "ApplicabilityState"=dword:00000000 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2618444~31bf3856ad364e35~amd64~~9.4.1.0] @DACL=(02 0000) "ApplicabilityState"=dword:00000070 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2618451~31bf3856ad364e35~amd64~~6.1.1.0] @DACL=(02 0000) "ApplicabilityState"=dword:00000070 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2619339~31bf3856ad364e35~amd64~~6.1.1.0] @DACL=(02 0000) "ApplicabilityState"=dword:00000070 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2620712~31bf3856ad364e35~amd64~~6.1.1.0] @DACL=(02 0000) "ApplicabilityState"=dword:00000070 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2621146~31bf3856ad364e35~amd64~~6.1.1.0] @DACL=(02 0000) "ApplicabilityState"=dword:00000000 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2633952~31bf3856ad364e35~amd64~~6.1.1.0] @DACL=(02 0000) "ApplicabilityState"=dword:00000070 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2639417~31bf3856ad364e35~amd64~~6.1.1.3] @DACL=(02 0000) "ApplicabilityState"=dword:00000070 "CurrentState"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\0a\01\0a\15\1b8N" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe . ************************************************************************** . Completion time: 2012-07-01 17:47:36 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-01 22:47 . Pre-Run: 330,321,436,672 bytes free Post-Run: 329,828,888,576 bytes free . - - End Of File - - 67B3D0140D098F9626190492F439A070

I keep getting a "Windows cannot find 'NIRKMD'. Make sure you typed the name correctly, and then try again." message wgen I run ComboFix and then nothing happens after that.

There was not an option to "cure" those, only "delete" or "copy to quarantine". Also, about the same time I noticed this virus, I also updated Itunes and my dvd-roms disappeared. Would this be caused by this virus or the Itunes update? I tried reloading the drivers and it told me the drivers were up to date.

20:23:42.0753 4512 Wecsvc - ok 20:23:42.0784 4512 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 20:23:42.0831 4512 wercplsupport - ok 20:23:42.0862 4512 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 20:23:42.0893 4512 WerSvc - ok 20:23:42.0940 4512 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 20:23:42.0987 4512 WfpLwf - ok 20:23:43.0033 4512 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys 20:23:43.0049 4512 WimFltr - ok 20:23:43.0065 4512 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 20:23:43.0080 4512 WIMMount - ok 20:23:43.0080 4512 WinHttpAutoProxySvc - ok 20:23:43.0143 4512 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 20:23:43.0221 4512 Winmgmt - ok 20:23:43.0377 4512 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 20:23:43.0455 4512 WinRM - ok 20:23:43.0626 4512 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 20:23:43.0673 4512 Wlansvc - ok 20:23:43.0923 4512 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 20:23:43.0954 4512 wlidsvc - ok 20:23:44.0094 4512 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 20:23:44.0125 4512 WmiAcpi - ok 20:23:44.0188 4512 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 20:23:44.0235 4512 wmiApSrv - ok 20:23:44.0281 4512 WMPNetworkSvc - ok 20:23:44.0328 4512 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 20:23:44.0344 4512 WPCSvc - ok 20:23:44.0391 4512 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 20:23:44.0422 4512 WPDBusEnum - ok 20:23:44.0453 4512 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 20:23:44.0484 4512 ws2ifsl - ok 20:23:44.0484 4512 WSearch - ok 20:23:44.0687 4512 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 20:23:44.0734 4512 wuauserv - ok 20:23:44.0874 4512 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 20:23:44.0937 4512 WudfPf - ok 20:23:44.0983 4512 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 20:23:45.0046 4512 WUDFRd - ok 20:23:45.0093 4512 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 20:23:45.0108 4512 wudfsvc - ok 20:23:45.0155 4512 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 20:23:45.0186 4512 WwanSvc - ok 20:23:45.0217 4512 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0 20:23:45.0529 4512 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 20:23:45.0529 4512 \Device\Harddisk0\DR0 - detected TDSS File System (1) 20:23:45.0529 4512 Boot (0x1200) (cd38b1383ea78deb6866c65cbde2f1b9) \Device\Harddisk0\DR0\Partition0 20:23:45.0529 4512 \Device\Harddisk0\DR0\Partition0 - ok 20:23:45.0561 4512 Boot (0x1200) (0f3f6a544d31d87c2419ebbb2422dfd1) \Device\Harddisk0\DR0\Partition1 20:23:45.0561 4512 \Device\Harddisk0\DR0\Partition1 - ok 20:23:45.0561 4512 ============================================================ 20:23:45.0561 4512 Scan finished 20:23:45.0561 4512 ============================================================ 20:23:45.0576 4504 Detected object count: 7 20:23:45.0576 4504 Actual detected object count: 7 20:24:04.0515 4504 Akamai ( HiddenFile.Multi.Generic ) - skipped by user 20:24:04.0515 4504 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 20:24:04.0515 4504 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user 20:24:04.0515 4504 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:24:04.0515 4504 OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user 20:24:04.0515 4504 OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:24:04.0515 4504 ubohci ( ForgedFile.Multi.Generic ) - skipped by user 20:24:04.0515 4504 ubohci ( ForgedFile.Multi.Generic ) - User select action: Skip 20:24:04.0515 4504 ubsbm ( ForgedFile.Multi.Generic ) - skipped by user 20:24:04.0515 4504 ubsbm ( ForgedFile.Multi.Generic ) - User select action: Skip 20:24:04.0515 4504 ubumapi ( ForgedFile.Multi.Generic ) - skipped by user 20:24:04.0515 4504 ubumapi ( ForgedFile.Multi.Generic ) - User select action: Skip 20:24:04.0577 4504 \Device\Harddisk0\DR0\TDLFS - deleted 20:24:04.0577 4504 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete 20:24:19.0974 0860 ============================================================ 20:24:19.0974 0860 Scan started 20:24:19.0974 0860 Mode: Manual; SigCheck; TDLFS; 20:24:19.0974 0860 ============================================================ 20:24:20.0333 0860 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 20:24:20.0364 0860 1394ohci - ok 20:24:20.0395 0860 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys 20:24:20.0411 0860 61883 - ok 20:24:20.0442 0860 65897487 (a76e27c387a1309564349992ea5462c0) C:\Windows\system32\drivers\16495956.sys 20:24:20.0473 0860 65897487 - ok 20:24:20.0520 0860 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 20:24:20.0551 0860 ACPI - ok 20:24:20.0583 0860 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 20:24:20.0598 0860 AcpiPmi - ok 20:24:20.0629 0860 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys 20:24:20.0645 0860 adfs - ok 20:24:20.0785 0860 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 20:24:20.0817 0860 AdobeFlashPlayerUpdateSvc - ok 20:24:20.0863 0860 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 20:24:20.0895 0860 adp94xx - ok 20:24:20.0941 0860 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 20:24:20.0957 0860 adpahci - ok 20:24:20.0988 0860 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 20:24:21.0004 0860 adpu320 - ok 20:24:21.0035 0860 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 20:24:21.0066 0860 AeLookupSvc - ok 20:24:21.0129 0860 AERTFilters (3ac22a3dfa8a050e35f0e3cd99d0cdf2) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe 20:24:21.0144 0860 AERTFilters - ok 20:24:21.0222 0860 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 20:24:21.0238 0860 AFD - ok 20:24:21.0285 0860 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 20:24:21.0300 0860 agp440 - ok 20:24:21.0612 0860 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll 20:24:21.0612 0860 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af 20:24:21.0612 0860 Akamai ( HiddenFile.Multi.Generic ) - warning 20:24:21.0612 0860 Akamai - detected HiddenFile.Multi.Generic (1) 20:24:21.0737 0860 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 20:24:21.0753 0860 ALG - ok 20:24:21.0799 0860 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 20:24:21.0815 0860 aliide - ok 20:24:21.0831 0860 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 20:24:21.0846 0860 amdide - ok 20:24:21.0877 0860 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 20:24:21.0877 0860 AmdK8 - ok 20:24:21.0909 0860 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 20:24:21.0909 0860 AmdPPM - ok 20:24:21.0955 0860 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 20:24:21.0971 0860 amdsata - ok 20:24:22.0002 0860 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 20:24:22.0033 0860 amdsbs - ok 20:24:22.0065 0860 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 20:24:22.0080 0860 amdxata - ok 20:24:22.0111 0860 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 20:24:22.0158 0860 AppID - ok 20:24:22.0189 0860 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 20:24:22.0221 0860 AppIDSvc - ok 20:24:22.0267 0860 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 20:24:22.0283 0860 Appinfo - ok 20:24:22.0392 0860 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 20:24:22.0408 0860 Apple Mobile Device - ok 20:24:22.0439 0860 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 20:24:22.0455 0860 arc - ok 20:24:22.0486 0860 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 20:24:22.0501 0860 arcsas - ok 20:24:22.0517 0860 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 20:24:22.0548 0860 AsyncMac - ok 20:24:22.0579 0860 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 20:24:22.0579 0860 atapi - ok 20:24:22.0720 0860 athr (195786ed7a26e1913a4f9799fdbc2c71) C:\Windows\system32\DRIVERS\athrx.sys 20:24:22.0751 0860 athr - ok 20:24:22.0907 0860 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 20:24:22.0938 0860 AudioEndpointBuilder - ok 20:24:22.0954 0860 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 20:24:22.0985 0860 AudioSrv - ok 20:24:23.0032 0860 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys 20:24:23.0063 0860 Avc - ok 20:24:23.0094 0860 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 20:24:23.0110 0860 AxInstSV - ok 20:24:23.0172 0860 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 20:24:23.0203 0860 b06bdrv - ok 20:24:23.0250 0860 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 20:24:23.0281 0860 b57nd60a - ok 20:24:23.0313 0860 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 20:24:23.0328 0860 BDESVC - ok 20:24:23.0359 0860 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 20:24:23.0391 0860 Beep - ok 20:24:23.0469 0860 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 20:24:23.0515 0860 BITS - ok 20:24:23.0531 0860 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 20:24:23.0547 0860 blbdrive - ok 20:24:23.0625 0860 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 20:24:23.0640 0860 Bonjour Service - ok 20:24:23.0671 0860 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 20:24:23.0703 0860 bowser - ok 20:24:23.0703 0860 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 20:24:23.0718 0860 BrFiltLo - ok 20:24:23.0734 0860 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 20:24:23.0749 0860 BrFiltUp - ok 20:24:23.0765 0860 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 20:24:23.0796 0860 Browser - ok 20:24:23.0827 0860 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 20:24:23.0843 0860 Brserid - ok 20:24:23.0859 0860 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 20:24:23.0874 0860 BrSerWdm - ok 20:24:23.0890 0860 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 20:24:23.0905 0860 BrUsbMdm - ok 20:24:23.0921 0860 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 20:24:23.0952 0860 BrUsbSer - ok 20:24:23.0968 0860 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 20:24:23.0983 0860 BTHMODEM - ok 20:24:24.0015 0860 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 20:24:24.0046 0860 bthserv - ok 20:24:24.0077 0860 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 20:24:24.0108 0860 cdfs - ok 20:24:24.0155 0860 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 20:24:24.0171 0860 cdrom - ok 20:24:24.0202 0860 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 20:24:24.0233 0860 CertPropSvc - ok 20:24:24.0264 0860 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys 20:24:24.0280 0860 cfwids - ok 20:24:24.0295 0860 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 20:24:24.0311 0860 circlass - ok 20:24:24.0342 0860 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 20:24:24.0373 0860 CLFS - ok 20:24:24.0436 0860 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:24:24.0451 0860 clr_optimization_v2.0.50727_32 - ok 20:24:24.0498 0860 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 20:24:24.0514 0860 clr_optimization_v2.0.50727_64 - ok 20:24:24.0592 0860 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:24:24.0607 0860 clr_optimization_v4.0.30319_32 - ok 20:24:24.0639 0860 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 20:24:24.0654 0860 clr_optimization_v4.0.30319_64 - ok 20:24:24.0670 0860 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 20:24:24.0685 0860 CmBatt - ok 20:24:24.0717 0860 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 20:24:24.0732 0860 cmdide - ok 20:24:24.0795 0860 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 20:24:24.0810 0860 CNG - ok 20:24:24.0826 0860 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 20:24:24.0841 0860 Compbatt - ok 20:24:24.0873 0860 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 20:24:24.0888 0860 CompositeBus - ok 20:24:24.0888 0860 COMSysApp - ok 20:24:24.0904 0860 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 20:24:24.0919 0860 crcdisk - ok 20:24:24.0966 0860 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 20:24:24.0982 0860 CryptSvc - ok 20:24:25.0044 0860 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 20:24:25.0107 0860 DcomLaunch - ok 20:24:25.0153 0860 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 20:24:25.0200 0860 defragsvc - ok 20:24:25.0231 0860 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 20:24:25.0278 0860 DfsC - ok 20:24:25.0309 0860 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 20:24:25.0356 0860 Dhcp - ok 20:24:25.0372 0860 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 20:24:25.0403 0860 discache - ok 20:24:25.0403 0860 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 20:24:25.0419 0860 Disk - ok 20:24:25.0465 0860 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 20:24:25.0481 0860 Dnscache - ok 20:24:25.0559 0860 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe 20:24:25.0559 0860 DockLoginService ( UnsignedFile.Multi.Generic ) - warning 20:24:25.0559 0860 DockLoginService - detected UnsignedFile.Multi.Generic (1) 20:24:25.0606 0860 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 20:24:25.0637 0860 dot3svc - ok 20:24:25.0684 0860 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 20:24:25.0731 0860 DPS - ok 20:24:25.0746 0860 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 20:24:25.0762 0860 drmkaud - ok 20:24:25.0855 0860 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 20:24:25.0887 0860 DXGKrnl - ok 20:24:25.0918 0860 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 20:24:25.0949 0860 EapHost - ok 20:24:26.0308 0860 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 20:24:26.0355 0860 ebdrv - ok 20:24:26.0464 0860 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 20:24:26.0479 0860 EFS - ok 20:24:26.0589 0860 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 20:24:26.0604 0860 ehRecvr - ok 20:24:26.0635 0860 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 20:24:26.0651 0860 ehSched - ok 20:24:26.0745 0860 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 20:24:26.0776 0860 elxstor - ok 20:24:26.0807 0860 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 20:24:26.0823 0860 ErrDev - ok 20:24:26.0885 0860 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 20:24:26.0932 0860 EventSystem - ok 20:24:26.0963 0860 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 20:24:26.0994 0860 exfat - ok 20:24:27.0025 0860 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 20:24:27.0057 0860 fastfat - ok 20:24:27.0150 0860 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 20:24:27.0166 0860 Fax - ok 20:24:27.0181 0860 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 20:24:27.0181 0860 fdc - ok 20:24:27.0197 0860 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 20:24:27.0228 0860 fdPHost - ok 20:24:27.0244 0860 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 20:24:27.0259 0860 FDResPub - ok 20:24:27.0275 0860 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 20:24:27.0291 0860 FileInfo - ok 20:24:27.0306 0860 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 20:24:27.0322 0860 Filetrace - ok 20:24:27.0337 0860 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 20:24:27.0337 0860 flpydisk - ok 20:24:27.0384 0860 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 20:24:27.0400 0860 FltMgr - ok 20:24:27.0509 0860 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 20:24:27.0540 0860 FontCache - ok 20:24:27.0618 0860 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 20:24:27.0634 0860 FontCache3.0.0.0 - ok 20:24:27.0681 0860 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 20:24:27.0696 0860 FsDepends - ok 20:24:27.0712 0860 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 20:24:27.0727 0860 Fs_Rec - ok 20:24:27.0759 0860 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 20:24:27.0790 0860 fvevol - ok 20:24:27.0805 0860 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 20:24:27.0821 0860 gagp30kx - ok 20:24:27.0883 0860 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe 20:24:27.0899 0860 GoToAssist - ok 20:24:27.0977 0860 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 20:24:28.0024 0860 gpsvc - ok 20:24:28.0024 0860 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 20:24:28.0039 0860 hcw85cir - ok 20:24:28.0086 0860 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 20:24:28.0086 0860 HDAudBus - ok 20:24:28.0102 0860 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 20:24:28.0117 0860 HidBatt - ok 20:24:28.0133 0860 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 20:24:28.0149 0860 HidBth - ok 20:24:28.0149 0860 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 20:24:28.0164 0860 HidIr - ok 20:24:28.0180 0860 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 20:24:28.0211 0860 hidserv - ok 20:24:28.0227 0860 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 20:24:28.0242 0860 HidUsb - ok 20:24:28.0273 0860 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 20:24:28.0289 0860 hkmsvc - ok 20:24:28.0336 0860 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 20:24:28.0351 0860 HomeGroupListener - ok 20:24:28.0398 0860 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 20:24:28.0414 0860 HomeGroupProvider - ok 20:24:28.0445 0860 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 20:24:28.0461 0860 HpSAMD - ok 20:24:28.0539 0860 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 20:24:28.0585 0860 HTTP - ok 20:24:28.0617 0860 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 20:24:28.0632 0860 hwpolicy - ok 20:24:28.0663 0860 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 20:24:28.0679 0860 i8042prt - ok 20:24:28.0773 0860 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe 20:24:28.0804 0860 IAANTMON - ok 20:24:28.0851 0860 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys 20:24:28.0882 0860 iaStor - ok 20:24:28.0929 0860 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 20:24:28.0944 0860 iaStorV - ok 20:24:29.0085 0860 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 20:24:29.0116 0860 idsvc - ok 20:24:29.0131 0860 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 20:24:29.0147 0860 iirsp - ok 20:24:29.0241 0860 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 20:24:29.0287 0860 IKEEXT - ok 20:24:29.0443 0860 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys 20:24:29.0475 0860 IntcAzAudAddService - ok 20:24:29.0615 0860 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 20:24:29.0631 0860 intelide - ok 20:24:29.0662 0860 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 20:24:29.0677 0860 intelppm - ok 20:24:29.0709 0860 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 20:24:29.0755 0860 IPBusEnum - ok 20:24:29.0787 0860 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:24:29.0818 0860 IpFilterDriver - ok 20:24:29.0865 0860 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 20:24:29.0865 0860 IPMIDRV - ok 20:24:29.0896 0860 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 20:24:29.0943 0860 IPNAT - ok 20:24:30.0052 0860 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe 20:24:30.0083 0860 iPod Service - ok 20:24:30.0099 0860 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 20:24:30.0114 0860 IRENUM - ok 20:24:30.0130 0860 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 20:24:30.0130 0860 isapnp - ok 20:24:30.0161 0860 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 20:24:30.0192 0860 iScsiPrt - ok 20:24:30.0223 0860 JRAID (71235f7baa7e5e79d38157df7a0f806a) C:\Windows\system32\DRIVERS\jraid.sys 20:24:30.0239 0860 JRAID - ok 20:24:30.0255 0860 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 20:24:30.0270 0860 kbdclass - ok 20:24:30.0270 0860 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 20:24:30.0286 0860 kbdhid - ok 20:24:30.0317 0860 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:24:30.0333 0860 KeyIso - ok 20:24:30.0379 0860 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 20:24:30.0395 0860 KSecDD - ok 20:24:30.0442 0860 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 20:24:30.0457 0860 KSecPkg - ok 20:24:30.0473 0860 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 20:24:30.0504 0860 ksthunk - ok 20:24:30.0551 0860 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 20:24:30.0598 0860 KtmRm - ok 20:24:30.0645 0860 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 20:24:30.0691 0860 LanmanServer - ok 20:24:30.0723 0860 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 20:24:30.0769 0860 LanmanWorkstation - ok 20:24:30.0785 0860 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 20:24:30.0801 0860 lltdio - ok 20:24:30.0863 0860 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 20:24:30.0894 0860 lltdsvc - ok 20:24:30.0910 0860 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 20:24:30.0941 0860 lmhosts - ok 20:24:30.0972 0860 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 20:24:30.0972 0860 LSI_FC - ok 20:24:30.0988 0860 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 20:24:31.0003 0860 LSI_SAS - ok 20:24:31.0019 0860 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 20:24:31.0019 0860 LSI_SAS2 - ok 20:24:31.0035 0860 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 20:24:31.0050 0860 LSI_SCSI - ok 20:24:31.0066 0860 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 20:24:31.0097 0860 luafv - ok 20:24:31.0128 0860 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 20:24:31.0144 0860 MBAMProtector - ok 20:24:31.0253 0860 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 20:24:31.0284 0860 MBAMService - ok 20:24:31.0393 0860 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 20:24:31.0425 0860 McMPFSvc - ok 20:24:31.0425 0860 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 20:24:31.0440 0860 mcmscsvc - ok 20:24:31.0440 0860 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 20:24:31.0456 0860 McNaiAnn - ok 20:24:31.0456 0860 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 20:24:31.0471 0860 McNASvc - ok 20:24:31.0565 0860 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\McAfee\VirusScan\mcods.exe 20:24:31.0581 0860 McODS - ok 20:24:31.0581 0860 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 20:24:31.0612 0860 McProxy - ok 20:24:31.0674 0860 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe 20:24:31.0705 0860 McShield - ok 20:24:31.0846 0860 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 20:24:31.0861 0860 Mcx2Svc - ok 20:24:31.0908 0860 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 20:24:31.0924 0860 megasas - ok 20:24:31.0955 0860 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 20:24:31.0955 0860 MegaSR - ok 20:24:32.0002 0860 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys 20:24:32.0017 0860 mfeapfk - ok 20:24:32.0049 0860 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys 20:24:32.0064 0860 mfeavfk - ok 20:24:32.0064 0860 mfeavfk01 - ok 20:24:32.0111 0860 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe 20:24:32.0142 0860 mfefire - ok 20:24:32.0189 0860 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys 20:24:32.0220 0860 mfefirek - ok 20:24:32.0283 0860 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys 20:24:32.0314 0860 mfehidk - ok 20:24:32.0329 0860 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys 20:24:32.0345 0860 mfenlfk - ok 20:24:32.0361 0860 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys 20:24:32.0376 0860 mferkdet - ok 20:24:32.0423 0860 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe 20:24:32.0439 0860 mfevtp - ok 20:24:32.0470 0860 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys 20:24:32.0485 0860 mfewfpk - ok 20:24:32.0517 0860 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 20:24:32.0548 0860 MMCSS - ok 20:24:32.0579 0860 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 20:24:32.0595 0860 Modem - ok 20:24:32.0626 0860 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 20:24:32.0626 0860 monitor - ok 20:24:32.0673 0860 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 20:24:32.0688 0860 mouclass - ok 20:24:32.0688 0860 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 20:24:32.0719 0860 mouhid - ok 20:24:32.0751 0860 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 20:24:32.0766 0860 mountmgr - ok 20:24:32.0844 0860 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 20:24:32.0860 0860 MozillaMaintenance - ok 20:24:32.0907 0860 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 20:24:32.0922 0860 mpio - ok 20:24:32.0938 0860 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 20:24:32.0969 0860 mpsdrv - ok 20:24:33.0016 0860 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 20:24:33.0031 0860 MRxDAV - ok 20:24:33.0063 0860 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 20:24:33.0078 0860 mrxsmb - ok 20:24:33.0125 0860 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:24:33.0156 0860 mrxsmb10 - ok 20:24:33.0172 0860 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:24:33.0187 0860 mrxsmb20 - ok 20:24:33.0219 0860 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 20:24:33.0234 0860 msahci - ok 20:24:33.0250 0860 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 20:24:33.0265 0860 msdsm - ok 20:24:33.0328 0860 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 20:24:33.0343 0860 MSDTC - ok 20:24:33.0375 0860 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys 20:24:33.0406 0860 MSDV - ok 20:24:33.0421 0860 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 20:24:33.0453 0860 Msfs - ok 20:24:33.0453 0860 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 20:24:33.0484 0860 mshidkmdf - ok 20:24:33.0531 0860 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 20:24:33.0546 0860 msisadrv - ok 20:24:33.0577 0860 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 20:24:33.0624 0860 MSiSCSI - ok 20:24:33.0624 0860 msiserver - ok 20:24:33.0765 0860 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 20:24:33.0780 0860 MSK80Service - ok 20:24:33.0796 0860 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 20:24:33.0827 0860 MSKSSRV - ok 20:24:33.0827 0860 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 20:24:33.0858 0860 MSPCLOCK - ok 20:24:33.0858 0860 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 20:24:33.0874 0860 MSPQM - ok 20:24:33.0936 0860 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 20:24:33.0967 0860 MsRPC - ok 20:24:33.0999 0860 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 20:24:34.0014 0860 mssmbios - ok 20:24:34.0014 0860 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 20:24:34.0061 0860 MSTEE - ok 20:24:34.0061 0860 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 20:24:34.0061 0860 MTConfig - ok 20:24:34.0092 0860 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 20:24:34.0092 0860 Mup - ok 20:24:34.0155 0860 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 20:24:34.0201 0860 napagent - ok 20:24:34.0248 0860 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 20:24:34.0264 0860 NativeWifiP - ok 20:24:34.0373 0860 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 20:24:34.0404 0860 NDIS - ok 20:24:34.0420 0860 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 20:24:34.0467 0860 NdisCap - ok 20:24:34.0467 0860 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 20:24:34.0498 0860 NdisTapi - ok 20:24:34.0545 0860 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 20:24:34.0591 0860 Ndisuio - ok 20:24:34.0638 0860 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 20:24:34.0669 0860 NdisWan - ok 20:24:34.0701 0860 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 20:24:34.0732 0860 NDProxy - ok 20:24:34.0747 0860 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 20:24:34.0763 0860 NetBIOS - ok 20:24:34.0825 0860 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 20:24:34.0857 0860 NetBT - ok 20:24:34.0888 0860 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:24:34.0903 0860 Netlogon - ok 20:24:34.0950 0860 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 20:24:34.0997 0860 Netman - ok 20:24:35.0028 0860 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 20:24:35.0091 0860 netprofm - ok 20:24:35.0169 0860 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:24:35.0169 0860 NetTcpPortSharing - ok 20:24:35.0200 0860 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 20:24:35.0215 0860 nfrd960 - ok 20:24:35.0262 0860 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 20:24:35.0309 0860 NlaSvc - ok 20:24:35.0325 0860 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 20:24:35.0356 0860 Npfs - ok 20:24:35.0371 0860 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 20:24:35.0403 0860 nsi - ok 20:24:35.0403 0860 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 20:24:35.0434 0860 nsiproxy - ok 20:24:35.0590 0860 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 20:24:35.0621 0860 Ntfs - ok 20:24:35.0746 0860 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 20:24:35.0777 0860 Null - ok 20:24:36.0573 0860 nvlddmkm (feffc8474be060ea7349a172b9810415) C:\Windows\system32\DRIVERS\nvlddmkm.sys 20:24:36.0697 0860 nvlddmkm - ok 20:24:36.0838 0860 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 20:24:36.0869 0860 nvraid - ok 20:24:36.0885 0860 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 20:24:36.0900 0860 nvstor - ok 20:24:36.0963 0860 nvsvc (18aa5ff4ee3fe45a64b98589c62b7fc0) C:\Windows\system32\nvvsvc.exe 20:24:36.0978 0860 nvsvc - ok 20:24:37.0009 0860 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 20:24:37.0041 0860 nv_agp - ok 20:24:37.0072 0860 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 20:24:37.0087 0860 ohci1394 - ok 20:24:37.0197 0860 OpenVPNService (d8a0164a79d4bfd6083945c5431e41e7) C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe 20:24:37.0197 0860 OpenVPNService ( UnsignedFile.Multi.Generic ) - warning 20:24:37.0197 0860 OpenVPNService - detected UnsignedFile.Multi.Generic (1) 20:24:37.0197 0860 p2csvc - ok 20:24:37.0259 0860 p2csvc32 - ok 20:24:37.0306 0860 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 20:24:37.0321 0860 p2pimsvc - ok 20:24:37.0368 0860 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 20:24:37.0399 0860 p2psvc - ok 20:24:37.0446 0860 p2usb (5035825b9217a087ea70497066385fe7) C:\Windows\system32\DRIVERS\p2usb.sys 20:24:37.0462 0860 p2usb - ok 20:24:37.0493 0860 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 20:24:37.0524 0860 Parport - ok 20:24:37.0555 0860 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 20:24:37.0571 0860 partmgr - ok 20:24:37.0602 0860 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 20:24:37.0618 0860 PcaSvc - ok 20:24:37.0665 0860 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 20:24:37.0680 0860 pci - ok 20:24:37.0711 0860 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 20:24:37.0727 0860 pciide - ok 20:24:37.0743 0860 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 20:24:37.0774 0860 pcmcia - ok 20:24:37.0789 0860 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 20:24:37.0789 0860 pcw - ok 20:24:37.0852 0860 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 20:24:37.0899 0860 PEAUTH - ok 20:24:37.0977 0860 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 20:24:37.0992 0860 PerfHost - ok 20:24:38.0133 0860 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 20:24:38.0179 0860 pla - ok 20:24:38.0242 0860 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 20:24:38.0257 0860 PlugPlay - ok 20:24:38.0289 0860 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 20:24:38.0304 0860 PNRPAutoReg - ok 20:24:38.0335 0860 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 20:24:38.0367 0860 PNRPsvc - ok 20:24:38.0429 0860 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 20:24:38.0460 0860 PolicyAgent - ok 20:24:38.0491 0860 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 20:24:38.0538 0860 Power - ok 20:24:38.0601 0860 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 20:24:38.0632 0860 PptpMiniport - ok 20:24:38.0663 0860 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 20:24:38.0679 0860 Processor - ok 20:24:38.0725 0860 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 20:24:38.0741 0860 ProfSvc - ok 20:24:38.0772 0860 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:24:38.0788 0860 ProtectedStorage - ok 20:24:38.0819 0860 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 20:24:38.0866 0860 Psched - ok 20:24:38.0881 0860 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys 20:24:38.0913 0860 PxHlpa64 - ok 20:24:39.0022 0860 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 20:24:39.0053 0860 ql2300 - ok 20:24:39.0178 0860 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 20:24:39.0193 0860 ql40xx - ok 20:24:39.0240 0860 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 20:24:39.0271 0860 QWAVE - ok 20:24:39.0271 0860 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 20:24:39.0287 0860 QWAVEdrv - ok 20:24:39.0287 0860 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 20:24:39.0318 0860 RasAcd - ok 20:24:39.0349 0860 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 20:24:39.0365 0860 RasAgileVpn - ok 20:24:39.0396 0860 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 20:24:39.0412 0860 RasAuto - ok 20:24:39.0459 0860 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 20:24:39.0490 0860 Rasl2tp - ok 20:24:39.0521 0860 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 20:24:39.0552 0860 RasMan - ok 20:24:39.0568 0860 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 20:24:39.0599 0860 RasPppoe - ok 20:24:39.0615 0860 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 20:24:39.0646 0860 RasSstp - ok 20:24:39.0693 0860 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 20:24:39.0739 0860 rdbss - ok 20:24:39.0739 0860 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 20:24:39.0755 0860 rdpbus - ok 20:24:39.0771 0860 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 20:24:39.0802 0860 RDPCDD - ok 20:24:39.0802 0860 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 20:24:39.0833 0860 RDPENCDD - ok 20:24:39.0849 0860 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 20:24:39.0864 0860 RDPREFMP - ok 20:24:39.0911 0860 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 20:24:39.0927 0860 RDPWD - ok 20:24:39.0958 0860 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 20:24:39.0989 0860 rdyboost - ok 20:24:40.0020 0860 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 20:24:40.0051 0860 RemoteAccess - ok 20:24:40.0083 0860 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 20:24:40.0129 0860 RemoteRegistry - ok 20:24:40.0317 0860 RoxMediaDB10 (05fc44d32a144925eae45570029fd6e1) c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe 20:24:40.0348 0860 RoxMediaDB10 - ok 20:24:40.0363 0860 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 20:24:40.0395 0860 RpcEptMapper - ok 20:24:40.0410 0860 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 20:24:40.0426 0860 RpcLocator - ok 20:24:40.0488 0860 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 20:24:40.0519 0860 RpcSs - ok 20:24:40.0566 0860 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 20:24:40.0613 0860 rspndr - ok 20:24:40.0644 0860 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys 20:24:40.0660 0860 RSUSBSTOR - ok 20:24:40.0707 0860 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys 20:24:40.0722 0860 RTL8167 - ok 20:24:40.0722 0860 RxFilter - ok 20:24:40.0769 0860 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:24:40.0785 0860 SamSs - ok 20:24:40.0816 0860 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 20:24:40.0831 0860 sbp2port - ok 20:24:40.0863 0860 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 20:24:40.0894 0860 SCardSvr - ok 20:24:40.0925 0860 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 20:24:40.0941 0860 scfilter - ok 20:24:41.0065 0860 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 20:24:41.0112 0860 Schedule - ok 20:24:41.0128 0860 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 20:24:41.0159 0860 SCPolicySvc - ok 20:24:41.0206 0860 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 20:24:41.0237 0860 SDRSVC - ok 20:24:41.0331 0860 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 20:24:41.0362 0860 SeaPort - ok 20:24:41.0393 0860 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 20:24:41.0424 0860 secdrv - ok 20:24:41.0487 0860 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 20:24:41.0533 0860 seclogon - ok 20:24:41.0596 0860 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 20:24:41.0643 0860 SENS - ok 20:24:41.0674 0860 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 20:24:41.0689 0860 SensrSvc - ok 20:24:41.0861 0860 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 20:24:41.0877 0860 Serenum - ok 20:24:41.0908 0860 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 20:24:41.0923 0860 Serial - ok 20:24:41.0986 0860 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 20:24:42.0001 0860 sermouse - ok 20:24:42.0157 0860 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 20:24:42.0204 0860 SessionEnv - ok 20:24:42.0235 0860 SessionLauncher - ok 20:24:42.0298 0860 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 20:24:42.0313 0860 sffdisk - ok 20:24:42.0329 0860 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 20:24:42.0345 0860 sffp_mmc - ok 20:24:42.0360 0860 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 20:24:42.0376 0860 sffp_sd - ok 20:24:42.0423 0860 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 20:24:42.0438 0860 sfloppy - ok 20:24:42.0532 0860 SftService (7f475425582163602ef1589c0071e521) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE 20:24:42.0532 0860 SftService - ok 20:24:42.0594 0860 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 20:24:42.0625 0860 SharedAccess - ok 20:24:42.0719 0860 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 20:24:42.0750 0860 ShellHWDetection - ok 20:24:42.0891 0860 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 20:24:42.0906 0860 SiSRaid2 - ok 20:24:43.0000 0860 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 20:24:43.0015 0860 SiSRaid4 - ok 20:24:43.0062 0860 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 20:24:43.0109 0860 Smb - ok 20:24:43.0140 0860 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 20:24:43.0156 0860 SNMPTRAP - ok 20:24:43.0203 0860 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 20:24:43.0218 0860 spldr - ok 20:24:43.0452 0860 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 20:24:43.0483 0860 Spooler - ok 20:24:44.0139 0860 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 20:24:44.0201 0860 sppsvc - ok 20:24:44.0388 0860 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 20:24:44.0419 0860 sppuinotify - ok 20:24:44.0529 0860 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 20:24:44.0560 0860 srv - ok 20:24:44.0685 0860 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 20:24:44.0700 0860 srv2 - ok 20:24:44.0763 0860 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 20:24:44.0778 0860 srvnet - ok 20:24:44.0903 0860 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 20:24:44.0950 0860 SSDPSRV - ok 20:24:44.0981 0860 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 20:24:45.0028 0860 SstpSvc - ok 20:24:45.0059 0860 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 20:24:45.0075 0860 stexstor - ok 20:24:45.0246 0860 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 20:24:45.0277 0860 stisvc - ok 20:24:45.0465 0860 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe 20:24:45.0480 0860 stllssvr - ok 20:24:45.0901 0860 Stuffit Archive Name Service (1db60cb3e53e2491d5d6c43c06676ca2) C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe 20:24:45.0933 0860 Stuffit Archive Name Service - ok 20:24:46.0057 0860 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 20:24:46.0073 0860 swenum - ok 20:24:46.0120 0860 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 20:24:46.0151 0860 swprv - ok 20:24:46.0307 0860 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 20:24:46.0338 0860 SysMain - ok 20:24:46.0463 0860 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 20:24:46.0479 0860 TabletInputService - ok 20:24:46.0635 0860 tap0901 (3b73c849b41fb20d77b0e553214061a5) C:\Windows\system32\DRIVERS\tap0901.sys 20:24:46.0650 0860 tap0901 - ok 20:24:46.0728 0860 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 20:24:46.0759 0860 TapiSrv - ok 20:24:46.0791 0860 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 20:24:46.0822 0860 TBS - ok 20:24:47.0227 0860 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 20:24:47.0259 0860 Tcpip - ok 20:24:48.0351 0860 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 20:24:48.0382 0860 TCPIP6 - ok 20:24:49.0661 0860 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 20:24:49.0677 0860 tcpipreg - ok 20:24:49.0755 0860 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 20:24:49.0755 0860 TDPIPE - ok 20:24:49.0848 0860 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 20:24:49.0848 0860 TDTCP - ok 20:24:50.0160 0860 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 20:24:50.0176 0860 tdx - ok 20:24:50.0394 0860 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 20:24:50.0394 0860 TermDD - ok 20:24:51.0564 0860 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 20:24:51.0595 0860 TermService - ok 20:24:51.0627 0860 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 20:24:51.0642 0860 Themes - ok 20:24:51.0673 0860 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 20:24:51.0705 0860 THREADORDER - ok 20:24:51.0736 0860 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 20:24:51.0767 0860 TrkWks - ok 20:24:51.0892 0860 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 20:24:51.0923 0860 TrustedInstaller - ok 20:24:51.0954 0860 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 20:24:51.0985 0860 tssecsrv - ok 20:24:52.0157 0860 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 20:24:52.0173 0860 TsUsbFlt - ok 20:24:52.0266 0860 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 20:24:52.0313 0860 tunnel - ok 20:24:52.0407 0860 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 20:24:52.0422 0860 uagp35 - ok 20:24:52.0547 0860 ubohci (0ae9dd39a559359897541e2d4b8ec491) C:\Windows\system32\DRIVERS\ubohci.sys 20:24:52.0563 0860 Suspicious file (Forged): C:\Windows\system32\DRIVERS\ubohci.sys. Real md5: 0ae9dd39a559359897541e2d4b8ec491, Fake md5: 1e2e55e1b3bf2160d617e854a7b4950b 20:24:52.0563 0860 ubohci ( ForgedFile.Multi.Generic ) - warning 20:24:52.0563 0860 ubohci - detected ForgedFile.Multi.Generic (1) 20:24:52.0594 0860 ubsbm (a7e0b68f49650372910083e5697b7e99) C:\Windows\system32\DRIVERS\ubsbm.sys 20:24:52.0594 0860 Suspicious file (Forged): C:\Windows\system32\DRIVERS\ubsbm.sys. Real md5: a7e0b68f49650372910083e5697b7e99, Fake md5: b30147ca21ab2d10a14dc36a9aa17fd9 20:24:52.0594 0860 ubsbm ( ForgedFile.Multi.Generic ) - warning 20:24:52.0594 0860 ubsbm - detected ForgedFile.Multi.Generic (1) 20:24:52.0687 0860 ubumapi (db4a752a3d03c3b48bb8b23b0c53745d) C:\Windows\system32\DRIVERS\ubumapi.sys 20:24:52.0687 0860 Suspicious file (Forged): C:\Windows\system32\DRIVERS\ubumapi.sys. Real md5: db4a752a3d03c3b48bb8b23b0c53745d, Fake md5: b2a7a65cbd4803bbdb552620e57cd1bd 20:24:52.0687 0860 ubumapi ( ForgedFile.Multi.Generic ) - warning 20:24:52.0687 0860 ubumapi - detected ForgedFile.Multi.Generic (1) 20:24:52.0953 0860 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 20:24:52.0999 0860 udfs - ok 20:24:53.0124 0860 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 20:24:53.0155 0860 UI0Detect - ok 20:24:53.0280 0860 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 20:24:53.0296 0860 uliagpkx - ok 20:24:53.0343 0860 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 20:24:53.0374 0860 umbus - ok 20:24:53.0452 0860 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 20:24:53.0467 0860 UmPass - ok 20:24:53.0873 0860 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 20:24:53.0920 0860 upnphost - ok 20:24:53.0998 0860 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys 20:24:54.0013 0860 USBAAPL64 - ok 20:24:54.0247 0860 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 20:24:54.0263 0860 usbccgp - ok 20:24:54.0372 0860 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 20:24:54.0388 0860 usbcir - ok 20:24:54.0435 0860 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 20:24:54.0450 0860 usbehci - ok 20:24:54.0528 0860 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 20:24:54.0544 0860 usbhub - ok 20:24:54.0591 0860 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 20:24:54.0622 0860 usbohci - ok 20:24:54.0715 0860 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 20:24:54.0731 0860 usbprint - ok 20:24:54.0871 0860 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:24:54.0887 0860 USBSTOR - ok 20:24:54.0934 0860 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys 20:24:54.0965 0860 usbuhci - ok 20:24:55.0059 0860 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 20:24:55.0105 0860 UxSms - ok 20:24:55.0121 0860 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:24:55.0137 0860 VaultSvc - ok 20:24:55.0199 0860 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 20:24:55.0215 0860 vdrvroot - ok 20:24:55.0324 0860 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 20:24:55.0355 0860 vds - ok 20:24:55.0386 0860 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 20:24:55.0402 0860 vga - ok 20:24:55.0417 0860 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 20:24:55.0449 0860 VgaSave - ok 20:24:55.0495 0860 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 20:24:55.0511 0860 vhdmp - ok 20:24:55.0542 0860 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 20:24:55.0558 0860 viaide - ok 20:24:55.0620 0860 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 20:24:55.0636 0860 volmgr - ok 20:24:55.0683 0860 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 20:24:55.0698 0860 volmgrx - ok 20:24:55.0729 0860 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 20:24:55.0745 0860 volsnap - ok 20:24:55.0776 0860 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 20:24:55.0792 0860 vsmraid - ok 20:24:55.0932 0860 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 20:24:55.0979 0860 VSS - ok 20:24:56.0229 0860 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 20:24:56.0244 0860 vwifibus - ok 20:24:56.0260 0860 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 20:24:56.0275 0860 vwififlt - ok 20:24:56.0291 0860 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 20:24:56.0291 0860 vwifimp - ok 20:24:56.0338 0860 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 20:24:56.0369 0860 W32Time - ok 20:24:56.0385 0860 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 20:24:56.0400 0860 WacomPen - ok 20:24:56.0431 0860 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 20:24:56.0463 0860 WANARP - ok 20:24:56.0463 0860 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 20:24:56.0494 0860 Wanarpv6 - ok 20:24:56.0821 0860 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 20:24:56.0837 0860 WatAdminSvc - ok 20:24:56.0962 0860 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 20:24:56.0993 0860 wbengine - ok 20:24:57.0305 0860 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 20:24:57.0321 0860 WbioSrvc - ok 20:24:57.0586 0860 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 20:24:57.0601 0860 wcncsvc - ok 20:24:57.0617 0860 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 20:24:57.0633 0860 WcsPlugInService - ok 20:24:57.0664 0860 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 20:24:57.0679 0860 Wd - ok 20:24:57.0711 0860 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam.sys 20:24:57.0711 0860 WDC_SAM - ok 20:24:58.0225 0860 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 20:24:58.0241 0860 Wdf01000 - ok 20:24:58.0444 0860 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 20:24:58.0459 0860 WdiServiceHost - ok 20:24:58.0459 0860 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 20:24:58.0491 0860 WdiSystemHost - ok 20:24:58.0803 0860 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 20:24:58.0834 0860 WebClient - ok 20:24:58.0943 0860 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 20:24:58.0990 0860 Wecsvc - ok 20:24:59.0115 0860 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 20:24:59.0161 0860 wercplsupport - ok 20:24:59.0255 0860 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 20:24:59.0302 0860 WerSvc - ok 20:24:59.0411 0860 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 20:24:59.0458 0860 WfpLwf - ok 20:24:59.0848 0860 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys 20:24:59.0863 0860 WimFltr - ok 20:24:59.0879 0860 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 20:24:59.0895 0860 WIMMount - ok 20:24:59.0895 0860 WinHttpAutoProxySvc - ok 20:25:00.0113 0860 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 20:25:00.0144 0860 Winmgmt - ok 20:25:01.0377 0860 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 20:25:01.0423 0860 WinRM - ok 20:25:03.0030 0860 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 20:25:03.0061 0860 Wlansvc - ok 20:25:04.0996 0860 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 20:25:05.0043 0860 wlidsvc - ok 20:25:05.0745 0860 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 20:25:05.0760 0860 WmiAcpi - ok 20:25:06.0353 0860 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 20:25:06.0384 0860 wmiApSrv - ok 20:25:06.0462 0860 WMPNetworkSvc - ok 20:25:06.0509 0860 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 20:25:06.0540 0860 WPCSvc - ok 20:25:06.0961 0860 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 20:25:06.0993 0860 WPDBusEnum - ok 20:25:07.0024 0860 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 20:25:07.0071 0860 ws2ifsl - ok 20:25:07.0071 0860 WSearch - ok 20:25:10.0144 0860 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 20:25:10.0191 0860 wuauserv - ok 20:25:11.0782 0860 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 20:25:11.0829 0860 WudfPf - ok 20:25:12.0265 0860 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 20:25:12.0312 0860 WUDFRd - ok 20:25:12.0453 0860 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 20:25:12.0499 0860 wudfsvc - ok 20:25:12.0687 0860 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 20:25:12.0718 0860 WwanSvc - ok 20:25:12.0733 0860 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0 20:25:15.0541 0860 \Device\Harddisk0\DR0 - ok 20:25:15.0588 0860 Boot (0x1200) (cd38b1383ea78deb6866c65cbde2f1b9) \Device\Harddisk0\DR0\Partition0 20:25:15.0604 0860 \Device\Harddisk0\DR0\Partition0 - ok 20:25:15.0635 0860 Boot (0x1200) (0f3f6a544d31d87c2419ebbb2422dfd1) \Device\Harddisk0\DR0\Partition1 20:25:15.0651 0860 \Device\Harddisk0\DR0\Partition1 - ok 20:25:15.0651 0860 ============================================================ 20:25:15.0651 0860 Scan finished 20:25:15.0651 0860 ============================================================ 20:25:15.0651 0592 Detected object count: 6 20:25:15.0651 0592 Actual detected object count: 6 20:25:21.0844 0592 Akamai ( HiddenFile.Multi.Generic ) - skipped by user 20:25:21.0844 0592 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 20:25:21.0844 0592 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user 20:25:21.0844 0592 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:25:21.0844 0592 OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user 20:25:21.0844 0592 OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:25:21.0844 0592 ubohci ( ForgedFile.Multi.Generic ) - skipped by user 20:25:21.0844 0592 ubohci ( ForgedFile.Multi.Generic ) - User select action: Skip 20:25:21.0844 0592 ubsbm ( ForgedFile.Multi.Generic ) - skipped by user 20:25:21.0844 0592 ubsbm ( ForgedFile.Multi.Generic ) - User select action: Skip 20:25:21.0844 0592 ubumapi ( ForgedFile.Multi.Generic ) - skipped by user 20:25:21.0844 0592 ubumapi ( ForgedFile.Multi.Generic ) - User select action: Skip 20:25:25.0323 4448 Deinitialize success

20:22:47.0092 4460 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32 20:22:47.0092 4460 ============================================================ 20:22:47.0092 4460 Current date / time: 2012/06/28 20:22:47.0092 20:22:47.0092 4460 SystemInfo: 20:22:47.0092 4460 20:22:47.0092 4460 OS Version: 6.1.7601 ServicePack: 1.0 20:22:47.0092 4460 Product type: Workstation 20:22:47.0092 4460 ComputerName: SASSAFRASQUATCH 20:22:47.0092 4460 UserName: I'm Lee 20:22:47.0092 4460 Windows directory: C:\Windows 20:22:47.0092 4460 System windows directory: C:\Windows 20:22:47.0092 4460 Running under WOW64 20:22:47.0092 4460 Processor architecture: Intel x64 20:22:47.0092 4460 Number of processors: 8 20:22:47.0092 4460 Page size: 0x1000 20:22:47.0092 4460 Boot type: Normal boot 20:22:47.0092 4460 ============================================================ 20:22:49.0073 4460 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:22:49.0088 4460 ============================================================ 20:22:49.0088 4460 \Device\Harddisk0\DR0: 20:22:49.0088 4460 MBR partitions: 20:22:49.0088 4460 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x123F000 20:22:49.0088 4460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1253000, BlocksNum 0x49604800 20:22:49.0088 4460 ============================================================ 20:22:49.0135 4460 C: <-> \Device\Harddisk0\DR0\Partition1 20:22:49.0135 4460 ============================================================ 20:22:49.0135 4460 Initialize success 20:22:49.0135 4460 ============================================================ 20:22:55.0812 4512 ============================================================ 20:22:55.0812 4512 Scan started 20:22:55.0812 4512 Mode: Manual; SigCheck; TDLFS; 20:22:55.0812 4512 ============================================================ 20:22:56.0935 4512 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 20:23:05.0500 4512 1394ohci - ok 20:23:05.0546 4512 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys 20:23:05.0624 4512 61883 - ok 20:23:05.0687 4512 65897487 (a76e27c387a1309564349992ea5462c0) C:\Windows\system32\drivers\16495956.sys 20:23:05.0734 4512 65897487 - ok 20:23:05.0796 4512 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 20:23:05.0827 4512 ACPI - ok 20:23:05.0858 4512 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 20:23:05.0936 4512 AcpiPmi - ok 20:23:05.0983 4512 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys 20:23:05.0999 4512 adfs - ok 20:23:06.0170 4512 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 20:23:06.0186 4512 AdobeFlashPlayerUpdateSvc - ok 20:23:06.0264 4512 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 20:23:06.0280 4512 adp94xx - ok 20:23:06.0358 4512 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 20:23:06.0389 4512 adpahci - ok 20:23:06.0404 4512 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 20:23:06.0436 4512 adpu320 - ok 20:23:06.0467 4512 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 20:23:06.0592 4512 AeLookupSvc - ok 20:23:06.0685 4512 AERTFilters (3ac22a3dfa8a050e35f0e3cd99d0cdf2) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe 20:23:06.0763 4512 AERTFilters - ok 20:23:06.0857 4512 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 20:23:06.0935 4512 AFD - ok 20:23:06.0997 4512 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 20:23:07.0028 4512 agp440 - ok 20:23:07.0372 4512 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll 20:23:07.0372 4512 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af 20:23:07.0372 4512 Akamai ( HiddenFile.Multi.Generic ) - warning 20:23:07.0372 4512 Akamai - detected HiddenFile.Multi.Generic (1) 20:23:07.0481 4512 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 20:23:07.0543 4512 ALG - ok 20:23:07.0606 4512 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 20:23:07.0637 4512 aliide - ok 20:23:07.0637 4512 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 20:23:07.0652 4512 amdide - ok 20:23:07.0684 4512 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 20:23:07.0746 4512 AmdK8 - ok 20:23:07.0762 4512 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 20:23:07.0808 4512 AmdPPM - ok 20:23:07.0840 4512 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 20:23:07.0855 4512 amdsata - ok 20:23:07.0886 4512 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 20:23:07.0902 4512 amdsbs - ok 20:23:07.0918 4512 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 20:23:07.0933 4512 amdxata - ok 20:23:07.0980 4512 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 20:23:08.0120 4512 AppID - ok 20:23:08.0136 4512 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 20:23:08.0214 4512 AppIDSvc - ok 20:23:08.0261 4512 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 20:23:08.0308 4512 Appinfo - ok 20:23:08.0417 4512 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 20:23:08.0432 4512 Apple Mobile Device - ok 20:23:08.0479 4512 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 20:23:08.0495 4512 arc - ok 20:23:08.0510 4512 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 20:23:08.0526 4512 arcsas - ok 20:23:08.0557 4512 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 20:23:08.0604 4512 AsyncMac - ok 20:23:08.0666 4512 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 20:23:08.0682 4512 atapi - ok 20:23:08.0822 4512 athr (195786ed7a26e1913a4f9799fdbc2c71) C:\Windows\system32\DRIVERS\athrx.sys 20:23:08.0916 4512 athr - ok 20:23:09.0072 4512 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 20:23:09.0150 4512 AudioEndpointBuilder - ok 20:23:09.0150 4512 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 20:23:09.0181 4512 AudioSrv - ok 20:23:09.0244 4512 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys 20:23:09.0290 4512 Avc - ok 20:23:09.0353 4512 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 20:23:09.0431 4512 AxInstSV - ok 20:23:09.0509 4512 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 20:23:09.0556 4512 b06bdrv - ok 20:23:09.0634 4512 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 20:23:09.0665 4512 b57nd60a - ok 20:23:09.0712 4512 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 20:23:09.0758 4512 BDESVC - ok 20:23:09.0774 4512 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 20:23:09.0836 4512 Beep - ok 20:23:09.0914 4512 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 20:23:10.0008 4512 BITS - ok 20:23:10.0055 4512 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 20:23:10.0086 4512 blbdrive - ok 20:23:10.0195 4512 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 20:23:10.0226 4512 Bonjour Service - ok 20:23:10.0273 4512 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 20:23:10.0289 4512 bowser - ok 20:23:10.0320 4512 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 20:23:10.0351 4512 BrFiltLo - ok 20:23:10.0367 4512 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 20:23:10.0398 4512 BrFiltUp - ok 20:23:10.0429 4512 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 20:23:10.0492 4512 Browser - ok 20:23:10.0538 4512 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 20:23:10.0601 4512 Brserid - ok 20:23:10.0616 4512 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 20:23:10.0648 4512 BrSerWdm - ok 20:23:10.0663 4512 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 20:23:10.0694 4512 BrUsbMdm - ok 20:23:10.0726 4512 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 20:23:10.0757 4512 BrUsbSer - ok 20:23:10.0772 4512 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 20:23:10.0819 4512 BTHMODEM - ok 20:23:10.0866 4512 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 20:23:10.0913 4512 bthserv - ok 20:23:10.0960 4512 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 20:23:11.0006 4512 cdfs - ok 20:23:11.0053 4512 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 20:23:11.0100 4512 cdrom - ok 20:23:11.0147 4512 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 20:23:11.0209 4512 CertPropSvc - ok 20:23:11.0256 4512 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys 20:23:11.0287 4512 cfwids - ok 20:23:11.0303 4512 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 20:23:11.0334 4512 circlass - ok 20:23:11.0381 4512 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 20:23:11.0412 4512 CLFS - ok 20:23:11.0490 4512 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:23:11.0506 4512 clr_optimization_v2.0.50727_32 - ok 20:23:11.0568 4512 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 20:23:11.0584 4512 clr_optimization_v2.0.50727_64 - ok 20:23:11.0677 4512 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:23:11.0724 4512 clr_optimization_v4.0.30319_32 - ok 20:23:11.0755 4512 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 20:23:11.0771 4512 clr_optimization_v4.0.30319_64 - ok 20:23:11.0802 4512 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 20:23:11.0833 4512 CmBatt - ok 20:23:11.0864 4512 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 20:23:11.0864 4512 cmdide - ok 20:23:11.0942 4512 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 20:23:11.0989 4512 CNG - ok 20:23:12.0005 4512 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 20:23:12.0020 4512 Compbatt - ok 20:23:12.0067 4512 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 20:23:12.0098 4512 CompositeBus - ok 20:23:12.0114 4512 COMSysApp - ok 20:23:12.0130 4512 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 20:23:12.0145 4512 crcdisk - ok 20:23:12.0192 4512 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 20:23:12.0239 4512 CryptSvc - ok 20:23:12.0301 4512 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 20:23:12.0348 4512 DcomLaunch - ok 20:23:12.0395 4512 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 20:23:12.0473 4512 defragsvc - ok 20:23:12.0504 4512 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 20:23:12.0566 4512 DfsC - ok 20:23:12.0644 4512 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 20:23:12.0691 4512 Dhcp - ok 20:23:12.0738 4512 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 20:23:12.0800 4512 discache - ok 20:23:12.0832 4512 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 20:23:12.0847 4512 Disk - ok 20:23:12.0894 4512 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 20:23:12.0956 4512 Dnscache - ok 20:23:13.0034 4512 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe 20:23:13.0066 4512 DockLoginService ( UnsignedFile.Multi.Generic ) - warning 20:23:13.0066 4512 DockLoginService - detected UnsignedFile.Multi.Generic (1) 20:23:13.0112 4512 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 20:23:13.0175 4512 dot3svc - ok 20:23:13.0222 4512 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 20:23:13.0284 4512 DPS - ok 20:23:13.0300 4512 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 20:23:13.0346 4512 drmkaud - ok 20:23:13.0456 4512 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 20:23:13.0471 4512 DXGKrnl - ok 20:23:13.0518 4512 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 20:23:13.0580 4512 EapHost - ok 20:23:13.0846 4512 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 20:23:13.0892 4512 ebdrv - ok 20:23:14.0002 4512 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 20:23:14.0064 4512 EFS - ok 20:23:14.0173 4512 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 20:23:14.0236 4512 ehRecvr - ok 20:23:14.0267 4512 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 20:23:14.0298 4512 ehSched - ok 20:23:14.0407 4512 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 20:23:14.0423 4512 elxstor - ok 20:23:14.0454 4512 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 20:23:14.0501 4512 ErrDev - ok 20:23:14.0548 4512 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 20:23:14.0610 4512 EventSystem - ok 20:23:14.0641 4512 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 20:23:14.0688 4512 exfat - ok 20:23:14.0719 4512 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 20:23:14.0750 4512 fastfat - ok 20:23:14.0860 4512 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 20:23:14.0922 4512 Fax - ok 20:23:14.0938 4512 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 20:23:14.0984 4512 fdc - ok 20:23:15.0016 4512 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 20:23:15.0078 4512 fdPHost - ok 20:23:15.0094 4512 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 20:23:15.0140 4512 FDResPub - ok 20:23:15.0172 4512 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 20:23:15.0187 4512 FileInfo - ok 20:23:15.0187 4512 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 20:23:15.0234 4512 Filetrace - ok 20:23:15.0250 4512 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 20:23:15.0250 4512 flpydisk - ok 20:23:15.0312 4512 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 20:23:15.0328 4512 FltMgr - ok 20:23:15.0452 4512 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 20:23:15.0484 4512 FontCache - ok 20:23:15.0562 4512 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 20:23:15.0577 4512 FontCache3.0.0.0 - ok 20:23:15.0624 4512 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 20:23:15.0655 4512 FsDepends - ok 20:23:15.0686 4512 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 20:23:15.0702 4512 Fs_Rec - ok 20:23:15.0764 4512 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 20:23:15.0796 4512 fvevol - ok 20:23:15.0811 4512 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 20:23:15.0842 4512 gagp30kx - ok 20:23:15.0920 4512 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe 20:23:15.0936 4512 GoToAssist - ok 20:23:16.0014 4512 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 20:23:16.0076 4512 gpsvc - ok 20:23:16.0108 4512 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 20:23:16.0154 4512 hcw85cir - ok 20:23:16.0201 4512 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 20:23:16.0248 4512 HDAudBus - ok 20:23:16.0264 4512 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 20:23:16.0279 4512 HidBatt - ok 20:23:16.0295 4512 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 20:23:16.0310 4512 HidBth - ok 20:23:16.0342 4512 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 20:23:16.0373 4512 HidIr - ok 20:23:16.0404 4512 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 20:23:16.0466 4512 hidserv - ok 20:23:16.0498 4512 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 20:23:16.0513 4512 HidUsb - ok 20:23:16.0544 4512 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 20:23:16.0607 4512 hkmsvc - ok 20:23:16.0669 4512 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 20:23:16.0716 4512 HomeGroupListener - ok 20:23:16.0763 4512 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 20:23:16.0794 4512 HomeGroupProvider - ok 20:23:16.0810 4512 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 20:23:16.0825 4512 HpSAMD - ok 20:23:16.0919 4512 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 20:23:16.0981 4512 HTTP - ok 20:23:17.0012 4512 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 20:23:17.0044 4512 hwpolicy - ok 20:23:17.0090 4512 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 20:23:17.0106 4512 i8042prt - ok 20:23:17.0215 4512 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe 20:23:17.0231 4512 IAANTMON - ok 20:23:17.0278 4512 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys 20:23:17.0309 4512 iaStor - ok 20:23:17.0371 4512 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 20:23:17.0387 4512 iaStorV - ok 20:23:17.0652 4512 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 20:23:17.0683 4512 idsvc - ok 20:23:17.0699 4512 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 20:23:17.0714 4512 iirsp - ok 20:23:17.0808 4512 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 20:23:17.0870 4512 IKEEXT - ok 20:23:18.0026 4512 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys 20:23:18.0073 4512 IntcAzAudAddService - ok 20:23:18.0214 4512 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 20:23:18.0229 4512 intelide - ok 20:23:18.0260 4512 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 20:23:18.0292 4512 intelppm - ok 20:23:18.0323 4512 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 20:23:18.0354 4512 IPBusEnum - ok 20:23:18.0401 4512 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:23:18.0448 4512 IpFilterDriver - ok 20:23:18.0479 4512 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 20:23:18.0510 4512 IPMIDRV - ok 20:23:18.0541 4512 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 20:23:18.0588 4512 IPNAT - ok 20:23:18.0728 4512 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe 20:23:18.0760 4512 iPod Service - ok 20:23:18.0791 4512 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 20:23:18.0853 4512 IRENUM - ok 20:23:18.0884 4512 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 20:23:18.0900 4512 isapnp - ok 20:23:18.0947 4512 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 20:23:18.0962 4512 iScsiPrt - ok 20:23:18.0994 4512 JRAID (71235f7baa7e5e79d38157df7a0f806a) C:\Windows\system32\DRIVERS\jraid.sys 20:23:19.0009 4512 JRAID - ok 20:23:19.0040 4512 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 20:23:19.0056 4512 kbdclass - ok 20:23:19.0087 4512 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 20:23:19.0118 4512 kbdhid - ok 20:23:19.0134 4512 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:23:19.0150 4512 KeyIso - ok 20:23:19.0181 4512 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 20:23:19.0212 4512 KSecDD - ok 20:23:19.0243 4512 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 20:23:19.0259 4512 KSecPkg - ok 20:23:19.0274 4512 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 20:23:19.0321 4512 ksthunk - ok 20:23:19.0399 4512 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 20:23:19.0462 4512 KtmRm - ok 20:23:19.0524 4512 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 20:23:19.0602 4512 LanmanServer - ok 20:23:19.0649 4512 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 20:23:19.0711 4512 LanmanWorkstation - ok 20:23:19.0742 4512 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 20:23:19.0820 4512 lltdio - ok 20:23:19.0883 4512 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 20:23:19.0945 4512 lltdsvc - ok 20:23:19.0976 4512 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 20:23:20.0008 4512 lmhosts - ok 20:23:20.0039 4512 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 20:23:20.0054 4512 LSI_FC - ok 20:23:20.0086 4512 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 20:23:20.0086 4512 LSI_SAS - ok 20:23:20.0101 4512 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 20:23:20.0101 4512 LSI_SAS2 - ok 20:23:20.0117 4512 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 20:23:20.0132 4512 LSI_SCSI - ok 20:23:20.0148 4512 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 20:23:20.0195 4512 luafv - ok 20:23:20.0242 4512 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 20:23:20.0273 4512 MBAMProtector - ok 20:23:20.0382 4512 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 20:23:20.0398 4512 MBAMService - ok 20:23:20.0522 4512 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 20:23:20.0569 4512 McMPFSvc - ok 20:23:20.0569 4512 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 20:23:20.0585 4512 mcmscsvc - ok 20:23:20.0585 4512 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 20:23:20.0600 4512 McNaiAnn - ok 20:23:20.0616 4512 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 20:23:20.0632 4512 McNASvc - ok 20:23:20.0725 4512 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\McAfee\VirusScan\mcods.exe 20:23:20.0756 4512 McODS - ok 20:23:20.0772 4512 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 20:23:20.0788 4512 McProxy - ok 20:23:20.0850 4512 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe 20:23:20.0881 4512 McShield - ok 20:23:20.0990 4512 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 20:23:21.0037 4512 Mcx2Svc - ok 20:23:21.0084 4512 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 20:23:21.0100 4512 megasas - ok 20:23:21.0115 4512 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 20:23:21.0146 4512 MegaSR - ok 20:23:21.0209 4512 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys 20:23:21.0224 4512 mfeapfk - ok 20:23:21.0271 4512 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys 20:23:21.0287 4512 mfeavfk - ok 20:23:21.0302 4512 mfeavfk01 - ok 20:23:21.0396 4512 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe 20:23:21.0427 4512 mfefire - ok 20:23:21.0474 4512 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys 20:23:21.0490 4512 mfefirek - ok 20:23:21.0568 4512 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys 20:23:21.0599 4512 mfehidk - ok 20:23:21.0630 4512 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys 20:23:21.0661 4512 mfenlfk - ok 20:23:21.0677 4512 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys 20:23:21.0708 4512 mferkdet - ok 20:23:21.0755 4512 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe 20:23:21.0770 4512 mfevtp - ok 20:23:21.0817 4512 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys 20:23:21.0833 4512 mfewfpk - ok 20:23:21.0864 4512 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 20:23:21.0926 4512 MMCSS - ok 20:23:21.0958 4512 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 20:23:22.0020 4512 Modem - ok 20:23:22.0051 4512 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 20:23:22.0082 4512 monitor - ok 20:23:22.0129 4512 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 20:23:22.0145 4512 mouclass - ok 20:23:22.0176 4512 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 20:23:22.0207 4512 mouhid - ok 20:23:22.0238 4512 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 20:23:22.0254 4512 mountmgr - ok 20:23:22.0363 4512 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 20:23:22.0379 4512 MozillaMaintenance - ok 20:23:22.0426 4512 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 20:23:22.0441 4512 mpio - ok 20:23:22.0457 4512 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 20:23:22.0488 4512 mpsdrv - ok 20:23:22.0519 4512 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 20:23:22.0550 4512 MRxDAV - ok 20:23:22.0582 4512 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 20:23:22.0628 4512 mrxsmb - ok 20:23:22.0675 4512 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:23:22.0722 4512 mrxsmb10 - ok 20:23:22.0753 4512 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:23:22.0769 4512 mrxsmb20 - ok 20:23:22.0800 4512 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 20:23:22.0816 4512 msahci - ok 20:23:22.0847 4512 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 20:23:22.0862 4512 msdsm - ok 20:23:22.0894 4512 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 20:23:22.0940 4512 MSDTC - ok 20:23:23.0003 4512 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys 20:23:23.0050 4512 MSDV - ok 20:23:23.0065 4512 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 20:23:23.0097 4512 Msfs - ok 20:23:23.0112 4512 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 20:23:23.0159 4512 mshidkmdf - ok 20:23:23.0175 4512 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 20:23:23.0190 4512 msisadrv - ok 20:23:23.0221 4512 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 20:23:23.0268 4512 MSiSCSI - ok 20:23:23.0284 4512 msiserver - ok 20:23:23.0409 4512 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 20:23:23.0440 4512 MSK80Service - ok 20:23:23.0455 4512 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 20:23:23.0518 4512 MSKSSRV - ok 20:23:23.0518 4512 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 20:23:23.0549 4512 MSPCLOCK - ok 20:23:23.0549 4512 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 20:23:23.0596 4512 MSPQM - ok 20:23:23.0658 4512 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 20:23:23.0674 4512 MsRPC - ok 20:23:23.0721 4512 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 20:23:23.0736 4512 mssmbios - ok 20:23:23.0736 4512 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 20:23:23.0783 4512 MSTEE - ok 20:23:23.0799 4512 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 20:23:23.0830 4512 MTConfig - ok 20:23:23.0845 4512 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 20:23:23.0861 4512 Mup - ok 20:23:23.0908 4512 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 20:23:23.0970 4512 napagent - ok 20:23:24.0033 4512 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 20:23:24.0079 4512 NativeWifiP - ok 20:23:24.0189 4512 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 20:23:24.0235 4512 NDIS - ok 20:23:24.0251 4512 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 20:23:24.0267 4512 NdisCap - ok 20:23:24.0298 4512 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 20:23:24.0329 4512 NdisTapi - ok 20:23:24.0360 4512 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 20:23:24.0407 4512 Ndisuio - ok 20:23:24.0454 4512 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 20:23:24.0501 4512 NdisWan - ok 20:23:24.0532 4512 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 20:23:24.0563 4512 NDProxy - ok 20:23:24.0579 4512 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 20:23:24.0625 4512 NetBIOS - ok 20:23:24.0657 4512 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 20:23:24.0719 4512 NetBT - ok 20:23:24.0750 4512 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:23:24.0766 4512 Netlogon - ok 20:23:24.0797 4512 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 20:23:24.0859 4512 Netman - ok 20:23:24.0922 4512 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 20:23:24.0984 4512 netprofm - ok 20:23:25.0062 4512 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:23:25.0078 4512 NetTcpPortSharing - ok 20:23:25.0125 4512 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 20:23:25.0156 4512 nfrd960 - ok 20:23:25.0218 4512 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 20:23:25.0281 4512 NlaSvc - ok 20:23:25.0296 4512 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 20:23:25.0327 4512 Npfs - ok 20:23:25.0359 4512 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 20:23:25.0374 4512 nsi - ok 20:23:25.0390 4512 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 20:23:25.0421 4512 nsiproxy - ok 20:23:25.0561 4512 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 20:23:25.0593 4512 Ntfs - ok 20:23:25.0733 4512 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 20:23:25.0795 4512 Null - ok 20:23:26.0544 4512 nvlddmkm (feffc8474be060ea7349a172b9810415) C:\Windows\system32\DRIVERS\nvlddmkm.sys 20:23:26.0669 4512 nvlddmkm - ok 20:23:26.0825 4512 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 20:23:26.0841 4512 nvraid - ok 20:23:26.0872 4512 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 20:23:26.0887 4512 nvstor - ok 20:23:26.0950 4512 nvsvc (18aa5ff4ee3fe45a64b98589c62b7fc0) C:\Windows\system32\nvvsvc.exe 20:23:26.0965 4512 nvsvc - ok 20:23:27.0012 4512 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 20:23:27.0043 4512 nv_agp - ok 20:23:27.0199 4512 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 20:23:27.0262 4512 ohci1394 - ok 20:23:27.0433 4512 OpenVPNService (d8a0164a79d4bfd6083945c5431e41e7) C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe 20:23:27.0480 4512 OpenVPNService ( UnsignedFile.Multi.Generic ) - warning 20:23:27.0480 4512 OpenVPNService - detected UnsignedFile.Multi.Generic (1) 20:23:27.0496 4512 p2csvc - ok 20:23:27.0589 4512 p2csvc32 - ok 20:23:27.0636 4512 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 20:23:27.0699 4512 p2pimsvc - ok 20:23:27.0745 4512 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 20:23:27.0777 4512 p2psvc - ok 20:23:27.0839 4512 p2usb (5035825b9217a087ea70497066385fe7) C:\Windows\system32\DRIVERS\p2usb.sys 20:23:27.0886 4512 p2usb - ok 20:23:27.0917 4512 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 20:23:27.0933 4512 Parport - ok 20:23:27.0979 4512 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 20:23:27.0995 4512 partmgr - ok 20:23:28.0026 4512 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 20:23:28.0057 4512 PcaSvc - ok 20:23:28.0104 4512 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 20:23:28.0120 4512 pci - ok 20:23:28.0151 4512 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 20:23:28.0182 4512 pciide - ok 20:23:28.0198 4512 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 20:23:28.0198 4512 pcmcia - ok 20:23:28.0213 4512 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 20:23:28.0229 4512 pcw - ok 20:23:28.0276 4512 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 20:23:28.0338 4512 PEAUTH - ok 20:23:28.0416 4512 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 20:23:28.0463 4512 PerfHost - ok 20:23:28.0603 4512 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 20:23:28.0681 4512 pla - ok 20:23:28.0744 4512 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 20:23:28.0806 4512 PlugPlay - ok 20:23:28.0837 4512 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 20:23:28.0853 4512 PNRPAutoReg - ok 20:23:28.0884 4512 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 20:23:28.0900 4512 PNRPsvc - ok 20:23:28.0962 4512 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 20:23:29.0040 4512 PolicyAgent - ok 20:23:29.0071 4512 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 20:23:29.0118 4512 Power - ok 20:23:29.0196 4512 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 20:23:29.0243 4512 PptpMiniport - ok 20:23:29.0274 4512 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 20:23:29.0305 4512 Processor - ok 20:23:29.0352 4512 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 20:23:29.0415 4512 ProfSvc - ok 20:23:29.0446 4512 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:23:29.0461 4512 ProtectedStorage - ok 20:23:29.0524 4512 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 20:23:29.0571 4512 Psched - ok 20:23:29.0602 4512 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys 20:23:29.0617 4512 PxHlpa64 - ok 20:23:29.0758 4512 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 20:23:29.0805 4512 ql2300 - ok 20:23:29.0929 4512 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 20:23:29.0945 4512 ql40xx - ok 20:23:29.0992 4512 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 20:23:30.0023 4512 QWAVE - ok 20:23:30.0023 4512 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 20:23:30.0054 4512 QWAVEdrv - ok 20:23:30.0070 4512 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 20:23:30.0117 4512 RasAcd - ok 20:23:30.0148 4512 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 20:23:30.0179 4512 RasAgileVpn - ok 20:23:30.0195 4512 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 20:23:30.0241 4512 RasAuto - ok 20:23:30.0288 4512 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 20:23:30.0351 4512 Rasl2tp - ok 20:23:30.0397 4512 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 20:23:30.0444 4512 RasMan - ok 20:23:30.0460 4512 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 20:23:30.0507 4512 RasPppoe - ok 20:23:30.0538 4512 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 20:23:30.0585 4512 RasSstp - ok 20:23:30.0631 4512 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 20:23:30.0694 4512 rdbss - ok 20:23:30.0725 4512 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 20:23:30.0756 4512 rdpbus - ok 20:23:30.0787 4512 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 20:23:30.0834 4512 RDPCDD - ok 20:23:30.0850 4512 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 20:23:30.0912 4512 RDPENCDD - ok 20:23:30.0928 4512 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 20:23:30.0959 4512 RDPREFMP - ok 20:23:31.0006 4512 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 20:23:31.0053 4512 RDPWD - ok 20:23:31.0115 4512 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 20:23:31.0131 4512 rdyboost - ok 20:23:31.0162 4512 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 20:23:31.0224 4512 RemoteAccess - ok 20:23:31.0255 4512 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 20:23:31.0287 4512 RemoteRegistry - ok 20:23:31.0489 4512 RoxMediaDB10 (05fc44d32a144925eae45570029fd6e1) c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe 20:23:31.0521 4512 RoxMediaDB10 - ok 20:23:31.0552 4512 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 20:23:31.0599 4512 RpcEptMapper - ok 20:23:31.0614 4512 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 20:23:31.0630 4512 RpcLocator - ok 20:23:31.0692 4512 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 20:23:31.0739 4512 RpcSs - ok 20:23:31.0786 4512 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 20:23:31.0848 4512 rspndr - ok 20:23:31.0895 4512 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys 20:23:31.0926 4512 RSUSBSTOR - ok 20:23:31.0957 4512 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys 20:23:32.0004 4512 RTL8167 - ok 20:23:32.0020 4512 RxFilter - ok 20:23:32.0051 4512 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:23:32.0051 4512 SamSs - ok 20:23:32.0098 4512 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 20:23:32.0113 4512 sbp2port - ok 20:23:32.0145 4512 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 20:23:32.0176 4512 SCardSvr - ok 20:23:32.0191 4512 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 20:23:32.0223 4512 scfilter - ok 20:23:32.0332 4512 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 20:23:32.0394 4512 Schedule - ok 20:23:32.0425 4512 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 20:23:32.0457 4512 SCPolicySvc - ok 20:23:32.0503 4512 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 20:23:32.0550 4512 SDRSVC - ok 20:23:32.0659 4512 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 20:23:32.0691 4512 SeaPort - ok 20:23:32.0753 4512 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 20:23:32.0815 4512 secdrv - ok 20:23:32.0847 4512 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 20:23:32.0878 4512 seclogon - ok 20:23:32.0909 4512 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 20:23:32.0925 4512 SENS - ok 20:23:32.0940 4512 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 20:23:32.0987 4512 SensrSvc - ok 20:23:33.0018 4512 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 20:23:33.0049 4512 Serenum - ok 20:23:33.0065 4512 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 20:23:33.0096 4512 Serial - ok 20:23:33.0127 4512 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 20:23:33.0143 4512 sermouse - ok 20:23:33.0190 4512 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 20:23:33.0237 4512 SessionEnv - ok 20:23:33.0268 4512 SessionLauncher - ok 20:23:33.0299 4512 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 20:23:33.0346 4512 sffdisk - ok 20:23:33.0361 4512 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 20:23:33.0393 4512 sffp_mmc - ok 20:23:33.0408 4512 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 20:23:33.0455 4512 sffp_sd - ok 20:23:33.0471 4512 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 20:23:33.0502 4512 sfloppy - ok 20:23:33.0595 4512 SftService (7f475425582163602ef1589c0071e521) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE 20:23:33.0611 4512 SftService - ok 20:23:33.0673 4512 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 20:23:33.0736 4512 SharedAccess - ok 20:23:33.0798 4512 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 20:23:33.0861 4512 ShellHWDetection - ok 20:23:33.0923 4512 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 20:23:33.0939 4512 SiSRaid2 - ok 20:23:33.0954 4512 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 20:23:33.0970 4512 SiSRaid4 - ok 20:23:33.0985 4512 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 20:23:34.0048 4512 Smb - ok 20:23:34.0095 4512 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 20:23:34.0126 4512 SNMPTRAP - ok 20:23:34.0141 4512 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 20:23:34.0173 4512 spldr - ok 20:23:34.0235 4512 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 20:23:34.0282 4512 Spooler - ok 20:23:34.0547 4512 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 20:23:34.0625 4512 sppsvc - ok 20:23:34.0750 4512 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 20:23:34.0797 4512 sppuinotify - ok 20:23:34.0890 4512 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 20:23:34.0953 4512 srv - ok 20:23:34.0999 4512 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 20:23:35.0015 4512 srv2 - ok 20:23:35.0046 4512 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 20:23:35.0062 4512 srvnet - ok 20:23:35.0093 4512 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 20:23:35.0155 4512 SSDPSRV - ok 20:23:35.0171 4512 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 20:23:35.0218 4512 SstpSvc - ok 20:23:35.0233 4512 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 20:23:35.0249 4512 stexstor - ok 20:23:35.0327 4512 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 20:23:35.0374 4512 stisvc - ok 20:23:35.0452 4512 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe 20:23:35.0467 4512 stllssvr - ok 20:23:35.0670 4512 Stuffit Archive Name Service (1db60cb3e53e2491d5d6c43c06676ca2) C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe 20:23:35.0717 4512 Stuffit Archive Name Service - ok 20:23:35.0842 4512 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 20:23:35.0857 4512 swenum - ok 20:23:35.0920 4512 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 20:23:35.0982 4512 swprv - ok 20:23:36.0123 4512 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 20:23:36.0185 4512 SysMain - ok 20:23:36.0310 4512 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 20:23:36.0357 4512 TabletInputService - ok 20:23:36.0403 4512 tap0901 (3b73c849b41fb20d77b0e553214061a5) C:\Windows\system32\DRIVERS\tap0901.sys 20:23:36.0466 4512 tap0901 - ok 20:23:36.0513 4512 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 20:23:36.0559 4512 TapiSrv - ok 20:23:36.0591 4512 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 20:23:36.0622 4512 TBS - ok 20:23:36.0793 4512 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 20:23:36.0840 4512 Tcpip - ok 20:23:37.0074 4512 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 20:23:37.0105 4512 TCPIP6 - ok 20:23:37.0183 4512 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 20:23:37.0246 4512 tcpipreg - ok 20:23:37.0293 4512 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 20:23:37.0324 4512 TDPIPE - ok 20:23:37.0355 4512 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 20:23:37.0402 4512 TDTCP - ok 20:23:37.0433 4512 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 20:23:37.0464 4512 tdx - ok 20:23:37.0527 4512 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 20:23:37.0542 4512 TermDD - ok 20:23:37.0620 4512 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 20:23:37.0683 4512 TermService - ok 20:23:37.0714 4512 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 20:23:37.0745 4512 Themes - ok 20:23:37.0792 4512 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 20:23:37.0823 4512 THREADORDER - ok 20:23:37.0854 4512 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 20:23:37.0885 4512 TrkWks - ok 20:23:37.0948 4512 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 20:23:37.0995 4512 TrustedInstaller - ok 20:23:38.0026 4512 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 20:23:38.0073 4512 tssecsrv - ok 20:23:38.0119 4512 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 20:23:38.0151 4512 TsUsbFlt - ok 20:23:38.0197 4512 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 20:23:38.0244 4512 tunnel - ok 20:23:38.0275 4512 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 20:23:38.0291 4512 uagp35 - ok 20:23:38.0322 4512 ubohci (0ae9dd39a559359897541e2d4b8ec491) C:\Windows\system32\DRIVERS\ubohci.sys 20:23:38.0322 4512 Suspicious file (Forged): C:\Windows\system32\DRIVERS\ubohci.sys. Real md5: 0ae9dd39a559359897541e2d4b8ec491, Fake md5: 1e2e55e1b3bf2160d617e854a7b4950b 20:23:38.0322 4512 ubohci ( ForgedFile.Multi.Generic ) - warning 20:23:38.0322 4512 ubohci - detected ForgedFile.Multi.Generic (1) 20:23:38.0353 4512 ubsbm (a7e0b68f49650372910083e5697b7e99) C:\Windows\system32\DRIVERS\ubsbm.sys 20:23:38.0353 4512 Suspicious file (Forged): C:\Windows\system32\DRIVERS\ubsbm.sys. Real md5: a7e0b68f49650372910083e5697b7e99, Fake md5: b30147ca21ab2d10a14dc36a9aa17fd9 20:23:38.0353 4512 ubsbm ( ForgedFile.Multi.Generic ) - warning 20:23:38.0353 4512 ubsbm - detected ForgedFile.Multi.Generic (1) 20:23:38.0385 4512 ubumapi (db4a752a3d03c3b48bb8b23b0c53745d) C:\Windows\system32\DRIVERS\ubumapi.sys 20:23:38.0385 4512 Suspicious file (Forged): C:\Windows\system32\DRIVERS\ubumapi.sys. Real md5: db4a752a3d03c3b48bb8b23b0c53745d, Fake md5: b2a7a65cbd4803bbdb552620e57cd1bd 20:23:38.0385 4512 ubumapi ( ForgedFile.Multi.Generic ) - warning 20:23:38.0385 4512 ubumapi - detected ForgedFile.Multi.Generic (1) 20:23:38.0447 4512 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 20:23:38.0494 4512 udfs - ok 20:23:38.0509 4512 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 20:23:38.0525 4512 UI0Detect - ok 20:23:38.0572 4512 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 20:23:38.0587 4512 uliagpkx - ok 20:23:38.0619 4512 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 20:23:38.0665 4512 umbus - ok 20:23:38.0697 4512 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 20:23:38.0728 4512 UmPass - ok 20:23:38.0775 4512 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 20:23:38.0837 4512 upnphost - ok 20:23:38.0884 4512 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys 20:23:38.0931 4512 USBAAPL64 - ok 20:23:38.0946 4512 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 20:23:38.0977 4512 usbccgp - ok 20:23:39.0024 4512 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 20:23:39.0055 4512 usbcir - ok 20:23:39.0071 4512 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 20:23:39.0071 4512 usbehci - ok 20:23:39.0118 4512 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 20:23:39.0149 4512 usbhub - ok 20:23:39.0165 4512 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 20:23:39.0196 4512 usbohci - ok 20:23:39.0227 4512 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 20:23:39.0258 4512 usbprint - ok 20:23:39.0289 4512 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:23:39.0352 4512 USBSTOR - ok 20:23:39.0352 4512 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys 20:23:39.0383 4512 usbuhci - ok 20:23:39.0414 4512 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 20:23:39.0477 4512 UxSms - ok 20:23:39.0508 4512 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:23:39.0523 4512 VaultSvc - ok 20:23:39.0539 4512 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 20:23:39.0555 4512 vdrvroot - ok 20:23:39.0633 4512 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 20:23:39.0679 4512 vds - ok 20:23:39.0711 4512 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 20:23:39.0726 4512 vga - ok 20:23:39.0757 4512 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 20:23:39.0804 4512 VgaSave - ok 20:23:39.0851 4512 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 20:23:39.0867 4512 vhdmp - ok 20:23:39.0898 4512 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 20:23:39.0913 4512 viaide - ok 20:23:39.0945 4512 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 20:23:39.0976 4512 volmgr - ok 20:23:40.0023 4512 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 20:23:40.0054 4512 volmgrx - ok 20:23:40.0116 4512 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 20:23:40.0147 4512 volsnap - ok 20:23:40.0210 4512 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 20:23:40.0241 4512 vsmraid - ok 20:23:40.0397 4512 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 20:23:40.0459 4512 VSS - ok 20:23:40.0600 4512 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 20:23:40.0631 4512 vwifibus - ok 20:23:40.0662 4512 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 20:23:40.0693 4512 vwififlt - ok 20:23:40.0725 4512 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 20:23:40.0771 4512 vwifimp - ok 20:23:40.0818 4512 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 20:23:40.0865 4512 W32Time - ok 20:23:40.0881 4512 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 20:23:40.0881 4512 WacomPen - ok 20:23:40.0943 4512 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 20:23:41.0005 4512 WANARP - ok 20:23:41.0005 4512 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 20:23:41.0021 4512 Wanarpv6 - ok 20:23:41.0161 4512 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 20:23:41.0193 4512 WatAdminSvc - ok 20:23:41.0333 4512 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 20:23:41.0395 4512 wbengine - ok 20:23:41.0520 4512 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 20:23:41.0536 4512 WbioSrvc - ok 20:23:41.0598 4512 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 20:23:41.0645 4512 wcncsvc - ok 20:23:41.0676 4512 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 20:23:41.0723 4512 WcsPlugInService - ok 20:23:41.0770 4512 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 20:23:41.0785 4512 Wd - ok 20:23:41.0832 4512 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam.sys 20:23:41.0879 4512 WDC_SAM - ok 20:23:41.0926 4512 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 20:23:41.0957 4512 Wdf01000 - ok 20:23:41.0973 4512 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 20:23:42.0300 4512 WdiServiceHost - ok 20:23:42.0300 4512 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 20:23:42.0331 4512 WdiSystemHost - ok 20:23:42.0643 4512 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 20:23:42.0675 4512 WebClient - ok 20:23:42.0706 4512 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

RogueKiller V7.6.0 [06/26/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: I'm Lee [Admin rights] Mode: Scan -- Date: 06/27/2012 18:33:34 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 6 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD642JJ +++++ --- User --- [MBR] bc17261b85527aa1356e67a794d2bfcb [bSP] 03e305809de40ceaf54bfec6cdaeba67 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 9342 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 19214336 | Size: 601097 Mo User != LL1 ... KO! --- LL1 --- [MBR] 45bed0fe84cb6bb45ca9c2050579b918 [bSP] 03e305809de40ceaf54bfec6cdaeba67 : Windows Vista MBR Code Partition table: 1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 9342 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 19214336 | Size: 601097 Mo User != LL2 ... KO! --- LL2 --- [MBR] 45bed0fe84cb6bb45ca9c2050579b918 [bSP] 03e305809de40ceaf54bfec6cdaeba67 : Windows Vista MBR Code Partition table: 1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 9342 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 19214336 | Size: 601097 Mo Finished : << RKreport[1].txt >> RKreport[1].txt

. DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30 Run by I'm Lee at 18:27:12 on 2012-06-27 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6557 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Windows\SysWOW64\svchost.exe -k Akamai C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\mfevtps.exe C:\Windows\system32\p2csvc.exe C:\Windows\SysWOW64\p2csvc32.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Panasonic P2\Drivers\App\P2TaskTray.exe C:\Windows\STK03N\STK03NM.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files\Common Files\McAfee\Core\mchost.exe c:\PROGRA~1\mcafee\msc\mcupdmgr.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Windows\system32\taskhost.exe C:\Windows\SysWOW64\NOTEPAD.EXE c:\program files (x86)\common files\installshield\updateservice\isuspm.exe c:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622190405.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup uRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe uRun: [Akamai NetSession Interface] "C:\Users\I'm Lee\AppData\Local\Akamai\netsession_win.exe" mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\Users\I'MLEE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\P2CARD~1.LNK - C:\Program Files (x86)\Panasonic P2\Drivers\App\P2TaskTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STK03N~1.LNK - C:\Windows\STK03N\STK03NM.exe uPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab TCP: DhcpNameServer = 97.64.168.12 97.64.183.165 TCP: Interfaces\{B9043A83-41BB-4C35-AE2C-9C08648EE55B} : DhcpNameServer = 97.64.168.12 97.64.183.165 TCP: Interfaces\{B9043A83-41BB-4C35-AE2C-9C08648EE55B}\A6F6E65637 : DhcpNameServer = 97.64.168.12 97.64.183.165 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll Handler: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files (x86)\NavNetApp\ComUtilities.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll BHO-X64: McAfee Phishing Filter - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO-X64: Search Helper - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622190405.dll BHO-X64: scriptproxy - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\I'm Lee\AppData\Roaming\Mozilla\Firefox\Profiles\vv00rrof.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15623 FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.photobucket.com FF - prefs.js: keyword.URL - hxxp://utils.babylon.com/abt/index.php?url= FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\I'm Lee\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-1-14 92160] R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-17 654408] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-17 249936] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-17 249936] R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-8-21 199272] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-8-21 210584] R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?] R2 p2csvc;p2csvc;C:\Windows\system32\p2csvc.exe -service --> C:\Windows\system32\p2csvc.exe -service [?] R2 p2csvc32;p2csvc32;C:\Windows\SysWOW64\p2csvc32.exe -service --> C:\Windows\SysWOW64\p2csvc32.exe -service [?] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-1-14 656624] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 0323841340409849mcinstcleanup;McAfee Application Installer Cleanup (0323841340409849);C:\Windows\TEMP\032384~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Windows\TEMP\032384~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-17 249936] S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?] S2 ubsbm;Unibrain 1394 SBM Driver;C:\Windows\system32\DRIVERS\ubsbm.sys --> C:\Windows\system32\DRIVERS\ubsbm.sys [?] S2 ubumapi;Unibrain 1394 FireAPI Driver;C:\Windows\system32\DRIVERS\ubumapi.sys --> C:\Windows\system32\DRIVERS\ubumapi.sys [?] S3 65897487;65897487;C:\Windows\system32\drivers\16495956.sys --> C:\Windows\system32\drivers\16495956.sys [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-17 250056] S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-13 113120] S3 p2usb;Panasonic P2 Series USB Device;C:\Windows\system32\DRIVERS\p2usb.sys --> C:\Windows\system32\DRIVERS\p2usb.sys [?] S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 ubohci;Unibrain 1394 OHCI Driver;C:\Windows\system32\DRIVERS\ubohci.sys --> C:\Windows\system32\DRIVERS\ubohci.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam.sys --> C:\Windows\system32\DRIVERS\wdcsam.sys [?] . =============== Created Last 30 ================ . 2012-06-25 22:49:01 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll 2012-06-25 22:49:01 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll 2012-06-23 00:04:04 29312 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll 2012-06-22 01:46:07 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{7A309D0B-6E35-459E-864E-BD63F06F962A} 2012-06-22 01:45:29 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{AC47AFA3-4464-4D38-AB93-0F56FBACA8D5} 2012-06-22 01:30:53 20480 ----a-w- C:\Windows\svchost.exe 2012-06-21 19:37:51 -------- d-sh--w- C:\found.000 2012-06-21 18:42:17 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{EC406987-BACA-4C27-A98E-A1A9B032BC4C} 2012-06-21 11:50:53 -------- d-----w- C:\Program Files\CCleaner 2012-06-21 11:47:47 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-21 11:47:38 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-21 11:47:32 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-21 11:47:32 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-21 01:27:25 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{CE3110ED-418A-4636-86ED-CF0EF17642E3} 2012-06-21 01:27:14 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{6493A9FB-BE82-439E-A228-9336C9918B6F} 2012-06-20 03:07:24 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{82C31541-7A8D-4480-A1DE-07F0968697BA} 2012-06-19 18:12:08 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{F92F40AA-2781-4D7E-BEAB-79B4FD5AAA22} 2012-06-19 18:11:57 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{09CFE355-3036-4E43-BF73-3B4C5360C9D2} 2012-06-17 14:10:16 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-17 14:10:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-17 13:52:22 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-17 13:52:22 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-16 16:32:43 -------- d-----w- C:\ProgramData\Caphyon 2012-06-16 16:32:41 -------- d-----w- C:\Program Files (x86)\PatchBeam 2012-06-16 16:32:34 -------- d-----w- C:\Program Files (x86)\PowerArchiver 2012-06-15 22:18:54 -------- d-----w- C:\AdobeTemp 2012-06-15 22:03:24 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{46650B5C-2A6B-433B-A455-7EA74CAA389C} 2012-06-15 21:59:35 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{3D2FAC68-74B7-4611-B90E-A0786D0850C4} 2012-06-15 21:55:02 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{F559CC18-D9BF-414F-94EA-3C5AD63F290F} 2012-06-14 22:15:58 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{90C0F824-304F-46BC-8196-E94BC43BBC79} 2012-06-14 22:15:47 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{CEA53AF8-AF48-4BAF-B683-1201B0EA331F} 2012-06-14 01:15:24 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-12 00:21:14 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{ED9C34BB-B248-416F-911F-0252B3CA11C9} 2012-06-12 00:21:03 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{6E87F58A-F06E-4F7E-904B-E9B232589742} 2012-06-11 23:16:26 -------- d-----w- C:\Windows\en 2012-06-11 23:14:24 19736 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-06-11 23:11:46 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\92a1b4ad1cd482704\DSETUP.dll 2012-06-11 23:11:46 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\92a1b4ad1cd482704\DXSETUP.exe 2012-06-11 23:11:46 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\92a1b4ad1cd482704\dsetup32.dll 2012-06-11 23:11:03 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{7861E9A2-A6E1-40C8-8F11-1B2409998164} 2012-06-11 23:10:52 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{DF72AC91-5AAA-4306-B699-BEDAE93935E6} 2012-06-11 23:04:17 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2012-06-11 23:04:17 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll 2012-06-11 23:04:17 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll 2012-06-11 23:03:33 -------- d-----w- C:\Program Files\iPod 2012-06-11 23:03:31 -------- d-----w- C:\Program Files\iTunes 2012-06-11 00:19:31 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{98EDC165-034E-4B7C-98DF-0B09558F026B} 2012-06-11 00:07:50 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{C5B656A9-27B1-49A5-92A7-EBC9C73403F3} 2012-06-10 20:45:41 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{536B35C2-8D33-4525-9574-A31B550DBB01} 2012-06-10 20:34:17 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{222EA398-8B77-47F8-864F-3A0ED802A226} 2012-06-10 20:34:04 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{5E25C2AB-744C-40AD-B148-92187C9288A8} 2012-06-10 20:17:23 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{C1B7FE04-7F60-4C2D-A536-73F7CCA42F04} 2012-06-10 14:21:46 -------- d-----w- C:\Users\I'm Lee\AppData\Local\Macromedia 2012-06-10 14:05:38 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{C1D1668E-8283-4DE3-95D8-506D3D4313EB} 2012-06-10 14:05:26 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{D01AE271-FAA1-43CB-888A-C529A9E94A03} 2012-06-10 13:51:44 -------- d-----w- C:\Users\I'm Lee\AppData\Local\ElevatedDiagnostics 2012-06-10 13:41:15 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{72C6AAB1-1053-4A29-ABCC-48F6EE70D8FC} 2012-06-10 13:41:03 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{9C03DE12-EEF6-4038-A2C3-491B29614432} 2012-06-10 12:28:41 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{E1F60980-6FE4-463B-BC18-638EF2C75F6D} 2012-06-06 18:56:24 -------- d-----w- C:\Users\I'm Lee\Photocensoredet 2012-06-06 18:24:01 -------- d-----w- C:\Program Files (x86)\Photocensoredet 2012-05-30 01:02:18 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{E4FC379C-E78A-4C09-92C6-1166BA1139EC} . ==================== Find3M ==================== . 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-04-19 01:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2012-04-19 01:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ============= FINISH: 18:27:58.04 ===============

Old post, correct forum: Like a lot of people on here, I have gotten infected by the svchost.exe. Maleware finds it but nothnig else does. I quarantine it, I remove it, Maleware asks me to start over, and it's still there. Maleware thinks it's getting rid of it but it's not. I tried running rkill then maleware and that didn't do it. I've tried to run maleware in safe mode but my screen goes dark before it's done and I have to do a hard reboot to get it back. I turned off the screen saver and played with the power saving settings telling it not to go dark but something's not listening. I've followed the advice in other trheads and can't shake this thing. What do I do? Here is the DDS list. DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 1/22/2010 8:49:00 PM System Uptime: 6/22/2012 6:40:22 PM (16 hours ago) . Motherboard: DELL Inc. | | 0X501H Processor: Intel® Core i7 CPU 920 @ 2.67GHz | CPU 1 | 1574/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 587 GiB total, 302.402 GiB free. F: is FIXED (NTFS) - 112 GiB total, 58.334 GiB free. G: is FIXED (FAT32) - 466 GiB total, 354.164 GiB free. H: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318} Description: CD-ROM Drive Device ID: IDE\CDROMHL-DT-ST_DVD-ROM_DH20N__________________A102____\4&D7DB6A6&0&0.0.0 Manufacturer: (Standard CD-ROM drives) Name: HL-DT-ST DVD-ROM DH20N PNP Device ID: IDE\CDROMHL-DT-ST_DVD-ROM_DH20N__________________A102____\4&D7DB6A6&0&0.0.0 Service: cdrom . Class GUID: {36fc9e60-c465-11cf-8056-444553540000} Description: Unknown Device Device ID: USB\VID_0000&PID_0000\5&4051B8C&0&3 Manufacturer: (Standard USB Host Controller) Name: Unknown Device PNP Device ID: USB\VID_0000&PID_0000\5&4051B8C&0&3 Service: . Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318} Description: CD-ROM Drive Device ID: IDE\CDROMPLDS_DVD+-RW_DH-16AAS___________________JD12____\4&D7DB6A6&0&0.1.0 Manufacturer: (Standard CD-ROM drives) Name: PLDS DVD+-RW DH-16AAS PNP Device ID: IDE\CDROMPLDS_DVD+-RW_DH-16AAS___________________JD12____\4&D7DB6A6&0&0.1.0 Service: cdrom . ==== System Restore Points =================== . RP212: 6/21/2012 3:00:28 AM - Windows Update RP213: 6/21/2012 6:47:20 AM - Windows Update RP214: 6/21/2012 10:40:06 AM - Windows Update RP215: 6/21/2012 10:42:51 AM - Windows Update RP216: 6/21/2012 8:33:01 PM - Windows Update RP217: 6/22/2012 3:00:24 AM - Windows Update RP218: 6/23/2012 3:00:26 AM - Windows Update . ==== Installed Programs ====================== . Adobe AIR Adobe Creative Suite 4 Master Collection Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Media Player Adobe Reader 9.5.1 Adobe Setup Adobe Shockwave Player 11.5 Akamai NetSession Interface Akamai NetSession Interface Service Amazon MP3 Downloader 1.0.12 Apple Application Support Apple Software Update Banctec Service Agreement Complete Care Consumer Service Agreement ConvertHelper 2.2 D3DX10 Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell Getting Started Guide DirectXInstallService EA Download Manager EA Download Manager UI EMC 10 Content Facebook Plug-In GoToAssist 8.0.0.514 HMA! Pro VPN 2.6.9 IrfanView (remove only) Java Auto Updater Java 6 Update 30 Junk Mail filter update Lexmark 640 Series Malwarebytes Anti-Malware version 1.61.0.1400 McAfee SecurityCenter Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 12.0 (x86 en-US) Mozilla Maintenance Service MSN Toolbar MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NavNet NirSoft Mail PassView NVIDIA PhysX PatchBeam PowerArchiver 2011 QuickTime Realtek High Definition Audio Driver Roxio Activation Module Roxio BackOnTrack Roxio Central Audio Roxio Central Copy Roxio Central Core Roxio Central Data Roxio Central Tools Roxio Easy CD and DVD Burning Roxio Express Labeler 3 Roxio Update Manager Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Sonic CinePlayer Decoder Pack SoulSeek 157 NS 13e Spelling Dictionaries Support For Adobe Reader 9 STK03N The Sims™ 2 Double Deluxe Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VLC media player 1.0.2 Vuze Winamp Winamp Detector Plug-in Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin WordPerfect Office 2002 Yahoo! Detect . ==== Event Viewer Messages From Past Week ======== . 6/23/2012 3:00:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2709715). 6/23/2012 3:00:32 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2. 6/22/2012 5:57:13 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed. 6/21/2012 8:42:27 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 6/21/2012 8:41:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 6/21/2012 8:41:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 6/21/2012 8:41:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 6/21/2012 8:41:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 6/21/2012 8:41:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 6/21/2012 8:41:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 6/21/2012 8:40:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdrom DfsC discache mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss RxFilter spldr tdx vwififlt Wanarpv6 WfpLwf 6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning. 6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start. 6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start. 6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start. 6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start. 6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 6/21/2012 8:34:12 PM, Error: Microsoft-Windows-WMPNSS-Service [14329] - Service 'WMPNetworkSvc' did not start correctly because the registry could not be updated due to error '0x80070006'. If possible, reinstall Windows Media Player. 6/21/2012 8:29:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom RxFilter 6/21/2012 8:29:54 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 6/21/2012 8:29:54 PM, Error: Service Control Manager [7002] - The Unibrain 1394 SBM Driver service depends on the UB1394 Miniport group and no member of this group started. 6/21/2012 8:29:54 PM, Error: Service Control Manager [7002] - The Unibrain 1394 FireAPI Driver service depends on the UB1394 Miniport group and no member of this group started. 6/21/2012 8:29:54 PM, Error: Service Control Manager [7000] - The Unibrain 1394 OHCI Driver service failed to start due to the following error: Unibrain 1394 OHCI Driver is not a valid Win32 application. 6/21/2012 8:29:54 PM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified. 6/21/2012 8:29:53 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 6/21/2012 8:29:53 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 6/21/2012 8:28:40 PM, Error: Service Control Manager [7016] - The NVIDIA Display Driver Service service has reported an invalid current state 32. 6/21/2012 8:13:48 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3. 6/21/2012 2:09:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} 6/21/2012 12:58:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06} 6/21/2012 1:37:23 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004 6/19/2012 2:27:49 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8a00087f000, 0x0000000000000000, 0xfffff800028d8a0a, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061912-32947-01. 6/19/2012 12:34:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file. 6/19/2012 12:34:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800034c482f, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: . 6/17/2012 2:26:37 PM, Error: sbp2port [20] - A transport driver received a frame which violated the protocol. . ==== End Of File ===========================

Like a lot of people on here, I have gotten infected by the svchost.exe. Maleware finds it but nothnig else does. I quarantine it, I remove it, Maleware asks me to start over, and it's still there. Maleware thinks it's getting rid of it but it's not. I tried running rkill then maleware and that didn't do it. I've tried to run maleware in safe mode but my screen goes dark before it's done and I have to do a hard reboot to get it back. I turned off the screen saver and played with the power saving settings telling it not to go dark but something's not listening. I've followed the advice in other trheads and can't shake this thing. What do I do?