Svchost.exe keeps appearing, will not delete.

Addammer · March 15, 2012

Here are the DDS and the Attach files.

Attached is the 2 reports from Malwarebytes.

AVAST randomly alerts me that malicious sites are trying to be accessed.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Ther at 17:22:51 on 2012-03-15

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3032.1466 [GMT -5:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

-netsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\conhost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe

StartupFolder: C:\Users\Ther\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 10.168.14.36 10.1.2.127 10.168.14.1

TCP: Interfaces\{0FB72031-3D4E-42C4-9FA0-F9937BC970CB} : DhcpNameServer = 10.168.14.36 10.1.2.127 10.168.14.1

TCP: Interfaces\{0FB72031-3D4E-42C4-9FA0-F9937BC970CB}\07F6F63686 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{0FB72031-3D4E-42C4-9FA0-F9937BC970CB}\44550275962756C6563737 : DhcpNameServer = 10.0.0.5 10.0.0.2

TCP: Interfaces\{0FB72031-3D4E-42C4-9FA0-F9937BC970CB}\86163756C64796E656F586F6D656 : DhcpNameServer = 192.168.15.1

TCP: Interfaces\{0FB72031-3D4E-42C4-9FA0-F9937BC970CB}\C4256433D275C414E4 : DhcpNameServer = 208.91.112.53 208.91.112.52

TCP: Interfaces\{0FB72031-3D4E-42C4-9FA0-F9937BC970CB}\C6F6C6C6965633533303 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{0FB72031-3D4E-42C4-9FA0-F9937BC970CB}\F4E69787D4F6F63756D27657563747 : DhcpNameServer = 68.87.72.134 68.87.77.134 192.168.33.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-15 44768]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 RosettaStoneDaemon;RosettaStoneDaemon;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2011-4-15 1646056]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-5-12 689472]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-25 136176]

S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-25 136176]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-03-15 21:52:06 20480 ------w- C:\Windows\svchost.exe

2012-03-15 21:26:38 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A2AAA20B-58FE-496C-BEC0-D648921EE105}\offreg.dll

2012-03-15 21:24:27 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2012-03-15 21:24:26 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-03-15 21:24:24 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-03-15 21:23:39 41184 ----a-w- C:\Windows\avastSS.scr

2012-03-15 21:23:21 -------- d-----w- C:\ProgramData\AVAST Software

2012-03-15 21:23:21 -------- d-----w- C:\Program Files\AVAST Software

2012-03-15 20:49:50 -------- d-----w- C:\Users\Ther\AppData\Roaming\Malwarebytes

2012-03-15 20:47:27 -------- d-----w- C:\ProgramData\Malwarebytes

2012-03-15 20:47:26 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-15 20:47:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-03-15 18:49:05 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A2AAA20B-58FE-496C-BEC0-D648921EE105}\mpengine.dll

2012-03-15 18:45:42 1541120 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-15 18:45:42 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-15 18:45:41 902656 ----a-w- C:\Windows\System32\d2d1.dll

2012-03-15 18:45:41 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2012-03-15 18:45:41 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll

2012-03-15 18:45:41 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2012-03-15 18:45:41 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

2012-03-15 18:45:41 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll

2012-03-15 18:45:41 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2012-03-15 18:45:41 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2012-03-15 18:45:40 3143168 ----a-w- C:\Windows\System32\win32k.sys

2012-03-15 18:02:24 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-15 18:02:24 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-15 18:02:24 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-03-15 18:02:24 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-03-15 18:02:22 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-15 18:02:22 76288 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-03-15 18:02:22 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-03-07 22:45:46 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\51E8.tmp

2012-03-07 22:45:46 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\51C8.tmp

2012-03-02 22:33:25 162664 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin

2012-02-23 23:22:48 60304 ----a-w- C:\Users\Ther\g2mdlhlpx.exe

2012-02-16 19:00:08 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-02-16 19:00:08 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2012-02-16 19:00:02 515584 ----a-w- C:\Windows\System32\timedate.cpl

2012-02-16 19:00:02 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl

2012-02-16 18:59:57 499200 ----a-w- C:\Windows\System32\drivers\afd.sys

2012-02-16 18:59:42 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2012-02-16 18:59:42 634368 ----a-w- C:\Windows\System32\msvcrt.dll

.

==================== Find3M ====================

.

2012-03-03 16:11:06 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

.

============= FINISH: 17:23:41.58 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 8/24/2010 7:02:51 PM

System Uptime: 3/15/2012 4:50:28 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 0G848F

Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz | Microprocessor | 2300/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 218 GiB total, 167.59 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP54: 2/7/2012 3:02:17 AM - Windows Update

RP55: 2/23/2012 4:52:33 PM - Windows Update

RP56: 2/27/2012 3:01:13 AM - Windows Update

RP57: 3/15/2012 1:08:10 PM - Windows Update

RP58: 3/15/2012 1:46:16 PM - Windows Update

RP59: 3/15/2012 2:38:31 PM - Windows Update

RP60: 3/15/2012 3:24:12 PM - Windows Update

RP61: 3/15/2012 4:23:00 PM - avast! Free Antivirus Setup

.

==== Installed Programs ======================

.

Adobe Connect Add-in

Adobe Flash Player 10 Plugin

Adobe Photoshop Elements 8.0

Adobe Reader 9.1.2

Advanced Audio FX Engine

Apple Application Support

Apple Software Update

avast! Free Antivirus

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Compatibility Pack for the 2007 Office system

Cozi

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Dock

Dell Getting Started Guide

Dell Support Center (Support Software)

Dell Webcam Central

Google Toolbar for Internet Explorer

Google Update Helper

GoToAssist 8.0.0.514

GoToMeeting 5.1.0.880

Java Auto Updater

Java 6 Update 24

Junk Mail filter update

Live! Cam Avatar Creator

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

MSVCRT

MSVCRT_amd64

PowerDVD DX

QuickTime

Rosetta Stone Ltd Services

Roxio Burn

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition

Skype Toolbars

Skype™ 4.2

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

WildTangent Games

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

3/8/2012 7:40:38 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0x0000000000000000, 0xfffff80000b9c4d0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030812-20373-01.

3/8/2012 6:09:30 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

3/8/2012 6:09:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

3/8/2012 6:09:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

3/8/2012 6:08:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb avkmgr DfsC discache mfehidk mfenlfk mfewfpk NetBIOS NetBT nsiproxy Psched rdbss spldr Tcpip tdx vwififlt Wanarpv6 WfpLwf

3/8/2012 6:08:45 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

3/8/2012 6:08:45 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

3/8/2012 6:08:45 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

3/8/2012 6:08:45 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

3/8/2012 6:08:45 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

3/8/2012 6:08:45 PM, Error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

3/8/2012 6:08:45 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.

3/8/2012 6:08:45 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

3/8/2012 6:08:45 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.

3/8/2012 6:08:45 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

3/8/2012 6:08:45 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

3/8/2012 6:08:45 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/8/2012 6:08:44 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/8/2012 6:08:44 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

3/8/2012 6:08:44 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

3/8/2012 6:08:44 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

3/8/2012 6:08:44 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

3/8/2012 6:08:44 PM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

3/8/2012 6:08:44 PM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

3/8/2012 6:08:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003051703, 0x0000000000000000, 0x00000000fffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030812-19063-01.

3/15/2012 4:50:02 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

3/15/2012 4:36:47 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

3/15/2012 4:36:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

3/15/2012 4:36:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

3/15/2012 4:35:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

3/15/2012 4:35:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

3/15/2012 4:35:41 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21

3/15/2012 4:35:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache spldr Wanarpv6

3/15/2012 4:35:11 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c2 (0x000000000000000b, 0xfffffa800320dd90, 0x0000000005082640, 0xfffffa800320e3a0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031512-30903-01.

3/15/2012 3:25:30 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Windows 7 Service Pack 1 for x64-based Systems (KB976932).

3/15/2012 3:25:30 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Update for Windows 7 for x64-based Systems (KB2639308).

3/15/2012 3:20:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Virtual Disk service to connect.

3/15/2012 3:20:25 PM, Error: Service Control Manager [7000] - The Virtual Disk service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/15/2012 3:20:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service vds with arguments "" in order to run the server: {7D1933CB-86F6-4A98-8628-01BE94C9A575}

3/15/2012 2:39:16 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows 7 Service Pack 1 for x64-based Systems (KB976932).

3/15/2012 2:39:16 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2639308).

3/15/2012 12:42:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

3/15/2012 12:41:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

3/15/2012 12:38:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb avkmgr discache spldr Wanarpv6

3/15/2012 12:37:49 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff800030a503a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031512-40061-01.

3/15/2012 11:38:22 AM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/15/2012 11:38:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

3/15/2012 11:38:21 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.

3/15/2012 1:10:58 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.

3/11/2012 9:59:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000306d703, 0x0000000000000000, 0x00000000fffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031112-40919-01.

3/11/2012 9:57:08 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

3/11/2012 9:57:08 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/11/2012 9:57:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

3/11/2012 9:54:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the RosettaStoneDaemon service to connect.

3/11/2012 9:54:49 PM, Error: Service Control Manager [7000] - The RosettaStoneDaemon service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/11/2012 3:38:20 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

3/11/2012 3:33:47 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SupportSoft Sprocket Service (DellSupportCenter) service to connect.

3/11/2012 3:33:33 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

3/11/2012 3:33:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

3/11/2012 3:33:16 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/11/2012 3:29:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.

3/11/2012 3:29:57 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

mbam-log-2012-03-15 (15-52-48).txt

mbam-log-2012-03-15 (16-37-27).txt

LDTate · March 19, 2012

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Addammer · March 22, 2012

Thank you.

I'm running the scan now and will copy/paste when it is complete.

Addammer · March 22, 2012

Now I keep getting the BSOD during the scan and the scan is unable to complete.

LDTate · March 22, 2012

Next:

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If Malicious objects are found then ensure Cure is selected
If TDLFS File System is found then ensure Delete is selected
Then click Continue Reboot now to finish the cleaning process.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Addammer · March 27, 2012

3 logs were generated

11:05:50.0467 5928 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18

11:05:51.0980 5928 ============================================================

11:05:51.0980 5928 Current date / time: 2012/03/27 11:05:51.0980

11:05:51.0980 5928 SystemInfo:

11:05:51.0980 5928

11:05:51.0980 5928 OS Version: 6.1.7600 ServicePack: 0.0

11:05:51.0980 5928 Product type: Workstation

11:05:51.0980 5928 ComputerName: THER-PC

11:05:51.0980 5928 UserName: Ther

11:05:51.0980 5928 Windows directory: C:\Windows

11:05:51.0980 5928 System windows directory: C:\Windows

11:05:51.0980 5928 Running under WOW64

11:05:51.0980 5928 Processor architecture: Intel x64

11:05:51.0980 5928 Number of processors: 2

11:05:51.0980 5928 Page size: 0x1000

11:05:51.0980 5928 Boot type: Normal boot

11:05:51.0980 5928 ============================================================

11:05:55.0194 5928 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

11:05:55.0240 5928 \Device\Harddisk0\DR0:

11:05:55.0240 5928 MBR used

11:05:55.0240 5928 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000

11:05:55.0240 5928 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170

11:05:55.0350 5928 Initialize success

11:05:55.0350 5928 ============================================================

11:27:42.0301 2620 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18

11:27:43.0034 2620 ============================================================

11:27:43.0034 2620 Current date / time: 2012/03/27 11:27:43.0034

11:27:43.0034 2620 SystemInfo:

11:27:43.0034 2620

11:27:43.0034 2620 OS Version: 6.1.7600 ServicePack: 0.0

11:27:43.0034 2620 Product type: Workstation

11:27:43.0034 2620 ComputerName: THER-PC

11:27:43.0034 2620 UserName: Ther

11:27:43.0034 2620 Windows directory: C:\Windows

11:27:43.0034 2620 System windows directory: C:\Windows

11:27:43.0034 2620 Running under WOW64

11:27:43.0034 2620 Processor architecture: Intel x64

11:27:43.0034 2620 Number of processors: 2

11:27:43.0034 2620 Page size: 0x1000

11:27:43.0034 2620 Boot type: Normal boot

11:27:43.0034 2620 ============================================================

11:27:43.0955 2620 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

11:27:43.0970 2620 Drive \Device\Harddisk1\DR1 - Size: 0xF4FD1C00 (3.83 Gb), SectorSize: 0x200, Cylinders: 0x1F3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

11:27:43.0970 2620 \Device\Harddisk0\DR0:

11:27:43.0970 2620 MBR used

11:27:43.0970 2620 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000

11:27:43.0970 2620 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170

11:27:43.0970 2620 \Device\Harddisk1\DR1:

11:27:43.0970 2620 MBR used

11:27:43.0970 2620 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x7A7E4F

11:27:44.0048 2620 Initialize success

11:27:44.0048 2620 ============================================================

11:27:51.0879 5340 ============================================================

11:27:51.0879 5340 Scan started

11:27:51.0879 5340 Mode: Manual; SigCheck; TDLFS;

11:27:51.0879 5340 ============================================================

11:27:57.0464 5340 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

11:27:57.0605 5340 1394ohci - ok

11:27:58.0759 5340 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

11:27:58.0790 5340 ACPI - ok

11:27:59.0087 5340 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

11:27:59.0180 5340 AcpiPmi - ok

11:27:59.0445 5340 AdobeActiveFileMonitor8.0 (765fe0463e711e5a68ac7b69538ed922) c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

11:27:59.0477 5340 AdobeActiveFileMonitor8.0 - ok

11:27:59.0882 5340 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

11:27:59.0913 5340 adp94xx - ok

11:28:00.0225 5340 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

11:28:00.0257 5340 adpahci - ok

11:28:00.0881 5340 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

11:28:00.0912 5340 adpu320 - ok

11:28:01.0193 5340 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

11:28:01.0271 5340 AeLookupSvc - ok

11:28:01.0723 5340 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys

11:28:01.0817 5340 AFD - ok

11:28:02.0191 5340 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

11:28:02.0222 5340 agp440 - ok

11:28:02.0612 5340 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

11:28:02.0659 5340 ALG - ok

11:28:02.0784 5340 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

11:28:02.0815 5340 aliide - ok

11:28:02.0955 5340 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

11:28:02.0971 5340 amdide - ok

11:28:03.0065 5340 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

11:28:03.0111 5340 AmdK8 - ok

11:28:03.0143 5340 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

11:28:03.0189 5340 AmdPPM - ok

11:28:03.0252 5340 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys

11:28:03.0267 5340 amdsata - ok

11:28:03.0611 5340 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

11:28:03.0626 5340 amdsbs - ok

11:28:03.0798 5340 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys

11:28:03.0829 5340 amdxata - ok

11:28:04.0157 5340 ApfiltrService (9b0b7fde049cb283fabe5877a49f2611) C:\Windows\system32\DRIVERS\Apfiltr.sys

11:28:04.0250 5340 ApfiltrService - ok

11:28:04.0734 5340 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

11:28:05.0529 5340 AppID - ok

11:28:05.0763 5340 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

11:28:05.0841 5340 AppIDSvc - ok

11:28:05.0997 5340 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll

11:28:06.0075 5340 Appinfo - ok

11:28:06.0419 5340 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

11:28:06.0450 5340 Apple Mobile Device - ok

11:28:06.0684 5340 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

11:28:06.0715 5340 arc - ok

11:28:06.0746 5340 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

11:28:06.0762 5340 arcsas - ok

11:28:07.0214 5340 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys

11:28:07.0230 5340 aswFsBlk - ok

11:28:07.0698 5340 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys

11:28:07.0729 5340 aswMonFlt - ok

11:28:08.0057 5340 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys

11:28:08.0088 5340 aswRdr - ok

11:28:08.0478 5340 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys

11:28:08.0525 5340 aswSnx - ok

11:28:08.0727 5340 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys

11:28:08.0759 5340 aswSP - ok

11:28:09.0289 5340 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys

11:28:09.0305 5340 aswTdi - ok

11:28:09.0648 5340 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

11:28:09.0710 5340 AsyncMac - ok

11:28:10.0116 5340 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

11:28:10.0147 5340 atapi - ok

11:28:10.0412 5340 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

11:28:10.0584 5340 AudioEndpointBuilder - ok

11:28:10.0646 5340 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

11:28:10.0693 5340 AudioSrv - ok

11:28:10.0927 5340 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

11:28:10.0943 5340 avast! Antivirus - ok

11:28:11.0691 5340 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll

11:28:11.0832 5340 AxInstSV - ok

11:28:12.0191 5340 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

11:28:12.0237 5340 b06bdrv - ok

11:28:12.0752 5340 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

11:28:12.0799 5340 b57nd60a - ok

11:28:13.0080 5340 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys

11:28:13.0111 5340 BCM42RLY - ok

11:28:13.0782 5340 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys

11:28:13.0907 5340 BCM43XX - ok

11:28:14.0796 5340 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

11:28:14.0827 5340 BDESVC - ok

11:28:15.0404 5340 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

11:28:15.0529 5340 Beep - ok

11:28:16.0590 5340 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll

11:28:16.0824 5340 BFE - ok

11:28:17.0214 5340 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll

11:28:17.0292 5340 BITS - ok

11:28:17.0682 5340 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

11:28:17.0713 5340 blbdrive - ok

11:28:18.0103 5340 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

11:28:18.0150 5340 Bonjour Service - ok

11:28:18.0758 5340 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

11:28:18.0852 5340 bowser - ok

11:28:19.0242 5340 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

11:28:19.0304 5340 BrFiltLo - ok

11:28:19.0741 5340 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

11:28:19.0772 5340 BrFiltUp - ok

11:28:20.0022 5340 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll

11:28:20.0100 5340 Browser - ok

11:28:20.0786 5340 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

11:28:20.0849 5340 Brserid - ok

11:28:21.0020 5340 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

11:28:21.0083 5340 BrSerWdm - ok

11:28:21.0457 5340 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

11:28:21.0488 5340 BrUsbMdm - ok

11:28:21.0816 5340 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

11:28:21.0863 5340 BrUsbSer - ok

11:28:22.0050 5340 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

11:28:22.0097 5340 BTHMODEM - ok

11:28:22.0175 5340 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

11:28:22.0253 5340 bthserv - ok

11:28:22.0892 5340 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

11:28:22.0986 5340 cdfs - ok

11:28:23.0142 5340 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

11:28:23.0173 5340 cdrom - ok

11:28:23.0485 5340 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

11:28:23.0563 5340 CertPropSvc - ok

11:28:23.0781 5340 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

11:28:23.0828 5340 circlass - ok

11:28:24.0032 5340 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

11:28:24.0063 5340 CLFS - ok

11:28:24.0250 5340 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

11:28:24.0282 5340 clr_optimization_v2.0.50727_32 - ok

11:28:24.0547 5340 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

11:28:24.0562 5340 clr_optimization_v2.0.50727_64 - ok

11:28:25.0186 5340 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

11:28:25.0592 5340 clr_optimization_v4.0.30319_32 - ok

11:28:25.0920 5340 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

11:28:25.0935 5340 clr_optimization_v4.0.30319_64 - ok

11:28:26.0637 5340 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

11:28:26.0668 5340 CmBatt - ok

11:28:27.0074 5340 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

11:28:27.0105 5340 cmdide - ok

11:28:27.0308 5340 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys

11:28:27.0355 5340 CNG - ok

11:28:27.0558 5340 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

11:28:27.0573 5340 Compbatt - ok

11:28:27.0760 5340 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

11:28:27.0854 5340 CompositeBus - ok

11:28:27.0916 5340 COMSysApp - ok

11:28:27.0994 5340 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

11:28:28.0010 5340 crcdisk - ok

11:28:28.0556 5340 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll

11:28:28.0696 5340 CryptSvc - ok

11:28:29.0430 5340 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys

11:28:29.0570 5340 CtClsFlt - ok

11:28:30.0241 5340 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

11:28:30.0350 5340 DcomLaunch - ok

11:28:31.0083 5340 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

11:28:31.0192 5340 defragsvc - ok

11:28:31.0785 5340 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

11:28:31.0972 5340 DfsC - ok

11:28:32.0955 5340 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll

11:28:33.0205 5340 Dhcp - ok

11:28:33.0579 5340 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

11:28:33.0706 5340 discache - ok

11:28:33.0885 5340 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

11:28:33.0895 5340 Disk - ok

11:28:34.0045 5340 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll

11:28:34.0085 5340 Dnscache - ok

11:28:34.0417 5340 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe

11:28:34.0482 5340 DockLoginService ( UnsignedFile.Multi.Generic ) - warning

11:28:34.0483 5340 DockLoginService - detected UnsignedFile.Multi.Generic (1)

11:28:34.0842 5340 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll

11:28:34.0912 5340 dot3svc - ok

11:28:35.0123 5340 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll

11:28:35.0193 5340 DPS - ok

11:28:35.0665 5340 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

11:28:35.0725 5340 drmkaud - ok

11:28:36.0117 5340 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

11:28:36.0198 5340 DXGKrnl - ok

11:28:36.0756 5340 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

11:28:38.0115 5340 EapHost - ok

11:28:39.0363 5340 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

11:28:39.0690 5340 ebdrv - ok

11:28:40.0127 5340 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe

11:28:40.0174 5340 EFS - ok

11:28:40.0470 5340 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe

11:28:40.0626 5340 ehRecvr - ok

11:28:40.0814 5340 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

11:28:40.0845 5340 ehSched - ok

11:28:41.0251 5340 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

11:28:41.0345 5340 elxstor - ok

11:28:41.0626 5340 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

11:28:41.0657 5340 ErrDev - ok

11:28:43.0888 5340 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

11:28:44.0122 5340 EventSystem - ok

11:28:44.0933 5340 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

11:28:45.0058 5340 exfat - ok

11:28:45.0682 5340 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

11:28:45.0729 5340 fastfat - ok

11:28:46.0805 5340 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe

11:28:47.0023 5340 Fax - ok

11:28:47.0679 5340 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

11:28:47.0803 5340 fdc - ok

11:28:48.0303 5340 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

11:28:48.0552 5340 fdPHost - ok

11:28:49.0036 5340 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

11:28:49.0145 5340 FDResPub - ok

11:28:49.0753 5340 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

11:28:49.0847 5340 FileInfo - ok

11:28:50.0549 5340 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

11:28:50.0658 5340 Filetrace - ok

11:28:51.0033 5340 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

11:28:51.0064 5340 FLEXnet Licensing Service - ok

11:28:51.0391 5340 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

11:28:51.0438 5340 flpydisk - ok

11:28:51.0859 5340 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

11:28:51.0875 5340 FltMgr - ok

11:28:52.0078 5340 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll

11:28:52.0203 5340 FontCache - ok

11:28:52.0468 5340 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

11:28:52.0483 5340 FontCache3.0.0.0 - ok

11:28:52.0717 5340 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

11:28:52.0733 5340 FsDepends - ok

11:28:53.0123 5340 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

11:28:53.0139 5340 Fs_Rec - ok

11:28:53.0747 5340 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

11:28:53.0778 5340 fvevol - ok

11:28:54.0028 5340 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

11:28:54.0043 5340 gagp30kx - ok

11:28:54.0293 5340 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe

11:28:54.0309 5340 GameConsoleService - ok

11:28:54.0621 5340 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

11:28:54.0636 5340 GEARAspiWDM - ok

11:28:54.0948 5340 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe

11:28:54.0948 5340 GoToAssist - ok

11:28:55.0291 5340 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll

11:28:55.0401 5340 gpsvc - ok

11:28:55.0759 5340 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

11:28:55.0775 5340 gupdate - ok

11:28:56.0009 5340 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

11:28:56.0025 5340 gupdatem - ok

11:28:56.0337 5340 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

11:28:56.0602 5340 gusvc - ok

11:28:56.0851 5340 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

11:28:56.0867 5340 hcw85cir - ok

11:28:57.0288 5340 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

11:28:57.0335 5340 HDAudBus - ok

11:28:57.0678 5340 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

11:28:57.0741 5340 HidBatt - ok

11:28:58.0177 5340 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

11:28:58.0224 5340 HidBth - ok

11:28:58.0708 5340 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

11:28:58.0755 5340 HidIr - ok

11:28:59.0176 5340 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

11:28:59.0238 5340 hidserv - ok

11:28:59.0644 5340 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

11:28:59.0675 5340 HidUsb - ok

11:28:59.0971 5340 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll

11:29:00.0049 5340 hkmsvc - ok

11:29:00.0486 5340 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll

11:29:00.0549 5340 HomeGroupListener - ok

11:29:00.0829 5340 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll

11:29:00.0861 5340 HomeGroupProvider - ok

11:29:01.0173 5340 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

11:29:01.0188 5340 HpSAMD - ok

11:29:01.0672 5340 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

11:29:01.0765 5340 HTTP - ok

11:29:02.0358 5340 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

11:29:02.0374 5340 hwpolicy - ok

11:29:02.0779 5340 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

11:29:02.0795 5340 i8042prt - ok

11:29:03.0013 5340 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

11:29:03.0060 5340 IAANTMON - ok

11:29:03.0419 5340 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys

11:29:03.0435 5340 iaStor - ok

11:29:03.0653 5340 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

11:29:03.0684 5340 iaStorV - ok

11:29:04.0152 5340 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

11:29:04.0183 5340 idsvc - ok

11:29:05.0494 5340 igfx (babd5f9b2bcc82ce556a0baf1ae208a7) C:\Windows\system32\DRIVERS\igdkmd64.sys

11:29:06.0102 5340 igfx - ok

11:29:06.0633 5340 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

11:29:06.0648 5340 iirsp - ok

11:29:07.0459 5340 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll

11:29:07.0537 5340 IKEEXT - ok

11:29:07.0912 5340 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

11:29:07.0927 5340 intelide - ok

11:29:08.0083 5340 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

11:29:08.0161 5340 intelppm - ok

11:29:08.0785 5340 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

11:29:08.0879 5340 IPBusEnum - ok

11:29:09.0519 5340 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

11:29:09.0597 5340 IpFilterDriver - ok

11:29:10.0049 5340 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll

11:29:10.0127 5340 iphlpsvc - ok

11:29:10.0720 5340 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

11:29:10.0751 5340 IPMIDRV - ok

11:29:11.0094 5340 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

11:29:11.0188 5340 IPNAT - ok

11:29:11.0734 5340 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe

11:29:11.0843 5340 iPod Service - ok

11:29:12.0186 5340 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

11:29:12.0249 5340 IRENUM - ok

11:29:12.0576 5340 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

11:29:12.0592 5340 isapnp - ok

11:29:13.0075 5340 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

11:29:13.0122 5340 iScsiPrt - ok

11:29:13.0684 5340 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

11:29:13.0699 5340 kbdclass - ok

11:29:14.0074 5340 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

11:29:14.0121 5340 kbdhid - ok

11:29:14.0542 5340 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

11:29:14.0589 5340 KeyIso - ok

11:29:14.0963 5340 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys

11:29:14.0994 5340 KSecDD - ok

11:29:15.0213 5340 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys

11:29:15.0244 5340 KSecPkg - ok

11:29:15.0571 5340 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

11:29:15.0649 5340 ksthunk - ok

11:29:16.0133 5340 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

11:29:16.0227 5340 KtmRm - ok

11:29:16.0585 5340 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll

11:29:16.0632 5340 LanmanServer - ok

11:29:16.0835 5340 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll

11:29:16.0913 5340 LanmanWorkstation - ok

11:29:17.0319 5340 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

11:29:17.0412 5340 lltdio - ok

11:29:17.0787 5340 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

11:29:18.0021 5340 lltdsvc - ok

11:29:18.0333 5340 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

11:29:18.0379 5340 lmhosts - ok

11:29:18.0691 5340 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

11:29:18.0723 5340 LSI_FC - ok

11:29:19.0113 5340 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

11:29:19.0128 5340 LSI_SAS - ok

11:29:19.0534 5340 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

11:29:19.0565 5340 LSI_SAS2 - ok

11:29:19.0924 5340 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

11:29:19.0955 5340 LSI_SCSI - ok

11:29:20.0719 5340 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

11:29:20.0813 5340 luafv - ok

11:29:21.0047 5340 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll

11:29:21.0094 5340 Mcx2Svc - ok

11:29:21.0359 5340 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

11:29:21.0375 5340 megasas - ok

11:29:21.0780 5340 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

11:29:21.0796 5340 MegaSR - ok

11:29:22.0108 5340 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

11:29:22.0170 5340 MMCSS - ok

11:29:22.0951 5340 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

11:29:23.0029 5340 Modem - ok

11:29:23.0466 5340 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

11:29:23.0513 5340 monitor - ok

11:29:23.0950 5340 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

11:29:23.0965 5340 mouclass - ok

11:29:24.0745 5340 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

11:29:24.0792 5340 mouhid - ok

11:29:25.0073 5340 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

11:29:25.0104 5340 mountmgr - ok

11:29:25.0166 5340 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

11:29:25.0198 5340 mpio - ok

11:29:25.0213 5340 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

11:29:25.0260 5340 mpsdrv - ok

11:29:25.0510 5340 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll

11:29:25.0634 5340 MpsSvc - ok

11:29:25.0807 5340 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

11:29:25.0885 5340 MRxDAV - ok

11:29:26.0868 5340 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

11:29:27.0008 5340 mrxsmb - ok

11:29:27.0383 5340 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

11:29:27.0476 5340 mrxsmb10 - ok

11:29:27.0819 5340 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

11:29:27.0835 5340 mrxsmb20 - ok

11:29:28.0194 5340 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys

11:29:28.0225 5340 msahci - ok

11:29:29.0348 5340 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

11:29:29.0364 5340 msdsm - ok

11:29:29.0582 5340 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

11:29:29.0613 5340 MSDTC - ok

11:29:29.0972 5340 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

11:29:30.0019 5340 Msfs - ok

11:29:30.0861 5340 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

11:29:30.0939 5340 mshidkmdf - ok

11:29:31.0314 5340 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

11:29:31.0329 5340 msisadrv - ok

11:29:31.0595 5340 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

11:29:31.0673 5340 MSiSCSI - ok

11:29:31.0782 5340 msiserver - ok

11:29:31.0922 5340 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

11:29:32.0031 5340 MSKSSRV - ok

11:29:32.0780 5340 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

11:29:32.0858 5340 MSPCLOCK - ok

11:29:33.0155 5340 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

11:29:33.0217 5340 MSPQM - ok

11:29:33.0888 5340 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

11:29:33.0966 5340 MsRPC - ok

11:29:34.0106 5340 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

11:29:34.0122 5340 mssmbios - ok

11:29:34.0699 5340 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

11:29:34.0761 5340 MSTEE - ok

11:29:35.0136 5340 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

11:29:35.0183 5340 MTConfig - ok

11:29:35.0526 5340 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

11:29:35.0557 5340 Mup - ok

11:29:35.0900 5340 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll

11:29:35.0978 5340 napagent - ok

11:29:36.0711 5340 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

11:29:36.0821 5340 NativeWifiP - ok

11:29:37.0491 5340 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

11:29:37.0554 5340 NDIS - ok

11:29:37.0819 5340 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

11:29:37.0913 5340 NdisCap - ok

11:29:38.0240 5340 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

11:29:38.0303 5340 NdisTapi - ok

11:29:39.0006 5340 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

11:29:39.0099 5340 Ndisuio - ok

11:29:39.0505 5340 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

11:29:39.0552 5340 NdisWan - ok

11:29:39.0879 5340 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

11:29:39.0957 5340 NDProxy - ok

11:29:40.0581 5340 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

11:29:40.0628 5340 NetBIOS - ok

11:29:41.0002 5340 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

11:29:41.0127 5340 NetBT - ok

11:29:41.0330 5340 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

11:29:41.0392 5340 Netlogon - ok

11:29:41.0814 5340 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

11:29:41.0923 5340 Netman - ok

11:29:42.0094 5340 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

11:29:42.0188 5340 netprofm - ok

11:29:42.0906 5340 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

11:29:42.0921 5340 NetTcpPortSharing - ok

11:29:43.0498 5340 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

11:29:43.0530 5340 nfrd960 - ok

11:29:44.0247 5340 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll

11:29:44.0372 5340 NlaSvc - ok

11:29:44.0590 5340 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

11:29:44.0700 5340 Npfs - ok

11:29:44.0887 5340 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

11:29:44.0980 5340 nsi - ok

11:29:45.0292 5340 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

11:29:45.0339 5340 nsiproxy - ok

11:29:45.0807 5340 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

11:29:45.0916 5340 Ntfs - ok

11:29:46.0244 5340 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

11:29:46.0338 5340 Null - ok

11:29:46.0868 5340 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

11:29:46.0899 5340 nvraid - ok

11:29:47.0258 5340 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

11:29:47.0289 5340 nvstor - ok

11:29:47.0679 5340 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

11:29:47.0710 5340 nv_agp - ok

11:29:48.0194 5340 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

11:29:48.0272 5340 ohci1394 - ok

11:29:48.0709 5340 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

11:29:48.0724 5340 ose - ok

11:29:50.0191 5340 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

11:29:50.0487 5340 osppsvc - ok

11:29:50.0815 5340 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

11:29:50.0908 5340 p2pimsvc - ok

11:29:51.0205 5340 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

11:29:51.0298 5340 p2psvc - ok

11:29:51.0688 5340 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

11:29:51.0720 5340 Parport - ok

11:29:52.0141 5340 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

11:29:52.0172 5340 partmgr - ok

11:29:52.0702 5340 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

11:29:52.0843 5340 PcaSvc - ok

11:29:53.0295 5340 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

11:29:53.0326 5340 pci - ok

11:29:53.0701 5340 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

11:29:53.0716 5340 pciide - ok

11:29:54.0216 5340 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

11:29:54.0262 5340 pcmcia - ok

11:29:55.0089 5340 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

11:29:55.0120 5340 pcw - ok

11:29:55.0635 5340 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

11:29:55.0932 5340 PEAUTH - ok

11:29:56.0212 5340 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

11:29:56.0290 5340 PerfHost - ok

11:29:57.0008 5340 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll

11:29:57.0180 5340 pla - ok

11:29:57.0726 5340 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll

11:29:57.0788 5340 PlugPlay - ok

11:29:58.0053 5340 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

11:29:58.0116 5340 PNRPAutoReg - ok

11:29:58.0958 5340 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

11:29:59.0005 5340 PNRPsvc - ok

11:29:59.0691 5340 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll

11:29:59.0785 5340 PolicyAgent - ok

11:30:00.0175 5340 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

11:30:00.0253 5340 Power - ok

11:30:01.0080 5340 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

11:30:01.0376 5340 PptpMiniport - ok

11:30:01.0750 5340 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

11:30:01.0813 5340 Processor - ok

11:30:02.0156 5340 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll

11:30:02.0250 5340 ProfSvc - ok

11:30:02.0686 5340 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

11:30:02.0718 5340 ProtectedStorage - ok

11:30:03.0232 5340 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

11:30:03.0295 5340 Psched - ok

11:30:03.0622 5340 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

11:30:03.0654 5340 PxHlpa64 - ok

11:30:04.0761 5340 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

11:30:04.0948 5340 ql2300 - ok

11:30:05.0463 5340 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

11:30:05.0494 5340 ql40xx - ok

11:30:05.0869 5340 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

11:30:05.0947 5340 QWAVE - ok

11:30:06.0337 5340 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

11:30:06.0368 5340 QWAVEdrv - ok

11:30:06.0805 5340 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

11:30:06.0883 5340 RasAcd - ok

11:30:07.0663 5340 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

11:30:07.0756 5340 RasAgileVpn - ok

11:30:08.0053 5340 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

11:30:08.0162 5340 RasAuto - ok

11:30:08.0568 5340 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

11:30:08.0692 5340 Rasl2tp - ok

11:30:09.0082 5340 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll

11:30:09.0160 5340 RasMan - ok

11:30:09.0722 5340 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

11:30:09.0816 5340 RasPppoe - ok

11:30:10.0705 5340 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

11:30:10.0876 5340 RasSstp - ok

11:30:11.0313 5340 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

11:30:11.0391 5340 rdbss - ok

11:30:11.0750 5340 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

11:30:11.0812 5340 rdpbus - ok

11:30:11.0953 5340 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

11:30:12.0046 5340 RDPCDD - ok

11:30:12.0561 5340 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

11:30:12.0639 5340 RDPENCDD - ok

11:30:13.0216 5340 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

11:30:13.0279 5340 RDPREFMP - ok

11:30:13.0466 5340 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys

11:30:13.0482 5340 RDPWD - ok

11:30:13.0575 5340 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

11:30:13.0622 5340 rdyboost - ok

11:30:13.0700 5340 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

11:30:13.0762 5340 RemoteAccess - ok

11:30:14.0074 5340 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

11:30:14.0152 5340 RemoteRegistry - ok

11:30:15.0104 5340 RosettaStoneDaemon (e7062dbd907e0c5ceeb5abdaf07e6b32) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe

11:30:15.0260 5340 RosettaStoneDaemon - ok

11:30:15.0494 5340 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

11:30:15.0588 5340 RpcEptMapper - ok

11:30:15.0666 5340 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

11:30:15.0822 5340 RpcLocator - ok

11:30:16.0368 5340 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

11:30:16.0648 5340 RpcSs - ok

11:30:17.0194 5340 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

11:30:17.0272 5340 rspndr - ok

11:30:17.0850 5340 RSUSBSTOR (4a25dc970c58104602ed274dacafd784) C:\Windows\system32\Drivers\RtsUStor.sys

11:30:17.0943 5340 RSUSBSTOR - ok

11:30:18.0224 5340 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

11:30:18.0271 5340 SamSs - ok

11:30:18.0520 5340 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

11:30:18.0552 5340 sbp2port - ok

11:30:19.0020 5340 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

11:30:19.0098 5340 SCardSvr - ok

11:30:19.0737 5340 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

11:30:19.0893 5340 scfilter - ok

11:30:20.0595 5340 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll

11:30:20.0689 5340 Schedule - ok

11:30:21.0219 5340 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

11:30:21.0282 5340 SCPolicySvc - ok

11:30:21.0750 5340 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll

11:30:21.0890 5340 SDRSVC - ok

11:30:22.0779 5340 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

11:30:22.0842 5340 secdrv - ok

11:30:23.0325 5340 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll

11:30:23.0434 5340 seclogon - ok

11:30:23.0980 5340 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

11:30:24.0090 5340 SENS - ok

11:30:24.0979 5340 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

11:30:25.0010 5340 SensrSvc - ok

11:30:25.0556 5340 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

11:30:25.0634 5340 Serenum - ok

11:30:26.0008 5340 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

11:30:26.0071 5340 Serial - ok

11:30:26.0445 5340 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

11:30:26.0492 5340 sermouse - ok

11:30:27.0116 5340 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll

11:30:27.0194 5340 SessionEnv - ok

11:30:27.0522 5340 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

11:30:27.0584 5340 sffdisk - ok

11:30:27.0990 5340 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

11:30:28.0036 5340 sffp_mmc - ok

11:30:28.0567 5340 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys

11:30:28.0614 5340 sffp_sd - ok

11:30:29.0004 5340 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

11:30:29.0050 5340 sfloppy - ok

11:30:29.0440 5340 SftService (e1974a92ac0914a3859359a0a8c82c68) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

11:30:29.0487 5340 SftService - ok

11:30:29.0815 5340 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

11:30:29.0893 5340 SharedAccess - ok

11:30:30.0267 5340 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll

11:30:30.0423 5340 ShellHWDetection - ok

11:30:30.0813 5340 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

11:30:30.0907 5340 SiSRaid2 - ok

11:30:31.0281 5340 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

11:30:31.0313 5340 SiSRaid4 - ok

11:30:31.0578 5340 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

11:30:31.0640 5340 Smb - ok

11:30:31.0827 5340 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

11:30:31.0874 5340 SNMPTRAP - ok

11:30:32.0139 5340 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

11:30:32.0186 5340 spldr - ok

11:30:32.0841 5340 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe

11:30:32.0997 5340 Spooler - ok

11:30:33.0512 5340 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe

11:30:33.0668 5340 sppsvc - ok

11:30:33.0840 5340 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

11:30:33.0933 5340 sppuinotify - ok

11:30:34.0152 5340 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

11:30:34.0183 5340 sprtsvc_DellSupportCenter - ok

11:30:34.0761 5340 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

11:30:34.0870 5340 srv - ok

11:30:35.0572 5340 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

11:30:35.0650 5340 srv2 - ok

11:30:36.0040 5340 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

11:30:36.0087 5340 srvnet - ok

11:30:36.0898 5340 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

11:30:36.0992 5340 SSDPSRV - ok

11:30:37.0242 5340 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

11:30:37.0304 5340 SstpSvc - ok

11:30:37.0975 5340 STacSV (444109453a2b87e6c16bcda5953e81a9) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe

11:30:38.0084 5340 STacSV - ok

11:30:38.0880 5340 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

11:30:38.0911 5340 stexstor - ok

11:30:39.0238 5340 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys

11:30:39.0301 5340 STHDA - ok

11:30:39.0644 5340 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll

11:30:39.0784 5340 stisvc - ok

11:30:40.0034 5340 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

11:30:40.0081 5340 swenum - ok

11:30:40.0627 5340 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

11:30:40.0736 5340 swprv - ok

11:30:41.0360 5340 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll

11:30:41.0500 5340 SysMain - ok

11:30:41.0703 5340 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll

11:30:41.0781 5340 TabletInputService - ok

11:30:42.0093 5340 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll

11:30:42.0171 5340 TapiSrv - ok

11:30:42.0483 5340 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

11:30:42.0546 5340 TBS - ok

11:30:43.0045 5340 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys

11:30:43.0263 5340 Tcpip - ok

11:30:43.0840 5340 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys

11:30:43.0887 5340 TCPIP6 - ok

11:30:44.0230 5340 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

11:30:44.0324 5340 tcpipreg - ok

11:30:44.0948 5340 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

11:30:45.0010 5340 TDPIPE - ok

11:30:45.0432 5340 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys

11:30:45.0541 5340 TDTCP - ok

11:30:45.0931 5340 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

11:30:46.0056 5340 tdx - ok

11:30:46.0414 5340 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

11:30:46.0446 5340 TermDD - ok

11:30:46.0773 5340 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll

11:30:46.0960 5340 TermService - ok

11:30:47.0350 5340 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

11:30:47.0428 5340 Themes - ok

11:30:47.0678 5340 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

11:30:47.0725 5340 THREADORDER - ok

11:30:48.0021 5340 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

11:30:48.0130 5340 TrkWks - ok

11:30:48.0302 5340 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe

11:30:48.0879 5340 TrustedInstaller - ok

11:30:49.0347 5340 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

11:30:49.0410 5340 tssecsrv - ok

11:30:49.0924 5340 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

11:30:50.0002 5340 tunnel - ok

11:30:50.0580 5340 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

11:30:50.0611 5340 uagp35 - ok

11:30:51.0094 5340 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys

11:30:51.0172 5340 udfs - ok

11:30:51.0422 5340 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

11:30:51.0469 5340 UI0Detect - ok

11:30:51.0890 5340 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

11:30:51.0921 5340 uliagpkx - ok

11:30:52.0249 5340 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

11:30:52.0296 5340 umbus - ok

11:30:52.0935 5340 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

11:30:52.0982 5340 UmPass - ok

11:30:53.0138 5340 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

11:30:53.0232 5340 upnphost - ok

11:30:53.0590 5340 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

11:30:53.0622 5340 USBAAPL64 - ok

11:30:53.0668 5340 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys

11:30:53.0762 5340 usbccgp - ok

11:30:54.0012 5340 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

11:30:54.0090 5340 usbcir - ok

11:30:54.0183 5340 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys

11:30:54.0230 5340 usbehci - ok

11:30:54.0729 5340 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys

11:30:54.0760 5340 usbhub - ok

11:30:55.0104 5340 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys

11:30:55.0135 5340 usbohci - ok

11:30:55.0447 5340 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

11:30:55.0494 5340 usbprint - ok

11:30:55.0837 5340 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

11:30:55.0899 5340 usbscan - ok

11:30:55.0946 5340 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS

11:30:56.0008 5340 USBSTOR - ok

11:30:56.0071 5340 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\DRIVERS\usbuhci.sys

11:30:56.0149 5340 usbuhci - ok

11:30:56.0258 5340 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys

11:30:56.0476 5340 usbvideo - ok

11:30:56.0742 5340 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

11:30:56.0835 5340 UxSms - ok

11:30:57.0116 5340 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

11:30:57.0147 5340 VaultSvc - ok

11:30:57.0568 5340 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

11:30:57.0615 5340 vdrvroot - ok

11:30:58.0130 5340 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe

11:30:58.0224 5340 vds - ok

11:30:59.0019 5340 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

11:30:59.0050 5340 vga - ok

11:30:59.0378 5340 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

11:30:59.0440 5340 VgaSave - ok

11:30:59.0752 5340 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

11:30:59.0784 5340 vhdmp - ok

11:31:00.0080 5340 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

11:31:00.0111 5340 viaide - ok

11:31:00.0626 5340 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

11:31:00.0688 5340 volmgr - ok

11:31:01.0063 5340 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

11:31:01.0094 5340 volmgrx - ok

11:31:01.0406 5340 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

11:31:01.0437 5340 volsnap - ok

11:31:01.0734 5340 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

11:31:01.0780 5340 vsmraid - ok

11:31:02.0529 5340 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe

11:31:02.0638 5340 VSS - ok

11:31:02.0997 5340 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

11:31:03.0091 5340 vwifibus - ok

11:31:03.0309 5340 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

11:31:03.0434 5340 vwififlt - ok

11:31:03.0824 5340 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

11:31:03.0855 5340 vwifimp - ok

11:31:04.0230 5340 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

11:31:04.0308 5340 W32Time - ok

11:31:04.0822 5340 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

11:31:04.0916 5340 WacomPen - ok

11:31:05.0259 5340 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

11:31:05.0337 5340 WANARP - ok

11:31:05.0337 5340 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

11:31:05.0384 5340 Wanarpv6 - ok

11:31:05.0961 5340 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

11:31:06.0008 5340 WatAdminSvc - ok

11:31:06.0726 5340 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe

11:31:06.0850 5340 wbengine - ok

11:31:07.0225 5340 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

11:31:07.0318 5340 WbioSrvc - ok

11:31:07.0646 5340 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll

11:31:07.0693 5340 wcncsvc - ok

11:31:08.0020 5340 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

11:31:08.0083 5340 WcsPlugInService - ok

11:31:08.0208 5340 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

11:31:08.0270 5340 Wd - ok

11:31:08.0941 5340 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

11:31:09.0003 5340 Wdf01000 - ok

11:31:09.0268 5340 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

11:31:09.0378 5340 WdiServiceHost - ok

11:31:09.0424 5340 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

11:31:09.0456 5340 WdiSystemHost - ok

11:31:09.0736 5340 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll

11:31:09.0768 5340 WebClient - ok

11:31:10.0048 5340 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

11:31:10.0142 5340 Wecsvc - ok

11:31:10.0579 5340 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

11:31:10.0657 5340 wercplsupport - ok

11:31:10.0984 5340 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

11:31:11.0062 5340 WerSvc - ok

11:31:11.0343 5340 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

11:31:11.0390 5340 WfpLwf - ok

11:31:11.0718 5340 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

11:31:11.0780 5340 WimFltr - ok

11:31:11.0998 5340 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

11:31:12.0045 5340 WIMMount - ok

11:31:12.0108 5340 WinDefend - ok

11:31:12.0123 5340 WinHttpAutoProxySvc - ok

11:31:13.0012 5340 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

11:31:13.0262 5340 Winmgmt - ok

11:31:13.0761 5340 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll

11:31:13.0902 5340 WinRM - ok

11:31:14.0354 5340 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys

11:31:14.0557 5340 WinUsb - ok

11:31:14.0884 5340 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

11:31:15.0009 5340 Wlansvc - ok

11:31:15.0352 5340 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

11:31:15.0462 5340 wlidsvc - ok

11:31:15.0586 5340 wltrysvc (13b0a570e1ae451c92da550085d72cf3) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

11:31:15.0618 5340 wltrysvc ( UnsignedFile.Multi.Generic ) - warning

11:31:15.0618 5340 wltrysvc - detected UnsignedFile.Multi.Generic (1)

11:31:15.0914 5340 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

11:31:15.0961 5340 WmiAcpi - ok

11:31:16.0273 5340 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

11:31:16.0522 5340 wmiApSrv - ok

11:31:16.0632 5340 WMPNetworkSvc - ok

11:31:16.0912 5340 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

11:31:16.0944 5340 WPCSvc - ok

11:31:17.0272 5340 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll

11:31:17.0335 5340 WPDBusEnum - ok

11:31:17.0444 5340 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

11:31:17.0506 5340 ws2ifsl - ok

11:31:17.0553 5340 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll

11:31:17.0600 5340 wscsvc - ok

11:31:17.0600 5340 WSearch - ok

11:31:17.0818 5340 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll

11:31:17.0943 5340 wuauserv - ok

11:31:18.0177 5340 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys

11:31:18.0286 5340 WudfPf - ok

11:31:18.0739 5340 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys

11:31:18.0832 5340 WUDFRd - ok

11:31:19.0004 5340 wudfsvc (27b9bee5aac00139e3a3af5d6227a0dc) C:\Windows\System32\WUDFSvc.dll

11:31:19.0097 5340 wudfsvc - ok

11:31:19.0332 5340 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

11:31:19.0410 5340 WwanSvc - ok

11:31:19.0800 5340 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys

11:31:19.0925 5340 yukonw7 - ok

11:31:20.0019 5340 MBR (0x1B8) (faf3db026c90f586e5993588661e2612) \Device\Harddisk0\DR0

11:31:20.0066 5340 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

11:31:20.0066 5340 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

11:31:31.0048 5340 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

11:31:31.0048 5340 \Device\Harddisk0\DR0 - detected TDSS File System (1)

11:31:31.0048 5340 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1

11:31:34.0605 5340 \Device\Harddisk1\DR1 - ok

11:31:34.0932 5340 Boot (0x1200) (522db6195b80e4e46575f11bc6e3296c) \Device\Harddisk0\DR0\Partition0

11:31:34.0932 5340 \Device\Harddisk0\DR0\Partition0 - ok

11:31:34.0964 5340 Boot (0x1200) (5183eb0a9a72baa3bcaf2ce7c3451129) \Device\Harddisk0\DR0\Partition1

11:31:34.0964 5340 \Device\Harddisk0\DR0\Partition1 - ok

11:31:34.0979 5340 Boot (0x1200) (a7143778d39fdbcd712f448b1003d485) \Device\Harddisk1\DR1\Partition0

11:31:34.0979 5340 \Device\Harddisk1\DR1\Partition0 - ok

11:31:34.0979 5340 ============================================================

11:31:34.0979 5340 Scan finished

11:31:34.0979 5340 ============================================================

11:31:34.0995 1612 Detected object count: 4

11:31:34.0995 1612 Actual detected object count: 4

11:32:37.0972 1612 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user

11:32:37.0972 1612 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:32:37.0972 1612 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user

11:32:37.0972 1612 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:32:38.0830 1612 \Device\Harddisk0\DR0\# - copied to quarantine

11:32:38.0830 1612 \Device\Harddisk0\DR0 - copied to quarantine

11:32:55.0401 1612 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

11:33:15.0822 1612 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

11:33:17.0322 1612 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

11:33:27.0321 1612 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

11:33:40.0611 1612 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

11:33:41.0065 1612 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

11:33:41.0202 1612 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

11:33:41.0340 1612 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

11:33:41.0490 1612 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

11:33:41.0890 1612 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

11:33:42.0781 1612 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

11:33:42.0923 1612 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

11:33:43.0053 1612 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

11:33:43.0053 1612 \Device\Harddisk0\DR0 - ok

11:33:43.0313 1612 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

11:33:43.0323 1612 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

11:33:43.0323 1612 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

11:34:00.0048 5536 Deinitialize success

11:43:20.0943 5668 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18

11:43:21.0504 5668 ============================================================

11:43:21.0504 5668 Current date / time: 2012/03/27 11:43:21.0504

11:43:21.0504 5668 SystemInfo:

11:43:21.0504 5668

11:43:21.0504 5668 OS Version: 6.1.7600 ServicePack: 0.0

11:43:21.0504 5668 Product type: Workstation

11:43:21.0504 5668 ComputerName: THER-PC

11:43:21.0504 5668 UserName: Ther

11:43:21.0504 5668 Windows directory: C:\Windows

11:43:21.0504 5668 System windows directory: C:\Windows

11:43:21.0504 5668 Running under WOW64

11:43:21.0504 5668 Processor architecture: Intel x64

11:43:21.0504 5668 Number of processors: 2

11:43:21.0504 5668 Page size: 0x1000

11:43:21.0504 5668 Boot type: Normal boot

11:43:21.0504 5668 ============================================================

11:43:25.0329 5668 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

11:43:25.0376 5668 Drive \Device\Harddisk1\DR1 - Size: 0xF4FD1C00 (3.83 Gb), SectorSize: 0x200, Cylinders: 0x1F3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

11:43:25.0376 5668 \Device\Harddisk0\DR0:

11:43:25.0392 5668 MBR used

11:43:25.0392 5668 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000

11:43:25.0392 5668 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170

11:43:25.0392 5668 \Device\Harddisk1\DR1:

11:43:25.0392 5668 MBR used

11:43:25.0392 5668 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x7A7E4F

11:43:25.0719 5668 Initialize success

11:43:25.0719 5668 ============================================================

LDTate · March 27, 2012

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Addammer · March 29, 2012

Everything seems to be operating properly and Malwarebytes reported nothing.

Thank you!

LDTate · March 29, 2012

You can delete TDSSKiller

LDTate · March 29, 2012

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Svchost.exe keeps appearing, will not delete.

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information