Sign in to follow this  
Followers 0
rjones315

Here are the log files.

22 posts in this topic

Merged post

I've attached the log files. It seems to be something infecting my hosts file. I get 404 error messages when trying to go to certain web sites. Please let me know what you find.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 3/7/2011 6:26:33 PM

System Uptime: 4/3/2012 9:58:44 PM (3 hours ago)

.

Motherboard: Dell Inc. | | 0PJTXT

Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz | U2E1 | 2399/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 581 GiB total, 412.962 GiB free.

D: is CDROM ()

V: is NetworkDisk (NTFS) - 1397 GiB total, 537.484 GiB free.

W: is NetworkDisk (NTFS) - 1851 GiB total, 939.265 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP118: 4/2/2012 10:35:22 PM - Installed Java™ 6 Update 31

RP119: 4/2/2012 11:51:53 PM - Removed Google Talk Plugin

RP120: 4/3/2012 12:19:28 AM - Removed AVG 2012

RP121: 4/3/2012 12:21:54 AM - Removed AVG 2012

RP122: 4/3/2012 12:29:11 AM - Removed Eye-Fi Center 3.4

RP123: 4/3/2012 12:45:13 AM - Windows Update

RP124: 4/3/2012 1:15:48 AM - avast! Free Antivirus Setup

.

==== Installed Programs ======================

.

688I Hunter Killer

Adobe AIR

Adobe Community Help

Adobe Flash Media Live Encoder 3.1

Adobe Flash Player 10 ActiveX

Adobe Media Player

Adobe Photoshop CS5

Adobe Reader 9.5.0

Advanced Audio FX Engine

Akamai NetSession Interface

Akamai NetSession Interface Service

Amazon Games & Software Downloader

Angry Birds

Apple Application Support

Apple Software Update

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

ATI Catalyst Control Center

avast! Free Antivirus

Carbonite

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Consumer In-Home Service Agreement

Core FTP LE 2.1

Cozi

Cricket Broadband EC1705

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Dock

Dell Getting Started Guide

Dell Support Center (Support Software)

Dell Webcam Central

eBay

Flickr Uploadr 2.5.0.14

Google Chrome

GoToAssist 8.0.0.514

Intel AppUp(SM) center

Intel® Management Engine Components

Java Auto Updater

Java™ 6 Update 31

Junk Mail filter update

jZip

LinkedIn Outlook Connector

Live! Cam Avatar Creator

LoJack Factory Installer

Malwarebytes Anti-Malware version 1.60.1.1000

Media Player Codec Pack 4.1.1

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office FrontPage 2003

Microsoft Office Home and Business 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mozilla Thunderbird 10.0 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Octoshape add-in for Adobe Flash Player

OLYMPUS Studio 2

PDF Settings CS5

Photomatix Pro version 3.2.7

QuickTime

Realtek High Definition Audio Driver

Roxio Burn

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition

Skins

Skype Click to Call

Skype™ 5.5

SPAMfighter

SPAMfighter Client

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

Visual Studio 2008 x64 Redistributables

WildTangent Games

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

XnView 1.98.5

.

==== Event Viewer Messages From Past Week ========

.

4/4/2012 12:31:35 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.

.

==== End Of File ===========================

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31

Run by Bob Jones at 0:30:13 on 2012-04-04

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6005.2608 [GMT -4:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\ProgramData\DatacardService\DCService.exe

C:\ProgramData\DatacardService\DCSHelper.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Users\Bob Jones\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Users\Bob Jones\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StickyNotes.exe

C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Users\Bob Jones\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe

C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.exe

C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\ProgramData\Cricket Broadband EC1705\userdata\ouc.exe

C:\Program Files (x86)\Fighters\FighterSuiteService.exe

-netsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\vssvc.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = g.msn.com/USCON/1

uDefault_Page_URL = g.msn.com/USCON/1

uInternet Settings,ProxyOverride = <local>

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [Google Update] "C:\Users\Bob Jones\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Akamai NetSession Interface] "C:\Users\Bob Jones\AppData\Local\Akamai\netsession_win.exe"

uRun: [HW_OPENEYE_OUC_] "C:\Program Files (x86)\Cricket Broadband EC1705\UpdateDog\ouc.exe"

uRun: [Eye-Fi] "C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe"

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [sfagent] C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe

mRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk"

mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

StartupFolder: C:\Users\BOBJON~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

StartupFolder: C:\Users\BOBJON~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\Users\Bob Jones\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StickyNotes.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL

Trusted Zone: adp.com

Trusted Zone: adpcorp.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{0CE4C873-7E98-468F-988E-0D8459C0F61E} : NameServer = 10.133.20.11 10.132.20.11

TCP: Interfaces\{15E654EB-EF3C-44D0-A173-5EC50785E479} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC}\4457E6B696E60244F6E6574737 : DhcpNameServer = 192.168.91.1

TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC}\4657E6E647962756 : DhcpNameServer = 208.67.220.220 208.67.222.222 10.0.0.10

TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC}\775676D616E637 : DhcpNameServer = 208.67.222.222 208.67.220.220

TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC}\A5F6F6D6 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC}\A7F6F6D6 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{874EAB87-1252-46AB-8067-C7883711D19B} : NameServer = 10.133.20.11 10.132.20.11

TCP: Interfaces\{A3146EDD-7284-4647-8F82-EFAB9CC7F267} : NameServer = 10.133.20.11 10.132.20.11

TCP: Interfaces\{B38B24DA-233E-49AC-B4C4-4212DAA38564} : NameServer = 10.133.20.11 10.132.20.11

TCP: Interfaces\{CA0D7AB7-D4D2-42EA-BFFE-7C088762B930} : NameServer = 10.133.20.11 10.132.20.11

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun-x64: [sfagent] C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe

mRun-x64: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk"

mRun-x64: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-2-18 98208]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]

R2 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-4-3 401920]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-4-3 44768]

R2 DCService.exe;DCService.exe;C:\ProgramData\DatacardService\DCService.exe [2009-12-22 225280]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-3 652360]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-2-18 1692480]

R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe [2010-11-16 214664]

R2 Suite Service;Suite Service;C:\Program Files (x86)\Fighters\FighterSuiteService.exe [2010-11-16 1145992]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-18 2533400]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]

S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]

S3 OlyUsbCam;OLYMPUS USB Camera;C:\Windows\system32\DRIVERS\OlyUsbCam.sys --> C:\Windows\system32\DRIVERS\OlyUsbCam.sys [?]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-04-04 01:03:44 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-04-04 01:03:40 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{98DC1D1E-C247-4AAE-B2EF-7F1699394DA6}\mpengine.dll

2012-04-03 06:24:58 20480 ----a-w- C:\Windows\svchost.exe

2012-04-03 06:01:02 -------- d-----w- C:\Users\Bob Jones\AppData\Roaming\Malwarebytes

2012-04-03 06:00:53 -------- d-----w- C:\ProgramData\Malwarebytes

2012-04-03 06:00:52 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-04-03 06:00:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-03 05:17:08 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2012-04-03 05:17:05 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-04-03 05:17:03 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-04-03 05:16:42 41184 ----a-w- C:\Windows\avastSS.scr

2012-04-03 05:16:20 -------- d-----w- C:\ProgramData\AVAST Software

2012-04-03 05:16:20 -------- d-----w- C:\Program Files\AVAST Software

2012-04-03 04:46:13 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-04-03 02:37:03 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll

2012-03-31 02:34:49 -------- d-----w- C:\Users\Bob Jones\AppData\Roaming\Titanium

2012-03-31 02:33:46 -------- d-----w- C:\Users\Bob Jones\AppData\Local\Eye-Fi

2012-03-31 02:31:14 -------- d-----w- C:\Users\Bob Jones\AppData\Roaming\Eye-Fi

2012-03-24 20:48:00 -------- d-----w- C:\Users\Bob Jones\AppData\Local\{AD9BF85B-CCDD-4BF7-BD11-5940C4575453}

2012-03-20 01:22:52 0 ----a-w- C:\Windows\SysWow64\sho69DC.tmp

2012-03-19 23:08:35 -------- d-----w- C:\ProgramData\App4rTemp

2012-03-19 23:07:52 -------- d-----w- C:\Users\Bob Jones\AppData\Roaming\Lexmark Productivity Studio

2012-03-19 22:49:41 -------- d-----w- C:\ProgramData\Ezprint

2012-03-19 22:49:25 -------- d-----w- C:\Program Files (x86)\Lexmark Toolbar

2012-03-19 22:41:58 -------- d-----w- C:\ProgramData\Lx_cats

2012-03-19 22:41:02 81920 ----a-w- C:\Windows\SysWow64\lxdxcaps.dll

2012-03-19 22:41:02 782336 ----a-w- C:\Windows\SysWow64\lxdxdrs.dll

2012-03-19 22:41:02 77906 ----a-w- C:\Windows\SysWow64\lxdxcfg.dll

2012-03-19 22:41:02 69632 ----a-w- C:\Windows\SysWow64\lxdxcnv4.dll

2012-03-19 22:41:02 65536 ----a-w- C:\Windows\System32\lxdxcfg64.dll

2012-03-19 22:41:02 54784 ----a-w- C:\Windows\System32\lxdxcnv464.dll

2012-03-19 22:41:02 25600 ----a-w- C:\Windows\System32\lxdxcaps64.dll

2012-03-19 22:41:02 1024512 ----a-w- C:\Windows\System32\lxdxdrs64.dll

2012-03-19 22:39:11 -------- d-----w- C:\logs

2012-03-19 22:36:36 -------- d-----w- C:\lexmark

2012-03-17 03:04:51 -------- d-----w- C:\Users\Bob Jones\AppData\Roaming\AVG

2012-03-14 07:05:12 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-14 07:05:10 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-14 07:05:09 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-03-14 04:01:15 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-03-14 04:01:14 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-14 04:01:13 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-14 04:01:01 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-14 04:01:00 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-03-14 04:01:00 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-03-14 04:00:33 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-03-14 04:00:32 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-14 04:00:31 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-14 04:00:31 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-03-11 17:14:44 0 ----a-w- C:\Windows\SysWow64\sho64D5.tmp

2012-03-11 16:53:03 -------- d-----w- C:\Program Files\iPod

2012-03-11 16:53:02 -------- d-----w- C:\Program Files\iTunes

2012-03-11 16:53:02 -------- d-----w- C:\Program Files (x86)\iTunes

.

==================== Find3M ====================

.

2012-04-03 02:36:30 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-02-26 17:55:46 0 ----a-w- C:\Windows\SysWow64\sho2F79.tmp

2012-02-26 02:58:40 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

.

============= FINISH: 0:31:32.43 ===============

Attach.txt

DDS.txt

Share this post


Link to post
Share on other sites

Hello rjones315 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

Share this post


Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31

Run by Bob Jones at 20:18:37 on 2012-04-05

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6005.3586 [GMT -4:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\WLANExt.exe

C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\ProgramData\DatacardService\DCService.exe

C:\ProgramData\DatacardService\DCSHelper.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Fighters\FighterSuiteService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

C:\Users\Bob Jones\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Users\Bob Jones\AppData\Local\Akamai\netsession_win.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe

C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.exe

C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

-netsvcs

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Users\Bob Jones\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StickyNotes.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\msiexec.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Users\Bob Jones\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = g.msn.com/USCON/1

uDefault_Page_URL = g.msn.com/USCON/1

uInternet Settings,ProxyOverride = <local>

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [Google Update] "C:\Users\Bob Jones\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Akamai NetSession Interface] "C:\Users\Bob Jones\AppData\Local\Akamai\netsession_win.exe"

uRun: [HW_OPENEYE_OUC_] "C:\Program Files (x86)\Cricket Broadband EC1705\UpdateDog\ouc.exe"

uRun: [Eye-Fi] "C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe"

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [sfagent] C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe

mRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk"

mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

StartupFolder: C:\Users\BOBJON~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

StartupFolder: C:\Users\BOBJON~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\Users\Bob Jones\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StickyNotes.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL

Trusted Zone: adp.com

Trusted Zone: adpcorp.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{0CE4C873-7E98-468F-988E-0D8459C0F61E} : NameServer = 10.133.20.11 10.132.20.11

TCP: Interfaces\{15E654EB-EF3C-44D0-A173-5EC50785E479} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC}\4457E6B696E60244F6E6574737 : DhcpNameServer = 192.168.91.1

TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC}\4657E6E647962756 : DhcpNameServer = 208.67.220.220 208.67.222.222 10.0.0.10

TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC}\775676D616E637 : DhcpNameServer = 208.67.222.222 208.67.220.220

TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC}\A5F6F6D6 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{4171AA29-4D7F-4368-AA60-86FE101D58EC}\A7F6F6D6 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{874EAB87-1252-46AB-8067-C7883711D19B} : NameServer = 10.133.20.11 10.132.20.11

TCP: Interfaces\{A3146EDD-7284-4647-8F82-EFAB9CC7F267} : NameServer = 10.133.20.11 10.132.20.11

TCP: Interfaces\{B38B24DA-233E-49AC-B4C4-4212DAA38564} : NameServer = 10.133.20.11 10.132.20.11

TCP: Interfaces\{CA0D7AB7-D4D2-42EA-BFFE-7C088762B930} : NameServer = 10.133.20.11 10.132.20.11

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun-x64: [sfagent] C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe

mRun-x64: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk"

mRun-x64: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-2-18 98208]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]

R2 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-4-3 401920]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-4-3 44768]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 DCService.exe;DCService.exe;C:\ProgramData\DatacardService\DCService.exe [2009-12-22 225280]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-3 652360]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-2-18 1692480]

R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe [2010-11-16 214664]

R2 Suite Service;Suite Service;C:\Program Files (x86)\Fighters\FighterSuiteService.exe [2010-11-16 1145992]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-18 2533400]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]

S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]

S3 OlyUsbCam;OLYMPUS USB Camera;C:\Windows\system32\DRIVERS\OlyUsbCam.sys --> C:\Windows\system32\DRIVERS\OlyUsbCam.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-04-06 00:10:30 20480 ----a-w- C:\Windows\svchost.exe

2012-04-05 23:35:00 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-04 06:21:17 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{98DC1D1E-C247-4AAE-B2EF-7F1699394DA6}\offreg.dll

2012-04-04 01:03:44 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-04-04 01:03:40 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{98DC1D1E-C247-4AAE-B2EF-7F1699394DA6}\mpengine.dll

2012-04-03 06:01:02 -------- d-----w- C:\Users\Bob Jones\AppData\Roaming\Malwarebytes

2012-04-03 06:00:53 -------- d-----w- C:\ProgramData\Malwarebytes

2012-04-03 06:00:52 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-04-03 06:00:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-03 05:17:08 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2012-04-03 05:17:05 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-04-03 05:17:03 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-04-03 05:16:42 41184 ----a-w- C:\Windows\avastSS.scr

2012-04-03 05:16:20 -------- d-----w- C:\ProgramData\AVAST Software

2012-04-03 05:16:20 -------- d-----w- C:\Program Files\AVAST Software

2012-04-03 04:46:13 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-04-03 02:37:03 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll

2012-03-31 02:34:49 -------- d-----w- C:\Users\Bob Jones\AppData\Roaming\Titanium

2012-03-31 02:33:46 -------- d-----w- C:\Users\Bob Jones\AppData\Local\Eye-Fi

2012-03-31 02:31:14 -------- d-----w- C:\Users\Bob Jones\AppData\Roaming\Eye-Fi

2012-03-24 20:48:00 -------- d-----w- C:\Users\Bob Jones\AppData\Local\{AD9BF85B-CCDD-4BF7-BD11-5940C4575453}

2012-03-20 01:22:52 0 ----a-w- C:\Windows\SysWow64\sho69DC.tmp

2012-03-19 23:08:35 -------- d-----w- C:\ProgramData\App4rTemp

2012-03-19 23:07:52 -------- d-----w- C:\Users\Bob Jones\AppData\Roaming\Lexmark Productivity Studio

2012-03-19 22:49:41 -------- d-----w- C:\ProgramData\Ezprint

2012-03-19 22:49:25 -------- d-----w- C:\Program Files (x86)\Lexmark Toolbar

2012-03-19 22:41:58 -------- d-----w- C:\ProgramData\Lx_cats

2012-03-19 22:41:02 81920 ----a-w- C:\Windows\SysWow64\lxdxcaps.dll

2012-03-19 22:41:02 782336 ----a-w- C:\Windows\SysWow64\lxdxdrs.dll

2012-03-19 22:41:02 77906 ----a-w- C:\Windows\SysWow64\lxdxcfg.dll

2012-03-19 22:41:02 69632 ----a-w- C:\Windows\SysWow64\lxdxcnv4.dll

2012-03-19 22:41:02 65536 ----a-w- C:\Windows\System32\lxdxcfg64.dll

2012-03-19 22:41:02 54784 ----a-w- C:\Windows\System32\lxdxcnv464.dll

2012-03-19 22:41:02 25600 ----a-w- C:\Windows\System32\lxdxcaps64.dll

2012-03-19 22:41:02 1024512 ----a-w- C:\Windows\System32\lxdxdrs64.dll

2012-03-19 22:39:11 -------- d-----w- C:\logs

2012-03-19 22:36:36 -------- d-----w- C:\lexmark

2012-03-17 03:04:51 -------- d-----w- C:\Users\Bob Jones\AppData\Roaming\AVG

2012-03-14 07:05:12 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-14 07:05:10 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-14 07:05:09 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-03-14 04:01:15 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-03-14 04:01:14 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-14 04:01:13 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-14 04:01:01 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-14 04:01:00 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-03-14 04:01:00 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-03-14 04:00:33 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-03-14 04:00:32 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-14 04:00:31 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-14 04:00:31 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-03-11 17:14:44 0 ----a-w- C:\Windows\SysWow64\sho64D5.tmp

2012-03-11 16:53:03 -------- d-----w- C:\Program Files\iPod

2012-03-11 16:53:02 -------- d-----w- C:\Program Files\iTunes

2012-03-11 16:53:02 -------- d-----w- C:\Program Files (x86)\iTunes

.

==================== Find3M ====================

.

2012-04-03 02:36:30 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-02-26 17:55:46 0 ----a-w- C:\Windows\SysWow64\sho2F79.tmp

2012-02-26 02:58:40 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

.

============= FINISH: 20:21:05.11 ===============

Share this post


Link to post
Share on other sites

19:32:23.0213 15076 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02

19:32:23.0572 15076 ============================================================

19:32:23.0572 15076 Current date / time: 2012/04/05 19:32:23.0572

19:32:23.0572 15076 SystemInfo:

19:32:23.0572 15076

19:32:23.0572 15076 OS Version: 6.1.7601 ServicePack: 1.0

19:32:23.0572 15076 Product type: Workstation

19:32:23.0572 15076 ComputerName: DELL-LAPTOP

19:32:23.0572 15076 UserName: Bob Jones

19:32:23.0572 15076 Windows directory: C:\Windows

19:32:23.0572 15076 System windows directory: C:\Windows

19:32:23.0572 15076 Running under WOW64

19:32:23.0572 15076 Processor architecture: Intel x64

19:32:23.0572 15076 Number of processors: 4

19:32:23.0572 15076 Page size: 0x1000

19:32:23.0572 15076 Boot type: Normal boot

19:32:23.0572 15076 ============================================================

19:32:24.0196 15076 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

19:32:24.0211 15076 \Device\Harddisk0\DR0:

19:32:24.0211 15076 MBR used

19:32:24.0211 15076 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x1D4C000

19:32:24.0211 15076 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7EFCD, BlocksNum 0x48AD8AE3

19:32:24.0243 15076 Initialize success

19:32:24.0243 15076 ============================================================

19:32:57.0985 16288 ============================================================

19:32:57.0985 16288 Scan started

19:32:57.0985 16288 Mode: Manual; SigCheck; TDLFS;

19:32:57.0985 16288 ============================================================

19:32:58.0391 16288 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

19:32:58.0563 16288 1394ohci - ok

19:32:58.0656 16288 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

19:32:58.0687 16288 ACPI - ok

19:32:58.0781 16288 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

19:32:58.0875 16288 AcpiPmi - ok

19:32:58.0984 16288 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

19:32:59.0015 16288 adp94xx - ok

19:32:59.0062 16288 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

19:32:59.0077 16288 adpahci - ok

19:32:59.0124 16288 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

19:32:59.0155 16288 adpu320 - ok

19:32:59.0187 16288 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

19:32:59.0327 16288 AeLookupSvc - ok

19:32:59.0358 16288 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

19:32:59.0389 16288 AERTFilters - ok

19:32:59.0467 16288 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

19:32:59.0577 16288 AFD - ok

19:32:59.0686 16288 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

19:32:59.0717 16288 agp440 - ok

19:32:59.0904 16288 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll

19:32:59.0904 16288 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7

19:32:59.0904 16288 Akamai ( HiddenFile.Multi.Generic ) - warning

19:32:59.0904 16288 Akamai - detected HiddenFile.Multi.Generic (1)

19:32:59.0982 16288 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

19:33:00.0060 16288 ALG - ok

19:33:00.0123 16288 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

19:33:00.0154 16288 aliide - ok

19:33:00.0388 16288 Amazon Download Agent (ff6f0f6a2d72065ae4300426fa414693) C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe

19:33:00.0419 16288 Amazon Download Agent ( UnsignedFile.Multi.Generic ) - warning

19:33:00.0419 16288 Amazon Download Agent - detected UnsignedFile.Multi.Generic (1)

19:33:00.0497 16288 AMD External Events Utility (3d90cf67db75823a8480e56bbcd2e028) C:\Windows\system32\atiesrxx.exe

19:33:00.0591 16288 AMD External Events Utility - ok

19:33:00.0669 16288 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

19:33:00.0684 16288 amdide - ok

19:33:00.0731 16288 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

19:33:00.0793 16288 AmdK8 - ok

19:33:00.0981 16288 amdkmdag (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atipmdag.sys

19:33:01.0215 16288 amdkmdag - ok

19:33:01.0261 16288 amdkmdap (414e0788920a8c856032be2cbf29f984) C:\Windows\system32\DRIVERS\atikmpag.sys

19:33:01.0324 16288 amdkmdap - ok

19:33:01.0433 16288 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

19:33:01.0480 16288 AmdPPM - ok

19:33:01.0542 16288 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

19:33:01.0573 16288 amdsata - ok

19:33:01.0605 16288 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

19:33:01.0620 16288 amdsbs - ok

19:33:01.0636 16288 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

19:33:01.0651 16288 amdxata - ok

19:33:01.0698 16288 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

19:33:01.0901 16288 AppID - ok

19:33:01.0979 16288 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

19:33:02.0073 16288 AppIDSvc - ok

19:33:02.0151 16288 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

19:33:02.0213 16288 Appinfo - ok

19:33:02.0322 16288 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

19:33:02.0353 16288 Apple Mobile Device - ok

19:33:02.0447 16288 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

19:33:02.0463 16288 arc - ok

19:33:02.0494 16288 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

19:33:02.0525 16288 arcsas - ok

19:33:02.0603 16288 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys

19:33:02.0650 16288 aswFsBlk - ok

19:33:02.0728 16288 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys

19:33:02.0743 16288 aswMonFlt - ok

19:33:02.0806 16288 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys

19:33:02.0837 16288 aswRdr - ok

19:33:02.0946 16288 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys

19:33:02.0977 16288 aswSnx - ok

19:33:03.0055 16288 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys

19:33:03.0087 16288 aswSP - ok

19:33:03.0165 16288 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys

19:33:03.0196 16288 aswTdi - ok

19:33:03.0258 16288 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

19:33:03.0336 16288 AsyncMac - ok

19:33:03.0383 16288 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

19:33:03.0414 16288 atapi - ok

19:33:03.0492 16288 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys

19:33:03.0523 16288 AtiHdmiService - ok

19:33:03.0586 16288 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

19:33:03.0711 16288 AudioEndpointBuilder - ok

19:33:03.0742 16288 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

19:33:03.0789 16288 AudioSrv - ok

19:33:03.0898 16288 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

19:33:03.0929 16288 avast! Antivirus - ok

19:33:04.0023 16288 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

19:33:04.0147 16288 AxInstSV - ok

19:33:04.0257 16288 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

19:33:04.0335 16288 b06bdrv - ok

19:33:04.0428 16288 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

19:33:04.0506 16288 b57nd60a - ok

19:33:04.0615 16288 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys

19:33:04.0631 16288 BCM42RLY - ok

19:33:04.0740 16288 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys

19:33:04.0803 16288 BCM43XX - ok

19:33:04.0881 16288 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys

19:33:04.0896 16288 BcmVWL - ok

19:33:04.0943 16288 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

19:33:04.0974 16288 BDESVC - ok

19:33:05.0021 16288 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

19:33:05.0130 16288 Beep - ok

19:33:05.0224 16288 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

19:33:05.0302 16288 BFE - ok

19:33:05.0364 16288 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

19:33:05.0489 16288 BITS - ok

19:33:05.0567 16288 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

19:33:05.0614 16288 blbdrive - ok

19:33:05.0723 16288 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

19:33:05.0770 16288 Bonjour Service - ok

19:33:05.0863 16288 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

19:33:05.0895 16288 bowser - ok

19:33:05.0941 16288 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

19:33:06.0019 16288 BrFiltLo - ok

19:33:06.0035 16288 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

19:33:06.0051 16288 BrFiltUp - ok

19:33:06.0097 16288 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

19:33:06.0207 16288 Browser - ok

19:33:06.0300 16288 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

19:33:06.0378 16288 Brserid - ok

19:33:06.0472 16288 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

19:33:06.0519 16288 BrSerWdm - ok

19:33:06.0565 16288 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

19:33:06.0612 16288 BrUsbMdm - ok

19:33:06.0659 16288 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

19:33:06.0706 16288 BrUsbSer - ok

19:33:06.0799 16288 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

19:33:06.0877 16288 BthEnum - ok

19:33:06.0924 16288 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

19:33:06.0987 16288 BTHMODEM - ok

19:33:07.0033 16288 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

19:33:07.0096 16288 BthPan - ok

19:33:07.0221 16288 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

19:33:07.0314 16288 BTHPORT - ok

19:33:07.0392 16288 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

19:33:07.0455 16288 bthserv - ok

19:33:07.0517 16288 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

19:33:07.0564 16288 BTHUSB - ok

19:33:07.0611 16288 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys

19:33:07.0642 16288 btusbflt - ok

19:33:07.0704 16288 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys

19:33:07.0720 16288 btwaudio - ok

19:33:07.0751 16288 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys

19:33:07.0782 16288 btwavdt - ok

19:33:07.0860 16288 btwdins (10ffb5fa51d5713d872b41a59dfc2213) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

19:33:07.0907 16288 btwdins - ok

19:33:07.0985 16288 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys

19:33:08.0016 16288 btwl2cap - ok

19:33:08.0063 16288 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys

19:33:08.0079 16288 btwrchid - ok

19:33:08.0266 16288 CarboniteService (39dbdd8e86caf1cd03c00d5c931fd3fa) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

19:33:08.0469 16288 CarboniteService - ok

19:33:08.0562 16288 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

19:33:08.0640 16288 cdfs - ok

19:33:08.0718 16288 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

19:33:08.0765 16288 cdrom - ok

19:33:08.0827 16288 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

19:33:08.0937 16288 CertPropSvc - ok

19:33:09.0015 16288 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

19:33:09.0061 16288 circlass - ok

19:33:09.0124 16288 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

19:33:09.0155 16288 CLFS - ok

19:33:09.0217 16288 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:33:09.0249 16288 clr_optimization_v2.0.50727_32 - ok

19:33:09.0280 16288 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

19:33:09.0311 16288 clr_optimization_v2.0.50727_64 - ok

19:33:09.0389 16288 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:33:09.0420 16288 clr_optimization_v4.0.30319_32 - ok

19:33:09.0467 16288 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

19:33:09.0498 16288 clr_optimization_v4.0.30319_64 - ok

19:33:09.0576 16288 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

19:33:09.0623 16288 CmBatt - ok

19:33:09.0685 16288 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

19:33:09.0717 16288 cmdide - ok

19:33:09.0810 16288 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

19:33:09.0857 16288 CNG - ok

19:33:09.0935 16288 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

19:33:09.0951 16288 Compbatt - ok

19:33:10.0013 16288 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

19:33:10.0060 16288 CompositeBus - ok

19:33:10.0107 16288 COMSysApp - ok

19:33:10.0169 16288 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

19:33:10.0185 16288 crcdisk - ok

19:33:10.0263 16288 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

19:33:10.0341 16288 CryptSvc - ok

19:33:10.0450 16288 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys

19:33:10.0528 16288 CtClsFlt - ok

19:33:10.0637 16288 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

19:33:10.0699 16288 cvhsvc - ok

19:33:10.0777 16288 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

19:33:10.0887 16288 DcomLaunch - ok

19:33:10.0996 16288 DCService.exe (00eaf3956092a8008608ca6e2c5d649d) C:\ProgramData\DatacardService\DCService.exe

19:33:11.0027 16288 DCService.exe ( UnsignedFile.Multi.Generic ) - warning

19:33:11.0027 16288 DCService.exe - detected UnsignedFile.Multi.Generic (1)

19:33:11.0089 16288 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

19:33:11.0183 16288 defragsvc - ok

19:33:11.0245 16288 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

19:33:11.0339 16288 DfsC - ok

19:33:11.0433 16288 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

19:33:11.0495 16288 Dhcp - ok

19:33:11.0542 16288 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

19:33:11.0604 16288 discache - ok

19:33:11.0698 16288 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

19:33:11.0729 16288 Disk - ok

19:33:11.0776 16288 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

19:33:11.0838 16288 Dnscache - ok

19:33:11.0901 16288 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe

19:33:11.0932 16288 DockLoginService ( UnsignedFile.Multi.Generic ) - warning

19:33:11.0932 16288 DockLoginService - detected UnsignedFile.Multi.Generic (1)

19:33:12.0010 16288 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

19:33:12.0088 16288 dot3svc - ok

19:33:12.0119 16288 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

19:33:12.0213 16288 DPS - ok

19:33:12.0259 16288 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

19:33:12.0322 16288 drmkaud - ok

19:33:12.0384 16288 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

19:33:12.0431 16288 DXGKrnl - ok

19:33:12.0478 16288 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

19:33:12.0571 16288 EapHost - ok

19:33:12.0681 16288 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

19:33:12.0837 16288 ebdrv - ok

19:33:12.0868 16288 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

19:33:12.0930 16288 EFS - ok

19:33:13.0039 16288 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

19:33:13.0133 16288 ehRecvr - ok

19:33:13.0180 16288 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

19:33:13.0227 16288 ehSched - ok

19:33:13.0305 16288 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

19:33:13.0351 16288 elxstor - ok

19:33:13.0429 16288 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

19:33:13.0492 16288 ErrDev - ok

19:33:13.0554 16288 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

19:33:13.0679 16288 EventSystem - ok

19:33:13.0788 16288 ewusbnet (da7cef9ffbbd6498df106bcab84eb10a) C:\Windows\system32\DRIVERS\ewusbnet.sys

19:33:13.0851 16288 ewusbnet - ok

19:33:13.0944 16288 ew_hwusbdev (e2cbb821c7cae0ef8b56de28ed85c740) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys

19:33:14.0007 16288 ew_hwusbdev - ok

19:33:14.0053 16288 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

19:33:14.0116 16288 exfat - ok

19:33:14.0131 16288 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

19:33:14.0225 16288 fastfat - ok

19:33:14.0287 16288 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

19:33:14.0381 16288 Fax - ok

19:33:14.0459 16288 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

19:33:14.0506 16288 fdc - ok

19:33:14.0553 16288 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

19:33:14.0615 16288 fdPHost - ok

19:33:14.0631 16288 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

19:33:14.0709 16288 FDResPub - ok

19:33:14.0755 16288 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

19:33:14.0787 16288 FileInfo - ok

19:33:14.0818 16288 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

19:33:14.0911 16288 Filetrace - ok

19:33:14.0958 16288 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

19:33:14.0974 16288 flpydisk - ok

19:33:15.0005 16288 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

19:33:15.0036 16288 FltMgr - ok

19:33:15.0099 16288 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

19:33:15.0208 16288 FontCache - ok

19:33:15.0333 16288 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

19:33:15.0348 16288 FontCache3.0.0.0 - ok

19:33:15.0395 16288 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

19:33:15.0426 16288 FsDepends - ok

19:33:15.0457 16288 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

19:33:15.0489 16288 Fs_Rec - ok

19:33:15.0582 16288 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

19:33:15.0613 16288 fvevol - ok

19:33:15.0645 16288 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

19:33:15.0676 16288 gagp30kx - ok

19:33:15.0769 16288 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe

19:33:15.0801 16288 GameConsoleService - ok

19:33:15.0879 16288 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

19:33:15.0894 16288 GEARAspiWDM - ok

19:33:15.0941 16288 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe

19:33:15.0957 16288 GoToAssist - ok

19:33:16.0066 16288 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

19:33:16.0191 16288 gpsvc - ok

19:33:16.0238 16288 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

19:33:16.0300 16288 hcw85cir - ok

19:33:16.0347 16288 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

19:33:16.0394 16288 HDAudBus - ok

19:33:16.0440 16288 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

19:33:16.0456 16288 HECIx64 - ok

19:33:16.0503 16288 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

19:33:16.0550 16288 HidBatt - ok

19:33:16.0565 16288 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

19:33:16.0628 16288 HidBth - ok

19:33:16.0706 16288 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

19:33:16.0752 16288 HidIr - ok

19:33:16.0799 16288 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

19:33:16.0893 16288 hidserv - ok

19:33:17.0002 16288 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

19:33:17.0018 16288 HidUsb - ok

19:33:17.0080 16288 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

19:33:17.0189 16288 hkmsvc - ok

19:33:17.0252 16288 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

19:33:17.0330 16288 HomeGroupListener - ok

19:33:17.0361 16288 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

19:33:17.0423 16288 HomeGroupProvider - ok

19:33:17.0517 16288 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

19:33:17.0548 16288 HpSAMD - ok

19:33:17.0610 16288 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

19:33:17.0704 16288 HTTP - ok

19:33:17.0813 16288 huawei_enumerator (6dbd08bc1331c78548298e82c4b667c5) C:\Windows\system32\DRIVERS\ew_jubusenum.sys

19:33:17.0876 16288 huawei_enumerator - ok

19:33:17.0985 16288 hwdatacard (6e5cd3984742a922d0c183c7e82c3c94) C:\Windows\system32\DRIVERS\ewusbmdm.sys

19:33:18.0063 16288 hwdatacard - ok

19:33:18.0141 16288 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

19:33:18.0172 16288 hwpolicy - ok

19:33:18.0281 16288 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

19:33:18.0328 16288 i8042prt - ok

19:33:18.0375 16288 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys

19:33:18.0406 16288 iaStor - ok

19:33:18.0468 16288 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

19:33:18.0500 16288 iaStorV - ok

19:33:18.0593 16288 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

19:33:18.0656 16288 idsvc - ok

19:33:18.0734 16288 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

19:33:18.0749 16288 iirsp - ok

19:33:18.0827 16288 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

19:33:18.0921 16288 IKEEXT - ok

19:33:19.0014 16288 IntcAzAudAddService (6e4ccb3aff07e2b9f2a937385c84b573) C:\Windows\system32\drivers\RTKVHD64.sys

19:33:19.0077 16288 IntcAzAudAddService - ok

19:33:19.0264 16288 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

19:33:19.0295 16288 intelide - ok

19:33:19.0326 16288 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

19:33:19.0373 16288 intelppm - ok

19:33:19.0467 16288 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

19:33:19.0545 16288 IPBusEnum - ok

19:33:19.0607 16288 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:33:19.0685 16288 IpFilterDriver - ok

19:33:19.0763 16288 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

19:33:19.0857 16288 iphlpsvc - ok

19:33:19.0950 16288 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

19:33:20.0013 16288 IPMIDRV - ok

19:33:20.0060 16288 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

19:33:20.0122 16288 IPNAT - ok

19:33:20.0200 16288 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe

19:33:20.0262 16288 iPod Service - ok

19:33:20.0496 16288 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

19:33:20.0543 16288 IRENUM - ok

19:33:20.0590 16288 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

19:33:20.0621 16288 isapnp - ok

19:33:20.0637 16288 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

19:33:20.0684 16288 iScsiPrt - ok

19:33:20.0715 16288 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

19:33:20.0730 16288 kbdclass - ok

19:33:20.0824 16288 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

19:33:20.0871 16288 kbdhid - ok

19:33:20.0933 16288 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:33:20.0964 16288 KeyIso - ok

19:33:21.0011 16288 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

19:33:21.0042 16288 KSecDD - ok

19:33:21.0074 16288 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

19:33:21.0105 16288 KSecPkg - ok

19:33:21.0136 16288 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

19:33:21.0214 16288 ksthunk - ok

19:33:21.0245 16288 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

19:33:21.0354 16288 KtmRm - ok

19:33:21.0448 16288 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys

19:33:21.0464 16288 L1C - ok

19:33:21.0542 16288 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

19:33:21.0635 16288 LanmanServer - ok

19:33:21.0682 16288 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

19:33:21.0776 16288 LanmanWorkstation - ok

19:33:21.0869 16288 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

19:33:21.0932 16288 lltdio - ok

19:33:21.0978 16288 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

19:33:22.0056 16288 lltdsvc - ok

19:33:22.0088 16288 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

19:33:22.0150 16288 lmhosts - ok

19:33:22.0212 16288 LMS (23d990150d56b670a62b21b9abdd45ee) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

19:33:22.0228 16288 LMS - ok

19:33:22.0322 16288 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

19:33:22.0337 16288 LSI_FC - ok

19:33:22.0384 16288 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

19:33:22.0415 16288 LSI_SAS - ok

19:33:22.0462 16288 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

19:33:22.0493 16288 LSI_SAS2 - ok

19:33:22.0524 16288 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

19:33:22.0556 16288 LSI_SCSI - ok

19:33:22.0602 16288 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

19:33:22.0680 16288 luafv - ok

19:33:22.0805 16288 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

19:33:22.0821 16288 MBAMProtector - ok

19:33:22.0914 16288 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

19:33:22.0961 16288 MBAMService - ok

19:33:23.0024 16288 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

19:33:23.0086 16288 Mcx2Svc - ok

19:33:23.0164 16288 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

19:33:23.0195 16288 MDM - ok

19:33:23.0273 16288 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

19:33:23.0289 16288 megasas - ok

19:33:23.0336 16288 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

19:33:23.0367 16288 MegaSR - ok

19:33:23.0414 16288 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

19:33:23.0507 16288 MMCSS - ok

19:33:23.0538 16288 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

19:33:23.0601 16288 Modem - ok

19:33:23.0648 16288 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

19:33:23.0710 16288 monitor - ok

19:33:23.0788 16288 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

19:33:23.0804 16288 mouclass - ok

19:33:23.0897 16288 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

19:33:23.0944 16288 mouhid - ok

19:33:24.0006 16288 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

19:33:24.0038 16288 mountmgr - ok

19:33:24.0069 16288 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

19:33:24.0100 16288 mpio - ok

19:33:24.0131 16288 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

19:33:24.0194 16288 mpsdrv - ok

19:33:24.0240 16288 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

19:33:24.0350 16288 MpsSvc - ok

19:33:24.0584 16288 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

19:33:24.0646 16288 MRxDAV - ok

19:33:24.0708 16288 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

19:33:24.0755 16288 mrxsmb - ok

19:33:24.0818 16288 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:33:24.0864 16288 mrxsmb10 - ok

19:33:24.0896 16288 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:33:24.0927 16288 mrxsmb20 - ok

19:33:24.0958 16288 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

19:33:24.0989 16288 msahci - ok

19:33:25.0036 16288 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

19:33:25.0067 16288 msdsm - ok

19:33:25.0083 16288 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

19:33:25.0145 16288 MSDTC - ok

19:33:25.0192 16288 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

19:33:25.0254 16288 Msfs - ok

19:33:25.0270 16288 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

19:33:25.0317 16288 mshidkmdf - ok

19:33:25.0348 16288 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

19:33:25.0348 16288 msisadrv - ok

19:33:25.0395 16288 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

19:33:25.0473 16288 MSiSCSI - ok

19:33:25.0473 16288 msiserver - ok

19:33:25.0520 16288 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

19:33:25.0582 16288 MSKSSRV - ok

19:33:25.0598 16288 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

19:33:25.0691 16288 MSPCLOCK - ok

19:33:25.0785 16288 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

19:33:25.0863 16288 MSPQM - ok

19:33:25.0925 16288 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

19:33:25.0956 16288 MsRPC - ok

19:33:26.0019 16288 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

19:33:26.0050 16288 mssmbios - ok

19:33:26.0081 16288 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

19:33:26.0159 16288 MSTEE - ok

19:33:26.0190 16288 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

19:33:26.0206 16288 MTConfig - ok

19:33:26.0222 16288 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

19:33:26.0253 16288 Mup - ok

19:33:26.0300 16288 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

19:33:26.0393 16288 napagent - ok

19:33:26.0502 16288 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

19:33:26.0549 16288 NativeWifiP - ok

19:33:26.0643 16288 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

19:33:26.0690 16288 NDIS - ok

19:33:26.0736 16288 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

19:33:26.0814 16288 NdisCap - ok

19:33:26.0877 16288 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

19:33:26.0924 16288 NdisTapi - ok

19:33:26.0986 16288 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

19:33:27.0064 16288 Ndisuio - ok

19:33:27.0126 16288 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

19:33:27.0204 16288 NdisWan - ok

19:33:27.0267 16288 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

19:33:27.0329 16288 NDProxy - ok

19:33:27.0423 16288 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

19:33:27.0485 16288 NetBIOS - ok

19:33:27.0532 16288 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

19:33:27.0641 16288 NetBT - ok

19:33:27.0672 16288 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:33:27.0704 16288 Netlogon - ok

19:33:27.0766 16288 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

19:33:27.0875 16288 Netman - ok

19:33:27.0969 16288 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

19:33:28.0047 16288 netprofm - ok

19:33:28.0109 16288 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

19:33:28.0140 16288 NetTcpPortSharing - ok

19:33:28.0203 16288 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

19:33:28.0234 16288 nfrd960 - ok

19:33:28.0296 16288 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

19:33:28.0374 16288 NlaSvc - ok

19:33:28.0406 16288 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

19:33:28.0468 16288 Npfs - ok

19:33:28.0499 16288 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

19:33:28.0593 16288 nsi - ok

19:33:28.0624 16288 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

19:33:28.0671 16288 nsiproxy - ok

19:33:28.0764 16288 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

19:33:28.0842 16288 Ntfs - ok

19:33:28.0920 16288 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

19:33:28.0998 16288 Null - ok

19:33:29.0061 16288 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

19:33:29.0092 16288 nvraid - ok

19:33:29.0123 16288 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

19:33:29.0154 16288 nvstor - ok

19:33:29.0232 16288 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

19:33:29.0264 16288 nv_agp - ok

19:33:29.0279 16288 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

19:33:29.0342 16288 ohci1394 - ok

19:33:29.0420 16288 OlyUsbCam (ed74264b8b3ba640ce97130862732b4e) C:\Windows\system32\DRIVERS\OlyUsbCam.sys

19:33:29.0451 16288 OlyUsbCam - ok

19:33:29.0513 16288 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

19:33:29.0529 16288 ose - ok

19:33:29.0700 16288 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

19:33:29.0872 16288 osppsvc - ok

19:33:29.0981 16288 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

19:33:30.0075 16288 p2pimsvc - ok

19:33:30.0122 16288 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

19:33:30.0168 16288 p2psvc - ok

19:33:30.0262 16288 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

19:33:30.0293 16288 Parport - ok

19:33:30.0356 16288 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

19:33:30.0387 16288 partmgr - ok

19:33:30.0434 16288 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

19:33:30.0496 16288 PcaSvc - ok

19:33:30.0558 16288 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

19:33:30.0574 16288 pci - ok

19:33:30.0621 16288 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

19:33:30.0636 16288 pciide - ok

19:33:30.0683 16288 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

19:33:30.0699 16288 pcmcia - ok

19:33:30.0714 16288 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

19:33:30.0730 16288 pcw - ok

19:33:30.0761 16288 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

19:33:30.0839 16288 PEAUTH - ok

19:33:30.0948 16288 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

19:33:30.0995 16288 PerfHost - ok

19:33:31.0089 16288 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

19:33:31.0182 16288 pla - ok

19:33:31.0229 16288 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

19:33:31.0323 16288 PlugPlay - ok

19:33:31.0385 16288 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

19:33:31.0416 16288 PNRPAutoReg - ok

19:33:31.0432 16288 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

19:33:31.0463 16288 PNRPsvc - ok

19:33:31.0494 16288 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

19:33:31.0588 16288 PolicyAgent - ok

19:33:31.0666 16288 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

19:33:31.0760 16288 Power - ok

19:33:31.0838 16288 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

19:33:31.0916 16288 PptpMiniport - ok

19:33:32.0025 16288 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

19:33:32.0072 16288 Processor - ok

19:33:32.0134 16288 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

19:33:32.0243 16288 ProfSvc - ok

19:33:32.0274 16288 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:33:32.0306 16288 ProtectedStorage - ok

19:33:32.0384 16288 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

19:33:32.0462 16288 Psched - ok

19:33:32.0493 16288 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

19:33:32.0524 16288 PxHlpa64 - ok

19:33:32.0633 16288 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

19:33:32.0696 16288 ql2300 - ok

19:33:32.0711 16288 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

19:33:32.0727 16288 ql40xx - ok

19:33:32.0758 16288 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

19:33:32.0805 16288 QWAVE - ok

19:33:32.0820 16288 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

19:33:32.0867 16288 QWAVEdrv - ok

19:33:32.0898 16288 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

19:33:32.0930 16288 RasAcd - ok

19:33:32.0976 16288 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

19:33:33.0023 16288 RasAgileVpn - ok

19:33:33.0101 16288 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

19:33:33.0195 16288 RasAuto - ok

19:33:33.0242 16288 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

19:33:33.0320 16288 Rasl2tp - ok

19:33:33.0382 16288 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

19:33:33.0491 16288 RasMan - ok

19:33:33.0538 16288 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

19:33:33.0616 16288 RasPppoe - ok

19:33:33.0663 16288 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

19:33:33.0725 16288 RasSstp - ok

19:33:33.0772 16288 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

19:33:33.0834 16288 rdbss - ok

19:33:33.0912 16288 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

19:33:33.0975 16288 rdpbus - ok

19:33:34.0068 16288 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

19:33:34.0162 16288 RDPCDD - ok

19:33:34.0240 16288 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

19:33:34.0287 16288 RDPENCDD - ok

19:33:34.0334 16288 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

19:33:34.0380 16288 RDPREFMP - ok

19:33:34.0427 16288 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

19:33:34.0505 16288 RDPWD - ok

19:33:34.0536 16288 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

19:33:34.0568 16288 rdyboost - ok

19:33:34.0599 16288 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

19:33:34.0692 16288 RemoteAccess - ok

19:33:34.0724 16288 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

19:33:34.0802 16288 RemoteRegistry - ok

19:33:34.0880 16288 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

19:33:34.0926 16288 RFCOMM - ok

19:33:35.0004 16288 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

19:33:35.0098 16288 RpcEptMapper - ok

19:33:35.0145 16288 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

19:33:35.0207 16288 RpcLocator - ok

19:33:35.0238 16288 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

19:33:35.0301 16288 RpcSs - ok

19:33:35.0332 16288 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

19:33:35.0394 16288 rspndr - ok

19:33:35.0441 16288 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys

19:33:35.0472 16288 RSUSBSTOR - ok

19:33:35.0504 16288 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:33:35.0535 16288 SamSs - ok

19:33:35.0566 16288 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

19:33:35.0597 16288 sbp2port - ok

19:33:35.0628 16288 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

19:33:35.0722 16288 SCardSvr - ok

19:33:35.0769 16288 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

19:33:35.0847 16288 scfilter - ok

19:33:35.0925 16288 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

19:33:36.0065 16288 Schedule - ok

19:33:36.0159 16288 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

19:33:36.0206 16288 SCPolicySvc - ok

19:33:36.0268 16288 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

19:33:36.0315 16288 SDRSVC - ok

19:33:36.0377 16288 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

19:33:36.0408 16288 SeaPort - ok

19:33:36.0486 16288 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

19:33:36.0549 16288 secdrv - ok

19:33:36.0580 16288 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

19:33:36.0674 16288 seclogon - ok

19:33:36.0736 16288 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

19:33:36.0798 16288 SENS - ok

19:33:36.0845 16288 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

19:33:36.0923 16288 SensrSvc - ok

19:33:37.0001 16288 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

19:33:37.0048 16288 Serenum - ok

19:33:37.0110 16288 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

19:33:37.0157 16288 Serial - ok

19:33:37.0220 16288 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

19:33:37.0251 16288 sermouse - ok

19:33:37.0298 16288 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

19:33:37.0376 16288 SessionEnv - ok

19:33:37.0407 16288 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

19:33:37.0469 16288 sffdisk - ok

19:33:37.0563 16288 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

19:33:37.0610 16288 sffp_mmc - ok

19:33:37.0641 16288 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

19:33:37.0688 16288 sffp_sd - ok

19:33:37.0750 16288 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

19:33:37.0781 16288 sfloppy - ok

19:33:37.0859 16288 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

19:33:37.0875 16288 Sftfs - ok

19:33:37.0937 16288 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

19:33:37.0968 16288 sftlist - ok

19:33:38.0046 16288 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

19:33:38.0078 16288 Sftplay - ok

19:33:38.0140 16288 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

19:33:38.0171 16288 Sftredir - ok

19:33:38.0280 16288 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

19:33:38.0343 16288 SftService - ok

19:33:38.0421 16288 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

19:33:38.0452 16288 Sftvol - ok

19:33:38.0514 16288 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

19:33:38.0530 16288 sftvsa - ok

19:33:38.0592 16288 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

19:33:38.0639 16288 SharedAccess - ok

19:33:38.0686 16288 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

19:33:38.0764 16288 ShellHWDetection - ok

19:33:38.0811 16288 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

19:33:38.0826 16288 SiSRaid2 - ok

19:33:38.0842 16288 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

19:33:38.0858 16288 SiSRaid4 - ok

19:33:38.0889 16288 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

19:33:38.0936 16288 Smb - ok

19:33:38.0967 16288 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

19:33:39.0029 16288 SNMPTRAP - ok

19:33:39.0107 16288 SPAMfighter Update Service (ed9f035593588b6fec21478c6b9e0452) C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe

19:33:39.0138 16288 SPAMfighter Update Service - ok

19:33:39.0232 16288 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

19:33:39.0248 16288 spldr - ok

19:33:39.0326 16288 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

19:33:39.0404 16288 Spooler - ok

19:33:39.0528 16288 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

19:33:39.0685 16288 sppsvc - ok

19:33:39.0732 16288 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

19:33:39.0841 16288 sppuinotify - ok

19:33:39.0904 16288 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

19:33:39.0919 16288 sprtsvc_DellSupportCenter - ok

19:33:40.0013 16288 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

19:33:40.0091 16288 srv - ok

19:33:40.0138 16288 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

19:33:40.0185 16288 srv2 - ok

19:33:40.0231 16288 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

19:33:40.0278 16288 srvnet - ok

19:33:40.0356 16288 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

19:33:40.0450 16288 SSDPSRV - ok

19:33:40.0481 16288 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

19:33:40.0528 16288 SstpSvc - ok

19:33:40.0575 16288 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

19:33:40.0590 16288 stexstor - ok

19:33:40.0654 16288 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

19:33:40.0747 16288 stisvc - ok

19:33:40.0856 16288 Suite Service (e567825c5f3934e13c8d755611954a7e) C:\Program Files (x86)\Fighters\FighterSuiteService.exe

19:33:40.0903 16288 Suite Service - ok

19:33:40.0997 16288 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

19:33:41.0012 16288 swenum - ok

19:33:41.0106 16288 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

19:33:41.0153 16288 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning

19:33:41.0153 16288 SwitchBoard - detected UnsignedFile.Multi.Generic (1)

19:33:41.0246 16288 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

19:33:41.0371 16288 swprv - ok

19:33:41.0434 16288 SynTP (c25866bdf0e818e02bb8e76845d26e54) C:\Windows\system32\DRIVERS\SynTP.sys

19:33:41.0465 16288 SynTP - ok

19:33:41.0527 16288 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

19:33:41.0652 16288 SysMain - ok

19:33:41.0699 16288 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

19:33:41.0746 16288 TabletInputService - ok

19:33:41.0761 16288 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

19:33:41.0870 16288 TapiSrv - ok

19:33:41.0902 16288 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

19:33:41.0948 16288 TBS - ok

19:33:42.0026 16288 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

19:33:42.0120 16288 Tcpip - ok

19:33:42.0198 16288 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

19:33:42.0260 16288 TCPIP6 - ok

19:33:42.0292 16288 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

19:33:42.0385 16288 tcpipreg - ok

19:33:42.0416 16288 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

19:33:42.0463 16288 TDPIPE - ok

19:33:42.0510 16288 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

19:33:42.0541 16288 TDTCP - ok

19:33:42.0572 16288 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

19:33:42.0635 16288 tdx - ok

19:33:42.0682 16288 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

19:33:42.0697 16288 TermDD - ok

19:33:42.0744 16288 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

19:33:42.0853 16288 TermService - ok

19:33:42.0884 16288 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

19:33:42.0947 16288 Themes - ok

19:33:42.0994 16288 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

19:33:43.0056 16288 THREADORDER - ok

19:33:43.0072 16288 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

19:33:43.0134 16288 TrkWks - ok

19:33:43.0212 16288 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

19:33:43.0306 16288 TrustedInstaller - ok

19:33:43.0399 16288 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

19:33:43.0508 16288 tssecsrv - ok

19:33:43.0571 16288 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

19:33:43.0618 16288 TsUsbFlt - ok

19:33:43.0711 16288 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

19:33:43.0805 16288 tunnel - ok

19:33:43.0836 16288 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

19:33:43.0852 16288 uagp35 - ok

19:33:43.0914 16288 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

19:33:43.0976 16288 udfs - ok

19:33:44.0054 16288 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

19:33:44.0086 16288 UI0Detect - ok

19:33:44.0148 16288 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

19:33:44.0195 16288 uliagpkx - ok

19:33:44.0210 16288 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

19:33:44.0273 16288 umbus - ok

19:33:44.0351 16288 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

19:33:44.0413 16288 UmPass - ok

19:33:44.0538 16288 UNS (cbdee152d73200ee49031a26310b9d3e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

19:33:44.0647 16288 UNS - ok

19:33:44.0725 16288 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

19:33:44.0850 16288 upnphost - ok

19:33:44.0928 16288 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

19:33:44.0975 16288 usbaudio - ok

19:33:45.0037 16288 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

19:33:45.0115 16288 usbccgp - ok

19:33:45.0162 16288 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

19:33:45.0193 16288 usbcir - ok

19:33:45.0271 16288 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

19:33:45.0334 16288 usbehci - ok

19:33:45.0380 16288 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

19:33:45.0443 16288 usbhub - ok

19:33:45.0490 16288 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

19:33:45.0521 16288 usbohci - ok

19:33:45.0552 16288 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

19:33:45.0614 16288 usbprint - ok

19:33:45.0646 16288 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

19:33:45.0708 16288 usbscan - ok

19:33:45.0755 16288 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:33:45.0833 16288 USBSTOR - ok

19:33:45.0911 16288 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

19:33:45.0973 16288 usbuhci - ok

19:33:46.0036 16288 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

19:33:46.0082 16288 usbvideo - ok

19:33:46.0114 16288 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

19:33:46.0192 16288 UxSms - ok

19:33:46.0223 16288 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:33:46.0238 16288 VaultSvc - ok

19:33:46.0316 16288 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

19:33:46.0348 16288 vdrvroot - ok

19:33:46.0410 16288 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

19:33:46.0519 16288 vds - ok

19:33:46.0613 16288 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

19:33:46.0660 16288 vga - ok

19:33:46.0691 16288 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

19:33:46.0769 16288 VgaSave - ok

19:33:46.0987 16288 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

19:33:47.0050 16288 vhdmp - ok

19:33:47.0159 16288 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

19:33:47.0190 16288 viaide - ok

19:33:47.0252 16288 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

19:33:47.0299 16288 volmgr - ok

19:33:47.0674 16288 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

19:33:47.0705 16288 volmgrx - ok

19:33:47.0892 16288 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

19:33:47.0923 16288 volsnap - ok

19:33:48.0017 16288 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

19:33:48.0064 16288 vsmraid - ok

19:33:48.0142 16288 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

19:33:48.0344 16288 VSS - ok

19:33:48.0422 16288 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

19:33:48.0485 16288 vwifibus - ok

19:33:48.0532 16288 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

19:33:48.0578 16288 vwififlt - ok

19:33:48.0641 16288 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

19:33:48.0781 16288 W32Time - ok

19:33:48.0844 16288 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

19:33:48.0875 16288 WacomPen - ok

19:33:48.0953 16288 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

19:33:49.0046 16288 WANARP - ok

19:33:49.0046 16288 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

19:33:49.0093 16288 Wanarpv6 - ok

19:33:49.0561 16288 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

19:33:49.0655 16288 WatAdminSvc - ok

19:33:50.0014 16288 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

19:33:50.0170 16288 wbengine - ok

19:33:50.0248 16288 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

19:33:50.0326 16288 WbioSrvc - ok

19:33:50.0372 16288 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

19:33:50.0419 16288 wcncsvc - ok

19:33:50.0466 16288 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

19:33:50.0544 16288 WcsPlugInService - ok

19:33:50.0591 16288 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

19:33:50.0622 16288 Wd - ok

19:33:50.0669 16288 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

19:33:50.0716 16288 Wdf01000 - ok

19:33:50.0747 16288 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

19:33:50.0887 16288 WdiServiceHost - ok

19:33:50.0887 16288 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

19:33:50.0918 16288 WdiSystemHost - ok

19:33:50.0950 16288 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

19:33:51.0028 16288 WebClient - ok

19:33:51.0059 16288 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

19:33:51.0152 16288 Wecsvc - ok

19:33:51.0184 16288 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

19:33:51.0277 16288 wercplsupport - ok

19:33:51.0324 16288 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

19:33:51.0371 16288 WerSvc - ok

19:33:51.0433 16288 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

19:33:51.0511 16288 WfpLwf - ok

19:33:51.0620 16288 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

19:33:51.0652 16288 WimFltr - ok

19:33:51.0714 16288 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

19:33:51.0761 16288 WIMMount - ok

19:33:51.0808 16288 WinDefend - ok

19:33:51.0808 16288 WinHttpAutoProxySvc - ok

19:33:52.0010 16288 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

19:33:52.0088 16288 Winmgmt - ok

19:33:52.0213 16288 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

19:33:52.0369 16288 WinRM - ok

19:33:52.0697 16288 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

19:33:52.0775 16288 WinUsb - ok

19:33:53.0274 16288 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

19:33:53.0352 16288 Wlansvc - ok

19:33:53.0820 16288 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

19:33:53.0914 16288 wlidsvc - ok

19:33:53.0960 16288 wltrysvc (de816a0624d54d68e1fb8a9028dcf81a) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

19:33:53.0992 16288 wltrysvc ( UnsignedFile.Multi.Generic ) - warning

19:33:53.0992 16288 wltrysvc - detected UnsignedFile.Multi.Generic (1)

19:33:54.0101 16288 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

19:33:54.0132 16288 WmiAcpi - ok

19:33:54.0413 16288 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

19:33:54.0475 16288 wmiApSrv - ok

19:33:54.0538 16288 WMPNetworkSvc - ok

19:33:54.0756 16288 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

19:33:54.0803 16288 WPCSvc - ok

19:33:54.0850 16288 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

19:33:54.0881 16288 WPDBusEnum - ok

19:33:54.0959 16288 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

19:33:55.0037 16288 ws2ifsl - ok

19:33:55.0099 16288 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

19:33:55.0146 16288 wscsvc - ok

19:33:55.0208 16288 WSearch - ok

19:33:55.0723 16288 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

19:33:55.0973 16288 wuauserv - ok

19:33:56.0581 16288 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

19:33:56.0675 16288 WudfPf - ok

19:33:57.0112 16288 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

19:33:57.0158 16288 WUDFRd - ok

19:33:57.0408 16288 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

19:33:57.0455 16288 wudfsvc - ok

19:33:57.0704 16288 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

19:33:57.0736 16288 WwanSvc - ok

19:33:57.0892 16288 MBR (0x1B8) (e9f67288208d53ef770f82e186904857) \Device\Harddisk0\DR0

19:33:57.0923 16288 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

19:33:57.0923 16288 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

19:33:58.0048 16288 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

19:33:58.0048 16288 \Device\Harddisk0\DR0 - detected TDSS File System (1)

19:33:58.0094 16288 Boot (0x1200) (968d613a98673a9b1e5aff3358e72170) \Device\Harddisk0\DR0\Partition0

19:33:58.0094 16288 \Device\Harddisk0\DR0\Partition0 - ok

19:33:58.0110 16288 Boot (0x1200) (ec7a06e888a1b22ccdee0d0b2ee5ec30) \Device\Harddisk0\DR0\Partition1

19:33:58.0110 16288 \Device\Harddisk0\DR0\Partition1 - ok

19:33:58.0110 16288 ============================================================

19:33:58.0110 16288 Scan finished

19:33:58.0110 16288 ============================================================

19:33:58.0141 14888 Detected object count: 8

19:33:58.0141 14888 Actual detected object count: 8

19:35:00.0198 14888 Akamai ( HiddenFile.Multi.Generic ) - skipped by user

19:35:00.0198 14888 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

19:35:00.0198 14888 Amazon Download Agent ( UnsignedFile.Multi.Generic ) - skipped by user

19:35:00.0198 14888 Amazon Download Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:35:00.0198 14888 DCService.exe ( UnsignedFile.Multi.Generic ) - skipped by user

19:35:00.0198 14888 DCService.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:35:00.0198 14888 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user

19:35:00.0198 14888 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:35:00.0198 14888 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user

19:35:00.0198 14888 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:35:00.0198 14888 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user

19:35:00.0198 14888 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:35:00.0494 14888 \Device\Harddisk0\DR0\# - copied to quarantine

19:35:00.0494 14888 \Device\Harddisk0\DR0 - copied to quarantine

19:35:00.0635 14888 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

19:35:00.0650 14888 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

19:35:00.0682 14888 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

19:35:00.0697 14888 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

19:35:00.0775 14888 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

19:35:00.0791 14888 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

19:35:00.0791 14888 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

19:35:00.0806 14888 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

19:35:00.0806 14888 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

19:35:00.0806 14888 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

19:35:00.0806 14888 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

19:35:00.0822 14888 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

19:35:00.0869 14888 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

19:35:00.0869 14888 \Device\Harddisk0\DR0 - ok

19:35:01.0025 14888 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

19:35:01.0040 14888 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

19:35:01.0040 14888 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

19:35:21.0414 16352 Deinitialize success

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.04.04.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Bob Jones :: DELL-LAPTOP [administrator]

Protection: Disabled

4/5/2012 7:50:58 PM

mbam-log-2012-04-05 (19-50-58).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 201845

Time elapsed: 5 minute(s), 40 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 5144 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.04.04.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Bob Jones :: DELL-LAPTOP [administrator]

Protection: Disabled

4/5/2012 7:50:58 PM

mbam-log-2012-04-05 (19-50-58).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 201845

Time elapsed: 5 minute(s), 40 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 5144 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

Yes. It's disabled because I keep getting messages about infection.

Am looking to get rid of this. It keeps acting like vundo right now

Share this post


Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Share this post


Link to post
Share on other sites

ComboFix 12-04-06.02 - Bob Jones 04/06/2012 18:01:30.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6005.4333 [GMT -4:00]

Running from: c:\users\Bob Jones\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Bob Jones\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3E7850DB-C7B6-48FB-AE0B-D5E0FA69C642}.xps

c:\users\Bob Jones\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E11E957C-3852-4DE5-B6A7-9EE9FBAC0185}.xps

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))

.

.

2012-04-06 22:09 . 2012-04-06 22:09 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2012-04-06 22:09 . 2012-04-06 22:09 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-05 23:35 . 2012-04-05 23:35 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-04 06:21 . 2012-04-05 09:59 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98DC1D1E-C247-4AAE-B2EF-7F1699394DA6}\offreg.dll

2012-04-04 01:03 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98DC1D1E-C247-4AAE-B2EF-7F1699394DA6}\mpengine.dll

2012-04-03 06:01 . 2012-04-03 06:01 -------- d-----w- c:\users\Bob Jones\AppData\Roaming\Malwarebytes

2012-04-03 06:00 . 2012-04-03 06:00 -------- d-----w- c:\programdata\Malwarebytes

2012-04-03 06:00 . 2012-04-03 06:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-04-03 06:00 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-03 05:17 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-04-03 05:17 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-04-03 05:17 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-04-03 05:17 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-04-03 05:17 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-04-03 05:17 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe

2012-04-03 05:17 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-04-03 05:16 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr

2012-04-03 05:16 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-04-03 05:16 . 2012-04-03 05:16 -------- d-----w- c:\programdata\AVAST Software

2012-04-03 05:16 . 2012-04-03 05:16 -------- d-----w- c:\program files\AVAST Software

2012-04-03 04:46 . 2012-02-23 13:18 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-04-03 02:37 . 2012-04-03 02:37 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-04-03 02:37 . 2012-04-03 02:36 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll

2012-03-31 02:34 . 2012-04-02 23:59 -------- d-----w- c:\users\Bob Jones\AppData\Roaming\Titanium

2012-03-31 02:33 . 2012-04-03 04:30 -------- d-----w- c:\users\Bob Jones\AppData\Local\Eye-Fi

2012-03-31 02:31 . 2012-04-02 04:01 -------- d-----w- c:\users\Bob Jones\AppData\Roaming\Eye-Fi

2012-03-29 10:30 . 2012-03-29 10:30 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer

2012-03-29 10:30 . 2012-03-29 10:30 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer

2012-03-24 20:19 . 2007-03-22 23:24 26785 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\STRINGS.JS

2012-03-24 20:19 . 2007-03-22 23:24 23534 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\PRELOAD.JS

2012-03-24 20:19 . 2007-03-22 23:24 23063 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\SETTEXT.JS

2012-03-24 20:19 . 2007-03-22 23:24 19244 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\FPLIB.JS

2012-03-24 20:19 . 2007-03-22 23:24 19856 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\_PRELOAD.JS

2012-03-24 20:19 . 2007-03-22 23:24 18621 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\DOM.JS

2012-03-24 20:19 . 2007-03-22 23:24 16836 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\GETOBJ.JS

2012-03-24 20:19 . 2007-03-22 23:24 16565 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\_JMPMENU.JS

2012-03-20 01:22 . 2012-03-20 01:22 0 ----a-w- c:\windows\SysWow64\sho69DC.tmp

2012-03-19 23:08 . 2012-03-19 23:08 -------- d-----w- c:\programdata\App4rTemp

2012-03-19 23:07 . 2012-03-19 23:07 -------- d-----w- c:\users\Bob Jones\AppData\Roaming\Lexmark Productivity Studio

2012-03-19 22:49 . 2012-03-19 22:49 -------- d-----w- c:\programdata\Ezprint

2012-03-19 22:49 . 2012-03-19 22:49 -------- d-----w- c:\program files (x86)\Lexmark Toolbar

2012-03-19 22:41 . 2012-03-19 23:08 -------- d-----w- c:\programdata\Lx_cats

2012-03-19 22:41 . 2009-08-19 18:06 25600 ----a-w- c:\windows\system32\lxdxcaps64.dll

2012-03-19 22:41 . 2009-08-19 18:06 81920 ----a-w- c:\windows\SysWow64\lxdxcaps.dll

2012-03-19 22:41 . 2009-08-19 18:06 1024512 ----a-w- c:\windows\system32\lxdxdrs64.dll

2012-03-19 22:41 . 2009-08-19 18:06 782336 ----a-w- c:\windows\SysWow64\lxdxdrs.dll

2012-03-19 22:41 . 2009-08-19 18:00 54784 ----a-w- c:\windows\system32\lxdxcnv464.dll

2012-03-19 22:41 . 2009-08-19 18:00 77906 ----a-w- c:\windows\SysWow64\lxdxcfg.dll

2012-03-19 22:41 . 2009-08-19 18:00 69632 ----a-w- c:\windows\SysWow64\lxdxcnv4.dll

2012-03-19 22:41 . 2009-08-19 18:00 65536 ----a-w- c:\windows\system32\lxdxcfg64.dll

2012-03-19 22:39 . 2012-03-19 22:39 -------- d-----w- C:\logs

2012-03-19 22:36 . 2012-03-19 22:36 -------- d-----w- C:\lexmark

2012-03-17 03:04 . 2012-03-17 03:12 -------- d-----w- c:\users\Bob Jones\AppData\Roaming\AVG

2012-03-14 07:05 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-14 07:05 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-14 07:05 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-14 04:01 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 04:01 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 04:01 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-14 04:01 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 04:01 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 04:01 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 04:00 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 04:00 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-14 04:00 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 04:00 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-11 17:14 . 2012-03-11 17:14 0 ----a-w- c:\windows\SysWow64\sho64D5.tmp

2012-03-11 16:53 . 2012-03-11 16:53 -------- d-----w- c:\program files\iPod

2012-03-11 16:53 . 2012-03-11 16:53 -------- d-----w- c:\program files\iTunes

2012-03-11 16:53 . 2012-03-11 16:53 -------- d-----w- c:\program files (x86)\iTunes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-03 02:36 . 2011-02-18 17:53 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-02-26 17:55 . 2012-02-26 17:55 0 ----a-w- c:\windows\SysWow64\sho2F79.tmp

2012-02-26 02:58 . 2011-09-11 12:11 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2012-02-03 20:24 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2012-02-03 20:24 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2012-02-03 20:24 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\users\Bob Jones\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]

"HW_OPENEYE_OUC_"="c:\program files (x86)\Cricket Broadband EC1705\UpdateDog\ouc.exe" [2011-03-09 196608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"sfagent"="c:\program files (x86)\Fighters\SPAMfighter\sfagent.exe" [2010-11-16 821384]

"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" [2011-03-24 1304]

"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]

"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-02-03 1059472]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-08 559616]

.

c:\users\Bob Jones\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]

StickyNotes.exe [2009-5-19 483328]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2009-12-22 225280]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]

R3 OlyUsbCam;OLYMPUS USB Camera;c:\windows\system32\DRIVERS\OlyUsbCam.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files (x86)\Fighters\SPAMfighter\sfus.exe service [x]

S2 Suite Service;Suite Service;c:\program files (x86)\Fighters\FighterSuiteService.exe [2010-11-16 1145992]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4079509864-593231484-137279154-1000Core.job

- c:\users\Bob Jones\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-07 23:56]

.

2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4079509864-593231484-137279154-1000UA.job

- c:\users\Bob Jones\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-07 23:56]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2012-02-03 20:18 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2012-02-03 20:18 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2012-02-03 20:18 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-04-06 3203440]

"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = g.msn.com/USCON/1

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: adp.com

Trusted Zone: adpcorp.com

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{0CE4C873-7E98-468F-988E-0D8459C0F61E}: NameServer = 10.133.20.11 10.132.20.11

TCP: Interfaces\{874EAB87-1252-46AB-8067-C7883711D19B}: NameServer = 10.133.20.11 10.132.20.11

TCP: Interfaces\{A3146EDD-7284-4647-8F82-EFAB9CC7F267}: NameServer = 10.133.20.11 10.132.20.11

TCP: Interfaces\{B38B24DA-233E-49AC-B4C4-4212DAA38564}: NameServer = 10.133.20.11 10.132.20.11

TCP: Interfaces\{CA0D7AB7-D4D2-42EA-BFFE-7C088762B930}: NameServer = 10.133.20.11 10.132.20.11

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-Eye-Fi - c:\program files (x86)\Eye-Fi\Helper\EyeFiHelper.exe

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Bob Jones\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-04-06 18:13:34

ComboFix-quarantined-files.txt 2012-04-06 22:13

.

Pre-Run: 435,307,405,312 bytes free

Post-Run: 436,917,424,128 bytes free

.

- - End Of File - - 61BAA36FE8C2180CEE3BD4EB53D558ED

Share this post


Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\users\Bob Jones\AppData\Roaming\AVG

Registry::
[-HKEY_LOCAL_MACHINE\software\McAfee]

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Share this post


Link to post
Share on other sites

ComboFix 12-04-06.02 - Bob Jones 04/07/2012 7:28.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6005.4214 [GMT -4:00]

Running from: c:\users\Bob Jones\Desktop\ComboFix.exe

Command switches used :: c:\users\Bob Jones\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Bob Jones\AppData\Roaming\AVG

c:\users\Bob Jones\AppData\Roaming\AVG\PC Tuneup\Logs\PC Tuneup_SN.log

c:\users\Bob Jones\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120316231220524.rsc

c:\users\Bob Jones\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120316231313673.rsc

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 )))))))))))))))))))))))))))))))

.

.

2012-04-07 11:39 . 2012-04-07 11:39 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2012-04-07 11:39 . 2012-04-07 11:39 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-06 22:26 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D2F362FB-3626-4517-A2A8-E01BEFD67EA8}\mpengine.dll

2012-04-05 23:35 . 2012-04-05 23:35 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-03 06:01 . 2012-04-03 06:01 -------- d-----w- c:\users\Bob Jones\AppData\Roaming\Malwarebytes

2012-04-03 06:00 . 2012-04-03 06:00 -------- d-----w- c:\programdata\Malwarebytes

2012-04-03 06:00 . 2012-04-03 06:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-04-03 06:00 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-03 05:17 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-04-03 05:17 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-04-03 05:17 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-04-03 05:17 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-04-03 05:17 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-04-03 05:17 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe

2012-04-03 05:17 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-04-03 05:16 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr

2012-04-03 05:16 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-04-03 05:16 . 2012-04-03 05:16 -------- d-----w- c:\programdata\AVAST Software

2012-04-03 05:16 . 2012-04-03 05:16 -------- d-----w- c:\program files\AVAST Software

2012-04-03 04:46 . 2012-02-23 13:18 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-04-03 02:37 . 2012-04-03 02:37 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-04-03 02:37 . 2012-04-03 02:36 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll

2012-03-31 02:34 . 2012-04-02 23:59 -------- d-----w- c:\users\Bob Jones\AppData\Roaming\Titanium

2012-03-31 02:33 . 2012-04-03 04:30 -------- d-----w- c:\users\Bob Jones\AppData\Local\Eye-Fi

2012-03-31 02:31 . 2012-04-02 04:01 -------- d-----w- c:\users\Bob Jones\AppData\Roaming\Eye-Fi

2012-03-29 10:30 . 2012-03-29 10:30 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer

2012-03-29 10:30 . 2012-03-29 10:30 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer

2012-03-24 20:19 . 2007-03-22 23:24 26785 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\STRINGS.JS

2012-03-24 20:19 . 2007-03-22 23:24 23534 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\PRELOAD.JS

2012-03-24 20:19 . 2007-03-22 23:24 23063 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\SETTEXT.JS

2012-03-24 20:19 . 2007-03-22 23:24 19244 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\FPLIB.JS

2012-03-24 20:19 . 2007-03-22 23:24 19856 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\_PRELOAD.JS

2012-03-24 20:19 . 2007-03-22 23:24 18621 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\DOM.JS

2012-03-24 20:19 . 2007-03-22 23:24 16836 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\GETOBJ.JS

2012-03-24 20:19 . 2007-03-22 23:24 16565 ----a-w- c:\users\Bob Jones\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\_JMPMENU.JS

2012-03-20 01:22 . 2012-03-20 01:22 0 ----a-w- c:\windows\SysWow64\sho69DC.tmp

2012-03-19 23:08 . 2012-03-19 23:08 -------- d-----w- c:\programdata\App4rTemp

2012-03-19 23:07 . 2012-03-19 23:07 -------- d-----w- c:\users\Bob Jones\AppData\Roaming\Lexmark Productivity Studio

2012-03-19 22:49 . 2012-03-19 22:49 -------- d-----w- c:\programdata\Ezprint

2012-03-19 22:49 . 2012-03-19 22:49 -------- d-----w- c:\program files (x86)\Lexmark Toolbar

2012-03-19 22:41 . 2012-03-19 23:08 -------- d-----w- c:\programdata\Lx_cats

2012-03-19 22:41 . 2009-08-19 18:06 25600 ----a-w- c:\windows\system32\lxdxcaps64.dll

2012-03-19 22:41 . 2009-08-19 18:06 81920 ----a-w- c:\windows\SysWow64\lxdxcaps.dll

2012-03-19 22:41 . 2009-08-19 18:06 1024512 ----a-w- c:\windows\system32\lxdxdrs64.dll

2012-03-19 22:41 . 2009-08-19 18:06 782336 ----a-w- c:\windows\SysWow64\lxdxdrs.dll

2012-03-19 22:41 . 2009-08-19 18:00 54784 ----a-w- c:\windows\system32\lxdxcnv464.dll

2012-03-19 22:41 . 2009-08-19 18:00 77906 ----a-w- c:\windows\SysWow64\lxdxcfg.dll

2012-03-19 22:41 . 2009-08-19 18:00 69632 ----a-w- c:\windows\SysWow64\lxdxcnv4.dll

2012-03-19 22:41 . 2009-08-19 18:00 65536 ----a-w- c:\windows\system32\lxdxcfg64.dll

2012-03-19 22:39 . 2012-03-19 22:39 -------- d-----w- C:\logs

2012-03-19 22:36 . 2012-03-19 22:36 -------- d-----w- C:\lexmark

2012-03-14 07:05 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-14 07:05 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-14 07:05 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-14 04:01 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 04:01 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 04:01 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-14 04:01 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 04:01 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 04:01 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 04:00 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 04:00 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-14 04:00 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 04:00 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-11 17:14 . 2012-03-11 17:14 0 ----a-w- c:\windows\SysWow64\sho64D5.tmp

2012-03-11 16:53 . 2012-03-11 16:53 -------- d-----w- c:\program files\iPod

2012-03-11 16:53 . 2012-03-11 16:53 -------- d-----w- c:\program files\iTunes

2012-03-11 16:53 . 2012-03-11 16:53 -------- d-----w- c:\program files (x86)\iTunes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-03 02:36 . 2011-02-18 17:53 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-02-26 17:55 . 2012-02-26 17:55 0 ----a-w- c:\windows\SysWow64\sho2F79.tmp

2012-02-26 02:58 . 2011-09-11 12:11 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-06_22.10.28 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-04-07 11:25 . 2012-04-07 11:22 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040720120408\index.dat

+ 2012-04-06 11:48 . 2012-04-06 21:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040620120407\index.dat

- 2012-04-06 11:48 . 2012-04-06 11:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040620120407\index.dat

- 2012-03-29 09:54 . 2012-04-06 11:44 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

+ 2012-03-29 09:54 . 2012-04-07 11:22 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

+ 2009-07-14 05:10 . 2012-04-07 11:24 32440 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2011-03-08 00:12 . 2012-04-06 21:53 17596 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4079509864-593231484-137279154-1000_UserData.bin

+ 2011-03-08 00:12 . 2012-04-07 11:24 17596 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4079509864-593231484-137279154-1000_UserData.bin

+ 2012-02-26 17:58 . 2012-04-07 11:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat

- 2012-02-26 17:58 . 2012-04-06 21:52 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat

+ 2011-03-07 23:03 . 2012-04-07 11:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-03-07 23:03 . 2012-04-06 21:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2012-02-26 17:58 . 2012-04-06 21:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat

+ 2012-02-26 17:58 . 2012-04-07 11:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat

+ 2011-03-07 23:03 . 2012-04-07 11:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-03-07 23:03 . 2012-04-06 21:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2012-02-26 17:58 . 2012-04-07 11:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat

- 2012-02-26 17:58 . 2012-04-06 21:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-04-07 11:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-04-06 21:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-03-08 00:03 . 2012-04-07 11:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-03-08 00:03 . 2012-04-06 21:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2012-03-29 09:50 . 2012-04-07 11:23 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat

- 2012-03-29 09:50 . 2012-04-06 21:52 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat

+ 2012-03-29 09:50 . 2012-04-07 11:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat

- 2012-03-29 09:50 . 2012-04-06 21:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat

+ 2012-03-29 09:50 . 2012-04-07 11:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat

- 2012-03-29 09:50 . 2012-04-06 21:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat

- 2011-03-08 00:03 . 2012-04-06 21:52 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-03-08 00:03 . 2012-04-07 11:23 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-03-08 00:03 . 2012-04-06 21:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-03-08 00:03 . 2012-04-07 11:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-03-08 00:47 . 2012-04-06 21:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-03-08 00:47 . 2012-04-07 11:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-03-08 00:47 . 2012-04-07 11:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-03-08 00:47 . 2012-04-06 21:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-04-06 00:09 . 2012-04-07 11:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-04-06 00:09 . 2012-04-06 21:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-04-06 00:09 . 2012-04-06 21:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-04-06 00:09 . 2012-04-07 11:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-04-15 07:26 . 2012-04-07 11:27 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2011-04-15 07:26 . 2012-04-06 21:57 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 04:54 . 2012-04-07 11:27 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-04-06 21:57 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-03-07 23:41 . 2012-04-07 03:13 362620 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 02:36 . 2012-04-06 21:56 640400 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-04-07 03:16 640400 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-04-06 21:56 112198 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-04-07 03:16 112198 c:\windows\system32\perfc009.dat

- 2009-07-14 04:54 . 2012-04-06 21:57 5570560 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-04-07 11:27 5570560 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-04-06 21:57 1097728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-04-07 11:27 1097728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2012-02-03 20:24 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2012-02-03 20:24 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2012-02-03 20:24 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\users\Bob Jones\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]

"HW_OPENEYE_OUC_"="c:\program files (x86)\Cricket Broadband EC1705\UpdateDog\ouc.exe" [2011-03-09 196608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"sfagent"="c:\program files (x86)\Fighters\SPAMfighter\sfagent.exe" [2010-11-16 821384]

"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" [2011-03-24 1304]

"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]

"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-02-03 1059472]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-08 559616]

.

c:\users\Bob Jones\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]

StickyNotes.exe [2009-5-19 483328]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2009-12-22 225280]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]

R3 OlyUsbCam;OLYMPUS USB Camera;c:\windows\system32\DRIVERS\OlyUsbCam.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files (x86)\Fighters\SPAMfighter\sfus.exe service [x]

S2 Suite Service;Suite Service;c:\program files (x86)\Fighters\FighterSuiteService.exe [2010-11-16 1145992]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4079509864-593231484-137279154-1000Core.job

- c:\users\Bob Jones\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-07 23:56]

.

2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4079509864-593231484-137279154-1000UA.job

- c:\users\Bob Jones\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-07 23:56]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2012-02-03 20:18 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2012-02-03 20:18 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2012-02-03 20:18 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]

"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = g.msn.com/USCON/1

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: adp.com

Trusted Zone: adpcorp.com

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{0CE4C873-7E98-468F-988E-0D8459C0F61E}: NameServer = 10.133.20.11 10.132.20.11

TCP: Interfaces\{874EAB87-1252-46AB-8067-C7883711D19B}: NameServer = 10.133.20.11 10.132.20.11

TCP: Interfaces\{A3146EDD-7284-4647-8F82-EFAB9CC7F267}: NameServer = 10.133.20.11 10.132.20.11

TCP: Interfaces\{B38B24DA-233E-49AC-B4C4-4212DAA38564}: NameServer = 10.133.20.11 10.132.20.11

TCP: Interfaces\{CA0D7AB7-D4D2-42EA-BFFE-7C088762B930}: NameServer = 10.133.20.11 10.132.20.11

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-04-07 07:43:40

ComboFix-quarantined-files.txt 2012-04-07 11:43

ComboFix2.txt 2012-04-06 22:13

.

Pre-Run: 436,656,099,328 bytes free

Post-Run: 436,233,515,008 bytes free

.

- - End Of File - - A1E91C7CC67ECEF24363DE80D8E0BFF0

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.04.06.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Bob Jones :: DELL-LAPTOP [administrator]

Protection: Disabled

4/7/2012 10:56:24 PM

mbam-log-2012-04-07 (23-00-45).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 205482

Time elapsed: 3 minute(s), 56 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 1480 -> No action taken.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)

Share this post


Link to post
Share on other sites

Please manually delete your TDSSKiller copy, download a new fresh one and re-run it. Post the log file in your next reply.

Share this post


Link to post
Share on other sites

14:06:57.0336 1456 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02

14:06:57.0352 1456 ============================================================

14:06:57.0352 1456 Current date / time: 2012/04/08 14:06:57.0352

14:06:57.0352 1456 SystemInfo:

14:06:57.0352 1456

14:06:57.0352 1456 OS Version: 6.1.7601 ServicePack: 1.0

14:06:57.0352 1456 Product type: Workstation

14:06:57.0352 1456 ComputerName: DELL-LAPTOP

14:06:57.0352 1456 UserName: Bob Jones

14:06:57.0352 1456 Windows directory: C:\Windows

14:06:57.0352 1456 System windows directory: C:\Windows

14:06:57.0352 1456 Running under WOW64

14:06:57.0352 1456 Processor architecture: Intel x64

14:06:57.0352 1456 Number of processors: 4

14:06:57.0352 1456 Page size: 0x1000

14:06:57.0352 1456 Boot type: Safe boot

14:06:57.0352 1456 ============================================================

14:06:57.0757 1456 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

14:06:57.0773 1456 \Device\Harddisk0\DR0:

14:06:57.0773 1456 MBR used

14:06:57.0773 1456 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x1D4C000

14:06:57.0773 1456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7EFCD, BlocksNum 0x48AD8AE3

14:06:57.0804 1456 Initialize success

14:06:57.0804 1456 ============================================================

14:08:09.0439 1672 ============================================================

14:08:09.0439 1672 Scan started

14:08:09.0439 1672 Mode: Manual; SigCheck; TDLFS;

14:08:09.0439 1672 ============================================================

14:08:09.0892 1672 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

14:08:09.0985 1672 1394ohci - ok

14:08:10.0141 1672 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

14:08:10.0157 1672 ACPI - ok

14:08:10.0219 1672 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

14:08:10.0266 1672 AcpiPmi - ok

14:08:10.0360 1672 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

14:08:10.0375 1672 adp94xx - ok

14:08:10.0407 1672 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

14:08:10.0422 1672 adpahci - ok

14:08:10.0438 1672 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

14:08:10.0453 1672 adpu320 - ok

14:08:10.0500 1672 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

14:08:10.0625 1672 AeLookupSvc - ok

14:08:10.0703 1672 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

14:08:10.0719 1672 AERTFilters - ok

14:08:10.0828 1672 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

14:08:10.0859 1672 AFD - ok

14:08:10.0937 1672 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

14:08:10.0953 1672 agp440 - ok

14:08:11.0187 1672 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll

14:08:11.0187 1672 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7

14:08:11.0187 1672 Akamai ( HiddenFile.Multi.Generic ) - warning

14:08:11.0187 1672 Akamai - detected HiddenFile.Multi.Generic (1)

14:08:11.0265 1672 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

14:08:11.0296 1672 ALG - ok

14:08:11.0374 1672 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

14:08:11.0389 1672 aliide - ok

14:08:11.0499 1672 Amazon Download Agent (ff6f0f6a2d72065ae4300426fa414693) C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe

14:08:11.0530 1672 Amazon Download Agent ( UnsignedFile.Multi.Generic ) - warning

14:08:11.0530 1672 Amazon Download Agent - detected UnsignedFile.Multi.Generic (1)

14:08:11.0592 1672 AMD External Events Utility (3d90cf67db75823a8480e56bbcd2e028) C:\Windows\system32\atiesrxx.exe

14:08:11.0639 1672 AMD External Events Utility - ok

14:08:11.0701 1672 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

14:08:11.0717 1672 amdide - ok

14:08:11.0779 1672 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

14:08:11.0811 1672 AmdK8 - ok

14:08:11.0998 1672 amdkmdag (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atipmdag.sys

14:08:12.0201 1672 amdkmdag - ok

14:08:12.0294 1672 amdkmdap (414e0788920a8c856032be2cbf29f984) C:\Windows\system32\DRIVERS\atikmpag.sys

14:08:12.0325 1672 amdkmdap - ok

14:08:12.0372 1672 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

14:08:12.0403 1672 AmdPPM - ok

14:08:12.0481 1672 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

14:08:12.0481 1672 amdsata - ok

14:08:12.0528 1672 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

14:08:12.0528 1672 amdsbs - ok

14:08:12.0559 1672 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

14:08:12.0559 1672 amdxata - ok

14:08:12.0606 1672 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

14:08:12.0778 1672 AppID - ok

14:08:12.0840 1672 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

14:08:12.0903 1672 AppIDSvc - ok

14:08:12.0981 1672 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

14:08:13.0043 1672 Appinfo - ok

14:08:13.0199 1672 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

14:08:13.0215 1672 Apple Mobile Device - ok

14:08:13.0324 1672 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

14:08:13.0339 1672 arc - ok

14:08:13.0386 1672 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

14:08:13.0402 1672 arcsas - ok

14:08:13.0527 1672 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys

14:08:13.0605 1672 aswFsBlk - ok

14:08:13.0714 1672 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys

14:08:13.0714 1672 aswMonFlt - ok

14:08:13.0807 1672 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys

14:08:13.0807 1672 aswRdr - ok

14:08:13.0979 1672 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys

14:08:13.0995 1672 aswSnx - ok

14:08:14.0104 1672 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys

14:08:14.0104 1672 aswSP - ok

14:08:14.0244 1672 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys

14:08:14.0260 1672 aswTdi - ok

14:08:14.0338 1672 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

14:08:14.0385 1672 AsyncMac - ok

14:08:14.0463 1672 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

14:08:14.0478 1672 atapi - ok

14:08:14.0587 1672 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys

14:08:14.0587 1672 AtiHdmiService - ok

14:08:14.0650 1672 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

14:08:14.0728 1672 AudioEndpointBuilder - ok

14:08:14.0775 1672 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

14:08:14.0821 1672 AudioSrv - ok

14:08:14.0931 1672 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

14:08:14.0946 1672 avast! Antivirus - ok

14:08:15.0055 1672 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

14:08:15.0118 1672 AxInstSV - ok

14:08:15.0227 1672 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

14:08:15.0383 1672 b06bdrv - ok

14:08:15.0477 1672 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

14:08:15.0523 1672 b57nd60a - ok

14:08:15.0617 1672 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys

14:08:15.0617 1672 BCM42RLY - ok

14:08:15.0726 1672 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys

14:08:15.0835 1672 BCM43XX - ok

14:08:15.0913 1672 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys

14:08:15.0929 1672 BcmVWL - ok

14:08:15.0976 1672 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

14:08:15.0991 1672 BDESVC - ok

14:08:16.0054 1672 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

14:08:16.0116 1672 Beep - ok

14:08:16.0225 1672 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

14:08:16.0288 1672 BFE - ok

14:08:16.0350 1672 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

14:08:16.0444 1672 BITS - ok

14:08:16.0553 1672 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

14:08:16.0584 1672 blbdrive - ok

14:08:16.0693 1672 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

14:08:16.0709 1672 Bonjour Service - ok

14:08:16.0803 1672 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

14:08:16.0803 1672 bowser - ok

14:08:16.0865 1672 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

14:08:16.0896 1672 BrFiltLo - ok

14:08:16.0927 1672 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

14:08:16.0943 1672 BrFiltUp - ok

14:08:17.0052 1672 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

14:08:17.0115 1672 BridgeMP - ok

14:08:17.0177 1672 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

14:08:17.0239 1672 Browser - ok

14:08:17.0317 1672 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

14:08:17.0349 1672 Brserid - ok

14:08:17.0380 1672 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

14:08:17.0411 1672 BrSerWdm - ok

14:08:17.0489 1672 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

14:08:17.0520 1672 BrUsbMdm - ok

14:08:17.0567 1672 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

14:08:17.0583 1672 BrUsbSer - ok

14:08:17.0692 1672 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

14:08:17.0723 1672 BthEnum - ok

14:08:17.0785 1672 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

14:08:17.0817 1672 BTHMODEM - ok

14:08:17.0863 1672 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

14:08:17.0879 1672 BthPan - ok

14:08:18.0004 1672 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

14:08:18.0035 1672 BTHPORT - ok

14:08:18.0113 1672 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

14:08:18.0160 1672 bthserv - ok

14:08:18.0207 1672 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

14:08:18.0238 1672 BTHUSB - ok

14:08:18.0269 1672 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys

14:08:18.0285 1672 btusbflt - ok

14:08:18.0347 1672 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys

14:08:18.0363 1672 btwaudio - ok

14:08:18.0378 1672 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys

14:08:18.0394 1672 btwavdt - ok

14:08:18.0456 1672 btwdins (10ffb5fa51d5713d872b41a59dfc2213) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

14:08:18.0487 1672 btwdins - ok

14:08:18.0565 1672 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys

14:08:18.0565 1672 btwl2cap - ok

14:08:18.0612 1672 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys

14:08:18.0628 1672 btwrchid - ok

14:08:18.0799 1672 CarboniteService (39dbdd8e86caf1cd03c00d5c931fd3fa) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

14:08:18.0971 1672 CarboniteService - ok

14:08:19.0111 1672 catchme - ok

14:08:19.0189 1672 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

14:08:19.0236 1672 cdfs - ok

14:08:19.0314 1672 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

14:08:19.0345 1672 cdrom - ok

14:08:19.0455 1672 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

14:08:19.0517 1672 CertPropSvc - ok

14:08:19.0595 1672 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

14:08:19.0626 1672 circlass - ok

14:08:19.0689 1672 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

14:08:19.0704 1672 CLFS - ok

14:08:19.0767 1672 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:08:19.0782 1672 clr_optimization_v2.0.50727_32 - ok

14:08:19.0829 1672 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

14:08:19.0845 1672 clr_optimization_v2.0.50727_64 - ok

14:08:19.0923 1672 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:08:19.0985 1672 clr_optimization_v4.0.30319_32 - ok

14:08:20.0079 1672 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

14:08:20.0094 1672 clr_optimization_v4.0.30319_64 - ok

14:08:20.0157 1672 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

14:08:20.0188 1672 CmBatt - ok

14:08:20.0250 1672 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

14:08:20.0250 1672 cmdide - ok

14:08:20.0313 1672 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

14:08:20.0344 1672 CNG - ok

14:08:20.0437 1672 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

14:08:20.0437 1672 Compbatt - ok

14:08:20.0500 1672 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

14:08:20.0531 1672 CompositeBus - ok

14:08:20.0578 1672 COMSysApp - ok

14:08:20.0609 1672 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

14:08:20.0625 1672 crcdisk - ok

14:08:20.0687 1672 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

14:08:20.0734 1672 CryptSvc - ok

14:08:20.0827 1672 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys

14:08:20.0859 1672 CtClsFlt - ok

14:08:20.0952 1672 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

14:08:20.0983 1672 cvhsvc - ok

14:08:21.0077 1672 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

14:08:21.0139 1672 DcomLaunch - ok

14:08:21.0233 1672 DCService.exe (00eaf3956092a8008608ca6e2c5d649d) C:\ProgramData\DatacardService\DCService.exe

14:08:21.0264 1672 DCService.exe ( UnsignedFile.Multi.Generic ) - warning

14:08:21.0264 1672 DCService.exe - detected UnsignedFile.Multi.Generic (1)

14:08:21.0358 1672 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

14:08:21.0420 1672 defragsvc - ok

14:08:21.0483 1672 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

14:08:21.0529 1672 DfsC - ok

14:08:21.0607 1672 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

14:08:21.0654 1672 Dhcp - ok

14:08:21.0701 1672 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

14:08:21.0732 1672 discache - ok

14:08:21.0763 1672 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

14:08:21.0763 1672 Disk - ok

14:08:21.0795 1672 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

14:08:21.0826 1672 Dnscache - ok

14:08:21.0888 1672 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe

14:08:21.0904 1672 DockLoginService ( UnsignedFile.Multi.Generic ) - warning

14:08:21.0904 1672 DockLoginService - detected UnsignedFile.Multi.Generic (1)

14:08:22.0013 1672 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

14:08:22.0060 1672 dot3svc - ok

14:08:22.0107 1672 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

14:08:22.0169 1672 DPS - ok

14:08:22.0231 1672 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

14:08:22.0263 1672 drmkaud - ok

14:08:22.0372 1672 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

14:08:22.0403 1672 DXGKrnl - ok

14:08:22.0465 1672 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

14:08:22.0512 1672 EapHost - ok

14:08:22.0606 1672 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

14:08:22.0715 1672 ebdrv - ok

14:08:22.0762 1672 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

14:08:22.0777 1672 EFS - ok

14:08:22.0902 1672 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

14:08:22.0933 1672 ehRecvr - ok

14:08:22.0980 1672 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

14:08:22.0996 1672 ehSched - ok

14:08:23.0058 1672 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

14:08:23.0074 1672 elxstor - ok

14:08:23.0121 1672 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

14:08:23.0152 1672 ErrDev - ok

14:08:23.0245 1672 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

14:08:23.0308 1672 EventSystem - ok

14:08:23.0386 1672 ewusbnet (da7cef9ffbbd6498df106bcab84eb10a) C:\Windows\system32\DRIVERS\ewusbnet.sys

14:08:23.0417 1672 ewusbnet - ok

14:08:23.0542 1672 ew_hwusbdev (e2cbb821c7cae0ef8b56de28ed85c740) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys

14:08:23.0573 1672 ew_hwusbdev - ok

14:08:23.0667 1672 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

14:08:23.0698 1672 exfat - ok

14:08:23.0729 1672 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

14:08:23.0791 1672 fastfat - ok

14:08:23.0854 1672 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

14:08:23.0901 1672 Fax - ok

14:08:23.0979 1672 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

14:08:24.0010 1672 fdc - ok

14:08:24.0041 1672 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

14:08:24.0088 1672 fdPHost - ok

14:08:24.0103 1672 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

14:08:24.0166 1672 FDResPub - ok

14:08:24.0213 1672 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

14:08:24.0213 1672 FileInfo - ok

14:08:24.0228 1672 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

14:08:24.0291 1672 Filetrace - ok

14:08:24.0337 1672 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

14:08:24.0337 1672 flpydisk - ok

14:08:24.0384 1672 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

14:08:24.0400 1672 FltMgr - ok

14:08:24.0478 1672 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

14:08:24.0540 1672 FontCache - ok

14:08:24.0696 1672 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

14:08:24.0712 1672 FontCache3.0.0.0 - ok

14:08:24.0759 1672 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

14:08:24.0774 1672 FsDepends - ok

14:08:24.0805 1672 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

14:08:24.0821 1672 Fs_Rec - ok

14:08:24.0883 1672 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

14:08:24.0899 1672 fvevol - ok

14:08:24.0930 1672 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

14:08:24.0946 1672 gagp30kx - ok

14:08:25.0024 1672 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe

14:08:25.0039 1672 GameConsoleService - ok

14:08:25.0117 1672 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

14:08:25.0117 1672 GEARAspiWDM - ok

14:08:25.0164 1672 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe

14:08:25.0180 1672 GoToAssist - ok

14:08:25.0242 1672 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

14:08:25.0320 1672 gpsvc - ok

14:08:25.0351 1672 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

14:08:25.0383 1672 hcw85cir - ok

14:08:25.0445 1672 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

14:08:25.0476 1672 HDAudBus - ok

14:08:25.0539 1672 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

14:08:25.0554 1672 HECIx64 - ok

14:08:25.0601 1672 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

14:08:25.0632 1672 HidBatt - ok

14:08:25.0679 1672 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

14:08:25.0695 1672 HidBth - ok

14:08:25.0741 1672 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

14:08:25.0788 1672 HidIr - ok

14:08:25.0819 1672 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

14:08:25.0882 1672 hidserv - ok

14:08:25.0991 1672 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

14:08:25.0991 1672 HidUsb - ok

14:08:26.0053 1672 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

14:08:26.0116 1672 hkmsvc - ok

14:08:26.0163 1672 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

14:08:26.0194 1672 HomeGroupListener - ok

14:08:26.0225 1672 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

14:08:26.0256 1672 HomeGroupProvider - ok

14:08:26.0303 1672 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

14:08:26.0319 1672 HpSAMD - ok

14:08:26.0365 1672 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

14:08:26.0412 1672 HTTP - ok

14:08:26.0459 1672 huawei_enumerator (6dbd08bc1331c78548298e82c4b667c5) C:\Windows\system32\DRIVERS\ew_jubusenum.sys

14:08:26.0490 1672 huawei_enumerator - ok

14:08:26.0599 1672 hwdatacard (6e5cd3984742a922d0c183c7e82c3c94) C:\Windows\system32\DRIVERS\ewusbmdm.sys

14:08:26.0631 1672 hwdatacard - ok

14:08:26.0677 1672 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

14:08:26.0693 1672 hwpolicy - ok

14:08:26.0818 1672 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

14:08:26.0833 1672 i8042prt - ok

14:08:26.0911 1672 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys

14:08:26.0911 1672 iaStor - ok

14:08:26.0974 1672 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

14:08:26.0989 1672 iaStorV - ok

14:08:27.0067 1672 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

14:08:27.0099 1672 idsvc - ok

14:08:27.0161 1672 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

14:08:27.0177 1672 iirsp - ok

14:08:27.0239 1672 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

14:08:27.0317 1672 IKEEXT - ok

14:08:27.0411 1672 IntcAzAudAddService (6e4ccb3aff07e2b9f2a937385c84b573) C:\Windows\system32\drivers\RTKVHD64.sys

14:08:27.0473 1672 IntcAzAudAddService - ok

14:08:27.0504 1672 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

14:08:27.0520 1672 intelide - ok

14:08:27.0598 1672 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

14:08:27.0629 1672 intelppm - ok

14:08:27.0676 1672 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

14:08:27.0738 1672 IPBusEnum - ok

14:08:27.0801 1672 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:08:27.0847 1672 IpFilterDriver - ok

14:08:27.0894 1672 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

14:08:27.0957 1672 iphlpsvc - ok

14:08:28.0003 1672 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

14:08:28.0035 1672 IPMIDRV - ok

14:08:28.0113 1672 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

14:08:28.0159 1672 IPNAT - ok

14:08:28.0253 1672 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe

14:08:28.0300 1672 iPod Service - ok

14:08:28.0378 1672 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

14:08:28.0393 1672 IRENUM - ok

14:08:28.0471 1672 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

14:08:28.0487 1672 isapnp - ok

14:08:28.0534 1672 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

14:08:28.0549 1672 iScsiPrt - ok

14:08:28.0612 1672 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

14:08:28.0612 1672 kbdclass - ok

14:08:28.0674 1672 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

14:08:28.0705 1672 kbdhid - ok

14:08:28.0768 1672 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:08:28.0783 1672 KeyIso - ok

14:08:28.0815 1672 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

14:08:28.0830 1672 KSecDD - ok

14:08:28.0877 1672 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

14:08:28.0877 1672 KSecPkg - ok

14:08:28.0924 1672 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

14:08:28.0971 1672 ksthunk - ok

14:08:29.0002 1672 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

14:08:29.0064 1672 KtmRm - ok

14:08:29.0142 1672 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys

14:08:29.0158 1672 L1C - ok

14:08:29.0236 1672 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

14:08:29.0283 1672 LanmanServer - ok

14:08:29.0329 1672 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

14:08:29.0376 1672 LanmanWorkstation - ok

14:08:29.0470 1672 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

14:08:29.0532 1672 lltdio - ok

14:08:29.0610 1672 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

14:08:29.0657 1672 lltdsvc - ok

14:08:29.0673 1672 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

14:08:29.0719 1672 lmhosts - ok

14:08:29.0797 1672 LMS (23d990150d56b670a62b21b9abdd45ee) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

14:08:29.0797 1672 LMS - ok

14:08:29.0891 1672 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

14:08:29.0907 1672 LSI_FC - ok

14:08:29.0953 1672 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

14:08:29.0953 1672 LSI_SAS - ok

14:08:29.0985 1672 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

14:08:30.0000 1672 LSI_SAS2 - ok

14:08:30.0047 1672 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

14:08:30.0063 1672 LSI_SCSI - ok

14:08:30.0094 1672 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

14:08:30.0156 1672 luafv - ok

14:08:30.0265 1672 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

14:08:30.0281 1672 MBAMProtector - ok

14:08:30.0343 1672 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

14:08:30.0390 1672 MBAMService - ok

14:08:30.0468 1672 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

14:08:30.0499 1672 Mcx2Svc - ok

14:08:30.0593 1672 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

14:08:30.0593 1672 MDM - ok

14:08:30.0687 1672 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

14:08:30.0687 1672 megasas - ok

14:08:30.0733 1672 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

14:08:30.0749 1672 MegaSR - ok

14:08:30.0796 1672 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

14:08:30.0843 1672 MMCSS - ok

14:08:30.0905 1672 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

14:08:30.0967 1672 Modem - ok

14:08:30.0999 1672 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

14:08:31.0030 1672 monitor - ok

14:08:31.0108 1672 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

14:08:31.0108 1672 mouclass - ok

14:08:31.0186 1672 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

14:08:31.0217 1672 mouhid - ok

14:08:31.0279 1672 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

14:08:31.0295 1672 mountmgr - ok

14:08:31.0326 1672 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

14:08:31.0342 1672 mpio - ok

14:08:31.0357 1672 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

14:08:31.0420 1672 mpsdrv - ok

14:08:31.0482 1672 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

14:08:31.0560 1672 MpsSvc - ok

14:08:31.0654 1672 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

14:08:31.0701 1672 MRxDAV - ok

14:08:31.0779 1672 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

14:08:31.0794 1672 mrxsmb - ok

14:08:31.0872 1672 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:08:31.0872 1672 mrxsmb10 - ok

14:08:31.0903 1672 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:08:31.0919 1672 mrxsmb20 - ok

14:08:31.0966 1672 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

14:08:31.0981 1672 msahci - ok

14:08:32.0028 1672 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

14:08:32.0044 1672 msdsm - ok

14:08:32.0106 1672 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

14:08:32.0137 1672 MSDTC - ok

14:08:32.0215 1672 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

14:08:32.0247 1672 Msfs - ok

14:08:32.0278 1672 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

14:08:32.0325 1672 mshidkmdf - ok

14:08:32.0371 1672 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

14:08:32.0371 1672 msisadrv - ok

14:08:32.0418 1672 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

14:08:32.0465 1672 MSiSCSI - ok

14:08:32.0481 1672 msiserver - ok

14:08:32.0527 1672 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

14:08:32.0574 1672 MSKSSRV - ok

14:08:32.0605 1672 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

14:08:32.0668 1672 MSPCLOCK - ok

14:08:32.0715 1672 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

14:08:32.0777 1672 MSPQM - ok

14:08:32.0839 1672 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

14:08:32.0855 1672 MsRPC - ok

14:08:32.0917 1672 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

14:08:32.0933 1672 mssmbios - ok

14:08:32.0980 1672 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

14:08:33.0027 1672 MSTEE - ok

14:08:33.0058 1672 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

14:08:33.0089 1672 MTConfig - ok

14:08:33.0120 1672 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

14:08:33.0136 1672 Mup - ok

14:08:33.0183 1672 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

14:08:33.0229 1672 napagent - ok

14:08:33.0339 1672 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

14:08:33.0385 1672 NativeWifiP - ok

14:08:33.0479 1672 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

14:08:33.0526 1672 NDIS - ok

14:08:33.0557 1672 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

14:08:33.0604 1672 NdisCap - ok

14:08:33.0635 1672 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

14:08:33.0666 1672 NdisTapi - ok

14:08:33.0713 1672 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

14:08:33.0775 1672 Ndisuio - ok

14:08:33.0807 1672 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

14:08:33.0869 1672 NdisWan - ok

14:08:33.0947 1672 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

14:08:33.0994 1672 NDProxy - ok

14:08:34.0056 1672 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

14:08:34.0119 1672 NetBIOS - ok

14:08:34.0181 1672 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

14:08:34.0228 1672 NetBT - ok

14:08:34.0321 1672 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:08:34.0321 1672 Netlogon - ok

14:08:34.0368 1672 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

14:08:34.0431 1672 Netman - ok

14:08:34.0509 1672 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

14:08:34.0555 1672 netprofm - ok

14:08:34.0618 1672 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

14:08:34.0633 1672 NetTcpPortSharing - ok

14:08:34.0711 1672 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

14:08:34.0711 1672 nfrd960 - ok

14:08:34.0774 1672 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

14:08:34.0836 1672 NlaSvc - ok

14:08:34.0867 1672 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

14:08:34.0914 1672 Npfs - ok

14:08:34.0930 1672 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

14:08:34.0992 1672 nsi - ok

14:08:35.0039 1672 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

14:08:35.0070 1672 nsiproxy - ok

14:08:35.0148 1672 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

14:08:35.0195 1672 Ntfs - ok

14:08:35.0257 1672 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

14:08:35.0304 1672 Null - ok

14:08:35.0335 1672 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

14:08:35.0351 1672 nvraid - ok

14:08:35.0382 1672 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

14:08:35.0398 1672 nvstor - ok

14:08:35.0429 1672 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

14:08:35.0445 1672 nv_agp - ok

14:08:35.0476 1672 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

14:08:35.0491 1672 ohci1394 - ok

14:08:35.0569 1672 OlyUsbCam (ed74264b8b3ba640ce97130862732b4e) C:\Windows\system32\DRIVERS\OlyUsbCam.sys

14:08:35.0585 1672 OlyUsbCam - ok

14:08:35.0647 1672 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

14:08:35.0647 1672 ose - ok

14:08:35.0788 1672 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

14:08:35.0944 1672 osppsvc - ok

14:08:36.0037 1672 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

14:08:36.0069 1672 p2pimsvc - ok

14:08:36.0100 1672 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

14:08:36.0115 1672 p2psvc - ok

14:08:36.0162 1672 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

14:08:36.0178 1672 Parport - ok

14:08:36.0225 1672 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

14:08:36.0225 1672 partmgr - ok

14:08:36.0271 1672 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

14:08:36.0303 1672 PcaSvc - ok

14:08:36.0349 1672 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

14:08:36.0349 1672 pci - ok

14:08:36.0365 1672 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

14:08:36.0381 1672 pciide - ok

14:08:36.0412 1672 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

14:08:36.0427 1672 pcmcia - ok

14:08:36.0459 1672 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

14:08:36.0474 1672 pcw - ok

14:08:36.0490 1672 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

14:08:36.0552 1672 PEAUTH - ok

14:08:36.0615 1672 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

14:08:36.0693 1672 PerfHost - ok

14:08:36.0895 1672 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\ComboFix\pev.3XE

14:08:36.0927 1672 PEVSystemStart ( UnsignedFile.Multi.Generic ) - warning

14:08:36.0927 1672 PEVSystemStart - detected UnsignedFile.Multi.Generic (1)

14:08:37.0020 1672 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

14:08:37.0114 1672 pla - ok

14:08:37.0161 1672 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

14:08:37.0192 1672 PlugPlay - ok

14:08:37.0239 1672 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

14:08:37.0239 1672 PNRPAutoReg - ok

14:08:37.0270 1672 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

14:08:37.0285 1672 PNRPsvc - ok

14:08:37.0317 1672 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

14:08:37.0379 1672 PolicyAgent - ok

14:08:37.0426 1672 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

14:08:37.0473 1672 Power - ok

14:08:37.0535 1672 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

14:08:37.0597 1672 PptpMiniport - ok

14:08:37.0629 1672 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

14:08:37.0660 1672 Processor - ok

14:08:37.0691 1672 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

14:08:37.0753 1672 ProfSvc - ok

14:08:37.0785 1672 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:08:37.0800 1672 ProtectedStorage - ok

14:08:37.0863 1672 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

14:08:37.0909 1672 Psched - ok

14:08:37.0987 1672 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

14:08:38.0003 1672 PxHlpa64 - ok

14:08:38.0065 1672 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

14:08:38.0112 1672 ql2300 - ok

14:08:38.0159 1672 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

14:08:38.0175 1672 ql40xx - ok

14:08:38.0221 1672 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

14:08:38.0237 1672 QWAVE - ok

14:08:38.0268 1672 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

14:08:38.0299 1672 QWAVEdrv - ok

14:08:38.0331 1672 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

14:08:38.0393 1672 RasAcd - ok

14:08:38.0409 1672 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

14:08:38.0455 1672 RasAgileVpn - ok

14:08:38.0487 1672 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

14:08:38.0533 1672 RasAuto - ok

14:08:38.0627 1672 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

14:08:38.0689 1672 Rasl2tp - ok

14:08:38.0783 1672 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

14:08:38.0814 1672 RasMan - ok

14:08:38.0845 1672 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

14:08:38.0908 1672 RasPppoe - ok

14:08:38.0923 1672 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

14:08:38.0986 1672 RasSstp - ok

14:08:39.0189 1672 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

14:08:39.0251 1672 rdbss - ok

14:08:39.0438 1672 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

14:08:39.0469 1672 rdpbus - ok

14:08:39.0594 1672 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

14:08:39.0657 1672 RDPCDD - ok

14:08:39.0813 1672 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

14:08:39.0844 1672 RDPENCDD - ok

14:08:39.0969 1672 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

14:08:40.0015 1672 RDPREFMP - ok

14:08:40.0062 1672 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

14:08:40.0093 1672 RDPWD - ok

14:08:40.0156 1672 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

14:08:40.0156 1672 rdyboost - ok

14:08:40.0203 1672 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

14:08:40.0265 1672 RemoteAccess - ok

14:08:40.0296 1672 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

14:08:40.0343 1672 RemoteRegistry - ok

14:08:40.0421 1672 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

14:08:40.0452 1672 RFCOMM - ok

14:08:40.0483 1672 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

14:08:40.0530 1672 RpcEptMapper - ok

14:08:40.0577 1672 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

14:08:40.0608 1672 RpcLocator - ok

14:08:40.0639 1672 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

14:08:40.0686 1672 RpcSs - ok

14:08:40.0733 1672 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

14:08:40.0780 1672 rspndr - ok

14:08:40.0811 1672 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys

14:08:40.0827 1672 RSUSBSTOR - ok

14:08:40.0858 1672 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:08:40.0858 1672 SamSs - ok

14:08:40.0920 1672 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

14:08:40.0920 1672 sbp2port - ok

14:08:40.0967 1672 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

14:08:41.0029 1672 SCardSvr - ok

14:08:41.0076 1672 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

14:08:41.0139 1672 scfilter - ok

14:08:41.0217 1672 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

14:08:41.0295 1672 Schedule - ok

14:08:41.0341 1672 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

14:08:41.0373 1672 SCPolicySvc - ok

14:08:41.0419 1672 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

14:08:41.0435 1672 SDRSVC - ok

14:08:41.0497 1672 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

14:08:41.0513 1672 SeaPort - ok

14:08:41.0591 1672 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

14:08:41.0622 1672 secdrv - ok

14:08:41.0669 1672 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

14:08:41.0700 1672 seclogon - ok

14:08:41.0763 1672 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

14:08:41.0809 1672 SENS - ok

14:08:41.0887 1672 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

14:08:41.0919 1672 SensrSvc - ok

14:08:41.0981 1672 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

14:08:42.0012 1672 Serenum - ok

14:08:42.0043 1672 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

14:08:42.0059 1672 Serial - ok

14:08:42.0121 1672 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

14:08:42.0121 1672 sermouse - ok

14:08:42.0199 1672 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

14:08:42.0262 1672 SessionEnv - ok

14:08:42.0324 1672 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

14:08:42.0355 1672 sffdisk - ok

14:08:42.0402 1672 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

14:08:42.0433 1672 sffp_mmc - ok

14:08:42.0465 1672 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

14:08:42.0496 1672 sffp_sd - ok

14:08:42.0574 1672 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

14:08:42.0589 1672 sfloppy - ok

14:08:42.0667 1672 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

14:08:42.0683 1672 Sftfs - ok

14:08:42.0745 1672 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

14:08:42.0761 1672 sftlist - ok

14:08:42.0792 1672 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

14:08:42.0808 1672 Sftplay - ok

14:08:42.0855 1672 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

14:08:42.0855 1672 Sftredir - ok

14:08:42.0933 1672 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

14:08:42.0995 1672 SftService - ok

14:08:43.0073 1672 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

14:08:43.0089 1672 Sftvol - ok

14:08:43.0135 1672 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

14:08:43.0151 1672 sftvsa - ok

14:08:43.0213 1672 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

14:08:43.0245 1672 SharedAccess - ok

14:08:43.0291 1672 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

14:08:43.0354 1672 ShellHWDetection - ok

14:08:43.0385 1672 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

14:08:43.0401 1672 SiSRaid2 - ok

14:08:43.0416 1672 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

14:08:43.0432 1672 SiSRaid4 - ok

14:08:43.0463 1672 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

14:08:43.0494 1672 Smb - ok

14:08:43.0541 1672 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

14:08:43.0572 1672 SNMPTRAP - ok

14:08:43.0650 1672 SPAMfighter Update Service (ed9f035593588b6fec21478c6b9e0452) C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe

14:08:43.0650 1672 SPAMfighter Update Service - ok

14:08:43.0728 1672 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

14:08:43.0744 1672 spldr - ok

14:08:43.0806 1672 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

14:08:43.0853 1672 Spooler - ok

14:08:43.0978 1672 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

14:08:44.0103 1672 sppsvc - ok

14:08:44.0134 1672 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

14:08:44.0196 1672 sppuinotify - ok

14:08:44.0259 1672 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

14:08:44.0274 1672 sprtsvc_DellSupportCenter - ok

14:08:44.0352 1672 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

14:08:44.0399 1672 srv - ok

14:08:44.0461 1672 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

14:08:44.0477 1672 srv2 - ok

14:08:44.0508 1672 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

14:08:44.0539 1672 srvnet - ok

14:08:44.0617 1672 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

14:08:44.0664 1672 SSDPSRV - ok

14:08:44.0711 1672 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

14:08:44.0742 1672 SstpSvc - ok

14:08:44.0773 1672 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

14:08:44.0789 1672 stexstor - ok

14:08:44.0836 1672 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

14:08:44.0883 1672 stisvc - ok

14:08:44.0976 1672 Suite Service (e567825c5f3934e13c8d755611954a7e) C:\Program Files (x86)\Fighters\FighterSuiteService.exe

14:08:45.0023 1672 Suite Service - ok

14:08:45.0117 1672 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

14:08:45.0117 1672 swenum - ok

14:08:45.0226 1672 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

14:08:45.0241 1672 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning

14:08:45.0241 1672 SwitchBoard - detected UnsignedFile.Multi.Generic (1)

14:08:45.0335 1672 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

14:08:45.0397 1672 swprv - ok

14:08:45.0444 1672 SynTP (c25866bdf0e818e02bb8e76845d26e54) C:\Windows\system32\DRIVERS\SynTP.sys

14:08:45.0460 1672 SynTP - ok

14:08:45.0522 1672 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

14:08:45.0600 1672 SysMain - ok

14:08:45.0647 1672 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

14:08:45.0663 1672 TabletInputService - ok

14:08:45.0709 1672 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

14:08:45.0756 1672 TapiSrv - ok

14:08:45.0787 1672 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

14:08:45.0819 1672 TBS - ok

14:08:45.0897 1672 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

14:08:45.0959 1672 Tcpip - ok

14:08:46.0053 1672 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

14:08:46.0099 1672 TCPIP6 - ok

14:08:46.0146 1672 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

14:08:46.0193 1672 tcpipreg - ok

14:08:46.0224 1672 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

14:08:46.0255 1672 TDPIPE - ok

14:08:46.0302 1672 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

14:08:46.0302 1672 TDTCP - ok

14:08:46.0365 1672 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

14:08:46.0396 1672 tdx - ok

14:08:46.0427 1672 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

14:08:46.0427 1672 TermDD - ok

14:08:46.0474 1672 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

14:08:46.0536 1672 TermService - ok

14:08:46.0567 1672 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

14:08:46.0599 1672 Themes - ok

14:08:46.0630 1672 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

14:08:46.0661 1672 THREADORDER - ok

14:08:46.0692 1672 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

14:08:46.0739 1672 TrkWks - ok

14:08:46.0801 1672 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

14:08:46.0848 1672 TrustedInstaller - ok

14:08:46.0911 1672 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

14:08:46.0973 1672 tssecsrv - ok

14:08:47.0051 1672 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

14:08:47.0051 1672 TsUsbFlt - ok

14:08:47.0113 1672 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

14:08:47.0160 1672 tunnel - ok

14:08:47.0207 1672 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

14:08:47.0207 1672 uagp35 - ok

14:08:47.0269 1672 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

14:08:47.0316 1672 udfs - ok

14:08:47.0347 1672 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

14:08:47.0363 1672 UI0Detect - ok

14:08:47.0410 1672 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

14:08:47.0425 1672 uliagpkx - ok

14:08:47.0457 1672 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

14:08:47.0488 1672 umbus - ok

14:08:47.0566 1672 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

14:08:47.0581 1672 UmPass - ok

14:08:47.0691 1672 UNS (cbdee152d73200ee49031a26310b9d3e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

14:08:47.0784 1672 UNS - ok

14:08:47.0862 1672 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

14:08:47.0925 1672 upnphost - ok

14:08:48.0018 1672 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

14:08:48.0049 1672 usbaudio - ok

14:08:48.0096 1672 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

14:08:48.0127 1672 usbccgp - ok

14:08:48.0237 1672 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

14:08:48.0252 1672 usbcir - ok

14:08:48.0283 1672 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

14:08:48.0315 1672 usbehci - ok

14:08:48.0361 1672 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

14:08:48.0393 1672 usbhub - ok

14:08:48.0424 1672 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

14:08:48.0439 1672 usbohci - ok

14:08:48.0471 1672 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

14:08:48.0502 1672 usbprint - ok

14:08:48.0533 1672 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

14:08:48.0564 1672 usbscan - ok

14:08:48.0611 1672 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:08:48.0627 1672 USBSTOR - ok

14:08:48.0673 1672 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

14:08:48.0705 1672 usbuhci - ok

14:08:48.0783 1672 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

14:08:48.0798 1672 usbvideo - ok

14:08:48.0845 1672 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

14:08:48.0892 1672 UxSms - ok

14:08:48.0939 1672 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:08:48.0954 1672 VaultSvc - ok

14:08:49.0017 1672 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

14:08:49.0017 1672 vdrvroot - ok

14:08:49.0095 1672 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

14:08:49.0157 1672 vds - ok

14:08:49.0219 1672 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

14:08:49.0235 1672 vga - ok

14:08:49.0251 1672 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

14:08:49.0313 1672 VgaSave - ok

14:08:49.0344 1672 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

14:08:49.0360 1672 vhdmp - ok

14:08:49.0391 1672 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

14:08:49.0391 1672 viaide - ok

14:08:49.0422 1672 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

14:08:49.0422 1672 volmgr - ok

14:08:49.0469 1672 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

14:08:49.0485 1672 volmgrx - ok

14:08:49.0531 1672 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

14:08:49.0547 1672 volsnap - ok

14:08:49.0578 1672 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

14:08:49.0594 1672 vsmraid - ok

14:08:49.0656 1672 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

14:08:49.0750 1672 VSS - ok

14:08:49.0797 1672 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

14:08:49.0828 1672 vwifibus - ok

14:08:49.0906 1672 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

14:08:49.0921 1672 vwififlt - ok

14:08:49.0984 1672 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

14:08:50.0015 1672 W32Time - ok

14:08:50.0077 1672 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

14:08:50.0093 1672 WacomPen - ok

14:08:50.0140 1672 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

14:08:50.0187 1672 WANARP - ok

14:08:50.0218 1672 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

14:08:50.0249 1672 Wanarpv6 - ok

14:08:50.0358 1672 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

14:08:50.0405 1672 WatAdminSvc - ok

14:08:50.0499 1672 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

14:08:50.0561 1672 wbengine - ok

14:08:50.0623 1672 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

14:08:50.0639 1672 WbioSrvc - ok

14:08:50.0701 1672 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

14:08:50.0717 1672 wcncsvc - ok

14:08:50.0748 1672 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

14:08:50.0764 1672 WcsPlugInService - ok

14:08:50.0811 1672 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

14:08:50.0826 1672 Wd - ok

14:08:50.0857 1672 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

14:08:50.0889 1672 Wdf01000 - ok

14:08:50.0920 1672 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

14:08:51.0013 1672 WdiServiceHost - ok

14:08:51.0013 1672 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

14:08:51.0029 1672 WdiSystemHost - ok

14:08:51.0138 1672 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

14:08:51.0185 1672 WebClient - ok

14:08:51.0232 1672 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

14:08:51.0279 1672 Wecsvc - ok

14:08:51.0310 1672 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

14:08:51.0357 1672 wercplsupport - ok

14:08:51.0435 1672 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

14:08:51.0481 1672 WerSvc - ok

14:08:51.0544 1672 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

14:08:51.0575 1672 WfpLwf - ok

14:08:51.0669 1672 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

14:08:51.0669 1672 WimFltr - ok

14:08:51.0700 1672 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

14:08:51.0715 1672 WIMMount - ok

14:08:51.0731 1672 WinDefend - ok

14:08:51.0747 1672 WinHttpAutoProxySvc - ok

14:08:51.0793 1672 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

14:08:51.0840 1672 Winmgmt - ok

14:08:51.0965 1672 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

14:08:52.0074 1672 WinRM - ok

14:08:52.0183 1672 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

14:08:52.0199 1672 WinUsb - ok

14:08:52.0261 1672 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

14:08:52.0308 1672 Wlansvc - ok

14:08:52.0417 1672 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

14:08:52.0495 1672 wlidsvc - ok

14:08:52.0542 1672 wltrysvc (de816a0624d54d68e1fb8a9028dcf81a) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

14:08:52.0558 1672 wltrysvc ( UnsignedFile.Multi.Generic ) - warning

14:08:52.0558 1672 wltrysvc - detected UnsignedFile.Multi.Generic (1)

14:08:52.0667 1672 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

14:08:52.0698 1672 WmiAcpi - ok

14:08:52.0761 1672 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

14:08:52.0792 1672 wmiApSrv - ok

14:08:52.0839 1672 WMPNetworkSvc - ok

14:08:52.0885 1672 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

14:08:52.0901 1672 WPCSvc - ok

14:08:52.0932 1672 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

14:08:52.0948 1672 WPDBusEnum - ok

14:08:52.0995 1672 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

14:08:53.0057 1672 ws2ifsl - ok

14:08:53.0088 1672 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

14:08:53.0119 1672 wscsvc - ok

14:08:53.0166 1672 WSearch - ok

14:08:53.0275 1672 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

14:08:53.0385 1672 wuauserv - ok

14:08:53.0463 1672 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

14:08:53.0525 1672 WudfPf - ok

14:08:53.0650 1672 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

14:08:53.0681 1672 WUDFRd - ok

14:08:53.0712 1672 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

14:08:53.0759 1672 wudfsvc - ok

14:08:53.0775 1672 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

14:08:53.0806 1672 WwanSvc - ok

14:08:53.0884 1672 MBR (0x1B8) (e9f67288208d53ef770f82e186904857) \Device\Harddisk0\DR0

14:08:53.0931 1672 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

14:08:53.0931 1672 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

14:08:53.0977 1672 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

14:08:53.0977 1672 \Device\Harddisk0\DR0 - detected TDSS File System (1)

14:08:54.0009 1672 Boot (0x1200) (968d613a98673a9b1e5aff3358e72170) \Device\Harddisk0\DR0\Partition0

14:08:54.0009 1672 \Device\Harddisk0\DR0\Partition0 - ok

14:08:54.0024 1672 Boot (0x1200) (ec7a06e888a1b22ccdee0d0b2ee5ec30) \Device\Harddisk0\DR0\Partition1

14:08:54.0024 1672 \Device\Harddisk0\DR0\Partition1 - ok

14:08:54.0024 1672 ============================================================

14:08:54.0024 1672 Scan finished

14:08:54.0024 1672 ============================================================

14:08:54.0024 1664 Detected object count: 9

14:08:54.0024 1664 Actual detected object count: 9

14:09:28.0999 1664 Akamai ( HiddenFile.Multi.Generic ) - skipped by user

14:09:28.0999 1664 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

14:09:28.0999 1664 Amazon Download Agent ( UnsignedFile.Multi.Generic ) - skipped by user

14:09:28.0999 1664 Amazon Download Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:09:29.0015 1664 DCService.exe ( UnsignedFile.Multi.Generic ) - skipped by user

14:09:29.0015 1664 DCService.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:09:29.0031 1664 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user

14:09:29.0031 1664 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:09:29.0046 1664 PEVSystemStart ( UnsignedFile.Multi.Generic ) - skipped by user

14:09:29.0046 1664 PEVSystemStart ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:09:29.0062 1664 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user

14:09:29.0062 1664 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:09:29.0077 1664 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user

14:09:29.0077 1664 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:09:29.0249 1664 \Device\Harddisk0\DR0\# - copied to quarantine

14:09:29.0249 1664 \Device\Harddisk0\DR0 - copied to quarantine

14:09:29.0311 1664 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

14:09:29.0327 1664 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

14:09:29.0327 1664 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

14:09:29.0343 1664 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

14:09:29.0405 1664 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

14:09:29.0421 1664 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

14:09:29.0421 1664 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

14:09:29.0421 1664 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

14:09:29.0436 1664 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

14:09:29.0436 1664 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

14:09:29.0436 1664 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

14:09:29.0436 1664 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

14:09:29.0483 1664 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

14:09:29.0483 1664 \Device\Harddisk0\DR0 - ok

14:09:29.0483 1664 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

14:09:29.0483 1664 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

14:09:29.0483 1664 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

14:09:38.0375 1452 Deinitialize success

Share this post


Link to post
Share on other sites

I reran the kdsskiller in safe mode

I also ran malwarebytes in safe mode

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.04.06.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Bob Jones :: DELL-LAPTOP [administrator]

Protection: Disabled

4/8/2012 2:26:57 PM

mbam-log-2012-04-08 (14-26-57).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 204742

Time elapsed: 4 minute(s), 53 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

After rebooting to normal bootup, I reran malwarebytes again and it didn't fine any errors.

I SEEM to be running ok now. Will keep an eye on it.

If I have further problems I will post to this thread

Also, I registered my malwarebytes, but never got my key. How can I get a copy of it?

Share this post


Link to post
Share on other sites

These steps, it is important to be executed in normal mode. Please repeat to make sure that results are those.

Share this post


Link to post
Share on other sites
Also, I registered my malwarebytes, but never got my key. How can I get a copy of it?

You should contact CleverBridge Support. They'll be able to re-send your ID and Key. Check about the e-mail at spam/junk folders too, as the email they sent with your ID and Key may be in there.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.