SVChost.exe Virus and I are still not Friends

SoulAmiss · June 27, 2012

Old post, correct forum: Like a lot of people on here, I have gotten infected by the svchost.exe. Maleware finds it but nothnig else does. I quarantine it, I remove it, Maleware asks me to start over, and it's still there. Maleware thinks it's getting rid of it but it's not. I tried running rkill then maleware and that didn't do it. I've tried to run maleware in safe mode but my screen goes dark before it's done and I have to do a hard reboot to get it back. I turned off the screen saver and played with the power saving settings telling it not to go dark but something's not listening. I've followed the advice in other trheads and can't shake this thing. What do I do? Here is the DDS list.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 1/22/2010 8:49:00 PM

System Uptime: 6/22/2012 6:40:22 PM (16 hours ago)

.

Motherboard: DELL Inc. | | 0X501H

Processor: Intel® Core i7 CPU 920 @ 2.67GHz | CPU 1 | 1574/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 587 GiB total, 302.402 GiB free.

F: is FIXED (NTFS) - 112 GiB total, 58.334 GiB free.

G: is FIXED (FAT32) - 466 GiB total, 354.164 GiB free.

H: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}

Description: CD-ROM Drive

Device ID: IDE\CDROMHL-DT-ST_DVD-ROM_DH20N__________________A102____\4&D7DB6A6&0&0.0.0

Manufacturer: (Standard CD-ROM drives)

Name: HL-DT-ST DVD-ROM DH20N

PNP Device ID: IDE\CDROMHL-DT-ST_DVD-ROM_DH20N__________________A102____\4&D7DB6A6&0&0.0.0

Service: cdrom

.

Class GUID: {36fc9e60-c465-11cf-8056-444553540000}

Description: Unknown Device

Device ID: USB\VID_0000&PID_0000\5&4051B8C&0&3

Manufacturer: (Standard USB Host Controller)

Name: Unknown Device

PNP Device ID: USB\VID_0000&PID_0000\5&4051B8C&0&3

Service:

.

Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}

Description: CD-ROM Drive

Device ID: IDE\CDROMPLDS_DVD+-RW_DH-16AAS___________________JD12____\4&D7DB6A6&0&0.1.0

Manufacturer: (Standard CD-ROM drives)

Name: PLDS DVD+-RW DH-16AAS

PNP Device ID: IDE\CDROMPLDS_DVD+-RW_DH-16AAS___________________JD12____\4&D7DB6A6&0&0.1.0

Service: cdrom

.

==== System Restore Points ===================

.

RP212: 6/21/2012 3:00:28 AM - Windows Update

RP213: 6/21/2012 6:47:20 AM - Windows Update

RP214: 6/21/2012 10:40:06 AM - Windows Update

RP215: 6/21/2012 10:42:51 AM - Windows Update

RP216: 6/21/2012 8:33:01 PM - Windows Update

RP217: 6/22/2012 3:00:24 AM - Windows Update

RP218: 6/23/2012 3:00:26 AM - Windows Update

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Creative Suite 4 Master Collection

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Media Player

Adobe Reader 9.5.1

Adobe Setup

Adobe Shockwave Player 11.5

Akamai NetSession Interface

Akamai NetSession Interface Service

Amazon MP3 Downloader 1.0.12

Apple Application Support

Apple Software Update

Banctec Service Agreement

Complete Care Consumer Service Agreement

ConvertHelper 2.2

D3DX10

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell Getting Started Guide

DirectXInstallService

EA Download Manager

EA Download Manager UI

EMC 10 Content

Facebook Plug-In

GoToAssist 8.0.0.514

HMA! Pro VPN 2.6.9

IrfanView (remove only)

Java Auto Updater

Java 6 Update 30

Junk Mail filter update

Lexmark 640 Series

Malwarebytes Anti-Malware version 1.61.0.1400

McAfee SecurityCenter

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSN Toolbar

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NavNet

NirSoft Mail PassView

NVIDIA PhysX

PatchBeam

PowerArchiver 2011

QuickTime

Realtek High Definition Audio Driver

Roxio Activation Module

Roxio BackOnTrack

Roxio Central Audio

Roxio Central Copy

Roxio Central Core

Roxio Central Data

Roxio Central Tools

Roxio Easy CD and DVD Burning

Roxio Express Labeler 3

Roxio Update Manager

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Sonic CinePlayer Decoder Pack

SoulSeek 157 NS 13e

Spelling Dictionaries Support For Adobe Reader 9

STK03N

The Sims™ 2 Double Deluxe

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

VLC media player 1.0.2

Vuze

Winamp

Winamp Detector Plug-in

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

WordPerfect Office 2002

Yahoo! Detect

.

==== Event Viewer Messages From Past Week ========

.

6/23/2012 3:00:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error

0x80070643: Security Update for Windows 7 for x64-based Systems (KB2709715).

6/23/2012 3:00:32 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.

6/22/2012 5:57:13 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service

might not be installed.

6/21/2012 8:42:27 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed

to start because of the following error: The dependency service or group failed to start.

6/21/2012 8:41:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in

order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

6/21/2012 8:41:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in

order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

6/21/2012 8:41:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in

order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

6/21/2012 8:41:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in

order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

6/21/2012 8:41:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments

"" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

6/21/2012 8:41:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with

arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

6/21/2012 8:40:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdrom DfsC discache mfehidk

mfenlfk NetBIOS NetBT nsiproxy Psched rdbss RxFilter spldr tdx vwififlt Wanarpv6 WfpLwf

6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start

because of the following error: The dependency service or group failed to start.

6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service

which failed to start because of the following error: A device attached to the system is not functioning.

6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub

Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine

service which failed to start because of the following error: The dependency service or group failed to start.

6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine

service which failed to start because of the following error: The dependency service or group failed to start.

6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which

failed to start because of the following error: A device attached to the system is not functioning.

6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service

which failed to start because of the following error: The dependency service or group failed to start.

6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk

service which failed to start because of the following error: A device attached to the system is not functioning.

6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed

to start because of the following error: The dependency service or group failed to start.

6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service

which failed to start because of the following error: The dependency service or group failed to start.

6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection

Service service which failed to start because of the following error: The dependency service or group failed to start.

6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which

failed to start because of the following error: The dependency service or group failed to start.

6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to

start because of the following error: A device attached to the system is not functioning.

6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed

to start because of the following error: A device attached to the system is not functioning.

6/21/2012 8:40:44 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the

following error: The dependency service or group failed to start.

6/21/2012 8:34:12 PM, Error: Microsoft-Windows-WMPNSS-Service [14329] - Service 'WMPNetworkSvc' did not start correctly because the registry could not be

updated due to error '0x80070006'. If possible, reinstall Windows Media Player.

6/21/2012 8:29:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom RxFilter

6/21/2012 8:29:54 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be

installed.

6/21/2012 8:29:54 PM, Error: Service Control Manager [7002] - The Unibrain 1394 SBM Driver service depends on the UB1394 Miniport group and no member of

this group started.

6/21/2012 8:29:54 PM, Error: Service Control Manager [7002] - The Unibrain 1394 FireAPI Driver service depends on the UB1394 Miniport group and no member

of this group started.

6/21/2012 8:29:54 PM, Error: Service Control Manager [7000] - The Unibrain 1394 OHCI Driver service failed to start due to the following error: Unibrain 1394

OHCI Driver is not a valid Win32 application.

6/21/2012 8:29:54 PM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the

file specified.

6/21/2012 8:29:53 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not

exist as an installed service.

6/21/2012 8:29:53 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service

might not be installed.

6/21/2012 8:28:40 PM, Error: Service Control Manager [7016] - The NVIDIA Display Driver Service service has reported an invalid current state 32.

6/21/2012 8:13:48 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.

6/21/2012 2:09:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments ""

in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

6/21/2012 12:58:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments ""

in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}

6/21/2012 1:37:23 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004

6/19/2012 2:27:49 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was:

0x00000050 (0xfffff8a00087f000, 0x0000000000000000, 0xfffff800028d8a0a, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report

Id: 061912-32947-01.

6/19/2012 12:34:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file.

6/19/2012 12:34:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was:

0x0000001e (0xffffffffc0000005, 0xfffff800034c482f, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report

Id: .

6/17/2012 2:26:37 PM, Error: sbp2port [20] - A transport driver received a frame which violated the protocol.

.

==== End Of File ===========================

MrCharlie · June 27, 2012

Welcome to the forum, can you post the DDS log....what you posted is the Attach.txt.

also.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!!!!!!!)

Post back the report.

MrC

SoulAmiss · June 27, 2012

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30

Run by I'm Lee at 18:27:12 on 2012-06-27

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6557 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\mfevtps.exe

C:\Windows\system32\p2csvc.exe

C:\Windows\SysWOW64\p2csvc32.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Panasonic P2\Drivers\App\P2TaskTray.exe

C:\Windows\STK03N\STK03NM.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files (x86)\Winamp\winampa.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\Common Files\McAfee\Core\mchost.exe

c:\PROGRA~1\mcafee\msc\mcupdmgr.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Windows\system32\taskhost.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

c:\program files (x86)\common files\installshield\updateservice\isuspm.exe

c:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622190405.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

uRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

uRun: [Akamai NetSession Interface] "C:\Users\I'm Lee\AppData\Local\Akamai\netsession_win.exe"

mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\I'MLEE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\P2CARD~1.LNK - C:\Program Files (x86)\Panasonic P2\Drivers\App\P2TaskTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STK03N~1.LNK - C:\Windows\STK03N\STK03NM.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: DhcpNameServer = 97.64.168.12 97.64.183.165

TCP: Interfaces\{B9043A83-41BB-4C35-AE2C-9C08648EE55B} : DhcpNameServer = 97.64.168.12 97.64.183.165

TCP: Interfaces\{B9043A83-41BB-4C35-AE2C-9C08648EE55B}\A6F6E65637 : DhcpNameServer = 97.64.168.12 97.64.183.165

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll

Handler: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files (x86)\NavNetApp\ComUtilities.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO-X64: McAfee Phishing Filter - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622190405.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\I'm Lee\AppData\Roaming\Mozilla\Firefox\Profiles\vv00rrof.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15623

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.photobucket.com

FF - prefs.js: keyword.URL - hxxp://utils.babylon.com/abt/index.php?url=

FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\I'm Lee\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-1-14 92160]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-17 654408]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-17 249936]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-17 249936]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-8-21 199272]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-8-21 210584]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

R2 p2csvc;p2csvc;C:\Windows\system32\p2csvc.exe -service --> C:\Windows\system32\p2csvc.exe -service [?]

R2 p2csvc32;p2csvc32;C:\Windows\SysWOW64\p2csvc32.exe -service --> C:\Windows\SysWOW64\p2csvc32.exe -service [?]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-1-14 656624]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 0323841340409849mcinstcleanup;McAfee Application Installer Cleanup (0323841340409849);C:\Windows\TEMP\032384~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Windows\TEMP\032384~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-17 249936]

S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]

S2 ubsbm;Unibrain 1394 SBM Driver;C:\Windows\system32\DRIVERS\ubsbm.sys --> C:\Windows\system32\DRIVERS\ubsbm.sys [?]

S2 ubumapi;Unibrain 1394 FireAPI Driver;C:\Windows\system32\DRIVERS\ubumapi.sys --> C:\Windows\system32\DRIVERS\ubumapi.sys [?]

S3 65897487;65897487;C:\Windows\system32\drivers\16495956.sys --> C:\Windows\system32\drivers\16495956.sys [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-17 250056]

S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-13 113120]

S3 p2usb;Panasonic P2 Series USB Device;C:\Windows\system32\DRIVERS\p2usb.sys --> C:\Windows\system32\DRIVERS\p2usb.sys [?]

S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 ubohci;Unibrain 1394 OHCI Driver;C:\Windows\system32\DRIVERS\ubohci.sys --> C:\Windows\system32\DRIVERS\ubohci.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam.sys --> C:\Windows\system32\DRIVERS\wdcsam.sys [?]

.

=============== Created Last 30 ================

.

2012-06-25 22:49:01 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-25 22:49:01 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-23 00:04:04 29312 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll

2012-06-22 01:46:07 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{7A309D0B-6E35-459E-864E-BD63F06F962A}

2012-06-22 01:45:29 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{AC47AFA3-4464-4D38-AB93-0F56FBACA8D5}

2012-06-22 01:30:53 20480 ----a-w- C:\Windows\svchost.exe

2012-06-21 19:37:51 -------- d-sh--w- C:\found.000

2012-06-21 18:42:17 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{EC406987-BACA-4C27-A98E-A1A9B032BC4C}

2012-06-21 11:50:53 -------- d-----w- C:\Program Files\CCleaner

2012-06-21 11:47:47 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-21 11:47:38 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-21 11:47:32 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-21 11:47:32 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-21 01:27:25 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{CE3110ED-418A-4636-86ED-CF0EF17642E3}

2012-06-21 01:27:14 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{6493A9FB-BE82-439E-A228-9336C9918B6F}

2012-06-20 03:07:24 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{82C31541-7A8D-4480-A1DE-07F0968697BA}

2012-06-19 18:12:08 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{F92F40AA-2781-4D7E-BEAB-79B4FD5AAA22}

2012-06-19 18:11:57 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{09CFE355-3036-4E43-BF73-3B4C5360C9D2}

2012-06-17 14:10:16 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-17 14:10:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-17 13:52:22 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-17 13:52:22 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-16 16:32:43 -------- d-----w- C:\ProgramData\Caphyon

2012-06-16 16:32:41 -------- d-----w- C:\Program Files (x86)\PatchBeam

2012-06-16 16:32:34 -------- d-----w- C:\Program Files (x86)\PowerArchiver

2012-06-15 22:18:54 -------- d-----w- C:\AdobeTemp

2012-06-15 22:03:24 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{46650B5C-2A6B-433B-A455-7EA74CAA389C}

2012-06-15 21:59:35 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{3D2FAC68-74B7-4611-B90E-A0786D0850C4}

2012-06-15 21:55:02 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{F559CC18-D9BF-414F-94EA-3C5AD63F290F}

2012-06-14 22:15:58 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{90C0F824-304F-46BC-8196-E94BC43BBC79}

2012-06-14 22:15:47 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{CEA53AF8-AF48-4BAF-B683-1201B0EA331F}

2012-06-14 01:15:24 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-06-12 00:21:14 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{ED9C34BB-B248-416F-911F-0252B3CA11C9}

2012-06-12 00:21:03 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{6E87F58A-F06E-4F7E-904B-E9B232589742}

2012-06-11 23:16:26 -------- d-----w- C:\Windows\en

2012-06-11 23:14:24 19736 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-06-11 23:11:46 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\92a1b4ad1cd482704\DSETUP.dll

2012-06-11 23:11:46 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\92a1b4ad1cd482704\DXSETUP.exe

2012-06-11 23:11:46 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\92a1b4ad1cd482704\dsetup32.dll

2012-06-11 23:11:03 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{7861E9A2-A6E1-40C8-8F11-1B2409998164}

2012-06-11 23:10:52 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{DF72AC91-5AAA-4306-B699-BEDAE93935E6}

2012-06-11 23:04:17 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-06-11 23:04:17 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll

2012-06-11 23:04:17 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2012-06-11 23:03:33 -------- d-----w- C:\Program Files\iPod

2012-06-11 23:03:31 -------- d-----w- C:\Program Files\iTunes

2012-06-11 00:19:31 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{98EDC165-034E-4B7C-98DF-0B09558F026B}

2012-06-11 00:07:50 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{C5B656A9-27B1-49A5-92A7-EBC9C73403F3}

2012-06-10 20:45:41 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{536B35C2-8D33-4525-9574-A31B550DBB01}

2012-06-10 20:34:17 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{222EA398-8B77-47F8-864F-3A0ED802A226}

2012-06-10 20:34:04 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{5E25C2AB-744C-40AD-B148-92187C9288A8}

2012-06-10 20:17:23 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{C1B7FE04-7F60-4C2D-A536-73F7CCA42F04}

2012-06-10 14:21:46 -------- d-----w- C:\Users\I'm Lee\AppData\Local\Macromedia

2012-06-10 14:05:38 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{C1D1668E-8283-4DE3-95D8-506D3D4313EB}

2012-06-10 14:05:26 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{D01AE271-FAA1-43CB-888A-C529A9E94A03}

2012-06-10 13:51:44 -------- d-----w- C:\Users\I'm Lee\AppData\Local\ElevatedDiagnostics

2012-06-10 13:41:15 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{72C6AAB1-1053-4A29-ABCC-48F6EE70D8FC}

2012-06-10 13:41:03 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{9C03DE12-EEF6-4038-A2C3-491B29614432}

2012-06-10 12:28:41 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{E1F60980-6FE4-463B-BC18-638EF2C75F6D}

2012-06-06 18:56:24 -------- d-----w- C:\Users\I'm Lee\Photocensoredet

2012-06-06 18:24:01 -------- d-----w- C:\Program Files (x86)\Photocensoredet

2012-05-30 01:02:18 -------- d-----w- C:\Users\I'm Lee\AppData\Local\{E4FC379C-E78A-4C09-92C6-1166BA1139EC}

.

==================== Find3M ====================

.

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-04-19 01:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2012-04-19 01:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll

2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

============= FINISH: 18:27:58.04 ===============

MrCharlie · June 27, 2012

Can you post the log from RogueKiller.

MrC

SoulAmiss · June 28, 2012

RogueKiller V7.6.0 [06/26/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: I'm Lee [Admin rights]

Mode: Scan -- Date: 06/27/2012 18:33:34

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD642JJ +++++

--- User ---

[MBR] bc17261b85527aa1356e67a794d2bfcb

[bSP] 03e305809de40ceaf54bfec6cdaeba67 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 9342 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 19214336 | Size: 601097 Mo

User != LL1 ... KO!

--- LL1 ---

[MBR] 45bed0fe84cb6bb45ca9c2050579b918

[bSP] 03e305809de40ceaf54bfec6cdaeba67 : Windows Vista MBR Code

Partition table:

1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 9342 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 19214336 | Size: 601097 Mo

User != LL2 ... KO!

--- LL2 ---

[MBR] 45bed0fe84cb6bb45ca9c2050579b918

[bSP] 03e305809de40ceaf54bfec6cdaeba67 : Windows Vista MBR Code

Partition table:

1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 9342 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 19214336 | Size: 601097 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

MrCharlie · June 28, 2012

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

SoulAmiss · June 29, 2012

20:22:47.0092 4460 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32

20:22:47.0092 4460 ============================================================

20:22:47.0092 4460 Current date / time: 2012/06/28 20:22:47.0092

20:22:47.0092 4460 SystemInfo:

20:22:47.0092 4460

20:22:47.0092 4460 OS Version: 6.1.7601 ServicePack: 1.0

20:22:47.0092 4460 Product type: Workstation

20:22:47.0092 4460 ComputerName: SASSAFRASQUATCH

20:22:47.0092 4460 UserName: I'm Lee

20:22:47.0092 4460 Windows directory: C:\Windows

20:22:47.0092 4460 System windows directory: C:\Windows

20:22:47.0092 4460 Running under WOW64

20:22:47.0092 4460 Processor architecture: Intel x64

20:22:47.0092 4460 Number of processors: 8

20:22:47.0092 4460 Page size: 0x1000

20:22:47.0092 4460 Boot type: Normal boot

20:22:47.0092 4460 ============================================================

20:22:49.0073 4460 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

20:22:49.0088 4460 ============================================================

20:22:49.0088 4460 \Device\Harddisk0\DR0:

20:22:49.0088 4460 MBR partitions:

20:22:49.0088 4460 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x123F000

20:22:49.0088 4460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1253000, BlocksNum 0x49604800

20:22:49.0088 4460 ============================================================

20:22:49.0135 4460 C: <-> \Device\Harddisk0\DR0\Partition1

20:22:49.0135 4460 ============================================================

20:22:49.0135 4460 Initialize success

20:22:49.0135 4460 ============================================================

20:22:55.0812 4512 ============================================================

20:22:55.0812 4512 Scan started

20:22:55.0812 4512 Mode: Manual; SigCheck; TDLFS;

20:22:55.0812 4512 ============================================================

20:22:56.0935 4512 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

20:23:05.0500 4512 1394ohci - ok

20:23:05.0546 4512 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys

20:23:05.0624 4512 61883 - ok

20:23:05.0687 4512 65897487 (a76e27c387a1309564349992ea5462c0) C:\Windows\system32\drivers\16495956.sys

20:23:05.0734 4512 65897487 - ok

20:23:05.0796 4512 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

20:23:05.0827 4512 ACPI - ok

20:23:05.0858 4512 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

20:23:05.0936 4512 AcpiPmi - ok

20:23:05.0983 4512 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys

20:23:05.0999 4512 adfs - ok

20:23:06.0170 4512 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

20:23:06.0186 4512 AdobeFlashPlayerUpdateSvc - ok

20:23:06.0264 4512 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

20:23:06.0280 4512 adp94xx - ok

20:23:06.0358 4512 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

20:23:06.0389 4512 adpahci - ok

20:23:06.0404 4512 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

20:23:06.0436 4512 adpu320 - ok

20:23:06.0467 4512 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

20:23:06.0592 4512 AeLookupSvc - ok

20:23:06.0685 4512 AERTFilters (3ac22a3dfa8a050e35f0e3cd99d0cdf2) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

20:23:06.0763 4512 AERTFilters - ok

20:23:06.0857 4512 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

20:23:06.0935 4512 AFD - ok

20:23:06.0997 4512 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

20:23:07.0028 4512 agp440 - ok

20:23:07.0372 4512 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll

20:23:07.0372 4512 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af

20:23:07.0372 4512 Akamai ( HiddenFile.Multi.Generic ) - warning

20:23:07.0372 4512 Akamai - detected HiddenFile.Multi.Generic (1)

20:23:07.0481 4512 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

20:23:07.0543 4512 ALG - ok

20:23:07.0606 4512 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

20:23:07.0637 4512 aliide - ok

20:23:07.0637 4512 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

20:23:07.0652 4512 amdide - ok

20:23:07.0684 4512 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

20:23:07.0746 4512 AmdK8 - ok

20:23:07.0762 4512 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

20:23:07.0808 4512 AmdPPM - ok

20:23:07.0840 4512 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

20:23:07.0855 4512 amdsata - ok

20:23:07.0886 4512 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

20:23:07.0902 4512 amdsbs - ok

20:23:07.0918 4512 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

20:23:07.0933 4512 amdxata - ok

20:23:07.0980 4512 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

20:23:08.0120 4512 AppID - ok

20:23:08.0136 4512 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

20:23:08.0214 4512 AppIDSvc - ok

20:23:08.0261 4512 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

20:23:08.0308 4512 Appinfo - ok

20:23:08.0417 4512 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

20:23:08.0432 4512 Apple Mobile Device - ok

20:23:08.0479 4512 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

20:23:08.0495 4512 arc - ok

20:23:08.0510 4512 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

20:23:08.0526 4512 arcsas - ok

20:23:08.0557 4512 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

20:23:08.0604 4512 AsyncMac - ok

20:23:08.0666 4512 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

20:23:08.0682 4512 atapi - ok

20:23:08.0822 4512 athr (195786ed7a26e1913a4f9799fdbc2c71) C:\Windows\system32\DRIVERS\athrx.sys

20:23:08.0916 4512 athr - ok

20:23:09.0072 4512 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

20:23:09.0150 4512 AudioEndpointBuilder - ok

20:23:09.0150 4512 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

20:23:09.0181 4512 AudioSrv - ok

20:23:09.0244 4512 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys

20:23:09.0290 4512 Avc - ok

20:23:09.0353 4512 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

20:23:09.0431 4512 AxInstSV - ok

20:23:09.0509 4512 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

20:23:09.0556 4512 b06bdrv - ok

20:23:09.0634 4512 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

20:23:09.0665 4512 b57nd60a - ok

20:23:09.0712 4512 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

20:23:09.0758 4512 BDESVC - ok

20:23:09.0774 4512 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

20:23:09.0836 4512 Beep - ok

20:23:09.0914 4512 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

20:23:10.0008 4512 BITS - ok

20:23:10.0055 4512 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

20:23:10.0086 4512 blbdrive - ok

20:23:10.0195 4512 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

20:23:10.0226 4512 Bonjour Service - ok

20:23:10.0273 4512 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

20:23:10.0289 4512 bowser - ok

20:23:10.0320 4512 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

20:23:10.0351 4512 BrFiltLo - ok

20:23:10.0367 4512 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

20:23:10.0398 4512 BrFiltUp - ok

20:23:10.0429 4512 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

20:23:10.0492 4512 Browser - ok

20:23:10.0538 4512 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

20:23:10.0601 4512 Brserid - ok

20:23:10.0616 4512 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

20:23:10.0648 4512 BrSerWdm - ok

20:23:10.0663 4512 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

20:23:10.0694 4512 BrUsbMdm - ok

20:23:10.0726 4512 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

20:23:10.0757 4512 BrUsbSer - ok

20:23:10.0772 4512 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

20:23:10.0819 4512 BTHMODEM - ok

20:23:10.0866 4512 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

20:23:10.0913 4512 bthserv - ok

20:23:10.0960 4512 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

20:23:11.0006 4512 cdfs - ok

20:23:11.0053 4512 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

20:23:11.0100 4512 cdrom - ok

20:23:11.0147 4512 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

20:23:11.0209 4512 CertPropSvc - ok

20:23:11.0256 4512 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys

20:23:11.0287 4512 cfwids - ok

20:23:11.0303 4512 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

20:23:11.0334 4512 circlass - ok

20:23:11.0381 4512 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

20:23:11.0412 4512 CLFS - ok

20:23:11.0490 4512 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:23:11.0506 4512 clr_optimization_v2.0.50727_32 - ok

20:23:11.0568 4512 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

20:23:11.0584 4512 clr_optimization_v2.0.50727_64 - ok

20:23:11.0677 4512 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:23:11.0724 4512 clr_optimization_v4.0.30319_32 - ok

20:23:11.0755 4512 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

20:23:11.0771 4512 clr_optimization_v4.0.30319_64 - ok

20:23:11.0802 4512 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

20:23:11.0833 4512 CmBatt - ok

20:23:11.0864 4512 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

20:23:11.0864 4512 cmdide - ok

20:23:11.0942 4512 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

20:23:11.0989 4512 CNG - ok

20:23:12.0005 4512 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

20:23:12.0020 4512 Compbatt - ok

20:23:12.0067 4512 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

20:23:12.0098 4512 CompositeBus - ok

20:23:12.0114 4512 COMSysApp - ok

20:23:12.0130 4512 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

20:23:12.0145 4512 crcdisk - ok

20:23:12.0192 4512 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

20:23:12.0239 4512 CryptSvc - ok

20:23:12.0301 4512 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

20:23:12.0348 4512 DcomLaunch - ok

20:23:12.0395 4512 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

20:23:12.0473 4512 defragsvc - ok

20:23:12.0504 4512 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

20:23:12.0566 4512 DfsC - ok

20:23:12.0644 4512 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

20:23:12.0691 4512 Dhcp - ok

20:23:12.0738 4512 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

20:23:12.0800 4512 discache - ok

20:23:12.0832 4512 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

20:23:12.0847 4512 Disk - ok

20:23:12.0894 4512 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

20:23:12.0956 4512 Dnscache - ok

20:23:13.0034 4512 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe

20:23:13.0066 4512 DockLoginService ( UnsignedFile.Multi.Generic ) - warning

20:23:13.0066 4512 DockLoginService - detected UnsignedFile.Multi.Generic (1)

20:23:13.0112 4512 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

20:23:13.0175 4512 dot3svc - ok

20:23:13.0222 4512 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

20:23:13.0284 4512 DPS - ok

20:23:13.0300 4512 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

20:23:13.0346 4512 drmkaud - ok

20:23:13.0456 4512 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

20:23:13.0471 4512 DXGKrnl - ok

20:23:13.0518 4512 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

20:23:13.0580 4512 EapHost - ok

20:23:13.0846 4512 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

20:23:13.0892 4512 ebdrv - ok

20:23:14.0002 4512 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

20:23:14.0064 4512 EFS - ok

20:23:14.0173 4512 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

20:23:14.0236 4512 ehRecvr - ok

20:23:14.0267 4512 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

20:23:14.0298 4512 ehSched - ok

20:23:14.0407 4512 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

20:23:14.0423 4512 elxstor - ok

20:23:14.0454 4512 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

20:23:14.0501 4512 ErrDev - ok

20:23:14.0548 4512 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

20:23:14.0610 4512 EventSystem - ok

20:23:14.0641 4512 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

20:23:14.0688 4512 exfat - ok

20:23:14.0719 4512 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

20:23:14.0750 4512 fastfat - ok

20:23:14.0860 4512 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

20:23:14.0922 4512 Fax - ok

20:23:14.0938 4512 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

20:23:14.0984 4512 fdc - ok

20:23:15.0016 4512 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

20:23:15.0078 4512 fdPHost - ok

20:23:15.0094 4512 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

20:23:15.0140 4512 FDResPub - ok

20:23:15.0172 4512 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

20:23:15.0187 4512 FileInfo - ok

20:23:15.0187 4512 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

20:23:15.0234 4512 Filetrace - ok

20:23:15.0250 4512 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

20:23:15.0250 4512 flpydisk - ok

20:23:15.0312 4512 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

20:23:15.0328 4512 FltMgr - ok

20:23:15.0452 4512 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

20:23:15.0484 4512 FontCache - ok

20:23:15.0562 4512 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

20:23:15.0577 4512 FontCache3.0.0.0 - ok

20:23:15.0624 4512 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

20:23:15.0655 4512 FsDepends - ok

20:23:15.0686 4512 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

20:23:15.0702 4512 Fs_Rec - ok

20:23:15.0764 4512 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

20:23:15.0796 4512 fvevol - ok

20:23:15.0811 4512 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

20:23:15.0842 4512 gagp30kx - ok

20:23:15.0920 4512 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe

20:23:15.0936 4512 GoToAssist - ok

20:23:16.0014 4512 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

20:23:16.0076 4512 gpsvc - ok

20:23:16.0108 4512 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

20:23:16.0154 4512 hcw85cir - ok

20:23:16.0201 4512 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

20:23:16.0248 4512 HDAudBus - ok

20:23:16.0264 4512 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

20:23:16.0279 4512 HidBatt - ok

20:23:16.0295 4512 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

20:23:16.0310 4512 HidBth - ok

20:23:16.0342 4512 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

20:23:16.0373 4512 HidIr - ok

20:23:16.0404 4512 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

20:23:16.0466 4512 hidserv - ok

20:23:16.0498 4512 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

20:23:16.0513 4512 HidUsb - ok

20:23:16.0544 4512 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

20:23:16.0607 4512 hkmsvc - ok

20:23:16.0669 4512 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

20:23:16.0716 4512 HomeGroupListener - ok

20:23:16.0763 4512 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

20:23:16.0794 4512 HomeGroupProvider - ok

20:23:16.0810 4512 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

20:23:16.0825 4512 HpSAMD - ok

20:23:16.0919 4512 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

20:23:16.0981 4512 HTTP - ok

20:23:17.0012 4512 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

20:23:17.0044 4512 hwpolicy - ok

20:23:17.0090 4512 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

20:23:17.0106 4512 i8042prt - ok

20:23:17.0215 4512 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

20:23:17.0231 4512 IAANTMON - ok

20:23:17.0278 4512 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys

20:23:17.0309 4512 iaStor - ok

20:23:17.0371 4512 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

20:23:17.0387 4512 iaStorV - ok

20:23:17.0652 4512 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

20:23:17.0683 4512 idsvc - ok

20:23:17.0699 4512 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

20:23:17.0714 4512 iirsp - ok

20:23:17.0808 4512 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

20:23:17.0870 4512 IKEEXT - ok

20:23:18.0026 4512 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys

20:23:18.0073 4512 IntcAzAudAddService - ok

20:23:18.0214 4512 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

20:23:18.0229 4512 intelide - ok

20:23:18.0260 4512 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

20:23:18.0292 4512 intelppm - ok

20:23:18.0323 4512 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

20:23:18.0354 4512 IPBusEnum - ok

20:23:18.0401 4512 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:23:18.0448 4512 IpFilterDriver - ok

20:23:18.0479 4512 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

20:23:18.0510 4512 IPMIDRV - ok

20:23:18.0541 4512 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

20:23:18.0588 4512 IPNAT - ok

20:23:18.0728 4512 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe

20:23:18.0760 4512 iPod Service - ok

20:23:18.0791 4512 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

20:23:18.0853 4512 IRENUM - ok

20:23:18.0884 4512 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

20:23:18.0900 4512 isapnp - ok

20:23:18.0947 4512 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

20:23:18.0962 4512 iScsiPrt - ok

20:23:18.0994 4512 JRAID (71235f7baa7e5e79d38157df7a0f806a) C:\Windows\system32\DRIVERS\jraid.sys

20:23:19.0009 4512 JRAID - ok

20:23:19.0040 4512 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

20:23:19.0056 4512 kbdclass - ok

20:23:19.0087 4512 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

20:23:19.0118 4512 kbdhid - ok

20:23:19.0134 4512 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:23:19.0150 4512 KeyIso - ok

20:23:19.0181 4512 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

20:23:19.0212 4512 KSecDD - ok

20:23:19.0243 4512 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

20:23:19.0259 4512 KSecPkg - ok

20:23:19.0274 4512 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

20:23:19.0321 4512 ksthunk - ok

20:23:19.0399 4512 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

20:23:19.0462 4512 KtmRm - ok

20:23:19.0524 4512 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

20:23:19.0602 4512 LanmanServer - ok

20:23:19.0649 4512 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

20:23:19.0711 4512 LanmanWorkstation - ok

20:23:19.0742 4512 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

20:23:19.0820 4512 lltdio - ok

20:23:19.0883 4512 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

20:23:19.0945 4512 lltdsvc - ok

20:23:19.0976 4512 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

20:23:20.0008 4512 lmhosts - ok

20:23:20.0039 4512 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

20:23:20.0054 4512 LSI_FC - ok

20:23:20.0086 4512 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

20:23:20.0086 4512 LSI_SAS - ok

20:23:20.0101 4512 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

20:23:20.0101 4512 LSI_SAS2 - ok

20:23:20.0117 4512 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

20:23:20.0132 4512 LSI_SCSI - ok

20:23:20.0148 4512 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

20:23:20.0195 4512 luafv - ok

20:23:20.0242 4512 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

20:23:20.0273 4512 MBAMProtector - ok

20:23:20.0382 4512 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

20:23:20.0398 4512 MBAMService - ok

20:23:20.0522 4512 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

20:23:20.0569 4512 McMPFSvc - ok

20:23:20.0569 4512 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

20:23:20.0585 4512 mcmscsvc - ok

20:23:20.0585 4512 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

20:23:20.0600 4512 McNaiAnn - ok

20:23:20.0616 4512 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

20:23:20.0632 4512 McNASvc - ok

20:23:20.0725 4512 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\McAfee\VirusScan\mcods.exe

20:23:20.0756 4512 McODS - ok

20:23:20.0772 4512 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

20:23:20.0788 4512 McProxy - ok

20:23:20.0850 4512 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

20:23:20.0881 4512 McShield - ok

20:23:20.0990 4512 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

20:23:21.0037 4512 Mcx2Svc - ok

20:23:21.0084 4512 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

20:23:21.0100 4512 megasas - ok

20:23:21.0115 4512 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

20:23:21.0146 4512 MegaSR - ok

20:23:21.0209 4512 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys

20:23:21.0224 4512 mfeapfk - ok

20:23:21.0271 4512 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys

20:23:21.0287 4512 mfeavfk - ok

20:23:21.0302 4512 mfeavfk01 - ok

20:23:21.0396 4512 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

20:23:21.0427 4512 mfefire - ok

20:23:21.0474 4512 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys

20:23:21.0490 4512 mfefirek - ok

20:23:21.0568 4512 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys

20:23:21.0599 4512 mfehidk - ok

20:23:21.0630 4512 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys

20:23:21.0661 4512 mfenlfk - ok

20:23:21.0677 4512 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys

20:23:21.0708 4512 mferkdet - ok

20:23:21.0755 4512 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe

20:23:21.0770 4512 mfevtp - ok

20:23:21.0817 4512 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys

20:23:21.0833 4512 mfewfpk - ok

20:23:21.0864 4512 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

20:23:21.0926 4512 MMCSS - ok

20:23:21.0958 4512 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

20:23:22.0020 4512 Modem - ok

20:23:22.0051 4512 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

20:23:22.0082 4512 monitor - ok

20:23:22.0129 4512 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

20:23:22.0145 4512 mouclass - ok

20:23:22.0176 4512 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

20:23:22.0207 4512 mouhid - ok

20:23:22.0238 4512 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

20:23:22.0254 4512 mountmgr - ok

20:23:22.0363 4512 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

20:23:22.0379 4512 MozillaMaintenance - ok

20:23:22.0426 4512 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

20:23:22.0441 4512 mpio - ok

20:23:22.0457 4512 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

20:23:22.0488 4512 mpsdrv - ok

20:23:22.0519 4512 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

20:23:22.0550 4512 MRxDAV - ok

20:23:22.0582 4512 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:23:22.0628 4512 mrxsmb - ok

20:23:22.0675 4512 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:23:22.0722 4512 mrxsmb10 - ok

20:23:22.0753 4512 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:23:22.0769 4512 mrxsmb20 - ok

20:23:22.0800 4512 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

20:23:22.0816 4512 msahci - ok

20:23:22.0847 4512 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

20:23:22.0862 4512 msdsm - ok

20:23:22.0894 4512 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

20:23:22.0940 4512 MSDTC - ok

20:23:23.0003 4512 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys

20:23:23.0050 4512 MSDV - ok

20:23:23.0065 4512 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

20:23:23.0097 4512 Msfs - ok

20:23:23.0112 4512 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

20:23:23.0159 4512 mshidkmdf - ok

20:23:23.0175 4512 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

20:23:23.0190 4512 msisadrv - ok

20:23:23.0221 4512 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

20:23:23.0268 4512 MSiSCSI - ok

20:23:23.0284 4512 msiserver - ok

20:23:23.0409 4512 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

20:23:23.0440 4512 MSK80Service - ok

20:23:23.0455 4512 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

20:23:23.0518 4512 MSKSSRV - ok

20:23:23.0518 4512 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

20:23:23.0549 4512 MSPCLOCK - ok

20:23:23.0549 4512 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

20:23:23.0596 4512 MSPQM - ok

20:23:23.0658 4512 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

20:23:23.0674 4512 MsRPC - ok

20:23:23.0721 4512 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

20:23:23.0736 4512 mssmbios - ok

20:23:23.0736 4512 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

20:23:23.0783 4512 MSTEE - ok

20:23:23.0799 4512 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

20:23:23.0830 4512 MTConfig - ok

20:23:23.0845 4512 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

20:23:23.0861 4512 Mup - ok

20:23:23.0908 4512 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

20:23:23.0970 4512 napagent - ok

20:23:24.0033 4512 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

20:23:24.0079 4512 NativeWifiP - ok

20:23:24.0189 4512 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

20:23:24.0235 4512 NDIS - ok

20:23:24.0251 4512 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

20:23:24.0267 4512 NdisCap - ok

20:23:24.0298 4512 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

20:23:24.0329 4512 NdisTapi - ok

20:23:24.0360 4512 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

20:23:24.0407 4512 Ndisuio - ok

20:23:24.0454 4512 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

20:23:24.0501 4512 NdisWan - ok

20:23:24.0532 4512 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

20:23:24.0563 4512 NDProxy - ok

20:23:24.0579 4512 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

20:23:24.0625 4512 NetBIOS - ok

20:23:24.0657 4512 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

20:23:24.0719 4512 NetBT - ok

20:23:24.0750 4512 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:23:24.0766 4512 Netlogon - ok

20:23:24.0797 4512 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

20:23:24.0859 4512 Netman - ok

20:23:24.0922 4512 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

20:23:24.0984 4512 netprofm - ok

20:23:25.0062 4512 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

20:23:25.0078 4512 NetTcpPortSharing - ok

20:23:25.0125 4512 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

20:23:25.0156 4512 nfrd960 - ok

20:23:25.0218 4512 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

20:23:25.0281 4512 NlaSvc - ok

20:23:25.0296 4512 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

20:23:25.0327 4512 Npfs - ok

20:23:25.0359 4512 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

20:23:25.0374 4512 nsi - ok

20:23:25.0390 4512 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

20:23:25.0421 4512 nsiproxy - ok

20:23:25.0561 4512 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

20:23:25.0593 4512 Ntfs - ok

20:23:25.0733 4512 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

20:23:25.0795 4512 Null - ok

20:23:26.0544 4512 nvlddmkm (feffc8474be060ea7349a172b9810415) C:\Windows\system32\DRIVERS\nvlddmkm.sys

20:23:26.0669 4512 nvlddmkm - ok

20:23:26.0825 4512 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

20:23:26.0841 4512 nvraid - ok

20:23:26.0872 4512 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

20:23:26.0887 4512 nvstor - ok

20:23:26.0950 4512 nvsvc (18aa5ff4ee3fe45a64b98589c62b7fc0) C:\Windows\system32\nvvsvc.exe

20:23:26.0965 4512 nvsvc - ok

20:23:27.0012 4512 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

20:23:27.0043 4512 nv_agp - ok

20:23:27.0199 4512 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

20:23:27.0262 4512 ohci1394 - ok

20:23:27.0433 4512 OpenVPNService (d8a0164a79d4bfd6083945c5431e41e7) C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe

20:23:27.0480 4512 OpenVPNService ( UnsignedFile.Multi.Generic ) - warning

20:23:27.0480 4512 OpenVPNService - detected UnsignedFile.Multi.Generic (1)

20:23:27.0496 4512 p2csvc - ok

20:23:27.0589 4512 p2csvc32 - ok

20:23:27.0636 4512 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

20:23:27.0699 4512 p2pimsvc - ok

20:23:27.0745 4512 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

20:23:27.0777 4512 p2psvc - ok

20:23:27.0839 4512 p2usb (5035825b9217a087ea70497066385fe7) C:\Windows\system32\DRIVERS\p2usb.sys

20:23:27.0886 4512 p2usb - ok

20:23:27.0917 4512 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

20:23:27.0933 4512 Parport - ok

20:23:27.0979 4512 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

20:23:27.0995 4512 partmgr - ok

20:23:28.0026 4512 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

20:23:28.0057 4512 PcaSvc - ok

20:23:28.0104 4512 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

20:23:28.0120 4512 pci - ok

20:23:28.0151 4512 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

20:23:28.0182 4512 pciide - ok

20:23:28.0198 4512 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

20:23:28.0198 4512 pcmcia - ok

20:23:28.0213 4512 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

20:23:28.0229 4512 pcw - ok

20:23:28.0276 4512 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

20:23:28.0338 4512 PEAUTH - ok

20:23:28.0416 4512 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

20:23:28.0463 4512 PerfHost - ok

20:23:28.0603 4512 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

20:23:28.0681 4512 pla - ok

20:23:28.0744 4512 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

20:23:28.0806 4512 PlugPlay - ok

20:23:28.0837 4512 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

20:23:28.0853 4512 PNRPAutoReg - ok

20:23:28.0884 4512 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

20:23:28.0900 4512 PNRPsvc - ok

20:23:28.0962 4512 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

20:23:29.0040 4512 PolicyAgent - ok

20:23:29.0071 4512 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

20:23:29.0118 4512 Power - ok

20:23:29.0196 4512 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

20:23:29.0243 4512 PptpMiniport - ok

20:23:29.0274 4512 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

20:23:29.0305 4512 Processor - ok

20:23:29.0352 4512 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

20:23:29.0415 4512 ProfSvc - ok

20:23:29.0446 4512 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:23:29.0461 4512 ProtectedStorage - ok

20:23:29.0524 4512 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

20:23:29.0571 4512 Psched - ok

20:23:29.0602 4512 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

20:23:29.0617 4512 PxHlpa64 - ok

20:23:29.0758 4512 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

20:23:29.0805 4512 ql2300 - ok

20:23:29.0929 4512 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

20:23:29.0945 4512 ql40xx - ok

20:23:29.0992 4512 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

20:23:30.0023 4512 QWAVE - ok

20:23:30.0023 4512 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

20:23:30.0054 4512 QWAVEdrv - ok

20:23:30.0070 4512 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

20:23:30.0117 4512 RasAcd - ok

20:23:30.0148 4512 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

20:23:30.0179 4512 RasAgileVpn - ok

20:23:30.0195 4512 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

20:23:30.0241 4512 RasAuto - ok

20:23:30.0288 4512 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:23:30.0351 4512 Rasl2tp - ok

20:23:30.0397 4512 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

20:23:30.0444 4512 RasMan - ok

20:23:30.0460 4512 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

20:23:30.0507 4512 RasPppoe - ok

20:23:30.0538 4512 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

20:23:30.0585 4512 RasSstp - ok

20:23:30.0631 4512 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

20:23:30.0694 4512 rdbss - ok

20:23:30.0725 4512 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

20:23:30.0756 4512 rdpbus - ok

20:23:30.0787 4512 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:23:30.0834 4512 RDPCDD - ok

20:23:30.0850 4512 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

20:23:30.0912 4512 RDPENCDD - ok

20:23:30.0928 4512 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

20:23:30.0959 4512 RDPREFMP - ok

20:23:31.0006 4512 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

20:23:31.0053 4512 RDPWD - ok

20:23:31.0115 4512 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

20:23:31.0131 4512 rdyboost - ok

20:23:31.0162 4512 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

20:23:31.0224 4512 RemoteAccess - ok

20:23:31.0255 4512 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

20:23:31.0287 4512 RemoteRegistry - ok

20:23:31.0489 4512 RoxMediaDB10 (05fc44d32a144925eae45570029fd6e1) c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

20:23:31.0521 4512 RoxMediaDB10 - ok

20:23:31.0552 4512 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

20:23:31.0599 4512 RpcEptMapper - ok

20:23:31.0614 4512 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

20:23:31.0630 4512 RpcLocator - ok

20:23:31.0692 4512 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

20:23:31.0739 4512 RpcSs - ok

20:23:31.0786 4512 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

20:23:31.0848 4512 rspndr - ok

20:23:31.0895 4512 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys

20:23:31.0926 4512 RSUSBSTOR - ok

20:23:31.0957 4512 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys

20:23:32.0004 4512 RTL8167 - ok

20:23:32.0020 4512 RxFilter - ok

20:23:32.0051 4512 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:23:32.0051 4512 SamSs - ok

20:23:32.0098 4512 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

20:23:32.0113 4512 sbp2port - ok

20:23:32.0145 4512 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

20:23:32.0176 4512 SCardSvr - ok

20:23:32.0191 4512 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

20:23:32.0223 4512 scfilter - ok

20:23:32.0332 4512 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

20:23:32.0394 4512 Schedule - ok

20:23:32.0425 4512 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

20:23:32.0457 4512 SCPolicySvc - ok

20:23:32.0503 4512 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

20:23:32.0550 4512 SDRSVC - ok

20:23:32.0659 4512 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

20:23:32.0691 4512 SeaPort - ok

20:23:32.0753 4512 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

20:23:32.0815 4512 secdrv - ok

20:23:32.0847 4512 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

20:23:32.0878 4512 seclogon - ok

20:23:32.0909 4512 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

20:23:32.0925 4512 SENS - ok

20:23:32.0940 4512 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

20:23:32.0987 4512 SensrSvc - ok

20:23:33.0018 4512 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

20:23:33.0049 4512 Serenum - ok

20:23:33.0065 4512 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

20:23:33.0096 4512 Serial - ok

20:23:33.0127 4512 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

20:23:33.0143 4512 sermouse - ok

20:23:33.0190 4512 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

20:23:33.0237 4512 SessionEnv - ok

20:23:33.0268 4512 SessionLauncher - ok

20:23:33.0299 4512 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

20:23:33.0346 4512 sffdisk - ok

20:23:33.0361 4512 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

20:23:33.0393 4512 sffp_mmc - ok

20:23:33.0408 4512 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

20:23:33.0455 4512 sffp_sd - ok

20:23:33.0471 4512 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

20:23:33.0502 4512 sfloppy - ok

20:23:33.0595 4512 SftService (7f475425582163602ef1589c0071e521) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

20:23:33.0611 4512 SftService - ok

20:23:33.0673 4512 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

20:23:33.0736 4512 SharedAccess - ok

20:23:33.0798 4512 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

20:23:33.0861 4512 ShellHWDetection - ok

20:23:33.0923 4512 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

20:23:33.0939 4512 SiSRaid2 - ok

20:23:33.0954 4512 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

20:23:33.0970 4512 SiSRaid4 - ok

20:23:33.0985 4512 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

20:23:34.0048 4512 Smb - ok

20:23:34.0095 4512 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

20:23:34.0126 4512 SNMPTRAP - ok

20:23:34.0141 4512 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

20:23:34.0173 4512 spldr - ok

20:23:34.0235 4512 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

20:23:34.0282 4512 Spooler - ok

20:23:34.0547 4512 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

20:23:34.0625 4512 sppsvc - ok

20:23:34.0750 4512 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

20:23:34.0797 4512 sppuinotify - ok

20:23:34.0890 4512 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

20:23:34.0953 4512 srv - ok

20:23:34.0999 4512 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

20:23:35.0015 4512 srv2 - ok

20:23:35.0046 4512 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

20:23:35.0062 4512 srvnet - ok

20:23:35.0093 4512 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

20:23:35.0155 4512 SSDPSRV - ok

20:23:35.0171 4512 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

20:23:35.0218 4512 SstpSvc - ok

20:23:35.0233 4512 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

20:23:35.0249 4512 stexstor - ok

20:23:35.0327 4512 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

20:23:35.0374 4512 stisvc - ok

20:23:35.0452 4512 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

20:23:35.0467 4512 stllssvr - ok

20:23:35.0670 4512 Stuffit Archive Name Service (1db60cb3e53e2491d5d6c43c06676ca2) C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe

20:23:35.0717 4512 Stuffit Archive Name Service - ok

20:23:35.0842 4512 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

20:23:35.0857 4512 swenum - ok

20:23:35.0920 4512 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

20:23:35.0982 4512 swprv - ok

20:23:36.0123 4512 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

20:23:36.0185 4512 SysMain - ok

20:23:36.0310 4512 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

20:23:36.0357 4512 TabletInputService - ok

20:23:36.0403 4512 tap0901 (3b73c849b41fb20d77b0e553214061a5) C:\Windows\system32\DRIVERS\tap0901.sys

20:23:36.0466 4512 tap0901 - ok

20:23:36.0513 4512 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

20:23:36.0559 4512 TapiSrv - ok

20:23:36.0591 4512 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

20:23:36.0622 4512 TBS - ok

20:23:36.0793 4512 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

20:23:36.0840 4512 Tcpip - ok

20:23:37.0074 4512 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

20:23:37.0105 4512 TCPIP6 - ok

20:23:37.0183 4512 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

20:23:37.0246 4512 tcpipreg - ok

20:23:37.0293 4512 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

20:23:37.0324 4512 TDPIPE - ok

20:23:37.0355 4512 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

20:23:37.0402 4512 TDTCP - ok

20:23:37.0433 4512 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

20:23:37.0464 4512 tdx - ok

20:23:37.0527 4512 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

20:23:37.0542 4512 TermDD - ok

20:23:37.0620 4512 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

20:23:37.0683 4512 TermService - ok

20:23:37.0714 4512 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

20:23:37.0745 4512 Themes - ok

20:23:37.0792 4512 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

20:23:37.0823 4512 THREADORDER - ok

20:23:37.0854 4512 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

20:23:37.0885 4512 TrkWks - ok

20:23:37.0948 4512 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

20:23:37.0995 4512 TrustedInstaller - ok

20:23:38.0026 4512 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:23:38.0073 4512 tssecsrv - ok

20:23:38.0119 4512 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

20:23:38.0151 4512 TsUsbFlt - ok

20:23:38.0197 4512 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

20:23:38.0244 4512 tunnel - ok

20:23:38.0275 4512 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

20:23:38.0291 4512 uagp35 - ok

20:23:38.0322 4512 ubohci (0ae9dd39a559359897541e2d4b8ec491) C:\Windows\system32\DRIVERS\ubohci.sys

20:23:38.0322 4512 Suspicious file (Forged): C:\Windows\system32\DRIVERS\ubohci.sys. Real md5: 0ae9dd39a559359897541e2d4b8ec491, Fake md5: 1e2e55e1b3bf2160d617e854a7b4950b

20:23:38.0322 4512 ubohci ( ForgedFile.Multi.Generic ) - warning

20:23:38.0322 4512 ubohci - detected ForgedFile.Multi.Generic (1)

20:23:38.0353 4512 ubsbm (a7e0b68f49650372910083e5697b7e99) C:\Windows\system32\DRIVERS\ubsbm.sys

20:23:38.0353 4512 Suspicious file (Forged): C:\Windows\system32\DRIVERS\ubsbm.sys. Real md5: a7e0b68f49650372910083e5697b7e99, Fake md5: b30147ca21ab2d10a14dc36a9aa17fd9

20:23:38.0353 4512 ubsbm ( ForgedFile.Multi.Generic ) - warning

20:23:38.0353 4512 ubsbm - detected ForgedFile.Multi.Generic (1)

20:23:38.0385 4512 ubumapi (db4a752a3d03c3b48bb8b23b0c53745d) C:\Windows\system32\DRIVERS\ubumapi.sys

20:23:38.0385 4512 Suspicious file (Forged): C:\Windows\system32\DRIVERS\ubumapi.sys. Real md5: db4a752a3d03c3b48bb8b23b0c53745d, Fake md5: b2a7a65cbd4803bbdb552620e57cd1bd

20:23:38.0385 4512 ubumapi ( ForgedFile.Multi.Generic ) - warning

20:23:38.0385 4512 ubumapi - detected ForgedFile.Multi.Generic (1)

20:23:38.0447 4512 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

20:23:38.0494 4512 udfs - ok

20:23:38.0509 4512 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

20:23:38.0525 4512 UI0Detect - ok

20:23:38.0572 4512 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

20:23:38.0587 4512 uliagpkx - ok

20:23:38.0619 4512 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

20:23:38.0665 4512 umbus - ok

20:23:38.0697 4512 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

20:23:38.0728 4512 UmPass - ok

20:23:38.0775 4512 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

20:23:38.0837 4512 upnphost - ok

20:23:38.0884 4512 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

20:23:38.0931 4512 USBAAPL64 - ok

20:23:38.0946 4512 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

20:23:38.0977 4512 usbccgp - ok

20:23:39.0024 4512 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

20:23:39.0055 4512 usbcir - ok

20:23:39.0071 4512 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

20:23:39.0071 4512 usbehci - ok

20:23:39.0118 4512 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

20:23:39.0149 4512 usbhub - ok

20:23:39.0165 4512 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

20:23:39.0196 4512 usbohci - ok

20:23:39.0227 4512 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

20:23:39.0258 4512 usbprint - ok

20:23:39.0289 4512 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:23:39.0352 4512 USBSTOR - ok

20:23:39.0352 4512 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

20:23:39.0383 4512 usbuhci - ok

20:23:39.0414 4512 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

20:23:39.0477 4512 UxSms - ok

20:23:39.0508 4512 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:23:39.0523 4512 VaultSvc - ok

20:23:39.0539 4512 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

20:23:39.0555 4512 vdrvroot - ok

20:23:39.0633 4512 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

20:23:39.0679 4512 vds - ok

20:23:39.0711 4512 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

20:23:39.0726 4512 vga - ok

20:23:39.0757 4512 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

20:23:39.0804 4512 VgaSave - ok

20:23:39.0851 4512 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

20:23:39.0867 4512 vhdmp - ok

20:23:39.0898 4512 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

20:23:39.0913 4512 viaide - ok

20:23:39.0945 4512 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

20:23:39.0976 4512 volmgr - ok

20:23:40.0023 4512 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

20:23:40.0054 4512 volmgrx - ok

20:23:40.0116 4512 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

20:23:40.0147 4512 volsnap - ok

20:23:40.0210 4512 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

20:23:40.0241 4512 vsmraid - ok

20:23:40.0397 4512 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

20:23:40.0459 4512 VSS - ok

20:23:40.0600 4512 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

20:23:40.0631 4512 vwifibus - ok

20:23:40.0662 4512 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

20:23:40.0693 4512 vwififlt - ok

20:23:40.0725 4512 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

20:23:40.0771 4512 vwifimp - ok

20:23:40.0818 4512 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

20:23:40.0865 4512 W32Time - ok

20:23:40.0881 4512 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

20:23:40.0881 4512 WacomPen - ok

20:23:40.0943 4512 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:23:41.0005 4512 WANARP - ok

20:23:41.0005 4512 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:23:41.0021 4512 Wanarpv6 - ok

20:23:41.0161 4512 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

20:23:41.0193 4512 WatAdminSvc - ok

20:23:41.0333 4512 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

20:23:41.0395 4512 wbengine - ok

20:23:41.0520 4512 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

20:23:41.0536 4512 WbioSrvc - ok

20:23:41.0598 4512 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

20:23:41.0645 4512 wcncsvc - ok

20:23:41.0676 4512 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

20:23:41.0723 4512 WcsPlugInService - ok

20:23:41.0770 4512 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

20:23:41.0785 4512 Wd - ok

20:23:41.0832 4512 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam.sys

20:23:41.0879 4512 WDC_SAM - ok

20:23:41.0926 4512 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

20:23:41.0957 4512 Wdf01000 - ok

20:23:41.0973 4512 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

20:23:42.0300 4512 WdiServiceHost - ok

20:23:42.0300 4512 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

20:23:42.0331 4512 WdiSystemHost - ok

20:23:42.0643 4512 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

20:23:42.0675 4512 WebClient - ok

20:23:42.0706 4512 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

SoulAmiss · June 29, 2012

20:23:42.0753 4512 Wecsvc - ok

20:23:42.0784 4512 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

20:23:42.0831 4512 wercplsupport - ok

20:23:42.0862 4512 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

20:23:42.0893 4512 WerSvc - ok

20:23:42.0940 4512 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

20:23:42.0987 4512 WfpLwf - ok

20:23:43.0033 4512 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

20:23:43.0049 4512 WimFltr - ok

20:23:43.0065 4512 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

20:23:43.0080 4512 WIMMount - ok

20:23:43.0080 4512 WinHttpAutoProxySvc - ok

20:23:43.0143 4512 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

20:23:43.0221 4512 Winmgmt - ok

20:23:43.0377 4512 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

20:23:43.0455 4512 WinRM - ok

20:23:43.0626 4512 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

20:23:43.0673 4512 Wlansvc - ok

20:23:43.0923 4512 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

20:23:43.0954 4512 wlidsvc - ok

20:23:44.0094 4512 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

20:23:44.0125 4512 WmiAcpi - ok

20:23:44.0188 4512 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

20:23:44.0235 4512 wmiApSrv - ok

20:23:44.0281 4512 WMPNetworkSvc - ok

20:23:44.0328 4512 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

20:23:44.0344 4512 WPCSvc - ok

20:23:44.0391 4512 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

20:23:44.0422 4512 WPDBusEnum - ok

20:23:44.0453 4512 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

20:23:44.0484 4512 ws2ifsl - ok

20:23:44.0484 4512 WSearch - ok

20:23:44.0687 4512 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

20:23:44.0734 4512 wuauserv - ok

20:23:44.0874 4512 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

20:23:44.0937 4512 WudfPf - ok

20:23:44.0983 4512 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:23:45.0046 4512 WUDFRd - ok

20:23:45.0093 4512 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

20:23:45.0108 4512 wudfsvc - ok

20:23:45.0155 4512 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

20:23:45.0186 4512 WwanSvc - ok

20:23:45.0217 4512 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0

20:23:45.0529 4512 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

20:23:45.0529 4512 \Device\Harddisk0\DR0 - detected TDSS File System (1)

20:23:45.0529 4512 Boot (0x1200) (cd38b1383ea78deb6866c65cbde2f1b9) \Device\Harddisk0\DR0\Partition0

20:23:45.0529 4512 \Device\Harddisk0\DR0\Partition0 - ok

20:23:45.0561 4512 Boot (0x1200) (0f3f6a544d31d87c2419ebbb2422dfd1) \Device\Harddisk0\DR0\Partition1

20:23:45.0561 4512 \Device\Harddisk0\DR0\Partition1 - ok

20:23:45.0561 4512 ============================================================

20:23:45.0561 4512 Scan finished

20:23:45.0561 4512 ============================================================

20:23:45.0576 4504 Detected object count: 7

20:23:45.0576 4504 Actual detected object count: 7

20:24:04.0515 4504 Akamai ( HiddenFile.Multi.Generic ) - skipped by user

20:24:04.0515 4504 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

20:24:04.0515 4504 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user

20:24:04.0515 4504 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:24:04.0515 4504 OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user

20:24:04.0515 4504 OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:24:04.0515 4504 ubohci ( ForgedFile.Multi.Generic ) - skipped by user

20:24:04.0515 4504 ubohci ( ForgedFile.Multi.Generic ) - User select action: Skip

20:24:04.0515 4504 ubsbm ( ForgedFile.Multi.Generic ) - skipped by user

20:24:04.0515 4504 ubsbm ( ForgedFile.Multi.Generic ) - User select action: Skip

20:24:04.0515 4504 ubumapi ( ForgedFile.Multi.Generic ) - skipped by user

20:24:04.0515 4504 ubumapi ( ForgedFile.Multi.Generic ) - User select action: Skip

20:24:04.0577 4504 \Device\Harddisk0\DR0\TDLFS - deleted

20:24:04.0577 4504 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

20:24:19.0974 0860 ============================================================

20:24:19.0974 0860 Scan started

20:24:19.0974 0860 Mode: Manual; SigCheck; TDLFS;

20:24:19.0974 0860 ============================================================

20:24:20.0333 0860 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

20:24:20.0364 0860 1394ohci - ok

20:24:20.0395 0860 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys

20:24:20.0411 0860 61883 - ok

20:24:20.0442 0860 65897487 (a76e27c387a1309564349992ea5462c0) C:\Windows\system32\drivers\16495956.sys

20:24:20.0473 0860 65897487 - ok

20:24:20.0520 0860 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

20:24:20.0551 0860 ACPI - ok

20:24:20.0583 0860 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

20:24:20.0598 0860 AcpiPmi - ok

20:24:20.0629 0860 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys

20:24:20.0645 0860 adfs - ok

20:24:20.0785 0860 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

20:24:20.0817 0860 AdobeFlashPlayerUpdateSvc - ok

20:24:20.0863 0860 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

20:24:20.0895 0860 adp94xx - ok

20:24:20.0941 0860 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

20:24:20.0957 0860 adpahci - ok

20:24:20.0988 0860 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

20:24:21.0004 0860 adpu320 - ok

20:24:21.0035 0860 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

20:24:21.0066 0860 AeLookupSvc - ok

20:24:21.0129 0860 AERTFilters (3ac22a3dfa8a050e35f0e3cd99d0cdf2) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

20:24:21.0144 0860 AERTFilters - ok

20:24:21.0222 0860 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

20:24:21.0238 0860 AFD - ok

20:24:21.0285 0860 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

20:24:21.0300 0860 agp440 - ok

20:24:21.0612 0860 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll

20:24:21.0612 0860 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af

20:24:21.0612 0860 Akamai ( HiddenFile.Multi.Generic ) - warning

20:24:21.0612 0860 Akamai - detected HiddenFile.Multi.Generic (1)

20:24:21.0737 0860 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

20:24:21.0753 0860 ALG - ok

20:24:21.0799 0860 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

20:24:21.0815 0860 aliide - ok

20:24:21.0831 0860 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

20:24:21.0846 0860 amdide - ok

20:24:21.0877 0860 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

20:24:21.0877 0860 AmdK8 - ok

20:24:21.0909 0860 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

20:24:21.0909 0860 AmdPPM - ok

20:24:21.0955 0860 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

20:24:21.0971 0860 amdsata - ok

20:24:22.0002 0860 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

20:24:22.0033 0860 amdsbs - ok

20:24:22.0065 0860 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

20:24:22.0080 0860 amdxata - ok

20:24:22.0111 0860 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

20:24:22.0158 0860 AppID - ok

20:24:22.0189 0860 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

20:24:22.0221 0860 AppIDSvc - ok

20:24:22.0267 0860 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

20:24:22.0283 0860 Appinfo - ok

20:24:22.0392 0860 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

20:24:22.0408 0860 Apple Mobile Device - ok

20:24:22.0439 0860 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

20:24:22.0455 0860 arc - ok

20:24:22.0486 0860 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

20:24:22.0501 0860 arcsas - ok

20:24:22.0517 0860 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

20:24:22.0548 0860 AsyncMac - ok

20:24:22.0579 0860 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

20:24:22.0579 0860 atapi - ok

20:24:22.0720 0860 athr (195786ed7a26e1913a4f9799fdbc2c71) C:\Windows\system32\DRIVERS\athrx.sys

20:24:22.0751 0860 athr - ok

20:24:22.0907 0860 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

20:24:22.0938 0860 AudioEndpointBuilder - ok

20:24:22.0954 0860 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

20:24:22.0985 0860 AudioSrv - ok

20:24:23.0032 0860 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys

20:24:23.0063 0860 Avc - ok

20:24:23.0094 0860 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

20:24:23.0110 0860 AxInstSV - ok

20:24:23.0172 0860 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

20:24:23.0203 0860 b06bdrv - ok

20:24:23.0250 0860 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

20:24:23.0281 0860 b57nd60a - ok

20:24:23.0313 0860 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

20:24:23.0328 0860 BDESVC - ok

20:24:23.0359 0860 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

20:24:23.0391 0860 Beep - ok

20:24:23.0469 0860 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

20:24:23.0515 0860 BITS - ok

20:24:23.0531 0860 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

20:24:23.0547 0860 blbdrive - ok

20:24:23.0625 0860 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

20:24:23.0640 0860 Bonjour Service - ok

20:24:23.0671 0860 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

20:24:23.0703 0860 bowser - ok

20:24:23.0703 0860 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

20:24:23.0718 0860 BrFiltLo - ok

20:24:23.0734 0860 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

20:24:23.0749 0860 BrFiltUp - ok

20:24:23.0765 0860 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

20:24:23.0796 0860 Browser - ok

20:24:23.0827 0860 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

20:24:23.0843 0860 Brserid - ok

20:24:23.0859 0860 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

20:24:23.0874 0860 BrSerWdm - ok

20:24:23.0890 0860 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

20:24:23.0905 0860 BrUsbMdm - ok

20:24:23.0921 0860 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

20:24:23.0952 0860 BrUsbSer - ok

20:24:23.0968 0860 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

20:24:23.0983 0860 BTHMODEM - ok

20:24:24.0015 0860 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

20:24:24.0046 0860 bthserv - ok

20:24:24.0077 0860 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

20:24:24.0108 0860 cdfs - ok

20:24:24.0155 0860 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

20:24:24.0171 0860 cdrom - ok

20:24:24.0202 0860 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

20:24:24.0233 0860 CertPropSvc - ok

20:24:24.0264 0860 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys

20:24:24.0280 0860 cfwids - ok

20:24:24.0295 0860 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

20:24:24.0311 0860 circlass - ok

20:24:24.0342 0860 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

20:24:24.0373 0860 CLFS - ok

20:24:24.0436 0860 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:24:24.0451 0860 clr_optimization_v2.0.50727_32 - ok

20:24:24.0498 0860 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

20:24:24.0514 0860 clr_optimization_v2.0.50727_64 - ok

20:24:24.0592 0860 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:24:24.0607 0860 clr_optimization_v4.0.30319_32 - ok

20:24:24.0639 0860 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

20:24:24.0654 0860 clr_optimization_v4.0.30319_64 - ok

20:24:24.0670 0860 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

20:24:24.0685 0860 CmBatt - ok

20:24:24.0717 0860 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

20:24:24.0732 0860 cmdide - ok

20:24:24.0795 0860 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

20:24:24.0810 0860 CNG - ok

20:24:24.0826 0860 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

20:24:24.0841 0860 Compbatt - ok

20:24:24.0873 0860 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

20:24:24.0888 0860 CompositeBus - ok

20:24:24.0888 0860 COMSysApp - ok

20:24:24.0904 0860 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

20:24:24.0919 0860 crcdisk - ok

20:24:24.0966 0860 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

20:24:24.0982 0860 CryptSvc - ok

20:24:25.0044 0860 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

20:24:25.0107 0860 DcomLaunch - ok

20:24:25.0153 0860 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

20:24:25.0200 0860 defragsvc - ok

20:24:25.0231 0860 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

20:24:25.0278 0860 DfsC - ok

20:24:25.0309 0860 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

20:24:25.0356 0860 Dhcp - ok

20:24:25.0372 0860 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

20:24:25.0403 0860 discache - ok

20:24:25.0403 0860 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

20:24:25.0419 0860 Disk - ok

20:24:25.0465 0860 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

20:24:25.0481 0860 Dnscache - ok

20:24:25.0559 0860 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe

20:24:25.0559 0860 DockLoginService ( UnsignedFile.Multi.Generic ) - warning

20:24:25.0559 0860 DockLoginService - detected UnsignedFile.Multi.Generic (1)

20:24:25.0606 0860 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

20:24:25.0637 0860 dot3svc - ok

20:24:25.0684 0860 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

20:24:25.0731 0860 DPS - ok

20:24:25.0746 0860 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

20:24:25.0762 0860 drmkaud - ok

20:24:25.0855 0860 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

20:24:25.0887 0860 DXGKrnl - ok

20:24:25.0918 0860 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

20:24:25.0949 0860 EapHost - ok

20:24:26.0308 0860 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

20:24:26.0355 0860 ebdrv - ok

20:24:26.0464 0860 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

20:24:26.0479 0860 EFS - ok

20:24:26.0589 0860 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

20:24:26.0604 0860 ehRecvr - ok

20:24:26.0635 0860 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

20:24:26.0651 0860 ehSched - ok

20:24:26.0745 0860 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

20:24:26.0776 0860 elxstor - ok

20:24:26.0807 0860 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

20:24:26.0823 0860 ErrDev - ok

20:24:26.0885 0860 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

20:24:26.0932 0860 EventSystem - ok

20:24:26.0963 0860 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

20:24:26.0994 0860 exfat - ok

20:24:27.0025 0860 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

20:24:27.0057 0860 fastfat - ok

20:24:27.0150 0860 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

20:24:27.0166 0860 Fax - ok

20:24:27.0181 0860 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

20:24:27.0181 0860 fdc - ok

20:24:27.0197 0860 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

20:24:27.0228 0860 fdPHost - ok

20:24:27.0244 0860 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

20:24:27.0259 0860 FDResPub - ok

20:24:27.0275 0860 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

20:24:27.0291 0860 FileInfo - ok

20:24:27.0306 0860 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

20:24:27.0322 0860 Filetrace - ok

20:24:27.0337 0860 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

20:24:27.0337 0860 flpydisk - ok

20:24:27.0384 0860 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

20:24:27.0400 0860 FltMgr - ok

20:24:27.0509 0860 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

20:24:27.0540 0860 FontCache - ok

20:24:27.0618 0860 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

20:24:27.0634 0860 FontCache3.0.0.0 - ok

20:24:27.0681 0860 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

20:24:27.0696 0860 FsDepends - ok

20:24:27.0712 0860 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

20:24:27.0727 0860 Fs_Rec - ok

20:24:27.0759 0860 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

20:24:27.0790 0860 fvevol - ok

20:24:27.0805 0860 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

20:24:27.0821 0860 gagp30kx - ok

20:24:27.0883 0860 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe

20:24:27.0899 0860 GoToAssist - ok

20:24:27.0977 0860 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

20:24:28.0024 0860 gpsvc - ok

20:24:28.0024 0860 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

20:24:28.0039 0860 hcw85cir - ok

20:24:28.0086 0860 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

20:24:28.0086 0860 HDAudBus - ok

20:24:28.0102 0860 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

20:24:28.0117 0860 HidBatt - ok

20:24:28.0133 0860 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

20:24:28.0149 0860 HidBth - ok

20:24:28.0149 0860 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

20:24:28.0164 0860 HidIr - ok

20:24:28.0180 0860 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

20:24:28.0211 0860 hidserv - ok

20:24:28.0227 0860 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

20:24:28.0242 0860 HidUsb - ok

20:24:28.0273 0860 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

20:24:28.0289 0860 hkmsvc - ok

20:24:28.0336 0860 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

20:24:28.0351 0860 HomeGroupListener - ok

20:24:28.0398 0860 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

20:24:28.0414 0860 HomeGroupProvider - ok

20:24:28.0445 0860 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

20:24:28.0461 0860 HpSAMD - ok

20:24:28.0539 0860 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

20:24:28.0585 0860 HTTP - ok

20:24:28.0617 0860 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

20:24:28.0632 0860 hwpolicy - ok

20:24:28.0663 0860 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

20:24:28.0679 0860 i8042prt - ok

20:24:28.0773 0860 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

20:24:28.0804 0860 IAANTMON - ok

20:24:28.0851 0860 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys

20:24:28.0882 0860 iaStor - ok

20:24:28.0929 0860 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

20:24:28.0944 0860 iaStorV - ok

20:24:29.0085 0860 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

20:24:29.0116 0860 idsvc - ok

20:24:29.0131 0860 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

20:24:29.0147 0860 iirsp - ok

20:24:29.0241 0860 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

20:24:29.0287 0860 IKEEXT - ok

20:24:29.0443 0860 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys

20:24:29.0475 0860 IntcAzAudAddService - ok

20:24:29.0615 0860 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

20:24:29.0631 0860 intelide - ok

20:24:29.0662 0860 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

20:24:29.0677 0860 intelppm - ok

20:24:29.0709 0860 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

20:24:29.0755 0860 IPBusEnum - ok

20:24:29.0787 0860 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:24:29.0818 0860 IpFilterDriver - ok

20:24:29.0865 0860 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

20:24:29.0865 0860 IPMIDRV - ok

20:24:29.0896 0860 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

20:24:29.0943 0860 IPNAT - ok

20:24:30.0052 0860 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe

20:24:30.0083 0860 iPod Service - ok

20:24:30.0099 0860 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

20:24:30.0114 0860 IRENUM - ok

20:24:30.0130 0860 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

20:24:30.0130 0860 isapnp - ok

20:24:30.0161 0860 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

20:24:30.0192 0860 iScsiPrt - ok

20:24:30.0223 0860 JRAID (71235f7baa7e5e79d38157df7a0f806a) C:\Windows\system32\DRIVERS\jraid.sys

20:24:30.0239 0860 JRAID - ok

20:24:30.0255 0860 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

20:24:30.0270 0860 kbdclass - ok

20:24:30.0270 0860 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

20:24:30.0286 0860 kbdhid - ok

20:24:30.0317 0860 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:24:30.0333 0860 KeyIso - ok

20:24:30.0379 0860 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

20:24:30.0395 0860 KSecDD - ok

20:24:30.0442 0860 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

20:24:30.0457 0860 KSecPkg - ok

20:24:30.0473 0860 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

20:24:30.0504 0860 ksthunk - ok

20:24:30.0551 0860 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

20:24:30.0598 0860 KtmRm - ok

20:24:30.0645 0860 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

20:24:30.0691 0860 LanmanServer - ok

20:24:30.0723 0860 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

20:24:30.0769 0860 LanmanWorkstation - ok

20:24:30.0785 0860 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

20:24:30.0801 0860 lltdio - ok

20:24:30.0863 0860 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

20:24:30.0894 0860 lltdsvc - ok

20:24:30.0910 0860 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

20:24:30.0941 0860 lmhosts - ok

20:24:30.0972 0860 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

20:24:30.0972 0860 LSI_FC - ok

20:24:30.0988 0860 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

20:24:31.0003 0860 LSI_SAS - ok

20:24:31.0019 0860 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

20:24:31.0019 0860 LSI_SAS2 - ok

20:24:31.0035 0860 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

20:24:31.0050 0860 LSI_SCSI - ok

20:24:31.0066 0860 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

20:24:31.0097 0860 luafv - ok

20:24:31.0128 0860 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

20:24:31.0144 0860 MBAMProtector - ok

20:24:31.0253 0860 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

20:24:31.0284 0860 MBAMService - ok

20:24:31.0393 0860 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

20:24:31.0425 0860 McMPFSvc - ok

20:24:31.0425 0860 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

20:24:31.0440 0860 mcmscsvc - ok

20:24:31.0440 0860 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

20:24:31.0456 0860 McNaiAnn - ok

20:24:31.0456 0860 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

20:24:31.0471 0860 McNASvc - ok

20:24:31.0565 0860 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\McAfee\VirusScan\mcods.exe

20:24:31.0581 0860 McODS - ok

20:24:31.0581 0860 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

20:24:31.0612 0860 McProxy - ok

20:24:31.0674 0860 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

20:24:31.0705 0860 McShield - ok

20:24:31.0846 0860 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

20:24:31.0861 0860 Mcx2Svc - ok

20:24:31.0908 0860 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

20:24:31.0924 0860 megasas - ok

20:24:31.0955 0860 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

20:24:31.0955 0860 MegaSR - ok

20:24:32.0002 0860 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys

20:24:32.0017 0860 mfeapfk - ok

20:24:32.0049 0860 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys

20:24:32.0064 0860 mfeavfk - ok

20:24:32.0064 0860 mfeavfk01 - ok

20:24:32.0111 0860 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

20:24:32.0142 0860 mfefire - ok

20:24:32.0189 0860 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys

20:24:32.0220 0860 mfefirek - ok

20:24:32.0283 0860 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys

20:24:32.0314 0860 mfehidk - ok

20:24:32.0329 0860 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys

20:24:32.0345 0860 mfenlfk - ok

20:24:32.0361 0860 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys

20:24:32.0376 0860 mferkdet - ok

20:24:32.0423 0860 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe

20:24:32.0439 0860 mfevtp - ok

20:24:32.0470 0860 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys

20:24:32.0485 0860 mfewfpk - ok

20:24:32.0517 0860 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

20:24:32.0548 0860 MMCSS - ok

20:24:32.0579 0860 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

20:24:32.0595 0860 Modem - ok

20:24:32.0626 0860 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

20:24:32.0626 0860 monitor - ok

20:24:32.0673 0860 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

20:24:32.0688 0860 mouclass - ok

20:24:32.0688 0860 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

20:24:32.0719 0860 mouhid - ok

20:24:32.0751 0860 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

20:24:32.0766 0860 mountmgr - ok

20:24:32.0844 0860 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

20:24:32.0860 0860 MozillaMaintenance - ok

20:24:32.0907 0860 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

20:24:32.0922 0860 mpio - ok

20:24:32.0938 0860 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

20:24:32.0969 0860 mpsdrv - ok

20:24:33.0016 0860 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

20:24:33.0031 0860 MRxDAV - ok

20:24:33.0063 0860 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:24:33.0078 0860 mrxsmb - ok

20:24:33.0125 0860 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:24:33.0156 0860 mrxsmb10 - ok

20:24:33.0172 0860 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:24:33.0187 0860 mrxsmb20 - ok

20:24:33.0219 0860 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

20:24:33.0234 0860 msahci - ok

20:24:33.0250 0860 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

20:24:33.0265 0860 msdsm - ok

20:24:33.0328 0860 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

20:24:33.0343 0860 MSDTC - ok

20:24:33.0375 0860 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys

20:24:33.0406 0860 MSDV - ok

20:24:33.0421 0860 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

20:24:33.0453 0860 Msfs - ok

20:24:33.0453 0860 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

20:24:33.0484 0860 mshidkmdf - ok

20:24:33.0531 0860 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

20:24:33.0546 0860 msisadrv - ok

20:24:33.0577 0860 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

20:24:33.0624 0860 MSiSCSI - ok

20:24:33.0624 0860 msiserver - ok

20:24:33.0765 0860 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

20:24:33.0780 0860 MSK80Service - ok

20:24:33.0796 0860 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

20:24:33.0827 0860 MSKSSRV - ok

20:24:33.0827 0860 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

20:24:33.0858 0860 MSPCLOCK - ok

20:24:33.0858 0860 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

20:24:33.0874 0860 MSPQM - ok

20:24:33.0936 0860 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

20:24:33.0967 0860 MsRPC - ok

20:24:33.0999 0860 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

20:24:34.0014 0860 mssmbios - ok

20:24:34.0014 0860 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

20:24:34.0061 0860 MSTEE - ok

20:24:34.0061 0860 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

20:24:34.0061 0860 MTConfig - ok

20:24:34.0092 0860 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

20:24:34.0092 0860 Mup - ok

20:24:34.0155 0860 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

20:24:34.0201 0860 napagent - ok

20:24:34.0248 0860 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

20:24:34.0264 0860 NativeWifiP - ok

20:24:34.0373 0860 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

20:24:34.0404 0860 NDIS - ok

20:24:34.0420 0860 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

20:24:34.0467 0860 NdisCap - ok

20:24:34.0467 0860 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

20:24:34.0498 0860 NdisTapi - ok

20:24:34.0545 0860 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

20:24:34.0591 0860 Ndisuio - ok

20:24:34.0638 0860 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

20:24:34.0669 0860 NdisWan - ok

20:24:34.0701 0860 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

20:24:34.0732 0860 NDProxy - ok

20:24:34.0747 0860 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

20:24:34.0763 0860 NetBIOS - ok

20:24:34.0825 0860 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

20:24:34.0857 0860 NetBT - ok

20:24:34.0888 0860 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:24:34.0903 0860 Netlogon - ok

20:24:34.0950 0860 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

20:24:34.0997 0860 Netman - ok

20:24:35.0028 0860 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

20:24:35.0091 0860 netprofm - ok

20:24:35.0169 0860 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

20:24:35.0169 0860 NetTcpPortSharing - ok

20:24:35.0200 0860 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

20:24:35.0215 0860 nfrd960 - ok

20:24:35.0262 0860 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

20:24:35.0309 0860 NlaSvc - ok

20:24:35.0325 0860 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

20:24:35.0356 0860 Npfs - ok

20:24:35.0371 0860 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

20:24:35.0403 0860 nsi - ok

20:24:35.0403 0860 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

20:24:35.0434 0860 nsiproxy - ok

20:24:35.0590 0860 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

20:24:35.0621 0860 Ntfs - ok

20:24:35.0746 0860 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

20:24:35.0777 0860 Null - ok

20:24:36.0573 0860 nvlddmkm (feffc8474be060ea7349a172b9810415) C:\Windows\system32\DRIVERS\nvlddmkm.sys

20:24:36.0697 0860 nvlddmkm - ok

20:24:36.0838 0860 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

20:24:36.0869 0860 nvraid - ok

20:24:36.0885 0860 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

20:24:36.0900 0860 nvstor - ok

20:24:36.0963 0860 nvsvc (18aa5ff4ee3fe45a64b98589c62b7fc0) C:\Windows\system32\nvvsvc.exe

20:24:36.0978 0860 nvsvc - ok

20:24:37.0009 0860 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

20:24:37.0041 0860 nv_agp - ok

20:24:37.0072 0860 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

20:24:37.0087 0860 ohci1394 - ok

20:24:37.0197 0860 OpenVPNService (d8a0164a79d4bfd6083945c5431e41e7) C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe

20:24:37.0197 0860 OpenVPNService ( UnsignedFile.Multi.Generic ) - warning

20:24:37.0197 0860 OpenVPNService - detected UnsignedFile.Multi.Generic (1)

20:24:37.0197 0860 p2csvc - ok

20:24:37.0259 0860 p2csvc32 - ok

20:24:37.0306 0860 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

20:24:37.0321 0860 p2pimsvc - ok

20:24:37.0368 0860 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

20:24:37.0399 0860 p2psvc - ok

20:24:37.0446 0860 p2usb (5035825b9217a087ea70497066385fe7) C:\Windows\system32\DRIVERS\p2usb.sys

20:24:37.0462 0860 p2usb - ok

20:24:37.0493 0860 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

20:24:37.0524 0860 Parport - ok

20:24:37.0555 0860 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

20:24:37.0571 0860 partmgr - ok

20:24:37.0602 0860 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

20:24:37.0618 0860 PcaSvc - ok

20:24:37.0665 0860 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

20:24:37.0680 0860 pci - ok

20:24:37.0711 0860 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

20:24:37.0727 0860 pciide - ok

20:24:37.0743 0860 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

20:24:37.0774 0860 pcmcia - ok

20:24:37.0789 0860 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

20:24:37.0789 0860 pcw - ok

20:24:37.0852 0860 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

20:24:37.0899 0860 PEAUTH - ok

20:24:37.0977 0860 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

20:24:37.0992 0860 PerfHost - ok

20:24:38.0133 0860 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

20:24:38.0179 0860 pla - ok

20:24:38.0242 0860 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

20:24:38.0257 0860 PlugPlay - ok

20:24:38.0289 0860 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

20:24:38.0304 0860 PNRPAutoReg - ok

20:24:38.0335 0860 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

20:24:38.0367 0860 PNRPsvc - ok

20:24:38.0429 0860 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

20:24:38.0460 0860 PolicyAgent - ok

20:24:38.0491 0860 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

20:24:38.0538 0860 Power - ok

20:24:38.0601 0860 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

20:24:38.0632 0860 PptpMiniport - ok

20:24:38.0663 0860 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

20:24:38.0679 0860 Processor - ok

20:24:38.0725 0860 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

20:24:38.0741 0860 ProfSvc - ok

20:24:38.0772 0860 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:24:38.0788 0860 ProtectedStorage - ok

20:24:38.0819 0860 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

20:24:38.0866 0860 Psched - ok

20:24:38.0881 0860 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

20:24:38.0913 0860 PxHlpa64 - ok

20:24:39.0022 0860 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

20:24:39.0053 0860 ql2300 - ok

20:24:39.0178 0860 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

20:24:39.0193 0860 ql40xx - ok

20:24:39.0240 0860 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

20:24:39.0271 0860 QWAVE - ok

20:24:39.0271 0860 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

20:24:39.0287 0860 QWAVEdrv - ok

20:24:39.0287 0860 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

20:24:39.0318 0860 RasAcd - ok

20:24:39.0349 0860 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

20:24:39.0365 0860 RasAgileVpn - ok

20:24:39.0396 0860 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

20:24:39.0412 0860 RasAuto - ok

20:24:39.0459 0860 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:24:39.0490 0860 Rasl2tp - ok

20:24:39.0521 0860 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

20:24:39.0552 0860 RasMan - ok

20:24:39.0568 0860 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

20:24:39.0599 0860 RasPppoe - ok

20:24:39.0615 0860 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

20:24:39.0646 0860 RasSstp - ok

20:24:39.0693 0860 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

20:24:39.0739 0860 rdbss - ok

20:24:39.0739 0860 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

20:24:39.0755 0860 rdpbus - ok

20:24:39.0771 0860 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:24:39.0802 0860 RDPCDD - ok

20:24:39.0802 0860 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

20:24:39.0833 0860 RDPENCDD - ok

20:24:39.0849 0860 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

20:24:39.0864 0860 RDPREFMP - ok

20:24:39.0911 0860 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

20:24:39.0927 0860 RDPWD - ok

20:24:39.0958 0860 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

20:24:39.0989 0860 rdyboost - ok

20:24:40.0020 0860 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

20:24:40.0051 0860 RemoteAccess - ok

20:24:40.0083 0860 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

20:24:40.0129 0860 RemoteRegistry - ok

20:24:40.0317 0860 RoxMediaDB10 (05fc44d32a144925eae45570029fd6e1) c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

20:24:40.0348 0860 RoxMediaDB10 - ok

20:24:40.0363 0860 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

20:24:40.0395 0860 RpcEptMapper - ok

20:24:40.0410 0860 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

20:24:40.0426 0860 RpcLocator - ok

20:24:40.0488 0860 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

20:24:40.0519 0860 RpcSs - ok

20:24:40.0566 0860 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

20:24:40.0613 0860 rspndr - ok

20:24:40.0644 0860 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys

20:24:40.0660 0860 RSUSBSTOR - ok

20:24:40.0707 0860 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys

20:24:40.0722 0860 RTL8167 - ok

20:24:40.0722 0860 RxFilter - ok

20:24:40.0769 0860 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:24:40.0785 0860 SamSs - ok

20:24:40.0816 0860 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

20:24:40.0831 0860 sbp2port - ok

20:24:40.0863 0860 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

20:24:40.0894 0860 SCardSvr - ok

20:24:40.0925 0860 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

20:24:40.0941 0860 scfilter - ok

20:24:41.0065 0860 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

20:24:41.0112 0860 Schedule - ok

20:24:41.0128 0860 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

20:24:41.0159 0860 SCPolicySvc - ok

20:24:41.0206 0860 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

20:24:41.0237 0860 SDRSVC - ok

20:24:41.0331 0860 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

20:24:41.0362 0860 SeaPort - ok

20:24:41.0393 0860 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

20:24:41.0424 0860 secdrv - ok

20:24:41.0487 0860 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

20:24:41.0533 0860 seclogon - ok

20:24:41.0596 0860 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

20:24:41.0643 0860 SENS - ok

20:24:41.0674 0860 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

20:24:41.0689 0860 SensrSvc - ok

20:24:41.0861 0860 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

20:24:41.0877 0860 Serenum - ok

20:24:41.0908 0860 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

20:24:41.0923 0860 Serial - ok

20:24:41.0986 0860 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

20:24:42.0001 0860 sermouse - ok

20:24:42.0157 0860 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

20:24:42.0204 0860 SessionEnv - ok

20:24:42.0235 0860 SessionLauncher - ok

20:24:42.0298 0860 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

20:24:42.0313 0860 sffdisk - ok

20:24:42.0329 0860 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

20:24:42.0345 0860 sffp_mmc - ok

20:24:42.0360 0860 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

20:24:42.0376 0860 sffp_sd - ok

20:24:42.0423 0860 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

20:24:42.0438 0860 sfloppy - ok

20:24:42.0532 0860 SftService (7f475425582163602ef1589c0071e521) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

20:24:42.0532 0860 SftService - ok

20:24:42.0594 0860 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

20:24:42.0625 0860 SharedAccess - ok

20:24:42.0719 0860 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

20:24:42.0750 0860 ShellHWDetection - ok

20:24:42.0891 0860 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

20:24:42.0906 0860 SiSRaid2 - ok

20:24:43.0000 0860 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

20:24:43.0015 0860 SiSRaid4 - ok

20:24:43.0062 0860 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

20:24:43.0109 0860 Smb - ok

20:24:43.0140 0860 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

20:24:43.0156 0860 SNMPTRAP - ok

20:24:43.0203 0860 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

20:24:43.0218 0860 spldr - ok

20:24:43.0452 0860 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

20:24:43.0483 0860 Spooler - ok

20:24:44.0139 0860 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

20:24:44.0201 0860 sppsvc - ok

20:24:44.0388 0860 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

20:24:44.0419 0860 sppuinotify - ok

20:24:44.0529 0860 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

20:24:44.0560 0860 srv - ok

20:24:44.0685 0860 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

20:24:44.0700 0860 srv2 - ok

20:24:44.0763 0860 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

20:24:44.0778 0860 srvnet - ok

20:24:44.0903 0860 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

20:24:44.0950 0860 SSDPSRV - ok

20:24:44.0981 0860 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

20:24:45.0028 0860 SstpSvc - ok

20:24:45.0059 0860 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

20:24:45.0075 0860 stexstor - ok

20:24:45.0246 0860 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

20:24:45.0277 0860 stisvc - ok

20:24:45.0465 0860 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

20:24:45.0480 0860 stllssvr - ok

20:24:45.0901 0860 Stuffit Archive Name Service (1db60cb3e53e2491d5d6c43c06676ca2) C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe

20:24:45.0933 0860 Stuffit Archive Name Service - ok

20:24:46.0057 0860 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

20:24:46.0073 0860 swenum - ok

20:24:46.0120 0860 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

20:24:46.0151 0860 swprv - ok

20:24:46.0307 0860 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

20:24:46.0338 0860 SysMain - ok

20:24:46.0463 0860 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

20:24:46.0479 0860 TabletInputService - ok

20:24:46.0635 0860 tap0901 (3b73c849b41fb20d77b0e553214061a5) C:\Windows\system32\DRIVERS\tap0901.sys

20:24:46.0650 0860 tap0901 - ok

20:24:46.0728 0860 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

20:24:46.0759 0860 TapiSrv - ok

20:24:46.0791 0860 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

20:24:46.0822 0860 TBS - ok

20:24:47.0227 0860 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

20:24:47.0259 0860 Tcpip - ok

20:24:48.0351 0860 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

20:24:48.0382 0860 TCPIP6 - ok

20:24:49.0661 0860 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

20:24:49.0677 0860 tcpipreg - ok

20:24:49.0755 0860 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

20:24:49.0755 0860 TDPIPE - ok

20:24:49.0848 0860 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

20:24:49.0848 0860 TDTCP - ok

20:24:50.0160 0860 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

20:24:50.0176 0860 tdx - ok

20:24:50.0394 0860 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

20:24:50.0394 0860 TermDD - ok

20:24:51.0564 0860 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

20:24:51.0595 0860 TermService - ok

20:24:51.0627 0860 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

20:24:51.0642 0860 Themes - ok

20:24:51.0673 0860 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

20:24:51.0705 0860 THREADORDER - ok

20:24:51.0736 0860 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

20:24:51.0767 0860 TrkWks - ok

20:24:51.0892 0860 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

20:24:51.0923 0860 TrustedInstaller - ok

20:24:51.0954 0860 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:24:51.0985 0860 tssecsrv - ok

20:24:52.0157 0860 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

20:24:52.0173 0860 TsUsbFlt - ok

20:24:52.0266 0860 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

20:24:52.0313 0860 tunnel - ok

20:24:52.0407 0860 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

20:24:52.0422 0860 uagp35 - ok

20:24:52.0547 0860 ubohci (0ae9dd39a559359897541e2d4b8ec491) C:\Windows\system32\DRIVERS\ubohci.sys

20:24:52.0563 0860 Suspicious file (Forged): C:\Windows\system32\DRIVERS\ubohci.sys. Real md5: 0ae9dd39a559359897541e2d4b8ec491, Fake md5: 1e2e55e1b3bf2160d617e854a7b4950b

20:24:52.0563 0860 ubohci ( ForgedFile.Multi.Generic ) - warning

20:24:52.0563 0860 ubohci - detected ForgedFile.Multi.Generic (1)

20:24:52.0594 0860 ubsbm (a7e0b68f49650372910083e5697b7e99) C:\Windows\system32\DRIVERS\ubsbm.sys

20:24:52.0594 0860 Suspicious file (Forged): C:\Windows\system32\DRIVERS\ubsbm.sys. Real md5: a7e0b68f49650372910083e5697b7e99, Fake md5: b30147ca21ab2d10a14dc36a9aa17fd9

20:24:52.0594 0860 ubsbm ( ForgedFile.Multi.Generic ) - warning

20:24:52.0594 0860 ubsbm - detected ForgedFile.Multi.Generic (1)

20:24:52.0687 0860 ubumapi (db4a752a3d03c3b48bb8b23b0c53745d) C:\Windows\system32\DRIVERS\ubumapi.sys

20:24:52.0687 0860 Suspicious file (Forged): C:\Windows\system32\DRIVERS\ubumapi.sys. Real md5: db4a752a3d03c3b48bb8b23b0c53745d, Fake md5: b2a7a65cbd4803bbdb552620e57cd1bd

20:24:52.0687 0860 ubumapi ( ForgedFile.Multi.Generic ) - warning

20:24:52.0687 0860 ubumapi - detected ForgedFile.Multi.Generic (1)

20:24:52.0953 0860 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

20:24:52.0999 0860 udfs - ok

20:24:53.0124 0860 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

20:24:53.0155 0860 UI0Detect - ok

20:24:53.0280 0860 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

20:24:53.0296 0860 uliagpkx - ok

20:24:53.0343 0860 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

20:24:53.0374 0860 umbus - ok

20:24:53.0452 0860 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

20:24:53.0467 0860 UmPass - ok

20:24:53.0873 0860 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

20:24:53.0920 0860 upnphost - ok

20:24:53.0998 0860 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

20:24:54.0013 0860 USBAAPL64 - ok

20:24:54.0247 0860 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

20:24:54.0263 0860 usbccgp - ok

20:24:54.0372 0860 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

20:24:54.0388 0860 usbcir - ok

20:24:54.0435 0860 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

20:24:54.0450 0860 usbehci - ok

20:24:54.0528 0860 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

20:24:54.0544 0860 usbhub - ok

20:24:54.0591 0860 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

20:24:54.0622 0860 usbohci - ok

20:24:54.0715 0860 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

20:24:54.0731 0860 usbprint - ok

20:24:54.0871 0860 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:24:54.0887 0860 USBSTOR - ok

20:24:54.0934 0860 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

20:24:54.0965 0860 usbuhci - ok

20:24:55.0059 0860 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

20:24:55.0105 0860 UxSms - ok

20:24:55.0121 0860 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:24:55.0137 0860 VaultSvc - ok

20:24:55.0199 0860 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

20:24:55.0215 0860 vdrvroot - ok

20:24:55.0324 0860 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

20:24:55.0355 0860 vds - ok

20:24:55.0386 0860 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

20:24:55.0402 0860 vga - ok

20:24:55.0417 0860 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

20:24:55.0449 0860 VgaSave - ok

20:24:55.0495 0860 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

20:24:55.0511 0860 vhdmp - ok

20:24:55.0542 0860 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

20:24:55.0558 0860 viaide - ok

20:24:55.0620 0860 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

20:24:55.0636 0860 volmgr - ok

20:24:55.0683 0860 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

20:24:55.0698 0860 volmgrx - ok

20:24:55.0729 0860 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

20:24:55.0745 0860 volsnap - ok

20:24:55.0776 0860 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

20:24:55.0792 0860 vsmraid - ok

20:24:55.0932 0860 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

20:24:55.0979 0860 VSS - ok

20:24:56.0229 0860 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

20:24:56.0244 0860 vwifibus - ok

20:24:56.0260 0860 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

20:24:56.0275 0860 vwififlt - ok

20:24:56.0291 0860 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

20:24:56.0291 0860 vwifimp - ok

20:24:56.0338 0860 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

20:24:56.0369 0860 W32Time - ok

20:24:56.0385 0860 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

20:24:56.0400 0860 WacomPen - ok

20:24:56.0431 0860 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:24:56.0463 0860 WANARP - ok

20:24:56.0463 0860 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:24:56.0494 0860 Wanarpv6 - ok

20:24:56.0821 0860 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

20:24:56.0837 0860 WatAdminSvc - ok

20:24:56.0962 0860 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

20:24:56.0993 0860 wbengine - ok

20:24:57.0305 0860 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

20:24:57.0321 0860 WbioSrvc - ok

20:24:57.0586 0860 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

20:24:57.0601 0860 wcncsvc - ok

20:24:57.0617 0860 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

20:24:57.0633 0860 WcsPlugInService - ok

20:24:57.0664 0860 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

20:24:57.0679 0860 Wd - ok

20:24:57.0711 0860 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam.sys

20:24:57.0711 0860 WDC_SAM - ok

20:24:58.0225 0860 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

20:24:58.0241 0860 Wdf01000 - ok

20:24:58.0444 0860 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

20:24:58.0459 0860 WdiServiceHost - ok

20:24:58.0459 0860 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

20:24:58.0491 0860 WdiSystemHost - ok

20:24:58.0803 0860 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

20:24:58.0834 0860 WebClient - ok

20:24:58.0943 0860 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

20:24:58.0990 0860 Wecsvc - ok

20:24:59.0115 0860 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

20:24:59.0161 0860 wercplsupport - ok

20:24:59.0255 0860 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

20:24:59.0302 0860 WerSvc - ok

20:24:59.0411 0860 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

20:24:59.0458 0860 WfpLwf - ok

20:24:59.0848 0860 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

20:24:59.0863 0860 WimFltr - ok

20:24:59.0879 0860 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

20:24:59.0895 0860 WIMMount - ok

20:24:59.0895 0860 WinHttpAutoProxySvc - ok

20:25:00.0113 0860 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

20:25:00.0144 0860 Winmgmt - ok

20:25:01.0377 0860 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

20:25:01.0423 0860 WinRM - ok

20:25:03.0030 0860 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

20:25:03.0061 0860 Wlansvc - ok

20:25:04.0996 0860 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

20:25:05.0043 0860 wlidsvc - ok

20:25:05.0745 0860 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

20:25:05.0760 0860 WmiAcpi - ok

20:25:06.0353 0860 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

20:25:06.0384 0860 wmiApSrv - ok

20:25:06.0462 0860 WMPNetworkSvc - ok

20:25:06.0509 0860 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

20:25:06.0540 0860 WPCSvc - ok

20:25:06.0961 0860 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

20:25:06.0993 0860 WPDBusEnum - ok

20:25:07.0024 0860 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

20:25:07.0071 0860 ws2ifsl - ok

20:25:07.0071 0860 WSearch - ok

20:25:10.0144 0860 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

20:25:10.0191 0860 wuauserv - ok

20:25:11.0782 0860 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

20:25:11.0829 0860 WudfPf - ok

20:25:12.0265 0860 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:25:12.0312 0860 WUDFRd - ok

20:25:12.0453 0860 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

20:25:12.0499 0860 wudfsvc - ok

20:25:12.0687 0860 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

20:25:12.0718 0860 WwanSvc - ok

20:25:12.0733 0860 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0

20:25:15.0541 0860 \Device\Harddisk0\DR0 - ok

20:25:15.0588 0860 Boot (0x1200) (cd38b1383ea78deb6866c65cbde2f1b9) \Device\Harddisk0\DR0\Partition0

20:25:15.0604 0860 \Device\Harddisk0\DR0\Partition0 - ok

20:25:15.0635 0860 Boot (0x1200) (0f3f6a544d31d87c2419ebbb2422dfd1) \Device\Harddisk0\DR0\Partition1

20:25:15.0651 0860 \Device\Harddisk0\DR0\Partition1 - ok

20:25:15.0651 0860 ============================================================

20:25:15.0651 0860 Scan finished

20:25:15.0651 0860 ============================================================

20:25:15.0651 0592 Detected object count: 6

20:25:15.0651 0592 Actual detected object count: 6

20:25:21.0844 0592 Akamai ( HiddenFile.Multi.Generic ) - skipped by user

20:25:21.0844 0592 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

20:25:21.0844 0592 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user

20:25:21.0844 0592 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:25:21.0844 0592 OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user

20:25:21.0844 0592 OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:25:21.0844 0592 ubohci ( ForgedFile.Multi.Generic ) - skipped by user

20:25:21.0844 0592 ubohci ( ForgedFile.Multi.Generic ) - User select action: Skip

20:25:21.0844 0592 ubsbm ( ForgedFile.Multi.Generic ) - skipped by user

20:25:21.0844 0592 ubsbm ( ForgedFile.Multi.Generic ) - User select action: Skip

20:25:21.0844 0592 ubumapi ( ForgedFile.Multi.Generic ) - skipped by user

20:25:21.0844 0592 ubumapi ( ForgedFile.Multi.Generic ) - User select action: Skip

20:25:25.0323 4448 Deinitialize success

MrCharlie · June 29, 2012

Was there a "Cure" option for these files: (you skipped them)

20:25:21.0844 0592 ubohci ( ForgedFile.Multi.Generic ) - skipped by user
20:25:21.0844 0592 ubohci ( ForgedFile.Multi.Generic ) - User select action: Skip
20:25:21.0844 0592 ubsbm ( ForgedFile.Multi.Generic ) - skipped by user
20:25:21.0844 0592 ubsbm ( ForgedFile.Multi.Generic ) - User select action: Skip
20:25:21.0844 0592 ubumapi ( ForgedFile.Multi.Generic ) - skipped by user
20:25:21.0844 0592 ubumapi ( ForgedFile.Multi.Generic ) - User select action: Skip

Run TDSSKiller again and see if a "Cure" option is available.

Let me know, MrC

MrCharlie · June 30, 2012

How are we doing??

Do you still need help or can I close this post??

MrC

SoulAmiss · June 30, 2012

There was not an option to "cure" those, only "delete" or "copy to quarantine". Also, about the same time I noticed this virus, I also updated Itunes and my dvd-roms disappeared. Would this be caused by this virus or the Itunes update? I tried reloading the drivers and it told me the drivers were up to date.

MrCharlie · June 30, 2012

There was not an option to "cure" those, only "delete" or "copy to quarantine". Also, about the same time I noticed this virus, I also updated Itunes and my dvd-roms disappeared. Would this be caused by this virus or the Itunes update? I tried reloading the drivers and it told me the drivers were up to date.

That's hard to say....please do this.......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

SoulAmiss · July 1, 2012

I keep getting a "Windows cannot find 'NIRKMD'. Make sure you typed the name correctly, and then try again." message wgen I run ComboFix and then nothing happens after that.

SoulAmiss · July 1, 2012

Kept clicking through that message until I finally got this:

ComboFix 12-07-01.03 - I'm Lee 07/01/2012 15:19:06.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6143 [GMT -5:00]

Running from: c:\users\I'm Lee\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Install.exe

c:\programdata\313055a4m715j113g838v8avg1e3

c:\users\I'm Lee\AppData\Local\jmd.exe

c:\users\I'm Lee\AppData\Local\txg.exe

c:\users\I'm Lee\AppData\Roaming\Mozilla\Firefox\Profiles\vv00rrof.default\searchplugins\bing-zugo.xml

G:\Autorun.inf

G:\Setup.exe

.

((((((((((((((((((((((((( Files Created from 2012-06-01 to 2012-07-01 )))))))))))))))))))))))))))))))

.

2012-07-01 22:29 . 2012-07-01 22:29 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-29 01:14 . 2012-06-29 01:24 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-25 22:49 . 2012-06-25 22:49 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-25 22:49 . 2012-06-25 22:49 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-23 00:04 . 2012-05-25 22:09 29312 ----a-w- c:\program files (x86)\Mozilla Firefox\ScriptFF.dll

2012-06-21 19:37 . 2012-06-21 19:37 -------- d-----w- C:\found.000

2012-06-21 11:50 . 2012-06-21 11:50 -------- d-----w- c:\program files\CCleaner

2012-06-21 11:47 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 11:47 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 11:47 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 11:47 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 11:47 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-21 11:47 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 11:47 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 11:47 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 11:47 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-17 14:10 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-17 14:10 . 2012-06-17 14:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-17 13:52 . 2012-06-25 01:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-17 13:52 . 2012-06-25 01:03 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-16 16:32 . 2012-06-16 16:32 -------- d-----w- c:\programdata\Caphyon

2012-06-16 16:32 . 2012-06-16 16:32 -------- d-----w- c:\program files (x86)\PatchBeam

2012-06-16 16:32 . 2012-06-16 16:32 -------- d-----w- c:\program files (x86)\PowerArchiver

2012-06-15 22:18 . 2012-06-15 22:53 -------- d-----w- C:\AdobeTemp

2012-06-14 01:15 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-11 23:16 . 2012-06-11 23:16 -------- d-----w- c:\windows\en

2012-06-11 23:14 . 2012-06-11 23:14 -------- d-----w- c:\program files\Windows Live

2012-06-11 23:14 . 2012-06-11 23:14 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-06-11 23:11 . 2012-06-11 23:11 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\92a1b4ad1cd482704\DSETUP.dll

2012-06-11 23:11 . 2012-06-11 23:11 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\92a1b4ad1cd482704\DXSETUP.exe

2012-06-11 23:11 . 2012-06-11 23:11 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\92a1b4ad1cd482704\dsetup32.dll

2012-06-11 23:04 . 2009-05-18 18:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-06-11 23:04 . 2008-04-17 17:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-06-11 23:04 . 2008-04-17 17:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2012-06-11 23:03 . 2012-06-11 23:03 -------- d-----w- c:\program files\iPod

2012-06-11 23:03 . 2012-06-11 23:04 -------- d-----w- c:\program files\iTunes

2012-06-10 14:21 . 2012-06-10 14:21 -------- d-----w- c:\users\I'm Lee\AppData\Local\Macromedia

2012-06-10 13:51 . 2012-06-10 13:51 -------- d-----w- c:\users\I'm Lee\AppData\Local\ElevatedDiagnostics

2012-06-06 18:56 . 2012-06-06 19:29 -------- d-----w- c:\users\I'm Lee\Photocensoredet

2012-06-06 18:24 . 2012-06-10 20:43 -------- d-----w- c:\program files (x86)\Photocensoredet

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]

"Akamai NetSession Interface"="c:\users\I'm Lee\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\I'm Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

P2 Card Manager.lnk - c:\program files\Panasonic P2\Drivers\App\P2TaskTray.exe [2007-3-8 14336]

STK03N PNP Monitor.lnk - c:\windows\STK03N\STK03NM.exe [2011-9-9 163840]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\DRIVERS\ubsbm.sys [2010-02-26 24064]

R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\DRIVERS\ubumapi.sys [2010-02-26 92160]

R3 65897487;65897487;c:\windows\system32\drivers\16495956.sys [2011-12-02 111408]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 250056]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-25 113120]

R3 p2usb;Panasonic P2 Series USB Device;c:\windows\system32\DRIVERS\p2usb.sys [2011-05-23 30208]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\DRIVERS\ubohci.sys [2010-02-26 132608]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1255736]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]

S2 p2csvc;p2csvc;c:\windows\system32\p2csvc.exe [2008-07-25 67072]

S2 p2csvc32;p2csvc32;c:\windows\SysWOW64\p2csvc32.exe [2008-07-25 61440]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-09-17 656624]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-04-16 14464]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - SBP2PORT

*NewlyCreated* - WS2IFSL

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-17 01:03]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

TCP: DhcpNameServer = 97.64.168.12 97.64.183.165

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll

FF - ProfilePath - c:\users\I'm Lee\AppData\Roaming\Mozilla\Firefox\Profiles\vv00rrof.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15623

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.photobucket.com

FF - prefs.js: keyword.URL - hxxp://utils.babylon.com/abt/index.php?url=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-565956605-2893480571-1785055309-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-565956605-2893480571-1785055309-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2607047~31bf3856ad364e35~amd64~~6.1.1.1]

@DACL=(02 0000)

"ApplicabilityState"=dword:00000000

"CurrentState"=dword:00000000

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2618444~31bf3856ad364e35~amd64~~9.4.1.0]

@DACL=(02 0000)

"ApplicabilityState"=dword:00000070

"CurrentState"=dword:00000000

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2618451~31bf3856ad364e35~amd64~~6.1.1.0]

@DACL=(02 0000)

"ApplicabilityState"=dword:00000070

"CurrentState"=dword:00000000

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2619339~31bf3856ad364e35~amd64~~6.1.1.0]

@DACL=(02 0000)

"ApplicabilityState"=dword:00000070

"CurrentState"=dword:00000000

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2620712~31bf3856ad364e35~amd64~~6.1.1.0]

@DACL=(02 0000)

"ApplicabilityState"=dword:00000070

"CurrentState"=dword:00000000

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2621146~31bf3856ad364e35~amd64~~6.1.1.0]

@DACL=(02 0000)

"ApplicabilityState"=dword:00000000

"CurrentState"=dword:00000000

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2633952~31bf3856ad364e35~amd64~~6.1.1.0]

@DACL=(02 0000)

"ApplicabilityState"=dword:00000070

"CurrentState"=dword:00000000

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2639417~31bf3856ad364e35~amd64~~6.1.1.3]

@DACL=(02 0000)

"ApplicabilityState"=dword:00000070

"CurrentState"=dword:00000000

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\0a\01\0a\15\1b8N"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

.

**************************************************************************

.

Completion time: 2012-07-01 17:47:36 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-01 22:47

.

Pre-Run: 330,321,436,672 bytes free

Post-Run: 329,828,888,576 bytes free

.

- - End Of File - - 67B3D0140D098F9626190492F439A070

MrCharlie · July 2, 2012

Please upload these two files to VirusTotal for a free scan, let me know the results. (just copy back the url)

C:\Windows\system32\DRIVERS\ubohci.sys

C:\Windows\system32\DRIVERS\ubsbm.sys

http://www.virustotal.com/

You may have to enable hidden files to see them:

http://www.howtogeek...-windows-vista/

-----------------------

also......

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

MrC

SoulAmiss · July 4, 2012

I can see them when I go to the folder manually but when I try to upload them to virustotal, they aren't there. (they are not hidden) No .sys files are.

MrCharlie · July 4, 2012

Please do this......

Download aswMBR to your desktop.

http://public.avast....erek/aswMBR.exe

Double click the aswMBR.exe to run it.

If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".

Click the "Scan" button to start scan.

On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

MrC

MrCharlie · July 6, 2012

How are we doing??

Do you still need help or can I close this post??

MrC

SoulAmiss · July 6, 2012

Sorry. Been busy. Still don't have dvd-roms.

Run date: 2012-07-06 11:41:08

-----------------------------

11:41:08.683 OS Version: Windows x64 6.1.7601 Service Pack 1

11:41:08.684 Number of processors: 8 586 0x1A05

11:41:08.685 ComputerName: SASSAFRASQUATCH UserName: I'm Lee

11:41:10.094 Initialize success

11:45:53.240 AVAST engine defs: 12070600

11:48:32.730 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2

11:48:32.733 Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 3

11:48:32.735 Disk 1 \Device\Harddisk1\DR1 -> \Device\Sbp2\WD&My Book&0&0090a9d7_b813944d_Instance00

11:48:32.737 Disk 1 Vendor: WD______ 1025 Size: 476940MB BusType: 4

11:48:32.752 Disk 0 MBR read successfully

11:48:32.755 Disk 0 MBR scan

11:48:32.759 Disk 0 Windows VISTA default MBR code

11:48:32.761 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63

11:48:32.770 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 9342 MB offset 81920

11:48:32.789 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 601097 MB offset 19214336

11:48:32.814 Disk 0 scanning C:\Windows\system32\drivers

11:48:44.342 Service scanning

11:49:02.469 Modules scanning

11:49:02.808 Disk 0 trace - called modules:

11:49:02.831 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll

11:49:02.837 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ea3060]

11:49:02.841 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8007b61050]

11:49:04.192 AVAST engine scan C:\Windows

11:49:09.898 AVAST engine scan C:\Windows\system32

11:52:15.517 AVAST engine scan C:\Windows\system32\drivers

11:52:26.217 AVAST engine scan C:\Users\I'm Lee

11:58:58.585 Disk 0 MBR has been saved successfully to "C:\Users\I'm Lee\Desktop\MBR.dat"

11:58:58.595 The log file has been saved successfully to "C:\Users\I'm Lee\Desktop\aswMBR.txt"

MrCharlie · July 6, 2012

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

SoulAmiss · July 10, 2012

It's not finding anything and I still don't have dvd-roms.

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.09.14

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

I'm Lee :: SASSAFRASQUATCH [administrator]

Protection: Enabled

7/9/2012 9:13:06 PM

mbam-log-2012-07-09 (21-13-06).txt

Scan type: Full scan

Scan options disabled: P2P

Objects scanned: 919939

Time elapsed: 3 hour(s), 59 minute(s), 54 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

MrCharlie · July 10, 2012

Your DDS log show them disabled in the Device Manager, see if you can go there and enable them:

http://pcsupport.abo...r-windows-7.htm

http://www.techtalkz...indows-7-a.html

==== Disabled Device Manager Items =============
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMHL-DT-ST_DVD-ROM_DH20N__________________A102____\4&D7DB6A6&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: HL-DT-ST DVD-ROM DH20N
PNP Device ID: IDE\CDROMHL-DT-ST_DVD-ROM_DH20N__________________A102____\4&D7DB6A6&0&0.0.0
Service: cdrom
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\5&4051B8C&0&3
Manufacturer: (Standard USB Host Controller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\5&4051B8C&0&3
Service:
.
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMPLDS_DVD+-RW_DH-16AAS___________________JD12____\4&D7DB6A6&0&0.1.0
Manufacturer: (Standard CD-ROM drives)
Name: PLDS DVD+-RW DH-16AAS
PNP Device ID: IDE\CDROMPLDS_DVD+-RW_DH-16AAS___________________JD12____\4&D7DB6A6&0&0.1.0
Service: cdrom
.

Let me know, MrC

SoulAmiss · July 11, 2012

When I go to device manager they both have this neat little yellow sign with an exclamation on them. I have the option to disable them, making it appear my PC thinks they're enabled. I have disabled, re-enabled, updated driver, and removed and scanned for new hardware all to no avail. I did system restore after updating Itunes and it brought them back. Itunes no longer recognized my library anymore since it was made by a newer version of Itunes then, so I redownloaded Itunes and then relost my drives. Then I gave up.

MrCharlie · July 11, 2012

Install and run Microsoft Fix it Center, see if it can resolve the problem:

http://fixitcenter.s...soft.com/Portal

----------------------------

The online Fix It Center is down right now, check it.......maybe it will be up and running by the time you read this:

http://support.microsoft.com/fixit/

Let me know, MrC

SoulAmiss · July 12, 2012

It's not seeing any drives. Just like me.

SVChost.exe Virus and I are still not Friends

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information