studiotozzi
-
Posts
5 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by studiotozzi
-
-
Mr. Charlie:
I downloaded and ran ComboFix. I didn't have to interact with the program beyond executing it. here's the log.
Continued thanks!
Wendy
ComboFix 12-06-21.02 - Wendy T. King 06/21/2012 12:06:29.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8086.5775 [GMT -7:00]
Running from: c:\users\Wendy T. King\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Wendy T. King\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DD3BADED-A0F3-4A7F-972E-CC588271EB54}.xps
c:\users\Wendy T. King\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))
.
.
2012-06-21 19:16 . 2012-06-21 19:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-21 19:16 . 2012-06-21 19:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-21 17:34 . 2012-06-21 17:56 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-21 16:26 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 16:26 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 16:26 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 16:26 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 16:26 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 16:26 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 16:26 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 16:25 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 16:25 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 04:14 . 2012-06-19 04:14 -------- d-----w- c:\users\Wendy T. King\AppData\Roaming\Malwarebytes
2012-06-19 04:14 . 2012-06-19 04:14 -------- d-----w- c:\programdata\Malwarebytes
2012-06-19 04:14 . 2012-06-19 04:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-19 04:14 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-14 22:49 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-05 04:41 . 2012-06-05 04:41 -------- d-----w- C:\zHOUSEHOLD
2012-06-05 01:01 . 2012-06-05 01:06 -------- d-----w- C:\zWORKFIELD
2012-05-30 20:17 . 2012-05-30 20:17 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-30 19:58 . 2012-05-30 19:58 -------- d-----w- c:\program files (x86)\Citrix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-15 05:59 . 2012-04-06 15:21 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-15 05:59 . 2011-08-13 13:25 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 22:49 . 2012-05-04 22:49 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-30 11:35 . 2012-05-10 22:01 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-05 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2011-07-08 75064]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-10-29 75048]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-23 1675160]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-08-21 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Wendy T. King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/08/13 09:15;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-29 236016]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 257224]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-08-13 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-08-13 79360]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-06-16 340240]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-08-13 79360]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2010-01-11 155648]
S2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\Logitech\SolarApp\L4301_Solar.exe [2010-10-26 403536]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-07-22 690472]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-22 2009704]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-22 378472]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-17 2358656]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_9EC60124
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 05:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTMasterOnOffMonitor"="CTMWatch.dll StartCTMasterOnOffWatch" [X]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-04-22 312936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-12 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-12 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-12 418840]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-06-16 1935120]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-25 4479648]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://nytimes.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:45,dd,f0,45,f9,4d,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,f7,df,d2,89,26,51,48,b1,75,46,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,f7,df,d2,89,26,51,48,b1,75,46,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-21 12:34:43
ComboFix-quarantined-files.txt 2012-06-21 19:34
.
Pre-Run: 179,016,212,480 bytes free
Post-Run: 181,376,331,776 bytes free
.
- - End Of File - - 9ED498AAC64DBC65C5B513BD0970FD6D
-
Mr. Charlie:
I ran roguekiller first and deleted the HKCU and HKUS files. Then I created a new restore point. Then I ran TDSSKiller and selected Cure for a TDSS file and Delete for a malicious file. The 2 logs are below. Thanks Again!!
Wendy
RogueKiller Log
RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Wendy T. King [Admin rights]
Mode: Remove -- Date: 06/21/2012 09:53:51
¤¤¤ Bad processes: 1 ¤¤¤
[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 7 ¤¤¤
[bLACKLIST DLL] HKCU\[...]\Run : Apps (rundll32.exe "C:\Users\Wendy T. King\AppData\Local\Deployment\Apps\jdnvtd.dll",CreateInstance) -> DELETED
[PREVRUN] HKLM\[...]\Run : CTMasterOnOffMonitor (Rundll32.exe CTMWatch.dll StartCTMasterOnOffWatch) -> NOT SELECTED
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NOT SELECTED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> NOT SELECTED
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> NOT SELECTED
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : Root.MBR ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9500420AS +++++
--- User ---
[MBR] 9d490dd7e6adfb6a473e12293cc8b6b4
[bSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 456835 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] dfabe36aaf4649e11ff4fd841ce39f1b
[bSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code
Partition table:
1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 456835 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] dfabe36aaf4649e11ff4fd841ce39f1b
[bSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code
Partition table:
1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 456835 Mo
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
then TDSSKiller log:
10:28:31.0361 4444 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
10:28:32.0163 4444 ============================================================
10:28:32.0163 4444 Current date / time: 2012/06/21 10:28:32.0163
10:28:32.0163 4444 SystemInfo:
10:28:32.0163 4444
10:28:32.0163 4444 OS Version: 6.1.7601 ServicePack: 1.0
10:28:32.0163 4444 Product type: Workstation
10:28:32.0163 4444 ComputerName: XPS17_KING
10:28:32.0163 4444 UserName: Wendy T. King
10:28:32.0163 4444 Windows directory: C:\Windows
10:28:32.0163 4444 System windows directory: C:\Windows
10:28:32.0163 4444 Running under WOW64
10:28:32.0163 4444 Processor architecture: Intel x64
10:28:32.0163 4444 Number of processors: 8
10:28:32.0163 4444 Page size: 0x1000
10:28:32.0163 4444 Boot type: Normal boot
10:28:32.0163 4444 ============================================================
10:28:32.0662 4444 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:28:32.0678 4444 ============================================================
10:28:32.0678 4444 \Device\Harddisk0\DR0:
10:28:32.0678 4444 MBR partitions:
10:28:32.0678 4444 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000
10:28:32.0678 4444 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x37C41830
10:28:32.0678 4444 ============================================================
10:28:32.0709 4444 C: <-> \Device\Harddisk0\DR0\Partition1
10:28:32.0709 4444 ============================================================
10:28:32.0709 4444 Initialize success
10:28:32.0709 4444 ============================================================
10:29:19.0447 4688 ============================================================
10:29:19.0447 4688 Scan started
10:29:19.0447 4688 Mode: Manual; SigCheck; TDLFS;
10:29:19.0447 4688 ============================================================
10:29:20.0008 4688 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:29:20.0149 4688 1394ohci - ok
10:29:20.0196 4688 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
10:29:20.0242 4688 Acceler - ok
10:29:20.0305 4688 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:29:20.0398 4688 ACPI - ok
10:29:20.0445 4688 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:29:20.0570 4688 AcpiPmi - ok
10:29:20.0788 4688 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:29:20.0820 4688 AdobeFlashPlayerUpdateSvc - ok
10:29:20.0898 4688 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
10:29:20.0944 4688 adp94xx - ok
10:29:20.0976 4688 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
10:29:21.0054 4688 adpahci - ok
10:29:21.0069 4688 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
10:29:21.0085 4688 adpu320 - ok
10:29:21.0116 4688 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:29:21.0225 4688 AeLookupSvc - ok
10:29:21.0272 4688 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
10:29:21.0303 4688 AERTFilters - ok
10:29:21.0381 4688 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:29:21.0428 4688 AFD - ok
10:29:21.0475 4688 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:29:21.0506 4688 agp440 - ok
10:29:21.0522 4688 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:29:21.0568 4688 ALG - ok
10:29:21.0600 4688 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:29:21.0631 4688 aliide - ok
10:29:21.0646 4688 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:29:21.0646 4688 amdide - ok
10:29:21.0678 4688 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
10:29:21.0693 4688 AmdK8 - ok
10:29:21.0693 4688 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
10:29:21.0709 4688 AmdPPM - ok
10:29:21.0724 4688 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:29:21.0771 4688 amdsata - ok
10:29:21.0802 4688 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
10:29:21.0818 4688 amdsbs - ok
10:29:21.0834 4688 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:29:21.0880 4688 amdxata - ok
10:29:21.0912 4688 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:29:22.0005 4688 AppID - ok
10:29:22.0021 4688 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:29:22.0068 4688 AppIDSvc - ok
10:29:22.0083 4688 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:29:22.0114 4688 Appinfo - ok
10:29:22.0208 4688 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:29:22.0239 4688 Apple Mobile Device - ok
10:29:22.0286 4688 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
10:29:22.0380 4688 AppMgmt - ok
10:29:22.0411 4688 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
10:29:22.0442 4688 arc - ok
10:29:22.0458 4688 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
10:29:22.0489 4688 arcsas - ok
10:29:22.0582 4688 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:29:22.0614 4688 aspnet_state - ok
10:29:22.0629 4688 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:29:22.0707 4688 AsyncMac - ok
10:29:22.0738 4688 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:29:22.0770 4688 atapi - ok
10:29:22.0848 4688 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:29:22.0910 4688 AudioEndpointBuilder - ok
10:29:22.0910 4688 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:29:22.0957 4688 AudioSrv - ok
10:29:22.0972 4688 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:29:23.0066 4688 AxInstSV - ok
10:29:23.0113 4688 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
10:29:23.0206 4688 b06bdrv - ok
10:29:23.0238 4688 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:29:23.0300 4688 b57nd60a - ok
10:29:23.0316 4688 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:29:23.0409 4688 BDESVC - ok
10:29:23.0425 4688 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:29:23.0503 4688 Beep - ok
10:29:23.0596 4688 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:29:23.0674 4688 BFE - ok
10:29:23.0737 4688 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
10:29:23.0799 4688 BITS - ok
10:29:23.0846 4688 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:29:23.0893 4688 blbdrive - ok
10:29:24.0033 4688 Bluetooth Device Monitor (c440483a5ce0e0ab03a79a33ace35d91) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
10:29:24.0064 4688 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - warning
10:29:24.0064 4688 Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic (1)
10:29:24.0127 4688 Bluetooth Media Service (c8ab8ca3557cce041ac4c88e76afbad0) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
10:29:24.0142 4688 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - warning
10:29:24.0142 4688 Bluetooth Media Service - detected UnsignedFile.Multi.Generic (1)
10:29:24.0236 4688 Bluetooth OBEX Service (df83fb0eb35c91339f1c84c6cf426100) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
10:29:24.0283 4688 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - warning
10:29:24.0283 4688 Bluetooth OBEX Service - detected UnsignedFile.Multi.Generic (1)
10:29:24.0376 4688 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
10:29:24.0408 4688 Bonjour Service - ok
10:29:24.0532 4688 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:29:24.0626 4688 bowser - ok
10:29:24.0657 4688 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
10:29:24.0720 4688 BrFiltLo - ok
10:29:24.0720 4688 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
10:29:24.0735 4688 BrFiltUp - ok
10:29:24.0782 4688 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:29:24.0844 4688 Browser - ok
10:29:24.0876 4688 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:29:24.0938 4688 Brserid - ok
10:29:24.0969 4688 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:29:25.0000 4688 BrSerWdm - ok
10:29:25.0000 4688 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:29:25.0032 4688 BrUsbMdm - ok
10:29:25.0032 4688 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:29:25.0063 4688 BrUsbSer - ok
10:29:25.0078 4688 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
10:29:25.0156 4688 BthEnum - ok
10:29:25.0172 4688 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
10:29:25.0188 4688 BTHMODEM - ok
10:29:25.0234 4688 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
10:29:25.0281 4688 BthPan - ok
10:29:25.0328 4688 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
10:29:25.0422 4688 BTHPORT - ok
10:29:25.0468 4688 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:29:25.0546 4688 bthserv - ok
10:29:25.0562 4688 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
10:29:25.0624 4688 BTHUSB - ok
10:29:25.0671 4688 btmaux (ba554bfcbf21201d310738a42c9c19e1) C:\Windows\system32\DRIVERS\btmaux.sys
10:29:25.0734 4688 btmaux - ok
10:29:25.0780 4688 btmhsf (0010a54571f525a97eed8c091e96eaa9) C:\Windows\system32\DRIVERS\btmhsf.sys
10:29:25.0905 4688 btmhsf - ok
10:29:25.0936 4688 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:29:26.0077 4688 cdfs - ok
10:29:26.0124 4688 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
10:29:26.0217 4688 cdrom - ok
10:29:26.0264 4688 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:29:26.0326 4688 CertPropSvc - ok
10:29:26.0373 4688 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
10:29:26.0436 4688 cfwids - ok
10:29:26.0451 4688 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
10:29:26.0498 4688 circlass - ok
10:29:26.0529 4688 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:29:26.0576 4688 CLFS - ok
10:29:26.0685 4688 CLKMSVC10_9EC60124 (730bf325e4cc1e3935b81943ac6da216) c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe
10:29:26.0701 4688 CLKMSVC10_9EC60124 - ok
10:29:26.0779 4688 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:29:26.0810 4688 clr_optimization_v2.0.50727_32 - ok
10:29:26.0888 4688 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:29:26.0904 4688 clr_optimization_v2.0.50727_64 - ok
10:29:26.0982 4688 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:29:26.0997 4688 clr_optimization_v4.0.30319_32 - ok
10:29:27.0028 4688 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:29:27.0060 4688 clr_optimization_v4.0.30319_64 - ok
10:29:27.0122 4688 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:29:27.0153 4688 CmBatt - ok
10:29:27.0169 4688 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:29:27.0200 4688 cmdide - ok
10:29:27.0262 4688 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:29:27.0356 4688 CNG - ok
10:29:27.0372 4688 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:29:27.0372 4688 Compbatt - ok
10:29:27.0403 4688 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
10:29:27.0465 4688 CompositeBus - ok
10:29:27.0481 4688 COMSysApp - ok
10:29:27.0512 4688 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
10:29:27.0543 4688 crcdisk - ok
10:29:27.0606 4688 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
10:29:27.0621 4688 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
10:29:27.0621 4688 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
10:29:27.0652 4688 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
10:29:27.0668 4688 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
10:29:27.0668 4688 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
10:29:27.0746 4688 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
10:29:27.0840 4688 CryptSvc - ok
10:29:27.0933 4688 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
10:29:28.0058 4688 CSC - ok
10:29:28.0105 4688 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
10:29:28.0152 4688 CscService - ok
10:29:28.0245 4688 CTAudSvcService (07ba6d17e66879018b30b6c3f976ebed) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
10:29:28.0276 4688 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
10:29:28.0276 4688 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
10:29:28.0354 4688 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\Windows\system32\DRIVERS\CtClsFlt.sys
10:29:28.0448 4688 CtClsFlt - ok
10:29:28.0526 4688 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:29:28.0604 4688 DcomLaunch - ok
10:29:28.0635 4688 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:29:28.0744 4688 defragsvc - ok
10:29:28.0776 4688 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:29:28.0838 4688 DfsC - ok
10:29:28.0900 4688 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:29:28.0963 4688 Dhcp - ok
10:29:28.0978 4688 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:29:29.0025 4688 discache - ok
10:29:29.0072 4688 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
10:29:29.0072 4688 Disk - ok
10:29:29.0119 4688 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
10:29:29.0197 4688 dmvsc - ok
10:29:29.0228 4688 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:29:29.0322 4688 Dnscache - ok
10:29:29.0446 4688 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
10:29:29.0540 4688 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
10:29:29.0556 4688 DockLoginService - detected UnsignedFile.Multi.Generic (1)
10:29:29.0587 4688 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:29:29.0680 4688 dot3svc - ok
10:29:29.0696 4688 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:29:29.0758 4688 DPS - ok
10:29:29.0790 4688 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:29:29.0836 4688 drmkaud - ok
10:29:29.0914 4688 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:29:29.0992 4688 DXGKrnl - ok
10:29:30.0024 4688 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:29:30.0086 4688 EapHost - ok
10:29:30.0273 4688 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
10:29:30.0367 4688 ebdrv - ok
10:29:30.0492 4688 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:29:30.0570 4688 EFS - ok
10:29:30.0632 4688 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:29:30.0694 4688 ehRecvr - ok
10:29:30.0726 4688 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:29:30.0741 4688 ehSched - ok
10:29:30.0835 4688 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
10:29:30.0866 4688 elxstor - ok
10:29:30.0882 4688 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:29:30.0897 4688 ErrDev - ok
10:29:30.0991 4688 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:29:31.0069 4688 EventSystem - ok
10:29:31.0240 4688 EvtEng (ed8fbadbbaf7420adeae2d5d81f0d4a1) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
10:29:31.0272 4688 EvtEng - ok
10:29:31.0412 4688 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:29:31.0506 4688 exfat - ok
10:29:31.0521 4688 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:29:31.0630 4688 fastfat - ok
10:29:31.0708 4688 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:29:31.0786 4688 Fax - ok
10:29:31.0818 4688 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
10:29:31.0864 4688 fdc - ok
10:29:31.0911 4688 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:29:31.0974 4688 fdPHost - ok
10:29:31.0989 4688 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:29:32.0052 4688 FDResPub - ok
10:29:32.0083 4688 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:29:32.0083 4688 FileInfo - ok
10:29:32.0098 4688 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:29:32.0145 4688 Filetrace - ok
10:29:32.0161 4688 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
10:29:32.0176 4688 flpydisk - ok
10:29:32.0208 4688 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:29:32.0270 4688 FltMgr - ok
10:29:32.0364 4688 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:29:32.0488 4688 FontCache - ok
10:29:32.0566 4688 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:29:32.0598 4688 FontCache3.0.0.0 - ok
10:29:32.0629 4688 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:29:32.0629 4688 FsDepends - ok
10:29:32.0676 4688 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:29:32.0754 4688 Fs_Rec - ok
10:29:32.0785 4688 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:29:32.0816 4688 fvevol - ok
10:29:32.0847 4688 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
10:29:32.0863 4688 gagp30kx - ok
10:29:32.0894 4688 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:29:32.0956 4688 GEARAspiWDM - ok
10:29:33.0034 4688 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:29:33.0081 4688 gpsvc - ok
10:29:33.0112 4688 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:29:33.0128 4688 hcw85cir - ok
10:29:33.0175 4688 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:29:33.0284 4688 HDAudBus - ok
10:29:33.0300 4688 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
10:29:33.0315 4688 HidBatt - ok
10:29:33.0331 4688 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
10:29:33.0346 4688 HidBth - ok
10:29:33.0378 4688 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
10:29:33.0440 4688 HidIr - ok
10:29:33.0456 4688 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
10:29:33.0549 4688 hidserv - ok
10:29:33.0580 4688 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:29:33.0658 4688 HidUsb - ok
10:29:33.0674 4688 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:29:33.0752 4688 hkmsvc - ok
10:29:33.0799 4688 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:29:33.0846 4688 HomeGroupListener - ok
10:29:33.0877 4688 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:29:33.0924 4688 HomeGroupProvider - ok
10:29:33.0955 4688 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:29:34.0017 4688 HpSAMD - ok
10:29:34.0064 4688 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:29:34.0111 4688 HTTP - ok
10:29:34.0111 4688 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:29:34.0126 4688 hwpolicy - ok
10:29:34.0142 4688 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
10:29:34.0158 4688 i8042prt - ok
10:29:34.0220 4688 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys
10:29:34.0236 4688 iaStor - ok
10:29:34.0282 4688 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:29:34.0407 4688 iaStorV - ok
10:29:34.0438 4688 iBtFltCoex (50b8ab6013ef9970ac85fdba0f622300) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
10:29:34.0501 4688 iBtFltCoex - ok
10:29:34.0641 4688 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:29:34.0672 4688 idsvc - ok
10:29:35.0187 4688 igfx (66dc0ce2d1867b8178eaa0e11930dbd7) C:\Windows\system32\DRIVERS\igdkmd64.sys
10:29:35.0530 4688 igfx - ok
10:29:35.0640 4688 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
10:29:35.0671 4688 iirsp - ok
10:29:35.0764 4688 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:29:35.0842 4688 IKEEXT - ok
10:29:35.0952 4688 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
10:29:36.0061 4688 Impcd - ok
10:29:36.0342 4688 IntcAzAudAddService (8fed6428fde53d7f4c105095f22524be) C:\Windows\system32\drivers\RTKVHD64.sys
10:29:36.0420 4688 IntcAzAudAddService - ok
10:29:36.0560 4688 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
10:29:36.0638 4688 IntcDAud - ok
10:29:36.0654 4688 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:29:36.0685 4688 intelide - ok
10:29:36.0732 4688 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:29:36.0778 4688 intelppm - ok
10:29:36.0825 4688 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:29:36.0903 4688 IPBusEnum - ok
10:29:36.0919 4688 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:29:36.0997 4688 IpFilterDriver - ok
10:29:37.0090 4688 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:29:37.0137 4688 iphlpsvc - ok
10:29:37.0153 4688 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:29:37.0200 4688 IPMIDRV - ok
10:29:37.0215 4688 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:29:37.0262 4688 IPNAT - ok
10:29:37.0387 4688 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
10:29:37.0402 4688 iPod Service - ok
10:29:37.0434 4688 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:29:37.0449 4688 IRENUM - ok
10:29:37.0449 4688 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:29:37.0465 4688 isapnp - ok
10:29:37.0496 4688 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:29:37.0543 4688 iScsiPrt - ok
10:29:37.0574 4688 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:29:37.0574 4688 kbdclass - ok
10:29:37.0605 4688 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
10:29:37.0652 4688 kbdhid - ok
10:29:37.0699 4688 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:29:37.0730 4688 KeyIso - ok
10:29:37.0746 4688 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:29:37.0808 4688 KSecDD - ok
10:29:37.0824 4688 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:29:37.0902 4688 KSecPkg - ok
10:29:37.0917 4688 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:29:37.0995 4688 ksthunk - ok
10:29:38.0042 4688 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:29:38.0120 4688 KtmRm - ok
10:29:38.0245 4688 L4301_Solar (caeaa16039485b2d3bb069c1107442a5) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
10:29:38.0276 4688 L4301_Solar - ok
10:29:38.0323 4688 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
10:29:38.0385 4688 LanmanServer - ok
10:29:38.0401 4688 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:29:38.0463 4688 LanmanWorkstation - ok
10:29:38.0510 4688 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:29:38.0572 4688 lltdio - ok
10:29:38.0619 4688 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:29:38.0744 4688 lltdsvc - ok
10:29:38.0760 4688 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:29:38.0806 4688 lmhosts - ok
10:29:38.0900 4688 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
10:29:38.0978 4688 LMS - ok
10:29:39.0025 4688 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
10:29:39.0056 4688 LSI_FC - ok
10:29:39.0072 4688 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
10:29:39.0087 4688 LSI_SAS - ok
10:29:39.0118 4688 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
10:29:39.0150 4688 LSI_SAS2 - ok
10:29:39.0165 4688 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
10:29:39.0181 4688 LSI_SCSI - ok
10:29:39.0212 4688 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:29:39.0306 4688 luafv - ok
10:29:39.0368 4688 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
10:29:39.0430 4688 MBAMProtector - ok
10:29:39.0540 4688 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:29:39.0571 4688 MBAMService - ok
10:29:39.0664 4688 McAWFwk (9504f1dda1b67fb8d526fd4f8cc882f3) c:\PROGRA~1\mcafee\msc\mcawfwk.exe
10:29:39.0696 4688 McAWFwk - ok
10:29:39.0774 4688 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
10:29:39.0805 4688 McMPFSvc - ok
10:29:39.0820 4688 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
10:29:39.0852 4688 mcmscsvc - ok
10:29:39.0867 4688 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
10:29:39.0898 4688 McNaiAnn - ok
10:29:39.0898 4688 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
10:29:39.0914 4688 McNASvc - ok
10:29:39.0976 4688 McODS (c6232488cdbf063ce077fc7f8f8c248c) C:\Program Files\mcafee\VirusScan\mcods.exe
10:29:39.0992 4688 McODS - ok
10:29:39.0992 4688 McOobeSv (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
10:29:40.0008 4688 McOobeSv - ok
10:29:40.0008 4688 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
10:29:40.0023 4688 McProxy - ok
10:29:40.0148 4688 McShield (325b166bf78d8a8ad93e44ca7a6fc332) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
10:29:40.0179 4688 McShield - ok
10:29:40.0273 4688 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:29:40.0335 4688 Mcx2Svc - ok
10:29:40.0382 4688 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
10:29:40.0413 4688 megasas - ok
10:29:40.0444 4688 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
10:29:40.0491 4688 MegaSR - ok
10:29:40.0522 4688 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
10:29:40.0600 4688 MEIx64 - ok
10:29:40.0647 4688 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
10:29:40.0710 4688 mfeapfk - ok
10:29:40.0741 4688 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
10:29:40.0819 4688 mfeavfk - ok
10:29:40.0850 4688 mfeavfk01 - ok
10:29:40.0912 4688 mfefire (7d8fdc43972d059907e09ee4022f77e8) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
10:29:40.0944 4688 mfefire - ok
10:29:40.0975 4688 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
10:29:41.0068 4688 mfefirek - ok
10:29:41.0115 4688 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
10:29:41.0193 4688 mfehidk - ok
10:29:41.0224 4688 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
10:29:41.0271 4688 mfenlfk - ok
10:29:41.0302 4688 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
10:29:41.0380 4688 mferkdet - ok
10:29:41.0427 4688 mfevtp (8a78905057308b084eaa29a9fe1b4f58) C:\Windows\system32\mfevtps.exe
10:29:41.0458 4688 mfevtp - ok
10:29:41.0474 4688 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
10:29:41.0552 4688 mfewfpk - ok
10:29:41.0568 4688 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:29:41.0661 4688 MMCSS - ok
10:29:41.0692 4688 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:29:41.0770 4688 Modem - ok
10:29:41.0802 4688 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:29:41.0848 4688 monitor - ok
10:29:41.0880 4688 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:29:41.0911 4688 mouclass - ok
10:29:41.0926 4688 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:29:41.0989 4688 mouhid - ok
10:29:42.0020 4688 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:29:42.0051 4688 mountmgr - ok
10:29:42.0082 4688 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:29:42.0129 4688 mpio - ok
10:29:42.0160 4688 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:29:42.0238 4688 mpsdrv - ok
10:29:42.0301 4688 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:29:42.0379 4688 MpsSvc - ok
10:29:42.0410 4688 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:29:42.0488 4688 MRxDAV - ok
10:29:42.0519 4688 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:29:42.0597 4688 mrxsmb - ok
10:29:42.0644 4688 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:29:42.0753 4688 mrxsmb10 - ok
10:29:42.0769 4688 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:29:42.0831 4688 mrxsmb20 - ok
10:29:42.0847 4688 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:29:42.0909 4688 msahci - ok
10:29:42.0940 4688 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:29:43.0018 4688 msdsm - ok
10:29:43.0050 4688 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:29:43.0065 4688 MSDTC - ok
10:29:43.0081 4688 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:29:43.0128 4688 Msfs - ok
10:29:43.0143 4688 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:29:43.0237 4688 mshidkmdf - ok
10:29:43.0237 4688 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:29:43.0252 4688 msisadrv - ok
10:29:43.0284 4688 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:29:43.0330 4688 MSiSCSI - ok
10:29:43.0330 4688 msiserver - ok
10:29:43.0424 4688 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
10:29:43.0455 4688 MSK80Service - ok
10:29:43.0486 4688 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:29:43.0564 4688 MSKSSRV - ok
10:29:43.0580 4688 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:29:43.0658 4688 MSPCLOCK - ok
10:29:43.0674 4688 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:29:43.0752 4688 MSPQM - ok
10:29:43.0798 4688 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:29:43.0876 4688 MsRPC - ok
10:29:43.0892 4688 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
10:29:43.0892 4688 mssmbios - ok
10:29:43.0908 4688 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:29:43.0954 4688 MSTEE - ok
10:29:44.0017 4688 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
10:29:44.0032 4688 MTConfig - ok
10:29:44.0048 4688 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:29:44.0064 4688 Mup - ok
10:29:44.0126 4688 MyWiFiDHCPDNS (f02a154fde5da779e971352256e64cff) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
10:29:44.0157 4688 MyWiFiDHCPDNS - ok
10:29:44.0220 4688 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:29:44.0313 4688 napagent - ok
10:29:44.0376 4688 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:29:44.0454 4688 NativeWifiP - ok
10:29:44.0563 4688 NAUpdate (7f79da9e719d0774bdbc3622abd3afd9) C:\Program Files (x86)\Nero\Update\NASvc.exe
10:29:44.0594 4688 NAUpdate - ok
10:29:44.0672 4688 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
10:29:44.0703 4688 NDIS - ok
10:29:44.0719 4688 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:29:44.0766 4688 NdisCap - ok
10:29:44.0797 4688 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:29:44.0859 4688 NdisTapi - ok
10:29:44.0875 4688 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:29:44.0953 4688 Ndisuio - ok
10:29:44.0984 4688 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:29:45.0093 4688 NdisWan - ok
10:29:45.0109 4688 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:29:45.0171 4688 NDProxy - ok
10:29:45.0187 4688 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:29:45.0265 4688 NetBIOS - ok
10:29:45.0296 4688 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:29:45.0343 4688 NetBT - ok
10:29:45.0390 4688 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:29:45.0421 4688 Netlogon - ok
10:29:45.0468 4688 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:29:45.0577 4688 Netman - ok
10:29:45.0670 4688 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:29:45.0748 4688 NetMsmqActivator - ok
10:29:45.0764 4688 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:29:45.0780 4688 NetPipeActivator - ok
10:29:45.0811 4688 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:29:45.0920 4688 netprofm - ok
10:29:45.0920 4688 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:29:45.0936 4688 NetTcpActivator - ok
10:29:45.0936 4688 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:29:45.0951 4688 NetTcpPortSharing - ok
10:29:46.0014 4688 netvsc (73ce12b8bdd747b0063cb0a7ef44cea7) C:\Windows\system32\DRIVERS\netvsc60.sys
10:29:46.0076 4688 netvsc - ok
10:29:46.0700 4688 NETwNs64 (c3fc3eee5a0ce77a02b27cfdfaf0c758) C:\Windows\system32\DRIVERS\NETwNs64.sys
10:29:47.0028 4688 NETwNs64 - ok
10:29:47.0168 4688 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
10:29:47.0199 4688 nfrd960 - ok
10:29:47.0277 4688 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:29:47.0324 4688 NlaSvc - ok
10:29:47.0511 4688 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
10:29:47.0558 4688 NOBU - ok
10:29:47.0636 4688 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:29:47.0761 4688 Npfs - ok
10:29:47.0776 4688 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:29:47.0823 4688 nsi - ok
10:29:47.0839 4688 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:29:47.0901 4688 nsiproxy - ok
10:29:48.0010 4688 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:29:48.0135 4688 Ntfs - ok
10:29:48.0198 4688 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:29:48.0276 4688 Null - ok
10:29:48.0307 4688 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
10:29:48.0400 4688 nusb3hub - ok
10:29:48.0416 4688 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
10:29:48.0510 4688 nusb3xhc - ok
10:29:49.0056 4688 nvlddmkm (573b0941a37aebee96085d56a103f57b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:29:49.0243 4688 nvlddmkm - ok
10:29:49.0321 4688 nvpciflt (43af7ebeac2ab623468e32caddcb61a4) C:\Windows\system32\DRIVERS\nvpciflt.sys
10:29:49.0399 4688 nvpciflt - ok
10:29:49.0446 4688 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:29:49.0524 4688 nvraid - ok
10:29:49.0539 4688 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:29:49.0617 4688 nvstor - ok
10:29:49.0664 4688 NvStUSB (92d06926c5da2a2e62e8fb5104f44d92) C:\Windows\system32\drivers\nvstusb.sys
10:29:49.0742 4688 NvStUSB - ok
10:29:49.0804 4688 NVSvc (c500760572c6059918fb0c960967695b) C:\Windows\system32\nvvsvc.exe
10:29:49.0836 4688 NVSvc - ok
10:29:50.0007 4688 nvUpdatusService (f28169a7adf7b41809cf92d369e744f0) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
10:29:50.0038 4688 nvUpdatusService - ok
10:29:50.0148 4688 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:29:50.0194 4688 nv_agp - ok
10:29:50.0210 4688 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:29:50.0226 4688 ohci1394 - ok
10:29:50.0272 4688 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:29:50.0319 4688 ose - ok
10:29:50.0584 4688 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:29:50.0740 4688 osppsvc - ok
10:29:50.0912 4688 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:29:50.0943 4688 p2pimsvc - ok
10:29:50.0990 4688 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:29:51.0052 4688 p2psvc - ok
10:29:51.0084 4688 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
10:29:51.0099 4688 Parport - ok
10:29:51.0146 4688 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
10:29:51.0208 4688 partmgr - ok
10:29:51.0224 4688 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:29:51.0255 4688 PcaSvc - ok
10:29:51.0286 4688 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:29:51.0318 4688 pci - ok
10:29:51.0333 4688 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:29:51.0349 4688 pciide - ok
10:29:51.0380 4688 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
10:29:51.0411 4688 pcmcia - ok
10:29:51.0427 4688 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:29:51.0442 4688 pcw - ok
10:29:51.0474 4688 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:29:51.0614 4688 PEAUTH - ok
10:29:51.0708 4688 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
10:29:51.0817 4688 PeerDistSvc - ok
10:29:51.0879 4688 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:29:51.0926 4688 PerfHost - ok
10:29:52.0051 4688 pfc - ok
10:29:52.0129 4688 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:29:52.0254 4688 pla - ok
10:29:52.0347 4688 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:29:52.0456 4688 PlugPlay - ok
10:29:52.0519 4688 Pml Driver HPZ12 (f485770eec8959684cc4c4786b63c06c) C:\Windows\system32\HPZipm12.dll
10:29:52.0597 4688 Pml Driver HPZ12 - ok
10:29:52.0612 4688 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:29:52.0628 4688 PNRPAutoReg - ok
10:29:52.0644 4688 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:29:52.0659 4688 PNRPsvc - ok
10:29:52.0737 4688 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:29:52.0846 4688 PolicyAgent - ok
10:29:52.0862 4688 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:29:52.0971 4688 Power - ok
10:29:53.0018 4688 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:29:53.0112 4688 PptpMiniport - ok
10:29:53.0127 4688 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
10:29:53.0143 4688 Processor - ok
10:29:53.0190 4688 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
10:29:53.0283 4688 ProfSvc - ok
10:29:53.0314 4688 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:29:53.0346 4688 ProtectedStorage - ok
10:29:53.0392 4688 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:29:53.0455 4688 Psched - ok
10:29:53.0486 4688 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
10:29:53.0533 4688 PxHlpa64 - ok
10:29:53.0564 4688 qicflt (0928bd20273625622722fe1de5bbde57) C:\Windows\system32\DRIVERS\qicflt.sys
10:29:53.0626 4688 qicflt - ok
10:29:53.0736 4688 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
10:29:53.0814 4688 ql2300 - ok
10:29:53.0923 4688 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
10:29:53.0970 4688 ql40xx - ok
10:29:54.0016 4688 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:29:54.0063 4688 QWAVE - ok
10:29:54.0094 4688 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:29:54.0126 4688 QWAVEdrv - ok
10:29:54.0126 4688 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:29:54.0204 4688 RasAcd - ok
10:29:54.0235 4688 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:29:54.0297 4688 RasAgileVpn - ok
10:29:54.0328 4688 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:29:54.0438 4688 RasAuto - ok
10:29:54.0469 4688 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:29:54.0531 4688 Rasl2tp - ok
10:29:54.0594 4688 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:29:54.0718 4688 RasMan - ok
10:29:54.0734 4688 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:29:54.0828 4688 RasPppoe - ok
10:29:54.0859 4688 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:29:54.0937 4688 RasSstp - ok
10:29:54.0984 4688 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:29:55.0093 4688 rdbss - ok
10:29:55.0093 4688 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:29:55.0108 4688 rdpbus - ok
10:29:55.0140 4688 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:29:55.0218 4688 RDPCDD - ok
10:29:55.0249 4688 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
10:29:55.0327 4688 RDPDR - ok
10:29:55.0342 4688 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:29:55.0420 4688 RDPENCDD - ok
10:29:55.0436 4688 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:29:55.0483 4688 RDPREFMP - ok
10:29:55.0530 4688 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
10:29:55.0623 4688 RDPWD - ok
10:29:55.0670 4688 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:29:55.0764 4688 rdyboost - ok
10:29:55.0873 4688 RegSrvc (3a1ef2f8d0808bece6a2fef3ea3987a5) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
10:29:55.0888 4688 RegSrvc - ok
10:29:55.0920 4688 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:29:55.0998 4688 RemoteAccess - ok
10:29:56.0029 4688 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:29:56.0076 4688 RemoteRegistry - ok
10:29:56.0122 4688 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
10:29:56.0185 4688 RFCOMM - ok
10:29:56.0325 4688 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
10:29:56.0372 4688 RoxMediaDB12OEM - ok
10:29:56.0419 4688 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
10:29:56.0466 4688 RoxWatch12 - ok
10:29:56.0528 4688 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:29:56.0606 4688 RpcEptMapper - ok
10:29:56.0653 4688 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:29:56.0684 4688 RpcLocator - ok
10:29:56.0715 4688 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:29:56.0778 4688 RpcSs - ok
10:29:56.0809 4688 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:29:56.0887 4688 rspndr - ok
10:29:56.0934 4688 RTL8167 (a73ed14670220307874ad6bc2f279349) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:29:57.0012 4688 RTL8167 - ok
10:29:57.0027 4688 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
10:29:57.0090 4688 s3cap - ok
10:29:57.0121 4688 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:29:57.0152 4688 SamSs - ok
10:29:57.0168 4688 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:29:57.0246 4688 sbp2port - ok
10:29:57.0261 4688 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:29:57.0355 4688 SCardSvr - ok
10:29:57.0355 4688 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:29:57.0433 4688 scfilter - ok
10:29:57.0526 4688 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:29:57.0667 4688 Schedule - ok
10:29:57.0714 4688 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:29:57.0776 4688 SCPolicySvc - ok
10:29:57.0807 4688 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:29:57.0901 4688 SDRSVC - ok
10:29:57.0963 4688 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:29:58.0041 4688 secdrv - ok
10:29:58.0057 4688 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:29:58.0119 4688 seclogon - ok
10:29:58.0150 4688 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
10:29:58.0182 4688 SENS - ok
10:29:58.0197 4688 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:29:58.0228 4688 SensrSvc - ok
10:29:58.0260 4688 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
10:29:58.0291 4688 Serenum - ok
10:29:58.0306 4688 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
10:29:58.0338 4688 Serial - ok
10:29:58.0353 4688 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
10:29:58.0369 4688 sermouse - ok
10:29:58.0384 4688 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:29:58.0478 4688 SessionEnv - ok
10:29:58.0478 4688 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:29:58.0494 4688 sffdisk - ok
10:29:58.0494 4688 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:29:58.0509 4688 sffp_mmc - ok
10:29:58.0509 4688 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:29:58.0556 4688 sffp_sd - ok
10:29:58.0556 4688 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
10:29:58.0572 4688 sfloppy - ok
10:29:58.0743 4688 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
10:29:58.0759 4688 SftService - ok
10:29:58.0868 4688 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:29:58.0977 4688 SharedAccess - ok
10:29:59.0024 4688 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:29:59.0086 4688 ShellHWDetection - ok
10:29:59.0149 4688 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
10:29:59.0149 4688 SiSRaid2 - ok
10:29:59.0164 4688 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
10:29:59.0180 4688 SiSRaid4 - ok
10:29:59.0196 4688 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:29:59.0289 4688 Smb - ok
10:29:59.0320 4688 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:29:59.0352 4688 SNMPTRAP - ok
10:29:59.0414 4688 Sound Blaster X-Fi MB Licensing Service (9b24dca429f819db314f30ee4c6c80fd) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
10:29:59.0430 4688 Sound Blaster X-Fi MB Licensing Service ( UnsignedFile.Multi.Generic ) - warning
10:29:59.0430 4688 Sound Blaster X-Fi MB Licensing Service - detected UnsignedFile.Multi.Generic (1)
10:29:59.0461 4688 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:29:59.0492 4688 spldr - ok
10:29:59.0523 4688 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:29:59.0570 4688 Spooler - ok
10:29:59.0757 4688 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:29:59.0835 4688 sppsvc - ok
10:29:59.0929 4688 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:30:00.0007 4688 sppuinotify - ok
10:30:00.0178 4688 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:30:00.0303 4688 srv - ok
10:30:00.0350 4688 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:30:00.0428 4688 srv2 - ok
10:30:00.0475 4688 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:30:00.0553 4688 srvnet - ok
10:30:00.0584 4688 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:30:00.0678 4688 SSDPSRV - ok
10:30:00.0693 4688 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:30:00.0740 4688 SstpSvc - ok
10:30:00.0771 4688 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
10:30:00.0834 4688 stdcfltn - ok
10:30:00.0912 4688 Stereo Service (0683504bbb3ffc0a73d9d217b63dd0e0) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:30:00.0943 4688 Stereo Service - ok
10:30:00.0958 4688 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
10:30:00.0990 4688 stexstor - ok
10:30:01.0036 4688 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:30:01.0099 4688 stisvc - ok
10:30:01.0146 4688 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
10:30:01.0161 4688 stllssvr - ok
10:30:01.0177 4688 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
10:30:01.0255 4688 StorSvc - ok
10:30:01.0286 4688 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
10:30:01.0364 4688 storvsc - ok
10:30:01.0395 4688 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
10:30:01.0395 4688 swenum - ok
10:30:01.0442 4688 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:30:01.0551 4688 swprv - ok
10:30:01.0567 4688 SynthVid (4cdd7df58730d23ba9cb5829a6e2ecea) C:\Windows\system32\DRIVERS\VMBusVideoM.sys
10:30:01.0629 4688 SynthVid - ok
10:30:01.0723 4688 SynTP (5e3b232a614339399acc71fa3aaaaa6b) C:\Windows\system32\DRIVERS\SynTP.sys
10:30:01.0785 4688 SynTP - ok
10:30:01.0941 4688 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:30:02.0019 4688 SysMain - ok
10:30:02.0082 4688 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:30:02.0113 4688 TabletInputService - ok
10:30:02.0144 4688 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:30:02.0238 4688 TapiSrv - ok
10:30:02.0253 4688 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:30:02.0300 4688 TBS - ok
10:30:02.0456 4688 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
10:30:02.0503 4688 Tcpip - ok
10:30:02.0659 4688 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
10:30:02.0690 4688 TCPIP6 - ok
10:30:02.0784 4688 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:30:02.0877 4688 tcpipreg - ok
10:30:02.0877 4688 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:30:02.0940 4688 TDPIPE - ok
10:30:02.0971 4688 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:30:03.0064 4688 TDTCP - ok
10:30:03.0096 4688 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:30:03.0158 4688 tdx - ok
10:30:03.0345 4688 TeamViewer6 (b357451a6958e2b7b506fb1d08271be6) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
10:30:03.0392 4688 TeamViewer6 - ok
10:30:03.0532 4688 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
10:30:03.0579 4688 TermDD - ok
10:30:03.0642 4688 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:30:03.0766 4688 TermService - ok
10:30:03.0782 4688 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:30:03.0844 4688 Themes - ok
10:30:03.0860 4688 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:30:03.0922 4688 THREADORDER - ok
10:30:03.0938 4688 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:30:04.0000 4688 TrkWks - ok
10:30:04.0032 4688 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:30:04.0063 4688 TrustedInstaller - ok
10:30:04.0078 4688 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:30:04.0156 4688 tssecsrv - ok
10:30:04.0188 4688 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:30:04.0266 4688 TsUsbFlt - ok
10:30:04.0297 4688 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
10:30:04.0328 4688 TsUsbGD - ok
10:30:04.0375 4688 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:30:04.0453 4688 tunnel - ok
10:30:04.0484 4688 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
10:30:04.0515 4688 TurboB - ok
10:30:04.0593 4688 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
10:30:04.0671 4688 TurboBoost - ok
10:30:04.0687 4688 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
10:30:04.0718 4688 uagp35 - ok
10:30:04.0765 4688 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:30:04.0905 4688 udfs - ok
10:30:04.0921 4688 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:30:04.0936 4688 UI0Detect - ok
10:30:04.0952 4688 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:30:04.0968 4688 uliagpkx - ok
10:30:04.0999 4688 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
10:30:05.0061 4688 umbus - ok
10:30:05.0077 4688 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
10:30:05.0092 4688 UmPass - ok
10:30:05.0139 4688 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
10:30:05.0202 4688 UmRdpService - ok
10:30:05.0389 4688 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
10:30:05.0436 4688 UNS - ok
10:30:05.0592 4688 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:30:05.0716 4688 upnphost - ok
10:30:05.0794 4688 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
10:30:05.0857 4688 USBAAPL64 - ok
10:30:05.0888 4688 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
10:30:05.0966 4688 usbccgp - ok
10:30:06.0013 4688 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:30:06.0060 4688 usbcir - ok
10:30:06.0075 4688 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:30:06.0122 4688 usbehci - ok
10:30:06.0184 4688 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:30:06.0262 4688 usbhub - ok
10:30:06.0278 4688 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:30:06.0325 4688 usbohci - ok
10:30:06.0356 4688 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:30:06.0418 4688 usbprint - ok
10:30:06.0434 4688 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:30:06.0528 4688 USBSTOR - ok
10:30:06.0559 4688 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:30:06.0637 4688 usbuhci - ok
10:30:06.0668 4688 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
10:30:06.0715 4688 usbvideo - ok
10:30:06.0762 4688 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:30:06.0808 4688 UxSms - ok
10:30:06.0840 4688 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:30:06.0871 4688 VaultSvc - ok
10:30:06.0902 4688 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:30:06.0933 4688 vdrvroot - ok
10:30:06.0980 4688 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:30:07.0074 4688 vds - ok
10:30:07.0089 4688 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:30:07.0120 4688 vga - ok
10:30:07.0152 4688 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:30:07.0230 4688 VgaSave - ok
10:30:07.0245 4688 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:30:07.0323 4688 vhdmp - ok
10:30:07.0339 4688 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:30:07.0339 4688 viaide - ok
10:30:07.0370 4688 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
10:30:07.0432 4688 VMBusHID - ok
10:30:07.0464 4688 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:30:07.0542 4688 volmgr - ok
10:30:07.0573 4688 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:30:07.0620 4688 volmgrx - ok
10:30:07.0651 4688 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:30:07.0729 4688 volsnap - ok
10:30:07.0776 4688 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
10:30:07.0822 4688 vsmraid - ok
10:30:07.0932 4688 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:30:07.0994 4688 VSS - ok
10:30:08.0088 4688 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:30:08.0103 4688 vwifibus - ok
10:30:08.0212 4688 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:30:08.0275 4688 vwififlt - ok
10:30:08.0306 4688 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
10:30:08.0353 4688 vwifimp - ok
10:30:08.0415 4688 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:30:08.0509 4688 W32Time - ok
10:30:08.0540 4688 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
10:30:08.0571 4688 WacomPen - ok
10:30:08.0587 4688 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:30:08.0680 4688 WANARP - ok
10:30:08.0680 4688 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:30:08.0712 4688 Wanarpv6 - ok
10:30:08.0821 4688 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:30:08.0868 4688 WatAdminSvc - ok
10:30:08.0946 4688 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:30:08.0977 4688 wbengine - ok
10:30:09.0086 4688 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:30:09.0117 4688 WbioSrvc - ok
10:30:09.0148 4688 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:30:09.0195 4688 wcncsvc - ok
10:30:09.0211 4688 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:30:09.0226 4688 WcsPlugInService - ok
10:30:09.0273 4688 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
10:30:09.0304 4688 Wd - ok
10:30:09.0351 4688 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:30:09.0398 4688 Wdf01000 - ok
10:30:09.0414 4688 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:30:09.0523 4688 WdiServiceHost - ok
10:30:09.0523 4688 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:30:09.0554 4688 WdiSystemHost - ok
10:30:09.0570 4688 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:30:09.0632 4688 WebClient - ok
10:30:09.0663 4688 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:30:09.0757 4688 Wecsvc - ok
10:30:09.0772 4688 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:30:09.0819 4688 wercplsupport - ok
10:30:09.0850 4688 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:30:09.0928 4688 WerSvc - ok
10:30:09.0975 4688 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:30:10.0053 4688 WfpLwf - ok
10:30:10.0100 4688 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
10:30:10.0162 4688 WimFltr - ok
10:30:10.0162 4688 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:30:10.0178 4688 WIMMount - ok
10:30:10.0209 4688 WinDefend - ok
10:30:10.0209 4688 WinHttpAutoProxySvc - ok
10:30:10.0287 4688 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:30:10.0396 4688 Winmgmt - ok
10:30:10.0521 4688 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:30:10.0724 4688 WinRM - ok
10:30:10.0911 4688 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:30:10.0958 4688 WinUsb - ok
10:30:11.0052 4688 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:30:11.0098 4688 Wlansvc - ok
10:30:11.0176 4688 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:30:11.0254 4688 wlcrasvc - ok
10:30:11.0395 4688 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:30:11.0426 4688 wlidsvc - ok
10:30:11.0504 4688 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:30:11.0551 4688 WmiAcpi - ok
10:30:11.0629 4688 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:30:11.0660 4688 wmiApSrv - ok
10:30:11.0676 4688 WMPNetworkSvc - ok
10:30:11.0707 4688 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:30:11.0769 4688 WPCSvc - ok
10:30:11.0800 4688 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:30:11.0863 4688 WPDBusEnum - ok
10:30:11.0878 4688 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:30:11.0925 4688 ws2ifsl - ok
10:30:11.0941 4688 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
10:30:11.0972 4688 wscsvc - ok
10:30:12.0019 4688 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
10:30:12.0034 4688 WSDPrintDevice - ok
10:30:12.0034 4688 WSearch - ok
10:30:12.0206 4688 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
10:30:12.0237 4688 wuauserv - ok
10:30:12.0362 4688 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:30:12.0471 4688 WudfPf - ok
10:30:12.0518 4688 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:30:12.0627 4688 WUDFRd - ok
10:30:12.0658 4688 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:30:12.0752 4688 wudfsvc - ok
10:30:12.0783 4688 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:30:12.0846 4688 WwanSvc - ok
10:30:12.0924 4688 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:30:12.0955 4688 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
10:30:12.0955 4688 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
10:30:13.0064 4688 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:30:13.0064 4688 \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:30:13.0111 4688 Boot (0x1200) (cddaa73dceadb55777b08a8cabf9e365) \Device\Harddisk0\DR0\Partition0
10:30:13.0111 4688 \Device\Harddisk0\DR0\Partition0 - ok
10:30:13.0126 4688 Boot (0x1200) (935d9df834fa10b64d14e1f5bc549fdb) \Device\Harddisk0\DR0\Partition1
10:30:13.0126 4688 \Device\Harddisk0\DR0\Partition1 - ok
10:30:13.0126 4688 ============================================================
10:30:13.0126 4688 Scan finished
10:30:13.0126 4688 ============================================================
10:30:13.0142 6032 Detected object count: 10
10:30:13.0142 6032 Actual detected object count: 10
10:34:24.0066 6032 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - skipped by user
10:34:24.0066 6032 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:34:24.0066 6032 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:34:24.0066 6032 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:34:24.0066 6032 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:34:24.0066 6032 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:34:24.0066 6032 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:34:24.0066 6032 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:34:24.0066 6032 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:34:24.0066 6032 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:34:24.0066 6032 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
10:34:24.0066 6032 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:34:24.0066 6032 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
10:34:24.0066 6032 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:34:24.0066 6032 Sound Blaster X-Fi MB Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:34:24.0066 6032 Sound Blaster X-Fi MB Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:34:24.0674 6032 \Device\Harddisk0\DR0\# - copied to quarantine
10:34:24.0690 6032 \Device\Harddisk0\DR0 - copied to quarantine
10:34:24.0846 6032 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
10:34:25.0002 6032 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
10:34:25.0064 6032 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
10:34:25.0189 6032 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
10:34:25.0298 6032 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
10:34:30.0462 6032 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
10:34:30.0540 6032 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
10:34:30.0602 6032 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
10:34:30.0618 6032 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
10:34:30.0633 6032 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
10:34:30.0680 6032 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
10:34:30.0758 6032 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
10:34:30.0774 6032 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
10:34:30.0774 6032 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
10:34:30.0805 6032 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
10:34:30.0867 6032 \Device\Harddisk0\DR0 - ok
10:34:30.0883 6032 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
10:34:30.0914 6032 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
10:34:31.0023 6032 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
10:34:31.0070 6032 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
10:34:31.0117 6032 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
10:34:31.0164 6032 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
10:34:36.0031 6032 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
10:34:36.0109 6032 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
10:34:36.0203 6032 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
10:34:36.0203 6032 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
10:34:36.0203 6032 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
10:34:36.0281 6032 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
10:34:36.0374 6032 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
10:34:36.0374 6032 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
10:34:36.0390 6032 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
10:34:36.0390 6032 \Device\Harddisk0\DR0\TDLFS - deleted
10:34:36.0390 6032 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
10:35:56.0071 5764 Deinitialize success
-
Mr. Charlie:
Thank you ever so much for your amazingly fast reply.
Here is the report from Rogue Killer followed by the DDS and Attach file transcripts which I ran again after the Rogue Killer scan. I didn't do anything else with Rogue Killer. I didn't delete anything even though it encouraged me to.
I really appreciate your help and assurance that I'm doing the right thing!
Wendy
RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Wendy T. King [Admin rights]
Mode: Scan -- Date: 06/20/2012 14:35:41
¤¤¤ Bad processes: 1 ¤¤¤
[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 7 ¤¤¤
[bLACKLIST DLL] HKCU\[...]\Run : Apps (rundll32.exe "C:\Users\Wendy T. King\AppData\Local\Deployment\Apps\jdnvtd.dll",CreateInstance) -> FOUND
[bLACKLIST DLL] HKUS\S-1-5-21-3792395675-2708013395-2015148367-1001[...]\Run : Apps (rundll32.exe "C:\Users\Wendy T. King\AppData\Local\Deployment\Apps\jdnvtd.dll",CreateInstance) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : Root.MBR ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9500420AS +++++
--- User ---
[MBR] 9d490dd7e6adfb6a473e12293cc8b6b4
[bSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 456835 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] dfabe36aaf4649e11ff4fd841ce39f1b
[bSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code
Partition table:
1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 456835 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] dfabe36aaf4649e11ff4fd841ce39f1b
[bSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code
Partition table:
1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 456835 Mo
Finished : << RKreport[1].txt >>
RKreport[1].txt
Here is the DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Wendy T. King at 14:39:10 on 2012-06-20
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8086.5726 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\AMBSpiE.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Wendy T. King\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\431G1WZ1\RogueKiller.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://nytimes.com/
uDefault_Page_URL = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120102194807.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Apps] rundll32.exe "C:\Users\Wendy T. King\AppData\Local\Deployment\Apps\jdnvtd.dll",CreateInstance
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [updReg] C:\Windows\UpdReg.EXE
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [bDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\WENDYT~1.KIN\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP31-13320/webex/ieatgpc1.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{25EA6CBC-87DF-435B-AF6B-A89FBD288329} : DhcpNameServer = 192.168.0.5 192.168.0.4 192.168.0.3
TCP: Interfaces\{3AA05E63-30AC-42DB-A9D5-A0E8C230FE3B} : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{BA6BFF49-DDE4-4CCD-9024-7850AC7854EF} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{BA6BFF49-DDE4-4CCD-9024-7850AC7854EF}\05F4C4635383 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{BA6BFF49-DDE4-4CCD-9024-7850AC7854EF}\34F61436479667561405 : DhcpNameServer = 192.168.0.5 192.168.0.4 192.168.0.3
TCP: Interfaces\{BA6BFF49-DDE4-4CCD-9024-7850AC7854EF}\351435 : DhcpNameServer = 192.168.10.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120102194807.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun-x64: [updReg] C:\Windows\UpdReg.EXE
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun-x64: [bDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-8-13 98208]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-1-24 901184]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-1-24 991296]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2010-1-11 155648]
R2 L4301_Solar;Logitech Solar Keyboard Service;C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [2010-10-26 403536]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-18 654408]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-8-13 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-8-13 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-7-22 690472]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-13 2009704]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-8-13 1692480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-4-21 378472]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-8-25 2358656]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-13 2656280]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-1-24 1298496]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/08/13 09:15:57;C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-29 236016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 257224]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-8-13 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-8-13 79360]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-8-13 224704]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-6-16 340240]
S3 netvsc;netvsc;C:\Windows\system32\DRIVERS\netvsc60.sys --> C:\Windows\system32\DRIVERS\netvsc60.sys [?]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\system32\drivers\nvstusb.sys --> C:\Windows\system32\drivers\nvstusb.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-8-13 79360]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SynthVid;SynthVid;C:\Windows\system32\DRIVERS\VMBusVideoM.sys --> C:\Windows\system32\DRIVERS\VMBusVideoM.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-20 21:25:35 20480 ----a-w- C:\Windows\svchost.exe
2012-06-19 04:14:15 -------- d-----w- C:\Users\Wendy T. King\AppData\Roaming\Malwarebytes
2012-06-19 04:14:04 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-19 04:14:02 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-19 04:14:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-14 22:49:49 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-05 04:41:12 -------- d-----w- C:\zHOUSEHOLD
2012-06-05 01:01:24 -------- d-----w- C:\zWORKFIELD
2012-05-30 20:17:46 163048 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-30 19:58:07 -------- d-----w- C:\Program Files (x86)\Citrix
2012-05-30 19:57:55 60304 ----a-w- C:\Users\Wendy T. King\g2mdlhlpx.exe
.
==================== Find3M ====================
.
2012-06-15 05:59:13 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-15 05:59:13 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 22:49:13 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 14:41:02.34 ===============
Here is Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/19/2011 1:30:02 PM
System Uptime: 6/20/2012 2:24:15 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0K4H3G
Processor: Intel® Core i7-2630QM CPU @ 2.00GHz | CPU | 2001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 446 GiB total, 168.993 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&2509E9E7&0&02
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter #2
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&2509E9E7&0&02
Service: vwifimp
.
==== System Restore Points ===================
.
RP87: 5/22/2012 11:34:41 AM - Scheduled Checkpoint
RP88: 5/30/2012 3:07:14 PM - Scheduled Checkpoint
RP89: 6/5/2012 8:47:32 AM - Windows Update
RP90: 6/13/2012 7:01:28 AM - Scheduled Checkpoint
RP91: 6/14/2012 10:34:34 PM - Windows Update
RP92: 6/20/2012 2:46:11 AM - Restore Operation
.
==== Installed Programs ======================
.
AccelerometerP11
Adobe Acrobat X Standard - English, Français, Deutsch
Adobe AIR
Adobe Audition 1.5
Adobe Flash Player 11 ActiveX
Adobe Reader X MUI
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
Blio
Camtasia Studio 7
Consumer In-Home Service Agreement
Cozi
CyberLink PowerDVD 9.6
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell VideoStage
Dell Webcam Central
DirectX 9 Runtime
eBay
FileMaker Pro 11 Advanced
GoToMeeting 5.1.0.880
High-Definition Video Playback
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Internet Explorer
Java Auto Updater
Java 6 Update 29
Junk Mail filter update
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee SecurityCenter
Mesh Runtime
Messenger Companion
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Movie ThemePack Basic
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
NVIDIA Stereoscopic 3D Driver
PhotoShowExpress
PlayReady PC Runtime x86
QuickTime
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skype Toolbars
Skype™ 4.2
Sonic CinePlayer Decoder Pack
Sound Blaster X-Fi MB
SyncUP
TeamViewer 6
TrustedID
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
WB eScreeners
WebEx
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Detect
Zinio Reader 4
.
==== Event Viewer Messages From Past Week ========
.
6/20/2012 2:49:22 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
6/20/2012 2:31:30 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user XPS17_King\Wendy T. King SID (S-1-5-21-3792395675-2708013395-2015148367-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/20/2012 2:26:17 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/20/2012 2:25:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
6/20/2012 2:24:27 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
6/19/2012 12:45:28 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/19/2012 1:47:41 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
6/19/2012 1:47:41 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
6/18/2012 5:18:17 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{25EA6CBC-87DF-435B-AF6B-A89FBD288329} because another computer on the network has the same name. The server could not start.
6/17/2012 6:12:33 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={2040562B-6175-47FE-A9D8-69E7DB2CE3AB}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
6/17/2012 6:11:12 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={7D755CF2-EF77-434D-BEC0-DC90AEB30AC1}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
6/17/2012 6:09:37 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={6AEFF951-E2B6-4167-A337-57E743617EA5}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
6/17/2012 6:07:00 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={EC887FC9-82A3-41AC-873A-EF7CAAE8BCEE}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
6/17/2012 12:59:36 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user XPS17_King\Wendy T. King SID (S-1-5-21-3792395675-2708013395-2015148367-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/17/2012 12:59:36 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user XPS17_King\Wendy T. King SID (S-1-5-21-3792395675-2708013395-2015148367-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/13/2012 6:05:57 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={7B5859C2-C72D-4654-8963-7DB2374C9F39}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
4/4/2013 11:01:17 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
4/1/2013 4:48:30 PM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by -35247546 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.21:123) is working properly.
.
==== End Of File ===========================
-
Greetings:
I have the virus that plays music randomly. Also, when I google search and click on the results, the link takes me to places I have no intention of going. That was my first hint that I had a virus and then the music started playing. Malwarebytes detects the trojan and indicates that it has been removed but it returns after reboot. It's a saucy critter. I see that I am not the only person with this problem.
I have the 2 logs ready to send to you but I'm a little hesitant to post all that information. Can you assure me that posting that information will not compromise my computer or software licenses? Do you feel that the information on this site is mined in any way? Forgive me for being overly cautious. Probably not uncommon for people who have a virus.
Thank you for your assistance and guidance. I really appreciate being able to post here for help.
Wendy
trojan svchost.exe infection... the musical insect
in Resolved Malware Removal Logs
Posted
Greetings MrC:
Those two directories you mention were created by me on 6/4 or 6/5.
My computer appears to be performing. I'm not getting the randome musical insect. When I google something and click on the results it takes me to the website I expect to go to. That is a relief! The only odd thing that I have noticed is that when I mute the sound or increase or decrease the volume, I no longer get the display that shows me the level. Perhaps it is a display setting somewhere? I know it's trivial but it is something that is behaving differently and I haven't used the computer much yet so I'm not sure if it is an indication of something bigger.
Ran Malwarebytes and it didn't find anything!! Woo Hoo! here's the log.
Continued gratitude for your help.
Wendy
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.22.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Wendy T. King :: XPS17_KING [administrator]
Protection: Enabled
6/21/2012 8:41:24 PM
mbam-log-2012-06-21 (20-41-24).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230435
Time elapsed: 2 minute(s), 55 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)