Jump to content

jrod9

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Everything seems ok. Thanks for the assistance
  2. ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK
  3. ComboFix 12-07-19.02 - Jared 07/19/2012 23:21:32.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3765.2698 [GMT -4:00] Running from: c:\users\Jared\Downloads\ComboFix.exe Command switches used :: c:\users\Jared\Downloads\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 ))))))))))))))))))))))))))))))) . . 2012-07-20 03:26 . 2012-07-20 03:26 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2012-07-20 03:26 . 2012-07-20 03:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-19 00:55 . 2012-07-19 01:19 -------- d-----w- c:\program files (x86)\Free Download Manager 2012-07-18 00:44 . 2012-07-19 00:40 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-15 17:34 . 2012-07-15 17:34 -------- d-----w- c:\users\Jared\AppData\Roaming\Malwarebytes 2012-07-15 17:33 . 2012-07-15 17:33 -------- d-----w- c:\programdata\Malwarebytes 2012-07-15 17:33 . 2012-07-15 17:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-15 17:33 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-14 07:02 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys 2012-07-14 06:11 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll 2012-07-14 06:11 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll 2012-07-14 06:11 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-07-14 06:11 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-07-14 06:11 . 2012-06-09 05:30 14165504 ----a-w- c:\windows\system32\shell32.dll 2012-07-14 06:11 . 2012-06-02 05:37 459216 ----a-w- c:\windows\system32\drivers\cng.sys 2012-07-14 06:11 . 2012-06-02 05:27 340992 ----a-w- c:\windows\system32\schannel.dll 2012-07-14 06:11 . 2012-06-02 05:38 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-07-14 06:11 . 2012-06-02 05:38 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-07-14 06:11 . 2012-06-02 04:47 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-07-14 06:10 . 2012-06-02 04:48 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-07-14 06:10 . 2012-06-02 04:48 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-07-14 06:10 . 2012-06-02 04:42 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-07-14 06:10 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll 2012-07-13 02:02 . 2012-06-02 05:27 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-07-13 02:02 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-07-09 00:27 . 2012-07-14 07:00 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-07-05 15:14 . 2012-07-05 15:14 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information 2012-06-26 04:02 . 2012-07-19 01:12 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-06-24 13:23 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-24 13:23 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-24 13:23 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-24 13:23 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-24 13:23 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-24 13:23 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-24 13:23 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-24 13:22 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-24 13:22 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-21 23:22 . 2012-06-21 23:22 -------- d-----w- c:\windows\Sun 2012-06-21 00:49 . 2012-06-21 00:49 -------- d-----w- c:\users\Jared\AppData\Local\Macromedia 2012-06-21 00:47 . 2012-06-21 00:47 -------- d-----w- c:\users\Jared\AppData\Local\Mozilla 2012-06-21 00:46 . 2012-06-21 00:46 -------- d-----w- c:\users\Jared\AppData\Local\Wajam 2012-06-21 00:46 . 2012-06-24 14:13 -------- d-----w- c:\program files (x86)\Wajam 2012-06-21 00:46 . 2012-06-24 14:13 -------- d-----w- c:\program files (x86)\Playbryte 2012-06-21 00:30 . 2012-06-24 14:13 -------- d-----w- c:\program files (x86)\OApps 2012-06-21 00:30 . 2012-06-21 00:30 -------- d-----w- c:\users\Jared\AppData\Local\Google 2012-06-20 03:54 . 2012-02-22 17:29 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2012-06-20 03:54 . 2012-07-08 19:47 -------- d-----w- c:\program files (x86)\Common Files\McAfee 2012-06-20 03:54 . 2012-03-20 17:11 162192 ----a-w- c:\windows\system32\mfevtps.exe 2012-06-20 03:54 . 2012-02-22 17:29 75936 ----a-w- c:\windows\system32\drivers\mfenlfk.sys 2012-06-20 03:54 . 2012-02-22 17:29 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys 2012-06-20 03:54 . 2012-02-22 17:29 487296 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-06-20 03:54 . 2012-02-22 17:29 289664 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2012-06-20 03:54 . 2012-02-22 17:29 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-06-20 03:54 . 2012-02-22 17:29 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-06-20 03:53 . 2012-07-08 19:47 -------- d-----w- c:\program files\Common Files\McAfee 2012-06-20 03:53 . 2012-07-08 19:47 -------- d-----w- c:\program files\McAfee 2012-06-20 03:53 . 2012-07-08 19:47 -------- d-----w- c:\program files (x86)\McAfee . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-13 03:11 . 2012-06-07 23:41 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-13 03:11 . 2012-06-07 23:41 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-15 05:41 . 2012-06-07 02:26 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4E869A5D-8EDD-47E8-ADA2-6EE4A46A7C3B}\mpengine.dll 2012-05-15 03:56 . 2012-06-12 23:52 1197568 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 03:52 . 2012-06-12 23:52 64512 ----a-w- c:\windows\system32\jsproxy.dll 2012-05-15 03:08 . 2012-06-12 23:52 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-05-04 10:52 . 2012-06-12 23:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:08 . 2012-06-12 23:52 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:08 . 2012-06-12 23:52 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-02 05:32 . 2012-06-12 23:52 208896 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:50 . 2012-06-12 23:51 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:34 . 2012-06-12 23:52 76288 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:34 . 2012-06-12 23:52 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:28 . 2012-06-12 23:52 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:59 . 2012-06-12 23:51 1460224 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 05:59 . 2012-06-12 23:51 182272 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:59 . 2012-06-12 23:51 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 04:47 . 2012-06-12 23:51 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:47 . 2012-06-12 23:51 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-04-24 04:47 . 2012-06-12 23:51 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-07-19_01.13.08 ))))))))))))))))))))))))))))))))))))))))) . + 2010-06-03 03:06 . 2012-07-20 02:16 50958 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-07-20 02:16 31014 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2012-06-07 02:38 . 2012-07-20 02:25 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-06-07 02:38 . 2012-07-18 23:58 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-06-07 02:38 . 2012-07-20 02:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2012-06-07 02:38 . 2012-07-18 23:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-07-18 23:58 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-07-20 02:25 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-06-07 02:05 . 2012-07-19 01:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-06-07 02:05 . 2012-07-20 03:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-06-07 02:05 . 2012-07-19 01:13 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2012-06-07 02:05 . 2012-07-20 03:28 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2012-06-07 02:05 . 2012-07-20 03:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-06-07 02:05 . 2012-07-19 01:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-06-07 01:57 . 2012-07-20 03:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-06-07 01:57 . 2012-07-19 01:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-06-07 01:57 . 2012-07-20 03:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-06-07 01:57 . 2012-07-19 01:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-06-07 01:56 . 2012-07-20 02:16 9882 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3698203186-711613651-2785281450-1001_UserData.bin - 2012-07-19 01:12 . 2012-07-19 01:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-20 03:27 . 2012-07-20 03:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-07-19 01:12 . 2012-07-19 01:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-07-20 03:27 . 2012-07-20 03:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 04:54 . 2012-07-18 23:53 294912 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-07-20 03:27 294912 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 02:36 . 2012-07-20 02:19 624178 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-07-18 23:57 624178 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-07-20 02:19 106522 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-07-18 23:57 106522 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2012-07-19 01:11 264980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-07-20 03:27 264980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 04:54 . 2012-07-18 23:53 4259840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-07-20 03:27 4259840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-07-18 23:53 1359872 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-07-20 03:27 1359872 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 02:34 . 2012-07-19 00:04 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat + 2009-07-14 02:34 . 2012-07-20 02:27 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2011-01-13 165184] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 250056] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-06-03 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-06-03 79360] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe [x] R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-06-03 79360] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-07 1255736] R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-09-17 23912] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296] S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2009-11-13 74272] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2012-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 03:11] . . --------- X64 Entries ----------- . . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office10\EXCEL.EXE/3000 TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 FF - ProfilePath - . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe c:\windows\system32\DRIVERS\o2flash.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe c:\program files (x86)\Common Files\Java\Java Update\jusched.exe c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe . ************************************************************************** . Completion time: 2012-07-19 23:31:36 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-20 03:31 ComboFix2.txt 2012-07-19 01:16 . Pre-Run: 390,489,341,952 bytes free Post-Run: 390,422,036,480 bytes free . - - End Of File - - 06CC46AF671CF8A23867D0B819E87A8B
  4. here you go ComboFix 12-07-18.04 - Jared 07/18/2012 21:05:34.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3765.2386 [GMT -4:00] Running from: c:\users\Jared\Downloads\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Jared\Documents\ShopToWin . . ((((((((((((((((((((((((( Files Created from 2012-06-19 to 2012-07-19 ))))))))))))))))))))))))))))))) . . 2012-07-19 01:10 . 2012-07-19 01:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-19 00:55 . 2012-07-19 01:11 -------- d-----w- c:\users\Jared\AppData\Roaming\Free Download Manager 2012-07-19 00:55 . 2012-07-19 00:55 -------- d-----w- c:\program files (x86)\Free Download Manager 2012-07-19 00:47 . 2012-07-19 00:47 -------- d-----w- c:\users\Jared\AppData\Local\antiphishing-vmninternethelper1_1dn 2012-07-19 00:47 . 2012-07-19 01:13 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor 2012-07-19 00:47 . 2012-07-19 00:47 -------- d-----w- c:\program files (x86)\Yontoo 2012-07-19 00:46 . 2012-07-19 00:46 -------- d-----w- c:\program files (x86)\Funmoods 2012-07-18 00:44 . 2012-07-19 00:40 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-15 17:34 . 2012-07-15 17:34 -------- d-----w- c:\users\Jared\AppData\Roaming\Malwarebytes 2012-07-15 17:33 . 2012-07-15 17:33 -------- d-----w- c:\programdata\Malwarebytes 2012-07-15 17:33 . 2012-07-15 17:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-15 17:33 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-14 07:02 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys 2012-07-14 06:11 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll 2012-07-14 06:11 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll 2012-07-14 06:11 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-07-14 06:11 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-07-14 06:11 . 2012-06-09 05:30 14165504 ----a-w- c:\windows\system32\shell32.dll 2012-07-14 06:11 . 2012-06-02 05:37 459216 ----a-w- c:\windows\system32\drivers\cng.sys 2012-07-14 06:11 . 2012-06-02 05:27 340992 ----a-w- c:\windows\system32\schannel.dll 2012-07-14 06:11 . 2012-06-02 05:38 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-07-14 06:11 . 2012-06-02 05:38 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-07-14 06:11 . 2012-06-02 04:47 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-07-14 06:10 . 2012-06-02 04:48 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-07-14 06:10 . 2012-06-02 04:48 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-07-14 06:10 . 2012-06-02 04:42 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-07-14 06:10 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll 2012-07-13 02:02 . 2012-06-02 05:27 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-07-13 02:02 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-07-09 00:27 . 2012-07-14 07:00 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-07-05 15:14 . 2012-07-05 15:14 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information 2012-06-26 04:02 . 2012-07-19 01:12 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-06-24 13:23 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-24 13:23 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-24 13:23 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-24 13:23 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-24 13:23 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-24 13:23 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-24 13:23 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-24 13:22 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-24 13:22 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-21 23:22 . 2012-06-21 23:22 -------- d-----w- c:\windows\Sun 2012-06-21 00:49 . 2012-06-21 00:49 -------- d-----w- c:\users\Jared\AppData\Local\Macromedia 2012-06-21 00:47 . 2012-06-21 00:47 -------- d-----w- c:\users\Jared\AppData\Local\Mozilla 2012-06-21 00:46 . 2012-06-21 00:46 -------- d-----w- c:\users\Jared\AppData\Local\Wajam 2012-06-21 00:46 . 2012-06-24 14:13 -------- d-----w- c:\program files (x86)\Wajam 2012-06-21 00:46 . 2012-06-24 14:13 -------- d-----w- c:\program files (x86)\Playbryte 2012-06-21 00:30 . 2012-06-24 14:13 -------- d-----w- c:\program files (x86)\OApps 2012-06-21 00:30 . 2012-06-21 00:30 -------- d-----w- c:\users\Jared\AppData\Local\Google 2012-06-20 03:54 . 2012-02-22 17:29 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2012-06-20 03:54 . 2012-07-08 19:47 -------- d-----w- c:\program files (x86)\Common Files\McAfee 2012-06-20 03:54 . 2012-03-20 17:11 162192 ----a-w- c:\windows\system32\mfevtps.exe 2012-06-20 03:54 . 2012-02-22 17:29 75936 ----a-w- c:\windows\system32\drivers\mfenlfk.sys 2012-06-20 03:54 . 2012-02-22 17:29 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys 2012-06-20 03:54 . 2012-02-22 17:29 487296 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-06-20 03:54 . 2012-02-22 17:29 289664 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2012-06-20 03:54 . 2012-02-22 17:29 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-06-20 03:54 . 2012-02-22 17:29 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-06-20 03:53 . 2012-07-08 19:47 -------- d-----w- c:\program files\Common Files\McAfee 2012-06-20 03:53 . 2012-07-08 19:47 -------- d-----w- c:\program files\McAfee 2012-06-20 03:53 . 2012-07-08 19:47 -------- d-----w- c:\program files (x86)\McAfee . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-13 03:11 . 2012-06-07 23:41 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-13 03:11 . 2012-06-07 23:41 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-15 05:41 . 2012-06-07 02:26 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4E869A5D-8EDD-47E8-ADA2-6EE4A46A7C3B}\mpengine.dll 2012-05-15 03:56 . 2012-06-12 23:52 1197568 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 03:52 . 2012-06-12 23:52 64512 ----a-w- c:\windows\system32\jsproxy.dll 2012-05-15 03:08 . 2012-06-12 23:52 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-05-04 10:52 . 2012-06-12 23:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:08 . 2012-06-12 23:52 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:08 . 2012-06-12 23:52 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-02 05:32 . 2012-06-12 23:52 208896 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:50 . 2012-06-12 23:51 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:34 . 2012-06-12 23:52 76288 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:34 . 2012-06-12 23:52 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:28 . 2012-06-12 23:52 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:59 . 2012-06-12 23:51 1460224 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 05:59 . 2012-06-12 23:51 182272 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:59 . 2012-06-12 23:51 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 04:47 . 2012-06-12 23:51 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:47 . 2012-06-12 23:51 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-04-24 04:47 . 2012-06-12 23:51 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-20 06:25 . 2012-06-12 23:52 1501184 ----a-w- c:\windows\system32\urlmon.dll 2012-04-20 06:25 . 2012-06-12 23:52 134144 ----a-w- c:\windows\system32\url.dll 2012-04-20 06:23 . 2012-06-12 23:52 1026560 ----a-w- c:\windows\system32\mstime.dll 2012-04-20 06:22 . 2012-06-12 23:52 9373696 ----a-w- c:\windows\system32\mshtml.dll 2012-04-20 06:22 . 2012-06-12 23:52 97792 ----a-w- c:\windows\system32\mshtmled.dll 2012-04-20 06:22 . 2012-06-12 23:52 736256 ----a-w- c:\windows\system32\msfeeds.dll 2012-04-20 06:22 . 2012-06-12 23:52 82944 ----a-w- c:\windows\system32\msfeedsbs.dll 2012-04-20 06:22 . 2012-06-12 23:52 57856 ----a-w- c:\windows\system32\licmgr10.dll 2012-04-20 06:21 . 2012-06-12 23:52 2458624 ----a-w- c:\windows\system32\iertutil.dll 2012-04-20 06:21 . 2012-06-12 23:52 247808 ----a-w- c:\windows\system32\ieui.dll 2012-04-20 06:21 . 2012-06-12 23:52 12405760 ----a-w- c:\windows\system32\ieframe.dll 2012-04-20 06:21 . 2012-06-12 23:52 256000 ----a-w- c:\windows\system32\iepeers.dll 2012-04-20 06:21 . 2012-06-12 23:52 445952 ----a-w- c:\windows\system32\iedkcs32.dll 2012-04-20 06:18 . 2012-06-12 23:52 12288 ----a-w- c:\windows\system32\msfeedssync.exe 2012-04-20 05:05 . 2012-06-12 23:52 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-04-20 05:00 . 2012-06-12 23:52 482816 ----a-w- c:\windows\system32\html.iec 2012-04-20 04:15 . 2012-06-12 23:52 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-04-20 03:58 . 2012-06-12 23:52 386048 ----a-w- c:\windows\SysWow64\html.iec 2012-04-20 03:24 . 2012-06-12 23:52 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Free Download Manager"="c:\program files (x86)\Free Download Manager\fdm.exe" [2011-12-28 6148096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2011-01-13 165184] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 250056] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-06-03 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-06-03 79360] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe [x] R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-06-03 79360] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-07 1255736] R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-09-17 23912] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296] S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2009-11-13 74272] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2012-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 03:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://start.funmoods.com/?f=1&a=fmtoby&chnl=fmtoby&cd=2XzuyEtN2Y1L1QzuyBzz0EyEtDtD0AyEyE0D0D0A0EzzyBtDtN0D0Tzu0CtBtDtDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=134148710 mStart Page = hxxp://start.funmoods.com/?f=1&a=fmtoby&chnl=fmtoby&cd=2XzuyEtN2Y1L1QzuyBzz0EyEtDtD0AyEyE0D0D0A0EzzyBtDtN0D0Tzu0CtBtDtDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=134148710 mLocal Page = c:\windows\SysWOW64\blank.htm IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office10\EXCEL.EXE/3000 TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 FF - ProfilePath - . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe c:\windows\SysWOW64\rundll32.exe c:\windows\system32\DRIVERS\o2flash.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe c:\program files (x86)\Common Files\Java\Java Update\jusched.exe c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe c:\program files (x86)\Mozilla Firefox\firefox.exe . ************************************************************************** . Completion time: 2012-07-18 21:16:56 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-19 01:16 . Pre-Run: 389,715,324,928 bytes free Post-Run: 390,252,339,200 bytes free . - - End Of File - - D17EA91F99636993D8B1A04DE5DD91F5
  5. think i pasted the wrong log from MBAM Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.17.15 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Jared :: JARED-PC [administrator] Protection: Enabled 7/17/2012 11:00:21 PM mbam-log-2012-07-17 (23-00-21).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 210301 Time elapsed: 2 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  6. DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 Run by Jared at 21:06:54 on 2012-07-17 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3765.2499 [GMT -4:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Windows\system32\mfevtps.exe C:\Windows\system32\DRIVERS\o2flash.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Windows\system32\Dwm.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\system32\consent.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120708145959.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Shop to Win: {9f56a04a-4886-48f7-b8b2-376f30fc27df} - C:\Program Files (x86)\Shop to Win 3\Shop to Win 3.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office10\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{96906BF5-6CA7-4519-B5BA-FE422D2A72E0} : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{BCF4CFE2-39DA-4E0D-BA66-92732C159D12} : DhcpNameServer = 192.168.1.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll BHO-X64: Search Helper - No File BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120708145959.dll BHO-X64: scriptproxy - No File BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Shop to Win: {9F56A04A-4886-48F7-B8B2-376F30FC27DF} - C:\Program Files (x86)\Shop to Win 3\Shop to Win 3.dll BHO-X64: Freecause Shopping BHO - No File BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll BHO-X64: Yontoo Layers - No File TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Jared\AppData\Roaming\Mozilla\Firefox\Profiles\c37bex69.default\ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AESTFilters;Andrea ST Filters Service;C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-4-30 89600] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-15 655944] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-19 249936] R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-19 249936] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-19 249936] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-19 249936] R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-6-19 199272] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-6-19 210584] R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-6-2 705856] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?] R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?] R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?] R3 O2MDGRDR;O2MDGRDR;C:\Windows\system32\DRIVERS\o2mdgx64.sys --> C:\Windows\system32\DRIVERS\o2mdgx64.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-7 250056] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-6-2 79360] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-6-2 79360] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe [2012-7-1 113120] S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-6-2 79360] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-19 249936] . =============== Created Last 30 ================ . 2012-07-18 00:44:48 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-15 17:34:23 -------- d-----w- C:\Users\Jared\AppData\Roaming\Malwarebytes 2012-07-15 17:33:05 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-15 17:33:03 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-15 17:33:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-14 07:02:59 3147264 ----a-w- C:\Windows\System32\win32k.sys 2012-07-14 06:11:18 2003968 ----a-w- C:\Windows\System32\msxml6.dll 2012-07-14 06:11:18 1880064 ----a-w- C:\Windows\System32\msxml3.dll 2012-07-14 06:11:18 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-07-14 06:11:17 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-07-14 06:11:01 459216 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-07-14 06:11:01 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-07-14 06:11:00 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-07-14 06:11:00 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-07-14 06:11:00 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-07-14 06:10:59 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-07-14 06:10:58 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-07-14 06:10:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-07-14 06:10:43 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll 2012-07-13 02:02:39 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-07-13 02:02:32 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll 2012-07-09 00:37:46 -------- d-----w- C:\Windows\pss 2012-07-08 18:59:59 29312 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll 2012-06-26 04:02:29 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service 2012-06-24 13:23:20 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-24 13:23:12 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-24 13:22:56 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-24 13:22:56 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-21 00:49:09 -------- d-----w- C:\Users\Jared\AppData\Local\Macromedia 2012-06-21 00:47:49 -------- d-----w- C:\Users\Jared\AppData\Local\Mozilla 2012-06-21 00:46:12 -------- d-----w- C:\Users\Jared\AppData\Local\Wajam 2012-06-21 00:46:10 -------- d-----w- C:\Program Files (x86)\Wajam 2012-06-21 00:46:03 -------- d-----w- C:\Program Files (x86)\Playbryte 2012-06-21 00:30:57 -------- d-----w- C:\Program Files (x86)\OApps 2012-06-21 00:30:51 -------- d-----w- C:\Users\Jared\AppData\Local\Google 2012-06-20 03:54:59 -------- d-----w- C:\Program Files (x86)\McAfee.com 2012-06-20 03:54:49 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys 2012-06-20 03:54:48 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee 2012-06-20 03:54:09 162192 ----a-w- C:\Windows\System32\mfevtps.exe 2012-06-20 03:54:04 75936 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys 2012-06-20 03:54:04 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys 2012-06-20 03:54:04 487296 ----a-w- C:\Windows\System32\drivers\mfefirek.sys 2012-06-20 03:54:04 289664 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys 2012-06-20 03:54:04 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys 2012-06-20 03:54:04 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys 2012-06-20 03:53:46 -------- d-----w- C:\Program Files\Common Files\McAfee 2012-06-20 03:53:45 -------- d-----w- C:\Program Files\McAfee.com 2012-06-20 03:53:45 -------- d-----w- C:\Program Files\McAfee 2012-06-20 03:53:43 -------- d-----w- C:\Program Files (x86)\McAfee . ==================== Find3M ==================== . 2012-07-13 03:11:08 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-13 03:11:08 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-15 03:56:59 1197568 ----a-w- C:\Windows\System32\wininet.dll 2012-05-15 03:08:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 04:47:04 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:47:04 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-20 06:22:18 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2012-04-20 05:05:47 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2012-04-20 05:00:31 482816 ----a-w- C:\Windows\System32\html.iec 2012-04-20 04:15:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2012-04-20 03:58:07 386048 ----a-w- C:\Windows\SysWow64\html.iec 2012-04-20 03:24:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb . ============= FINISH: 21:07:53.77 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 6/6/2012 9:42:02 PM System Uptime: 7/17/2012 8:46:03 PM (1 hours ago) . Motherboard: Dell Inc. | | 029DYC Processor: Intel® Core™ i5 CPU M 430 @ 2.27GHz | U2E1 | 1178/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 451 GiB total, 357.526 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP22: 6/24/2012 9:22:31 AM - Windows Update RP23: 6/24/2012 9:41:47 AM - Restore Operation RP24: 7/1/2012 5:28:13 PM - Scheduled Checkpoint RP25: 7/8/2012 6:51:28 PM - Scheduled Checkpoint RP26: 7/8/2012 8:27:31 PM - Windows Update RP27: 7/11/2012 3:00:15 AM - Windows Update RP28: 7/13/2012 3:00:20 AM - Windows Update RP29: 7/14/2012 3:00:14 AM - Windows Update . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.1.2 Advanced Audio FX Engine Banctec Service Agreement Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Dock Dell Getting Started Guide Dell Support Center (Support Software) Dell Webcam Central GoToAssist 8.0.0.514 Intel® Graphics Media Accelerator Driver Java Auto Updater Java™ 6 Update 18 Junk Mail filter update Live! Cam Avatar Creator Malwarebytes Anti-Malware version 1.62.0.1300 McAfee Total Protection Microsoft Choice Guard Microsoft Office XP Media Content Microsoft Office XP Professional Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 Redistributable Mozilla Firefox 13.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT PowerDVD DX Roxio Burn SanDiskSecureAccess_Manager.exe Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Shop To Win Skype Toolbars Skype™ 4.1 Sound Blaster X-Fi MB Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) WildTangent Games Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer . ==== Event Viewer Messages From Past Week ======== . 7/14/2012 7:11:20 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. 7/14/2012 7:07:33 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004 . ==== End Of File ===========================
  7. 20:37:41.0662 6364 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11 20:37:42.0301 6364 ============================================================ 20:37:42.0301 6364 Current date / time: 2012/07/17 20:37:42.0301 20:37:42.0301 6364 SystemInfo: 20:37:42.0301 6364 20:37:42.0301 6364 OS Version: 6.1.7600 ServicePack: 0.0 20:37:42.0301 6364 Product type: Workstation 20:37:42.0301 6364 ComputerName: JARED-PC 20:37:42.0301 6364 UserName: Jared 20:37:42.0301 6364 Windows directory: C:\Windows 20:37:42.0301 6364 System windows directory: C:\Windows 20:37:42.0301 6364 Running under WOW64 20:37:42.0301 6364 Processor architecture: Intel x64 20:37:42.0301 6364 Number of processors: 4 20:37:42.0301 6364 Page size: 0x1000 20:37:42.0301 6364 Boot type: Normal boot 20:37:42.0301 6364 ============================================================ 20:37:43.0518 6364 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:37:43.0518 6364 ============================================================ 20:37:43.0518 6364 \Device\Harddisk0\DR0: 20:37:43.0518 6364 MBR partitions: 20:37:43.0518 6364 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000 20:37:43.0518 6364 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830 20:37:43.0518 6364 ============================================================ 20:37:43.0549 6364 C: <-> \Device\Harddisk0\DR0\Partition1 20:37:43.0549 6364 ============================================================ 20:37:43.0549 6364 Initialize success 20:37:43.0549 6364 ============================================================ 20:38:21.0270 6880 ============================================================ 20:38:21.0270 6880 Scan started 20:38:21.0270 6880 Mode: Manual; SigCheck; TDLFS; 20:38:21.0270 6880 ============================================================ 20:38:21.0957 6880 1394ohci (69aa89a20dee08bfa650aab6ce37bd10) C:\Windows\system32\DRIVERS\1394ohci.sys 20:38:22.0050 6880 1394ohci - ok 20:38:22.0082 6880 Acceler (c49c56b35bfc6cda8d1fdcad2885568f) C:\Windows\system32\DRIVERS\Acceler.sys 20:38:22.0097 6880 Acceler - ok 20:38:22.0128 6880 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 20:38:22.0144 6880 ACPI - ok 20:38:22.0160 6880 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 20:38:22.0206 6880 AcpiPmi - ok 20:38:22.0316 6880 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 20:38:22.0331 6880 AdobeFlashPlayerUpdateSvc - ok 20:38:22.0394 6880 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 20:38:22.0425 6880 adp94xx - ok 20:38:22.0440 6880 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 20:38:22.0472 6880 adpahci - ok 20:38:22.0487 6880 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 20:38:22.0518 6880 adpu320 - ok 20:38:22.0534 6880 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 20:38:22.0628 6880 AeLookupSvc - ok 20:38:22.0721 6880 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe 20:38:22.0846 6880 AESTFilters - ok 20:38:22.0908 6880 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys 20:38:22.0971 6880 AFD - ok 20:38:23.0002 6880 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 20:38:23.0018 6880 agp440 - ok 20:38:23.0049 6880 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 20:38:23.0080 6880 ALG - ok 20:38:23.0111 6880 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 20:38:23.0127 6880 aliide - ok 20:38:23.0127 6880 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 20:38:23.0142 6880 amdide - ok 20:38:23.0174 6880 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 20:38:23.0220 6880 AmdK8 - ok 20:38:23.0236 6880 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 20:38:23.0267 6880 AmdPPM - ok 20:38:23.0314 6880 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\DRIVERS\amdsata.sys 20:38:23.0330 6880 amdsata - ok 20:38:23.0345 6880 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 20:38:23.0361 6880 amdsbs - ok 20:38:23.0376 6880 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\DRIVERS\amdxata.sys 20:38:23.0392 6880 amdxata - ok 20:38:23.0423 6880 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 20:38:23.0486 6880 AppID - ok 20:38:23.0501 6880 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 20:38:23.0564 6880 AppIDSvc - ok 20:38:23.0595 6880 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll 20:38:23.0642 6880 Appinfo - ok 20:38:23.0657 6880 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 20:38:23.0673 6880 arc - ok 20:38:23.0688 6880 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 20:38:23.0704 6880 arcsas - ok 20:38:23.0720 6880 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 20:38:23.0782 6880 AsyncMac - ok 20:38:23.0798 6880 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 20:38:23.0813 6880 atapi - ok 20:38:23.0860 6880 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 20:38:23.0938 6880 AudioEndpointBuilder - ok 20:38:23.0938 6880 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 20:38:23.0985 6880 AudioSrv - ok 20:38:24.0016 6880 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll 20:38:24.0063 6880 AxInstSV - ok 20:38:24.0110 6880 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 20:38:24.0172 6880 b06bdrv - ok 20:38:24.0219 6880 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 20:38:24.0266 6880 b57nd60a - ok 20:38:24.0297 6880 BCM42RLY (5c0f919666954885d7760dffe4b29a25) C:\Windows\system32\drivers\BCM42RLY.sys 20:38:24.0312 6880 BCM42RLY - ok 20:38:24.0515 6880 BCM43XX (bab887a2b2786310a966881f074f4a99) C:\Windows\system32\DRIVERS\bcmwl664.sys 20:38:24.0609 6880 BCM43XX - ok 20:38:24.0718 6880 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 20:38:24.0765 6880 BDESVC - ok 20:38:24.0796 6880 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 20:38:24.0858 6880 Beep - ok 20:38:24.0936 6880 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll 20:38:25.0014 6880 BFE - ok 20:38:25.0077 6880 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll 20:38:25.0155 6880 BITS - ok 20:38:25.0202 6880 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 20:38:25.0233 6880 blbdrive - ok 20:38:25.0280 6880 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 20:38:25.0389 6880 bowser - ok 20:38:25.0498 6880 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 20:38:25.0545 6880 BrFiltLo - ok 20:38:25.0576 6880 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 20:38:25.0607 6880 BrFiltUp - ok 20:38:25.0638 6880 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll 20:38:25.0701 6880 Browser - ok 20:38:25.0732 6880 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 20:38:25.0763 6880 Brserid - ok 20:38:25.0794 6880 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 20:38:25.0826 6880 BrSerWdm - ok 20:38:25.0826 6880 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 20:38:25.0841 6880 BrUsbMdm - ok 20:38:25.0841 6880 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 20:38:25.0857 6880 BrUsbSer - ok 20:38:25.0888 6880 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 20:38:25.0919 6880 BTHMODEM - ok 20:38:25.0950 6880 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 20:38:25.0997 6880 bthserv - ok 20:38:26.0028 6880 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 20:38:26.0091 6880 cdfs - ok 20:38:26.0122 6880 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 20:38:26.0138 6880 cdrom - ok 20:38:26.0169 6880 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 20:38:26.0247 6880 CertPropSvc - ok 20:38:26.0325 6880 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys 20:38:26.0340 6880 cfwids - ok 20:38:26.0372 6880 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 20:38:26.0418 6880 circlass - ok 20:38:26.0465 6880 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 20:38:26.0496 6880 CLFS - ok 20:38:26.0543 6880 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:38:26.0574 6880 clr_optimization_v2.0.50727_32 - ok 20:38:26.0606 6880 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 20:38:26.0621 6880 clr_optimization_v2.0.50727_64 - ok 20:38:26.0699 6880 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:38:26.0730 6880 clr_optimization_v4.0.30319_32 - ok 20:38:26.0762 6880 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 20:38:26.0793 6880 clr_optimization_v4.0.30319_64 - ok 20:38:26.0824 6880 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 20:38:26.0855 6880 CmBatt - ok 20:38:26.0886 6880 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 20:38:26.0902 6880 cmdide - ok 20:38:26.0964 6880 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys 20:38:26.0996 6880 CNG - ok 20:38:27.0027 6880 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 20:38:27.0042 6880 Compbatt - ok 20:38:27.0058 6880 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 20:38:27.0105 6880 CompositeBus - ok 20:38:27.0120 6880 COMSysApp - ok 20:38:27.0120 6880 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 20:38:27.0136 6880 crcdisk - ok 20:38:27.0198 6880 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe 20:38:27.0276 6880 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning 20:38:27.0276 6880 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1) 20:38:27.0323 6880 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe 20:38:27.0417 6880 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning 20:38:27.0417 6880 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1) 20:38:27.0464 6880 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll 20:38:27.0557 6880 CryptSvc - ok 20:38:27.0604 6880 CTAudSvcService (07ba6d17e66879018b30b6c3f976ebed) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe 20:38:27.0760 6880 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning 20:38:27.0760 6880 CTAudSvcService - detected UnsignedFile.Multi.Generic (1) 20:38:27.0807 6880 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys 20:38:27.0854 6880 CtClsFlt - ok 20:38:27.0916 6880 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 20:38:27.0994 6880 DcomLaunch - ok 20:38:28.0056 6880 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 20:38:28.0134 6880 defragsvc - ok 20:38:28.0181 6880 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys 20:38:28.0244 6880 DfsC - ok 20:38:28.0290 6880 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll 20:38:28.0353 6880 Dhcp - ok 20:38:28.0368 6880 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 20:38:28.0446 6880 discache - ok 20:38:28.0493 6880 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 20:38:28.0509 6880 Disk - ok 20:38:28.0556 6880 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll 20:38:28.0618 6880 Dnscache - ok 20:38:28.0680 6880 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe 20:38:28.0727 6880 DockLoginService ( UnsignedFile.Multi.Generic ) - warning 20:38:28.0727 6880 DockLoginService - detected UnsignedFile.Multi.Generic (1) 20:38:28.0774 6880 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll 20:38:28.0836 6880 dot3svc - ok 20:38:28.0868 6880 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll 20:38:28.0930 6880 DPS - ok 20:38:28.0961 6880 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 20:38:28.0992 6880 drmkaud - ok 20:38:29.0055 6880 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys 20:38:29.0102 6880 DXGKrnl - ok 20:38:29.0117 6880 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 20:38:29.0195 6880 EapHost - ok 20:38:29.0382 6880 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 20:38:29.0460 6880 ebdrv - ok 20:38:29.0570 6880 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe 20:38:29.0616 6880 EFS - ok 20:38:29.0710 6880 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe 20:38:29.0850 6880 ehRecvr - ok 20:38:29.0866 6880 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 20:38:29.0897 6880 ehSched - ok 20:38:29.0975 6880 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 20:38:30.0022 6880 elxstor - ok 20:38:30.0022 6880 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 20:38:30.0069 6880 ErrDev - ok 20:38:30.0116 6880 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 20:38:30.0209 6880 EventSystem - ok 20:38:30.0225 6880 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 20:38:30.0287 6880 exfat - ok 20:38:30.0318 6880 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 20:38:30.0396 6880 fastfat - ok 20:38:30.0459 6880 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe 20:38:30.0552 6880 Fax - ok 20:38:30.0584 6880 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 20:38:30.0615 6880 fdc - ok 20:38:30.0630 6880 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 20:38:30.0708 6880 fdPHost - ok 20:38:30.0724 6880 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 20:38:30.0771 6880 FDResPub - ok 20:38:30.0786 6880 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 20:38:30.0802 6880 FileInfo - ok 20:38:30.0802 6880 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 20:38:30.0864 6880 Filetrace - ok 20:38:30.0880 6880 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 20:38:30.0896 6880 flpydisk - ok 20:38:30.0927 6880 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 20:38:30.0942 6880 FltMgr - ok 20:38:31.0020 6880 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll 20:38:31.0114 6880 FontCache - ok 20:38:31.0176 6880 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 20:38:31.0192 6880 FontCache3.0.0.0 - ok 20:38:31.0239 6880 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 20:38:31.0270 6880 FsDepends - ok 20:38:31.0286 6880 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys 20:38:31.0348 6880 Fs_Rec - ok 20:38:31.0395 6880 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 20:38:31.0442 6880 fvevol - ok 20:38:31.0488 6880 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 20:38:31.0520 6880 gagp30kx - ok 20:38:31.0566 6880 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe 20:38:31.0598 6880 GameConsoleService - ok 20:38:31.0629 6880 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe 20:38:31.0660 6880 GoToAssist - ok 20:38:31.0722 6880 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll 20:38:31.0785 6880 gpsvc - ok 20:38:31.0800 6880 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 20:38:31.0847 6880 hcw85cir - ok 20:38:31.0878 6880 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 20:38:31.0925 6880 HDAudBus - ok 20:38:31.0972 6880 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 20:38:31.0988 6880 HECIx64 - ok 20:38:32.0019 6880 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 20:38:32.0066 6880 HidBatt - ok 20:38:32.0081 6880 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 20:38:32.0128 6880 HidBth - ok 20:38:32.0144 6880 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 20:38:32.0190 6880 HidIr - ok 20:38:32.0206 6880 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 20:38:32.0284 6880 hidserv - ok 20:38:32.0300 6880 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 20:38:32.0315 6880 HidUsb - ok 20:38:32.0346 6880 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll 20:38:32.0409 6880 hkmsvc - ok 20:38:32.0440 6880 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll 20:38:32.0502 6880 HomeGroupListener - ok 20:38:32.0534 6880 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll 20:38:32.0565 6880 HomeGroupProvider - ok 20:38:32.0612 6880 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 20:38:32.0643 6880 HpSAMD - ok 20:38:32.0705 6880 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 20:38:32.0783 6880 HTTP - ok 20:38:32.0783 6880 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 20:38:32.0799 6880 hwpolicy - ok 20:38:32.0830 6880 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 20:38:32.0846 6880 i8042prt - ok 20:38:32.0908 6880 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\DRIVERS\iaStorV.sys 20:38:32.0939 6880 iaStorV - ok 20:38:33.0048 6880 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 20:38:33.0095 6880 idsvc - ok 20:38:33.0672 6880 igfx (09ce164afa8483e41808784d7fca154e) C:\Windows\system32\DRIVERS\igdkmd64.sys 20:38:33.0891 6880 igfx - ok 20:38:33.0984 6880 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 20:38:34.0016 6880 iirsp - ok 20:38:34.0094 6880 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll 20:38:34.0187 6880 IKEEXT - ok 20:38:34.0218 6880 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys 20:38:34.0281 6880 Impcd - ok 20:38:34.0312 6880 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys 20:38:34.0359 6880 IntcDAud - ok 20:38:34.0374 6880 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 20:38:34.0390 6880 intelide - ok 20:38:34.0421 6880 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 20:38:34.0452 6880 intelppm - ok 20:38:34.0484 6880 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 20:38:34.0562 6880 IPBusEnum - ok 20:38:34.0577 6880 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:38:34.0655 6880 IpFilterDriver - ok 20:38:34.0702 6880 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll 20:38:34.0764 6880 iphlpsvc - ok 20:38:34.0796 6880 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 20:38:34.0811 6880 IPMIDRV - ok 20:38:34.0827 6880 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 20:38:34.0889 6880 IPNAT - ok 20:38:34.0905 6880 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 20:38:34.0920 6880 IRENUM - ok 20:38:34.0936 6880 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 20:38:34.0952 6880 isapnp - ok 20:38:34.0967 6880 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 20:38:34.0998 6880 iScsiPrt - ok 20:38:35.0030 6880 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 20:38:35.0061 6880 kbdclass - ok 20:38:35.0092 6880 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 20:38:35.0123 6880 kbdhid - ok 20:38:35.0154 6880 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 20:38:35.0186 6880 KeyIso - ok 20:38:35.0217 6880 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys 20:38:35.0232 6880 KSecDD - ok 20:38:35.0264 6880 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys 20:38:35.0279 6880 KSecPkg - ok 20:38:35.0295 6880 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 20:38:35.0342 6880 ksthunk - ok 20:38:35.0388 6880 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 20:38:35.0451 6880 KtmRm - ok 20:38:35.0498 6880 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll 20:38:35.0560 6880 LanmanServer - ok 20:38:35.0763 6880 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll 20:38:35.0810 6880 LanmanWorkstation - ok 20:38:35.0841 6880 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 20:38:35.0888 6880 lltdio - ok 20:38:35.0934 6880 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 20:38:36.0012 6880 lltdsvc - ok 20:38:36.0028 6880 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 20:38:36.0075 6880 lmhosts - ok 20:38:36.0122 6880 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 20:38:36.0153 6880 LSI_FC - ok 20:38:36.0168 6880 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 20:38:36.0184 6880 LSI_SAS - ok 20:38:36.0184 6880 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 20:38:36.0200 6880 LSI_SAS2 - ok 20:38:36.0215 6880 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 20:38:36.0231 6880 LSI_SCSI - ok 20:38:36.0262 6880 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 20:38:36.0309 6880 luafv - ok 20:38:36.0356 6880 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys 20:38:36.0371 6880 MBAMProtector - ok 20:38:36.0480 6880 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 20:38:36.0512 6880 MBAMService - ok 20:38:36.0621 6880 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 20:38:36.0652 6880 McAfee SiteAdvisor Service - ok 20:38:36.0652 6880 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 20:38:36.0668 6880 McMPFSvc - ok 20:38:36.0699 6880 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 20:38:36.0714 6880 mcmscsvc - ok 20:38:36.0714 6880 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 20:38:36.0730 6880 McNaiAnn - ok 20:38:36.0746 6880 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 20:38:36.0761 6880 McNASvc - ok 20:38:36.0824 6880 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\McAfee\VirusScan\mcods.exe 20:38:36.0855 6880 McODS - ok 20:38:36.0870 6880 McOobeSv (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 20:38:36.0886 6880 McOobeSv - ok 20:38:36.0902 6880 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 20:38:36.0902 6880 McProxy - ok 20:38:36.0948 6880 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe 20:38:37.0011 6880 McShield - ok 20:38:37.0104 6880 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll 20:38:37.0151 6880 Mcx2Svc - ok 20:38:37.0182 6880 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 20:38:37.0214 6880 megasas - ok 20:38:37.0245 6880 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 20:38:37.0276 6880 MegaSR - ok 20:38:37.0307 6880 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys 20:38:37.0323 6880 mfeapfk - ok 20:38:37.0401 6880 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys 20:38:37.0432 6880 mfeavfk - ok 20:38:37.0432 6880 mfeavfk01 - ok 20:38:37.0479 6880 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe 20:38:37.0557 6880 mfefire - ok 20:38:37.0588 6880 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys 20:38:37.0619 6880 mfefirek - ok 20:38:37.0682 6880 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys 20:38:37.0713 6880 mfehidk - ok 20:38:37.0728 6880 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys 20:38:37.0744 6880 mfenlfk - ok 20:38:37.0760 6880 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys 20:38:37.0775 6880 mferkdet - ok 20:38:37.0791 6880 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe 20:38:37.0806 6880 mfevtp - ok 20:38:37.0838 6880 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys 20:38:37.0853 6880 mfewfpk - ok 20:38:37.0869 6880 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 20:38:37.0962 6880 MMCSS - ok 20:38:37.0994 6880 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 20:38:38.0056 6880 Modem - ok 20:38:38.0087 6880 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 20:38:38.0118 6880 monitor - ok 20:38:38.0150 6880 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 20:38:38.0165 6880 mouclass - ok 20:38:38.0196 6880 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 20:38:38.0212 6880 mouhid - ok 20:38:38.0228 6880 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 20:38:38.0243 6880 mountmgr - ok 20:38:38.0337 6880 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe 20:38:38.0352 6880 MozillaMaintenance - ok 20:38:38.0384 6880 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 20:38:38.0399 6880 mpio - ok 20:38:38.0415 6880 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 20:38:38.0462 6880 mpsdrv - ok 20:38:38.0524 6880 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll 20:38:38.0586 6880 MpsSvc - ok 20:38:38.0618 6880 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 20:38:38.0649 6880 MRxDAV - ok 20:38:38.0680 6880 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys 20:38:38.0727 6880 mrxsmb - ok 20:38:38.0758 6880 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:38:38.0789 6880 mrxsmb10 - ok 20:38:38.0820 6880 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:38:38.0852 6880 mrxsmb20 - ok 20:38:38.0867 6880 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys 20:38:38.0898 6880 msahci - ok 20:38:38.0914 6880 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 20:38:38.0930 6880 msdsm - ok 20:38:38.0961 6880 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 20:38:38.0976 6880 MSDTC - ok 20:38:38.0992 6880 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 20:38:39.0039 6880 Msfs - ok 20:38:39.0054 6880 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 20:38:39.0101 6880 mshidkmdf - ok 20:38:39.0117 6880 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 20:38:39.0132 6880 msisadrv - ok 20:38:39.0179 6880 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 20:38:39.0257 6880 MSiSCSI - ok 20:38:39.0257 6880 msiserver - ok 20:38:39.0382 6880 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 20:38:39.0413 6880 MSK80Service - ok 20:38:39.0429 6880 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 20:38:39.0507 6880 MSKSSRV - ok 20:38:39.0507 6880 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 20:38:39.0554 6880 MSPCLOCK - ok 20:38:39.0554 6880 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 20:38:39.0600 6880 MSPQM - ok 20:38:39.0632 6880 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 20:38:39.0663 6880 MsRPC - ok 20:38:39.0678 6880 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 20:38:39.0694 6880 mssmbios - ok 20:38:39.0694 6880 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 20:38:39.0756 6880 MSTEE - ok 20:38:39.0772 6880 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 20:38:39.0803 6880 MTConfig - ok 20:38:39.0819 6880 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 20:38:39.0850 6880 Mup - ok 20:38:39.0897 6880 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll 20:38:39.0959 6880 napagent - ok 20:38:39.0990 6880 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 20:38:40.0053 6880 NativeWifiP - ok 20:38:40.0131 6880 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 20:38:40.0162 6880 NDIS - ok 20:38:40.0209 6880 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 20:38:40.0271 6880 NdisCap - ok 20:38:40.0302 6880 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 20:38:40.0334 6880 NdisTapi - ok 20:38:40.0349 6880 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 20:38:40.0396 6880 Ndisuio - ok 20:38:40.0427 6880 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 20:38:40.0474 6880 NdisWan - ok 20:38:40.0490 6880 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 20:38:40.0521 6880 NDProxy - ok 20:38:40.0536 6880 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 20:38:40.0583 6880 NetBIOS - ok 20:38:40.0630 6880 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 20:38:40.0692 6880 NetBT - ok 20:38:40.0724 6880 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 20:38:40.0755 6880 Netlogon - ok 20:38:40.0833 6880 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 20:38:40.0895 6880 Netman - ok 20:38:40.0926 6880 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 20:38:41.0004 6880 netprofm - ok 20:38:41.0067 6880 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:38:41.0098 6880 NetTcpPortSharing - ok 20:38:41.0145 6880 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 20:38:41.0176 6880 nfrd960 - ok 20:38:41.0207 6880 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll 20:38:41.0254 6880 NlaSvc - ok 20:38:41.0270 6880 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 20:38:41.0348 6880 Npfs - ok 20:38:41.0363 6880 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 20:38:41.0394 6880 nsi - ok 20:38:41.0410 6880 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 20:38:41.0457 6880 nsiproxy - ok 20:38:41.0582 6880 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys 20:38:41.0628 6880 Ntfs - ok 20:38:41.0706 6880 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 20:38:41.0784 6880 Null - ok 20:38:41.0831 6880 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\DRIVERS\nvraid.sys 20:38:41.0862 6880 nvraid - ok 20:38:41.0894 6880 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\DRIVERS\nvstor.sys 20:38:41.0909 6880 nvstor - ok 20:38:41.0956 6880 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 20:38:41.0972 6880 nv_agp - ok 20:38:42.0018 6880 O2FLASH (d955d5de998db2476bf0892be3a96c26) C:\Windows\system32\DRIVERS\o2flash.exe 20:38:42.0065 6880 O2FLASH - ok 20:38:42.0081 6880 O2MDGRDR (8c2953537ca19dfaa67d612407e0f33e) C:\Windows\system32\DRIVERS\o2mdgx64.sys 20:38:42.0096 6880 O2MDGRDR - ok 20:38:42.0112 6880 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 20:38:42.0159 6880 ohci1394 - ok 20:38:42.0206 6880 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 20:38:42.0268 6880 p2pimsvc - ok 20:38:42.0315 6880 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 20:38:42.0362 6880 p2psvc - ok 20:38:42.0377 6880 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 20:38:42.0393 6880 Parport - ok 20:38:42.0424 6880 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys 20:38:42.0440 6880 partmgr - ok 20:38:42.0471 6880 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 20:38:42.0518 6880 PcaSvc - ok 20:38:42.0564 6880 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 20:38:42.0596 6880 pci - ok 20:38:42.0596 6880 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 20:38:42.0611 6880 pciide - ok 20:38:42.0642 6880 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 20:38:42.0658 6880 pcmcia - ok 20:38:42.0674 6880 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 20:38:42.0689 6880 pcw - ok 20:38:42.0736 6880 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 20:38:42.0814 6880 PEAUTH - ok 20:38:42.0892 6880 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 20:38:42.0923 6880 PerfHost - ok 20:38:43.0048 6880 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll 20:38:43.0126 6880 pla - ok 20:38:43.0188 6880 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll 20:38:43.0235 6880 PlugPlay - ok 20:38:43.0235 6880 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 20:38:43.0266 6880 PNRPAutoReg - ok 20:38:43.0313 6880 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 20:38:43.0344 6880 PNRPsvc - ok 20:38:43.0391 6880 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll 20:38:43.0485 6880 PolicyAgent - ok 20:38:43.0516 6880 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 20:38:43.0547 6880 Power - ok 20:38:43.0610 6880 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 20:38:43.0656 6880 PptpMiniport - ok 20:38:43.0672 6880 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 20:38:43.0703 6880 Processor - ok 20:38:43.0734 6880 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll 20:38:43.0797 6880 ProfSvc - ok 20:38:43.0828 6880 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 20:38:43.0844 6880 ProtectedStorage - ok 20:38:43.0875 6880 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 20:38:43.0937 6880 Psched - ok 20:38:43.0953 6880 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys 20:38:43.0984 6880 PxHlpa64 - ok 20:38:44.0078 6880 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 20:38:44.0156 6880 ql2300 - ok 20:38:44.0280 6880 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 20:38:44.0296 6880 ql40xx - ok 20:38:44.0343 6880 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 20:38:44.0374 6880 QWAVE - ok 20:38:44.0374 6880 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 20:38:44.0421 6880 QWAVEdrv - ok 20:38:44.0421 6880 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 20:38:44.0468 6880 RasAcd - ok 20:38:44.0499 6880 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 20:38:44.0561 6880 RasAgileVpn - ok 20:38:44.0577 6880 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 20:38:44.0624 6880 RasAuto - ok 20:38:44.0655 6880 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 20:38:44.0686 6880 Rasl2tp - ok 20:38:44.0733 6880 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll 20:38:44.0826 6880 RasMan - ok 20:38:44.0842 6880 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 20:38:44.0920 6880 RasPppoe - ok 20:38:44.0936 6880 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 20:38:45.0014 6880 RasSstp - ok 20:38:45.0045 6880 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 20:38:45.0092 6880 rdbss - ok 20:38:45.0107 6880 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 20:38:45.0138 6880 rdpbus - ok 20:38:45.0154 6880 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 20:38:45.0185 6880 RDPCDD - ok 20:38:45.0216 6880 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 20:38:45.0248 6880 RDPENCDD - ok 20:38:45.0263 6880 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 20:38:45.0310 6880 RDPREFMP - ok 20:38:45.0357 6880 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys 20:38:45.0419 6880 RDPWD - ok 20:38:45.0450 6880 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 20:38:45.0466 6880 rdyboost - ok 20:38:45.0497 6880 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 20:38:45.0591 6880 RemoteAccess - ok 20:38:45.0638 6880 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 20:38:45.0684 6880 RemoteRegistry - ok 20:38:45.0716 6880 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 20:38:45.0762 6880 RpcEptMapper - ok 20:38:45.0794 6880 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 20:38:45.0840 6880 RpcLocator - ok 20:38:45.0887 6880 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 20:38:45.0934 6880 RpcSs - ok 20:38:45.0950 6880 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 20:38:46.0028 6880 rspndr - ok 20:38:46.0074 6880 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys 20:38:46.0121 6880 RTL8167 - ok 20:38:46.0152 6880 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 20:38:46.0168 6880 SamSs - ok 20:38:46.0199 6880 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 20:38:46.0230 6880 sbp2port - ok 20:38:46.0262 6880 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 20:38:46.0340 6880 SCardSvr - ok 20:38:46.0371 6880 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 20:38:46.0418 6880 scfilter - ok 20:38:46.0511 6880 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll 20:38:46.0636 6880 Schedule - ok 20:38:46.0667 6880 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 20:38:46.0698 6880 SCPolicySvc - ok 20:38:46.0745 6880 sdbus (84e00908975faf79e91282ed8fb88c2f) C:\Windows\system32\DRIVERS\sdbus.sys 20:38:46.0776 6880 sdbus - ok 20:38:46.0792 6880 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll 20:38:46.0839 6880 SDRSVC - ok 20:38:46.0917 6880 SeaPort (d358e077a0a05d9b12da22d137ee8464) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 20:38:46.0932 6880 SeaPort - ok 20:38:46.0948 6880 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 20:38:47.0010 6880 secdrv - ok 20:38:47.0042 6880 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll 20:38:47.0120 6880 seclogon - ok 20:38:47.0151 6880 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 20:38:47.0198 6880 SENS - ok 20:38:47.0213 6880 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 20:38:47.0244 6880 SensrSvc - ok 20:38:47.0276 6880 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 20:38:47.0276 6880 Serenum - ok 20:38:47.0322 6880 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 20:38:47.0338 6880 Serial - ok 20:38:47.0338 6880 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 20:38:47.0369 6880 sermouse - ok 20:38:47.0400 6880 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll 20:38:47.0447 6880 SessionEnv - ok 20:38:47.0447 6880 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 20:38:47.0478 6880 sffdisk - ok 20:38:47.0494 6880 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 20:38:47.0541 6880 sffp_mmc - ok 20:38:47.0541 6880 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys 20:38:47.0556 6880 sffp_sd - ok 20:38:47.0556 6880 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 20:38:47.0572 6880 sfloppy - ok 20:38:47.0650 6880 SftService (38f88f0df46c4d42125ef721abd7f6b9) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE 20:38:47.0666 6880 SftService - ok 20:38:47.0697 6880 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 20:38:47.0775 6880 SharedAccess - ok 20:38:47.0806 6880 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll 20:38:47.0868 6880 ShellHWDetection - ok 20:38:47.0915 6880 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 20:38:47.0931 6880 SiSRaid2 - ok 20:38:47.0946 6880 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 20:38:47.0962 6880 SiSRaid4 - ok 20:38:47.0993 6880 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 20:38:48.0071 6880 Smb - ok 20:38:48.0102 6880 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 20:38:48.0134 6880 SNMPTRAP - ok 20:38:48.0212 6880 Sound Blaster X-Fi MB Licensing Service (9b24dca429f819db314f30ee4c6c80fd) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe 20:38:48.0274 6880 Sound Blaster X-Fi MB Licensing Service ( UnsignedFile.Multi.Generic ) - warning 20:38:48.0274 6880 Sound Blaster X-Fi MB Licensing Service - detected UnsignedFile.Multi.Generic (1) 20:38:48.0274 6880 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 20:38:48.0290 6880 spldr - ok 20:38:48.0336 6880 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe 20:38:48.0477 6880 Spooler - ok 20:38:48.0648 6880 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe 20:38:48.0695 6880 sppsvc - ok 20:38:48.0789 6880 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 20:38:48.0851 6880 sppuinotify - ok 20:38:48.0914 6880 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe 20:38:48.0929 6880 sprtsvc_DellSupportCenter - ok 20:38:48.0992 6880 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys 20:38:49.0070 6880 srv - ok 20:38:49.0101 6880 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys 20:38:49.0132 6880 srv2 - ok 20:38:49.0163 6880 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys 20:38:49.0194 6880 srvnet - ok 20:38:49.0226 6880 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 20:38:49.0319 6880 SSDPSRV - ok 20:38:49.0335 6880 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 20:38:49.0382 6880 SstpSvc - ok 20:38:49.0475 6880 STacSV (da7702025dfd169b909c4da3126762cc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe 20:38:49.0553 6880 STacSV - ok 20:38:49.0584 6880 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 20:38:49.0600 6880 stexstor - ok 20:38:49.0647 6880 STHDA (caf5a9708671b14b9670260735b22c4e) C:\Windows\system32\DRIVERS\stwrt64.sys 20:38:49.0678 6880 STHDA - ok 20:38:49.0740 6880 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll 20:38:49.0787 6880 stisvc - ok 20:38:49.0803 6880 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 20:38:49.0818 6880 swenum - ok 20:38:49.0865 6880 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 20:38:49.0928 6880 swprv - ok 20:38:49.0959 6880 SynTP (39d4b4343ba70e4b32c4531bd075b9f6) C:\Windows\system32\DRIVERS\SynTP.sys 20:38:49.0990 6880 SynTP - ok 20:38:50.0099 6880 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll 20:38:50.0162 6880 SysMain - ok 20:38:50.0240 6880 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll 20:38:50.0286 6880 TabletInputService - ok 20:38:50.0318 6880 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll 20:38:50.0396 6880 TapiSrv - ok 20:38:50.0411 6880 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 20:38:50.0474 6880 TBS - ok 20:38:50.0614 6880 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys 20:38:50.0676 6880 Tcpip - ok 20:38:50.0864 6880 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys 20:38:50.0910 6880 TCPIP6 - ok 20:38:51.0004 6880 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 20:38:51.0066 6880 tcpipreg - ok 20:38:51.0082 6880 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 20:38:51.0129 6880 TDPIPE - ok 20:38:51.0160 6880 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys 20:38:51.0222 6880 TDTCP - ok 20:38:51.0238 6880 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 20:38:51.0316 6880 tdx - ok 20:38:51.0332 6880 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 20:38:51.0347 6880 TermDD - ok 20:38:51.0410 6880 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll 20:38:51.0472 6880 TermService - ok 20:38:51.0488 6880 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 20:38:51.0503 6880 Themes - ok 20:38:51.0534 6880 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 20:38:51.0581 6880 THREADORDER - ok 20:38:51.0597 6880 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 20:38:51.0644 6880 TrkWks - ok 20:38:51.0690 6880 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe 20:38:51.0722 6880 TrustedInstaller - ok 20:38:51.0737 6880 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 20:38:51.0768 6880 tssecsrv - ok 20:38:51.0800 6880 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 20:38:51.0878 6880 tunnel - ok 20:38:51.0893 6880 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys 20:38:51.0909 6880 TurboB - ok 20:38:51.0924 6880 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 20:38:51.0940 6880 uagp35 - ok 20:38:51.0971 6880 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys 20:38:52.0002 6880 udfs - ok 20:38:52.0034 6880 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 20:38:52.0065 6880 UI0Detect - ok 20:38:52.0080 6880 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 20:38:52.0096 6880 uliagpkx - ok 20:38:52.0127 6880 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 20:38:52.0158 6880 umbus - ok 20:38:52.0174 6880 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 20:38:52.0190 6880 UmPass - ok 20:38:52.0252 6880 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 20:38:52.0330 6880 upnphost - ok 20:38:52.0377 6880 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys 20:38:52.0408 6880 usbccgp - ok 20:38:52.0455 6880 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 20:38:52.0486 6880 usbcir - ok 20:38:52.0517 6880 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys 20:38:52.0548 6880 usbehci - ok 20:38:52.0580 6880 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys 20:38:52.0611 6880 usbhub - ok 20:38:52.0626 6880 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\DRIVERS\usbohci.sys 20:38:52.0658 6880 usbohci - ok 20:38:52.0673 6880 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 20:38:52.0720 6880 usbprint - ok 20:38:52.0751 6880 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:38:52.0814 6880 USBSTOR - ok 20:38:52.0829 6880 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\DRIVERS\usbuhci.sys 20:38:52.0845 6880 usbuhci - ok 20:38:52.0892 6880 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys 20:38:52.0938 6880 usbvideo - ok 20:38:52.0970 6880 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 20:38:53.0016 6880 UxSms - ok 20:38:53.0048 6880 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 20:38:53.0063 6880 VaultSvc - ok 20:38:53.0079 6880 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 20:38:53.0110 6880 vdrvroot - ok 20:38:53.0157 6880 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe 20:38:53.0172 6880 vds - ok 20:38:53.0188 6880 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 20:38:53.0204 6880 vga - ok 20:38:53.0219 6880 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 20:38:53.0282 6880 VgaSave - ok 20:38:53.0313 6880 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 20:38:53.0328 6880 vhdmp - ok 20:38:53.0344 6880 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 20:38:53.0360 6880 viaide - ok 20:38:53.0375 6880 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 20:38:53.0391 6880 volmgr - ok 20:38:53.0422 6880 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 20:38:53.0438 6880 volmgrx - ok 20:38:53.0500 6880 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 20:38:53.0516 6880 volsnap - ok 20:38:53.0547 6880 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 20:38:53.0562 6880 vsmraid - ok 20:38:53.0672 6880 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe 20:38:53.0734 6880 VSS - ok 20:38:53.0828 6880 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 20:38:53.0859 6880 vwifibus - ok 20:38:53.0874 6880 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 20:38:53.0890 6880 vwififlt - ok 20:38:53.0921 6880 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 20:38:53.0952 6880 vwifimp - ok 20:38:53.0984 6880 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 20:38:54.0046 6880 W32Time - ok 20:38:54.0077 6880 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 20:38:54.0093 6880 WacomPen - ok 20:38:54.0124 6880 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 20:38:54.0155 6880 WANARP - ok 20:38:54.0155 6880 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 20:38:54.0202 6880 Wanarpv6 - ok 20:38:54.0311 6880 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 20:38:54.0405 6880 WatAdminSvc - ok 20:38:54.0514 6880 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe 20:38:54.0608 6880 wbengine - ok 20:38:54.0701 6880 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 20:38:54.0748 6880 WbioSrvc - ok 20:38:54.0779 6880 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll 20:38:54.0857 6880 wcncsvc - ok 20:38:54.0873 6880 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 20:38:54.0920 6880 WcsPlugInService - ok 20:38:54.0951 6880 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 20:38:54.0982 6880 Wd - ok 20:38:55.0029 6880 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 20:38:55.0076 6880 Wdf01000 - ok 20:38:55.0091 6880 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 20:38:55.0122 6880 WdiServiceHost - ok 20:38:55.0122 6880 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 20:38:55.0154 6880 WdiSystemHost - ok 20:38:55.0185 6880 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll 20:38:55.0263 6880 WebClient - ok 20:38:55.0310 6880 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 20:38:55.0403 6880 Wecsvc - ok 20:38:55.0419 6880 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 20:38:55.0450 6880 wercplsupport - ok 20:38:55.0481 6880 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 20:38:55.0512 6880 WerSvc - ok 20:38:55.0575 6880 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 20:38:55.0653 6880 WfpLwf - ok 20:38:55.0684 6880 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys 20:38:55.0700 6880 WimFltr - ok 20:38:55.0715 6880 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 20:38:55.0731 6880 WIMMount - ok 20:38:55.0778 6880 WinDefend - ok 20:38:55.0778 6880 WinHttpAutoProxySvc - ok 20:38:55.0840 6880 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 20:38:55.0902 6880 Winmgmt - ok 20:38:56.0027 6880 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll 20:38:56.0121 6880 WinRM - ok 20:38:56.0246 6880 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys 20:38:56.0277 6880 WinUsb - ok 20:38:56.0339 6880 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 20:38:56.0386 6880 Wlansvc - ok 20:38:56.0433 6880 wltrysvc (a96d6c0613dcf84f2d07faeb75663072) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE 20:38:56.0433 6880 wltrysvc ( UnsignedFile.Multi.Generic ) - warning 20:38:56.0433 6880 wltrysvc - detected UnsignedFile.Multi.Generic (1) 20:38:56.0464 6880 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 20:38:56.0480 6880 WmiAcpi - ok 20:38:56.0526 6880 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 20:38:56.0573 6880 wmiApSrv - ok 20:38:56.0604 6880 WMPNetworkSvc - ok 20:38:56.0636 6880 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 20:38:56.0667 6880 WPCSvc - ok 20:38:56.0698 6880 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll 20:38:56.0729 6880 WPDBusEnum - ok 20:38:56.0745 6880 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 20:38:56.0776 6880 ws2ifsl - ok 20:38:56.0807 6880 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll 20:38:56.0932 6880 wscsvc - ok 20:38:56.0932 6880 WSearch - ok 20:38:57.0088 6880 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 20:38:57.0150 6880 wuauserv - ok 20:38:57.0244 6880 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys 20:38:57.0291 6880 WudfPf - ok 20:38:57.0322 6880 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys 20:38:57.0353 6880 WUDFRd - ok 20:38:57.0400 6880 wudfsvc (27b9bee5aac00139e3a3af5d6227a0dc) C:\Windows\System32\WUDFSvc.dll 20:38:57.0462 6880 wudfsvc - ok 20:38:57.0478 6880 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 20:38:57.0525 6880 WwanSvc - ok 20:38:57.0572 6880 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 20:38:57.0587 6880 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected 20:38:57.0587 6880 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0) 20:38:58.0164 6880 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 20:38:58.0164 6880 \Device\Harddisk0\DR0 - detected TDSS File System (1) 20:38:58.0211 6880 Boot (0x1200) (47a2b6601a482770db82e6c7c1fb0314) \Device\Harddisk0\DR0\Partition0 20:38:58.0211 6880 \Device\Harddisk0\DR0\Partition0 - ok 20:38:58.0211 6880 Boot (0x1200) (55d86f776e8bcfec33b424e6fe457015) \Device\Harddisk0\DR0\Partition1 20:38:58.0211 6880 \Device\Harddisk0\DR0\Partition1 - ok 20:38:58.0227 6880 ============================================================ 20:38:58.0227 6880 Scan finished 20:38:58.0227 6880 ============================================================ 20:38:58.0242 6076 Detected object count: 8 20:38:58.0242 6076 Actual detected object count: 8 20:44:48.0474 6076 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 20:44:48.0474 6076 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:44:48.0474 6076 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 20:44:48.0474 6076 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:44:48.0484 6076 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user 20:44:48.0484 6076 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:44:48.0484 6076 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user 20:44:48.0484 6076 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:44:48.0484 6076 Sound Blaster X-Fi MB Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 20:44:48.0484 6076 Sound Blaster X-Fi MB Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:44:48.0484 6076 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user 20:44:48.0484 6076 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:44:49.0364 6076 \Device\Harddisk0\DR0\# - copied to quarantine 20:44:49.0364 6076 \Device\Harddisk0\DR0 - copied to quarantine 20:44:49.0434 6076 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 20:44:49.0564 6076 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 20:44:49.0624 6076 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 20:44:55.0474 6076 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 20:44:55.0534 6076 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 20:45:00.0764 6076 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 20:45:00.0854 6076 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 20:45:00.0944 6076 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 20:45:00.0964 6076 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 20:45:00.0984 6076 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 20:45:01.0114 6076 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 20:45:01.0174 6076 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 20:45:01.0204 6076 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 20:45:01.0204 6076 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine 20:45:01.0224 6076 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 20:45:01.0344 6076 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot 20:45:01.0404 6076 \Device\Harddisk0\DR0 - ok 20:45:01.0744 6076 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 20:45:01.0744 6076 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 20:45:01.0754 6076 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 20:45:19.0454 6692 Deinitialize success 2012/07/17 00:02:15 -0400 JARED-PC Jared IP-BLOCK 206.161.121.122 (Type: outgoing, Port: 60984, Process: svchost.exe) 2012/07/17 00:02:15 -0400 JARED-PC Jared IP-BLOCK 206.161.121.123 (Type: outgoing, Port: 60985, Process: svchost.exe) 2012/07/17 00:02:15 -0400 JARED-PC Jared IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 60986, Process: svchost.exe) 2012/07/17 00:02:15 -0400 JARED-PC Jared IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 60987, Process: svchost.exe) 2012/07/17 00:02:31 -0400 JARED-PC Jared IP-BLOCK 78.41.203.125 (Type: outgoing, Port: 60998, Process: svchost.exe) 2012/07/17 00:02:31 -0400 JARED-PC Jared IP-BLOCK 78.41.203.125 (Type: outgoing, Port: 61001, Process: svchost.exe) 2012/07/17 00:03:04 -0400 JARED-PC Jared IP-BLOCK 206.161.121.122 (Type: outgoing, Port: 61006, Process: svchost.exe) 2012/07/17 00:03:04 -0400 JARED-PC Jared IP-BLOCK 206.161.121.123 (Type: outgoing, Port: 61007, Process: svchost.exe) 2012/07/17 00:03:04 -0400 JARED-PC Jared IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 61008, Process: svchost.exe) 2012/07/17 00:03:04 -0400 JARED-PC Jared IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 61009, Process: svchost.exe) 2012/07/17 00:03:04 -0400 JARED-PC Jared IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 61011, Process: svchost.exe) 2012/07/17 00:03:04 -0400 JARED-PC Jared IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 61012, Process: svchost.exe) 2012/07/17 00:04:24 -0400 JARED-PC Jared IP-BLOCK 78.41.203.125 (Type: outgoing, Port: 61039, Process: svchost.exe) 2012/07/17 00:09:08 -0400 JARED-PC Jared IP-BLOCK 206.161.121.122 (Type: outgoing, Port: 61107, Process: svchost.exe) 2012/07/17 00:09:08 -0400 JARED-PC Jared IP-BLOCK 206.161.121.123 (Type: outgoing, Port: 61108, Process: svchost.exe) 2012/07/17 00:09:08 -0400 JARED-PC Jared IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 61109, Process: svchost.exe) 2012/07/17 00:09:08 -0400 JARED-PC Jared IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 61110, Process: svchost.exe) 2012/07/17 00:09:08 -0400 JARED-PC Jared IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 61112, Process: svchost.exe) 2012/07/17 00:09:08 -0400 JARED-PC Jared IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 61113, Process: svchost.exe) 2012/07/17 00:11:09 -0400 JARED-PC Jared IP-BLOCK 206.161.121.122 (Type: outgoing, Port: 61135, Process: svchost.exe) 2012/07/17 00:11:09 -0400 JARED-PC Jared IP-BLOCK 206.161.121.123 (Type: outgoing, Port: 61136, Process: svchost.exe) 2012/07/17 00:11:09 -0400 JARED-PC Jared IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 61137, Process: svchost.exe) 2012/07/17 00:11:09 -0400 JARED-PC Jared IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 61138, Process: svchost.exe) 2012/07/17 00:11:09 -0400 JARED-PC Jared IP-BLOCK 206.161.121.122 (Type: outgoing, Port: 61140, Process: svchost.exe) 2012/07/17 00:11:09 -0400 JARED-PC Jared IP-BLOCK 206.161.121.123 (Type: outgoing, Port: 61141, Process: svchost.exe) 2012/07/17 00:11:09 -0400 JARED-PC Jared IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 61142, Process: svchost.exe) 2012/07/17 00:11:09 -0400 JARED-PC Jared IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 61143, Process: svchost.exe) 2012/07/17 00:11:41 -0400 JARED-PC Jared IP-BLOCK 206.161.121.122 (Type: outgoing, Port: 61275, Process: svchost.exe) 2012/07/17 00:11:41 -0400 JARED-PC Jared IP-BLOCK 206.161.121.123 (Type: outgoing, Port: 61276, Process: svchost.exe) 2012/07/17 00:11:41 -0400 JARED-PC Jared IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 61277, Process: svchost.exe) 2012/07/17 00:11:41 -0400 JARED-PC Jared IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 61278, Process: svchost.exe) 2012/07/17 00:11:41 -0400 JARED-PC Jared IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 61280, Process: svchost.exe) 2012/07/17 00:11:41 -0400 JARED-PC Jared IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 61281, Process: svchost.exe) 2012/07/17 00:14:07 -0400 JARED-PC Jared IP-BLOCK 206.161.121.123 (Type: outgoing, Port: 61420, Process: svchost.exe) 2012/07/17 00:14:07 -0400 JARED-PC Jared IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 61421, Process: svchost.exe) 2012/07/17 00:14:07 -0400 JARED-PC Jared IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 61422, Process: svchost.exe) 2012/07/17 00:14:07 -0400 JARED-PC Jared IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 61424, Process: svchost.exe) 2012/07/17 00:14:07 -0400 JARED-PC Jared IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 61425, Process: svchost.exe) 2012/07/17 00:17:36 -0400 JARED-PC Jared MESSAGE Starting protection 2012/07/17 00:17:39 -0400 JARED-PC Jared MESSAGE Protection started successfully 2012/07/17 00:17:42 -0400 JARED-PC Jared MESSAGE Starting IP protection 2012/07/17 00:17:44 -0400 JARED-PC Jared MESSAGE IP Protection started successfully 2012/07/17 00:18:38 -0400 JARED-PC Jared IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49201, Process: svchost.exe) 2012/07/17 00:22:15 -0400 JARED-PC Jared IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 49225, Process: svchost.exe) 2012/07/17 00:22:15 -0400 JARED-PC Jared IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 49226, Process: svchost.exe) 2012/07/17 00:28:25 -0400 JARED-PC Jared IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 49451, Process: svchost.exe) 2012/07/17 00:28:25 -0400 JARED-PC Jared IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 49452, Process: svchost.exe) 2012/07/17 00:32:35 -0400 JARED-PC Jared IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 49642, Process: svchost.exe) 2012/07/17 00:32:35 -0400 JARED-PC Jared IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 49643, Process: svchost.exe) 2012/07/17 00:45:04 -0400 JARED-PC Jared IP-BLOCK 78.41.203.125 (Type: outgoing, Port: 49792, Process: svchost.exe) 2012/07/17 00:46:17 -0400 JARED-PC Jared IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 49806, Process: svchost.exe) 2012/07/17 00:46:17 -0400 JARED-PC Jared IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 49807, Process: svchost.exe) 2012/07/17 00:54:45 -0400 JARED-PC Jared IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 49968, Process: svchost.exe) 2012/07/17 05:52:47 -0400 JARED-PC Jared DETECTION C:\WINDOWS\svchost.exe Trojan.Agent QUARANTINE 2012/07/17 05:52:47 -0400 JARED-PC Jared IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 49969, Process: svchost.exe) 2012/07/17 05:52:47 -0400 JARED-PC Jared DETECTION C:\WINDOWS\svchost.exe Trojan.Agent DENY 2012/07/17 05:52:48 -0400 JARED-PC Jared ERROR Quarantine failed: DeleteFile failed with error code 5 2012/07/17 05:52:56 -0400 JARED-PC Jared IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49980, Process: svchost.exe) 2012/07/17 05:52:56 -0400 JARED-PC Jared IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 50005, Process: svchost.exe) 2012/07/17 05:52:56 -0400 JARED-PC Jared IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 50006, Process: svchost.exe) 2012/07/17 05:52:56 -0400 JARED-PC Jared IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 50015, Process: svchost.exe) 2012/07/17 05:52:56 -0400 JARED-PC Jared IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 50016, Process: svchost.exe) 2012/07/17 05:52:56 -0400 JARED-PC Jared IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50043, Process: svchost.exe) 2012/07/17 05:52:56 -0400 JARED-PC Jared IP-BLOCK 78.41.203.125 (Type: outgoing, Port: 50089, Process: svchost.exe) 2012/07/17 05:52:56 -0400 JARED-PC Jared IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50604, Process: svchost.exe) 2012/07/17 05:52:56 -0400 JARED-PC Jared IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50788, Process: svchost.exe) 2012/07/17 19:00:25 -0400 JARED-PC Jared MESSAGE Starting protection 2012/07/17 19:00:27 -0400 JARED-PC Jared MESSAGE Protection started successfully 2012/07/17 19:00:30 -0400 JARED-PC Jared MESSAGE Starting IP protection 2012/07/17 19:00:32 -0400 JARED-PC Jared MESSAGE IP Protection started successfully 2012/07/17 19:32:54 -0400 JARED-PC Jared IP-BLOCK 78.41.203.125 (Type: outgoing, Port: 53408, Process: svchost.exe) 2012/07/17 20:01:48 -0400 JARED-PC Jared IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 55961, Process: svchost.exe) 2012/07/17 20:02:04 -0400 JARED-PC Jared IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 56005, Process: svchost.exe) 2012/07/17 20:17:07 -0400 JARED-PC Jared IP-BLOCK 78.41.203.125 (Type: outgoing, Port: 56674, Process: svchost.exe) 2012/07/17 20:48:27 -0400 JARED-PC Jared MESSAGE Starting protection 2012/07/17 20:48:29 -0400 JARED-PC Jared MESSAGE Protection started successfully 2012/07/17 20:48:32 -0400 JARED-PC Jared MESSAGE Starting IP protection 2012/07/17 20:48:34 -0400 JARED-PC Jared MESSAGE IP Protection started successfully 2012/07/17 20:52:39 -0400 JARED-PC Jared DETECTION C:\WINDOWS\svchost.exe Trojan.Agent QUARANTINE 2012/07/17 20:52:40 -0400 JARED-PC Jared DETECTION c:\windows\svchost.exe Trojan.Agent DENY 2012/07/17 20:52:46 -0400 JARED-PC Jared MESSAGE Starting database refresh 2012/07/17 20:52:46 -0400 JARED-PC Jared MESSAGE Stopping IP protection 2012/07/17 20:54:46 -0400 JARED-PC Jared MESSAGE IP Protection stopped 2012/07/17 20:54:49 -0400 JARED-PC Jared MESSAGE Database refreshed successfully 2012/07/17 20:54:49 -0400 JARED-PC Jared MESSAGE Starting IP protection 2012/07/17 20:54:50 -0400 JARED-PC Jared MESSAGE IP Protection started successfully .
  8. Hello, When I ran malwarebytes, it found 2 of these Trojan erros in the WINDOWS/svchost.exe. I removed them, the computer rebooted, but they were right back again. Attached are the logs. Appreciate the help. Attach.txt DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.