Jump to content

dmar2012

Members
  • Posts

    7
  • Joined

  • Last visited

Everything posted by dmar2012

  1. OK, folder deleted. There is a similar folder: C:\Users\kmwordsmith\AppData\LocalLow\CouponAlert_2p Should I delete that too? Everything seems fine with the computer now - including Internet search/browsing. Malwarebytes Pro is running and has not found anything recently (since that first round of cleaning from the start of this thread). Thanks.
  2. OK, ran the online scanner. Looks like it found some more suspicious items (including some already quarantined by TDSSKiller it appears). The log noted in your message contained only the following: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK I also saved the summary of what was quarantined when the scan completed. Here is that text: C:\ProgramData\Microsoft\Windows\DRM\F336.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined C:\ProgramData\Microsoft\Windows\DRM\F337.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\mbr0000\tdlfs0000\tsk0000.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.NH trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\zasubsys0000\file0000\tsk0000.dta Win64/Patched.B.Gen trojan deleted - quarantined C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\zasubsys0000\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan deleted - quarantined C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\zasubsys0000\zafs0000\tsk0001.dta Win64/Sirefef.AD trojan deleted - quarantined C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\zasubsys0000\zafs0000\tsk0006.dta Win64/Agent.BA trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\zasubsys0000\zafs0000\tsk0007.dta Win64/Conedex.B trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\zasubsys0000\zafs0000\tsk0008.dta Win64/Sirefef.AP trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\20.08.2012_13.21.02\tdlfs0000\tsk0000.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\20.08.2012_13.21.02\tdlfs0000\tsk0001.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\20.08.2012_13.21.02\tdlfs0000\tsk0002.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\20.08.2012_13.21.02\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.NH trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\20.08.2012_13.21.02\tdlfs0000\tsk0004.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\20.08.2012_13.21.02\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\20.08.2012_13.21.02\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined C:\Users\kmwordsmith\AppData\LocalLow\CouponAlert_2pEI\Installr\Cache\00BB4B36.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined C:\WINDOWS\System32\config\systemprofile\AppData\Local\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\n Win64/Sirefef.W trojan cleaned by deleting - quarantined Thank you!
  3. Should I stop McAfee Antivirus before running this ESET Online Scanner? And what about Microsoft Windows Defender? I started running ESET and it detected both, and put up warning that they may interfere with the scan, so I just cancelled out.
  4. OK, Step 1 completed no problem. I had a little problem with Step 2 (running ComboFix). I disabled McAfee real-time scanning and firewall, but at one point towards the end of the ComboFix running it put up a dialog saying that McAfee was still running. I went back and checked and McAfee Security Center dialog indicated that real-time and firewall were both off. In any case I clicked OK for ComboFix to proceed. It put up another dialog warning me that McAfee was still running and this dialog had only a "Continue" button. I clicked Continue, ComboFix finished and then after a reboot McAfee did definitely restart and the scanner tried to quarantine one of the ComboBox processes - I clicked "Allow" to let ComboBox run. ComboBox did finish and the log is pasted below. I had to reboot to get rid of the "illegal operation attempted on registry key..." error when trying to open anything, but after the reboot everything opens fine. So not totally sure where things stand now as a result of the McAfee snag, but in any case here is the log: ComboFix 12-08-20.02 - kmwordsmith 08/20/2012 14:45:21.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2631 [GMT -4:00] Running from: c:\users\kmwordsmith\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\CouponAlert_2pEI c:\windows\security\Database\tmp.edb . . ((((((((((((((((((((((((( Files Created from 2012-07-20 to 2012-08-20 ))))))))))))))))))))))))))))))) . . 2012-08-20 18:56 . 2012-08-20 18:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-19 22:15 . 2012-08-20 17:22 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-16 03:14 . 2012-08-16 03:14 -------- d-----w- c:\users\kmwordsmith\AppData\Roaming\Malwarebytes 2012-08-16 03:14 . 2012-08-16 03:14 -------- d-----w- c:\programdata\Malwarebytes 2012-08-16 03:14 . 2012-08-16 03:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-08-16 03:14 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-16 02:56 . 2012-08-17 02:05 -------- d-----w- c:\program files (x86)\PC Tools 2012-08-16 02:47 . 2012-08-17 02:05 -------- d-----w- c:\program files (x86)\Common Files\PC Tools 2012-08-16 02:47 . 2012-06-22 19:35 251560 ----a-w- c:\windows\system32\drivers\PCTSD64.sys 2012-08-16 02:47 . 2012-08-17 02:03 -------- d-----w- c:\programdata\PC Tools 2012-08-16 02:47 . 2012-08-16 02:47 -------- d-----w- c:\users\kmwordsmith\AppData\Roaming\TestApp 2012-07-24 19:47 . 2012-07-24 19:47 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-19 22:16 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe 2012-08-15 13:46 . 2012-04-17 12:03 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-15 13:46 . 2011-06-14 11:13 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-24 14:33 . 2012-07-24 14:33 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\F337.tmp 2012-07-24 14:33 . 2012-07-24 14:33 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\F336.tmp 2012-07-12 03:59 . 2011-01-06 11:38 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-06-12 03:08 . 2012-07-12 04:02 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-06-09 05:43 . 2012-07-11 11:25 14172672 ----a-w- c:\windows\system32\shell32.dll 2012-06-06 06:06 . 2012-07-11 11:25 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 06:06 . 2012-07-11 11:25 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 06:02 . 2012-07-11 11:25 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-06-06 05:05 . 2012-07-11 11:25 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-06-06 05:05 . 2012-07-11 11:25 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-06-06 05:03 . 2012-07-11 11:25 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-06-02 22:19 . 2012-06-25 10:16 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-25 10:16 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-25 10:16 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-25 10:16 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-25 10:16 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-25 10:16 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-25 10:16 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 19:19 . 2012-06-25 10:16 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:15 . 2012-06-25 10:16 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 12:49 . 2012-07-12 03:58 17807360 ----a-w- c:\windows\system32\mshtml.dll 2012-06-02 12:17 . 2012-07-12 03:58 10924032 ----a-w- c:\windows\system32\ieframe.dll 2012-06-02 12:12 . 2012-07-12 03:58 2311680 ----a-w- c:\windows\system32\jscript9.dll 2012-06-02 12:05 . 2012-07-12 03:58 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-06-02 12:05 . 2012-07-12 03:58 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-06-02 12:04 . 2012-07-12 03:58 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-02 12:04 . 2012-07-12 03:58 237056 ----a-w- c:\windows\system32\url.dll 2012-06-02 12:03 . 2012-07-12 03:58 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-06-02 12:01 . 2012-07-12 03:58 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-02 12:00 . 2012-07-12 03:58 818688 ----a-w- c:\windows\system32\jscript.dll 2012-06-02 11:59 . 2012-07-12 03:58 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-06-02 11:57 . 2012-07-12 03:58 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-06-02 11:57 . 2012-07-12 03:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-02 11:54 . 2012-07-12 03:58 248320 ----a-w- c:\windows\system32\ieui.dll 2012-06-02 08:33 . 2012-07-12 03:58 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-06-02 08:25 . 2012-07-12 03:58 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-06-02 08:25 . 2012-07-12 03:58 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-06-02 08:20 . 2012-07-12 03:58 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-06-02 08:16 . 2012-07-12 03:58 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-06-02 05:50 . 2012-07-11 11:25 458704 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 05:48 . 2012-07-11 11:25 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:48 . 2012-07-11 11:25 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:45 . 2012-07-11 11:25 340992 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 05:44 . 2012-07-11 11:25 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-06-02 04:40 . 2012-07-11 11:25 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-06-02 04:40 . 2012-07-11 11:25 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-06-02 04:39 . 2012-07-11 11:25 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34 . 2012-07-11 11:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Screenpresso"="c:\users\kmwordsmith\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe" [2012-07-09 7884680] "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064] "BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-07-01 1484856] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-04 559616] . c:\users\kmwordsmith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192] Dropbox.lnk - c:\users\kmwordsmith\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536] PDFCreator.lnk - c:\program files (x86)\PDFCreator\PDFCreator.exe [2009-12-5 2641920] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-01 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-01 136176] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-06-01 93840] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-18 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-20 1255736] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-06-01 75288] S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-06-01 279752] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-06-01 244840] S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-06-01 148520] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-06-01 62416] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-04-12 52632] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-06-01 440688] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-05-20 393728] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2012-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 13:46] . 2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-01 16:35] . 2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-01 16:35] . 2012-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2178287959-2484263321-3651141593-1001Core.job - c:\users\kmwordsmith\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-27 12:12] . 2012-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2178287959-2484263321-3651141593-1001UA.job - c:\users\kmwordsmith\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-27 12:12] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080] "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960] "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.bing.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.254.254 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{37153479-1976-43c3-a1ee-557513977b64} - (no file) Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe SafeBoot-63553684.sys Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe . ************************************************************************** . Completion time: 2012-08-20 15:06:17 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-20 19:06 . Pre-Run: 177,837,002,752 bytes free Post-Run: 178,088,529,920 bytes free . - - End Of File - - B3D6F848FEB15C8FBE2722C19DF48E47
  5. And here is the DDS log. Thanks again. ****** DDS ********** . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by kmwordsmith at 18:40:01 on 2012-08-19 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2655 [GMT -4:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\IDT\WDM\sttray64.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Users\kmwordsmith\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\Apntex.exe C:\Windows\system32\conhost.exe C:\Program Files\DellTPad\HidFind.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\PDFCreator\PDFCreator.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\conhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Users\kmwordsmith\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE C:\Windows\splwow64.exe C:\Windows\sysWow64\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Page = uStart Page = hxxp://www.bing.com/ uSearch Bar = uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: CDelHotkeys Object: {78875f5c-a685-4405-8dc5-d48dc65452b0} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100907182941.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll TB: Delicious Toolbar: {61d1c847-df80-423a-8c6d-dc03b97e6ebe} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File EB: Delicious Sidebar: {9d19c405-ba93-461b-871f-97992cc45972} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll uRun: [screenpresso] "C:\Users\kmwordsmith\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe" -startup uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe uRun: [Google Update] "C:\Users\kmwordsmith\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [blackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" StartupFolder: C:\Users\KMWORD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe StartupFolder: C:\Users\KMWORD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\kmwordsmith\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PDFCRE~1.LNK - C:\Program Files (x86)\PDFCreator\PDFCreator.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2C887991-08F0-11DC-A9B2-0012F0B227DD} - {B8D8B1D0-83AF-451B-8CD9-8F1BF4ED8FEA} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll IE: {2C887992-08F0-11DC-A9B2-0012F0B227DD} - {9D19C405-BA93-461b-871F-97992CC45972} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll IE: {2C887993-08F0-11DC-A9B2-0012F0B227DD} - {4D3D441F-9543-4941-B664-2EDCF9FC1B56} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL LSP: mswsock.dll DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://logicalimages.webex.com/client/T27LB/webex/ieatgpc1.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.254.254 TCP: Interfaces\{5543631B-9160-4BE9-925D-36734AE345F2} : DhcpNameServer = 192.168.254.254 TCP: Interfaces\{7F302492-41B6-4FBD-8780-5795A2FDC3EF} : DhcpNameServer = 192.168.254.254 BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll BHO-X64: McAfee Phishing Filter - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: CDelHotkeys Object: {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100907182941.dll BHO-X64: scriptproxy - No File BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll TB-X64: Delicious Toolbar: {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File EB-X64: {9D19C405-BA93-461B-871F-97992CC45972} - No File mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun-x64: [blackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?] R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-15 655944] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-7 355440] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-7 355440] R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-9-7 199032] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-9-7 244840] R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-9-7 148520] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-11-28 1692480] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-1 136176] S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-7 355440] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-17 250056] S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-1 136176] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-08-19 22:15:19 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-16 03:14:57 -------- d-----w- C:\Users\kmwordsmith\AppData\Roaming\Malwarebytes 2012-08-16 03:14:50 -------- d-----w- C:\ProgramData\Malwarebytes 2012-08-16 03:14:46 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-08-16 03:14:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-08-16 02:56:29 -------- d-----w- C:\Program Files (x86)\PC Tools 2012-08-16 02:47:50 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys 2012-08-16 02:47:50 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools 2012-08-16 02:47:20 -------- d-----w- C:\ProgramData\PC Tools 2012-08-16 02:47:19 -------- d-----w- C:\Users\kmwordsmith\AppData\Roaming\TestApp 2012-07-24 19:47:01 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-07-24 14:33:50 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\F337.tmp 2012-07-24 14:33:50 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\F336.tmp . ==================== Find3M ==================== . 2012-08-19 22:16:23 328704 ----a-w- C:\Windows\System32\services.exe 2012-08-15 13:46:15 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-15 13:46:15 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll . ============= FINISH: 18:41:03.70 ===============
  6. Hi Maniac, Thanks very much for your assistance and quick reply. I have followed your instructions and am pasting the requested logs below. Everything went smoothly and the MBAM scan did not find anything suspicious after the TDSSKiller ran, so hopefully that is a good sign. NOTE I got an error "post too long" when I tried to submit with all 3 requested logs in this post. So 2 (TDSSKiller and MBAM) are below - I will post the DDS report in a separate post. ***** TDSSKiller.2.8.6.0_19.08.2012_18.12.19_log.txt ******* 18:12:19.0658 5028 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05 18:12:20.0017 5028 ============================================================ 18:12:20.0017 5028 Current date / time: 2012/08/19 18:12:20.0017 18:12:20.0017 5028 SystemInfo: 18:12:20.0017 5028 18:12:20.0017 5028 OS Version: 6.1.7601 ServicePack: 1.0 18:12:20.0017 5028 Product type: Workstation 18:12:20.0017 5028 ComputerName: ROHAN 18:12:20.0017 5028 UserName: kmwordsmith 18:12:20.0017 5028 Windows directory: C:\Windows 18:12:20.0017 5028 System windows directory: C:\Windows 18:12:20.0017 5028 Running under WOW64 18:12:20.0017 5028 Processor architecture: Intel x64 18:12:20.0017 5028 Number of processors: 2 18:12:20.0017 5028 Page size: 0x1000 18:12:20.0017 5028 Boot type: Normal boot 18:12:20.0017 5028 ============================================================ 18:12:20.0453 5028 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:12:20.0453 5028 Drive \Device\Harddisk1\DR1 - Size: 0x2F7B000000 (189.92 Gb), SectorSize: 0x200, Cylinders: 0x60D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 18:12:27.0817 5028 ============================================================ 18:12:27.0817 5028 \Device\Harddisk0\DR0: 18:12:27.0817 5028 MBR partitions: 18:12:27.0817 5028 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000 18:12:27.0817 5028 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170 18:12:27.0817 5028 \Device\Harddisk1\DR1: 18:12:27.0817 5028 MBR partitions: 18:12:27.0817 5028 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17BD13D8 18:12:27.0817 5028 ============================================================ 18:12:27.0879 5028 C: <-> \Device\Harddisk0\DR0\Partition2 18:12:27.0957 5028 E: <-> \Device\Harddisk1\DR1\Partition1 18:12:27.0957 5028 ============================================================ 18:12:27.0957 5028 Initialize success 18:12:27.0957 5028 ============================================================ 18:13:03.0088 5636 ============================================================ 18:13:03.0088 5636 Scan started 18:13:03.0088 5636 Mode: Manual; SigCheck; TDLFS; 18:13:03.0088 5636 ============================================================ 18:13:03.0509 5636 ================ Scan services ============================= 18:13:03.0697 5636 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 18:13:03.0915 5636 1394ohci - ok 18:13:03.0977 5636 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 18:13:04.0009 5636 ACPI - ok 18:13:04.0087 5636 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 18:13:04.0243 5636 AcpiPmi - ok 18:13:04.0414 5636 [ 62b7936f9036dd6ed36e6a7efa805dc0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 18:13:04.0430 5636 AdobeARMservice - ok 18:13:04.0570 5636 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 18:13:04.0601 5636 AdobeFlashPlayerUpdateSvc - ok 18:13:04.0664 5636 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 18:13:04.0726 5636 adp94xx - ok 18:13:04.0773 5636 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 18:13:04.0820 5636 adpahci - ok 18:13:04.0851 5636 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 18:13:04.0867 5636 adpu320 - ok 18:13:04.0898 5636 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 18:13:05.0069 5636 AeLookupSvc - ok 18:13:05.0147 5636 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys 18:13:05.0350 5636 AFD - ok 18:13:05.0397 5636 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 18:13:05.0444 5636 agp440 - ok 18:13:05.0491 5636 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe 18:13:05.0584 5636 ALG - ok 18:13:05.0631 5636 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys 18:13:05.0678 5636 aliide - ok 18:13:05.0709 5636 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys 18:13:05.0740 5636 amdide - ok 18:13:05.0771 5636 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 18:13:05.0849 5636 AmdK8 - ok 18:13:05.0865 5636 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 18:13:05.0912 5636 AmdPPM - ok 18:13:05.0974 5636 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 18:13:06.0037 5636 amdsata - ok 18:13:06.0068 5636 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 18:13:06.0115 5636 amdsbs - ok 18:13:06.0130 5636 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 18:13:06.0146 5636 amdxata - ok 18:13:06.0193 5636 [ 1412e9a88fe1f7e35ce6058a2ef03664 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys 18:13:06.0271 5636 ApfiltrService - ok 18:13:06.0317 5636 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys 18:13:06.0458 5636 AppID - ok 18:13:06.0473 5636 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 18:13:06.0567 5636 AppIDSvc - ok 18:13:06.0614 5636 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll 18:13:06.0692 5636 Appinfo - ok 18:13:06.0785 5636 [ 7ef47644b74ebe721cc32211d3c35e76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 18:13:06.0817 5636 Apple Mobile Device - ok 18:13:06.0848 5636 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys 18:13:06.0879 5636 arc - ok 18:13:06.0895 5636 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 18:13:06.0926 5636 arcsas - ok 18:13:06.0941 5636 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 18:13:07.0019 5636 AsyncMac - ok 18:13:07.0082 5636 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys 18:13:07.0113 5636 atapi - ok 18:13:07.0191 5636 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 18:13:07.0378 5636 AudioEndpointBuilder - ok 18:13:07.0394 5636 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 18:13:07.0456 5636 AudioSrv - ok 18:13:07.0487 5636 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll 18:13:07.0643 5636 AxInstSV - ok 18:13:07.0690 5636 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 18:13:07.0784 5636 b06bdrv - ok 18:13:07.0815 5636 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 18:13:07.0909 5636 b57nd60a - ok 18:13:07.0987 5636 [ 01a24b415926bb5f772dbe12459d97de ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE 18:13:08.0033 5636 BBSvc - ok 18:13:08.0080 5636 [ 785de7abda13309d6065305542829e76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 18:13:08.0111 5636 BBUpdate - ok 18:13:08.0143 5636 [ e001dd475a7c27ebe5a0db45c11bad71 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys 18:13:08.0205 5636 BCM42RLY - ok 18:13:08.0314 5636 [ 37394d3553e220fb732c21e217e1bd8b ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys 18:13:08.0455 5636 BCM43XX - ok 18:13:08.0501 5636 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll 18:13:08.0564 5636 BDESVC - ok 18:13:08.0595 5636 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 18:13:08.0673 5636 Beep - ok 18:13:08.0720 5636 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 18:13:08.0767 5636 blbdrive - ok 18:13:08.0845 5636 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 18:13:08.0876 5636 Bonjour Service - ok 18:13:08.0923 5636 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 18:13:08.0969 5636 bowser - ok 18:13:09.0001 5636 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 18:13:09.0094 5636 BrFiltLo - ok 18:13:09.0094 5636 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 18:13:09.0125 5636 BrFiltUp - ok 18:13:09.0188 5636 [ 8ef0d5c41ec907751b8429162b1239ed ] Browser C:\Windows\System32\browser.dll 18:13:09.0281 5636 Browser - ok 18:13:09.0328 5636 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys 18:13:09.0422 5636 Brserid - ok 18:13:09.0437 5636 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 18:13:09.0484 5636 BrSerWdm - ok 18:13:09.0500 5636 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 18:13:09.0562 5636 BrUsbMdm - ok 18:13:09.0578 5636 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 18:13:09.0625 5636 BrUsbSer - ok 18:13:09.0656 5636 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 18:13:09.0703 5636 BTHMODEM - ok 18:13:09.0749 5636 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll 18:13:09.0812 5636 bthserv - ok 18:13:09.0843 5636 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 18:13:09.0905 5636 cdfs - ok 18:13:09.0968 5636 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 18:13:10.0061 5636 cdrom - ok 18:13:10.0108 5636 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll 18:13:10.0202 5636 CertPropSvc - ok 18:13:10.0249 5636 [ 3b8a124d87ee9d229d1f07f518da9a4c ] cfwids C:\Windows\system32\drivers\cfwids.sys 18:13:10.0358 5636 cfwids - ok 18:13:10.0405 5636 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys 18:13:10.0467 5636 circlass - ok 18:13:10.0498 5636 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys 18:13:10.0545 5636 CLFS - ok 18:13:10.0592 5636 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:13:10.0623 5636 clr_optimization_v2.0.50727_32 - ok 18:13:10.0670 5636 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 18:13:10.0701 5636 clr_optimization_v2.0.50727_64 - ok 18:13:10.0795 5636 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:13:10.0826 5636 clr_optimization_v4.0.30319_32 - ok 18:13:10.0888 5636 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 18:13:10.0919 5636 clr_optimization_v4.0.30319_64 - ok 18:13:10.0951 5636 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 18:13:10.0982 5636 CmBatt - ok 18:13:11.0029 5636 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys 18:13:11.0060 5636 cmdide - ok 18:13:11.0107 5636 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys 18:13:11.0153 5636 CNG - ok 18:13:11.0169 5636 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 18:13:11.0185 5636 Compbatt - ok 18:13:11.0247 5636 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 18:13:11.0341 5636 CompositeBus - ok 18:13:11.0450 5636 COMSysApp - ok 18:13:11.0481 5636 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 18:13:11.0512 5636 crcdisk - ok 18:13:11.0543 5636 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll 18:13:11.0653 5636 CryptSvc - ok 18:13:11.0684 5636 [ ed5cf92396a62f4c15110dcdb5e854d9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys 18:13:11.0809 5636 CtClsFlt - ok 18:13:11.0856 5636 [ 7f61fbe259c18666d8ddf862f13a5eb0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys 18:13:11.0934 5636 dc3d - ok 18:13:11.0965 5636 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll 18:13:12.0058 5636 DcomLaunch - ok 18:13:12.0121 5636 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll 18:13:12.0230 5636 defragsvc - ok 18:13:12.0277 5636 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 18:13:12.0339 5636 DfsC - ok 18:13:12.0370 5636 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll 18:13:12.0480 5636 Dhcp - ok 18:13:12.0511 5636 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys 18:13:12.0589 5636 discache - ok 18:13:12.0636 5636 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys 18:13:12.0651 5636 Disk - ok 18:13:12.0698 5636 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 18:13:12.0776 5636 Dnscache - ok 18:13:12.0854 5636 [ 0840abbbdf438691ee65a20040635cbe ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe 18:13:12.0901 5636 DockLoginService ( UnsignedFile.Multi.Generic ) - warning 18:13:12.0901 5636 DockLoginService - detected UnsignedFile.Multi.Generic (1) 18:13:12.0932 5636 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll 18:13:13.0072 5636 dot3svc - ok 18:13:13.0104 5636 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll 18:13:13.0182 5636 DPS - ok 18:13:13.0213 5636 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 18:13:13.0244 5636 drmkaud - ok 18:13:13.0306 5636 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 18:13:13.0431 5636 DXGKrnl - ok 18:13:13.0509 5636 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll 18:13:13.0572 5636 EapHost - ok 18:13:13.0681 5636 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 18:13:13.0852 5636 ebdrv - ok 18:13:13.0899 5636 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe 18:13:13.0977 5636 EFS - ok 18:13:14.0040 5636 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 18:13:14.0164 5636 ehRecvr - ok 18:13:14.0180 5636 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe 18:13:14.0258 5636 ehSched - ok 18:13:14.0305 5636 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 18:13:14.0367 5636 elxstor - ok 18:13:14.0414 5636 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys 18:13:14.0461 5636 ErrDev - ok 18:13:14.0508 5636 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll 18:13:14.0554 5636 EventSystem - ok 18:13:14.0570 5636 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys 18:13:14.0632 5636 exfat - ok 18:13:14.0664 5636 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys 18:13:14.0710 5636 fastfat - ok 18:13:14.0773 5636 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe 18:13:14.0835 5636 Fax - ok 18:13:14.0866 5636 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys 18:13:14.0913 5636 fdc - ok 18:13:14.0944 5636 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll 18:13:15.0007 5636 fdPHost - ok 18:13:15.0022 5636 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 18:13:15.0100 5636 FDResPub - ok 18:13:15.0132 5636 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 18:13:15.0163 5636 FileInfo - ok 18:13:15.0163 5636 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 18:13:15.0256 5636 Filetrace - ok 18:13:15.0303 5636 [ 227846995afeefa70d328bf5334a86a5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 18:13:15.0350 5636 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning 18:13:15.0350 5636 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1) 18:13:15.0381 5636 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 18:13:15.0412 5636 flpydisk - ok 18:13:15.0444 5636 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 18:13:15.0490 5636 FltMgr - ok 18:13:15.0615 5636 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll 18:13:15.0724 5636 FontCache - ok 18:13:15.0802 5636 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 18:13:15.0834 5636 FontCache3.0.0.0 - ok 18:13:15.0849 5636 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 18:13:15.0880 5636 FsDepends - ok 18:13:15.0912 5636 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 18:13:15.0974 5636 Fs_Rec - ok 18:13:16.0036 5636 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 18:13:16.0068 5636 fvevol - ok 18:13:16.0114 5636 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 18:13:16.0146 5636 gagp30kx - ok 18:13:16.0177 5636 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 18:13:16.0255 5636 GEARAspiWDM - ok 18:13:16.0364 5636 [ d3316f6e3c011435f36e3d6e49b3196c ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe 18:13:16.0395 5636 GoToAssist - ok 18:13:16.0442 5636 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll 18:13:16.0536 5636 gpsvc - ok 18:13:16.0692 5636 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 18:13:16.0707 5636 gupdate - ok 18:13:16.0738 5636 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 18:13:16.0754 5636 gupdatem - ok 18:13:16.0801 5636 [ cc839e8d766cc31a7710c9f38cf3e375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 18:13:16.0832 5636 gusvc - ok 18:13:16.0863 5636 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 18:13:16.0941 5636 hcw85cir - ok 18:13:16.0988 5636 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 18:13:17.0050 5636 HDAudBus - ok 18:13:17.0050 5636 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 18:13:17.0082 5636 HidBatt - ok 18:13:17.0097 5636 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 18:13:17.0128 5636 HidBth - ok 18:13:17.0144 5636 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 18:13:17.0191 5636 HidIr - ok 18:13:17.0222 5636 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\system32\hidserv.dll 18:13:17.0331 5636 hidserv - ok 18:13:17.0362 5636 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys 18:13:17.0440 5636 HidUsb - ok 18:13:17.0487 5636 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll 18:13:17.0565 5636 hkmsvc - ok 18:13:17.0643 5636 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll 18:13:17.0721 5636 HomeGroupListener - ok 18:13:17.0752 5636 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 18:13:17.0815 5636 HomeGroupProvider - ok 18:13:17.0862 5636 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 18:13:17.0908 5636 HpSAMD - ok 18:13:17.0986 5636 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 18:13:18.0142 5636 HTTP - ok 18:13:18.0189 5636 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 18:13:18.0205 5636 hwpolicy - ok 18:13:18.0252 5636 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 18:13:18.0267 5636 i8042prt - ok 18:13:18.0345 5636 [ 7548066df68a8a1a56b043359f915f37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe 18:13:18.0376 5636 IAANTMON - ok 18:13:18.0439 5636 [ 1d004cb1da6323b1f55caef7f94b61d9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 18:13:18.0470 5636 iaStor - ok 18:13:18.0517 5636 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 18:13:18.0595 5636 iaStorV - ok 18:13:18.0657 5636 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 18:13:18.0720 5636 idsvc - ok 18:13:18.0907 5636 [ babd5f9b2bcc82ce556a0baf1ae208a7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 18:13:19.0281 5636 igfx - ok 18:13:19.0328 5636 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 18:13:19.0359 5636 iirsp - ok 18:13:19.0453 5636 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll 18:13:19.0562 5636 IKEEXT - ok 18:13:19.0687 5636 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys 18:13:19.0718 5636 intelide - ok 18:13:19.0749 5636 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 18:13:19.0796 5636 intelppm - ok 18:13:19.0827 5636 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll 18:13:19.0890 5636 IPBusEnum - ok 18:13:19.0936 5636 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:13:20.0061 5636 IpFilterDriver - ok 18:13:20.0092 5636 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 18:13:20.0202 5636 IPMIDRV - ok 18:13:20.0248 5636 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 18:13:20.0326 5636 IPNAT - ok 18:13:20.0420 5636 [ 50d6ccc6ff5561f9f56946b3e6164fb8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 18:13:20.0451 5636 iPod Service - ok 18:13:20.0482 5636 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 18:13:20.0560 5636 IRENUM - ok 18:13:20.0592 5636 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 18:13:20.0623 5636 isapnp - ok 18:13:20.0670 5636 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 18:13:20.0732 5636 iScsiPrt - ok 18:13:20.0779 5636 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 18:13:20.0826 5636 kbdclass - ok 18:13:20.0872 5636 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 18:13:20.0966 5636 kbdhid - ok 18:13:20.0982 5636 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe 18:13:20.0997 5636 KeyIso - ok 18:13:21.0028 5636 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 18:13:21.0044 5636 KSecDD - ok 18:13:21.0091 5636 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 18:13:21.0106 5636 KSecPkg - ok 18:13:21.0122 5636 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 18:13:21.0184 5636 ksthunk - ok 18:13:21.0262 5636 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll 18:13:21.0372 5636 KtmRm - ok 18:13:21.0418 5636 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\system32\srvsvc.dll 18:13:21.0496 5636 LanmanServer - ok 18:13:21.0528 5636 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 18:13:21.0606 5636 LanmanWorkstation - ok 18:13:21.0762 5636 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 18:13:21.0840 5636 lltdio - ok 18:13:21.0871 5636 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll 18:13:21.0964 5636 lltdsvc - ok 18:13:21.0980 5636 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll 18:13:22.0042 5636 lmhosts - ok 18:13:22.0074 5636 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 18:13:22.0089 5636 LSI_FC - ok 18:13:22.0120 5636 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 18:13:22.0136 5636 LSI_SAS - ok 18:13:22.0167 5636 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 18:13:22.0198 5636 LSI_SAS2 - ok 18:13:22.0214 5636 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 18:13:22.0245 5636 LSI_SCSI - ok 18:13:22.0276 5636 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys 18:13:22.0354 5636 luafv - ok 18:13:22.0386 5636 [ dc8490812a3b72811ae534f423b4c206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 18:13:22.0417 5636 MBAMProtector - ok 18:13:22.0479 5636 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 18:13:22.0526 5636 MBAMService - ok 18:13:22.0620 5636 [ fd3ad5e1ecdaa94a89d6697f5c5465d6 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe 18:13:22.0651 5636 McComponentHostService - ok 18:13:22.0744 5636 [ 458a013df72eaab91877fa03533e2c8b ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 18:13:22.0776 5636 McMPFSvc - ok 18:13:22.0791 5636 [ 458a013df72eaab91877fa03533e2c8b ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 18:13:22.0822 5636 mcmscsvc - ok 18:13:22.0822 5636 [ 458a013df72eaab91877fa03533e2c8b ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 18:13:22.0854 5636 McNaiAnn - ok 18:13:22.0869 5636 [ 458a013df72eaab91877fa03533e2c8b ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 18:13:22.0885 5636 McNASvc - ok 18:13:22.0916 5636 [ 3809b77eb1734cd5fb317425f188abc1 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe 18:13:22.0947 5636 McODS - ok 18:13:22.0963 5636 [ 458a013df72eaab91877fa03533e2c8b ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 18:13:22.0994 5636 McProxy - ok 18:13:23.0056 5636 [ be7802cfab44b613ac1a20aec1d45b87 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe 18:13:23.0088 5636 McShield - ok 18:13:23.0119 5636 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 18:13:23.0197 5636 Mcx2Svc - ok 18:13:23.0275 5636 [ 11f714f85530a2bd134074dc30e99fca ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 18:13:23.0306 5636 MDM - ok 18:13:23.0322 5636 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 18:13:23.0368 5636 megasas - ok 18:13:23.0384 5636 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 18:13:23.0415 5636 MegaSR - ok 18:13:23.0446 5636 [ 0d8a2ccd9fb7a18114ffa13bb681f362 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys 18:13:23.0462 5636 mfeapfk - ok 18:13:23.0493 5636 [ 58e891f01db2b41ef1a1296fe63ed74c ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys 18:13:23.0571 5636 mfeavfk - ok 18:13:23.0602 5636 mfeavfk01 - ok 18:13:23.0634 5636 [ 656ef23f7d0738dac975036d6bdde036 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe 18:13:23.0665 5636 mfefire - ok 18:13:23.0712 5636 [ 74c4bf6c59a8a900c25ee892d3771f73 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys 18:13:23.0805 5636 mfefirek - ok 18:13:23.0868 5636 [ bcd060ddc1ea7d2f84e75d17c8e2c88c ] mfehidk C:\Windows\system32\drivers\mfehidk.sys 18:13:23.0899 5636 mfehidk - ok 18:13:23.0946 5636 [ 27f5b2b6261d018cbce0f2250d812be5 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys 18:13:24.0024 5636 mfenlfk - ok 18:13:24.0055 5636 [ 537d31cf8d41222be5bfa56a5ec35ceb ] mferkdet C:\Windows\system32\drivers\mferkdet.sys 18:13:24.0102 5636 mferkdet - ok 18:13:24.0133 5636 [ 5f9f24654ac493970d678ec7b1e3df93 ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe 18:13:24.0164 5636 mfevtp - ok 18:13:24.0195 5636 [ 5c07cb165074c6114616d8473cdd0938 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys 18:13:24.0258 5636 mfewfpk - ok 18:13:24.0289 5636 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll 18:13:24.0336 5636 MMCSS - ok 18:13:24.0351 5636 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys 18:13:24.0414 5636 Modem - ok 18:13:24.0445 5636 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys 18:13:24.0492 5636 monitor - ok 18:13:24.0538 5636 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\drivers\mouclass.sys 18:13:24.0570 5636 mouclass - ok 18:13:24.0601 5636 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 18:13:24.0616 5636 mouhid - ok 18:13:24.0648 5636 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 18:13:24.0679 5636 mountmgr - ok 18:13:24.0710 5636 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys 18:13:24.0772 5636 mpio - ok 18:13:24.0788 5636 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 18:13:24.0850 5636 mpsdrv - ok 18:13:24.0882 5636 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 18:13:24.0975 5636 MRxDAV - ok 18:13:25.0006 5636 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 18:13:25.0084 5636 mrxsmb - ok 18:13:25.0131 5636 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:13:25.0162 5636 mrxsmb10 - ok 18:13:25.0194 5636 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:13:25.0209 5636 mrxsmb20 - ok 18:13:25.0240 5636 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys 18:13:25.0334 5636 msahci - ok 18:13:25.0381 5636 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 18:13:25.0443 5636 msdsm - ok 18:13:25.0459 5636 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe 18:13:25.0506 5636 MSDTC - ok 18:13:25.0537 5636 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 18:13:25.0599 5636 Msfs - ok 18:13:25.0615 5636 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 18:13:25.0693 5636 mshidkmdf - ok 18:13:25.0724 5636 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 18:13:25.0740 5636 msisadrv - ok 18:13:25.0786 5636 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 18:13:25.0864 5636 MSiSCSI - ok 18:13:25.0864 5636 msiserver - ok 18:13:25.0911 5636 [ 458a013df72eaab91877fa03533e2c8b ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 18:13:25.0942 5636 MSK80Service - ok 18:13:25.0958 5636 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 18:13:26.0036 5636 MSKSSRV - ok 18:13:26.0052 5636 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 18:13:26.0098 5636 MSPCLOCK - ok 18:13:26.0114 5636 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 18:13:26.0192 5636 MSPQM - ok 18:13:26.0223 5636 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 18:13:26.0254 5636 MsRPC - ok 18:13:26.0301 5636 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 18:13:26.0332 5636 mssmbios - ok 18:13:26.0332 5636 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 18:13:26.0410 5636 MSTEE - ok 18:13:26.0426 5636 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 18:13:26.0457 5636 MTConfig - ok 18:13:26.0488 5636 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys 18:13:26.0504 5636 Mup - ok 18:13:26.0551 5636 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll 18:13:26.0644 5636 napagent - ok 18:13:26.0676 5636 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 18:13:26.0738 5636 NativeWifiP - ok 18:13:26.0800 5636 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys 18:13:26.0878 5636 NDIS - ok 18:13:26.0894 5636 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 18:13:26.0956 5636 NdisCap - ok 18:13:26.0988 5636 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 18:13:27.0050 5636 NdisTapi - ok 18:13:27.0081 5636 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 18:13:27.0175 5636 Ndisuio - ok 18:13:27.0206 5636 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 18:13:27.0346 5636 NdisWan - ok 18:13:27.0378 5636 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 18:13:27.0518 5636 NDProxy - ok 18:13:27.0549 5636 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 18:13:27.0627 5636 NetBIOS - ok 18:13:27.0658 5636 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 18:13:27.0736 5636 NetBT - ok 18:13:27.0752 5636 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe 18:13:27.0783 5636 Netlogon - ok 18:13:27.0814 5636 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll 18:13:27.0877 5636 Netman - ok 18:13:27.0908 5636 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll 18:13:28.0002 5636 netprofm - ok 18:13:28.0033 5636 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 18:13:28.0048 5636 NetTcpPortSharing - ok 18:13:28.0095 5636 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 18:13:28.0126 5636 nfrd960 - ok 18:13:28.0158 5636 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 18:13:28.0251 5636 NlaSvc - ok 18:13:28.0298 5636 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 18:13:28.0345 5636 Npfs - ok 18:13:28.0345 5636 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll 18:13:28.0392 5636 nsi - ok 18:13:28.0407 5636 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 18:13:28.0470 5636 nsiproxy - ok 18:13:28.0548 5636 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 18:13:28.0641 5636 Ntfs - ok 18:13:28.0672 5636 [ 317020d31f1696334679b9d0416eb62e ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys 18:13:28.0735 5636 NuidFltr - ok 18:13:28.0750 5636 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys 18:13:28.0797 5636 Null - ok 18:13:28.0844 5636 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys 18:13:28.0953 5636 nvraid - ok 18:13:28.0984 5636 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys 18:13:29.0062 5636 nvstor - ok 18:13:29.0109 5636 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 18:13:29.0156 5636 nv_agp - ok 18:13:29.0187 5636 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 18:13:29.0250 5636 ohci1394 - ok 18:13:29.0281 5636 [ 7a56cf3e3f12e8af599963b16f50fb6a ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 18:13:29.0312 5636 ose - ok 18:13:29.0343 5636 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 18:13:29.0406 5636 p2pimsvc - ok 18:13:29.0437 5636 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll 18:13:29.0484 5636 p2psvc - ok 18:13:29.0499 5636 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 18:13:29.0530 5636 Parport - ok 18:13:29.0562 5636 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys 18:13:29.0593 5636 partmgr - ok 18:13:29.0608 5636 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 18:13:29.0671 5636 PcaSvc - ok 18:13:29.0702 5636 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys 18:13:29.0718 5636 pci - ok 18:13:29.0749 5636 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys 18:13:29.0780 5636 pciide - ok 18:13:29.0796 5636 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 18:13:29.0827 5636 pcmcia - ok 18:13:29.0842 5636 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys 18:13:29.0858 5636 pcw - ok 18:13:29.0905 5636 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys 18:13:29.0998 5636 PEAUTH - ok 18:13:30.0092 5636 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe 18:13:30.0139 5636 PerfHost - ok 18:13:30.0217 5636 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll 18:13:30.0388 5636 pla - ok 18:13:30.0435 5636 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 18:13:30.0529 5636 PlugPlay - ok 18:13:30.0544 5636 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 18:13:30.0591 5636 PNRPAutoReg - ok 18:13:30.0622 5636 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 18:13:30.0638 5636 PNRPsvc - ok 18:13:30.0685 5636 [ 33328fa8a580885ab0065be6db266e9f ] Point64 C:\Windows\system32\DRIVERS\point64.sys 18:13:30.0763 5636 Point64 - ok 18:13:30.0825 5636 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 18:13:30.0872 5636 PolicyAgent - ok 18:13:30.0903 5636 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll 18:13:30.0966 5636 Power - ok 18:13:31.0012 5636 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 18:13:31.0153 5636 PptpMiniport - ok 18:13:31.0184 5636 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys 18:13:31.0231 5636 Processor - ok 18:13:31.0278 5636 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll 18:13:31.0356 5636 ProfSvc - ok 18:13:31.0371 5636 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe 18:13:31.0387 5636 ProtectedStorage - ok 18:13:31.0434 5636 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys 18:13:31.0558 5636 Psched - ok 18:13:31.0574 5636 [ 4712cc14e720ecccc0aa16949d18aaf1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 18:13:31.0590 5636 PxHlpa64 - ok 18:13:31.0652 5636 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 18:13:31.0761 5636 ql2300 - ok 18:13:31.0792 5636 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 18:13:31.0824 5636 ql40xx - ok 18:13:31.0839 5636 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll 18:13:31.0886 5636 QWAVE - ok 18:13:31.0902 5636 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 18:13:31.0948 5636 QWAVEdrv - ok 18:13:31.0964 5636 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 18:13:32.0026 5636 RasAcd - ok 18:13:32.0058 5636 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 18:13:32.0104 5636 RasAgileVpn - ok 18:13:32.0136 5636 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll 18:13:32.0182 5636 RasAuto - ok 18:13:32.0229 5636 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 18:13:32.0323 5636 Rasl2tp - ok 18:13:32.0370 5636 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll 18:13:32.0463 5636 RasMan - ok 18:13:32.0479 5636 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 18:13:32.0557 5636 RasPppoe - ok 18:13:32.0588 5636 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 18:13:32.0682 5636 RasSstp - ok 18:13:32.0713 5636 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 18:13:32.0775 5636 rdbss - ok 18:13:32.0806 5636 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 18:13:32.0853 5636 rdpbus - ok 18:13:32.0884 5636 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 18:13:32.0947 5636 RDPCDD - ok 18:13:32.0962 5636 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 18:13:33.0040 5636 RDPENCDD - ok 18:13:33.0056 5636 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 18:13:33.0103 5636 RDPREFMP - ok 18:13:33.0150 5636 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 18:13:33.0228 5636 RDPWD - ok 18:13:33.0274 5636 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 18:13:33.0306 5636 rdyboost - ok 18:13:33.0337 5636 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll 18:13:33.0430 5636 RemoteAccess - ok 18:13:33.0462 5636 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 18:13:33.0524 5636 RemoteRegistry - ok 18:13:33.0571 5636 [ 5790bca445cc40df8b38c2c48608aac2 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys 18:13:33.0680 5636 RimUsb - ok 18:13:33.0742 5636 [ c903d49655b4aae46673f0aaa6be0f58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys 18:13:33.0836 5636 RimVSerPort - ok 18:13:33.0883 5636 [ 388d3dd1a6457280f3badba9f3acd6b1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys 18:13:33.0945 5636 ROOTMODEM - ok 18:13:33.0976 5636 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 18:13:34.0054 5636 RpcEptMapper - ok 18:13:34.0086 5636 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe 18:13:34.0148 5636 RpcLocator - ok 18:13:34.0195 5636 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll 18:13:34.0242 5636 RpcSs - ok 18:13:34.0273 5636 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 18:13:34.0366 5636 rspndr - ok 18:13:34.0413 5636 [ 4a25dc970c58104602ed274dacafd784 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys 18:13:34.0476 5636 RSUSBSTOR - ok 18:13:34.0491 5636 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe 18:13:34.0522 5636 SamSs - ok 18:13:34.0554 5636 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 18:13:34.0632 5636 sbp2port - ok 18:13:34.0663 5636 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll 18:13:34.0772 5636 SCardSvr - ok 18:13:34.0803 5636 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 18:13:34.0944 5636 scfilter - ok 18:13:34.0990 5636 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll 18:13:35.0100 5636 Schedule - ok 18:13:35.0131 5636 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll 18:13:35.0193 5636 SCPolicySvc - ok 18:13:35.0224 5636 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 18:13:35.0318 5636 SDRSVC - ok 18:13:35.0349 5636 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 18:13:35.0396 5636 secdrv - ok 18:13:35.0427 5636 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll 18:13:35.0474 5636 seclogon - ok 18:13:35.0505 5636 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\System32\sens.dll 18:13:35.0568 5636 SENS - ok 18:13:35.0583 5636 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 18:13:35.0630 5636 SensrSvc - ok 18:13:35.0661 5636 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 18:13:35.0692 5636 Serenum - ok 18:13:35.0724 5636 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 18:13:35.0755 5636 Serial - ok 18:13:35.0786 5636 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 18:13:35.0833 5636 sermouse - ok 18:13:35.0880 5636 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll 18:13:35.0989 5636 SessionEnv - ok 18:13:36.0020 5636 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 18:13:36.0067 5636 sffdisk - ok 18:13:36.0114 5636 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 18:13:36.0160 5636 sffp_mmc - ok 18:13:36.0192 5636 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 18:13:36.0316 5636 sffp_sd - ok 18:13:36.0348 5636 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 18:13:36.0410 5636 sfloppy - ok 18:13:36.0519 5636 [ 74ec60e20516aaa573be74f31175270f ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE 18:13:36.0566 5636 SftService - ok 18:13:36.0613 5636 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll 18:13:36.0753 5636 ShellHWDetection - ok 18:13:36.0769 5636 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 18:13:36.0800 5636 SiSRaid2 - ok 18:13:36.0816 5636 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 18:13:36.0831 5636 SiSRaid4 - ok 18:13:36.0894 5636 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 18:13:36.0956 5636 Smb - ok 18:13:36.0987 5636 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe 18:13:37.0034 5636 SNMPTRAP - ok 18:13:37.0050 5636 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys 18:13:37.0081 5636 spldr - ok 18:13:37.0112 5636 [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler C:\Windows\System32\spoolsv.exe 18:13:37.0174 5636 Spooler - ok 18:13:37.0299 5636 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe 18:13:37.0393 5636 sppsvc - ok 18:13:37.0408 5636 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 18:13:37.0471 5636 sppuinotify - ok 18:13:37.0518 5636 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys 18:13:37.0580 5636 srv - ok 18:13:37.0611 5636 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 18:13:37.0642 5636 srv2 - ok 18:13:37.0658 5636 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 18:13:37.0689 5636 srvnet - ok 18:13:37.0720 5636 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 18:13:37.0767 5636 SSDPSRV - ok 18:13:37.0783 5636 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll 18:13:37.0845 5636 SstpSvc - ok 18:13:37.0954 5636 [ 444109453a2b87e6c16bcda5953e81a9 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe 18:13:38.0017 5636 STacSV - ok 18:13:38.0048 5636 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 18:13:38.0095 5636 stexstor - ok 18:13:38.0110 5636 [ 02e784fa49032f84964db90a3ed81890 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys 18:13:38.0204 5636 STHDA - ok 18:13:38.0266 5636 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll 18:13:38.0360 5636 stisvc - ok 18:13:38.0407 5636 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys 18:13:38.0438 5636 swenum - ok 18:13:38.0485 5636 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll 18:13:38.0547 5636 swprv - ok 18:13:38.0625 5636 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll 18:13:38.0734 5636 SysMain - ok 18:13:38.0781 5636 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 18:13:38.0890 5636 TabletInputService - ok 18:13:38.0937 5636 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 18:13:39.0046 5636 TapiSrv - ok 18:13:39.0078 5636 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll 18:13:39.0124 5636 TBS - ok 18:13:39.0218 5636 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 18:13:39.0312 5636 Tcpip - ok 18:13:39.0374 5636 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 18:13:39.0421 5636 TCPIP6 - ok 18:13:39.0468 5636 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 18:13:39.0546 5636 tcpipreg - ok 18:13:39.0577 5636 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 18:13:39.0655 5636 TDPIPE - ok 18:13:39.0686 5636 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 18:13:39.0733 5636 TDTCP - ok 18:13:39.0764 5636 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 18:13:39.0826 5636 tdx - ok 18:13:39.0858 5636 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys 18:13:39.0889 5636 TermDD - ok 18:13:39.0920 5636 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll 18:13:39.0998 5636 TermService - ok 18:13:40.0029 5636 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll 18:13:40.0060 5636 Themes - ok 18:13:40.0092 5636 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll 18:13:40.0154 5636 THREADORDER - ok 18:13:40.0170 5636 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll 18:13:40.0216 5636 TrkWks - ok 18:13:40.0279 5636 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 18:13:40.0341 5636 TrustedInstaller - ok 18:13:40.0404 5636 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 18:13:40.0482 5636 tssecsrv - ok 18:13:40.0528 5636 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 18:13:40.0622 5636 TsUsbFlt - ok 18:13:40.0669 5636 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 18:13:40.0731 5636 tunnel - ok 18:13:40.0747 5636 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 18:13:40.0778 5636 uagp35 - ok 18:13:40.0825 5636 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 18:13:40.0872 5636 udfs - ok 18:13:40.0903 5636 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 18:13:40.0934 5636 UI0Detect - ok 18:13:40.0996 5636 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 18:13:41.0028 5636 uliagpkx - ok 18:13:41.0059 5636 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\drivers\umbus.sys 18:13:41.0090 5636 umbus - ok 18:13:41.0121 5636 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 18:13:41.0152 5636 UmPass - ok 18:13:41.0184 5636 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll 18:13:41.0262 5636 upnphost - ok 18:13:41.0308 5636 [ 54d4b48d443e7228bf64cf7cdc3118ac ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 18:13:41.0324 5636 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning 18:13:41.0324 5636 USBAAPL64 - detected UnsignedFile.Multi.Generic (1) 18:13:41.0355 5636 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 18:13:41.0433 5636 usbccgp - ok 18:13:41.0464 5636 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 18:13:41.0496 5636 usbcir - ok 18:13:41.0527 5636 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 18:13:41.0574 5636 usbehci - ok 18:13:41.0636 5636 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 18:13:41.0683 5636 usbhub - ok 18:13:41.0714 5636 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 18:13:41.0745 5636 usbohci - ok 18:13:41.0776 5636 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 18:13:41.0823 5636 usbprint - ok 18:13:41.0870 5636 [ aaa2513c8aed8b54b189fd0c6b1634c0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 18:13:41.0932 5636 usbscan - ok 18:13:41.0964 5636 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS 18:13:42.0042 5636 USBSTOR - ok 18:13:42.0073 5636 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 18:13:42.0120 5636 usbuhci - ok 18:13:42.0166 5636 [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 18:13:42.0213 5636 usbvideo - ok 18:13:42.0229 5636 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll 18:13:42.0307 5636 UxSms - ok 18:13:42.0322 5636 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe 18:13:42.0338 5636 VaultSvc - ok 18:13:42.0385 5636 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 18:13:42.0416 5636 vdrvroot - ok 18:13:42.0478 5636 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe 18:13:42.0588 5636 vds - ok 18:13:42.0619 5636 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 18:13:42.0650 5636 vga - ok 18:13:42.0666 5636 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys 18:13:42.0712 5636 VgaSave - ok 18:13:42.0744 5636 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 18:13:42.0775 5636 vhdmp - ok 18:13:42.0822 5636 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys 18:13:42.0853 5636 viaide - ok 18:13:42.0900 5636 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 18:13:42.0915 5636 volmgr - ok 18:13:42.0962 5636 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 18:13:42.0993 5636 volmgrx - ok 18:13:43.0071 5636 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 18:13:43.0087 5636 volsnap - ok 18:13:43.0134 5636 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 18:13:43.0149 5636 vsmraid - ok 18:13:43.0227 5636 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe 18:13:43.0305 5636 VSS - ok 18:13:43.0321 5636 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 18:13:43.0368 5636 vwifibus - ok 18:13:43.0399 5636 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 18:13:43.0461 5636 vwififlt - ok 18:13:43.0492 5636 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll 18:13:43.0555 5636 W32Time - ok 18:13:43.0586 5636 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 18:13:43.0617 5636 WacomPen - ok 18:13:43.0680 5636 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 18:13:43.0726 5636 WANARP - ok 18:13:43.0758 5636 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 18:13:43.0820 5636 Wanarpv6 - ok 18:13:43.0882 5636 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 18:13:44.0038 5636 WatAdminSvc - ok 18:13:44.0132 5636 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe 18:13:44.0304 5636 wbengine - ok 18:13:44.0350 5636 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 18:13:44.0382 5636 WbioSrvc - ok 18:13:44.0428 5636 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll 18:13:44.0491 5636 wcncsvc - ok 18:13:44.0506 5636 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 18:13:44.0569 5636 WcsPlugInService - ok 18:13:44.0600 5636 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys 18:13:44.0616 5636 Wd - ok 18:13:44.0647 5636 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 18:13:44.0694 5636 Wdf01000 - ok 18:13:44.0725 5636 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll 18:13:44.0818 5636 WdiServiceHost - ok 18:13:44.0834 5636 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll 18:13:44.0850 5636 WdiSystemHost - ok 18:13:44.0896 5636 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll 18:13:44.0990 5636 WebClient - ok 18:13:45.0021 5636 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll 18:13:45.0115 5636 Wecsvc - ok 18:13:45.0130 5636 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 18:13:45.0193 5636 wercplsupport - ok 18:13:45.0224 5636 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll 18:13:45.0302 5636 WerSvc - ok 18:13:45.0349 5636 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 18:13:45.0396 5636 WfpLwf - ok 18:13:45.0458 5636 [ b14ef15bd757fa488f9c970eee9c0d35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys 18:13:45.0474 5636 WimFltr - ok 18:13:45.0505 5636 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys 18:13:45.0520 5636 WIMMount - ok 18:13:45.0552 5636 WinHttpAutoProxySvc - ok 18:13:45.0630 5636 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 18:13:45.0692 5636 Winmgmt - ok 18:13:45.0801 5636 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll 18:13:46.0066 5636 WinRM - ok 18:13:46.0160 5636 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll 18:13:46.0238 5636 Wlansvc - ok 18:13:46.0332 5636 [ 13b0a570e1ae451c92da550085d72cf3 ] wltrysvc C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE 18:13:46.0347 5636 wltrysvc ( UnsignedFile.Multi.Generic ) - warning 18:13:46.0347 5636 wltrysvc - detected UnsignedFile.Multi.Generic (1) 18:13:46.0394 5636 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 18:13:46.0425 5636 WmiAcpi - ok 18:13:46.0488 5636 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 18:13:46.0550 5636 wmiApSrv - ok 18:13:46.0581 5636 WMPNetworkSvc - ok 18:13:46.0612 5636 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll 18:13:46.0675 5636 WPCSvc - ok 18:13:46.0722 5636 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 18:13:46.0768 5636 WPDBusEnum - ok 18:13:46.0800 5636 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 18:13:46.0847 5636 ws2ifsl - ok 18:13:46.0847 5636 WSearch - ok 18:13:46.0910 5636 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 18:13:46.0988 5636 WudfPf - ok 18:13:47.0019 5636 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 18:13:47.0066 5636 WUDFRd - ok 18:13:47.0097 5636 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 18:13:47.0175 5636 wudfsvc - ok 18:13:47.0222 5636 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll 18:13:47.0284 5636 WwanSvc - ok 18:13:47.0331 5636 [ 79d9ce9614c955dd31aa2556b4014662 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys 18:13:47.0440 5636 yukonw7 - ok 18:13:47.0456 5636 ================ Scan global =============================== 18:13:47.0487 5636 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll 18:13:47.0518 5636 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll 18:13:47.0549 5636 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll 18:13:47.0581 5636 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll 18:13:47.0627 5636 (014a9cb92514e27c0107614df764bc06) C:\Windows\system32\services.exe 18:13:47.0627 5636 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected 18:13:47.0627 5636 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0) 18:13:47.0627 5636 ================ Scan MBR ================================== 18:13:47.0659 5636 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 18:13:47.0659 5636 Suspicious mbr (Forged): \Device\Harddisk0\DR0 18:13:47.0721 5636 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected 18:13:47.0721 5636 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0) 18:13:47.0783 5636 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 18:13:47.0783 5636 \Device\Harddisk0\DR0 - detected TDSS File System (1) 18:13:47.0799 5636 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1 18:13:47.0939 5636 \Device\Harddisk1\DR1 - ok 18:13:47.0939 5636 ================ Scan VBR ================================== 18:13:47.0939 5636 Boot (0x1200) (ce1660b4a78827026eab557be1bfe095) \Device\Harddisk0\DR0\Partition1 18:13:47.0939 5636 \Device\Harddisk0\DR0\Partition1 - ok 18:13:47.0986 5636 Boot (0x1200) (4eb64c46782b52d213573077d5291b6d) \Device\Harddisk0\DR0\Partition2 18:13:47.0986 5636 \Device\Harddisk0\DR0\Partition2 - ok 18:13:47.0986 5636 Boot (0x1200) (32d87aba66365c6c4e0b4978295782b2) \Device\Harddisk1\DR1\Partition1 18:13:47.0986 5636 \Device\Harddisk1\DR1\Partition1 - ok 18:13:47.0986 5636 ============================================================ 18:13:47.0986 5636 Scan finished 18:13:47.0986 5636 ============================================================ 18:13:48.0017 4412 Detected object count: 7 18:13:48.0017 4412 Actual detected object count: 7 18:15:19.0106 4412 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user 18:15:19.0106 4412 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:15:19.0106 4412 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 18:15:19.0106 4412 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:15:19.0106 4412 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user 18:15:19.0106 4412 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:15:19.0106 4412 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user 18:15:19.0106 4412 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:15:19.0215 4412 C:\Windows\system32\services.exe - copied to quarantine 18:15:20.0089 4412 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine 18:15:20.0167 4412 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine 18:15:20.0182 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\@ - copied to quarantine 18:15:20.0198 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\L\00000004.@ - copied to quarantine 18:15:20.0198 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\L\201d3dde - copied to quarantine 18:15:20.0198 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\00000004.@ - copied to quarantine 18:15:20.0214 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\00000008.@ - copied to quarantine 18:15:20.0214 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\000000cb.@ - copied to quarantine 18:15:20.0214 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\80000000.@ - copied to quarantine 18:15:20.0214 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\80000032.@ - copied to quarantine 18:15:20.0214 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\80000064.@ - copied to quarantine 18:15:40.0433 4412 Backup copy found, using it.. 18:15:40.0511 4412 C:\Windows\assembly\GAC_32\desktop.ini - will be deleted on reboot 18:15:40.0511 4412 C:\Windows\assembly\GAC_64\desktop.ini - will be deleted on reboot 18:15:40.0527 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\@ - will be deleted on reboot 18:15:40.0527 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\00000004.@ - will be deleted on reboot 18:15:40.0527 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\00000008.@ - will be deleted on reboot 18:15:40.0527 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\000000cb.@ - will be deleted on reboot 18:15:40.0527 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\80000000.@ - will be deleted on reboot 18:15:40.0527 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\80000032.@ - will be deleted on reboot 18:15:40.0527 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\80000064.@ - will be deleted on reboot 18:15:40.0542 4412 C:\Windows\system32\services.exe - will be cured on reboot 18:15:40.0542 4412 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Cure 18:15:41.0385 4412 \Device\Harddisk0\DR0\# - copied to quarantine 18:15:41.0385 4412 \Device\Harddisk0\DR0 - copied to quarantine 18:15:41.0463 4412 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 18:15:41.0478 4412 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 18:15:41.0478 4412 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 18:15:41.0525 4412 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 18:15:41.0541 4412 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 18:15:41.0541 4412 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 18:15:41.0541 4412 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 18:15:41.0556 4412 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 18:15:41.0556 4412 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 18:15:41.0556 4412 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 18:15:41.0572 4412 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 18:15:41.0572 4412 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 18:15:41.0572 4412 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine 18:15:41.0603 4412 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot 18:15:41.0603 4412 \Device\Harddisk0\DR0 - ok 18:15:41.0728 4412 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 18:15:41.0728 4412 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 18:15:41.0728 4412 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 18:15:49.0076 6112 Deinitialize success ****** MBAM ****************************************************** Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.19.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 kmwordsmith :: ROHAN [administrator] Protection: Enabled 8/19/2012 6:29:31 PM mbam-log-2012-08-19 (18-29-31).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 198385 Time elapsed: 6 minute(s), 14 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  7. I have a computer infected with a browser/search redirect virus. A Malwarebytes scan detects it but appears unable to fully remove the infection. Every time on reboot the infection tries to reinstall itself, but Malwarebytes detects and asks to quarantine it (which I do). Upon rerunning the quick scan the same files are found, and the process repeats.... I can now browse the Internet normally, but based on the reboot/reappear pattern, the infection is not completely removed. I've seen other similar posts on this forum, but it seems from reading them that the best course of action is to post a new thread with the log files pasted in, so that is what I am doing here. Thanks in advance for anyone who can help with this. I've already downloaded and run DDS. Here are the requested logs (MBAM / DDS / Attach): ***** MBAM log ***** Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.18.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 kmwordsmith :: ROHAN [administrator] Protection: Enabled 8/19/2012 2:40:02 PM mbam-log-2012-08-19 (14-40-02).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 198250 Time elapsed: 6 minute(s), 24 second(s) Memory Processes Detected: 1 C:\WINDOWS\svchost.exe (Trojan.Agent) -> 4644 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\WINDOWS\Installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. C:\WINDOWS\Installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully. C:\WINDOWS\svchost.exe (Trojan.Agent) -> Delete on reboot. (end) ****** DDS.txt ******************************************************************************** . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by kmwordsmith at 15:28:36 on 2012-08-19 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2499 [GMT -4:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE C:\Windows\system32\WLANExt.exe C:\Windows\system32\Dwm.exe C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe C:\Windows\system32\conhost.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\IDT\WDM\sttray64.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Users\kmwordsmith\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files (x86)\PDFCreator\PDFCreator.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Users\kmwordsmith\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Windows\system32\conhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -netsvcs C:\Windows\system32\conhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE C:\Windows\splwow64.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files\Common Files\McAfee\Core\mchost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.bing.com/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll mURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll mWinlogon: Userinit=userinit.exe, BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: ShopAtHome.com Toolbar: {66516a07-f617-488a-90cf-4e690cfb3c5f} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll BHO: CDelHotkeys Object: {78875f5c-a685-4405-8dc5-d48dc65452b0} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100907182941.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll TB: Delicious Toolbar: {61d1c847-df80-423a-8c6d-dc03b97e6ebe} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll TB: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll TB: ShopAtHome.com Toolbar: {311b58dc-a4dc-4b04-b1b5-60299ad3d803} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File EB: Delicious Sidebar: {9d19c405-ba93-461b-871f-97992cc45972} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll uRun: [screenpresso] "C:\Users\kmwordsmith\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe" -startup uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe uRun: [Google Update] "C:\Users\kmwordsmith\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [blackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript StartupFolder: C:\Users\KMWORD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe StartupFolder: C:\Users\KMWORD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\kmwordsmith\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PDFCRE~1.LNK - C:\Program Files (x86)\PDFCreator\PDFCreator.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2C887991-08F0-11DC-A9B2-0012F0B227DD} - {B8D8B1D0-83AF-451B-8CD9-8F1BF4ED8FEA} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll IE: {2C887992-08F0-11DC-A9B2-0012F0B227DD} - {9D19C405-BA93-461b-871F-97992CC45972} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll IE: {2C887993-08F0-11DC-A9B2-0012F0B227DD} - {4D3D441F-9543-4941-B664-2EDCF9FC1B56} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL LSP: mswsock.dll DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://logicalimages.webex.com/client/T27LB/webex/ieatgpc1.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.254.254 TCP: Interfaces\{5543631B-9160-4BE9-925D-36734AE345F2} : DhcpNameServer = 192.168.254.254 TCP: Interfaces\{7F302492-41B6-4FBD-8780-5795A2FDC3EF} : DhcpNameServer = 192.168.254.254 BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll BHO-X64: McAfee Phishing Filter - No File BHO-X64: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll BHO-X64: Coupons.com - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: ShopAtHome.com Toolbar: {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll BHO-X64: ShopAtHome.com Toolbar - No File BHO-X64: CDelHotkeys Object: {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100907182941.dll BHO-X64: scriptproxy - No File BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll TB-X64: Delicious Toolbar: {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll TB-X64: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll TB-X64: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File EB-X64: {9D19C405-BA93-461B-871F-97992CC45972} - No File mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun-x64: [blackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?] R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-15 655944] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-7 355440] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-7 355440] R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-9-7 199032] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-9-7 244840] R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-9-7 148520] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-11-28 1692480] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-1 136176] S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-7 355440] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-17 250056] S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-1 136176] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-08-19 18:37:44 20480 ------w- C:\Windows\svchost.exe 2012-08-16 03:14:57 -------- d-----w- C:\Users\kmwordsmith\AppData\Roaming\Malwarebytes 2012-08-16 03:14:50 -------- d-----w- C:\ProgramData\Malwarebytes 2012-08-16 03:14:46 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-08-16 03:14:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-08-16 02:56:29 -------- d-----w- C:\Program Files (x86)\PC Tools 2012-08-16 02:47:50 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys 2012-08-16 02:47:50 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools 2012-08-16 02:47:20 -------- d-----w- C:\ProgramData\PC Tools 2012-08-16 02:47:19 -------- d-----w- C:\Users\kmwordsmith\AppData\Roaming\TestApp 2012-07-24 19:47:01 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-07-24 14:33:50 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\F337.tmp 2012-07-24 14:33:50 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\F336.tmp . ==================== Find3M ==================== . 2012-08-15 13:46:15 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-15 13:46:15 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll . ============= FINISH: 15:29:33.35 =============== ********** Attach.txt ********************************************************** . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 12/4/2009 7:12:02 PM System Uptime: 8/19/2012 2:36:21 PM (1 hours ago) . Motherboard: Dell Inc. | | 0G848F Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz | Microprocessor | 1197/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 218 GiB total, 164.079 GiB free. D: is CDROM () E: is FIXED (NTFS) - 190 GiB total, 105.716 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP186: 7/9/2012 11:11:13 AM - Scheduled Checkpoint RP187: 7/11/2012 11:56:50 PM - Windows Update RP188: 7/19/2012 12:53:10 PM - Scheduled Checkpoint RP189: 7/27/2012 8:20:17 AM - Scheduled Checkpoint RP190: 8/3/2012 8:41:58 AM - Scheduled Checkpoint RP191: 8/10/2012 10:44:01 AM - Scheduled Checkpoint RP192: 8/17/2012 11:19:58 AM - Scheduled Checkpoint . ==== Installed Programs ====================== . Adobe Acrobat Connect Add-in Adobe AIR Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Contribute CS3 Adobe Default Language CS3 Adobe ExtendScript Toolkit 2 Adobe Flash Player 11 ActiveX Adobe Help Viewer CS3 Adobe PDF Library Files Adobe Reader X (10.1.3) Adobe Setup Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Advanced Audio FX Engine Apple Application Support Apple Software Update Bing Bar BlackBerry Desktop Software 5.0.1 BlackBerry® Media Sync Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Compatibility Pack for the 2007 Office system Coupon Printer for Windows Coupons.com Toolbar Delicious Add-on for Internet Explorer Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell Getting Started Guide Dell Webcam Central Dropbox Facebook Plug-In FileZilla Client 3.3.0.1 Google Chrome Google Toolbar for Internet Explorer Google Update Helper GoToAssist 8.0.0.514 Java Auto Updater Java 6 Update 29 Junk Mail filter update Live! Cam Avatar Creator Malwarebytes Anti-Malware version 1.62.0.1300 McAfee Security Scan Plus McAfee SecurityCenter Microsoft Choice Guard Microsoft Office File Validation Add-In Microsoft Office Small Business Edition 2003 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 MSVCRT Notepad++ PDFCreator PowerDVD DX QualXServ Service Agreement QuickTime Roxio Burn Roxio Update Manager Screenpresso Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) ShopAtHome.com Toolbar Spelling Dictionaries Support For Adobe Reader 9 Spotify TweetDeck Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) WebEx Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer Yahoo! Detect . ==== Event Viewer Messages From Past Week ======== . 8/19/2012 2:39:26 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed. 8/19/2012 2:37:33 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 8/19/2012 2:37:33 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 8/19/2012 2:36:59 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 8/19/2012 10:50:19 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service. 8/19/2012 10:49:49 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. 8/19/2012 10:49:19 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service. 8/19/2012 1:51:43 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff800030fd4aa, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081912-23119-01. 8/19/2012 1:49:17 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800030be405). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081912-22464-01. 8/18/2012 1:38:38 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Rohan\kmwordsmith SID (S-1-5-21-2178287959-2484263321-3651141593-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 8/18/2012 1:38:38 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Rohan\kmwordsmith SID (S-1-5-21-2178287959-2484263321-3651141593-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 8/16/2012 9:13:46 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 8/16/2012 12:55:40 PM, Error: PCTCore [280] - 8/16/2012 1:19:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service. 8/16/2012 1:18:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service. 8/14/2012 1:28:11 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.101 with the system having network hardware address A4-5C-27-6F-B8-12. Network operations on this system may be disrupted as a result. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.