aviator8
-
Posts
10 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by aviator8
-
-
it appears like the kaspersky install removed malwarebytes, but I have the log file from my desktop:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.18.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
aviator8 :: AVIATOR8-PC [administrator]
11/18/2012 5:24:45 PM
mbam-log-2012-11-18 (17-24-45).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205610
Time elapsed: 1 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2D311D87-E36C-47A4-BF28-B31B48DE9773} (Adware.DealCabby) -> Quarantined and deleted successfully.
HKCR\CLSID\{2D311D87-E36C-47A4-BF28-B31B48DE9773} (Adware.DealCabby) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
the eset log was just named log.txt, so i hope this is the right one:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=162234c09b66554a89b78887d6ce0f9e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-18 11:19:44
# local_time=2012-11-18 06:19:44 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 104821935 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=121330
# found=14
# cleaned=14
# scan_time=2298
C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-928059848-1520413163-3489737491-1000\$3b99f81f31d5dbab1bcf87d0107a285a\n.vir Win64/Sirefef.AT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-928059848-1520413163-3489737491-1000\$3b99f81f31d5dbab1bcf87d0107a285a\U\80000000.@.vir Win64/Sirefef.AW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-928059848-1520413163-3489737491-1000\$3b99f81f31d5dbab1bcf87d0107a285a\U\800000cb.@.vir Win64/Sirefef.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\1EC1.tmp.vir Win64/Olmarik.AO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\1EC2.tmp.vir Win64/Olmarik.AO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Users\aviator8\AppData\Roaming\System\svchost.exe.vir a variant of MSIL/Kryptik.GP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\17.11.2012_15.44.16\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\17.11.2012_15.44.16\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\17.11.2012_15.44.16\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\17.11.2012_15.44.16\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\17.11.2012_15.44.16\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\17.11.2012_15.44.16\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\aviator8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\70IHQUBX\base[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\aviator8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\70IHQUBX\be175[1].pdf JS/Exploit.Pdfka.PUN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
-
OK ran Malware and fixed 2 items found.
ESET found 14 items and repaired
Installed Kaspersky and ran. It found the traces of the rootkit in quarantine, a java virus and one other, all either fixed or deleted
DDS log:
DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.5.1
Run by aviator8 at 21:19:29 on 2012-11-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4004.2227 [GMT -5:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\System32\WUDFHost.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.excite.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO: AwardWallet: {6AB2B33D-A637-2F56-41D1-414D72009665} - C:\Program Files (x86)\AwardWallet\bho32.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Facebook Update] "C:\Users\aviator8\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce: [sTToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{8BF80D3B-3484-4C58-9762-E0CDFCB8A3D2} : DHCPNameServer = 172.6.1.161
TCP: Interfaces\{C6ADE2D9-95D4-40FF-81A7-242EC8CD10C7} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C6ADE2D9-95D4-40FF-81A7-242EC8CD10C7}\24F696E676F60284F6473707F647 : DHCPNameServer = 10.1.0.1
TCP: Interfaces\{C6ADE2D9-95D4-40FF-81A7-242EC8CD10C7}\66C697E6F62766F6C6B6 : DHCPNameServer = 10.1.0.1
TCP: Interfaces\{C6ADE2D9-95D4-40FF-81A7-242EC8CD10C7}\74564716771697 : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: klogon - C:\windows\System32\klogon.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.excite.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\aviator8\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\aviator8\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-10-03 20:03; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2012-3-3 55856]
R1 kl2;kl2;C:\windows\System32\drivers\kl2.sys [2011-3-4 11864]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\drivers\klim6.sys [2011-3-10 29488]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-3-3 89600]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 206448]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-3 13336]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-3-3 689472]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-3 2656280]
R3 BTWAMPFL;BTWAMPFL;C:\windows\System32\drivers\btwampfl.sys [2012-3-3 349736]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2012-3-3 39464]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2012-3-3 176096]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-3-4 317440]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-3-3 533096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-3-4 250984]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-7-10 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-11-18 23:29:25 -------- d-sh--w- C:\$RECYCLE.BIN
2012-11-18 23:27:18 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F2B00DF7-BCB7-49F0-A019-3105EE929862}\offreg.dll
2012-11-18 23:27:14 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-11-18 23:27:14 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2012-11-18 22:38:38 -------- d-----w- C:\Program Files (x86)\ESET
2012-11-18 22:23:53 -------- d-----w- C:\Users\aviator8\AppData\Roaming\Malwarebytes
2012-11-18 15:53:50 98816 ----a-w- C:\windows\sed.exe
2012-11-18 15:53:50 256000 ----a-w- C:\windows\PEV.exe
2012-11-18 15:53:50 208896 ----a-w- C:\windows\MBR.exe
2012-11-18 08:11:57 9728 ----a-w- C:\windows\System32\Wdfres.dll
2012-11-18 08:11:57 785512 ----a-w- C:\windows\System32\drivers\Wdf01000.sys
2012-11-18 08:11:57 54376 ----a-w- C:\windows\System32\drivers\WdfLdr.sys
2012-11-18 08:11:57 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-18 08:03:04 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys
2012-11-18 08:03:04 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys
2012-11-18 08:03:01 84992 ----a-w- C:\windows\System32\WUDFSvc.dll
2012-11-18 08:03:01 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll
2012-11-18 08:03:00 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll
2012-11-18 08:02:59 744448 ----a-w- C:\windows\System32\WUDFx.dll
2012-11-18 08:02:59 229888 ----a-w- C:\windows\System32\WUDFHost.exe
2012-11-17 20:44:55 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-17 16:51:33 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F2B00DF7-BCB7-49F0-A019-3105EE929862}\mpengine.dll
2012-11-17 16:51:05 226816 ----a-w- C:\windows\System32\dhcpcore6.dll
2012-11-17 16:51:04 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll
2012-11-17 16:51:04 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll
2012-11-17 16:51:04 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll
2012-11-17 16:51:02 3149824 ----a-w- C:\windows\System32\win32k.sys
2012-11-03 03:42:25 -------- d-----w- C:\Users\aviator8\AppData\Roaming\System
.
==================== Find3M ====================
.
2012-10-09 15:45:03 696760 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 15:45:02 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 03:51:09 10220472 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2012-10-08 11:31:03 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-10-03 17:56:54 1914248 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\windows\System32\drivers\tcpipreg.sys
2012-09-25 22:47:43 78336 ----a-w- C:\windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\windows\System32\synceng.dll
2012-09-14 19:19:29 2048 ----a-w- C:\windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-08-22 18:12:40 950128 ----a-w- C:\windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\windows\System32\OxpsConverter.exe
.
============= FINISH: 21:20:04.32 ===============
Attach log
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/8/2012 8:44:54 PM
System Uptime: 11/18/2012 7:57:42 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 01HXXJ
Processor: Intel® Core i3-2350M CPU @ 2.30GHz | CPU 1 | 2300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 411.507 GiB free.
D: is CDROM (CDFS)
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP20: 9/9/2012 1:28:03 PM - Installed Remote Control USB Driver
RP21: 9/9/2012 1:28:27 PM - Installed Logitech Harmony Remote Software 7
RP22: 9/17/2012 2:07:01 AM - Windows Update
RP23: 9/18/2012 3:00:44 AM - Windows Update
RP24: 9/26/2012 10:47:06 PM - Windows Update
RP25: 9/26/2012 10:47:37 PM - Scheduled Checkpoint
RP26: 9/27/2012 3:00:23 AM - Windows Update
RP27: 10/1/2012 1:21:02 PM - Windows Update
RP28: 10/5/2012 4:43:47 AM - Windows Update
RP29: 10/9/2012 10:34:14 PM - Windows Update
RP30: 10/11/2012 3:00:55 AM - Windows Update
RP31: 11/2/2012 11:41:18 PM - Windows Update
RP32: 11/10/2012 8:24:23 PM - Windows Update
RP33: 11/13/2012 9:07:13 PM - Windows Update
RP34: 11/17/2012 11:50:40 AM - Windows Update
RP35: 11/18/2012 3:01:05 AM - Windows Update
.
==== Installed Programs ======================
.
Accidental Damage Services Agreement
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X MUI
Advanced Audio FX Engine
AwardWallet (remove only)
Banctec Service Agreement
Bing Bar
Blio
Complete Care Business Service Agreement
Consumer In-Home Service Agreement
D3DX10
DealCabby
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Edoc Viewer
Dell Getting Started Guide
Dell Home Systems Service Agreement
Dell MusicStage
Dell PhotoStage
Dell Product Registration
Dell Stage
Dell Stage Remote
Dell Support Center
Dell Touchpad
Dell VideoStage
Dell Webcam Central
DirectX 9 Runtime
DW WLAN Card
ESET Online Scanner v3
Facebook Video Calling 1.2.0.287
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
IDT Audio
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Java Auto Updater
Java 7 Update 1 (64-bit)
Java 7 Update 5
JavaFX 2.1.1
Junk Mail filter update
Kaspersky Internet Security 2012
Logitech Harmony Remote Software 7
McAfee Security Scan Plus
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PhotoShowExpress
PlayReady PC Runtime x86
Premium Service Agreement
QualxServ Service Agreement
Quickset64
RBVirtualFolder64Inst
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Remote Control USB Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype Click to Call
Skype™ 5.10
Sonic CinePlayer Decoder Pack
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
WIDCOMM Bluetooth Software
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zinio Reader 4
.
==== Event Viewer Messages From Past Week ========
.
11/18/2012 6:26:15 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
11/18/2012 6:26:11 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MfeFire. This service might not be installed.
11/18/2012 10:58:49 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/18/2012 10:58:03 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
11/18/2012 10:53:26 AM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).
11/17/2012 12:21:09 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/17/2012 12:21:09 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
11/17/2012 12:21:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
.
==== End Of File ===========================
-
before i proceed. I bought Kaspersky lab a few days ago, Will this create an issue running with Anti-Malware at the same time?
-
haven't tried anything yet. Sould we rescan to make sure there are no infections after cleaning?
-
Good Morning. Here are the results of combofix
ComboFix 12-11-16.02 - aviator8 11/18/2012 10:54:41.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4004.2633 [GMT -5:00]
Running from: c:\users\aviator8\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-21-928059848-1520413163-3489737491-1000\$3b99f81f31d5dbab1bcf87d0107a285a\@
c:\$recycle.bin\S-1-5-21-928059848-1520413163-3489737491-1000\$3b99f81f31d5dbab1bcf87d0107a285a\n
c:\$recycle.bin\S-1-5-21-928059848-1520413163-3489737491-1000\$3b99f81f31d5dbab1bcf87d0107a285a\U\00000001.@
c:\$recycle.bin\S-1-5-21-928059848-1520413163-3489737491-1000\$3b99f81f31d5dbab1bcf87d0107a285a\U\80000000.@
c:\$recycle.bin\S-1-5-21-928059848-1520413163-3489737491-1000\$3b99f81f31d5dbab1bcf87d0107a285a\U\800000cb.@
c:\programdata\Microsoft\Windows\DRM\1EC1.tmp
c:\programdata\Microsoft\Windows\DRM\1EC2.tmp
c:\users\aviator8\AppData\Local\dealcabby
c:\users\aviator8\AppData\Local\dealcabby\ie\dealcabby_20121004075001.dll
c:\users\aviator8\AppData\Local\dealcabby\license.txt
c:\users\aviator8\AppData\Local\dealcabby\sqlite3.exe
c:\users\aviator8\AppData\Local\dealcabby\uninst.exe
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\bootstrap.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\defaults\preferences\prefs.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\harness-options.json
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\icon.png
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\icon64.png
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\install.rdf
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\locale\en-GB.json
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\locale\eo.json
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\locale\fr-FR.json
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\locales.json
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\addon-kit\lib\page-mod.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\addon-kit\lib\request.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\addon-kit\lib\windows.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\data\content-proxy.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\data\test-content-symbiont.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\data\test-message-manager.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\data\test-trusted-document.html
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\data\worker.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\api-utils.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\base.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\byte-streams.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\channel.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\collection.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\content.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\content\loader.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\content\symbiont.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\content\worker.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\cortex.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\cuddlefish.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\dom\events.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\environment.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\errors.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\event\core.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\event\target.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\events.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\events\assembler.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\file.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\functional.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\globals!.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\hidden-frame.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\light-traits.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\list.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\match-pattern.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\memory.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\message-manager.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\namespace.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\observer-service.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\plain-text-console.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\preferences-service.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\process.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\querystring.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\runtime.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\sandbox.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\self!.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\system.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\tabs\events.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\tabs\observer.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\tabs\tab.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\tabs\utils.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\text-streams.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\timer.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\traceback.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\traits.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\traits\core.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\unload.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\url.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\utils\data.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\utils\object.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\utils\registry.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\utils\thumbnail.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\uuid.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\window-utils.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\window\utils.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\windows\dom.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\windows\loader.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\windows\observer.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\windows\tabs.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\xhr.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\xpcom.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\xul-app.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\dealcabby\lib\main.js
c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\dealcabby\lib\main.js.old
c:\users\aviator8\AppData\Roaming\system\svchost.exe
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-18 to 2012-11-18 )))))))))))))))))))))))))))))))
.
.
2012-11-18 15:58 . 2012-11-18 15:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-18 08:35 . 2012-11-18 08:35 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F2B00DF7-BCB7-49F0-A019-3105EE929862}\offreg.dll
2012-11-18 08:11 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-18 08:11 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-18 08:11 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-18 08:11 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-18 08:03 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-18 08:03 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-18 08:03 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-18 08:03 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-18 08:03 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-18 08:02 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-18 08:02 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-17 20:44 . 2012-11-17 20:44 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-17 16:51 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F2B00DF7-BCB7-49F0-A019-3105EE929862}\mpengine.dll
2012-11-17 16:51 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-17 16:51 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-17 16:51 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-11-17 16:51 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-11-17 16:51 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-11-03 03:42 . 2012-11-18 15:58 -------- d-----w- c:\users\aviator8\AppData\Roaming\System
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-18 08:04 . 2012-07-16 18:36 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 15:45 . 2012-07-10 16:35 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 15:45 . 2012-03-04 04:06 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 03:51 . 2012-10-09 03:51 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-09-14 19:19 . 2012-10-11 00:33 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-11 00:33 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-11 00:34 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-11 00:34 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-11 00:34 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-11 00:34 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-11 00:34 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-11 00:34 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-22 18:12 . 2012-09-17 06:10 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-17 06:10 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-17 06:10 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-27 02:49 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 18:48 . 2012-10-11 00:34 243200 ----a-w- c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-11 00:34 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-11 00:34 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-11 00:34 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-11 00:34 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-11 00:34 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-11 00:34 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-11 00:34 338432 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-11 00:34 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 00:34 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 00:34 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 00:34 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 00:34 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 00:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 00:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 00:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 00:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 00:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 00:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 00:34 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 00:34 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 00:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 00:34 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-11 00:34 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-11 00:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-11 00:34 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-11 00:34 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-11 00:34 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-11 00:34 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 00:34 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 00:34 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 00:34 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 00:34 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 00:34 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 00:34 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 00:34 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 00:34 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 00:34 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 00:34 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 00:34 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 00:34 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6AB2B33D-A637-2F56-41D1-414D72009665}]
2012-06-27 13:36 654344 ----a-w- c:\program files (x86)\AwardWallet\bho32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-09 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Facebook Update"="c:\users\aviator8\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-10-03 138096]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2011-08-04 4165440]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-11-03 957440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-12 163040]
"DSUpdateLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" [2010-07-21 18240]
"STToasterLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe" [2010-08-12 120032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-1-13 1138464]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-10 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-08-18 349736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-08-18 39464]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 533096]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-10 15:45]
.
2012-11-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-928059848-1520413163-3489737491-1000Core.job
- c:\users\aviator8\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-03 13:20]
.
2012-11-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-928059848-1520413163-3489737491-1000UA.job
- c:\users\aviator8\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-03 13:20]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-09 01:00]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-09 01:00]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928059848-1520413163-3489737491-1000Core.job
- c:\users\aviator8\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-04 23:59]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928059848-1520413163-3489737491-1000UA.job
- c:\users\aviator8\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-04 23:59]
.
2012-07-20 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2012-11-17 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2011-12-14 04:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-11-03 2190704]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.excite.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.excite.com/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-03 20:03; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{2D311D87-E36C-47A4-BF28-B31B48DE9773} - c:\users\aviator8\AppData\Local\dealcabby\ie\dealcabby_20121004075001.dll
Wow6432Node-HKCU-Run-Windows Services Host - c:\users\aviator8\AppData\Roaming\System\svchost.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-59052895.sys
AddRemove-DealCabby - c:\users\aviator8\AppData\Local\dealcabby\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2D311D87-E36C-47A4-BF28-B31B48DE9773}"=hex:51,66,7a,6c,4c,1d,38,12,e9,1e,22,
29,5e,ad,ca,02,c0,3e,f0,5b,4d,80,d3,67
"{6AB2B33D-A637-2F56-41D1-414D72009665}"=hex:51,66,7a,6c,4c,1d,38,12,53,b0,a1,
6e,05,e8,38,6a,3e,c7,02,0d,77,5e,d2,71
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:6f,b7,ae,a9,0d,c2,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-18 11:00:14
ComboFix-quarantined-files.txt 2012-11-18 16:00
.
Pre-Run: 443,213,840,384 bytes free
Post-Run: 443,628,474,368 bytes free
.
- - End Of File - - 544B4C4B6F24EEBAB405B82F529A2583
-
ran with cure. two logs produced:
first:
15:44:16.0898 1824 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:44:16.0898 1824 ============================================================
15:44:16.0898 1824 Current date / time: 2012/11/17 15:44:16.0898
15:44:16.0898 1824 SystemInfo:
15:44:16.0898 1824
15:44:16.0898 1824 OS Version: 6.1.7601 ServicePack: 1.0
15:44:16.0898 1824 Product type: Workstation
15:44:16.0898 1824 ComputerName: AVIATOR8-PC
15:44:16.0898 1824 UserName: aviator8
15:44:16.0898 1824 Windows directory: C:\windows
15:44:16.0898 1824 System windows directory: C:\windows
15:44:16.0898 1824 Running under WOW64
15:44:16.0898 1824 Processor architecture: Intel x64
15:44:16.0898 1824 Number of processors: 4
15:44:16.0898 1824 Page size: 0x1000
15:44:16.0898 1824 Boot type: Normal boot
15:44:16.0898 1824 ============================================================
15:44:17.0194 1824 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:44:17.0210 1824 Drive \Device\Harddisk1\DR3 - Size: 0x1E2000000 (7.53 Gb), SectorSize: 0x200, Cylinders: 0x3D7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:44:17.0210 1824 ============================================================
15:44:17.0210 1824 \Device\Harddisk0\DR0:
15:44:17.0210 1824 MBR partitions:
15:44:17.0210 1824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
15:44:17.0210 1824 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
15:44:17.0210 1824 \Device\Harddisk1\DR3:
15:44:17.0210 1824 MBR partitions:
15:44:17.0210 1824 ============================================================
15:44:17.0256 1824 C: <-> \Device\Harddisk0\DR0\Partition2
15:44:17.0256 1824 ============================================================
15:44:17.0256 1824 Initialize success
15:44:17.0256 1824 ============================================================
15:44:20.0798 2376 ============================================================
15:44:20.0798 2376 Scan started
15:44:20.0798 2376 Mode: Manual;
15:44:20.0798 2376 ============================================================
15:44:21.0032 2376 ================ Scan system memory ========================
15:44:21.0032 2376 System memory - ok
15:44:21.0032 2376 ================ Scan services =============================
15:44:21.0188 2376 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
15:44:21.0203 2376 1394ohci - ok
15:44:21.0234 2376 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
15:44:21.0234 2376 ACPI - ok
15:44:21.0297 2376 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
15:44:21.0297 2376 AcpiPmi - ok
15:44:21.0390 2376 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:44:21.0390 2376 AdobeFlashPlayerUpdateSvc - ok
15:44:21.0422 2376 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
15:44:21.0422 2376 adp94xx - ok
15:44:21.0468 2376 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
15:44:21.0468 2376 adpahci - ok
15:44:21.0484 2376 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
15:44:21.0484 2376 adpu320 - ok
15:44:21.0515 2376 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
15:44:21.0515 2376 AeLookupSvc - ok
15:44:21.0593 2376 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
15:44:21.0593 2376 AESTFilters - ok
15:44:21.0702 2376 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
15:44:21.0702 2376 AFD - ok
15:44:21.0749 2376 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
15:44:21.0749 2376 agp440 - ok
15:44:21.0796 2376 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
15:44:21.0796 2376 ALG - ok
15:44:21.0812 2376 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
15:44:21.0812 2376 aliide - ok
15:44:21.0812 2376 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
15:44:21.0812 2376 amdide - ok
15:44:21.0827 2376 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
15:44:21.0827 2376 AmdK8 - ok
15:44:21.0843 2376 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
15:44:21.0843 2376 AmdPPM - ok
15:44:21.0874 2376 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
15:44:21.0874 2376 amdsata - ok
15:44:21.0890 2376 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
15:44:21.0890 2376 amdsbs - ok
15:44:21.0905 2376 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
15:44:21.0905 2376 amdxata - ok
15:44:21.0968 2376 [ 6690E42CED5D067233ABAD42DA141213 ] ApfiltrService C:\windows\system32\DRIVERS\Apfiltr.sys
15:44:21.0968 2376 ApfiltrService - ok
15:44:21.0999 2376 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
15:44:21.0999 2376 AppID - ok
15:44:22.0046 2376 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
15:44:22.0046 2376 AppIDSvc - ok
15:44:22.0061 2376 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
15:44:22.0061 2376 Appinfo - ok
15:44:22.0077 2376 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
15:44:22.0077 2376 arc - ok
15:44:22.0077 2376 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
15:44:22.0077 2376 arcsas - ok
15:44:22.0264 2376 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:44:22.0264 2376 aspnet_state - ok
15:44:22.0295 2376 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
15:44:22.0295 2376 AsyncMac - ok
15:44:22.0326 2376 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
15:44:22.0326 2376 atapi - ok
15:44:22.0373 2376 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
15:44:22.0373 2376 AudioEndpointBuilder - ok
15:44:22.0389 2376 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
15:44:22.0389 2376 AudioSrv - ok
15:44:22.0467 2376 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
15:44:22.0467 2376 AxInstSV - ok
15:44:22.0514 2376 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
15:44:22.0529 2376 b06bdrv - ok
15:44:22.0560 2376 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
15:44:22.0560 2376 b57nd60a - ok
15:44:22.0654 2376 [ 87F3BCF82A63E900AF896CD930BF7E05 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
15:44:22.0654 2376 BBSvc - ok
15:44:22.0685 2376 [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
15:44:22.0685 2376 BBUpdate - ok
15:44:22.0810 2376 [ 783F1C7ED6B39454A8D1028D4F30768D ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys
15:44:22.0826 2376 BCM43XX - ok
15:44:22.0888 2376 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
15:44:22.0888 2376 BDESVC - ok
15:44:22.0904 2376 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
15:44:22.0904 2376 Beep - ok
15:44:22.0950 2376 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
15:44:22.0950 2376 BFE - ok
15:44:22.0997 2376 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
15:44:22.0997 2376 BITS - ok
15:44:23.0028 2376 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
15:44:23.0028 2376 blbdrive - ok
15:44:23.0075 2376 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
15:44:23.0075 2376 bowser - ok
15:44:23.0106 2376 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
15:44:23.0106 2376 BrFiltLo - ok
15:44:23.0106 2376 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
15:44:23.0106 2376 BrFiltUp - ok
15:44:23.0169 2376 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
15:44:23.0169 2376 Browser - ok
15:44:23.0184 2376 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
15:44:23.0200 2376 Brserid - ok
15:44:23.0200 2376 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
15:44:23.0200 2376 BrSerWdm - ok
15:44:23.0200 2376 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
15:44:23.0200 2376 BrUsbMdm - ok
15:44:23.0216 2376 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
15:44:23.0216 2376 BrUsbSer - ok
15:44:23.0262 2376 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
15:44:23.0262 2376 BthEnum - ok
15:44:23.0294 2376 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
15:44:23.0294 2376 BTHMODEM - ok
15:44:23.0309 2376 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
15:44:23.0309 2376 BthPan - ok
15:44:23.0372 2376 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
15:44:23.0372 2376 BTHPORT - ok
15:44:23.0418 2376 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
15:44:23.0418 2376 bthserv - ok
15:44:23.0450 2376 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
15:44:23.0450 2376 BTHUSB - ok
15:44:23.0496 2376 [ A0DFB69ADE3444C78B17636FCF28E898 ] BTWAMPFL C:\windows\system32\DRIVERS\btwampfl.sys
15:44:23.0496 2376 BTWAMPFL - ok
15:44:23.0559 2376 [ F6135859A582A7294BA7A3336E08BAA1 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
15:44:23.0559 2376 btwaudio - ok
15:44:23.0574 2376 [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt C:\windows\system32\DRIVERS\btwavdt.sys
15:44:23.0574 2376 btwavdt - ok
15:44:23.0668 2376 [ B7DEA77EE893806859072274EE8EC8FC ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:44:23.0668 2376 btwdins - ok
15:44:23.0699 2376 [ 9AD0FA253ED531D39FB2D74FE12A5FA9 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
15:44:23.0699 2376 btwl2cap - ok
15:44:23.0746 2376 [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
15:44:23.0746 2376 btwrchid - ok
15:44:23.0777 2376 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
15:44:23.0777 2376 cdfs - ok
15:44:23.0808 2376 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
15:44:23.0808 2376 cdrom - ok
15:44:23.0855 2376 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
15:44:23.0855 2376 CertPropSvc - ok
15:44:23.0871 2376 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
15:44:23.0871 2376 circlass - ok
15:44:23.0918 2376 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
15:44:23.0918 2376 CLFS - ok
15:44:23.0980 2376 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:44:23.0980 2376 clr_optimization_v2.0.50727_32 - ok
15:44:24.0011 2376 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:44:24.0011 2376 clr_optimization_v2.0.50727_64 - ok
15:44:24.0089 2376 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:44:24.0089 2376 clr_optimization_v4.0.30319_32 - ok
15:44:24.0120 2376 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:44:24.0120 2376 clr_optimization_v4.0.30319_64 - ok
15:44:24.0152 2376 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
15:44:24.0152 2376 CmBatt - ok
15:44:24.0167 2376 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
15:44:24.0167 2376 cmdide - ok
15:44:24.0214 2376 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
15:44:24.0214 2376 CNG - ok
15:44:24.0245 2376 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
15:44:24.0245 2376 Compbatt - ok
15:44:24.0276 2376 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
15:44:24.0276 2376 CompositeBus - ok
15:44:24.0292 2376 COMSysApp - ok
15:44:24.0323 2376 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
15:44:24.0323 2376 crcdisk - ok
15:44:24.0370 2376 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
15:44:24.0370 2376 CryptSvc - ok
15:44:24.0432 2376 [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt C:\windows\system32\DRIVERS\CtClsFlt.sys
15:44:24.0432 2376 CtClsFlt - ok
15:44:24.0464 2376 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
15:44:24.0464 2376 DcomLaunch - ok
15:44:24.0495 2376 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
15:44:24.0495 2376 defragsvc - ok
15:44:24.0526 2376 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
15:44:24.0526 2376 DfsC - ok
15:44:24.0542 2376 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
15:44:24.0557 2376 Dhcp - ok
15:44:24.0573 2376 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
15:44:24.0573 2376 discache - ok
15:44:24.0620 2376 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
15:44:24.0620 2376 Disk - ok
15:44:24.0651 2376 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
15:44:24.0651 2376 Dnscache - ok
15:44:24.0666 2376 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
15:44:24.0666 2376 dot3svc - ok
15:44:24.0682 2376 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
15:44:24.0682 2376 DPS - ok
15:44:24.0713 2376 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
15:44:24.0713 2376 drmkaud - ok
15:44:24.0760 2376 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
15:44:24.0760 2376 DXGKrnl - ok
15:44:24.0807 2376 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
15:44:24.0807 2376 EapHost - ok
15:44:24.0869 2376 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
15:44:24.0900 2376 ebdrv - ok
15:44:24.0932 2376 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
15:44:24.0932 2376 EFS - ok
15:44:24.0994 2376 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
15:44:24.0994 2376 ehRecvr - ok
15:44:25.0025 2376 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
15:44:25.0025 2376 ehSched - ok
15:44:25.0056 2376 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
15:44:25.0072 2376 elxstor - ok
15:44:25.0072 2376 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
15:44:25.0072 2376 ErrDev - ok
15:44:25.0119 2376 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
15:44:25.0119 2376 EventSystem - ok
15:44:25.0150 2376 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
15:44:25.0150 2376 exfat - ok
15:44:25.0166 2376 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
15:44:25.0166 2376 fastfat - ok
15:44:25.0228 2376 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
15:44:25.0228 2376 Fax - ok
15:44:25.0228 2376 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
15:44:25.0228 2376 fdc - ok
15:44:25.0259 2376 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
15:44:25.0259 2376 fdPHost - ok
15:44:25.0275 2376 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
15:44:25.0275 2376 FDResPub - ok
15:44:25.0306 2376 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
15:44:25.0306 2376 FileInfo - ok
15:44:25.0337 2376 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
15:44:25.0337 2376 Filetrace - ok
15:44:25.0368 2376 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
15:44:25.0368 2376 flpydisk - ok
15:44:25.0384 2376 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
15:44:25.0400 2376 FltMgr - ok
15:44:25.0431 2376 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
15:44:25.0446 2376 FontCache - ok
15:44:25.0493 2376 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:44:25.0493 2376 FontCache3.0.0.0 - ok
15:44:25.0524 2376 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
15:44:25.0524 2376 FsDepends - ok
15:44:25.0556 2376 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
15:44:25.0556 2376 Fs_Rec - ok
15:44:25.0587 2376 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
15:44:25.0587 2376 fvevol - ok
15:44:25.0602 2376 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
15:44:25.0602 2376 gagp30kx - ok
15:44:25.0680 2376 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
15:44:25.0680 2376 gpsvc - ok
15:44:25.0774 2376 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:44:25.0774 2376 gupdate - ok
15:44:25.0774 2376 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:44:25.0774 2376 gupdatem - ok
15:44:25.0805 2376 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:44:25.0805 2376 gusvc - ok
15:44:25.0852 2376 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
15:44:25.0852 2376 hcw85cir - ok
15:44:25.0868 2376 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
15:44:25.0868 2376 HdAudAddService - ok
15:44:25.0899 2376 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
15:44:25.0899 2376 HDAudBus - ok
15:44:25.0899 2376 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
15:44:25.0899 2376 HidBatt - ok
15:44:25.0899 2376 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
15:44:25.0914 2376 HidBth - ok
15:44:25.0930 2376 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
15:44:25.0930 2376 HidIr - ok
15:44:25.0961 2376 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
15:44:25.0977 2376 hidserv - ok
15:44:25.0992 2376 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
15:44:25.0992 2376 HidUsb - ok
15:44:26.0039 2376 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
15:44:26.0039 2376 hkmsvc - ok
15:44:26.0055 2376 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
15:44:26.0055 2376 HomeGroupListener - ok
15:44:26.0086 2376 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
15:44:26.0086 2376 HomeGroupProvider - ok
15:44:26.0117 2376 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
15:44:26.0117 2376 HpSAMD - ok
15:44:26.0164 2376 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
15:44:26.0164 2376 HTTP - ok
15:44:26.0195 2376 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
15:44:26.0195 2376 hwpolicy - ok
15:44:26.0211 2376 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
15:44:26.0211 2376 i8042prt - ok
15:44:26.0258 2376 [ D469B77687E12FE43E344806740B624D ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
15:44:26.0258 2376 iaStor - ok
15:44:26.0367 2376 [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
15:44:26.0367 2376 IAStorDataMgrSvc - ok
15:44:26.0398 2376 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
15:44:26.0398 2376 iaStorV - ok
15:44:26.0445 2376 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:44:26.0460 2376 idsvc - ok
15:44:26.0694 2376 [ 795C99DC4F574C97C03D0BB39CF099EE ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
15:44:26.0757 2376 igfx - ok
15:44:26.0804 2376 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
15:44:26.0804 2376 iirsp - ok
15:44:26.0850 2376 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
15:44:26.0850 2376 IKEEXT - ok
15:44:26.0882 2376 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
15:44:26.0882 2376 IntcDAud - ok
15:44:26.0897 2376 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
15:44:26.0897 2376 intelide - ok
15:44:26.0928 2376 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
15:44:26.0928 2376 intelppm - ok
15:44:26.0944 2376 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
15:44:26.0944 2376 IPBusEnum - ok
15:44:26.0975 2376 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
15:44:26.0975 2376 IpFilterDriver - ok
15:44:27.0022 2376 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
15:44:27.0022 2376 iphlpsvc - ok
15:44:27.0022 2376 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
15:44:27.0022 2376 IPMIDRV - ok
15:44:27.0038 2376 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
15:44:27.0038 2376 IPNAT - ok
15:44:27.0053 2376 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
15:44:27.0053 2376 IRENUM - ok
15:44:27.0069 2376 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
15:44:27.0069 2376 isapnp - ok
15:44:27.0100 2376 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
15:44:27.0100 2376 iScsiPrt - ok
15:44:27.0131 2376 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
15:44:27.0131 2376 kbdclass - ok
15:44:27.0131 2376 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
15:44:27.0131 2376 kbdhid - ok
15:44:27.0147 2376 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
15:44:27.0147 2376 KeyIso - ok
15:44:27.0178 2376 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
15:44:27.0178 2376 KSecDD - ok
15:44:27.0209 2376 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
15:44:27.0209 2376 KSecPkg - ok
15:44:27.0225 2376 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
15:44:27.0225 2376 ksthunk - ok
15:44:27.0256 2376 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
15:44:27.0256 2376 KtmRm - ok
15:44:27.0303 2376 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
15:44:27.0303 2376 LanmanServer - ok
15:44:27.0334 2376 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
15:44:27.0334 2376 LanmanWorkstation - ok
15:44:27.0396 2376 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
15:44:27.0396 2376 lltdio - ok
15:44:27.0443 2376 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
15:44:27.0443 2376 lltdsvc - ok
15:44:27.0459 2376 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
15:44:27.0459 2376 lmhosts - ok
15:44:27.0521 2376 [ 98B16E756243BEA9410E32025B19C06F ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
15:44:27.0521 2376 LMS - ok
15:44:27.0552 2376 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
15:44:27.0552 2376 LSI_FC - ok
15:44:27.0568 2376 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
15:44:27.0568 2376 LSI_SAS - ok
15:44:27.0568 2376 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
15:44:27.0568 2376 LSI_SAS2 - ok
15:44:27.0584 2376 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
15:44:27.0584 2376 LSI_SCSI - ok
15:44:27.0599 2376 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
15:44:27.0615 2376 luafv - ok
15:44:27.0677 2376 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
15:44:27.0677 2376 McComponentHostService - ok
15:44:27.0693 2376 McMPFSvc - ok
15:44:27.0724 2376 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
15:44:27.0724 2376 Mcx2Svc - ok
15:44:27.0724 2376 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
15:44:27.0724 2376 megasas - ok
15:44:27.0755 2376 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
15:44:27.0755 2376 MegaSR - ok
15:44:27.0802 2376 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
15:44:27.0802 2376 MEIx64 - ok
15:44:27.0833 2376 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
15:44:27.0833 2376 MMCSS - ok
15:44:27.0833 2376 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
15:44:27.0833 2376 Modem - ok
15:44:27.0864 2376 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
15:44:27.0864 2376 monitor - ok
15:44:27.0896 2376 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
15:44:27.0896 2376 mouclass - ok
15:44:27.0911 2376 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
15:44:27.0911 2376 mouhid - ok
15:44:27.0942 2376 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
15:44:27.0942 2376 mountmgr - ok
15:44:27.0989 2376 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:44:27.0989 2376 MozillaMaintenance - ok
15:44:28.0020 2376 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
15:44:28.0020 2376 mpio - ok
15:44:28.0052 2376 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
15:44:28.0052 2376 mpsdrv - ok
15:44:28.0098 2376 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
15:44:28.0114 2376 MpsSvc - ok
15:44:28.0114 2376 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
15:44:28.0114 2376 MRxDAV - ok
15:44:28.0130 2376 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
15:44:28.0130 2376 mrxsmb - ok
15:44:28.0145 2376 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
15:44:28.0145 2376 mrxsmb10 - ok
15:44:28.0161 2376 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
15:44:28.0161 2376 mrxsmb20 - ok
15:44:28.0176 2376 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
15:44:28.0176 2376 msahci - ok
15:44:28.0192 2376 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
15:44:28.0192 2376 msdsm - ok
15:44:28.0208 2376 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
15:44:28.0208 2376 MSDTC - ok
15:44:28.0223 2376 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
15:44:28.0223 2376 Msfs - ok
15:44:28.0254 2376 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
15:44:28.0254 2376 mshidkmdf - ok
15:44:28.0270 2376 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
15:44:28.0270 2376 msisadrv - ok
15:44:28.0301 2376 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
15:44:28.0301 2376 MSiSCSI - ok
15:44:28.0301 2376 msiserver - ok
15:44:28.0348 2376 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
15:44:28.0348 2376 MSKSSRV - ok
15:44:28.0364 2376 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
15:44:28.0364 2376 MSPCLOCK - ok
15:44:28.0379 2376 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
15:44:28.0379 2376 MSPQM - ok
15:44:28.0410 2376 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
15:44:28.0410 2376 MsRPC - ok
15:44:28.0442 2376 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
15:44:28.0442 2376 mssmbios - ok
15:44:28.0457 2376 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
15:44:28.0457 2376 MSTEE - ok
15:44:28.0473 2376 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
15:44:28.0473 2376 MTConfig - ok
15:44:28.0504 2376 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
15:44:28.0504 2376 Mup - ok
15:44:28.0535 2376 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
15:44:28.0535 2376 napagent - ok
15:44:28.0566 2376 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
15:44:28.0566 2376 NativeWifiP - ok
15:44:28.0629 2376 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
15:44:28.0629 2376 NDIS - ok
15:44:28.0676 2376 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
15:44:28.0676 2376 NdisCap - ok
15:44:28.0691 2376 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
15:44:28.0691 2376 NdisTapi - ok
15:44:28.0707 2376 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
15:44:28.0707 2376 Ndisuio - ok
15:44:28.0722 2376 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
15:44:28.0722 2376 NdisWan - ok
15:44:28.0738 2376 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
15:44:28.0738 2376 NDProxy - ok
15:44:28.0754 2376 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
15:44:28.0754 2376 NetBIOS - ok
15:44:28.0769 2376 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
15:44:28.0769 2376 NetBT - ok
15:44:28.0785 2376 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
15:44:28.0785 2376 Netlogon - ok
15:44:28.0816 2376 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
15:44:28.0832 2376 Netman - ok
15:44:28.0847 2376 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:44:28.0847 2376 NetMsmqActivator - ok
15:44:28.0863 2376 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:44:28.0863 2376 NetPipeActivator - ok
15:44:28.0894 2376 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
15:44:28.0894 2376 netprofm - ok
15:44:28.0894 2376 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:44:28.0894 2376 NetTcpActivator - ok
15:44:28.0894 2376 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:44:28.0910 2376 NetTcpPortSharing - ok
15:44:28.0941 2376 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
15:44:28.0941 2376 nfrd960 - ok
15:44:28.0956 2376 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
15:44:28.0972 2376 NlaSvc - ok
15:44:29.0097 2376 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
15:44:29.0112 2376 NOBU - ok
15:44:29.0128 2376 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
15:44:29.0128 2376 Npfs - ok
15:44:29.0159 2376 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
15:44:29.0159 2376 nsi - ok
15:44:29.0190 2376 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
15:44:29.0190 2376 nsiproxy - ok
15:44:29.0237 2376 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
15:44:29.0253 2376 Ntfs - ok
15:44:29.0268 2376 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
15:44:29.0268 2376 Null - ok
15:44:29.0284 2376 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
15:44:29.0284 2376 nvraid - ok
15:44:29.0300 2376 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
15:44:29.0300 2376 nvstor - ok
15:44:29.0331 2376 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
15:44:29.0331 2376 nv_agp - ok
15:44:29.0346 2376 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
15:44:29.0346 2376 ohci1394 - ok
15:44:29.0378 2376 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
15:44:29.0378 2376 p2pimsvc - ok
15:44:29.0424 2376 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
15:44:29.0440 2376 p2psvc - ok
15:44:29.0456 2376 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
15:44:29.0456 2376 Parport - ok
15:44:29.0487 2376 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
15:44:29.0487 2376 partmgr - ok
15:44:29.0502 2376 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
15:44:29.0502 2376 PcaSvc - ok
15:44:29.0534 2376 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
15:44:29.0534 2376 pci - ok
15:44:29.0549 2376 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
15:44:29.0549 2376 pciide - ok
15:44:29.0565 2376 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
15:44:29.0565 2376 pcmcia - ok
15:44:29.0580 2376 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
15:44:29.0580 2376 pcw - ok
15:44:29.0612 2376 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
15:44:29.0612 2376 PEAUTH - ok
15:44:29.0690 2376 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
15:44:29.0690 2376 PerfHost - ok
15:44:29.0736 2376 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
15:44:29.0736 2376 pla - ok
15:44:29.0783 2376 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
15:44:29.0783 2376 PlugPlay - ok
15:44:29.0799 2376 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
15:44:29.0799 2376 PNRPAutoReg - ok
15:44:29.0814 2376 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
15:44:29.0814 2376 PNRPsvc - ok
15:44:29.0846 2376 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
15:44:29.0861 2376 PolicyAgent - ok
15:44:29.0861 2376 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\windows\system32\umpo.dll
15:44:29.0861 2376 Power - ok
15:44:29.0908 2376 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
15:44:29.0908 2376 PptpMiniport - ok
15:44:29.0939 2376 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
15:44:29.0939 2376 Processor - ok
15:44:29.0955 2376 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
15:44:29.0970 2376 ProfSvc - ok
15:44:29.0986 2376 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
15:44:29.0986 2376 ProtectedStorage - ok
15:44:30.0017 2376 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
15:44:30.0017 2376 Psched - ok
15:44:30.0048 2376 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
15:44:30.0048 2376 PxHlpa64 - ok
15:44:30.0095 2376 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
15:44:30.0095 2376 ql2300 - ok
15:44:30.0095 2376 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
15:44:30.0095 2376 ql40xx - ok
15:44:30.0126 2376 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
15:44:30.0142 2376 QWAVE - ok
15:44:30.0158 2376 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
15:44:30.0158 2376 QWAVEdrv - ok
15:44:30.0173 2376 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
15:44:30.0173 2376 RasAcd - ok
15:44:30.0204 2376 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
15:44:30.0204 2376 RasAgileVpn - ok
15:44:30.0220 2376 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
15:44:30.0220 2376 RasAuto - ok
15:44:30.0236 2376 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
15:44:30.0236 2376 Rasl2tp - ok
15:44:30.0251 2376 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
15:44:30.0267 2376 RasMan - ok
15:44:30.0282 2376 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
15:44:30.0282 2376 RasPppoe - ok
15:44:30.0298 2376 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
15:44:30.0298 2376 RasSstp - ok
15:44:30.0314 2376 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
15:44:30.0314 2376 rdbss - ok
15:44:30.0329 2376 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
15:44:30.0329 2376 rdpbus - ok
15:44:30.0360 2376 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
15:44:30.0360 2376 RDPCDD - ok
15:44:30.0360 2376 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
15:44:30.0360 2376 RDPENCDD - ok
15:44:30.0392 2376 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
15:44:30.0392 2376 RDPREFMP - ok
15:44:30.0407 2376 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
15:44:30.0407 2376 RDPWD - ok
15:44:30.0438 2376 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
15:44:30.0438 2376 rdyboost - ok
15:44:30.0470 2376 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
15:44:30.0485 2376 RemoteAccess - ok
15:44:30.0516 2376 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
15:44:30.0516 2376 RemoteRegistry - ok
15:44:30.0532 2376 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
15:44:30.0548 2376 RFCOMM - ok
15:44:30.0688 2376 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
15:44:30.0704 2376 RoxMediaDB12OEM - ok
15:44:30.0735 2376 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
15:44:30.0750 2376 RoxWatch12 - ok
15:44:30.0766 2376 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
15:44:30.0766 2376 RpcEptMapper - ok
15:44:30.0797 2376 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
15:44:30.0797 2376 RpcLocator - ok
15:44:30.0813 2376 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
15:44:30.0813 2376 RpcSs - ok
15:44:30.0860 2376 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
15:44:30.0860 2376 rspndr - ok
15:44:30.0906 2376 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
15:44:30.0906 2376 RSUSBSTOR - ok
15:44:30.0938 2376 [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
15:44:30.0938 2376 RTL8167 - ok
15:44:30.0953 2376 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
15:44:30.0969 2376 SamSs - ok
15:44:30.0984 2376 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
15:44:30.0984 2376 sbp2port - ok
15:44:31.0031 2376 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
15:44:31.0031 2376 SCardSvr - ok
15:44:31.0047 2376 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
15:44:31.0047 2376 scfilter - ok
15:44:31.0078 2376 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
15:44:31.0078 2376 Schedule - ok
15:44:31.0109 2376 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
15:44:31.0109 2376 SCPolicySvc - ok
15:44:31.0125 2376 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
15:44:31.0125 2376 SDRSVC - ok
15:44:31.0156 2376 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
15:44:31.0156 2376 secdrv - ok
15:44:31.0172 2376 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
15:44:31.0172 2376 seclogon - ok
15:44:31.0218 2376 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
15:44:31.0218 2376 SENS - ok
15:44:31.0234 2376 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
15:44:31.0234 2376 SensrSvc - ok
15:44:31.0250 2376 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
15:44:31.0250 2376 Serenum - ok
15:44:31.0265 2376 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
15:44:31.0265 2376 Serial - ok
15:44:31.0296 2376 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
15:44:31.0296 2376 sermouse - ok
15:44:31.0312 2376 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
15:44:31.0312 2376 SessionEnv - ok
15:44:31.0312 2376 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
15:44:31.0312 2376 sffdisk - ok
15:44:31.0312 2376 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
15:44:31.0312 2376 sffp_mmc - ok
15:44:31.0328 2376 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
15:44:31.0328 2376 sffp_sd - ok
15:44:31.0328 2376 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
15:44:31.0328 2376 sfloppy - ok
15:44:31.0374 2376 [ E1974A92AC0914A3859359A0A8C82C68 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
15:44:31.0374 2376 SftService - ok
15:44:31.0406 2376 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
15:44:31.0406 2376 SharedAccess - ok
15:44:31.0437 2376 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
15:44:31.0437 2376 ShellHWDetection - ok
15:44:31.0468 2376 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
15:44:31.0468 2376 SiSRaid2 - ok
15:44:31.0484 2376 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
15:44:31.0484 2376 SiSRaid4 - ok
15:44:31.0593 2376 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
15:44:31.0608 2376 Skype C2C Service - ok
15:44:31.0671 2376 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:44:31.0671 2376 SkypeUpdate - ok
15:44:31.0702 2376 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
15:44:31.0702 2376 Smb - ok
15:44:31.0749 2376 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
15:44:31.0749 2376 SNMPTRAP - ok
15:44:31.0780 2376 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
15:44:31.0780 2376 spldr - ok
15:44:31.0827 2376 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
15:44:31.0827 2376 Spooler - ok
15:44:31.0905 2376 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
15:44:31.0920 2376 sppsvc - ok
15:44:31.0936 2376 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
15:44:31.0936 2376 sppuinotify - ok
15:44:31.0983 2376 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
15:44:31.0983 2376 srv - ok
15:44:31.0998 2376 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
15:44:32.0014 2376 srv2 - ok
15:44:32.0014 2376 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
15:44:32.0014 2376 srvnet - ok
15:44:32.0045 2376 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
15:44:32.0045 2376 SSDPSRV - ok
15:44:32.0061 2376 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
15:44:32.0061 2376 SstpSvc - ok
15:44:32.0139 2376 [ A6B2EC3A2B6AD7C3F7B2F3495CADE4C0 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
15:44:32.0139 2376 STacSV - ok
15:44:32.0154 2376 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
15:44:32.0154 2376 stexstor - ok
15:44:32.0201 2376 [ EBA98394A7D58F7552C52192BD8FA7E6 ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys
15:44:32.0201 2376 STHDA - ok
15:44:32.0232 2376 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
15:44:32.0232 2376 stisvc - ok
15:44:32.0295 2376 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
15:44:32.0295 2376 stllssvr - ok
15:44:32.0326 2376 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
15:44:32.0326 2376 swenum - ok
15:44:32.0373 2376 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
15:44:32.0373 2376 swprv - ok
15:44:32.0420 2376 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
15:44:32.0435 2376 SysMain - ok
15:44:32.0466 2376 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
15:44:32.0466 2376 TabletInputService - ok
15:44:32.0498 2376 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
15:44:32.0498 2376 TapiSrv - ok
15:44:32.0513 2376 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
15:44:32.0513 2376 TBS - ok
15:44:32.0576 2376 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
15:44:32.0591 2376 Tcpip - ok
15:44:32.0638 2376 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
15:44:32.0654 2376 TCPIP6 - ok
15:44:32.0685 2376 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
15:44:32.0685 2376 tcpipreg - ok
15:44:32.0700 2376 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
15:44:32.0700 2376 TDPIPE - ok
15:44:32.0716 2376 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
15:44:32.0716 2376 TDTCP - ok
15:44:32.0732 2376 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
15:44:32.0747 2376 tdx - ok
15:44:32.0763 2376 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
15:44:32.0763 2376 TermDD - ok
15:44:32.0810 2376 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
15:44:32.0810 2376 TermService - ok
15:44:32.0841 2376 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
15:44:32.0841 2376 Themes - ok
15:44:32.0872 2376 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
15:44:32.0872 2376 THREADORDER - ok
15:44:32.0903 2376 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
15:44:32.0919 2376 TrkWks - ok
15:44:32.0981 2376 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
15:44:32.0981 2376 TrustedInstaller - ok
15:44:32.0997 2376 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
15:44:32.0997 2376 tssecsrv - ok
15:44:33.0028 2376 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
15:44:33.0028 2376 TsUsbFlt - ok
15:44:33.0075 2376 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
15:44:33.0075 2376 TsUsbGD - ok
15:44:33.0090 2376 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
15:44:33.0090 2376 tunnel - ok
15:44:33.0122 2376 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
15:44:33.0122 2376 uagp35 - ok
15:44:33.0137 2376 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
15:44:33.0137 2376 udfs - ok
15:44:33.0168 2376 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
15:44:33.0168 2376 UI0Detect - ok
15:44:33.0184 2376 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
15:44:33.0184 2376 uliagpkx - ok
15:44:33.0215 2376 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
15:44:33.0215 2376 umbus - ok
15:44:33.0231 2376 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
15:44:33.0231 2376 UmPass - ok
15:44:33.0340 2376 [ 7A78ED1088890114DFDE2C4AB038D6B6 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
15:44:33.0356 2376 UNS - ok
15:44:33.0387 2376 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
15:44:33.0402 2376 upnphost - ok
15:44:33.0434 2376 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
15:44:33.0434 2376 usbccgp - ok
15:44:33.0465 2376 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
15:44:33.0465 2376 usbcir - ok
15:44:33.0480 2376 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
15:44:33.0480 2376 usbehci - ok
15:44:33.0527 2376 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
15:44:33.0527 2376 usbhub - ok
15:44:33.0543 2376 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
15:44:33.0543 2376 usbohci - ok
15:44:33.0558 2376 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys
15:44:33.0558 2376 usbprint - ok
15:44:33.0590 2376 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
15:44:33.0590 2376 USBSTOR - ok
15:44:33.0590 2376 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
15:44:33.0590 2376 usbuhci - ok
15:44:33.0621 2376 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
15:44:33.0621 2376 usbvideo - ok
15:44:33.0636 2376 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
15:44:33.0636 2376 UxSms - ok
15:44:33.0668 2376 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
15:44:33.0668 2376 VaultSvc - ok
15:44:33.0699 2376 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
15:44:33.0699 2376 vdrvroot - ok
15:44:33.0714 2376 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
15:44:33.0714 2376 vds - ok
15:44:33.0777 2376 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
15:44:33.0777 2376 vga - ok
15:44:33.0792 2376 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
15:44:33.0792 2376 VgaSave - ok
15:44:33.0808 2376 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
15:44:33.0808 2376 vhdmp - ok
15:44:33.0824 2376 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
15:44:33.0824 2376 viaide - ok
15:44:33.0839 2376 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
15:44:33.0839 2376 volmgr - ok
15:44:33.0870 2376 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
15:44:33.0886 2376 volmgrx - ok
15:44:33.0902 2376 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
15:44:33.0902 2376 volsnap - ok
15:44:33.0933 2376 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
15:44:33.0933 2376 vsmraid - ok
15:44:33.0980 2376 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
15:44:33.0995 2376 VSS - ok
15:44:34.0026 2376 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
15:44:34.0026 2376 vwifibus - ok
15:44:34.0042 2376 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
15:44:34.0058 2376 vwififlt - ok
15:44:34.0073 2376 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
15:44:34.0089 2376 W32Time - ok
15:44:34.0104 2376 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
15:44:34.0104 2376 WacomPen - ok
15:44:34.0136 2376 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
15:44:34.0136 2376 WANARP - ok
15:44:34.0151 2376 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
15:44:34.0151 2376 Wanarpv6 - ok
15:44:34.0198 2376 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
15:44:34.0214 2376 WatAdminSvc - ok
15:44:34.0260 2376 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
15:44:34.0260 2376 wbengine - ok
15:44:34.0276 2376 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
15:44:34.0276 2376 WbioSrvc - ok
15:44:34.0292 2376 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
15:44:34.0292 2376 wcncsvc - ok
15:44:34.0323 2376 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
15:44:34.0323 2376 WcsPlugInService - ok
15:44:34.0354 2376 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
15:44:34.0354 2376 Wd - ok
15:44:34.0385 2376 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
15:44:34.0385 2376 Wdf01000 - ok
15:44:34.0401 2376 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
15:44:34.0401 2376 WdiServiceHost - ok
15:44:34.0401 2376 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
15:44:34.0401 2376 WdiSystemHost - ok
15:44:34.0432 2376 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
15:44:34.0432 2376 WebClient - ok
15:44:34.0463 2376 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
15:44:34.0463 2376 Wecsvc - ok
15:44:34.0479 2376 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
15:44:34.0479 2376 wercplsupport - ok
15:44:34.0494 2376 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
15:44:34.0494 2376 WerSvc - ok
15:44:34.0510 2376 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
15:44:34.0526 2376 WfpLwf - ok
15:44:34.0557 2376 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\windows\system32\DRIVERS\wimfltr.sys
15:44:34.0557 2376 WimFltr - ok
15:44:34.0588 2376 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
15:44:34.0588 2376 WIMMount - ok
15:44:34.0604 2376 WinDefend - ok
15:44:34.0619 2376 WinHttpAutoProxySvc - ok
15:44:34.0682 2376 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
15:44:34.0682 2376 Winmgmt - ok
15:44:34.0744 2376 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
15:44:34.0744 2376 WinRM - ok
15:44:34.0806 2376 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
15:44:34.0806 2376 WinUsb - ok
15:44:34.0853 2376 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
15:44:34.0869 2376 Wlansvc - ok
15:44:34.0916 2376 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:44:34.0916 2376 wlcrasvc - ok
15:44:34.0978 2376 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:44:34.0994 2376 wlidsvc - ok
15:44:35.0040 2376 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
15:44:35.0040 2376 WmiAcpi - ok
15:44:35.0072 2376 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
15:44:35.0072 2376 wmiApSrv - ok
15:44:35.0103 2376 WMPNetworkSvc - ok
15:44:35.0134 2376 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
15:44:35.0134 2376 WPCSvc - ok
15:44:35.0134 2376 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
15:44:35.0134 2376 WPDBusEnum - ok
15:44:35.0165 2376 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
15:44:35.0165 2376 ws2ifsl - ok
15:44:35.0181 2376 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
15:44:35.0181 2376 wscsvc - ok
15:44:35.0181 2376 WSearch - ok
15:44:35.0243 2376 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
15:44:35.0259 2376 wuauserv - ok
15:44:35.0274 2376 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
15:44:35.0274 2376 WudfPf - ok
15:44:35.0321 2376 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
15:44:35.0321 2376 WUDFRd - ok
15:44:35.0352 2376 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
15:44:35.0352 2376 wudfsvc - ok
15:44:35.0368 2376 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
15:44:35.0368 2376 WwanSvc - ok
15:44:35.0399 2376 ================ Scan global ===============================
15:44:35.0415 2376 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
15:44:35.0446 2376 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
15:44:35.0462 2376 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
15:44:35.0477 2376 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
15:44:35.0524 2376 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
15:44:35.0524 2376 [Global] - ok
15:44:35.0524 2376 ================ Scan MBR ==================================
15:44:35.0540 2376 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:44:35.0540 2376 Suspicious mbr (Forged): \Device\Harddisk0\DR0
15:44:35.0602 2376 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
15:44:35.0602 2376 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
15:44:35.0602 2376 [ E3255F24EB30D0E706AAD12BD4F2B4C2 ] \Device\Harddisk1\DR3
15:44:37.0146 2376 \Device\Harddisk1\DR3 - ok
15:44:37.0146 2376 ================ Scan VBR ==================================
15:44:37.0162 2376 [ B4A651EA79A9998884DA67ECFFB5E2E7 ] \Device\Harddisk0\DR0\Partition1
15:44:37.0178 2376 \Device\Harddisk0\DR0\Partition1 - ok
15:44:37.0209 2376 [ 9353CF31A6EC515E78353D1600509A2F ] \Device\Harddisk0\DR0\Partition2
15:44:37.0224 2376 \Device\Harddisk0\DR0\Partition2 - ok
15:44:37.0224 2376 ============================================================
15:44:37.0224 2376 Scan finished
15:44:37.0224 2376 ============================================================
15:44:37.0224 3760 Detected object count: 1
15:44:37.0224 3760 Actual detected object count: 1
15:44:55.0632 3760 \Device\Harddisk0\DR0\# - copied to quarantine
15:44:55.0632 3760 \Device\Harddisk0\DR0 - copied to quarantine
15:44:55.0695 3760 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
15:44:55.0710 3760 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
15:44:55.0710 3760 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
15:44:55.0710 3760 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
15:44:55.0710 3760 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
15:44:55.0726 3760 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
15:44:55.0726 3760 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
15:44:55.0726 3760 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
15:44:55.0726 3760 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
15:44:55.0726 3760 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
15:44:55.0726 3760 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
15:44:55.0726 3760 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
15:44:55.0726 3760 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
15:44:55.0726 3760 \Device\Harddisk0\DR0 - ok
15:44:55.0804 3760 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
15:45:01.0014 2016 Deinitialize success
second:
15:46:00.0427 3384 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:46:00.0802 3384 ============================================================
15:46:00.0802 3384 Current date / time: 2012/11/17 15:46:00.0802
15:46:00.0802 3384 SystemInfo:
15:46:00.0802 3384
15:46:00.0802 3384 OS Version: 6.1.7601 ServicePack: 1.0
15:46:00.0802 3384 Product type: Workstation
15:46:00.0802 3384 ComputerName: AVIATOR8-PC
15:46:00.0802 3384 UserName: aviator8
15:46:00.0802 3384 Windows directory: C:\windows
15:46:00.0802 3384 System windows directory: C:\windows
15:46:00.0802 3384 Running under WOW64
15:46:00.0802 3384 Processor architecture: Intel x64
15:46:00.0802 3384 Number of processors: 4
15:46:00.0802 3384 Page size: 0x1000
15:46:00.0802 3384 Boot type: Normal boot
15:46:00.0802 3384 ============================================================
15:46:01.0738 3384 BG loaded
15:46:02.0138 3384 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:46:02.0138 3384 Drive \Device\Harddisk1\DR1 - Size: 0x1E2000000 (7.53 Gb), SectorSize: 0x200, Cylinders: 0x3D7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:46:02.0138 3384 ============================================================
15:46:02.0138 3384 \Device\Harddisk0\DR0:
15:46:02.0138 3384 MBR partitions:
15:46:02.0138 3384 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
15:46:02.0138 3384 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
15:46:02.0138 3384 \Device\Harddisk1\DR1:
15:46:02.0138 3384 MBR partitions:
15:46:02.0138 3384 ============================================================
15:46:02.0218 3384 C: <-> \Device\Harddisk0\DR0\Partition2
15:46:02.0218 3384 ============================================================
15:46:02.0218 3384 Initialize success
15:46:02.0218 3384 ============================================================
-
Yes I do have a usb stick. I am using it to go back and forth, as I am keeping the problem pc offline until i am sure it is safe. Here are the results, looks like a rootkit:
14:26:23.0640 2028 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:26:23.0656 2028 ============================================================
14:26:23.0656 2028 Current date / time: 2012/11/17 14:26:23.0656
14:26:23.0656 2028 SystemInfo:
14:26:23.0656 2028
14:26:23.0656 2028 OS Version: 6.1.7601 ServicePack: 1.0
14:26:23.0656 2028 Product type: Workstation
14:26:23.0656 2028 ComputerName: AVIATOR8-PC
14:26:23.0656 2028 UserName: aviator8
14:26:23.0656 2028 Windows directory: C:\windows
14:26:23.0656 2028 System windows directory: C:\windows
14:26:23.0656 2028 Running under WOW64
14:26:23.0656 2028 Processor architecture: Intel x64
14:26:23.0656 2028 Number of processors: 4
14:26:23.0656 2028 Page size: 0x1000
14:26:23.0656 2028 Boot type: Normal boot
14:26:23.0656 2028 ============================================================
14:26:23.0952 2028 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:26:23.0968 2028 Drive \Device\Harddisk1\DR2 - Size: 0x1E2000000 (7.53 Gb), SectorSize: 0x200, Cylinders: 0x3D7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:26:23.0968 2028 ============================================================
14:26:23.0968 2028 \Device\Harddisk0\DR0:
14:26:23.0968 2028 MBR partitions:
14:26:23.0968 2028 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
14:26:23.0968 2028 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
14:26:23.0968 2028 \Device\Harddisk1\DR2:
14:26:23.0968 2028 MBR partitions:
14:26:23.0968 2028 ============================================================
14:26:23.0999 2028 C: <-> \Device\Harddisk0\DR0\Partition2
14:26:23.0999 2028 ============================================================
14:26:23.0999 2028 Initialize success
14:26:23.0999 2028 ============================================================
14:26:27.0026 4112 ============================================================
14:26:27.0026 4112 Scan started
14:26:27.0026 4112 Mode: Manual;
14:26:27.0026 4112 ============================================================
14:26:27.0322 4112 ================ Scan system memory ========================
14:26:27.0322 4112 System memory - ok
14:26:27.0322 4112 ================ Scan services =============================
14:26:27.0462 4112 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
14:26:27.0462 4112 1394ohci - ok
14:26:27.0556 4112 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
14:26:27.0556 4112 ACPI - ok
14:26:27.0587 4112 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
14:26:27.0603 4112 AcpiPmi - ok
14:26:27.0743 4112 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:26:27.0759 4112 AdobeFlashPlayerUpdateSvc - ok
14:26:27.0790 4112 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
14:26:27.0806 4112 adp94xx - ok
14:26:27.0837 4112 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
14:26:27.0852 4112 adpahci - ok
14:26:27.0868 4112 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
14:26:27.0868 4112 adpu320 - ok
14:26:27.0962 4112 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
14:26:27.0962 4112 AeLookupSvc - ok
14:26:28.0040 4112 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
14:26:28.0055 4112 AESTFilters - ok
14:26:28.0118 4112 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
14:26:28.0118 4112 AFD - ok
14:26:28.0211 4112 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
14:26:28.0211 4112 agp440 - ok
14:26:28.0242 4112 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
14:26:28.0242 4112 ALG - ok
14:26:28.0258 4112 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
14:26:28.0258 4112 aliide - ok
14:26:28.0274 4112 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
14:26:28.0274 4112 amdide - ok
14:26:28.0274 4112 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
14:26:28.0289 4112 AmdK8 - ok
14:26:28.0289 4112 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
14:26:28.0289 4112 AmdPPM - ok
14:26:28.0367 4112 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
14:26:28.0367 4112 amdsata - ok
14:26:28.0383 4112 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
14:26:28.0383 4112 amdsbs - ok
14:26:28.0398 4112 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
14:26:28.0398 4112 amdxata - ok
14:26:28.0461 4112 [ 6690E42CED5D067233ABAD42DA141213 ] ApfiltrService C:\windows\system32\DRIVERS\Apfiltr.sys
14:26:28.0461 4112 ApfiltrService - ok
14:26:28.0570 4112 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
14:26:28.0570 4112 AppID - ok
14:26:28.0601 4112 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
14:26:28.0601 4112 AppIDSvc - ok
14:26:28.0648 4112 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
14:26:28.0648 4112 Appinfo - ok
14:26:28.0664 4112 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
14:26:28.0664 4112 arc - ok
14:26:28.0695 4112 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
14:26:28.0695 4112 arcsas - ok
14:26:28.0804 4112 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:26:28.0804 4112 aspnet_state - ok
14:26:28.0820 4112 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
14:26:28.0820 4112 AsyncMac - ok
14:26:28.0866 4112 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
14:26:28.0866 4112 atapi - ok
14:26:28.0929 4112 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
14:26:28.0929 4112 AudioEndpointBuilder - ok
14:26:28.0944 4112 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
14:26:28.0944 4112 AudioSrv - ok
14:26:28.0976 4112 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
14:26:28.0976 4112 AxInstSV - ok
14:26:29.0022 4112 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
14:26:29.0038 4112 b06bdrv - ok
14:26:29.0069 4112 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
14:26:29.0069 4112 b57nd60a - ok
14:26:29.0163 4112 [ 87F3BCF82A63E900AF896CD930BF7E05 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
14:26:29.0163 4112 BBSvc - ok
14:26:29.0194 4112 [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
14:26:29.0194 4112 BBUpdate - ok
14:26:29.0334 4112 [ 783F1C7ED6B39454A8D1028D4F30768D ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys
14:26:29.0412 4112 BCM43XX - ok
14:26:29.0459 4112 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
14:26:29.0459 4112 BDESVC - ok
14:26:29.0490 4112 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
14:26:29.0490 4112 Beep - ok
14:26:29.0568 4112 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
14:26:29.0568 4112 BFE - ok
14:26:29.0615 4112 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
14:26:29.0615 4112 BITS - ok
14:26:29.0646 4112 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
14:26:29.0646 4112 blbdrive - ok
14:26:29.0678 4112 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
14:26:29.0678 4112 bowser - ok
14:26:29.0693 4112 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
14:26:29.0693 4112 BrFiltLo - ok
14:26:29.0709 4112 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
14:26:29.0709 4112 BrFiltUp - ok
14:26:29.0740 4112 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
14:26:29.0740 4112 Browser - ok
14:26:29.0771 4112 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
14:26:29.0771 4112 Brserid - ok
14:26:29.0771 4112 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
14:26:29.0771 4112 BrSerWdm - ok
14:26:29.0771 4112 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
14:26:29.0771 4112 BrUsbMdm - ok
14:26:29.0787 4112 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
14:26:29.0787 4112 BrUsbSer - ok
14:26:29.0818 4112 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
14:26:29.0818 4112 BthEnum - ok
14:26:29.0849 4112 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
14:26:29.0849 4112 BTHMODEM - ok
14:26:29.0880 4112 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
14:26:29.0880 4112 BthPan - ok
14:26:29.0943 4112 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
14:26:29.0943 4112 BTHPORT - ok
14:26:29.0990 4112 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
14:26:29.0990 4112 bthserv - ok
14:26:30.0021 4112 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
14:26:30.0021 4112 BTHUSB - ok
14:26:30.0099 4112 [ A0DFB69ADE3444C78B17636FCF28E898 ] BTWAMPFL C:\windows\system32\DRIVERS\btwampfl.sys
14:26:30.0099 4112 BTWAMPFL - ok
14:26:30.0146 4112 [ F6135859A582A7294BA7A3336E08BAA1 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
14:26:30.0146 4112 btwaudio - ok
14:26:30.0161 4112 [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt C:\windows\system32\DRIVERS\btwavdt.sys
14:26:30.0161 4112 btwavdt - ok
14:26:30.0239 4112 [ B7DEA77EE893806859072274EE8EC8FC ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
14:26:30.0239 4112 btwdins - ok
14:26:30.0270 4112 [ 9AD0FA253ED531D39FB2D74FE12A5FA9 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
14:26:30.0286 4112 btwl2cap - ok
14:26:30.0302 4112 [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
14:26:30.0317 4112 btwrchid - ok
14:26:30.0333 4112 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
14:26:30.0333 4112 cdfs - ok
14:26:30.0395 4112 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
14:26:30.0395 4112 cdrom - ok
14:26:30.0442 4112 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
14:26:30.0442 4112 CertPropSvc - ok
14:26:30.0473 4112 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
14:26:30.0489 4112 circlass - ok
14:26:30.0504 4112 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
14:26:30.0504 4112 CLFS - ok
14:26:30.0582 4112 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:26:30.0598 4112 clr_optimization_v2.0.50727_32 - ok
14:26:30.0629 4112 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:26:30.0629 4112 clr_optimization_v2.0.50727_64 - ok
14:26:30.0692 4112 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:26:30.0692 4112 clr_optimization_v4.0.30319_32 - ok
14:26:30.0723 4112 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:26:30.0723 4112 clr_optimization_v4.0.30319_64 - ok
14:26:30.0770 4112 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
14:26:30.0770 4112 CmBatt - ok
14:26:30.0785 4112 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
14:26:30.0785 4112 cmdide - ok
14:26:30.0832 4112 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
14:26:30.0832 4112 CNG - ok
14:26:30.0879 4112 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
14:26:30.0879 4112 Compbatt - ok
14:26:30.0894 4112 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
14:26:30.0894 4112 CompositeBus - ok
14:26:30.0894 4112 COMSysApp - ok
14:26:30.0910 4112 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
14:26:30.0910 4112 crcdisk - ok
14:26:30.0957 4112 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
14:26:30.0957 4112 CryptSvc - ok
14:26:31.0019 4112 [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt C:\windows\system32\DRIVERS\CtClsFlt.sys
14:26:31.0019 4112 CtClsFlt - ok
14:26:31.0050 4112 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
14:26:31.0050 4112 DcomLaunch - ok
14:26:31.0082 4112 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
14:26:31.0082 4112 defragsvc - ok
14:26:31.0113 4112 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
14:26:31.0113 4112 DfsC - ok
14:26:31.0160 4112 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
14:26:31.0160 4112 Dhcp - ok
14:26:31.0175 4112 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
14:26:31.0175 4112 discache - ok
14:26:31.0206 4112 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
14:26:31.0222 4112 Disk - ok
14:26:31.0269 4112 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
14:26:31.0269 4112 Dnscache - ok
14:26:31.0269 4112 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
14:26:31.0284 4112 dot3svc - ok
14:26:31.0284 4112 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
14:26:31.0284 4112 DPS - ok
14:26:31.0316 4112 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
14:26:31.0316 4112 drmkaud - ok
14:26:31.0347 4112 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
14:26:31.0362 4112 DXGKrnl - ok
14:26:31.0409 4112 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
14:26:31.0409 4112 EapHost - ok
14:26:31.0472 4112 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
14:26:31.0534 4112 ebdrv - ok
14:26:31.0550 4112 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
14:26:31.0550 4112 EFS - ok
14:26:31.0643 4112 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
14:26:31.0643 4112 ehRecvr - ok
14:26:31.0674 4112 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
14:26:31.0674 4112 ehSched - ok
14:26:31.0721 4112 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
14:26:31.0721 4112 elxstor - ok
14:26:31.0737 4112 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
14:26:31.0737 4112 ErrDev - ok
14:26:31.0784 4112 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
14:26:31.0784 4112 EventSystem - ok
14:26:31.0815 4112 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
14:26:31.0815 4112 exfat - ok
14:26:31.0846 4112 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
14:26:31.0846 4112 fastfat - ok
14:26:31.0908 4112 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
14:26:31.0908 4112 Fax - ok
14:26:31.0924 4112 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
14:26:31.0940 4112 fdc - ok
14:26:31.0971 4112 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
14:26:31.0971 4112 fdPHost - ok
14:26:31.0971 4112 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
14:26:31.0971 4112 FDResPub - ok
14:26:32.0002 4112 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
14:26:32.0002 4112 FileInfo - ok
14:26:32.0002 4112 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
14:26:32.0002 4112 Filetrace - ok
14:26:32.0033 4112 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
14:26:32.0049 4112 flpydisk - ok
14:26:32.0080 4112 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
14:26:32.0080 4112 FltMgr - ok
14:26:32.0111 4112 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
14:26:32.0127 4112 FontCache - ok
14:26:32.0189 4112 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:26:32.0189 4112 FontCache3.0.0.0 - ok
14:26:32.0220 4112 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
14:26:32.0220 4112 FsDepends - ok
14:26:32.0252 4112 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
14:26:32.0252 4112 Fs_Rec - ok
14:26:32.0267 4112 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
14:26:32.0283 4112 fvevol - ok
14:26:32.0314 4112 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
14:26:32.0314 4112 gagp30kx - ok
14:26:32.0345 4112 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
14:26:32.0361 4112 gpsvc - ok
14:26:32.0439 4112 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:26:32.0439 4112 gupdate - ok
14:26:32.0439 4112 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:26:32.0439 4112 gupdatem - ok
14:26:32.0470 4112 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:26:32.0470 4112 gusvc - ok
14:26:32.0517 4112 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
14:26:32.0517 4112 hcw85cir - ok
14:26:32.0548 4112 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
14:26:32.0548 4112 HdAudAddService - ok
14:26:32.0595 4112 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
14:26:32.0595 4112 HDAudBus - ok
14:26:32.0610 4112 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
14:26:32.0610 4112 HidBatt - ok
14:26:32.0610 4112 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
14:26:32.0610 4112 HidBth - ok
14:26:32.0610 4112 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
14:26:32.0610 4112 HidIr - ok
14:26:32.0657 4112 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
14:26:32.0657 4112 hidserv - ok
14:26:32.0688 4112 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
14:26:32.0688 4112 HidUsb - ok
14:26:32.0735 4112 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
14:26:32.0735 4112 hkmsvc - ok
14:26:32.0766 4112 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
14:26:32.0766 4112 HomeGroupListener - ok
14:26:32.0813 4112 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
14:26:32.0813 4112 HomeGroupProvider - ok
14:26:32.0860 4112 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
14:26:32.0860 4112 HpSAMD - ok
14:26:32.0891 4112 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
14:26:32.0891 4112 HTTP - ok
14:26:32.0922 4112 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
14:26:32.0922 4112 hwpolicy - ok
14:26:32.0954 4112 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
14:26:32.0954 4112 i8042prt - ok
14:26:33.0016 4112 [ D469B77687E12FE43E344806740B624D ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
14:26:33.0016 4112 iaStor - ok
14:26:33.0078 4112 [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
14:26:33.0078 4112 IAStorDataMgrSvc - ok
14:26:33.0110 4112 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
14:26:33.0125 4112 iaStorV - ok
14:26:33.0172 4112 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:26:33.0172 4112 idsvc - ok
14:26:33.0406 4112 [ 795C99DC4F574C97C03D0BB39CF099EE ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
14:26:33.0593 4112 igfx - ok
14:26:33.0640 4112 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
14:26:33.0656 4112 iirsp - ok
14:26:33.0687 4112 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
14:26:33.0702 4112 IKEEXT - ok
14:26:33.0765 4112 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
14:26:33.0765 4112 IntcDAud - ok
14:26:33.0765 4112 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
14:26:33.0765 4112 intelide - ok
14:26:33.0812 4112 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
14:26:33.0812 4112 intelppm - ok
14:26:33.0843 4112 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
14:26:33.0843 4112 IPBusEnum - ok
14:26:33.0858 4112 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
14:26:33.0858 4112 IpFilterDriver - ok
14:26:33.0905 4112 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
14:26:33.0905 4112 iphlpsvc - ok
14:26:33.0905 4112 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
14:26:33.0905 4112 IPMIDRV - ok
14:26:33.0921 4112 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
14:26:33.0921 4112 IPNAT - ok
14:26:33.0952 4112 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
14:26:33.0952 4112 IRENUM - ok
14:26:33.0983 4112 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
14:26:33.0983 4112 isapnp - ok
14:26:33.0999 4112 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
14:26:33.0999 4112 iScsiPrt - ok
14:26:34.0030 4112 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
14:26:34.0030 4112 kbdclass - ok
14:26:34.0030 4112 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
14:26:34.0030 4112 kbdhid - ok
14:26:34.0046 4112 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
14:26:34.0046 4112 KeyIso - ok
14:26:34.0092 4112 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
14:26:34.0092 4112 KSecDD - ok
14:26:34.0108 4112 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
14:26:34.0108 4112 KSecPkg - ok
14:26:34.0139 4112 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
14:26:34.0139 4112 ksthunk - ok
14:26:34.0170 4112 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
14:26:34.0170 4112 KtmRm - ok
14:26:34.0233 4112 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
14:26:34.0233 4112 LanmanServer - ok
14:26:34.0280 4112 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
14:26:34.0280 4112 LanmanWorkstation - ok
14:26:34.0342 4112 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
14:26:34.0342 4112 lltdio - ok
14:26:34.0373 4112 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
14:26:34.0389 4112 lltdsvc - ok
14:26:34.0404 4112 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
14:26:34.0404 4112 lmhosts - ok
14:26:34.0467 4112 [ 98B16E756243BEA9410E32025B19C06F ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:26:34.0467 4112 LMS - ok
14:26:34.0498 4112 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
14:26:34.0498 4112 LSI_FC - ok
14:26:34.0514 4112 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
14:26:34.0514 4112 LSI_SAS - ok
14:26:34.0514 4112 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
14:26:34.0514 4112 LSI_SAS2 - ok
14:26:34.0545 4112 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
14:26:34.0545 4112 LSI_SCSI - ok
14:26:34.0560 4112 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
14:26:34.0560 4112 luafv - ok
14:26:34.0623 4112 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
14:26:34.0623 4112 McComponentHostService - ok
14:26:34.0654 4112 McMPFSvc - ok
14:26:34.0685 4112 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
14:26:34.0685 4112 Mcx2Svc - ok
14:26:34.0685 4112 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
14:26:34.0685 4112 megasas - ok
14:26:34.0716 4112 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
14:26:34.0716 4112 MegaSR - ok
14:26:34.0763 4112 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
14:26:34.0763 4112 MEIx64 - ok
14:26:34.0794 4112 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
14:26:34.0810 4112 MMCSS - ok
14:26:34.0810 4112 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
14:26:34.0810 4112 Modem - ok
14:26:34.0841 4112 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
14:26:34.0841 4112 monitor - ok
14:26:34.0857 4112 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
14:26:34.0857 4112 mouclass - ok
14:26:34.0872 4112 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
14:26:34.0872 4112 mouhid - ok
14:26:34.0904 4112 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
14:26:34.0904 4112 mountmgr - ok
14:26:34.0966 4112 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:26:34.0966 4112 MozillaMaintenance - ok
14:26:34.0997 4112 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
14:26:34.0997 4112 mpio - ok
14:26:35.0028 4112 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
14:26:35.0028 4112 mpsdrv - ok
14:26:35.0075 4112 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
14:26:35.0075 4112 MpsSvc - ok
14:26:35.0075 4112 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
14:26:35.0091 4112 MRxDAV - ok
14:26:35.0106 4112 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
14:26:35.0106 4112 mrxsmb - ok
14:26:35.0106 4112 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
14:26:35.0106 4112 mrxsmb10 - ok
14:26:35.0122 4112 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
14:26:35.0122 4112 mrxsmb20 - ok
14:26:35.0138 4112 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
14:26:35.0138 4112 msahci - ok
14:26:35.0169 4112 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
14:26:35.0169 4112 msdsm - ok
14:26:35.0184 4112 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
14:26:35.0184 4112 MSDTC - ok
14:26:35.0200 4112 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
14:26:35.0200 4112 Msfs - ok
14:26:35.0216 4112 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
14:26:35.0216 4112 mshidkmdf - ok
14:26:35.0247 4112 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
14:26:35.0247 4112 msisadrv - ok
14:26:35.0262 4112 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
14:26:35.0262 4112 MSiSCSI - ok
14:26:35.0278 4112 msiserver - ok
14:26:35.0309 4112 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
14:26:35.0309 4112 MSKSSRV - ok
14:26:35.0325 4112 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
14:26:35.0325 4112 MSPCLOCK - ok
14:26:35.0340 4112 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
14:26:35.0340 4112 MSPQM - ok
14:26:35.0372 4112 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
14:26:35.0372 4112 MsRPC - ok
14:26:35.0403 4112 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
14:26:35.0403 4112 mssmbios - ok
14:26:35.0418 4112 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
14:26:35.0418 4112 MSTEE - ok
14:26:35.0434 4112 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
14:26:35.0434 4112 MTConfig - ok
14:26:35.0450 4112 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
14:26:35.0450 4112 Mup - ok
14:26:35.0481 4112 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
14:26:35.0481 4112 napagent - ok
14:26:35.0528 4112 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
14:26:35.0528 4112 NativeWifiP - ok
14:26:35.0590 4112 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
14:26:35.0590 4112 NDIS - ok
14:26:35.0621 4112 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
14:26:35.0621 4112 NdisCap - ok
14:26:35.0637 4112 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
14:26:35.0637 4112 NdisTapi - ok
14:26:35.0652 4112 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
14:26:35.0652 4112 Ndisuio - ok
14:26:35.0684 4112 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
14:26:35.0684 4112 NdisWan - ok
14:26:35.0699 4112 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
14:26:35.0699 4112 NDProxy - ok
14:26:35.0730 4112 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
14:26:35.0730 4112 NetBIOS - ok
14:26:35.0762 4112 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
14:26:35.0762 4112 NetBT - ok
14:26:35.0777 4112 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
14:26:35.0777 4112 Netlogon - ok
14:26:35.0808 4112 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
14:26:35.0824 4112 Netman - ok
14:26:35.0840 4112 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:26:35.0840 4112 NetMsmqActivator - ok
14:26:35.0855 4112 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:26:35.0855 4112 NetPipeActivator - ok
14:26:35.0886 4112 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
14:26:35.0886 4112 netprofm - ok
14:26:35.0886 4112 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:26:35.0886 4112 NetTcpActivator - ok
14:26:35.0902 4112 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:26:35.0902 4112 NetTcpPortSharing - ok
14:26:35.0933 4112 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
14:26:35.0933 4112 nfrd960 - ok
14:26:35.0964 4112 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
14:26:35.0964 4112 NlaSvc - ok
14:26:36.0105 4112 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
14:26:36.0136 4112 NOBU - ok
14:26:36.0183 4112 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
14:26:36.0183 4112 Npfs - ok
14:26:36.0230 4112 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
14:26:36.0245 4112 nsi - ok
14:26:36.0276 4112 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
14:26:36.0276 4112 nsiproxy - ok
14:26:36.0323 4112 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
14:26:36.0339 4112 Ntfs - ok
14:26:36.0354 4112 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
14:26:36.0354 4112 Null - ok
14:26:36.0386 4112 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
14:26:36.0401 4112 nvraid - ok
14:26:36.0417 4112 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
14:26:36.0417 4112 nvstor - ok
14:26:36.0448 4112 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
14:26:36.0448 4112 nv_agp - ok
14:26:36.0464 4112 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
14:26:36.0464 4112 ohci1394 - ok
14:26:36.0495 4112 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
14:26:36.0495 4112 p2pimsvc - ok
14:26:36.0510 4112 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
14:26:36.0526 4112 p2psvc - ok
14:26:36.0542 4112 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
14:26:36.0542 4112 Parport - ok
14:26:36.0573 4112 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
14:26:36.0573 4112 partmgr - ok
14:26:36.0588 4112 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
14:26:36.0588 4112 PcaSvc - ok
14:26:36.0604 4112 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
14:26:36.0604 4112 pci - ok
14:26:36.0620 4112 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
14:26:36.0620 4112 pciide - ok
14:26:36.0635 4112 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
14:26:36.0635 4112 pcmcia - ok
14:26:36.0651 4112 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
14:26:36.0666 4112 pcw - ok
14:26:36.0682 4112 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
14:26:36.0682 4112 PEAUTH - ok
14:26:36.0744 4112 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
14:26:36.0744 4112 PerfHost - ok
14:26:36.0791 4112 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
14:26:36.0807 4112 pla - ok
14:26:36.0854 4112 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
14:26:36.0854 4112 PlugPlay - ok
14:26:36.0885 4112 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
14:26:36.0885 4112 PNRPAutoReg - ok
14:26:36.0900 4112 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
14:26:36.0900 4112 PNRPsvc - ok
14:26:36.0932 4112 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
14:26:36.0932 4112 PolicyAgent - ok
14:26:36.0947 4112 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\windows\system32\umpo.dll
14:26:36.0947 4112 Power - ok
14:26:36.0994 4112 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
14:26:36.0994 4112 PptpMiniport - ok
14:26:37.0010 4112 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
14:26:37.0010 4112 Processor - ok
14:26:37.0056 4112 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
14:26:37.0056 4112 ProfSvc - ok
14:26:37.0072 4112 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
14:26:37.0072 4112 ProtectedStorage - ok
14:26:37.0103 4112 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
14:26:37.0103 4112 Psched - ok
14:26:37.0119 4112 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
14:26:37.0119 4112 PxHlpa64 - ok
14:26:37.0181 4112 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
14:26:37.0197 4112 ql2300 - ok
14:26:37.0197 4112 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
14:26:37.0197 4112 ql40xx - ok
14:26:37.0228 4112 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
14:26:37.0228 4112 QWAVE - ok
14:26:37.0259 4112 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
14:26:37.0259 4112 QWAVEdrv - ok
14:26:37.0259 4112 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
14:26:37.0259 4112 RasAcd - ok
14:26:37.0290 4112 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
14:26:37.0290 4112 RasAgileVpn - ok
14:26:37.0306 4112 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
14:26:37.0306 4112 RasAuto - ok
14:26:37.0322 4112 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
14:26:37.0322 4112 Rasl2tp - ok
14:26:37.0368 4112 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
14:26:37.0368 4112 RasMan - ok
14:26:37.0384 4112 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
14:26:37.0384 4112 RasPppoe - ok
14:26:37.0400 4112 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
14:26:37.0400 4112 RasSstp - ok
14:26:37.0415 4112 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
14:26:37.0415 4112 rdbss - ok
14:26:37.0431 4112 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
14:26:37.0431 4112 rdpbus - ok
14:26:37.0446 4112 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
14:26:37.0462 4112 RDPCDD - ok
14:26:37.0478 4112 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
14:26:37.0478 4112 RDPENCDD - ok
14:26:37.0493 4112 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
14:26:37.0493 4112 RDPREFMP - ok
14:26:37.0540 4112 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
14:26:37.0540 4112 RDPWD - ok
14:26:37.0556 4112 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
14:26:37.0556 4112 rdyboost - ok
14:26:37.0587 4112 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
14:26:37.0602 4112 RemoteAccess - ok
14:26:37.0618 4112 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
14:26:37.0634 4112 RemoteRegistry - ok
14:26:37.0649 4112 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
14:26:37.0649 4112 RFCOMM - ok
14:26:37.0821 4112 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
14:26:37.0836 4112 RoxMediaDB12OEM - ok
14:26:37.0883 4112 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
14:26:37.0883 4112 RoxWatch12 - ok
14:26:37.0914 4112 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
14:26:37.0914 4112 RpcEptMapper - ok
14:26:37.0946 4112 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
14:26:37.0946 4112 RpcLocator - ok
14:26:37.0961 4112 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
14:26:37.0961 4112 RpcSs - ok
14:26:37.0992 4112 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
14:26:37.0992 4112 rspndr - ok
14:26:38.0055 4112 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
14:26:38.0055 4112 RSUSBSTOR - ok
14:26:38.0070 4112 [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
14:26:38.0086 4112 RTL8167 - ok
14:26:38.0117 4112 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
14:26:38.0117 4112 SamSs - ok
14:26:38.0117 4112 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
14:26:38.0133 4112 sbp2port - ok
14:26:38.0148 4112 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
14:26:38.0164 4112 SCardSvr - ok
14:26:38.0164 4112 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
14:26:38.0164 4112 scfilter - ok
14:26:38.0195 4112 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
14:26:38.0211 4112 Schedule - ok
14:26:38.0226 4112 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
14:26:38.0242 4112 SCPolicySvc - ok
14:26:38.0242 4112 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
14:26:38.0258 4112 SDRSVC - ok
14:26:38.0289 4112 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
14:26:38.0289 4112 secdrv - ok
14:26:38.0304 4112 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
14:26:38.0304 4112 seclogon - ok
14:26:38.0351 4112 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
14:26:38.0351 4112 SENS - ok
14:26:38.0382 4112 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
14:26:38.0382 4112 SensrSvc - ok
14:26:38.0429 4112 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
14:26:38.0429 4112 Serenum - ok
14:26:38.0445 4112 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
14:26:38.0445 4112 Serial - ok
14:26:38.0476 4112 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
14:26:38.0476 4112 sermouse - ok
14:26:38.0507 4112 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
14:26:38.0507 4112 SessionEnv - ok
14:26:38.0507 4112 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
14:26:38.0507 4112 sffdisk - ok
14:26:38.0507 4112 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
14:26:38.0507 4112 sffp_mmc - ok
14:26:38.0523 4112 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
14:26:38.0523 4112 sffp_sd - ok
14:26:38.0523 4112 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
14:26:38.0523 4112 sfloppy - ok
14:26:38.0570 4112 [ E1974A92AC0914A3859359A0A8C82C68 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
14:26:38.0570 4112 SftService - ok
14:26:38.0601 4112 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
14:26:38.0601 4112 SharedAccess - ok
14:26:38.0632 4112 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
14:26:38.0632 4112 ShellHWDetection - ok
14:26:38.0648 4112 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
14:26:38.0663 4112 SiSRaid2 - ok
14:26:38.0663 4112 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
14:26:38.0663 4112 SiSRaid4 - ok
14:26:38.0819 4112 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
14:26:38.0835 4112 Skype C2C Service - ok
14:26:38.0882 4112 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
14:26:38.0897 4112 SkypeUpdate - ok
14:26:38.0928 4112 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
14:26:38.0928 4112 Smb - ok
14:26:38.0975 4112 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
14:26:38.0975 4112 SNMPTRAP - ok
14:26:39.0006 4112 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
14:26:39.0006 4112 spldr - ok
14:26:39.0038 4112 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
14:26:39.0053 4112 Spooler - ok
14:26:39.0116 4112 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
14:26:39.0131 4112 sppsvc - ok
14:26:39.0162 4112 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
14:26:39.0162 4112 sppuinotify - ok
14:26:39.0209 4112 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
14:26:39.0209 4112 srv - ok
14:26:39.0209 4112 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
14:26:39.0225 4112 srv2 - ok
14:26:39.0225 4112 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
14:26:39.0225 4112 srvnet - ok
14:26:39.0272 4112 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
14:26:39.0272 4112 SSDPSRV - ok
14:26:39.0287 4112 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
14:26:39.0287 4112 SstpSvc - ok
14:26:39.0365 4112 [ A6B2EC3A2B6AD7C3F7B2F3495CADE4C0 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
14:26:39.0365 4112 STacSV - ok
14:26:39.0381 4112 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
14:26:39.0381 4112 stexstor - ok
14:26:39.0428 4112 [ EBA98394A7D58F7552C52192BD8FA7E6 ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys
14:26:39.0428 4112 STHDA - ok
14:26:39.0459 4112 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
14:26:39.0459 4112 stisvc - ok
14:26:39.0521 4112 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
14:26:39.0521 4112 stllssvr - ok
14:26:39.0537 4112 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
14:26:39.0537 4112 swenum - ok
14:26:39.0568 4112 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
14:26:39.0568 4112 swprv - ok
14:26:39.0615 4112 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
14:26:39.0615 4112 SysMain - ok
14:26:39.0662 4112 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
14:26:39.0662 4112 TabletInputService - ok
14:26:39.0677 4112 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
14:26:39.0677 4112 TapiSrv - ok
14:26:39.0708 4112 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
14:26:39.0708 4112 TBS - ok
14:26:39.0786 4112 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
14:26:39.0802 4112 Tcpip - ok
14:26:39.0833 4112 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
14:26:39.0849 4112 TCPIP6 - ok
14:26:39.0880 4112 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
14:26:39.0880 4112 tcpipreg - ok
14:26:39.0896 4112 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
14:26:39.0896 4112 TDPIPE - ok
14:26:39.0927 4112 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
14:26:39.0927 4112 TDTCP - ok
14:26:39.0958 4112 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
14:26:39.0958 4112 tdx - ok
14:26:39.0974 4112 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
14:26:39.0974 4112 TermDD - ok
14:26:40.0005 4112 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
14:26:40.0005 4112 TermService - ok
14:26:40.0036 4112 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
14:26:40.0036 4112 Themes - ok
14:26:40.0052 4112 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
14:26:40.0052 4112 THREADORDER - ok
14:26:40.0052 4112 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
14:26:40.0067 4112 TrkWks - ok
14:26:40.0114 4112 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
14:26:40.0114 4112 TrustedInstaller - ok
14:26:40.0130 4112 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
14:26:40.0130 4112 tssecsrv - ok
14:26:40.0161 4112 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
14:26:40.0176 4112 TsUsbFlt - ok
14:26:40.0192 4112 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
14:26:40.0192 4112 TsUsbGD - ok
14:26:40.0239 4112 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
14:26:40.0239 4112 tunnel - ok
14:26:40.0254 4112 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
14:26:40.0254 4112 uagp35 - ok
14:26:40.0270 4112 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
14:26:40.0270 4112 udfs - ok
14:26:40.0301 4112 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
14:26:40.0301 4112 UI0Detect - ok
14:26:40.0317 4112 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
14:26:40.0317 4112 uliagpkx - ok
14:26:40.0348 4112 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
14:26:40.0348 4112 umbus - ok
14:26:40.0364 4112 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
14:26:40.0364 4112 UmPass - ok
14:26:40.0473 4112 [ 7A78ED1088890114DFDE2C4AB038D6B6 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:26:40.0488 4112 UNS - ok
14:26:40.0520 4112 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
14:26:40.0520 4112 upnphost - ok
14:26:40.0551 4112 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
14:26:40.0551 4112 usbccgp - ok
14:26:40.0582 4112 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
14:26:40.0582 4112 usbcir - ok
14:26:40.0598 4112 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
14:26:40.0598 4112 usbehci - ok
14:26:40.0644 4112 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
14:26:40.0644 4112 usbhub - ok
14:26:40.0660 4112 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
14:26:40.0660 4112 usbohci - ok
14:26:40.0676 4112 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys
14:26:40.0676 4112 usbprint - ok
14:26:40.0707 4112 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
14:26:40.0707 4112 USBSTOR - ok
14:26:40.0707 4112 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
14:26:40.0707 4112 usbuhci - ok
14:26:40.0738 4112 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
14:26:40.0738 4112 usbvideo - ok
14:26:40.0769 4112 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
14:26:40.0769 4112 UxSms - ok
14:26:40.0800 4112 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
14:26:40.0800 4112 VaultSvc - ok
14:26:40.0832 4112 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
14:26:40.0832 4112 vdrvroot - ok
14:26:40.0847 4112 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
14:26:40.0847 4112 vds - ok
14:26:40.0894 4112 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
14:26:40.0894 4112 vga - ok
14:26:40.0910 4112 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
14:26:40.0910 4112 VgaSave - ok
14:26:40.0910 4112 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
14:26:40.0925 4112 vhdmp - ok
14:26:40.0941 4112 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
14:26:40.0941 4112 viaide - ok
14:26:40.0972 4112 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
14:26:40.0972 4112 volmgr - ok
14:26:40.0988 4112 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
14:26:41.0003 4112 volmgrx - ok
14:26:41.0003 4112 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
14:26:41.0003 4112 volsnap - ok
14:26:41.0050 4112 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
14:26:41.0050 4112 vsmraid - ok
14:26:41.0097 4112 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
14:26:41.0112 4112 VSS - ok
14:26:41.0144 4112 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
14:26:41.0144 4112 vwifibus - ok
14:26:41.0159 4112 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
14:26:41.0159 4112 vwififlt - ok
14:26:41.0190 4112 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
14:26:41.0190 4112 W32Time - ok
14:26:41.0206 4112 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
14:26:41.0206 4112 WacomPen - ok
14:26:41.0237 4112 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
14:26:41.0237 4112 WANARP - ok
14:26:41.0237 4112 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
14:26:41.0237 4112 Wanarpv6 - ok
14:26:41.0300 4112 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
14:26:41.0315 4112 WatAdminSvc - ok
14:26:41.0378 4112 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
14:26:41.0393 4112 wbengine - ok
14:26:41.0409 4112 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
14:26:41.0409 4112 WbioSrvc - ok
14:26:41.0424 4112 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
14:26:41.0424 4112 wcncsvc - ok
14:26:41.0424 4112 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
14:26:41.0440 4112 WcsPlugInService - ok
14:26:41.0456 4112 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
14:26:41.0456 4112 Wd - ok
14:26:41.0487 4112 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
14:26:41.0487 4112 Wdf01000 - ok
14:26:41.0502 4112 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
14:26:41.0502 4112 WdiServiceHost - ok
14:26:41.0502 4112 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
14:26:41.0502 4112 WdiSystemHost - ok
14:26:41.0534 4112 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
14:26:41.0549 4112 WebClient - ok
14:26:41.0565 4112 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
14:26:41.0565 4112 Wecsvc - ok
14:26:41.0580 4112 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
14:26:41.0580 4112 wercplsupport - ok
14:26:41.0596 4112 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
14:26:41.0612 4112 WerSvc - ok
14:26:41.0627 4112 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
14:26:41.0627 4112 WfpLwf - ok
14:26:41.0674 4112 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\windows\system32\DRIVERS\wimfltr.sys
14:26:41.0674 4112 WimFltr - ok
14:26:41.0690 4112 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
14:26:41.0690 4112 WIMMount - ok
14:26:41.0705 4112 WinDefend - ok
14:26:41.0721 4112 WinHttpAutoProxySvc - ok
14:26:41.0768 4112 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
14:26:41.0768 4112 Winmgmt - ok
14:26:41.0846 4112 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
14:26:41.0861 4112 WinRM - ok
14:26:41.0939 4112 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
14:26:41.0939 4112 WinUsb - ok
14:26:41.0970 4112 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
14:26:41.0986 4112 Wlansvc - ok
14:26:42.0017 4112 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:26:42.0033 4112 wlcrasvc - ok
14:26:42.0095 4112 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:26:42.0111 4112 wlidsvc - ok
14:26:42.0158 4112 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
14:26:42.0158 4112 WmiAcpi - ok
14:26:42.0189 4112 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
14:26:42.0189 4112 wmiApSrv - ok
14:26:42.0220 4112 WMPNetworkSvc - ok
14:26:42.0267 4112 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
14:26:42.0267 4112 WPCSvc - ok
14:26:42.0282 4112 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
14:26:42.0282 4112 WPDBusEnum - ok
14:26:42.0298 4112 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
14:26:42.0298 4112 ws2ifsl - ok
14:26:42.0298 4112 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
14:26:42.0314 4112 wscsvc - ok
14:26:42.0314 4112 WSearch - ok
14:26:42.0376 4112 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
14:26:42.0392 4112 wuauserv - ok
14:26:42.0407 4112 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
14:26:42.0407 4112 WudfPf - ok
14:26:42.0438 4112 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
14:26:42.0438 4112 WUDFRd - ok
14:26:42.0454 4112 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
14:26:42.0470 4112 wudfsvc - ok
14:26:42.0470 4112 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
14:26:42.0485 4112 WwanSvc - ok
14:26:42.0485 4112 ================ Scan global ===============================
14:26:42.0516 4112 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
14:26:42.0548 4112 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
14:26:42.0548 4112 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
14:26:42.0579 4112 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
14:26:42.0610 4112 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
14:26:42.0610 4112 [Global] - ok
14:26:42.0610 4112 ================ Scan MBR ==================================
14:26:42.0626 4112 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:26:42.0626 4112 Suspicious mbr (Forged): \Device\Harddisk0\DR0
14:26:42.0688 4112 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
14:26:42.0688 4112 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
14:26:42.0704 4112 [ E3255F24EB30D0E706AAD12BD4F2B4C2 ] \Device\Harddisk1\DR2
14:26:44.0232 4112 \Device\Harddisk1\DR2 - ok
14:26:44.0232 4112 ================ Scan VBR ==================================
14:26:44.0232 4112 [ B4A651EA79A9998884DA67ECFFB5E2E7 ] \Device\Harddisk0\DR0\Partition1
14:26:44.0232 4112 \Device\Harddisk0\DR0\Partition1 - ok
14:26:44.0248 4112 [ 9353CF31A6EC515E78353D1600509A2F ] \Device\Harddisk0\DR0\Partition2
14:26:44.0248 4112 \Device\Harddisk0\DR0\Partition2 - ok
14:26:44.0248 4112 ============================================================
14:26:44.0248 4112 Scan finished
14:26:44.0248 4112 ============================================================
14:26:44.0248 2140 Detected object count: 1
14:26:44.0248 2140 Actual detected object count: 1
14:27:01.0299 2140 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user
14:27:01.0299 2140 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip
-
Daniel, thanks for helping. Here are the logs requested:
DDS:
DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.5.1
Run by aviator8 at 13:28:05 on 2012-11-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4004.2765 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Skype\Updater\Updater.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\System32\vds.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
"C:\Users\aviator8\AppData\Roaming\System\svchost.exe" 3
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchFilterHost.exe
C:\Windows\system32\WUDFHost.exe
\\.\globalroot\systemroot\svchost.exe -netsvcs
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
\\?\C:\windows\system32\wbem\WMIADAP.EXE
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.excite.com/
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DealCabby: {2D311D87-E36C-47A4-BF28-B31B48DE9773} - C:\Users\aviator8\AppData\Local\dealcabby\ie\dealcabby_20121004075001.dll
BHO: AwardWallet: {6AB2B33D-A637-2F56-41D1-414D72009665} - C:\Program Files (x86)\AwardWallet\bho32.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Facebook Update] "C:\Users\aviator8\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Google Update] "C:\Users\aviator8\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Windows Services Host] "C:\Users\aviator8\AppData\Roaming\System\svchost.exe" 3
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce: [sTToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{8BF80D3B-3484-4C58-9762-E0CDFCB8A3D2} : DHCPNameServer = 172.6.1.161
TCP: Interfaces\{C6ADE2D9-95D4-40FF-81A7-242EC8CD10C7} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C6ADE2D9-95D4-40FF-81A7-242EC8CD10C7}\24F696E676F60284F6473707F647 : DHCPNameServer = 10.1.0.1
TCP: Interfaces\{C6ADE2D9-95D4-40FF-81A7-242EC8CD10C7}\66C697E6F62766F6C6B6 : DHCPNameServer = 10.1.0.1
TCP: Interfaces\{C6ADE2D9-95D4-40FF-81A7-242EC8CD10C7}\74564716771697 : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.excite.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\aviator8\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\aviator8\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-10-03 20:03; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2012-3-3 55856]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-3-3 89600]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-3-3 689472]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
R3 BTWAMPFL;BTWAMPFL;C:\windows\System32\drivers\btwampfl.sys [2012-3-3 349736]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2012-3-3 39464]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2012-3-3 176096]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-3-4 317440]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-3-3 533096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-3 13336]
S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-3 2656280]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-3-4 250984]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-7-10 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-11-17 17:25:11 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F2B00DF7-BCB7-49F0-A019-3105EE929862}\offreg.dll
2012-11-17 16:51:33 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F2B00DF7-BCB7-49F0-A019-3105EE929862}\mpengine.dll
2012-11-11 01:21:09 20480 ----a-w- C:\windows\svchost.exe
2012-11-11 01:19:20 5632 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\1EC2.tmp
2012-11-11 01:19:20 5632 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\1EC1.tmp
2012-11-03 03:42:25 -------- d-----w- C:\Users\aviator8\AppData\Roaming\System
.
==================== Find3M ====================
.
2012-10-09 15:45:03 696760 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 15:45:02 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 03:51:09 10220472 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2012-09-14 19:19:29 2048 ----a-w- C:\windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\windows\System32\OxpsConverter.exe
2012-08-20 18:48:44 362496 ----a-w- C:\windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 13:28:53.47 ===============
Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/8/2012 8:44:54 PM
System Uptime: 11/17/2012 1:26:13 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 01HXXJ
Processor: Intel® Core i3-2350M CPU @ 2.30GHz | CPU 1 | 2300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 414.25 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP18: 9/4/2012 1:44:29 PM - Windows Update
RP19: 9/8/2012 8:47:01 PM - Windows Update
RP20: 9/9/2012 1:28:03 PM - Installed Remote Control USB Driver
RP21: 9/9/2012 1:28:27 PM - Installed Logitech Harmony Remote Software 7
RP22: 9/17/2012 2:07:01 AM - Windows Update
RP23: 9/18/2012 3:00:44 AM - Windows Update
RP24: 9/26/2012 10:47:06 PM - Windows Update
RP25: 9/26/2012 10:47:37 PM - Scheduled Checkpoint
RP26: 9/27/2012 3:00:23 AM - Windows Update
RP27: 10/1/2012 1:21:02 PM - Windows Update
RP28: 10/5/2012 4:43:47 AM - Windows Update
RP29: 10/9/2012 10:34:14 PM - Windows Update
RP30: 10/11/2012 3:00:55 AM - Windows Update
RP31: 11/2/2012 11:41:18 PM - Windows Update
RP32: 11/10/2012 8:24:23 PM - Windows Update
RP33: 11/13/2012 9:07:13 PM - Windows Update
RP34: 11/17/2012 11:50:40 AM - Windows Update
.
==== Installed Programs ======================
.
Accidental Damage Services Agreement
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X MUI
Advanced Audio FX Engine
AwardWallet (remove only)
Banctec Service Agreement
Bing Bar
Blio
Complete Care Business Service Agreement
Consumer In-Home Service Agreement
D3DX10
DealCabby
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Edoc Viewer
Dell Getting Started Guide
Dell Home Systems Service Agreement
Dell MusicStage
Dell PhotoStage
Dell Product Registration
Dell Stage
Dell Stage Remote
Dell Support Center
Dell Touchpad
Dell VideoStage
Dell Webcam Central
DirectX 9 Runtime
DW WLAN Card
Facebook Video Calling 1.2.0.287
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
IDT Audio
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Java Auto Updater
Java 7 Update 1 (64-bit)
Java 7 Update 5
JavaFX 2.1.1
Junk Mail filter update
Logitech Harmony Remote Software 7
McAfee Security Scan Plus
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PhotoShowExpress
PlayReady PC Runtime x86
Premium Service Agreement
QualxServ Service Agreement
Quickset64
RBVirtualFolder64Inst
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Remote Control USB Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype Click to Call
Skype™ 5.10
Sonic CinePlayer Decoder Pack
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
WIDCOMM Bluetooth Software
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zinio Reader 4
.
==== Event Viewer Messages From Past Week ========
.
11/17/2012 12:21:09 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/17/2012 12:21:09 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
11/17/2012 12:21:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
11/17/2012 1:26:32 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MfeFire. This service might not be installed.
.
==== End Of File ===========================
-
It appears my computer is infected. The fan started spooling up today so I satrted digging and found that there was cpu spikes, and there where a bunch of network connections to ip addresses i did not know. I shut off the internet connection and everything died down. Every time I connect it all starts again. I am not sure where I picked this up but I am afraid to do anything on this pc now. Can anyone tell me where to start?
winrscmde infection can anyone help?
in Resolved Malware Removal Logs
Posted
thanks for all your help. I appear to be all set now.