bballin514

Honorary Members

View Profile See their activity

Posts
21
Joined
November 22, 2012
Last visited
December 3, 2012

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by bballin514

Slow Computer, Need Help - Gringo_Pr

bballin514 replied to bballin514's topic in Resolved Malware Removal Logs

Again, Thanks so much Gringo for all of your help. Have a great holiday season, and a happy new year. Regards, Josh
Slow Computer, Need Help - Gringo_Pr

bballin514 replied to bballin514's topic in Resolved Malware Removal Logs

Sorry for the delay, a busy couple of days. Thanks for the followup. Only 4 problems with the scan. Let me know what I need to do next.... Thanks
Slow Computer, Need Help - Gringo_Pr

bballin514 replied to bballin514's topic in Resolved Malware Removal Logs

C:\System Volume Information\_restore{0E978A8E-05CF-4F40-B084-6DB29C059C16}\RP1006\A0105531.dll a variant of Win32/Adware.Yontoo.B application C:\System Volume Information\_restore{0E978A8E-05CF-4F40-B084-6DB29C059C16}\RP1006\A0105535.dll a variant of Win32/Adware.Yontoo.B application C:\System Volume Information\_restore{0E978A8E-05CF-4F40-B084-6DB29C059C16}\RP1006\A0105536.dll a variant of Win32/Adware.Yontoo.A application C:\System Volume Information\_restore{0E978A8E-05CF-4F40-B084-6DB29C059C16}\RP967\A0101354.exe Win32/DownloadAdmin.D application
Slow Computer, Need Help - Gringo_Pr

bballin514 replied to bballin514's topic in Resolved Malware Removal Logs

I was unable to find Yontoo 1.10.02 and remove it. It was not listed when running Revo. Logs below Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.29.09 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Owner :: HOMEPC [administrator] 11/29/2012 2:37:19 PM mbam-log-2012-11-29 (14-37-19).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 193757 Time elapsed: 4 minute(s), 47 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 3:01:51 PM, on 11/29/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Owner\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll (file missing) O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing) O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab O16 - DPF: {E5168F0C-8591-11D4-BCDF-006008B7FEA4} - http://www.platoweb.com/pathways/pway_iis.dll/pwln/02040611/fullcab/pwlninst.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- End of file - 7290 bytes
Slow Computer, Need Help - Gringo_Pr

bballin514 replied to bballin514's topic in Resolved Malware Removal Logs

No problems with the scan, no visual problems with the computer at the moment. ComboFix 12-11-27.01 - Owner 11/27/2012 21:33:48.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.687 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt.txt AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\Thumbs.db . . ((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-28 ))))))))))))))))))))))))))))))) . . 2012-11-27 16:04 . 2012-11-08 15:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6B7D218D-D33E-4896-9CFB-861413664728}\mpengine.dll 2012-11-26 16:03 . 2012-11-08 15:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-25 15:51 . 2012-11-25 15:51 -------- d-----w- c:\documents and settings\Owner\Application Data\WinPatrol 2012-11-23 16:32 . 2012-05-31 17:25 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-11-23 16:28 . 2012-11-23 16:28 -------- d-----w- c:\program files\Microsoft Security Client 2012-11-23 16:27 . 2012-11-23 16:27 -------- d-----w- c:\program files\BillP Studios . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-22 08:37 . 2004-08-12 14:09 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-10-08 23:41 . 2012-05-31 22:34 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-08 23:41 . 2011-08-26 01:58 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-08 23:41 . 2012-10-08 23:41 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-10-02 18:04 . 2004-08-12 14:06 58368 ----a-w- c:\windows\system32\synceng.dll 2012-09-30 00:54 . 2011-11-21 03:25 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-31 03:03 . 2012-08-31 03:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2011-04-14 18:01 . 2011-08-26 00:35 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816] "mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-20 53248] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776] "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2012-09-20 363752] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\Owner\\Application Data\\Aventail\\ewpca\\ewpca.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= . R1 Odptdi;Odptdi;c:\windows\system32\drivers\odptdi.sys [11/22/2009 8:27 PM 48664] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 53944159 *NewlyCreated* - 80168933 *NewlyCreated* - ASWMBR *NewlyCreated* - TRUESIGHT *Deregistered* - 53944159 *Deregistered* - 80168933 *Deregistered* - aswMBR *Deregistered* - TrueSight . Contents of the 'Scheduled Tasks' folder . 2012-11-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-31 23:41] . 2012-11-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57] . 2012-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-2049760794-1801674531-1003Core.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-17 01:38] . 2012-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-2049760794-1801674531-1003UA.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-17 01:38] . 2012-11-25 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 22:25] . 2012-11-28 c:\windows\Tasks\MpIdleTask.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 22:25] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 208.180.42.68 208.180.42.100 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-27 21:40 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2012-11-27 21:42:45 ComboFix-quarantined-files.txt 2012-11-28 02:42 ComboFix2.txt 2012-11-25 23:14 . Pre-Run: 60,909,473,792 bytes free Post-Run: 61,085,388,800 bytes free . - - End Of File - - 9E5420F923D258E28E85E1594975B20C
Slow Computer, Need Help - Gringo_Pr

bballin514 replied to bballin514's topic in Resolved Malware Removal Logs

No Problems running these scans. Results below. TDSSKiller Results: 21:18:48.0812 3416 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 21:18:49.0171 3416 ============================================================ 21:18:49.0171 3416 Current date / time: 2012/11/25 21:18:49.0171 21:18:49.0171 3416 SystemInfo: 21:18:49.0171 3416 21:18:49.0171 3416 OS Version: 5.1.2600 ServicePack: 3.0 21:18:49.0171 3416 Product type: Workstation 21:18:49.0171 3416 ComputerName: HOMEPC 21:18:49.0171 3416 UserName: Owner 21:18:49.0171 3416 Windows directory: C:\WINDOWS 21:18:49.0171 3416 System windows directory: C:\WINDOWS 21:18:49.0171 3416 Processor architecture: Intel x86 21:18:49.0171 3416 Number of processors: 2 21:18:49.0171 3416 Page size: 0x1000 21:18:49.0171 3416 Boot type: Normal boot 21:18:49.0171 3416 ============================================================ 21:18:50.0812 3416 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 21:18:50.0812 3416 ============================================================ 21:18:50.0812 3416 \Device\Harddisk0\DR0: 21:18:50.0812 3416 MBR partitions: 21:18:50.0812 3416 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E 21:18:50.0812 3416 ============================================================ 21:18:50.0843 3416 C: <-> \Device\Harddisk0\DR0\Partition1 21:18:50.0843 3416 ============================================================ 21:18:50.0843 3416 Initialize success 21:18:50.0843 3416 ============================================================ 21:18:54.0484 3956 ============================================================ 21:18:54.0484 3956 Scan started 21:18:54.0484 3956 Mode: Manual; 21:18:54.0484 3956 ============================================================ 21:18:55.0375 3956 ================ Scan system memory ======================== 21:18:55.0375 3956 System memory - ok 21:18:55.0375 3956 ================ Scan services ============================= 21:18:55.0515 3956 Abiosdsk - ok 21:18:55.0515 3956 abp480n5 - ok 21:18:55.0625 3956 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 21:18:55.0625 3956 ACPI - ok 21:18:55.0671 3956 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys 21:18:55.0671 3956 ACPIEC - ok 21:18:56.0140 3956 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 21:18:56.0140 3956 AdobeFlashPlayerUpdateSvc - ok 21:18:56.0140 3956 adpu160m - ok 21:18:56.0218 3956 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 21:18:56.0218 3956 aec - ok 21:18:56.0296 3956 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 21:18:56.0296 3956 AFD - ok 21:18:56.0296 3956 Aha154x - ok 21:18:56.0312 3956 aic78u2 - ok 21:18:56.0312 3956 aic78xx - ok 21:18:56.0359 3956 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll 21:18:56.0359 3956 Alerter - ok 21:18:56.0375 3956 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe 21:18:56.0375 3956 ALG - ok 21:18:56.0390 3956 AliIde - ok 21:18:56.0406 3956 amsint - ok 21:18:56.0640 3956 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 21:18:56.0640 3956 Apple Mobile Device - ok 21:18:56.0656 3956 AppMgmt - ok 21:18:56.0656 3956 asc - ok 21:18:56.0671 3956 asc3350p - ok 21:18:56.0671 3956 asc3550 - ok 21:18:56.0781 3956 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 21:18:56.0781 3956 aspnet_state - ok 21:18:56.0812 3956 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 21:18:56.0812 3956 AsyncMac - ok 21:18:56.0843 3956 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 21:18:56.0843 3956 atapi - ok 21:18:56.0843 3956 Atdisk - ok 21:18:56.0859 3956 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 21:18:56.0859 3956 Atmarpc - ok 21:18:56.0953 3956 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 21:18:56.0953 3956 AudioSrv - ok 21:18:57.0000 3956 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 21:18:57.0015 3956 audstub - ok 21:18:57.0062 3956 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 21:18:57.0062 3956 Beep - ok 21:18:57.0125 3956 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll 21:18:57.0125 3956 BITS - ok 21:18:57.0218 3956 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 21:18:57.0234 3956 Bonjour Service - ok 21:18:57.0281 3956 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll 21:18:57.0281 3956 Browser - ok 21:18:57.0453 3956 catchme - ok 21:18:57.0484 3956 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 21:18:57.0484 3956 cbidf2k - ok 21:18:57.0484 3956 cd20xrnt - ok 21:18:57.0531 3956 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 21:18:57.0531 3956 Cdaudio - ok 21:18:57.0578 3956 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 21:18:57.0578 3956 Cdfs - ok 21:18:57.0593 3956 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 21:18:57.0593 3956 Cdrom - ok 21:18:57.0609 3956 Changer - ok 21:18:57.0656 3956 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe 21:18:57.0656 3956 CiSvc - ok 21:18:57.0656 3956 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 21:18:57.0656 3956 ClipSrv - ok 21:18:57.0687 3956 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:18:57.0703 3956 clr_optimization_v2.0.50727_32 - ok 21:18:57.0718 3956 CmdIde - ok 21:18:57.0734 3956 COMSysApp - ok 21:18:57.0750 3956 Cpqarray - ok 21:18:57.0781 3956 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 21:18:57.0781 3956 CryptSvc - ok 21:18:57.0781 3956 dac2w2k - ok 21:18:57.0796 3956 dac960nt - ok 21:18:57.0859 3956 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 21:18:57.0859 3956 DcomLaunch - ok 21:18:57.0906 3956 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 21:18:57.0921 3956 Dhcp - ok 21:18:57.0921 3956 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 21:18:57.0921 3956 Disk - ok 21:18:57.0937 3956 dmadmin - ok 21:18:57.0984 3956 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 21:18:58.0000 3956 dmboot - ok 21:18:58.0015 3956 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys 21:18:58.0015 3956 dmio - ok 21:18:58.0062 3956 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 21:18:58.0062 3956 dmload - ok 21:18:58.0109 3956 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll 21:18:58.0109 3956 dmserver - ok 21:18:58.0156 3956 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 21:18:58.0156 3956 DMusic - ok 21:18:58.0203 3956 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 21:18:58.0203 3956 Dnscache - ok 21:18:58.0265 3956 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 21:18:58.0265 3956 Dot3svc - ok 21:18:58.0265 3956 dpti2o - ok 21:18:58.0281 3956 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 21:18:58.0281 3956 drmkaud - ok 21:18:58.0328 3956 [ 7D91DC6342248369F94D6EBA0CF42E99 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys 21:18:58.0328 3956 E100B - ok 21:18:58.0375 3956 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll 21:18:58.0375 3956 EapHost - ok 21:18:58.0421 3956 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll 21:18:58.0421 3956 ERSvc - ok 21:18:58.0468 3956 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe 21:18:58.0468 3956 Eventlog - ok 21:18:58.0531 3956 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll 21:18:58.0546 3956 EventSystem - ok 21:18:58.0593 3956 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 21:18:58.0593 3956 Fastfat - ok 21:18:58.0656 3956 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 21:18:58.0656 3956 FastUserSwitchingCompatibility - ok 21:18:58.0656 3956 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys 21:18:58.0656 3956 Fdc - ok 21:18:58.0687 3956 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 21:18:58.0687 3956 Fips - ok 21:18:58.0734 3956 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys 21:18:58.0734 3956 Flpydisk - ok 21:18:58.0781 3956 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 21:18:58.0781 3956 FltMgr - ok 21:18:58.0875 3956 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 21:18:58.0875 3956 FontCache3.0.0.0 - ok 21:18:58.0890 3956 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 21:18:58.0890 3956 Fs_Rec - ok 21:18:58.0953 3956 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 21:18:58.0953 3956 Ftdisk - ok 21:18:59.0015 3956 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 21:18:59.0015 3956 GEARAspiWDM - ok 21:18:59.0062 3956 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 21:18:59.0062 3956 Gpc - ok 21:18:59.0109 3956 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 21:18:59.0109 3956 helpsvc - ok 21:18:59.0125 3956 HidServ - ok 21:18:59.0156 3956 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys 21:18:59.0156 3956 hidusb - ok 21:18:59.0203 3956 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 21:18:59.0203 3956 hkmsvc - ok 21:18:59.0218 3956 hpn - ok 21:18:59.0265 3956 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 21:18:59.0265 3956 HTTP - ok 21:18:59.0281 3956 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 21:18:59.0281 3956 HTTPFilter - ok 21:18:59.0296 3956 i2omgmt - ok 21:18:59.0296 3956 i2omp - ok 21:18:59.0343 3956 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 21:18:59.0343 3956 i8042prt - ok 21:18:59.0437 3956 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 21:18:59.0453 3956 ialm - ok 21:18:59.0546 3956 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 21:18:59.0546 3956 idsvc - ok 21:18:59.0578 3956 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 21:18:59.0578 3956 Imapi - ok 21:18:59.0640 3956 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe 21:18:59.0640 3956 ImapiService - ok 21:18:59.0656 3956 ini910u - ok 21:18:59.0750 3956 [ 7509C548400F4C9E0211E3F6E66ABBE6 ] IntelC51 C:\WINDOWS\system32\DRIVERS\IntelC51.sys 21:18:59.0765 3956 IntelC51 - ok 21:18:59.0796 3956 [ 9584FFDD41D37F2C239681D0DAC2513E ] IntelC52 C:\WINDOWS\system32\DRIVERS\IntelC52.sys 21:18:59.0796 3956 IntelC52 - ok 21:18:59.0812 3956 [ DE2686C0E012E6AE24ACD6E79EB7FF5D ] IntelC53 C:\WINDOWS\system32\DRIVERS\IntelC53.sys 21:18:59.0812 3956 IntelC53 - ok 21:18:59.0828 3956 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys 21:18:59.0828 3956 IntelIde - ok 21:18:59.0875 3956 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 21:18:59.0875 3956 intelppm - ok 21:18:59.0921 3956 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys 21:18:59.0921 3956 Ip6Fw - ok 21:18:59.0968 3956 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 21:18:59.0968 3956 IpFilterDriver - ok 21:18:59.0984 3956 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 21:18:59.0984 3956 IpInIp - ok 21:19:00.0031 3956 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 21:19:00.0031 3956 IpNat - ok 21:19:00.0109 3956 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 21:19:00.0109 3956 iPod Service - ok 21:19:00.0140 3956 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 21:19:00.0140 3956 IPSec - ok 21:19:00.0187 3956 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 21:19:00.0187 3956 IRENUM - ok 21:19:00.0218 3956 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 21:19:00.0218 3956 isapnp - ok 21:19:00.0359 3956 [ 5472D771C0197355C1D347F20392B982 ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 21:19:00.0359 3956 JavaQuickStarterService - ok 21:19:00.0390 3956 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 21:19:00.0390 3956 Kbdclass - ok 21:19:00.0437 3956 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 21:19:00.0437 3956 kmixer - ok 21:19:00.0500 3956 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 21:19:00.0500 3956 KSecDD - ok 21:19:00.0562 3956 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 21:19:00.0562 3956 lanmanserver - ok 21:19:00.0625 3956 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 21:19:00.0625 3956 lanmanworkstation - ok 21:19:00.0640 3956 lbrtfdc - ok 21:19:00.0671 3956 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 21:19:00.0671 3956 LmHosts - ok 21:19:00.0703 3956 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll 21:19:00.0703 3956 Messenger - ok 21:19:00.0750 3956 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 21:19:00.0750 3956 mnmdd - ok 21:19:00.0796 3956 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 21:19:00.0796 3956 mnmsrvc - ok 21:19:00.0843 3956 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 21:19:00.0843 3956 Modem - ok 21:19:00.0890 3956 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys 21:19:00.0890 3956 MODEMCSA - ok 21:19:00.0937 3956 [ 59B8B11FF70728EEC60E72131C58B716 ] mohfilt C:\WINDOWS\system32\DRIVERS\mohfilt.sys 21:19:00.0937 3956 mohfilt - ok 21:19:00.0953 3956 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 21:19:00.0953 3956 Mouclass - ok 21:19:00.0953 3956 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 21:19:00.0953 3956 mouhid - ok 21:19:01.0000 3956 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 21:19:01.0000 3956 MountMgr - ok 21:19:01.0046 3956 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys 21:19:01.0046 3956 MpFilter - ok 21:19:01.0046 3956 mraid35x - ok 21:19:01.0078 3956 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 21:19:01.0078 3956 MRxDAV - ok 21:19:01.0125 3956 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 21:19:01.0125 3956 MRxSmb - ok 21:19:01.0171 3956 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe 21:19:01.0171 3956 MSDTC - ok 21:19:01.0187 3956 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 21:19:01.0187 3956 Msfs - ok 21:19:01.0203 3956 MSIServer - ok 21:19:01.0218 3956 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 21:19:01.0234 3956 MSKSSRV - ok 21:19:01.0265 3956 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 21:19:01.0265 3956 MsMpSvc - ok 21:19:01.0281 3956 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 21:19:01.0296 3956 MSPCLOCK - ok 21:19:01.0312 3956 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 21:19:01.0312 3956 MSPQM - ok 21:19:01.0359 3956 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 21:19:01.0359 3956 mssmbios - ok 21:19:01.0406 3956 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 21:19:01.0406 3956 Mup - ok 21:19:01.0437 3956 [ A1520761F42DBB06DB7929D6FA9753EA ] MxlW2k C:\WINDOWS\system32\drivers\MxlW2k.sys 21:19:01.0437 3956 MxlW2k - ok 21:19:01.0484 3956 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll 21:19:01.0484 3956 napagent - ok 21:19:01.0531 3956 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 21:19:01.0531 3956 NDIS - ok 21:19:01.0593 3956 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 21:19:01.0593 3956 NdisTapi - ok 21:19:01.0640 3956 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 21:19:01.0640 3956 Ndisuio - ok 21:19:01.0656 3956 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 21:19:01.0656 3956 NdisWan - ok 21:19:01.0718 3956 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 21:19:01.0718 3956 NDProxy - ok 21:19:01.0765 3956 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 21:19:01.0765 3956 NetBIOS - ok 21:19:01.0781 3956 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 21:19:01.0781 3956 NetBT - ok 21:19:01.0843 3956 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe 21:19:01.0843 3956 NetDDE - ok 21:19:01.0937 3956 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 21:19:01.0937 3956 NetDDEdsdm - ok 21:19:01.0984 3956 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe 21:19:01.0984 3956 Netlogon - ok 21:19:02.0062 3956 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll 21:19:02.0062 3956 Netman - ok 21:19:02.0250 3956 [ 02D0798F376FCBD0210EDA58476D0B1B ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe 21:19:02.0250 3956 NetSvc - ok 21:19:02.0312 3956 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 21:19:02.0312 3956 NetTcpPortSharing - ok 21:19:02.0343 3956 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll 21:19:02.0343 3956 Nla - ok 21:19:02.0390 3956 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 21:19:02.0390 3956 Npfs - ok 21:19:02.0406 3956 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 21:19:02.0421 3956 Ntfs - ok 21:19:02.0437 3956 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 21:19:02.0437 3956 NtLmSsp - ok 21:19:02.0484 3956 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 21:19:02.0500 3956 NtmsSvc - ok 21:19:02.0546 3956 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 21:19:02.0546 3956 Null - ok 21:19:02.0593 3956 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 21:19:02.0593 3956 NwlnkFlt - ok 21:19:02.0593 3956 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 21:19:02.0609 3956 NwlnkFwd - ok 21:19:02.0656 3956 [ 98AF5A4422414FA254AD19EE2E4C37CF ] Odptdi C:\WINDOWS\system32\drivers\odptdi.sys 21:19:02.0656 3956 Odptdi - ok 21:19:02.0812 3956 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 21:19:02.0812 3956 odserv - ok 21:19:02.0859 3956 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS 21:19:02.0859 3956 OMCI - ok 21:19:02.0921 3956 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 21:19:02.0921 3956 ose - ok 21:19:02.0984 3956 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys 21:19:02.0984 3956 Parport - ok 21:19:03.0015 3956 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 21:19:03.0015 3956 PartMgr - ok 21:19:03.0062 3956 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 21:19:03.0062 3956 ParVdm - ok 21:19:03.0093 3956 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 21:19:03.0093 3956 PCI - ok 21:19:03.0093 3956 PCIDump - ok 21:19:03.0109 3956 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 21:19:03.0109 3956 PCIIde - ok 21:19:03.0140 3956 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 21:19:03.0140 3956 Pcmcia - ok 21:19:03.0156 3956 PDCOMP - ok 21:19:03.0156 3956 PDFRAME - ok 21:19:03.0171 3956 PDRELI - ok 21:19:03.0171 3956 PDRFRAME - ok 21:19:03.0171 3956 perc2 - ok 21:19:03.0187 3956 perc2hib - ok 21:19:03.0234 3956 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe 21:19:03.0234 3956 PlugPlay - ok 21:19:03.0250 3956 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 21:19:03.0250 3956 PolicyAgent - ok 21:19:03.0296 3956 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 21:19:03.0296 3956 PptpMiniport - ok 21:19:03.0312 3956 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 21:19:03.0312 3956 ProtectedStorage - ok 21:19:03.0328 3956 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 21:19:03.0328 3956 PSched - ok 21:19:03.0343 3956 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 21:19:03.0343 3956 Ptilink - ok 21:19:03.0343 3956 ql1080 - ok 21:19:03.0359 3956 Ql10wnt - ok 21:19:03.0359 3956 ql12160 - ok 21:19:03.0375 3956 ql1240 - ok 21:19:03.0375 3956 ql1280 - ok 21:19:03.0390 3956 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 21:19:03.0390 3956 RasAcd - ok 21:19:03.0437 3956 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll 21:19:03.0437 3956 RasAuto - ok 21:19:03.0468 3956 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 21:19:03.0468 3956 Rasl2tp - ok 21:19:03.0531 3956 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll 21:19:03.0531 3956 RasMan - ok 21:19:03.0593 3956 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 21:19:03.0593 3956 RasPppoe - ok 21:19:03.0640 3956 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 21:19:03.0640 3956 Raspti - ok 21:19:03.0687 3956 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 21:19:03.0687 3956 Rdbss - ok 21:19:03.0734 3956 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 21:19:03.0734 3956 RDPCDD - ok 21:19:03.0796 3956 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 21:19:03.0796 3956 RDPWD - ok 21:19:03.0843 3956 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 21:19:03.0843 3956 RDSessMgr - ok 21:19:03.0890 3956 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 21:19:03.0890 3956 redbook - ok 21:19:03.0937 3956 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 21:19:03.0937 3956 RemoteAccess - ok 21:19:03.0984 3956 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe 21:19:03.0984 3956 RpcLocator - ok 21:19:04.0046 3956 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll 21:19:04.0046 3956 RpcSs - ok 21:19:04.0093 3956 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe 21:19:04.0093 3956 RSVP - ok 21:19:04.0140 3956 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe 21:19:04.0140 3956 SamSs - ok 21:19:04.0156 3956 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 21:19:04.0171 3956 SCardSvr - ok 21:19:04.0234 3956 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll 21:19:04.0234 3956 Schedule - ok 21:19:04.0296 3956 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 21:19:04.0296 3956 Secdrv - ok 21:19:04.0312 3956 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll 21:19:04.0312 3956 seclogon - ok 21:19:04.0375 3956 [ 9A4C4A4B191200F12085D188BE70E4E3 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys 21:19:04.0390 3956 senfilt - ok 21:19:04.0437 3956 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll 21:19:04.0437 3956 SENS - ok 21:19:04.0484 3956 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys 21:19:04.0484 3956 serenum - ok 21:19:04.0500 3956 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys 21:19:04.0500 3956 Serial - ok 21:19:04.0546 3956 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 21:19:04.0546 3956 Sfloppy - ok 21:19:04.0609 3956 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 21:19:04.0609 3956 SharedAccess - ok 21:19:04.0656 3956 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 21:19:04.0656 3956 ShellHWDetection - ok 21:19:04.0671 3956 Simbad - ok 21:19:04.0718 3956 [ 479533BACC58B1EDF916855BCD139556 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys 21:19:04.0734 3956 smwdm - ok 21:19:04.0734 3956 Sparrow - ok 21:19:04.0765 3956 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 21:19:04.0765 3956 splitter - ok 21:19:04.0812 3956 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 21:19:04.0812 3956 Spooler - ok 21:19:04.0859 3956 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 21:19:04.0859 3956 sr - ok 21:19:04.0921 3956 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll 21:19:04.0921 3956 srservice - ok 21:19:04.0984 3956 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 21:19:04.0984 3956 Srv - ok 21:19:05.0000 3956 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 21:19:05.0015 3956 SSDPSRV - ok 21:19:05.0062 3956 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll 21:19:05.0078 3956 stisvc - ok 21:19:05.0093 3956 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 21:19:05.0093 3956 swenum - ok 21:19:05.0140 3956 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 21:19:05.0140 3956 swmidi - ok 21:19:05.0156 3956 SwPrv - ok 21:19:05.0156 3956 symc810 - ok 21:19:05.0171 3956 symc8xx - ok 21:19:05.0171 3956 sym_hi - ok 21:19:05.0187 3956 sym_u3 - ok 21:19:05.0203 3956 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 21:19:05.0203 3956 sysaudio - ok 21:19:05.0250 3956 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 21:19:05.0250 3956 SysmonLog - ok 21:19:05.0296 3956 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 21:19:05.0296 3956 TapiSrv - ok 21:19:05.0359 3956 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 21:19:05.0359 3956 Tcpip - ok 21:19:05.0421 3956 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 21:19:05.0421 3956 TDPIPE - ok 21:19:05.0437 3956 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 21:19:05.0437 3956 TDTCP - ok 21:19:05.0468 3956 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 21:19:05.0468 3956 TermDD - ok 21:19:05.0515 3956 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll 21:19:05.0531 3956 TermService - ok 21:19:05.0578 3956 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll 21:19:05.0578 3956 Themes - ok 21:19:05.0578 3956 TosIde - ok 21:19:05.0625 3956 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll 21:19:05.0625 3956 TrkWks - ok 21:19:05.0671 3956 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 21:19:05.0671 3956 Udfs - ok 21:19:05.0687 3956 ultra - ok 21:19:05.0734 3956 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 21:19:05.0734 3956 Update - ok 21:19:05.0781 3956 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll 21:19:05.0781 3956 upnphost - ok 21:19:05.0828 3956 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe 21:19:05.0828 3956 UPS - ok 21:19:05.0875 3956 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys 21:19:05.0875 3956 USBAAPL - ok 21:19:05.0921 3956 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 21:19:05.0921 3956 usbccgp - ok 21:19:05.0968 3956 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 21:19:05.0968 3956 usbehci - ok 21:19:05.0984 3956 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 21:19:05.0984 3956 usbhub - ok 21:19:06.0000 3956 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 21:19:06.0000 3956 usbprint - ok 21:19:06.0000 3956 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 21:19:06.0000 3956 usbscan - ok 21:19:06.0015 3956 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 21:19:06.0015 3956 USBSTOR - ok 21:19:06.0031 3956 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 21:19:06.0031 3956 usbuhci - ok 21:19:06.0046 3956 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 21:19:06.0046 3956 VgaSave - ok 21:19:06.0062 3956 ViaIde - ok 21:19:06.0062 3956 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 21:19:06.0078 3956 VolSnap - ok 21:19:06.0125 3956 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe 21:19:06.0140 3956 VSS - ok 21:19:06.0156 3956 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll 21:19:06.0156 3956 W32Time - ok 21:19:06.0218 3956 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 21:19:06.0218 3956 Wanarp - ok 21:19:06.0234 3956 WDICA - ok 21:19:06.0250 3956 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 21:19:06.0250 3956 wdmaud - ok 21:19:06.0296 3956 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll 21:19:06.0296 3956 WebClient - ok 21:19:06.0406 3956 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 21:19:06.0406 3956 winmgmt - ok 21:19:06.0468 3956 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll 21:19:06.0468 3956 WmdmPmSN - ok 21:19:06.0562 3956 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 21:19:06.0562 3956 WmiApSrv - ok 21:19:06.0609 3956 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys 21:19:06.0609 3956 WS2IFSL - ok 21:19:06.0656 3956 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll 21:19:06.0656 3956 wscsvc - ok 21:19:06.0703 3956 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll 21:19:06.0703 3956 wuauserv - ok 21:19:06.0781 3956 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 21:19:06.0781 3956 WZCSVC - ok 21:19:06.0828 3956 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 21:19:06.0828 3956 xmlprov - ok 21:19:06.0843 3956 ================ Scan global =============================== 21:19:06.0875 3956 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll 21:19:06.0937 3956 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll 21:19:06.0953 3956 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll 21:19:06.0984 3956 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe 21:19:06.0984 3956 [Global] - ok 21:19:06.0984 3956 ================ Scan MBR ================================== 21:19:07.0015 3956 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0 21:19:07.0187 3956 \Device\Harddisk0\DR0 - ok 21:19:07.0187 3956 ================ Scan VBR ================================== 21:19:07.0187 3956 [ 6A4DD7011CD5912413BD0FCDFDFC46B9 ] \Device\Harddisk0\DR0\Partition1 21:19:07.0187 3956 \Device\Harddisk0\DR0\Partition1 - ok 21:19:07.0187 3956 ============================================================ 21:19:07.0187 3956 Scan finished 21:19:07.0187 3956 ============================================================ 21:19:07.0218 3256 Detected object count: 0 21:19:07.0218 3256 Actual detected object count: 0 aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-11-25 21:21:13 ----------------------------- 21:21:13.328 OS Version: Windows 5.1.2600 Service Pack 3 21:21:13.328 Number of processors: 2 586 0x304 21:21:13.328 ComputerName: HOMEPC UserName: Owner 21:21:13.578 Initialize success 22:08:54.281 AVAST engine defs: 12112501 22:16:39.765 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 22:16:39.765 Disk 0 Vendor: ST380011A 8.16 Size: 76293MB BusType: 3 22:16:39.781 Disk 0 MBR read successfully 22:16:39.781 Disk 0 MBR scan 22:16:39.828 Disk 0 Windows XP default MBR code 22:16:39.828 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76285 MB offset 63 22:16:39.828 Disk 0 scanning sectors +156232125 22:16:39.906 Disk 0 scanning C:\WINDOWS\system32\drivers 22:16:52.515 Service scanning 22:17:22.656 Modules scanning 22:17:45.093 Disk 0 trace - called modules: 22:17:45.093 ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS 22:17:45.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f79ab8] 22:17:45.109 3 CLASSPNP.SYS[f7557fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f7db00] 22:17:45.343 AVAST engine scan C:\WINDOWS 22:18:03.406 AVAST engine scan C:\WINDOWS\system32 22:20:26.750 AVAST engine scan C:\WINDOWS\system32\drivers 22:20:42.609 AVAST engine scan C:\Documents and Settings\Owner 22:27:56.843 AVAST engine scan C:\Documents and Settings\All Users 22:28:42.218 Scan finished successfully 22:30:46.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat" 22:30:46.312 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
Slow Computer, Need Help - Gringo_Pr

bballin514 replied to bballin514's topic in Resolved Malware Removal Logs

Combo fix ran successfully, no issues with it, did ask to download the recovery console. No visual issues, still running slow, sort of lagging, especially when connected to the internet. ComboFix 12-11-25.01 - Owner 11/25/2012 18:07:02.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.667 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP C:\drvrtmp c:\windows\isRS-000.tmp . . ((((((((((((((((((((((((( Files Created from 2012-10-25 to 2012-11-25 ))))))))))))))))))))))))))))))) . . 2012-11-25 15:51 . 2012-11-25 15:51 -------- d-----w- c:\documents and settings\Owner\Application Data\WinPatrol 2012-11-25 06:55 . 2012-11-08 15:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{03EFF966-B0BF-48A4-83C3-36F17C484EE0}\mpengine.dll 2012-11-24 16:41 . 2012-11-08 15:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-23 16:32 . 2012-05-31 17:25 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-11-23 16:28 . 2012-11-23 16:28 -------- d-----w- c:\program files\Microsoft Security Client 2012-11-23 16:27 . 2012-11-23 16:27 -------- d-----w- c:\program files\BillP Studios . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-22 08:37 . 2004-08-12 14:09 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-10-08 23:41 . 2012-05-31 22:34 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-08 23:41 . 2011-08-26 01:58 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-08 23:41 . 2012-10-08 23:41 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-10-02 18:04 . 2004-08-12 14:06 58368 ----a-w- c:\windows\system32\synceng.dll 2012-09-30 00:54 . 2011-11-21 03:25 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-31 03:03 . 2012-08-31 03:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-28 15:14 . 2004-08-12 14:09 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:14 . 2004-08-12 13:59 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-28 15:14 . 2004-08-12 13:58 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2004-08-12 13:57 385024 ----a-w- c:\windows\system32\html.iec 2011-04-14 18:01 . 2011-08-26 00:35 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816] "mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-20 53248] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776] "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2012-09-20 363752] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\Owner\\Application Data\\Aventail\\ewpca\\ewpca.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= . R1 Odptdi;Odptdi;c:\windows\system32\drivers\odptdi.sys [11/22/2009 8:27 PM 48664] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - TRUESIGHT *Deregistered* - TrueSight . Contents of the 'Scheduled Tasks' folder . 2012-11-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-31 23:41] . 2012-11-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57] . 2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-2049760794-1801674531-1003Core.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-17 01:38] . 2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-2049760794-1801674531-1003UA.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-17 01:38] . 2012-11-25 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 22:25] . 2012-11-25 c:\windows\Tasks\MpIdleTask.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 22:25] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 208.180.42.68 208.180.42.100 . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) AddRemove-{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539} - c:\docume~1\ALLUSE~1\APPLIC~1\INSTAL~1\{A62F9~1\Setup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-25 18:12 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2012-11-25 18:14:50 ComboFix-quarantined-files.txt 2012-11-25 23:14 . Pre-Run: 60,142,301,184 bytes free Post-Run: 61,234,548,736 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 0CF8D56CBD6E382A2E107A3957103803
Slow Computer, Need Help - Gringo_Pr

bballin514 replied to bballin514's topic in Resolved Malware Removal Logs

# AdwCleaner v2.009 - Logfile created 11/25/2012 at 10:49:20 # Updated 24/11/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Owner - HOMEPC # Boot Mode : Normal # Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc Folder Deleted : C:\DOCUME~1\Owner\LOCALS~1\Temp\AskSearch Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer Folder Deleted : C:\Program Files\Yontoo ***** [Registry] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1 Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Deleted : HKLM\Software\Tarma Installer ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v [unable to get version] Profile name : default File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\spvyeb57.default\prefs.js [OK] File is clean. -\\ Google Chrome v23.0.1271.64 File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [2337 octets] - [25/11/2012 10:49:20] ########## EOF - C:\AdwCleaner[s1].txt - [2397 octets] ########## RogueKiller V8.3.1 [Nov 25 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Owner [Admin rights] Mode : Scan -- Date : 11/25/2012 10:55:44 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:5555) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST380011A +++++ --- User --- [MBR] 887f7668355e2643e1007c8b52e271ec [bSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76285 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_11252012_02d1055.txt >> RKreport[1]_S_11252012_02d1055.txt
Slow Computer, Need Help - Gringo_Pr

bballin514 posted a topic in Resolved Malware Removal Logs

Gringo, Any help with speeding up this old desktop would be greatly appreciated. I have the inital files below. Thanks DDS: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1 Run by Owner at 13:45:09 on 2012-11-23 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.76 [GMT -5:00] . AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes ================ . C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uInternet Connection Wizard,ShellNext = iexplore uProxyServer = hxxp=127.0.0.1:5555 BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\yontoo\YontooIEClient.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe" mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [WinPatrol] c:\program files\billp studios\winpatrol\WinPatrol.exe -expressboot mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent mRunOnce: [innoSetupRegFile.0000000001] "c:\windows\is-S6PO6.exe" /REG /REGSVRMODE uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\empirepokermaster\empirepoker\RunEPoker.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E5168F0C-8591-11D4-BCDF-006008B7FEA4} - hxxp://www.platoweb.com/pathways/pway_iis.dll/pwln/02040611/fullcab/pwlninst.cab TCP: NameServer = 192.168.1.1 208.180.42.68 208.180.42.100 TCP: Interfaces\{352F72ED-EBF8-4814-A9D4-1E2DF4C70A46} : DHCPNameServer = 192.168.1.1 208.180.42.68 208.180.42.100 Notify: igfxcui - igfxdev.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552] R1 MpKsl2d780089;MpKsl2d780089;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{731f27b7-af6e-4db9-abc3-b4b387c2eeb8}\MpKsl2d780089.sys [2012-11-23 29904] R1 Odptdi;Odptdi;c:\windows\system32\drivers\odptdi.sys [2009-11-22 48664] . =============== Created Last 30 ================ . 2012-11-23 16:44:38 60872 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{731f27b7-af6e-4db9-abc3-b4b387c2eeb8}\offreg.dll 2012-11-23 16:44:37 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{731f27b7-af6e-4db9-abc3-b4b387c2eeb8}\MpKsl2d780089.sys 2012-11-23 16:33:10 6812136 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{731f27b7-af6e-4db9-abc3-b4b387c2eeb8}\mpengine.dll 2012-11-23 16:32:43 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-11-23 16:28:08 -------- d-----w- c:\program files\Microsoft Security Client 2012-11-23 16:27:41 -------- d-----w- c:\program files\BillP Studios 2012-11-23 16:27:40 -------- d-----w- c:\documents and settings\all users\application data\InstallMate 2012-11-23 16:27:25 711240 ----a-w- c:\windows\is-S6PO6.exe 2012-11-23 12:55:03 693760 ----a-w- c:\windows\isRS-000.tmp . ==================== Find3M ==================== . 2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-10-08 23:41:29 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-08 23:41:29 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-08 23:41:24 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll 2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-31 03:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec . ============= FINISH: 13:51:26.37 =============== ATTACH: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 10/25/2009 10:58:00 PM System Uptime: 11/23/2012 7:56:11 AM (6 hours ago) . Motherboard: Dell Computer Corp. | | 0N6381 Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 74 GiB total, 55.917 GiB free. D: is CDROM (CDFS) E: is CDROM () G: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP934: 8/24/2012 10:10:33 AM - System Checkpoint RP935: 8/25/2012 11:10:28 AM - System Checkpoint RP936: 8/26/2012 12:53:13 PM - System Checkpoint RP937: 8/27/2012 1:10:31 PM - System Checkpoint RP938: 8/28/2012 1:11:36 PM - System Checkpoint RP939: 8/29/2012 2:06:31 PM - System Checkpoint RP940: 8/30/2012 8:19:38 PM - System Checkpoint RP941: 9/1/2012 9:42:06 AM - System Checkpoint RP942: 9/5/2012 3:45:08 PM - System Checkpoint RP943: 9/8/2012 2:21:40 PM - System Checkpoint RP944: 9/9/2012 9:23:45 PM - System Checkpoint RP945: 9/10/2012 10:14:43 PM - System Checkpoint RP946: 9/13/2012 3:00:25 AM - Software Distribution Service 3.0 RP947: 9/14/2012 9:26:26 AM - System Checkpoint RP948: 9/15/2012 10:23:20 AM - System Checkpoint RP949: 9/16/2012 11:23:20 AM - System Checkpoint RP950: 9/17/2012 6:02:11 PM - System Checkpoint RP951: 9/20/2012 3:57:43 PM - System Checkpoint RP952: 9/21/2012 5:52:36 PM - System Checkpoint RP953: 9/23/2012 3:00:28 AM - Software Distribution Service 3.0 RP954: 9/25/2012 5:07:06 PM - System Checkpoint RP955: 10/1/2012 4:49:05 PM - System Checkpoint RP956: 10/3/2012 7:05:11 AM - System Checkpoint RP957: 10/4/2012 12:49:41 PM - System Checkpoint RP958: 10/8/2012 4:33:35 PM - System Checkpoint RP959: 10/9/2012 5:18:54 PM - System Checkpoint RP960: 10/10/2012 3:00:50 AM - Software Distribution Service 3.0 RP961: 10/10/2012 9:20:16 PM - Removed Microsoft Office Home and Student 2007 RP962: 10/10/2012 9:25:47 PM - Removed QuickTime RP963: 10/10/2012 9:32:27 PM - Software Distribution Service 3.0 RP964: 10/12/2012 9:11:03 PM - System Checkpoint RP965: 10/13/2012 11:01:27 PM - System Checkpoint RP966: 10/14/2012 12:17:55 PM - Installed Microsoft Office Home and Student 2007 RP967: 10/14/2012 12:23:37 PM - Printer Driver Send To Microsoft OneNote Driver Installed RP968: 10/15/2012 5:28:09 PM - System Checkpoint RP969: 10/16/2012 3:00:20 AM - Software Distribution Service 3.0 RP970: 10/17/2012 3:00:25 AM - Software Distribution Service 3.0 RP971: 10/18/2012 3:15:40 AM - System Checkpoint RP972: 10/19/2012 4:17:04 AM - System Checkpoint RP973: 10/20/2012 5:15:34 AM - System Checkpoint RP974: 10/21/2012 6:03:34 AM - System Checkpoint RP975: 10/22/2012 6:27:34 AM - System Checkpoint RP976: 10/23/2012 7:27:34 AM - System Checkpoint RP977: 10/24/2012 7:39:34 AM - System Checkpoint RP978: 10/25/2012 8:55:27 AM - System Checkpoint RP979: 10/26/2012 9:07:23 AM - System Checkpoint RP980: 10/27/2012 10:07:26 AM - System Checkpoint RP981: 10/28/2012 10:43:22 AM - System Checkpoint RP982: 10/29/2012 11:55:22 AM - System Checkpoint RP983: 10/31/2012 7:34:30 PM - System Checkpoint RP984: 11/1/2012 7:58:37 PM - System Checkpoint RP985: 11/2/2012 8:57:48 PM - System Checkpoint RP986: 11/3/2012 9:10:36 PM - System Checkpoint RP987: 11/4/2012 8:22:41 PM - System Checkpoint RP988: 11/5/2012 8:44:48 PM - System Checkpoint RP989: 11/6/2012 8:56:16 PM - Removed Safari RP990: 11/7/2012 9:22:40 PM - System Checkpoint RP991: 11/9/2012 12:31:11 AM - System Checkpoint RP992: 11/10/2012 1:23:54 AM - System Checkpoint RP993: 11/11/2012 1:46:36 AM - System Checkpoint RP994: 11/12/2012 2:10:36 AM - System Checkpoint RP995: 11/13/2012 2:58:37 AM - System Checkpoint RP996: 11/14/2012 3:10:36 AM - System Checkpoint RP997: 11/15/2012 4:10:36 AM - System Checkpoint RP998: 11/16/2012 3:00:42 AM - Software Distribution Service 3.0 RP999: 11/17/2012 4:31:30 AM - System Checkpoint RP1000: 11/18/2012 4:35:30 AM - System Checkpoint RP1001: 11/19/2012 5:47:33 AM - System Checkpoint RP1002: 11/20/2012 6:13:53 AM - System Checkpoint RP1003: 11/21/2012 6:37:52 AM - System Checkpoint RP1004: 11/23/2012 11:32:41 AM - Software Distribution Service 3.0 . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.5.2 Adobe Shockwave Player 11.6 Apple Application Support Apple Mobile Device Support Apple Software Update Aventail Access Manager Aventail OnDemand Proxy Agent Aventail Web Proxy Agent Aventail Webifiers Bonjour Canon Easy-WebPrint EX Canon MP Navigator EX 3.0 Canon MP560 series MP Drivers Canon MP560 series User Registration Canon Utilities Easy-PhotoPrint EX Canon Utilities My Printer Canon Utilities Solution Menu CorelDRAW Graphics Suite 12 CutePDF Writer 2.8 Dell Digital Jukebox Driver Dell Media Experience Dell ResourceCD Garmin Communicator Plugin Garmin USB Drivers Google Chrome Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HumminbirdPC Intel® 537EP V9x DF PCI Modem Intel® Extreme Graphics 2 Driver Intel® PRO Network Adapters and Drivers Intel® PROSet for Wired Connections iTunes Java 2 Runtime Environment, SE v1.4.2_03 Java Auto Updater Java 6 Update 29 Java 7 Update 4 JavaFX 2.1.0 Macro Recorder Malwarebytes Anti-Malware version 1.65.1.1000 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Software Update for Web Folders (English) 12 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable MobileMe Control Panel Move Media Player MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB973686) MUSICMATCH® Jukebox Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974455) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982665) SoundMAX swMSM Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Windows Internet Explorer 8 (KB975364) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2345886) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) WebFldrs XP Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 8 Windows Media Player Firefox Plugin Windows XP Service Pack 3 WinPatrol Yontoo 1.10.02 . ==== Event Viewer Messages From Past Week ======== . 11/22/2012 8:24:01 PM, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). 11/22/2012 8:24:01 PM, error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). . ==== End Of File ===========================
Trojan - svchost Need help removing virus

bballin514 replied to bballin514's topic in Resolved Malware Removal Logs

Gringo, Thank you again for helping me with my virus issues on my laptop. One more question, I have a desktop PC that i have ran MBAM on and it doesn't show any virus or threats, but the system is very slow. Can you help me with removing items and try to help me speed it up? Please let me know and I will do whatever steps you require me to do. Thanks Again, Josh
Trojan - svchost Need help removing virus

bballin514 replied to bballin514's topic in Resolved Malware Removal Logs

Gringo, Thank you so much for spending time online and helping me get through all of this. You are very detailed and I greatly appreciate you helping me along the way. I will certainly recommend you to everyone I know that might have a computer issue. Thanks again, have a nice holiday season, take care!
Trojan - svchost Need help removing virus

bballin514 replied to bballin514's topic in Resolved Malware Removal Logs

No Problems with the hijackthis program, removed the items you listed.... Ugh! Threats found in the ESET Scanner: Details below: C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application C:\TDSSKiller_Quarantine\22.11.2012_20.48.11\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan C:\TDSSKiller_Quarantine\22.11.2012_20.48.11\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan C:\TDSSKiller_Quarantine\22.11.2012_20.48.11\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.PR trojan C:\TDSSKiller_Quarantine\22.11.2012_20.48.11\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan C:\TDSSKiller_Quarantine\22.11.2012_20.48.11\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan C:\TDSSKiller_Quarantine\22.11.2012_20.48.11\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2I73SMK3\cat-and-dolphin-playing-together[1].htm HTML/ScrInject.B.Gen virus C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UK5N6DOD\lion-plays-with-human-baby[1].htm HTML/ScrInject.B.Gen virus C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2I73SMK3\cat-and-dolphin-playing-together[1].htm HTML/ScrInject.B.Gen virus C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UK5N6DOD\lion-plays-with-human-baby[1].htm HTML/ScrInject.B.Gen virus
Trojan - svchost Need help removing virus

bballin514 replied to bballin514's topic in Resolved Malware Removal Logs

Results Below: Everything seems to be running fine, nothing found in the MBAM scan. Notepad Results automatically popped up, no reboot required. MBAM Log Results: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.23.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Felicia Perdew :: PERDEW [administrator] 11/22/2012 11:14:58 PM mbam-log-2012-11-22 (23-14-58).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 236592 Time elapsed: 4 minute(s), 8 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) HIJackThis Results: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:22:35 PM, on 11/22/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16455) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Users\Felicia Perdew\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll (file missing) O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe O4 - HKUS\S-1-5-21-2936985488-4110432098-3966030318-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'RA Media Server') O4 - HKUS\S-1-5-21-2936985488-4110432098-3966030318-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'RA Media Server') O4 - S-1-5-21-2936985488-4110432098-3966030318-1003 User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'RA Media Server') O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E5168F0C-8591-11D4-BCDF-006008B7FEA4} - http://www.platoweb.com/pathways/pway_iis.dll/pwln/02040611/fullcab/pwlninst.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://connect2.pb.com/dana-cached/sc/JuniperSetupClient.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Remote Access Media Server (Apache2.2) - Apache Software Foundation - C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BullGuard Behavioural Detection (BsBhvScan) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe O23 - Service: Remote Access DB (dsl-db) - Unknown owner - C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe O23 - Service: Remote Access File Sync Service (dsl-fs-sync) - SingleClick Systems - C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 14010 bytes
Trojan - svchost Need help removing virus

bballin514 replied to bballin514's topic in Resolved Malware Removal Logs

Results from combofix below: No visual issues at the moment, should I run malwarebytes again and see if the trojan still exists? I see in this report that it is still trying to delete svchost.exe file. That was the trojan from the start of the problem. Also, I keep getting a popup that Java needs updated...Should I update Java? ComboFix 12-11-22.03 - Felicia Perdew 11/22/2012 21:47:02.3.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4029.2317 [GMT -5:00] Running from: c:\users\Felicia Perdew\Desktop\ComboFix.exe Command switches used :: c:\users\Felicia Perdew\Desktop\CFScript.txt AV: BullGuard Antivirus *Disabled/Outdated* {C3CCAC61-52F7-A056-1860-6406566E2578} FW: BullGuard Firewall *Disabled* {FBF72D44-1898-A10E-333F-CD33A8BD6203} SP: BullGuard Antispyware *Disabled/Outdated* {78AD4D85-74CD-AFD8-22D0-5F742DE96FC5} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\svchost.exe . . ((((((((((((((((((((((((( Files Created from 2012-10-23 to 2012-11-23 ))))))))))))))))))))))))))))))) . . 2012-11-23 02:54 . 2012-11-23 02:54 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp 2012-11-23 02:54 . 2012-11-23 02:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-23 01:49 . 2012-11-23 01:49 -------- d-----w- C:\TDSSKiller_Quarantine 2012-11-18 03:43 . 2012-06-07 00:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-11-18 03:43 . 2012-06-07 00:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-11-18 03:43 . 2012-06-07 00:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-11-18 03:43 . 2012-06-07 00:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-11-18 03:43 . 2012-06-07 00:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-11-18 03:43 . 2012-06-07 00:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-11-18 03:43 . 2012-06-07 00:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-11-16 02:15 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-11-16 02:15 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2012-11-16 02:15 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-11-16 02:15 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-11-16 02:15 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-11-16 02:14 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll 2012-11-16 02:14 . 2012-10-03 16:42 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll 2012-11-16 02:14 . 2012-10-03 16:42 156672 ----a-w- c:\windows\SysWow64\ncsi.dll 2012-11-16 02:14 . 2012-01-13 07:12 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll 2012-11-16 02:14 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-11-16 02:14 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll 2012-11-16 02:14 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll 2012-11-16 02:14 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll 2012-11-16 02:14 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll 2012-11-16 02:14 . 2012-10-03 17:44 246272 ----a-w- c:\windows\system32\netcorehc.dll 2012-11-16 02:14 . 2012-10-03 17:42 569344 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-11-16 02:14 . 2012-10-03 16:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2012-11-16 02:12 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-16 02:12 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-16 02:00 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-16 02:00 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-16 02:00 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-16 02:00 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-16 01:40 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-16 01:40 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-16 01:40 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-16 01:40 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-16 01:40 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-16 01:40 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-16 01:40 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-10-24 23:09 . 2012-10-25 11:02 -------- d-----w- c:\program files (x86)\ReMouse Micro 2012-10-24 22:57 . 2012-10-24 23:10 -------- d-----w- c:\program files (x86)\GhostMouse 2012-10-24 22:54 . 2012-10-24 22:54 -------- d-----w- c:\users\Felicia Perdew\AppData\Local\Zoom_Downloader 2012-10-24 22:53 . 2012-10-24 22:53 -------- d-----w- c:\program files (x86)\SaveValet 2012-10-24 22:25 . 2012-10-24 22:25 -------- d-----w- c:\users\Felicia Perdew\AppData\Local\Softomotive 2012-10-24 22:24 . 2012-10-24 22:24 -------- d-----w- c:\programdata\Softomotive . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-18 03:33 . 2010-11-30 21:27 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2012-11-18 02:30 . 2010-11-07 18:41 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-11-18 02:27 . 2010-11-07 18:40 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-11-18 02:27 . 2010-11-30 21:27 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-11-16 01:42 . 2010-02-01 18:08 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-09 00:25 . 2012-05-14 01:29 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-09 00:25 . 2012-05-14 01:29 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-09-14 19:19 . 2012-10-10 23:12 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 23:12 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-10 23:13 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-10 23:13 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 23:13 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12 . 2012-10-10 23:13 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-28 00:33 . 2012-08-28 00:34 111064 ----a-w- c:\windows\system32\BgGamingMonitor.dll 2012-08-28 00:33 . 2012-08-28 00:34 100216 ----a-w- c:\windows\SysWow64\BgGamingMonitor.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Felicia Perdew\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Felicia Perdew\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Felicia Perdew\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280] "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-09-10 59280] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280] "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-05-12 300472] "Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-09-17 165104] . c:\users\Felicia Perdew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [2011-11-12 40320] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S1 AFW;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [2012-06-15 38528] S1 BdSpy;BdSpy;c:\windows\system32\DRIVERS\BdSpy.sys [2012-06-15 66272] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 87600] S1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\DRIVERS\NSKernel.sys [2012-06-15 256072] S1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\DRIVERS\NSNetmon.sys [2012-06-15 25160] S2 Apache2.2;Remote Access Media Server;c:\program files (x86)\Common Files\Dell\apache\bin\httpd.exe [2008-12-10 24636] S2 BsBackup;BullGuard backup service;c:\windows\System32\SvcHost.exe [2009-07-14 27136] S2 BsBhvScan;BullGuard Behavioural Detection;c:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [2012-08-28 368480] S2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe [2009-07-14 27136] S2 BsFire;BullGuard firewall service;c:\windows\System32\SvcHost.exe [2009-07-14 27136] S2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe [2009-07-14 27136] S2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe [2009-07-14 27136] S2 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [2012-08-28 201056] S2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [2012-08-28 379744] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2010-01-11 155648] S2 dsl-db;Remote Access DB;c:\program files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe [2009-06-11 5730304] S2 dsl-fs-sync;Remote Access File Sync Service;c:\program files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-07-21 189680] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-09-17 656624] S3 afwcore;afwcore;c:\windows\system32\DRIVERS\afwcore.sys [2012-06-15 445568] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848] S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [2009-05-14 5435904] S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088] . . Contents of the 'Scheduled Tasks' folder . 2012-11-23 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 00:25] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Felicia Perdew\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Felicia Perdew\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Felicia Perdew\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Felicia Perdew\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 2185032] "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html LSP: c:\windows\system32\BGLsp.dll Trusted Zone: blank Trusted Zone: intuit.com\ttlc Trusted Zone: netflix.com\www Trusted Zone: nisourceapps.com\new Trusted Zone: security_WinAutomation.Console.exe TCP: DhcpNameServer = 192.168.1.1 208.180.42.68 208.180.42.100 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) SafeBoot-08757920.sys AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-sl-adk - c:\program files (x86)\OApps\sl-adk_uninstall.exe AddRemove-{67F5E390-8E09-4AE4-B7F2-705AFD23D86D} - c:\programdata\{5F28F5B3-12D6-446F-9E1C-EAE237A576B3}\WinAutomationSetup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e, 71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,38,12,74,86,a7, 23,35,7c,cc,00,c6,51,fd,ca,fb,3f,27,bf "{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96, 33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd "{517E0D3E-17A4-4592-926E-A082DB43B7D3}"=hex:51,66,7a,6c,4c,1d,38,12,50,0e,6d, 55,96,59,fc,00,ed,78,e3,c2,de,1d,f3,c7 "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce, 9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27, 25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:50,47,84,67,5b,c4,cd,01 . [HKEY_USERS\S-1-5-21-2936985488-4110432098-3966030318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2936985488-4110432098-3966030318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe . ************************************************************************** . Completion time: 2012-11-22 22:03:07 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-23 03:03 ComboFix2.txt 2012-11-22 17:21 . Pre-Run: 390,533,079,040 bytes free Post-Run: 390,720,925,696 bytes free . - - End Of File - - 06123F25F0070D85511C7235C69DB6B1
Trojan - svchost Need help removing virus

bballin514 replied to bballin514's topic in Resolved Malware Removal Logs

No Problems running either scan: Results below TDSSKiller Results: 20:56:03.0426 5984 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 20:56:03.0972 5984 ============================================================ 20:56:03.0972 5984 Current date / time: 2012/11/22 20:56:03.0972 20:56:03.0972 5984 SystemInfo: 20:56:03.0972 5984 20:56:03.0972 5984 OS Version: 6.1.7601 ServicePack: 1.0 20:56:03.0972 5984 Product type: Workstation 20:56:03.0972 5984 ComputerName: PERDEW 20:56:03.0972 5984 UserName: Felicia Perdew 20:56:03.0972 5984 Windows directory: C:\Windows 20:56:03.0972 5984 System windows directory: C:\Windows 20:56:03.0972 5984 Running under WOW64 20:56:03.0972 5984 Processor architecture: Intel x64 20:56:03.0972 5984 Number of processors: 2 20:56:03.0972 5984 Page size: 0x1000 20:56:03.0972 5984 Boot type: Normal boot 20:56:03.0972 5984 ============================================================ 20:56:05.0782 5984 BG loaded 20:56:06.0078 5984 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:56:06.0078 5984 ============================================================ 20:56:06.0078 5984 \Device\Harddisk0\DR0: 20:56:06.0078 5984 MBR partitions: 20:56:06.0078 5984 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000 20:56:06.0078 5984 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x38625E6B 20:56:06.0078 5984 ============================================================ 20:56:06.0109 5984 C: <-> \Device\Harddisk0\DR0\Partition2 20:56:06.0109 5984 ============================================================ 20:56:06.0109 5984 Initialize success 20:56:06.0109 5984 ============================================================ 20:56:08.0699 2232 ============================================================ 20:56:08.0699 2232 Scan started 20:56:08.0699 2232 Mode: Manual; 20:56:08.0699 2232 ============================================================ 20:56:11.0803 2232 ================ Scan system memory ======================== 20:56:11.0803 2232 System memory - ok 20:56:11.0803 2232 ================ Scan services ============================= 20:56:11.0975 2232 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 20:56:11.0975 2232 1394ohci - ok 20:56:12.0006 2232 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 20:56:12.0022 2232 ACPI - ok 20:56:12.0053 2232 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 20:56:12.0053 2232 AcpiPmi - ok 20:56:12.0178 2232 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 20:56:12.0178 2232 AdobeARMservice - ok 20:56:12.0302 2232 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 20:56:12.0318 2232 AdobeFlashPlayerUpdateSvc - ok 20:56:12.0365 2232 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 20:56:12.0380 2232 adp94xx - ok 20:56:12.0412 2232 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 20:56:12.0427 2232 adpahci - ok 20:56:12.0443 2232 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 20:56:12.0443 2232 adpu320 - ok 20:56:12.0474 2232 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 20:56:12.0474 2232 AeLookupSvc - ok 20:56:12.0521 2232 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 20:56:12.0521 2232 AFD - ok 20:56:12.0583 2232 [ 7C0604FFC4366EE890BEB8DBB97B2169 ] AFW C:\Windows\system32\DRIVERS\afw.sys 20:56:12.0583 2232 AFW - ok 20:56:12.0614 2232 [ C1E054C08FD8876313ACC17683B3D1A6 ] afwcore C:\Windows\system32\DRIVERS\afwcore.sys 20:56:12.0630 2232 afwcore - ok 20:56:12.0661 2232 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 20:56:12.0661 2232 agp440 - ok 20:56:12.0677 2232 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 20:56:12.0677 2232 ALG - ok 20:56:12.0708 2232 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 20:56:12.0708 2232 aliide - ok 20:56:12.0739 2232 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 20:56:12.0739 2232 amdide - ok 20:56:12.0770 2232 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 20:56:12.0770 2232 AmdK8 - ok 20:56:12.0786 2232 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 20:56:12.0786 2232 AmdPPM - ok 20:56:12.0833 2232 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 20:56:12.0833 2232 amdsata - ok 20:56:12.0864 2232 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 20:56:12.0864 2232 amdsbs - ok 20:56:12.0864 2232 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 20:56:12.0880 2232 amdxata - ok 20:56:12.0958 2232 [ 375640F39F2D613B6FDCF8C2F956205A ] Apache2.2 C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe 20:56:12.0958 2232 Apache2.2 - ok 20:56:13.0020 2232 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 20:56:13.0020 2232 AppID - ok 20:56:13.0036 2232 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 20:56:13.0036 2232 AppIDSvc - ok 20:56:13.0067 2232 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 20:56:13.0067 2232 Appinfo - ok 20:56:13.0176 2232 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 20:56:13.0176 2232 Apple Mobile Device - ok 20:56:13.0223 2232 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 20:56:13.0223 2232 arc - ok 20:56:13.0238 2232 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 20:56:13.0238 2232 arcsas - ok 20:56:13.0270 2232 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 20:56:13.0270 2232 AsyncMac - ok 20:56:13.0301 2232 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 20:56:13.0301 2232 atapi - ok 20:56:13.0363 2232 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 20:56:13.0379 2232 AudioEndpointBuilder - ok 20:56:13.0394 2232 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 20:56:13.0410 2232 AudioSrv - ok 20:56:13.0457 2232 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 20:56:13.0457 2232 AxInstSV - ok 20:56:13.0472 2232 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 20:56:13.0488 2232 b06bdrv - ok 20:56:13.0519 2232 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 20:56:13.0535 2232 b57nd60a - ok 20:56:13.0566 2232 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 20:56:13.0566 2232 BDESVC - ok 20:56:13.0628 2232 [ 73F7E3E94E6122F0CB2968DB7F6A6855 ] BdSpy C:\Windows\system32\DRIVERS\BdSpy.sys 20:56:13.0628 2232 BdSpy - ok 20:56:13.0644 2232 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 20:56:13.0644 2232 Beep - ok 20:56:13.0706 2232 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 20:56:13.0706 2232 BFE - ok 20:56:13.0753 2232 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll 20:56:13.0753 2232 BITS - ok 20:56:13.0769 2232 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 20:56:13.0784 2232 blbdrive - ok 20:56:13.0862 2232 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 20:56:13.0862 2232 Bonjour Service - ok 20:56:13.0909 2232 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 20:56:13.0909 2232 bowser - ok 20:56:13.0925 2232 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 20:56:13.0925 2232 BrFiltLo - ok 20:56:13.0940 2232 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 20:56:13.0940 2232 BrFiltUp - ok 20:56:14.0003 2232 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 20:56:14.0003 2232 BridgeMP - ok 20:56:14.0018 2232 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 20:56:14.0034 2232 Browser - ok 20:56:14.0050 2232 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 20:56:14.0050 2232 Brserid - ok 20:56:14.0065 2232 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 20:56:14.0065 2232 BrSerWdm - ok 20:56:14.0081 2232 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 20:56:14.0081 2232 BrUsbMdm - ok 20:56:14.0096 2232 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 20:56:14.0096 2232 BrUsbSer - ok 20:56:14.0174 2232 [ 03481999118BB36F7BF4979BD436DA38 ] BsBackup C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll 20:56:14.0190 2232 BsBackup - ok 20:56:14.0252 2232 [ E37928809E692067388D16D610E2BF9F ] BsBhvScan C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe 20:56:14.0252 2232 BsBhvScan - ok 20:56:14.0299 2232 [ 751B210E8F2DAAC70FFCED2EA3DC4EE0 ] BsFileScan C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll 20:56:14.0299 2232 BsFileScan - ok 20:56:14.0362 2232 [ F7555FDC76244BDC08555CB9E22D0600 ] BsFire C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll 20:56:14.0362 2232 BsFire - ok 20:56:14.0393 2232 [ 73DC84EF5B24B159B7F6C2792D9C9C53 ] BsMailProxy C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll 20:56:14.0408 2232 BsMailProxy - ok 20:56:14.0455 2232 [ F91A7F531EDF7BA4A80CB2178ECE54BB ] BsMain C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll 20:56:14.0455 2232 BsMain - ok 20:56:14.0471 2232 [ ABA92E74E5917DD1765D3D005A54325A ] BsScanner C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe 20:56:14.0471 2232 BsScanner - ok 20:56:14.0533 2232 [ 75EE63DA5FD88F04F2E5705A44A4179C ] BsUpdate C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe 20:56:14.0533 2232 BsUpdate - ok 20:56:14.0549 2232 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 20:56:14.0549 2232 BTHMODEM - ok 20:56:14.0580 2232 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 20:56:14.0580 2232 bthserv - ok 20:56:14.0596 2232 catchme - ok 20:56:14.0642 2232 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 20:56:14.0642 2232 cdfs - ok 20:56:14.0689 2232 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 20:56:14.0689 2232 cdrom - ok 20:56:14.0736 2232 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 20:56:14.0736 2232 CertPropSvc - ok 20:56:14.0752 2232 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 20:56:14.0767 2232 circlass - ok 20:56:14.0783 2232 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 20:56:14.0783 2232 CLFS - ok 20:56:14.0845 2232 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:56:14.0845 2232 clr_optimization_v2.0.50727_32 - ok 20:56:14.0892 2232 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 20:56:14.0892 2232 clr_optimization_v2.0.50727_64 - ok 20:56:14.0970 2232 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:56:14.0970 2232 clr_optimization_v4.0.30319_32 - ok 20:56:14.0986 2232 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 20:56:14.0986 2232 clr_optimization_v4.0.30319_64 - ok 20:56:15.0017 2232 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 20:56:15.0017 2232 CmBatt - ok 20:56:15.0048 2232 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 20:56:15.0048 2232 cmdide - ok 20:56:15.0079 2232 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 20:56:15.0079 2232 CNG - ok 20:56:15.0110 2232 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 20:56:15.0110 2232 Compbatt - ok 20:56:15.0142 2232 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 20:56:15.0157 2232 CompositeBus - ok 20:56:15.0173 2232 COMSysApp - ok 20:56:15.0188 2232 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 20:56:15.0188 2232 crcdisk - ok 20:56:15.0251 2232 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 20:56:15.0251 2232 CryptSvc - ok 20:56:15.0298 2232 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys 20:56:15.0298 2232 CtClsFlt - ok 20:56:15.0360 2232 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys 20:56:15.0360 2232 ctxusbm - ok 20:56:15.0407 2232 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 20:56:15.0422 2232 DcomLaunch - ok 20:56:15.0454 2232 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 20:56:15.0454 2232 defragsvc - ok 20:56:15.0485 2232 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 20:56:15.0485 2232 DfsC - ok 20:56:15.0532 2232 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 20:56:15.0532 2232 Dhcp - ok 20:56:15.0563 2232 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 20:56:15.0563 2232 discache - ok 20:56:15.0578 2232 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 20:56:15.0578 2232 Disk - ok 20:56:15.0625 2232 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 20:56:15.0625 2232 Dnscache - ok 20:56:15.0703 2232 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe 20:56:15.0703 2232 DockLoginService - ok 20:56:15.0734 2232 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 20:56:15.0734 2232 dot3svc - ok 20:56:15.0750 2232 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 20:56:15.0766 2232 DPS - ok 20:56:15.0781 2232 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 20:56:15.0781 2232 drmkaud - ok 20:56:15.0937 2232 [ 0BB913F9F02677BD4AE96D4967CACFEE ] dsl-db C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe 20:56:15.0984 2232 dsl-db - ok 20:56:16.0078 2232 [ 5D0A71316D6BFEA3C88C30AD81FDB606 ] dsl-fs-sync C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe 20:56:16.0078 2232 dsl-fs-sync - ok 20:56:16.0124 2232 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 20:56:16.0140 2232 DXGKrnl - ok 20:56:16.0171 2232 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 20:56:16.0171 2232 EapHost - ok 20:56:16.0265 2232 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 20:56:16.0296 2232 ebdrv - ok 20:56:16.0327 2232 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 20:56:16.0327 2232 EFS - ok 20:56:16.0405 2232 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 20:56:16.0405 2232 ehRecvr - ok 20:56:16.0436 2232 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 20:56:16.0436 2232 ehSched - ok 20:56:16.0468 2232 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 20:56:16.0483 2232 elxstor - ok 20:56:16.0499 2232 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 20:56:16.0499 2232 ErrDev - ok 20:56:16.0530 2232 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 20:56:16.0546 2232 EventSystem - ok 20:56:16.0561 2232 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 20:56:16.0561 2232 exfat - ok 20:56:16.0577 2232 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 20:56:16.0577 2232 fastfat - ok 20:56:16.0608 2232 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 20:56:16.0624 2232 Fax - ok 20:56:16.0624 2232 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 20:56:16.0624 2232 fdc - ok 20:56:16.0639 2232 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 20:56:16.0639 2232 fdPHost - ok 20:56:16.0655 2232 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 20:56:16.0655 2232 FDResPub - ok 20:56:16.0670 2232 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 20:56:16.0686 2232 FileInfo - ok 20:56:16.0686 2232 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 20:56:16.0686 2232 Filetrace - ok 20:56:16.0702 2232 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 20:56:16.0702 2232 flpydisk - ok 20:56:16.0733 2232 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 20:56:16.0733 2232 FltMgr - ok 20:56:16.0780 2232 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 20:56:16.0795 2232 FontCache - ok 20:56:16.0826 2232 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 20:56:16.0826 2232 FontCache3.0.0.0 - ok 20:56:16.0842 2232 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 20:56:16.0842 2232 FsDepends - ok 20:56:16.0904 2232 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 20:56:16.0904 2232 fssfltr - ok 20:56:16.0998 2232 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 20:56:17.0014 2232 fsssvc - ok 20:56:17.0045 2232 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 20:56:17.0045 2232 Fs_Rec - ok 20:56:17.0092 2232 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 20:56:17.0092 2232 fvevol - ok 20:56:17.0107 2232 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 20:56:17.0107 2232 gagp30kx - ok 20:56:17.0138 2232 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 20:56:17.0138 2232 GEARAspiWDM - ok 20:56:17.0185 2232 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe 20:56:17.0185 2232 GoToAssist - ok 20:56:17.0232 2232 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 20:56:17.0232 2232 gpsvc - ok 20:56:17.0248 2232 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 20:56:17.0248 2232 hcw85cir - ok 20:56:17.0294 2232 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 20:56:17.0294 2232 HDAudBus - ok 20:56:17.0482 2232 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 20:56:17.0482 2232 HidBatt - ok 20:56:17.0513 2232 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 20:56:17.0513 2232 HidBth - ok 20:56:17.0528 2232 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 20:56:17.0528 2232 HidIr - ok 20:56:17.0560 2232 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 20:56:17.0560 2232 hidserv - ok 20:56:17.0606 2232 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 20:56:17.0606 2232 HidUsb - ok 20:56:17.0638 2232 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 20:56:17.0638 2232 hkmsvc - ok 20:56:17.0700 2232 [ 583431A6989FD8B901D1883C0299C471 ] hnmsvc c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe 20:56:17.0700 2232 hnmsvc - ok 20:56:17.0731 2232 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 20:56:17.0747 2232 HomeGroupListener - ok 20:56:17.0778 2232 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 20:56:17.0778 2232 HomeGroupProvider - ok 20:56:17.0809 2232 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 20:56:17.0809 2232 HpSAMD - ok 20:56:17.0872 2232 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 20:56:17.0887 2232 HTTP - ok 20:56:17.0918 2232 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 20:56:17.0918 2232 hwpolicy - ok 20:56:17.0965 2232 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 20:56:17.0965 2232 i8042prt - ok 20:56:18.0012 2232 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 20:56:18.0012 2232 iaStorV - ok 20:56:18.0059 2232 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 20:56:18.0074 2232 idsvc - ok 20:56:18.0308 2232 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 20:56:18.0355 2232 igfx - ok 20:56:18.0386 2232 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 20:56:18.0386 2232 iirsp - ok 20:56:18.0542 2232 [ A06EFD4965F8A3F97A8C9A291D032678 ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE 20:56:18.0542 2232 IJPLMSVC - ok 20:56:18.0605 2232 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 20:56:18.0620 2232 IKEEXT - ok 20:56:18.0636 2232 [ D485D3BD3E2179AA86853A182F70699F ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys 20:56:18.0636 2232 IntcHdmiAddService - ok 20:56:18.0667 2232 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 20:56:18.0667 2232 intelide - ok 20:56:18.0714 2232 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 20:56:18.0714 2232 intelppm - ok 20:56:18.0792 2232 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe 20:56:18.0792 2232 IntuitUpdateService - ok 20:56:18.0854 2232 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 20:56:18.0854 2232 IPBusEnum - ok 20:56:18.0886 2232 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:56:18.0886 2232 IpFilterDriver - ok 20:56:18.0917 2232 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 20:56:18.0917 2232 IPMIDRV - ok 20:56:18.0948 2232 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 20:56:18.0948 2232 IPNAT - ok 20:56:19.0026 2232 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 20:56:19.0042 2232 iPod Service - ok 20:56:19.0073 2232 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 20:56:19.0073 2232 IRENUM - ok 20:56:19.0088 2232 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 20:56:19.0088 2232 isapnp - ok 20:56:19.0104 2232 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 20:56:19.0120 2232 iScsiPrt - ok 20:56:19.0322 2232 [ 7DBAFE10C1B777305C80BEA42FBDA710 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys 20:56:19.0322 2232 k57nd60a - ok 20:56:19.0572 2232 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 20:56:19.0572 2232 kbdclass - ok 20:56:19.0759 2232 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 20:56:19.0759 2232 kbdhid - ok 20:56:19.0775 2232 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 20:56:19.0775 2232 KeyIso - ok 20:56:19.0790 2232 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 20:56:19.0806 2232 KSecDD - ok 20:56:19.0837 2232 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 20:56:19.0837 2232 KSecPkg - ok 20:56:19.0853 2232 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 20:56:19.0853 2232 ksthunk - ok 20:56:19.0900 2232 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 20:56:19.0900 2232 KtmRm - ok 20:56:19.0946 2232 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 20:56:19.0962 2232 LanmanServer - ok 20:56:19.0993 2232 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 20:56:19.0993 2232 LanmanWorkstation - ok 20:56:20.0180 2232 [ 3C879D04BB6466E2853C3155B635CC45 ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe 20:56:20.0212 2232 LeapFrog Connect Device Service - ok 20:56:20.0227 2232 [ 797289607A5EBF31353AA5EAD141F872 ] Leapfrog-USBLAN C:\Windows\system32\DRIVERS\btblan.sys 20:56:20.0243 2232 Leapfrog-USBLAN - ok 20:56:20.0258 2232 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 20:56:20.0258 2232 lltdio - ok 20:56:20.0305 2232 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 20:56:20.0321 2232 lltdsvc - ok 20:56:20.0336 2232 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 20:56:20.0336 2232 lmhosts - ok 20:56:20.0368 2232 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 20:56:20.0368 2232 LSI_FC - ok 20:56:20.0399 2232 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 20:56:20.0399 2232 LSI_SAS - ok 20:56:20.0414 2232 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 20:56:20.0414 2232 LSI_SAS2 - ok 20:56:20.0430 2232 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 20:56:20.0430 2232 LSI_SCSI - ok 20:56:20.0461 2232 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 20:56:20.0461 2232 luafv - ok 20:56:20.0492 2232 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 20:56:20.0492 2232 Mcx2Svc - ok 20:56:20.0508 2232 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 20:56:20.0508 2232 megasas - ok 20:56:20.0555 2232 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 20:56:20.0555 2232 MegaSR - ok 20:56:20.0570 2232 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 20:56:20.0570 2232 MMCSS - ok 20:56:20.0602 2232 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 20:56:20.0602 2232 Modem - ok 20:56:20.0633 2232 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 20:56:20.0633 2232 monitor - ok 20:56:20.0664 2232 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 20:56:20.0664 2232 mouclass - ok 20:56:20.0680 2232 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 20:56:20.0680 2232 mouhid - ok 20:56:20.0711 2232 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 20:56:20.0711 2232 mountmgr - ok 20:56:20.0742 2232 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 20:56:20.0742 2232 mpio - ok 20:56:20.0758 2232 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 20:56:20.0758 2232 mpsdrv - ok 20:56:20.0789 2232 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 20:56:20.0789 2232 MRxDAV - ok 20:56:20.0836 2232 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 20:56:20.0836 2232 mrxsmb - ok 20:56:20.0867 2232 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:56:20.0882 2232 mrxsmb10 - ok 20:56:20.0898 2232 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:56:20.0898 2232 mrxsmb20 - ok 20:56:20.0914 2232 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 20:56:20.0914 2232 msahci - ok 20:56:20.0929 2232 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 20:56:20.0929 2232 msdsm - ok 20:56:20.0960 2232 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 20:56:20.0960 2232 MSDTC - ok 20:56:20.0992 2232 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 20:56:20.0992 2232 Msfs - ok 20:56:21.0007 2232 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 20:56:21.0007 2232 mshidkmdf - ok 20:56:21.0023 2232 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 20:56:21.0023 2232 msisadrv - ok 20:56:21.0054 2232 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 20:56:21.0054 2232 MSiSCSI - ok 20:56:21.0070 2232 msiserver - ok 20:56:21.0101 2232 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 20:56:21.0101 2232 MSKSSRV - ok 20:56:21.0116 2232 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 20:56:21.0116 2232 MSPCLOCK - ok 20:56:21.0116 2232 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 20:56:21.0116 2232 MSPQM - ok 20:56:21.0163 2232 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 20:56:21.0163 2232 MsRPC - ok 20:56:21.0194 2232 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 20:56:21.0194 2232 mssmbios - ok 20:56:21.0194 2232 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 20:56:21.0194 2232 MSTEE - ok 20:56:21.0226 2232 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 20:56:21.0226 2232 MTConfig - ok 20:56:21.0257 2232 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 20:56:21.0257 2232 Mup - ok 20:56:21.0288 2232 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 20:56:21.0304 2232 napagent - ok 20:56:21.0350 2232 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 20:56:21.0350 2232 NativeWifiP - ok 20:56:21.0413 2232 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 20:56:21.0428 2232 NDIS - ok 20:56:21.0428 2232 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 20:56:21.0428 2232 NdisCap - ok 20:56:21.0475 2232 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 20:56:21.0475 2232 NdisTapi - ok 20:56:21.0506 2232 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 20:56:21.0506 2232 Ndisuio - ok 20:56:21.0538 2232 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 20:56:21.0538 2232 NdisWan - ok 20:56:21.0569 2232 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 20:56:21.0569 2232 NDProxy - ok 20:56:21.0584 2232 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 20:56:21.0584 2232 NetBIOS - ok 20:56:21.0616 2232 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 20:56:21.0616 2232 NetBT - ok 20:56:21.0631 2232 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 20:56:21.0631 2232 Netlogon - ok 20:56:21.0678 2232 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 20:56:21.0678 2232 Netman - ok 20:56:21.0709 2232 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 20:56:21.0709 2232 netprofm - ok 20:56:21.0740 2232 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:56:21.0740 2232 NetTcpPortSharing - ok 20:56:21.0881 2232 [ 705283C02177809CA9FA7CC58A4F1E77 ] NETw5v64 C:\Windows\system32\DRIVERS\NETw5v64.sys 20:56:21.0928 2232 NETw5v64 - ok 20:56:21.0959 2232 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 20:56:21.0959 2232 nfrd960 - ok 20:56:22.0006 2232 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 20:56:22.0006 2232 NlaSvc - ok 20:56:22.0052 2232 [ 510755C17F4AA13605412961F58884B5 ] NovaShieldFilterDriver C:\Windows\system32\DRIVERS\NSKernel.sys 20:56:22.0052 2232 NovaShieldFilterDriver - ok 20:56:22.0099 2232 [ 440469E8505744CCAA3BA294306258AE ] NovaShieldTDIDriver C:\Windows\system32\DRIVERS\NSNetmon.sys 20:56:22.0099 2232 NovaShieldTDIDriver - ok 20:56:22.0115 2232 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 20:56:22.0115 2232 Npfs - ok 20:56:22.0130 2232 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 20:56:22.0146 2232 nsi - ok 20:56:22.0162 2232 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 20:56:22.0162 2232 nsiproxy - ok 20:56:22.0224 2232 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 20:56:22.0240 2232 Ntfs - ok 20:56:22.0255 2232 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 20:56:22.0255 2232 Null - ok 20:56:22.0302 2232 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 20:56:22.0302 2232 nvraid - ok 20:56:22.0318 2232 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 20:56:22.0318 2232 nvstor - ok 20:56:22.0333 2232 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 20:56:22.0333 2232 nv_agp - ok 20:56:22.0396 2232 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 20:56:22.0396 2232 odserv - ok 20:56:22.0442 2232 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 20:56:22.0442 2232 ohci1394 - ok 20:56:22.0474 2232 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:56:22.0474 2232 ose - ok 20:56:22.0505 2232 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 20:56:22.0520 2232 p2pimsvc - ok 20:56:22.0536 2232 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 20:56:22.0552 2232 p2psvc - ok 20:56:22.0567 2232 [ 99E6AA0AE2D05389BA7F7DFF6866B569 ] Packet C:\Windows\system32\DRIVERS\packet.sys 20:56:22.0583 2232 Packet - ok 20:56:22.0614 2232 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 20:56:22.0614 2232 Parport - ok 20:56:22.0645 2232 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 20:56:22.0645 2232 partmgr - ok 20:56:22.0661 2232 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 20:56:22.0661 2232 PcaSvc - ok 20:56:22.0692 2232 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 20:56:22.0708 2232 pci - ok 20:56:22.0723 2232 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 20:56:22.0723 2232 pciide - ok 20:56:22.0723 2232 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 20:56:22.0739 2232 pcmcia - ok 20:56:22.0739 2232 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 20:56:22.0754 2232 pcw - ok 20:56:22.0770 2232 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 20:56:22.0786 2232 PEAUTH - ok 20:56:22.0879 2232 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 20:56:22.0879 2232 PerfHost - ok 20:56:22.0942 2232 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 20:56:22.0957 2232 pla - ok 20:56:23.0004 2232 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 20:56:23.0004 2232 PlugPlay - ok 20:56:23.0035 2232 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 20:56:23.0035 2232 PNRPAutoReg - ok 20:56:23.0051 2232 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 20:56:23.0066 2232 PNRPsvc - ok 20:56:23.0082 2232 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 20:56:23.0082 2232 PolicyAgent - ok 20:56:23.0129 2232 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 20:56:23.0129 2232 Power - ok 20:56:23.0176 2232 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 20:56:23.0176 2232 PptpMiniport - ok 20:56:23.0191 2232 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 20:56:23.0191 2232 Processor - ok 20:56:23.0222 2232 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 20:56:23.0222 2232 ProfSvc - ok 20:56:23.0238 2232 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 20:56:23.0238 2232 ProtectedStorage - ok 20:56:23.0285 2232 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 20:56:23.0285 2232 Psched - ok 20:56:23.0316 2232 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 20:56:23.0316 2232 PxHlpa64 - ok 20:56:23.0363 2232 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 20:56:23.0378 2232 ql2300 - ok 20:56:23.0394 2232 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 20:56:23.0394 2232 ql40xx - ok 20:56:23.0441 2232 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 20:56:23.0441 2232 QWAVE - ok 20:56:23.0456 2232 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 20:56:23.0456 2232 QWAVEdrv - ok 20:56:23.0472 2232 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 20:56:23.0472 2232 RasAcd - ok 20:56:23.0503 2232 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 20:56:23.0503 2232 RasAgileVpn - ok 20:56:23.0519 2232 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 20:56:23.0534 2232 RasAuto - ok 20:56:23.0550 2232 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 20:56:23.0550 2232 Rasl2tp - ok 20:56:23.0597 2232 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 20:56:23.0597 2232 RasMan - ok 20:56:23.0612 2232 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 20:56:23.0612 2232 RasPppoe - ok 20:56:23.0628 2232 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 20:56:23.0644 2232 RasSstp - ok 20:56:23.0676 2232 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 20:56:23.0676 2232 rdbss - ok 20:56:23.0691 2232 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 20:56:23.0691 2232 rdpbus - ok 20:56:23.0723 2232 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 20:56:23.0723 2232 RDPCDD - ok 20:56:23.0754 2232 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 20:56:23.0754 2232 RDPENCDD - ok 20:56:23.0769 2232 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 20:56:23.0769 2232 RDPREFMP - ok 20:56:23.0801 2232 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 20:56:23.0801 2232 RDPWD - ok 20:56:23.0847 2232 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 20:56:23.0847 2232 rdyboost - ok 20:56:23.0894 2232 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 20:56:23.0894 2232 RemoteAccess - ok 20:56:23.0925 2232 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 20:56:23.0925 2232 RemoteRegistry - ok 20:56:23.0957 2232 [ 6FAF5B04BEDC66D300D9D233B2D222F0 ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys 20:56:23.0957 2232 rimmptsk - ok 20:56:23.0988 2232 [ 67F50C31713106FD1B0F286F86AA2B2E ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys 20:56:23.0988 2232 rimsptsk - ok 20:56:24.0003 2232 [ 4D7EF3D46346EC4C58784DB964B365DE ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys 20:56:24.0003 2232 rismxdp - ok 20:56:24.0019 2232 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 20:56:24.0035 2232 RpcEptMapper - ok 20:56:24.0050 2232 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 20:56:24.0050 2232 RpcLocator - ok 20:56:24.0097 2232 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 20:56:24.0097 2232 RpcSs - ok 20:56:24.0144 2232 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 20:56:24.0144 2232 rspndr - ok 20:56:24.0159 2232 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 20:56:24.0159 2232 SamSs - ok 20:56:24.0191 2232 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 20:56:24.0191 2232 sbp2port - ok 20:56:24.0206 2232 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 20:56:24.0222 2232 SCardSvr - ok 20:56:24.0253 2232 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 20:56:24.0253 2232 scfilter - ok 20:56:24.0284 2232 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 20:56:24.0300 2232 Schedule - ok 20:56:24.0315 2232 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 20:56:24.0315 2232 SCPolicySvc - ok 20:56:24.0378 2232 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys 20:56:24.0378 2232 sdbus - ok 20:56:24.0393 2232 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 20:56:24.0393 2232 SDRSVC - ok 20:56:24.0425 2232 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 20:56:24.0425 2232 secdrv - ok 20:56:24.0456 2232 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 20:56:24.0471 2232 seclogon - ok 20:56:24.0487 2232 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll 20:56:24.0503 2232 SENS - ok 20:56:24.0518 2232 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 20:56:24.0518 2232 SensrSvc - ok 20:56:24.0534 2232 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 20:56:24.0534 2232 Serenum - ok 20:56:24.0534 2232 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 20:56:24.0549 2232 Serial - ok 20:56:24.0549 2232 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 20:56:24.0549 2232 sermouse - ok 20:56:24.0612 2232 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 20:56:24.0612 2232 SessionEnv - ok 20:56:24.0627 2232 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys 20:56:24.0627 2232 sffdisk - ok 20:56:24.0643 2232 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 20:56:24.0643 2232 sffp_mmc - ok 20:56:24.0659 2232 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys 20:56:24.0659 2232 sffp_sd - ok 20:56:24.0674 2232 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 20:56:24.0690 2232 sfloppy - ok 20:56:24.0752 2232 [ 7F475425582163602EF1589C0071E521 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE 20:56:24.0768 2232 SftService - ok 20:56:24.0830 2232 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 20:56:24.0846 2232 SharedAccess - ok 20:56:24.0877 2232 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 20:56:24.0877 2232 ShellHWDetection - ok 20:56:24.0893 2232 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 20:56:24.0893 2232 SiSRaid2 - ok 20:56:24.0908 2232 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 20:56:24.0908 2232 SiSRaid4 - ok 20:56:24.0924 2232 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 20:56:24.0924 2232 Smb - ok 20:56:24.0971 2232 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 20:56:24.0971 2232 SNMPTRAP - ok 20:56:25.0002 2232 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 20:56:25.0002 2232 spldr - ok 20:56:25.0033 2232 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 20:56:25.0049 2232 Spooler - ok 20:56:25.0142 2232 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 20:56:25.0173 2232 sppsvc - ok 20:56:25.0189 2232 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 20:56:25.0205 2232 sppuinotify - ok 20:56:25.0236 2232 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 20:56:25.0236 2232 srv - ok 20:56:25.0251 2232 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 20:56:25.0251 2232 srv2 - ok 20:56:25.0267 2232 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 20:56:25.0267 2232 srvnet - ok 20:56:25.0314 2232 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 20:56:25.0314 2232 SSDPSRV - ok 20:56:25.0329 2232 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 20:56:25.0329 2232 SstpSvc - ok 20:56:25.0439 2232 [ 444109453A2B87E6C16BCDA5953E81A9 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe 20:56:25.0439 2232 STacSV - ok 20:56:25.0454 2232 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 20:56:25.0454 2232 stexstor - ok 20:56:25.0517 2232 [ 02E784FA49032F84964DB90A3ED81890 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys 20:56:25.0517 2232 STHDA - ok 20:56:25.0579 2232 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 20:56:25.0579 2232 stisvc - ok 20:56:25.0610 2232 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 20:56:25.0610 2232 swenum - ok 20:56:25.0641 2232 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 20:56:25.0657 2232 swprv - ok 20:56:25.0688 2232 [ 1657B7442D5CE30533F5C4317716B468 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 20:56:25.0688 2232 SynTP - ok 20:56:25.0751 2232 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 20:56:25.0766 2232 SysMain - ok 20:56:25.0797 2232 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 20:56:25.0797 2232 TabletInputService - ok 20:56:25.0813 2232 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 20:56:25.0829 2232 TapiSrv - ok 20:56:25.0844 2232 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 20:56:25.0844 2232 TBS - ok 20:56:25.0907 2232 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 20:56:25.0922 2232 Tcpip - ok 20:56:25.0985 2232 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 20:56:26.0000 2232 TCPIP6 - ok 20:56:26.0047 2232 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 20:56:26.0047 2232 tcpipreg - ok 20:56:26.0078 2232 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 20:56:26.0078 2232 TDPIPE - ok 20:56:26.0109 2232 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 20:56:26.0109 2232 TDTCP - ok 20:56:26.0141 2232 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 20:56:26.0141 2232 tdx - ok 20:56:26.0172 2232 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 20:56:26.0172 2232 TermDD - ok 20:56:26.0203 2232 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 20:56:26.0203 2232 TermService - ok 20:56:26.0234 2232 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 20:56:26.0234 2232 Themes - ok 20:56:26.0265 2232 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 20:56:26.0265 2232 THREADORDER - ok 20:56:26.0281 2232 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 20:56:26.0281 2232 TrkWks - ok 20:56:26.0343 2232 [ D5F502C6B2E4FA6B125C01448E7A01AB ] Trufos C:\Windows\system32\DRIVERS\Trufos.sys 20:56:26.0359 2232 Trufos - ok 20:56:26.0390 2232 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 20:56:26.0406 2232 TrustedInstaller - ok 20:56:26.0624 2232 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 20:56:26.0624 2232 tssecsrv - ok 20:56:26.0671 2232 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 20:56:26.0671 2232 TsUsbFlt - ok 20:56:26.0733 2232 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 20:56:26.0733 2232 tunnel - ok 20:56:26.0749 2232 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 20:56:26.0749 2232 uagp35 - ok 20:56:26.0780 2232 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 20:56:26.0780 2232 udfs - ok 20:56:26.0811 2232 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 20:56:26.0811 2232 UI0Detect - ok 20:56:26.0843 2232 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 20:56:26.0843 2232 uliagpkx - ok 20:56:26.0858 2232 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 20:56:26.0858 2232 umbus - ok 20:56:26.0874 2232 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 20:56:26.0874 2232 UmPass - ok 20:56:26.0889 2232 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 20:56:26.0905 2232 upnphost - ok 20:56:26.0952 2232 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 20:56:26.0952 2232 USBAAPL64 - ok 20:56:26.0999 2232 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 20:56:26.0999 2232 usbccgp - ok 20:56:27.0030 2232 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 20:56:27.0030 2232 usbcir - ok 20:56:27.0061 2232 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 20:56:27.0061 2232 usbehci - ok 20:56:27.0186 2232 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 20:56:27.0201 2232 usbhub - ok 20:56:27.0295 2232 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 20:56:27.0295 2232 usbohci - ok 20:56:27.0685 2232 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 20:56:27.0685 2232 usbprint - ok 20:56:28.0044 2232 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 20:56:28.0044 2232 usbscan - ok 20:56:28.0137 2232 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:56:28.0137 2232 USBSTOR - ok 20:56:28.0278 2232 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 20:56:28.0278 2232 usbuhci - ok 20:56:28.0777 2232 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 20:56:28.0777 2232 usbvideo - ok 20:56:28.0949 2232 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 20:56:28.0949 2232 UxSms - ok 20:56:29.0089 2232 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 20:56:29.0089 2232 VaultSvc - ok 20:56:29.0479 2232 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 20:56:29.0479 2232 vdrvroot - ok 20:56:30.0025 2232 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 20:56:30.0041 2232 vds - ok 20:56:30.0290 2232 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 20:56:30.0290 2232 vga - ok 20:56:30.0399 2232 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 20:56:30.0399 2232 VgaSave - ok 20:56:30.0649 2232 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 20:56:30.0649 2232 vhdmp - ok 20:56:30.0821 2232 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 20:56:30.0836 2232 viaide - ok 20:56:30.0977 2232 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 20:56:30.0977 2232 volmgr - ok 20:56:31.0335 2232 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 20:56:31.0351 2232 volmgrx - ok 20:56:31.0694 2232 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 20:56:31.0710 2232 volsnap - ok 20:56:31.0991 2232 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 20:56:31.0991 2232 vsmraid - ok 20:56:32.0817 2232 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 20:56:32.0833 2232 VSS - ok 20:56:32.0895 2232 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 20:56:32.0895 2232 vwifibus - ok 20:56:33.0145 2232 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 20:56:33.0161 2232 W32Time - ok 20:56:33.0176 2232 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 20:56:33.0176 2232 WacomPen - ok 20:56:33.0207 2232 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 20:56:33.0207 2232 WANARP - ok 20:56:33.0207 2232 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 20:56:33.0207 2232 Wanarpv6 - ok 20:56:33.0410 2232 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 20:56:33.0426 2232 WatAdminSvc - ok 20:56:33.0473 2232 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 20:56:33.0488 2232 wbengine - ok 20:56:33.0504 2232 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 20:56:33.0504 2232 WbioSrvc - ok 20:56:33.0551 2232 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 20:56:33.0551 2232 wcncsvc - ok 20:56:33.0566 2232 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 20:56:33.0582 2232 WcsPlugInService - ok 20:56:33.0582 2232 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 20:56:33.0582 2232 Wd - ok 20:56:33.0629 2232 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 20:56:33.0644 2232 Wdf01000 - ok 20:56:33.0660 2232 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 20:56:33.0660 2232 WdiServiceHost - ok 20:56:33.0675 2232 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 20:56:33.0675 2232 WdiSystemHost - ok 20:56:33.0707 2232 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 20:56:33.0707 2232 WebClient - ok 20:56:33.0738 2232 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 20:56:33.0738 2232 Wecsvc - ok 20:56:33.0753 2232 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 20:56:33.0753 2232 wercplsupport - ok 20:56:33.0785 2232 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 20:56:33.0785 2232 WerSvc - ok 20:56:33.0816 2232 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 20:56:33.0816 2232 WfpLwf - ok 20:56:33.0847 2232 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys 20:56:33.0847 2232 WimFltr - ok 20:56:33.0863 2232 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 20:56:33.0863 2232 WIMMount - ok 20:56:33.0894 2232 WinDefend - ok 20:56:33.0909 2232 WinHttpAutoProxySvc - ok 20:56:33.0972 2232 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 20:56:33.0972 2232 Winmgmt - ok 20:56:34.0034 2232 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 20:56:34.0065 2232 WinRM - ok 20:56:34.0112 2232 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 20:56:34.0128 2232 WinUsb - ok 20:56:34.0159 2232 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 20:56:34.0175 2232 Wlansvc - ok 20:56:34.0268 2232 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 20:56:34.0268 2232 wlcrasvc - ok 20:56:34.0346 2232 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 20:56:34.0377 2232 wlidsvc - ok 20:56:34.0814 2232 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 20:56:34.0814 2232 WmiAcpi - ok 20:56:34.0845 2232 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 20:56:34.0845 2232 wmiApSrv - ok 20:56:34.0877 2232 WMPNetworkSvc - ok 20:56:34.0892 2232 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 20:56:34.0892 2232 WPCSvc - ok 20:56:34.0923 2232 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 20:56:34.0923 2232 WPDBusEnum - ok 20:56:34.0939 2232 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 20:56:34.0955 2232 ws2ifsl - ok 20:56:35.0001 2232 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll 20:56:35.0001 2232 wscsvc - ok 20:56:35.0048 2232 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys 20:56:35.0048 2232 WSDPrintDevice - ok 20:56:35.0079 2232 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys 20:56:35.0079 2232 WSDScan - ok 20:56:35.0095 2232 WSearch - ok 20:56:35.0828 2232 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 20:56:35.0859 2232 wuauserv - ok 20:56:35.0922 2232 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 20:56:35.0937 2232 WudfPf - ok 20:56:35.0969 2232 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 20:56:35.0969 2232 WUDFRd - ok 20:56:36.0000 2232 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 20:56:36.0000 2232 wudfsvc - ok 20:56:36.0015 2232 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 20:56:36.0031 2232 WwanSvc - ok 20:56:36.0047 2232 ================ Scan global =============================== 20:56:36.0062 2232 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 20:56:36.0093 2232 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 20:56:36.0125 2232 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 20:56:36.0140 2232 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 20:56:36.0171 2232 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 20:56:36.0187 2232 [Global] - ok 20:56:36.0187 2232 ================ Scan MBR ================================== 20:56:36.0203 2232 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 20:56:36.0515 2232 \Device\Harddisk0\DR0 - ok 20:56:36.0515 2232 ================ Scan VBR ================================== 20:56:36.0530 2232 [ 3C9D1AB1271C15AADA5E9DEA1B8B82C4 ] \Device\Harddisk0\DR0\Partition1 20:56:36.0530 2232 \Device\Harddisk0\DR0\Partition1 - ok 20:56:36.0546 2232 [ ADEFE7A19A4823C01E31BBE507BCE255 ] \Device\Harddisk0\DR0\Partition2 20:56:36.0546 2232 \Device\Harddisk0\DR0\Partition2 - ok 20:56:36.0546 2232 ============================================================ 20:56:36.0546 2232 Scan finished 20:56:36.0546 2232 ============================================================ 20:56:36.0561 0856 Detected object count: 0 20:56:36.0561 0856 Actual detected object count: 0 aswMBR Results: aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-11-22 20:59:35 ----------------------------- 20:59:35.779 OS Version: Windows x64 6.1.7601 Service Pack 1 20:59:35.779 Number of processors: 2 586 0x170A 20:59:35.779 ComputerName: PERDEW UserName: 20:59:37.199 Initialize success 21:02:48.845 AVAST engine defs: 12112201 21:03:07.425 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 21:03:07.425 Disk 0 Vendor: ST9500420ASG 0004SDM1 Size: 476940MB BusType: 11 21:03:07.440 Disk 0 MBR read successfully 21:03:07.440 Disk 0 MBR scan 21:03:07.456 Disk 0 Windows VISTA default MBR code 21:03:07.456 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63 21:03:07.456 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325 21:03:07.472 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461899 MB offset 30800325 21:03:07.487 Disk 0 scanning C:\Windows\system32\drivers 21:03:20.482 Service scanning 21:03:45.380 Modules scanning 21:03:45.380 Disk 0 trace - called modules: 21:03:45.427 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 21:03:45.442 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c17060] 21:03:45.442 3 CLASSPNP.SYS[fffff880019a543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046a7060] 21:03:49.202 AVAST engine scan C:\Windows 21:03:52.774 AVAST engine scan C:\Windows\system32 21:08:11.111 AVAST engine scan C:\Windows\system32\drivers 21:08:26.102 AVAST engine scan C:\Users\Felicia Perdew 21:21:11.896 AVAST engine scan C:\ProgramData 21:24:08.194 Scan finished successfully 21:24:57.693 Disk 0 MBR has been saved successfully to "C:\Users\Felicia Perdew\Desktop\MBR.dat" 21:24:57.708 The log file has been saved successfully to "C:\Users\Felicia Perdew\Desktop\aswMBR.txt"
Trojan - svchost Need help removing virus

bballin514 replied to bballin514's topic in Resolved Malware Removal Logs

Ran in Safe Mode, computer never shut down after completed combofix. below is the log results: ComboFix 12-11-21.01 - Felicia Perdew 11/22/2012 12:07:55.2.2 - x64 MINIMAL Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4029.2975 [GMT -5:00] Running from: c:\users\Felicia Perdew\Desktop\ComboFix.exe AV: BullGuard Antivirus *Disabled/Outdated* {C3CCAC61-52F7-A056-1860-6406566E2578} FW: BullGuard Firewall *Disabled* {FBF72D44-1898-A10E-333F-CD33A8BD6203} SP: BullGuard Antispyware *Disabled/Outdated* {78AD4D85-74CD-AFD8-22D0-5F742DE96FC5} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\programdata\PCDr\6032\AddOnDownloaded\087abda5-3ca9-433a-8a4e-6b9fc9285607.dll c:\programdata\PCDr\6032\AddOnDownloaded\21eb1c2f-b0d8-40e6-96dd-163437759b68.dll c:\programdata\PCDr\6032\AddOnDownloaded\2f733848-355c-4a6f-89a5-08a4dcc89c5c.dll c:\programdata\PCDr\6032\AddOnDownloaded\35445406-e7ed-4a0e-9922-45505e71594b.dll c:\programdata\PCDr\6032\AddOnDownloaded\358ba71b-117f-40d5-95aa-57de622719b7.dll c:\programdata\PCDr\6032\AddOnDownloaded\3b429c4f-8ba9-4a7d-bbb4-4548bb6d2539.dll c:\programdata\PCDr\6032\AddOnDownloaded\3c49c05a-0eb3-4044-a0f8-d4ea2a439295.dll c:\programdata\PCDr\6032\AddOnDownloaded\3d656744-60b2-4576-8124-a39729f8b522.dll c:\programdata\PCDr\6032\AddOnDownloaded\4704833a-6508-40cc-b98b-5ebd235e52ca.dll c:\programdata\PCDr\6032\AddOnDownloaded\489f121a-4538-4839-9d1d-3c48e590be59.dll c:\programdata\PCDr\6032\AddOnDownloaded\4f64943e-d62a-4f2e-a3cd-98fb91e30469.dll c:\programdata\PCDr\6032\AddOnDownloaded\59bb1a7b-2122-4c71-82b0-30bee96f063e.dll c:\programdata\PCDr\6032\AddOnDownloaded\5cd81d7c-326c-42d2-8929-1ee85c69dc1d.dll c:\programdata\PCDr\6032\AddOnDownloaded\5f169f6e-cfce-411e-b266-aa53ac35ce83.dll c:\programdata\PCDr\6032\AddOnDownloaded\7119bf4b-d404-4b31-8779-44fac71761fa.dll c:\programdata\PCDr\6032\AddOnDownloaded\72f0dc20-5af7-4221-9657-442597ce030b.dll c:\programdata\PCDr\6032\AddOnDownloaded\75c8751b-fcad-4846-80ce-3a2efec60612.dll c:\programdata\PCDr\6032\AddOnDownloaded\8c199aef-9eca-4ab6-863d-c9136ebec654.dll c:\programdata\PCDr\6032\AddOnDownloaded\a7201707-7895-43cf-9119-8a0279b75d4c.dll c:\programdata\PCDr\6032\AddOnDownloaded\b510dd11-341c-4dfa-9f1e-dd5ddcc444f4.dll c:\programdata\PCDr\6032\AddOnDownloaded\cf9bce06-e765-4c6f-afa9-0d82a3adc417.dll c:\programdata\PCDr\6032\AddOnDownloaded\d3ef65ec-842a-4640-b428-aca2f4a966e6.dll c:\programdata\PCDr\6032\AddOnDownloaded\d78fa15b-2d61-4303-adaa-edec9ebbb2b3.dll c:\programdata\PCDr\6032\AddOnDownloaded\dbecb802-efe1-453f-828f-29af4ab73508.dll c:\programdata\PCDr\6032\AddOnDownloaded\e1ce76af-328a-41dc-b2c4-0dd9771f6aa1.dll c:\programdata\PCDr\6032\AddOnDownloaded\e3e252fe-80ab-4f89-82a9-b607007220bd.dll c:\programdata\PCDr\6032\AddOnDownloaded\eb115e4d-8592-4082-bffa-e65ae6b21e95.dll c:\programdata\PCDr\6032\AddOnDownloaded\ed26c1b3-d9f9-42e8-80e0-cd62e65fd901.dll c:\programdata\PCDr\6032\AddOnDownloaded\f28ef68b-8cc4-4c00-891d-473fb67bd0b0.dll c:\programdata\Softomotive\WinAutomation\Compiled Jobs\9e187b56-9528-4822-9cbe-3eb15f51d1c3.dll c:\users\Felicia Perdew\AppData\Roaming\Microsoft\Windows\Recent\Macro Recorder.appref-ms c:\windows\Downloaded Program Files\popcaploader.inf c:\windows\svchost.exe . . ((((((((((((((((((((((((( Files Created from 2012-10-22 to 2012-11-22 ))))))))))))))))))))))))))))))) . . 2012-11-22 17:17 . 2012-11-22 17:17 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp 2012-11-22 17:17 . 2012-11-22 17:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-18 03:43 . 2012-06-07 00:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-11-18 03:43 . 2012-06-07 00:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-11-18 03:43 . 2012-06-07 00:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-11-18 03:43 . 2012-06-07 00:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-11-18 03:43 . 2012-06-07 00:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-11-18 03:43 . 2012-06-07 00:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-11-18 03:43 . 2012-06-07 00:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-11-16 02:15 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-11-16 02:15 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2012-11-16 02:15 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-11-16 02:15 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-11-16 02:15 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-11-16 02:14 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll 2012-11-16 02:14 . 2012-10-03 16:42 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll 2012-11-16 02:14 . 2012-10-03 16:42 156672 ----a-w- c:\windows\SysWow64\ncsi.dll 2012-11-16 02:14 . 2012-01-13 07:12 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll 2012-11-16 02:14 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-11-16 02:14 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll 2012-11-16 02:14 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll 2012-11-16 02:14 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll 2012-11-16 02:14 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll 2012-11-16 02:14 . 2012-10-03 17:44 246272 ----a-w- c:\windows\system32\netcorehc.dll 2012-11-16 02:14 . 2012-10-03 17:42 569344 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-11-16 02:14 . 2012-10-03 16:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2012-11-16 02:12 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-16 02:12 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-16 02:00 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-16 02:00 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-16 02:00 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-16 02:00 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-16 01:40 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-16 01:40 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-16 01:40 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-16 01:40 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-16 01:40 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-16 01:40 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-16 01:40 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-10-24 23:09 . 2012-10-25 11:02 -------- d-----w- c:\program files (x86)\ReMouse Micro 2012-10-24 22:57 . 2012-10-24 23:10 -------- d-----w- c:\program files (x86)\GhostMouse 2012-10-24 22:54 . 2012-10-24 22:54 -------- d-----w- c:\users\Felicia Perdew\AppData\Local\Zoom_Downloader 2012-10-24 22:53 . 2012-10-24 22:53 -------- d-----w- c:\program files (x86)\SaveValet 2012-10-24 22:25 . 2012-10-24 22:25 -------- d-----w- c:\users\Felicia Perdew\AppData\Local\Softomotive 2012-10-24 22:24 . 2012-10-24 22:24 -------- d-----w- c:\programdata\Softomotive . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-18 03:33 . 2010-11-30 21:27 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2012-11-18 02:30 . 2010-11-07 18:41 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-11-18 02:27 . 2010-11-07 18:40 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-11-18 02:27 . 2010-11-30 21:27 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-11-16 01:42 . 2010-02-01 18:08 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-09 00:25 . 2012-05-14 01:29 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-09 00:25 . 2012-05-14 01:29 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-09-14 19:19 . 2012-10-10 23:12 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 23:12 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-10 23:13 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-10 23:13 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 23:13 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12 . 2012-10-10 23:13 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-28 00:33 . 2012-08-28 00:34 111064 ----a-w- c:\windows\system32\BgGamingMonitor.dll 2012-08-28 00:33 . 2012-08-28 00:34 100216 ----a-w- c:\windows\SysWow64\BgGamingMonitor.dll 2012-08-24 18:05 . 2012-10-10 23:12 220160 ----a-w- c:\windows\system32\wintrust.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Felicia Perdew\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Felicia Perdew\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Felicia Perdew\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280] "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-09-10 59280] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280] "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-05-12 300472] "Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-09-17 165104] "STToasterLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe" [2009-09-17 120048] . c:\users\Felicia Perdew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R1 AFW;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [2012-06-15 38528] R1 BdSpy;BdSpy;c:\windows\system32\DRIVERS\BdSpy.sys [2012-06-15 66272] R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 87600] R1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\DRIVERS\NSKernel.sys [2012-06-15 256072] R1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\DRIVERS\NSNetmon.sys [2012-06-15 25160] R2 Apache2.2;Remote Access Media Server;c:\program files (x86)\Common Files\Dell\apache\bin\httpd.exe [2008-12-10 24636] R2 BsBackup;BullGuard backup service;c:\windows\System32\SvcHost.exe [2009-07-14 27136] R2 BsBhvScan;BullGuard Behavioural Detection;c:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [2012-08-28 368480] R2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe [2009-07-14 27136] R2 BsFire;BullGuard firewall service;c:\windows\System32\SvcHost.exe [2009-07-14 27136] R2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe [2009-07-14 27136] R2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [2012-08-28 379744] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2010-01-11 155648] R2 dsl-db;Remote Access DB;c:\program files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe [2009-06-11 5730304] R2 dsl-fs-sync;Remote Access File Sync Service;c:\program files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-07-21 189680] R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-09-17 656624] R3 afwcore;afwcore;c:\windows\system32\DRIVERS\afwcore.sys [2012-06-15 445568] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848] R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [2011-11-12 40320] R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [2009-05-14 5435904] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1255736] R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe [2009-07-14 27136] S2 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [2012-08-28 201056] . . Contents of the 'Scheduled Tasks' folder . 2012-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 00:25] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Felicia Perdew\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Felicia Perdew\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Felicia Perdew\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Felicia Perdew\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 2185032] "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html LSP: c:\windows\system32\BGLsp.dll Trusted Zone: blank Trusted Zone: intuit.com\ttlc Trusted Zone: netflix.com\www Trusted Zone: nisourceapps.com\new Trusted Zone: security_WinAutomation.Console.exe TCP: DhcpNameServer = 192.168.1.1 208.180.42.68 208.180.42.100 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-sl-adk - c:\program files (x86)\OApps\sl-adk_uninstall.exe AddRemove-{67F5E390-8E09-4AE4-B7F2-705AFD23D86D} - c:\programdata\{5F28F5B3-12D6-446F-9E1C-EAE237A576B3}\WinAutomationSetup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e, 71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,38,12,74,86,a7, 23,35,7c,cc,00,c6,51,fd,ca,fb,3f,27,bf "{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96, 33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd "{517E0D3E-17A4-4592-926E-A082DB43B7D3}"=hex:51,66,7a,6c,4c,1d,38,12,50,0e,6d, 55,96,59,fc,00,ed,78,e3,c2,de,1d,f3,c7 "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce, 9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27, 25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:50,47,84,67,5b,c4,cd,01 . [HKEY_USERS\S-1-5-21-2936985488-4110432098-3966030318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2936985488-4110432098-3966030318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-22 12:21:44 ComboFix-quarantined-files.txt 2012-11-22 17:21 . Pre-Run: 391,861,538,816 bytes free Post-Run: 391,935,561,728 bytes free . - - End Of File - - 2429C9751A3F5B9FDBB8CD574C96BF9F
Trojan - svchost Need help removing virus

bballin514 replied to bballin514's topic in Resolved Malware Removal Logs

I am unable to get the log from ComboFix. I am getting the "blue error screen" when I run it, and the computer shuts down prior to completing. Please advise Thanks
Trojan - svchost Need help removing virus

bballin514 replied to bballin514's topic in Resolved Malware Removal Logs

Security Check Results: Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! BullGuard Antivirus Antivirus out of date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.61.0.1400 Java 6 Update 30 Java version out of Date! Adobe Reader X (10.1.4) Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome plugins... ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log`````````````````````` AdwCleaner Results: # AdwCleaner v2.008 - Logfile created 11/22/2012 at 01:31:03 # Updated 17/11/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Felicia Perdew - PERDEW # Boot Mode : Normal # Running from : C:\Users\Felicia Perdew\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files (x86)\OApps Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\Trymedia Folder Deleted : C:\Users\Felicia Perdew\AppData\Local\APN Folder Deleted : C:\Users\Felicia Perdew\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\Felicia Perdew\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Felicia Perdew\AppData\LocalLow\Zynga ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Google Chrome v23.0.1271.64 File : C:\Users\Felicia Perdew\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [1467 octets] - [22/11/2012 01:31:03] ########## EOF - C:\AdwCleaner[s1].txt - [1527 octets] ########## RogueKiller Results: RogueKiller V8.3.1 [Nov 20 2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Felicia Perdew [Admin rights] Mode : Scan -- Date : 11/22/2012 01:35:28 ¤¤¤ Bad processes : 2 ¤¤¤ [sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc] [RESIDUE] Dropbox.exe -- C:\Users\Felicia Perdew\AppData\Roaming\Dropbox\bin\Dropbox.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 13 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\Felicia Perdew\AppData\Local\Google\Update\GoogleUpdate.exe" /c) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-2936985488-4110432098-3966030318-1000[...]\Run : Google Update ("C:\Users\Felicia Perdew\AppData\Local\Google\Update\GoogleUpdate.exe" /c) -> FOUND [TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2936985488-4110432098-3966030318-1000UA.job : C:\Users\Felicia Perdew\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler -> FOUND [TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2936985488-4110432098-3966030318-1000Core.job : C:\Users\Felicia Perdew\AppData\Local\Google\Update\GoogleUpdate.exe /c -> FOUND [TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2936985488-4110432098-3966030318-1000Core : C:\Users\Felicia Perdew\AppData\Local\Google\Update\GoogleUpdate.exe /c -> FOUND [TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2936985488-4110432098-3966030318-1000UA : C:\Users\Felicia Perdew\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler -> FOUND [sTARTUP][sUSP PATH] Dropbox.lnk @Felicia Perdew : C:\Users\Felicia Perdew\AppData\Roaming\Dropbox\bin\Dropbox.exe -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-18\$af0b7a94257196cc97a4eda243199580\n --> FOUND [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$af0b7a94257196cc97a4eda243199580\@ --> FOUND [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$af0b7a94257196cc97a4eda243199580\U --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$af0b7a94257196cc97a4eda243199580\L --> FOUND ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9500420ASG ATA Device +++++ --- User --- [MBR] 86a75e33d154787225285413b0f3009e [bSP] 0bcad53fa137fc1d64f454811d781f18 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 15000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30800325 | Size: 461899 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] 2eca466ddf045e4a81760aaec4749ab4 [bSP] 0bcad53fa137fc1d64f454811d781f18 : Windows Vista MBR Code Partition table: 1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 15000 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30800325 | Size: 461899 Mo Finished : << RKreport[1]_S_11222012_02d0135.txt >> RKreport[1]_S_11222012_02d0135.txt
Trojan - svchost Need help removing virus

bballin514 posted a topic in Resolved Malware Removal Logs

Please Help, Trojan.Agent (svchost.exe) Found attach.txt dds.txt
Trojan - svchost Need help removing virus

bballin514 replied to bballin514's topic in Malwarebytes for Windows Support Forum

SCAN LOG: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.21.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Felicia LAST:: LAST[administrator] 11/21/2012 8:12:34 PM mbam-log-2012-11-21 (20-12-34).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 443231 Time elapsed: 2 hour(s), 12 minute(s), 23 second(s) Memory Processes Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> 5404 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\Felicia LAST\Downloads\SetupGhostRecorder.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully. C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot. (end)
Trojan - svchost Need help removing virus

bballin514 posted a topic in Malwarebytes for Windows Support Forum

Ran Malwarebytes, found svchost virus- delete on reboot, but can't seem to get rid of it. Please help

Events

Profiles

Forums

Everything posted by bballin514

Important Information