dazvondon Posted April 9, 2012 ID:541055 Share Posted April 9, 2012 Hi, I would appreciate any guidance/advice that can be given. Nothing shows up when i run malware and McAfee but it takes an age for my laptop to boot up. I have problems with windows explorer and when i shut down i'm always told that there is a program that hasn't been closed . Where normally you would have the program icon or description there is nothing but i have to wait for something to be 'forced shut'. I also have 3 rundlll32.exe running. I know that they aren't proper files as i can't open their location from task manager and i'm told that i don't have authority to delete them even though i am the administrator.Attach.txtDDS.txtThanks in advance,Darren Link to post Share on other sites More sharing options...
Larusso Posted April 9, 2012 ID:541095 Share Posted April 9, 2012 Hymy name is Daniel and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.Download TDSSKiller.exe and save it to your desktopExecute TDSSKiller.exe by doubleclicking on it.Press Start ScanIf Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txtPlease post the contents of that log in your next reply. Link to post Share on other sites More sharing options...
dazvondon Posted April 9, 2012 Author ID:541116 Share Posted April 9, 2012 Hi Daniel, Here is the report.Thanks,Darren20:09:31.0661 10664 TDSS rootkit removing tool 2.7.27.0 Apr 9 2012 09:53:3720:09:33.0664 10664 ============================================================20:09:33.0664 10664 Current date / time: 2012/04/09 20:09:33.066420:09:33.0664 10664 SystemInfo:20:09:33.0664 10664 20:09:33.0664 10664 OS Version: 6.1.7601 ServicePack: 1.020:09:33.0664 10664 Product type: Workstation20:09:33.0664 10664 ComputerName: DIRTY-PC20:09:33.0664 10664 UserName: Dirty20:09:33.0664 10664 Windows directory: C:\Windows20:09:33.0664 10664 System windows directory: C:\Windows20:09:33.0665 10664 Running under WOW6420:09:33.0665 10664 Processor architecture: Intel x6420:09:33.0665 10664 Number of processors: 420:09:33.0665 10664 Page size: 0x100020:09:33.0665 10664 Boot type: Normal boot20:09:33.0665 10664 ============================================================20:09:34.0901 10664 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004020:09:34.0913 10664 \Device\Harddisk0\DR0:20:09:34.0914 10664 MBR used20:09:34.0914 10664 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C00020:09:34.0914 10664 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x38625E6B20:09:34.0940 10664 Initialize success20:09:34.0940 10664 ============================================================20:09:49.0463 7140 ============================================================20:09:49.0463 7140 Scan started20:09:49.0463 7140 Mode: Manual;20:09:49.0463 7140 ============================================================20:09:51.0496 7140 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys20:09:51.0500 7140 1394ohci - ok20:09:51.0573 7140 Acceler (c49c56b35bfc6cda8d1fdcad2885568f) C:\Windows\system32\DRIVERS\Acceler.sys20:09:51.0574 7140 Acceler - ok20:09:51.0628 7140 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys20:09:51.0636 7140 ACPI - ok20:09:51.0702 7140 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys20:09:51.0703 7140 AcpiPmi - ok20:09:51.0837 7140 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe20:09:51.0843 7140 AdobeFlashPlayerUpdateSvc - ok20:09:51.0891 7140 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys20:09:51.0898 7140 adp94xx - ok20:09:51.0952 7140 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys20:09:51.0957 7140 adpahci - ok20:09:52.0001 7140 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys20:09:52.0003 7140 adpu320 - ok20:09:52.0079 7140 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll20:09:52.0081 7140 AeLookupSvc - ok20:09:52.0231 7140 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe20:09:52.0331 7140 AESTFilters - ok20:09:52.0447 7140 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys20:09:52.0463 7140 AFD - ok20:09:52.0513 7140 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys20:09:52.0514 7140 agp440 - ok20:09:52.0586 7140 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe20:09:52.0595 7140 ALG - ok20:09:52.0653 7140 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys20:09:52.0654 7140 aliide - ok20:09:52.0744 7140 AMD External Events Utility (5989d711769200f0f3e145319250472b) C:\Windows\system32\atiesrxx.exe20:09:52.0815 7140 AMD External Events Utility - ok20:09:52.0846 7140 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys20:09:52.0846 7140 amdide - ok20:09:52.0927 7140 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys20:09:52.0928 7140 AmdK8 - ok20:09:52.0977 7140 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys20:09:52.0978 7140 AmdPPM - ok20:09:53.0021 7140 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys20:09:53.0022 7140 amdsata - ok20:09:53.0068 7140 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys20:09:53.0071 7140 amdsbs - ok20:09:53.0111 7140 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys20:09:53.0113 7140 amdxata - ok20:09:53.0213 7140 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys20:09:53.0214 7140 AppID - ok20:09:53.0294 7140 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll20:09:53.0302 7140 AppIDSvc - ok20:09:53.0366 7140 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll20:09:53.0368 7140 Appinfo - ok20:09:53.0537 7140 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe20:09:53.0540 7140 Apple Mobile Device - ok20:09:53.0627 7140 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys20:09:53.0628 7140 arc - ok20:09:53.0688 7140 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys20:09:53.0690 7140 arcsas - ok20:09:53.0748 7140 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys20:09:53.0749 7140 AsyncMac - ok20:09:53.0802 7140 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys20:09:53.0803 7140 atapi - ok20:09:53.0856 7140 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys20:09:53.0858 7140 AtiHdmiService - ok20:09:54.0006 7140 atikmdag (b5fb227a09a9ec28163fa4b45487c3c7) C:\Windows\system32\DRIVERS\atikmdag.sys20:09:54.0126 7140 atikmdag - ok20:09:54.0221 7140 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll20:09:54.0247 7140 AudioEndpointBuilder - ok20:09:54.0270 7140 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll20:09:54.0278 7140 AudioSrv - ok20:09:54.0358 7140 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll20:09:54.0406 7140 AxInstSV - ok20:09:54.0484 7140 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys20:09:54.0491 7140 b06bdrv - ok20:09:54.0547 7140 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys20:09:54.0551 7140 b57nd60a - ok20:09:54.0593 7140 BCM42RLY (5c0f919666954885d7760dffe4b29a25) C:\Windows\system32\drivers\BCM42RLY.sys20:09:54.0594 7140 BCM42RLY - ok20:09:54.0710 7140 BCM43XX (215dc2fd9cd0fd0bbd7905339779589e) C:\Windows\system32\DRIVERS\bcmwl664.sys20:09:54.0787 7140 BCM43XX - ok20:09:54.0899 7140 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll20:09:54.0909 7140 BDESVC - ok20:09:55.0010 7140 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys20:09:55.0011 7140 Beep - ok20:09:55.0109 7140 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll20:09:55.0134 7140 BFE - ok20:09:55.0218 7140 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll20:09:55.0362 7140 BITS - ok20:09:55.0420 7140 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys20:09:55.0421 7140 blbdrive - ok20:09:55.0542 7140 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe20:09:55.0549 7140 Bonjour Service - ok20:09:55.0606 7140 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys20:09:55.0609 7140 bowser - ok20:09:55.0645 7140 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys20:09:55.0646 7140 BrFiltLo - ok20:09:55.0686 7140 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys20:09:55.0687 7140 BrFiltUp - ok20:09:55.0796 7140 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll20:09:55.0800 7140 Browser - ok20:09:55.0843 7140 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys20:09:55.0848 7140 Brserid - ok20:09:55.0893 7140 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys20:09:55.0894 7140 BrSerWdm - ok20:09:55.0938 7140 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys20:09:55.0939 7140 BrUsbMdm - ok20:09:55.0985 7140 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys20:09:55.0986 7140 BrUsbSer - ok20:09:56.0031 7140 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys20:09:56.0033 7140 BTHMODEM - ok20:09:56.0123 7140 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll20:09:56.0134 7140 bthserv - ok20:09:56.0175 7140 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys20:09:56.0177 7140 cdfs - ok20:09:56.0237 7140 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys20:09:56.0239 7140 cdrom - ok20:09:56.0324 7140 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll20:09:56.0327 7140 CertPropSvc - ok20:09:56.0412 7140 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys20:09:56.0414 7140 cfwids - ok20:09:56.0501 7140 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys20:09:56.0502 7140 circlass - ok20:09:56.0594 7140 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys20:09:56.0602 7140 CLFS - ok20:09:56.0696 7140 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe20:09:56.0703 7140 clr_optimization_v2.0.50727_32 - ok20:09:56.0776 7140 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe20:09:56.0786 7140 clr_optimization_v2.0.50727_64 - ok20:09:56.0925 7140 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe20:09:56.0929 7140 clr_optimization_v4.0.30319_32 - ok20:09:56.0984 7140 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe20:09:56.0987 7140 clr_optimization_v4.0.30319_64 - ok20:09:57.0103 7140 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys20:09:57.0104 7140 CmBatt - ok20:09:57.0157 7140 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys20:09:57.0158 7140 cmdide - ok20:09:57.0256 7140 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys20:09:57.0273 7140 CNG - ok20:09:57.0344 7140 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys20:09:57.0346 7140 Compbatt - ok20:09:57.0403 7140 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys20:09:57.0404 7140 CompositeBus - ok20:09:57.0447 7140 COMSysApp - ok20:09:57.0514 7140 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys20:09:57.0515 7140 crcdisk - ok20:09:57.0592 7140 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll20:09:57.0642 7140 CryptSvc - ok20:09:57.0681 7140 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys20:09:57.0683 7140 CtClsFlt - ok20:09:57.0824 7140 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE20:09:57.0829 7140 cvhsvc - ok20:09:57.0880 7140 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll20:09:57.0903 7140 DcomLaunch - ok20:09:57.0973 7140 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll20:09:57.0981 7140 defragsvc - ok20:09:58.0054 7140 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys20:09:58.0057 7140 DfsC - ok20:09:58.0120 7140 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll20:09:58.0180 7140 Dhcp - ok20:09:58.0249 7140 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys20:09:58.0250 7140 discache - ok20:09:58.0307 7140 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys20:09:58.0312 7140 Disk - ok20:09:58.0385 7140 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll20:09:58.0390 7140 Dnscache - ok20:09:58.0537 7140 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe20:09:58.0540 7140 DockLoginService - ok20:09:58.0586 7140 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll20:09:58.0636 7140 dot3svc - ok20:09:58.0711 7140 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll20:09:58.0716 7140 DPS - ok20:09:58.0759 7140 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys20:09:58.0760 7140 drmkaud - ok20:09:58.0858 7140 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys20:09:58.0862 7140 dtsoftbus01 - ok20:09:58.0951 7140 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys20:09:58.0963 7140 DXGKrnl - ok20:09:59.0080 7140 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll20:09:59.0086 7140 EapHost - ok20:09:59.0214 7140 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys20:09:59.0250 7140 ebdrv - ok20:09:59.0345 7140 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe20:09:59.0348 7140 EFS - ok20:09:59.0441 7140 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe20:09:59.0534 7140 ehRecvr - ok20:09:59.0581 7140 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe20:09:59.0595 7140 ehSched - ok20:09:59.0654 7140 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys20:09:59.0667 7140 elxstor - ok20:09:59.0723 7140 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys20:09:59.0724 7140 ErrDev - ok20:09:59.0820 7140 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll20:09:59.0829 7140 EventSystem - ok20:09:59.0885 7140 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys20:09:59.0888 7140 exfat - ok20:09:59.0934 7140 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys20:09:59.0939 7140 fastfat - ok20:10:00.0019 7140 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe20:10:00.0045 7140 Fax - ok20:10:00.0083 7140 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys20:10:00.0084 7140 fdc - ok20:10:00.0158 7140 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll20:10:00.0166 7140 fdPHost - ok20:10:00.0201 7140 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll20:10:00.0206 7140 FDResPub - ok20:10:00.0250 7140 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys20:10:00.0253 7140 FileInfo - ok20:10:00.0291 7140 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys20:10:00.0292 7140 Filetrace - ok20:10:00.0330 7140 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys20:10:00.0331 7140 flpydisk - ok20:10:00.0402 7140 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys20:10:00.0408 7140 FltMgr - ok20:10:00.0498 7140 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll20:10:00.0602 7140 FontCache - ok20:10:00.0754 7140 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe20:10:00.0831 7140 FontCache3.0.0.0 - ok20:10:00.0878 7140 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys20:10:00.0879 7140 FsDepends - ok20:10:00.0925 7140 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys20:10:00.0929 7140 Fs_Rec - ok20:10:01.0008 7140 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys20:10:01.0014 7140 fvevol - ok20:10:01.0065 7140 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys20:10:01.0066 7140 gagp30kx - ok20:10:01.0122 7140 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys20:10:01.0123 7140 GEARAspiWDM - ok20:10:01.0241 7140 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe20:10:01.0243 7140 GoToAssist - ok20:10:01.0332 7140 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll20:10:01.0357 7140 gpsvc - ok20:10:01.0470 7140 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe20:10:01.0472 7140 gupdate - ok20:10:01.0500 7140 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe20:10:01.0502 7140 gupdatem - ok20:10:01.0576 7140 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys20:10:01.0577 7140 hcw85cir - ok20:10:01.0643 7140 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys20:10:01.0645 7140 HDAudBus - ok20:10:01.0682 7140 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys20:10:01.0684 7140 HECIx64 - ok20:10:01.0731 7140 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys20:10:01.0732 7140 HidBatt - ok20:10:01.0780 7140 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys20:10:01.0782 7140 HidBth - ok20:10:01.0828 7140 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys20:10:01.0829 7140 HidIr - ok20:10:01.0911 7140 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll20:10:01.0926 7140 hidserv - ok20:10:01.0987 7140 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys20:10:01.0988 7140 HidUsb - ok20:10:02.0061 7140 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll20:10:02.0065 7140 hkmsvc - ok20:10:02.0156 7140 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll20:10:02.0207 7140 HomeGroupListener - ok20:10:02.0247 7140 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll20:10:02.0296 7140 HomeGroupProvider - ok20:10:02.0363 7140 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys20:10:02.0364 7140 HpSAMD - ok20:10:02.0457 7140 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys20:10:02.0480 7140 HTTP - ok20:10:02.0531 7140 hwdatacard - ok20:10:02.0576 7140 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys20:10:02.0577 7140 hwpolicy - ok20:10:02.0651 7140 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys20:10:02.0653 7140 i8042prt - ok20:10:02.0702 7140 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys20:10:02.0708 7140 iaStorV - ok20:10:02.0815 7140 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe20:10:02.0908 7140 idsvc - ok20:10:02.0973 7140 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys20:10:02.0974 7140 iirsp - ok20:10:03.0066 7140 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll20:10:03.0090 7140 IKEEXT - ok20:10:03.0166 7140 InstallFilterService (fd5ef1d0210cb9c0773bba7ca360d762) C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe20:10:03.0168 7140 InstallFilterService - ok20:10:03.0221 7140 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys20:10:03.0222 7140 intelide - ok20:10:03.0272 7140 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys20:10:03.0275 7140 intelppm - ok20:10:03.0345 7140 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll20:10:03.0358 7140 IPBusEnum - ok20:10:03.0444 7140 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys20:10:03.0446 7140 IpFilterDriver - ok20:10:03.0532 7140 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll20:10:03.0553 7140 iphlpsvc - ok20:10:03.0595 7140 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys20:10:03.0597 7140 IPMIDRV - ok20:10:03.0644 7140 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys20:10:03.0647 7140 IPNAT - ok20:10:03.0764 7140 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe20:10:03.0789 7140 iPod Service - ok20:10:03.0835 7140 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys20:10:03.0836 7140 IRENUM - ok20:10:03.0877 7140 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys20:10:03.0878 7140 isapnp - ok20:10:03.0935 7140 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys20:10:03.0939 7140 iScsiPrt - ok20:10:03.0981 7140 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys20:10:03.0982 7140 kbdclass - ok20:10:04.0056 7140 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys20:10:04.0057 7140 kbdhid - ok20:10:04.0147 7140 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe20:10:04.0149 7140 KeyIso - ok20:10:04.0232 7140 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys20:10:04.0235 7140 KSecDD - ok20:10:04.0316 7140 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys20:10:04.0321 7140 KSecPkg - ok20:10:04.0385 7140 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys20:10:04.0386 7140 ksthunk - ok20:10:04.0452 7140 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll20:10:04.0499 7140 KtmRm - ok20:10:04.0579 7140 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll20:10:04.0588 7140 LanmanServer - ok20:10:04.0654 7140 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll20:10:04.0661 7140 LanmanWorkstation - ok20:10:04.0717 7140 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys20:10:04.0718 7140 lltdio - ok20:10:04.0805 7140 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll20:10:04.0820 7140 lltdsvc - ok20:10:04.0858 7140 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll20:10:04.0871 7140 lmhosts - ok20:10:04.0987 7140 LMS (7485fbcef9136f530953575e2977859d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe20:10:04.0991 7140 LMS - ok20:10:05.0047 7140 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys20:10:05.0049 7140 LSI_FC - ok20:10:05.0102 7140 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys20:10:05.0104 7140 LSI_SAS - ok20:10:05.0149 7140 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys20:10:05.0151 7140 LSI_SAS2 - ok20:10:05.0204 7140 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys20:10:05.0206 7140 LSI_SCSI - ok20:10:05.0261 7140 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys20:10:05.0264 7140 luafv - ok20:10:05.0364 7140 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys20:10:05.0367 7140 MBAMProtector - ok20:10:05.0442 7140 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe20:10:05.0450 7140 MBAMService - ok20:10:05.0568 7140 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe20:10:05.0572 7140 McAfee SiteAdvisor Service - ok20:10:05.0593 7140 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe20:10:05.0597 7140 McMPFSvc - ok20:10:05.0634 7140 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe20:10:05.0636 7140 mcmscsvc - ok20:10:05.0656 7140 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe20:10:05.0659 7140 McNaiAnn - ok20:10:05.0700 7140 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe20:10:05.0704 7140 McNASvc - ok20:10:05.0748 7140 McODS (07b89e7de2f7971cf7eef0262207c4de) C:\Program Files\McAfee\VirusScan\mcods.exe20:10:05.0765 7140 McODS - ok20:10:05.0791 7140 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe20:10:05.0794 7140 McProxy - ok20:10:05.0891 7140 McShield (325b166bf78d8a8ad93e44ca7a6fc332) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe20:10:05.0894 7140 McShield - ok20:10:06.0034 7140 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll20:10:06.0096 7140 Mcx2Svc - ok20:10:06.0168 7140 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys20:10:06.0169 7140 megasas - ok20:10:06.0214 7140 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys20:10:06.0218 7140 MegaSR - ok20:10:06.0311 7140 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys20:10:06.0314 7140 mfeapfk - ok20:10:06.0367 7140 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys20:10:06.0372 7140 mfeavfk - ok20:10:06.0422 7140 mfeavfk01 - ok20:10:06.0586 7140 mfefire (7d8fdc43972d059907e09ee4022f77e8) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe20:10:06.0590 7140 mfefire - ok20:10:06.0641 7140 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys20:10:06.0659 7140 mfefirek - ok20:10:06.0719 7140 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys20:10:06.0745 7140 mfehidk - ok20:10:06.0812 7140 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys20:10:06.0814 7140 mfenlfk - ok20:10:06.0866 7140 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys20:10:06.0868 7140 mferkdet - ok20:10:06.0964 7140 mfevtp (8a78905057308b084eaa29a9fe1b4f58) C:\Windows\system32\mfevtps.exe20:10:06.0969 7140 mfevtp - ok20:10:07.0014 7140 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys20:10:07.0021 7140 mfewfpk - ok20:10:07.0092 7140 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll20:10:07.0097 7140 MMCSS - ok20:10:07.0169 7140 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys20:10:07.0171 7140 Modem - ok20:10:07.0215 7140 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys20:10:07.0217 7140 monitor - ok20:10:07.0278 7140 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys20:10:07.0279 7140 mouclass - ok20:10:07.0329 7140 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys20:10:07.0330 7140 mouhid - ok20:10:07.0403 7140 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys20:10:07.0406 7140 mountmgr - ok20:10:07.0492 7140 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys20:10:07.0495 7140 mpio - ok20:10:07.0548 7140 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys20:10:07.0550 7140 mpsdrv - ok20:10:07.0636 7140 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll20:10:07.0648 7140 MpsSvc - ok20:10:07.0720 7140 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys20:10:07.0722 7140 MRxDAV - ok20:10:07.0792 7140 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys20:10:07.0796 7140 mrxsmb - ok20:10:07.0838 7140 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys20:10:07.0845 7140 mrxsmb10 - ok20:10:07.0887 7140 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys20:10:07.0891 7140 mrxsmb20 - ok20:10:07.0935 7140 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys20:10:07.0937 7140 msahci - ok20:10:07.0978 7140 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys20:10:07.0981 7140 msdsm - ok20:10:08.0053 7140 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe20:10:08.0067 7140 MSDTC - ok20:10:08.0148 7140 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys20:10:08.0150 7140 Msfs - ok20:10:08.0196 7140 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys20:10:08.0197 7140 mshidkmdf - ok20:10:08.0242 7140 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys20:10:08.0244 7140 msisadrv - ok20:10:08.0323 7140 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll20:10:08.0337 7140 MSiSCSI - ok20:10:08.0369 7140 msiserver - ok20:10:08.0465 7140 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe20:10:08.0468 7140 MSK80Service - ok20:10:08.0522 7140 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys20:10:08.0523 7140 MSKSSRV - ok20:10:08.0570 7140 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys20:10:08.0571 7140 MSPCLOCK - ok20:10:08.0653 7140 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys20:10:08.0654 7140 MSPQM - ok20:10:08.0878 7140 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys20:10:08.0920 7140 MsRPC - ok20:10:09.0007 7140 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys20:10:09.0008 7140 mssmbios - ok20:10:09.0046 7140 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys20:10:09.0047 7140 MSTEE - ok20:10:09.0090 7140 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys20:10:09.0091 7140 MTConfig - ok20:10:09.0136 7140 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys20:10:09.0138 7140 Mup - ok20:10:09.0211 7140 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll20:10:09.0232 7140 napagent - ok20:10:09.0325 7140 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys20:10:09.0330 7140 NativeWifiP - ok20:10:09.0392 7140 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys20:10:09.0417 7140 NDIS - ok20:10:09.0456 7140 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys20:10:09.0458 7140 NdisCap - ok20:10:09.0511 7140 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys20:10:09.0512 7140 NdisTapi - ok20:10:09.0555 7140 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys20:10:09.0557 7140 Ndisuio - ok20:10:09.0626 7140 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys20:10:09.0629 7140 NdisWan - ok20:10:09.0668 7140 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys20:10:09.0670 7140 NDProxy - ok20:10:09.0714 7140 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys20:10:09.0716 7140 NetBIOS - ok20:10:09.0796 7140 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys20:10:09.0801 7140 NetBT - ok20:10:09.0878 7140 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe20:10:09.0881 7140 Netlogon - ok20:10:09.0960 7140 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll20:10:09.0968 7140 Netman - ok20:10:10.0012 7140 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll20:10:10.0032 7140 netprofm - ok20:10:10.0163 7140 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe20:10:10.0173 7140 NetTcpPortSharing - ok20:10:10.0259 7140 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys20:10:10.0260 7140 nfrd960 - ok20:10:10.0348 7140 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll20:10:10.0356 7140 NlaSvc - ok20:10:10.0396 7140 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys20:10:10.0398 7140 Npfs - ok20:10:10.0464 7140 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll20:10:10.0468 7140 nsi - ok20:10:10.0506 7140 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys20:10:10.0507 7140 nsiproxy - ok20:10:10.0581 7140 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys20:10:10.0624 7140 Ntfs - ok20:10:10.0662 7140 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys20:10:10.0663 7140 Null - ok20:10:10.0714 7140 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys20:10:10.0717 7140 nvraid - ok20:10:10.0780 7140 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys20:10:10.0783 7140 nvstor - ok20:10:10.0860 7140 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys20:10:10.0861 7140 nv_agp - ok20:10:10.0918 7140 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys20:10:10.0919 7140 ohci1394 - ok20:10:11.0013 7140 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE20:10:11.0077 7140 ose - ok20:10:11.0256 7140 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE20:10:11.0489 7140 osppsvc - ok20:10:11.0613 7140 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll20:10:11.0620 7140 p2pimsvc - ok20:10:11.0669 7140 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll20:10:11.0697 7140 p2psvc - ok20:10:11.0777 7140 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys20:10:11.0779 7140 Parport - ok20:10:11.0860 7140 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys20:10:11.0863 7140 partmgr - ok20:10:11.0903 7140 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll20:10:11.0911 7140 PcaSvc - ok20:10:11.0974 7140 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys20:10:12.0039 7140 pci - ok20:10:12.0089 7140 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys20:10:12.0090 7140 pciide - ok20:10:12.0135 7140 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys20:10:12.0139 7140 pcmcia - ok20:10:12.0183 7140 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys20:10:12.0186 7140 pcw - ok20:10:12.0266 7140 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys20:10:12.0275 7140 PEAUTH - ok20:10:12.0392 7140 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe20:10:12.0398 7140 PerfHost - ok20:10:12.0508 7140 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll20:10:12.0632 7140 pla - ok20:10:12.0727 7140 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll20:10:12.0746 7140 PlugPlay - ok20:10:12.0818 7140 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll20:10:12.0831 7140 PNRPAutoReg - ok20:10:12.0867 7140 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll20:10:12.0875 7140 PNRPsvc - ok20:10:12.0954 7140 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll20:10:13.0024 7140 PolicyAgent - ok20:10:13.0093 7140 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll20:10:13.0101 7140 Power - ok20:10:13.0189 7140 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys20:10:13.0191 7140 PptpMiniport - ok20:10:13.0257 7140 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys20:10:13.0258 7140 Processor - ok20:10:13.0303 7140 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll20:10:13.0311 7140 ProfSvc - ok20:10:13.0368 7140 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe20:10:13.0370 7140 ProtectedStorage - ok20:10:13.0411 7140 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys20:10:13.0415 7140 Psched - ok20:10:13.0462 7140 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys20:10:13.0465 7140 PxHlpa64 - ok20:10:13.0541 7140 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys20:10:13.0553 7140 ql2300 - ok20:10:13.0598 7140 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys20:10:13.0601 7140 ql40xx - ok20:10:13.0685 7140 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll20:10:13.0701 7140 QWAVE - ok20:10:13.0748 7140 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys20:10:13.0750 7140 QWAVEdrv - ok20:10:13.0792 7140 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys20:10:13.0793 7140 RasAcd - ok20:10:13.0864 7140 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys20:10:13.0865 7140 RasAgileVpn - ok20:10:13.0909 7140 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll20:10:13.0924 7140 RasAuto - ok20:10:14.0003 7140 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys20:10:14.0005 7140 Rasl2tp - ok20:10:14.0214 7140 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll20:10:14.0288 7140 RasMan - ok20:10:14.0331 7140 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys20:10:14.0333 7140 RasPppoe - ok20:10:14.0369 7140 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys20:10:14.0374 7140 RasSstp - ok20:10:14.0453 7140 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys20:10:14.0460 7140 rdbss - ok20:10:14.0507 7140 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys20:10:14.0508 7140 rdpbus - ok20:10:14.0552 7140 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys20:10:14.0553 7140 RDPCDD - ok20:10:14.0611 7140 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys20:10:14.0612 7140 RDPENCDD - ok20:10:14.0650 7140 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys20:10:14.0651 7140 RDPREFMP - ok20:10:14.0730 7140 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys20:10:14.0733 7140 RDPWD - ok20:10:14.0787 7140 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys20:10:14.0792 7140 rdyboost - ok20:10:14.0876 7140 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll20:10:14.0887 7140 RemoteAccess - ok20:10:14.0967 7140 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll20:10:14.0986 7140 RemoteRegistry - ok20:10:15.0033 7140 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys20:10:15.0035 7140 rimmptsk - ok20:10:15.0080 7140 rimspci (e20b1907fc72a3664ece21e3c20fc63d) C:\Windows\system32\DRIVERS\rimspe64.sys20:10:15.0081 7140 rimspci - ok20:10:15.0120 7140 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys20:10:15.0122 7140 rimsptsk - ok20:10:15.0190 7140 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys20:10:15.0192 7140 RimUsb - ok20:10:15.0240 7140 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys20:10:15.0242 7140 RimVSerPort - ok20:10:15.0286 7140 risdpcie (a6da2b0c8f5bb3f9f5423cff8d6a02d9) C:\Windows\system32\DRIVERS\risdpe64.sys20:10:15.0288 7140 risdpcie - ok20:10:15.0332 7140 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys20:10:15.0333 7140 rismxdp - ok20:10:15.0374 7140 rixdpcie (6a1cd4674505e6791390a1ab71da1fbe) C:\Windows\system32\DRIVERS\rixdpe64.sys20:10:15.0376 7140 rixdpcie - ok20:10:15.0457 7140 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys20:10:15.0459 7140 ROOTMODEM - ok20:10:15.0621 7140 RoxMediaDB10 (05fc44d32a144925eae45570029fd6e1) c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe20:10:15.0655 7140 RoxMediaDB10 - ok20:10:15.0725 7140 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll20:10:15.0731 7140 RpcEptMapper - ok20:10:15.0800 7140 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe20:10:15.0812 7140 RpcLocator - ok20:10:15.0888 7140 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll20:10:15.0897 7140 RpcSs - ok20:10:15.0942 7140 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys20:10:15.0944 7140 rspndr - ok20:10:15.0995 7140 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys20:10:16.0001 7140 RTL8167 - ok20:10:16.0028 7140 RxFilter - ok20:10:16.0099 7140 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe20:10:16.0101 7140 SamSs - ok20:10:16.0164 7140 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys20:10:16.0166 7140 sbp2port - ok20:10:16.0213 7140 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll20:10:16.0228 7140 SCardSvr - ok20:10:16.0296 7140 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys20:10:16.0297 7140 scfilter - ok20:10:16.0398 7140 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll20:10:16.0489 7140 Schedule - ok20:10:16.0543 7140 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll20:10:16.0544 7140 SCPolicySvc - ok20:10:16.0589 7140 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll20:10:16.0596 7140 SDRSVC - ok20:10:16.0728 7140 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe20:10:16.0733 7140 SeaPort - ok20:10:16.0811 7140 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys20:10:16.0812 7140 secdrv - ok20:10:16.0886 7140 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll20:10:16.0951 7140 seclogon - ok20:10:17.0021 7140 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll20:10:17.0025 7140 SENS - ok20:10:17.0066 7140 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll20:10:17.0073 7140 SensrSvc - ok20:10:17.0127 7140 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys20:10:17.0128 7140 Serenum - ok20:10:17.0191 7140 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys20:10:17.0193 7140 Serial - ok20:10:17.0262 7140 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys20:10:17.0263 7140 sermouse - ok20:10:17.0329 7140 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll20:10:17.0383 7140 SessionEnv - ok20:10:17.0436 7140 SessionLauncher - ok20:10:17.0491 7140 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys20:10:17.0492 7140 sffdisk - ok20:10:17.0540 7140 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys20:10:17.0541 7140 sffp_mmc - ok20:10:17.0593 7140 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys20:10:17.0594 7140 sffp_sd - ok20:10:17.0669 7140 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys20:10:17.0670 7140 sfloppy - ok20:10:17.0759 7140 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys20:10:17.0769 7140 Sftfs - ok20:10:17.0849 7140 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe20:10:17.0927 7140 sftlist - ok20:10:17.0993 7140 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys20:10:17.0998 7140 Sftplay - ok20:10:18.0035 7140 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys20:10:18.0037 7140 Sftredir - ok20:10:18.0118 7140 SftService (e1974a92ac0914a3859359a0a8c82c68) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE20:10:18.0127 7140 SftService - ok20:10:18.0192 7140 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys20:10:18.0193 7140 Sftvol - ok20:10:18.0247 7140 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe20:10:18.0329 7140 sftvsa - ok20:10:18.0401 7140 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll20:10:18.0420 7140 SharedAccess - ok20:10:18.0491 7140 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll20:10:18.0552 7140 ShellHWDetection - ok20:10:18.0629 7140 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys20:10:18.0631 7140 SiSRaid2 - ok20:10:18.0677 7140 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys20:10:18.0680 7140 SiSRaid4 - ok20:10:18.0728 7140 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys20:10:18.0730 7140 Smb - ok20:10:18.0819 7140 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe20:10:18.0833 7140 SNMPTRAP - ok20:10:18.0875 7140 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys20:10:18.0878 7140 spldr - ok20:10:18.0952 7140 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe20:10:19.0050 7140 Spooler - ok20:10:19.0189 7140 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe20:10:19.0275 7140 sppsvc - ok20:10:19.0336 7140 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll20:10:19.0349 7140 sppuinotify - ok20:10:19.0452 7140 sptd (a6cff1af7664627a296b6a0a96cf876e) C:\Windows\System32\Drivers\sptd.sys20:10:19.0453 7140 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: a6cff1af7664627a296b6a0a96cf876e20:10:19.0465 7140 sptd ( LockedFile.Multi.Generic ) - warning20:10:19.0465 7140 sptd - detected LockedFile.Multi.Generic (1)20:10:19.0544 7140 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys20:10:19.0561 7140 srv - ok20:10:19.0611 7140 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys20:10:19.0627 7140 srv2 - ok20:10:19.0668 7140 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys20:10:19.0672 7140 srvnet - ok20:10:19.0745 7140 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll20:10:19.0761 7140 SSDPSRV - ok20:10:19.0798 7140 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll20:10:19.0809 7140 SstpSvc - ok20:10:19.0944 7140 STacSV (da7702025dfd169b909c4da3126762cc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe20:10:20.0006 7140 STacSV - ok20:10:20.0053 7140 stdflt (c48e0745d33897c7a73394214f2b9b4f) C:\Windows\system32\DRIVERS\stdflt.sys20:10:20.0055 7140 stdflt - ok20:10:20.0099 7140 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys20:10:20.0100 7140 stexstor - ok20:10:20.0157 7140 STHDA (caf5a9708671b14b9670260735b22c4e) C:\Windows\system32\DRIVERS\stwrt64.sys20:10:20.0164 7140 STHDA - ok20:10:20.0244 7140 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll20:10:20.0270 7140 stisvc - ok20:10:20.0386 7140 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe20:10:20.0493 7140 stllssvr - ok20:10:20.0540 7140 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys20:10:20.0541 7140 swenum - ok20:10:20.0623 7140 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll20:10:20.0646 7140 swprv - ok20:10:20.0735 7140 SynTP (639b57dc871be4b86283027faf1f4e30) C:\Windows\system32\DRIVERS\SynTP.sys20:10:20.0740 7140 SynTP - ok20:10:20.0839 7140 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll20:10:20.0882 7140 SysMain - ok20:10:20.0953 7140 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll20:10:21.0014 7140 TabletInputService - ok20:10:21.0084 7140 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll20:10:21.0155 7140 TapiSrv - ok20:10:21.0216 7140 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll20:10:21.0220 7140 TBS - ok20:10:21.0306 7140 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys20:10:21.0345 7140 Tcpip - ok20:10:21.0422 7140 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys20:10:21.0442 7140 TCPIP6 - ok20:10:21.0506 7140 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys20:10:21.0507 7140 tcpipreg - ok20:10:21.0588 7140 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys20:10:21.0589 7140 TDPIPE - ok20:10:21.0664 7140 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys20:10:21.0665 7140 TDTCP - ok20:10:21.0716 7140 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys20:10:21.0719 7140 tdx - ok20:10:21.0768 7140 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys20:10:21.0770 7140 TermDD - ok20:10:21.0825 7140 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll20:10:21.0850 7140 TermService - ok20:10:21.0919 7140 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll20:10:21.0924 7140 Themes - ok20:10:21.0991 7140 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll20:10:21.0994 7140 THREADORDER - ok20:10:22.0067 7140 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll20:10:22.0073 7140 TrkWks - ok20:10:22.0153 7140 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe20:10:22.0157 7140 TrustedInstaller - ok20:10:22.0198 7140 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys20:10:22.0199 7140 tssecsrv - ok20:10:22.0258 7140 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys20:10:22.0260 7140 TsUsbFlt - ok20:10:22.0316 7140 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys20:10:22.0388 7140 tunnel - ok20:10:22.0456 7140 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys20:10:22.0457 7140 uagp35 - ok20:10:22.0511 7140 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys20:10:22.0516 7140 udfs - ok20:10:22.0569 7140 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe20:10:22.0582 7140 UI0Detect - ok20:10:22.0647 7140 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys20:10:22.0649 7140 uliagpkx - ok20:10:22.0709 7140 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys20:10:22.0710 7140 umbus - ok20:10:22.0764 7140 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys20:10:22.0765 7140 UmPass - ok20:10:22.0931 7140 UNS (765f2dd351ba064f657751d8d75e58c0) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe20:10:22.0948 7140 UNS - ok20:10:23.0018 7140 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll20:10:23.0046 7140 upnphost - ok20:10:23.0131 7140 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys20:10:23.0133 7140 USBAAPL64 - ok20:10:23.0185 7140 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys20:10:23.0187 7140 usbccgp - ok20:10:23.0247 7140 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys20:10:23.0249 7140 usbcir - ok20:10:23.0315 7140 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys20:10:23.0370 7140 usbehci - ok20:10:23.0424 7140 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys20:10:23.0429 7140 usbhub - ok20:10:23.0469 7140 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys20:10:23.0470 7140 usbohci - ok20:10:23.0565 7140 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys20:10:23.0566 7140 usbprint - ok20:10:23.0629 7140 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys20:10:23.0631 7140 usbscan - ok20:10:23.0673 7140 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS20:10:23.0675 7140 USBSTOR - ok20:10:23.0719 7140 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys20:10:23.0720 7140 usbuhci - ok20:10:23.0795 7140 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys20:10:23.0798 7140 usbvideo - ok20:10:23.0866 7140 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll20:10:23.0872 7140 UxSms - ok20:10:23.0941 7140 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe20:10:23.0944 7140 VaultSvc - ok20:10:24.0005 7140 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys20:10:24.0008 7140 vdrvroot - ok20:10:24.0096 7140 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe20:10:24.0107 7140 vds - ok20:10:24.0183 7140 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys20:10:24.0184 7140 vga - ok20:10:24.0237 7140 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys20:10:24.0239 7140 VgaSave - ok20:10:24.0294 7140 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys20:10:24.0298 7140 vhdmp - ok20:10:24.0354 7140 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys20:10:24.0355 7140 viaide - ok20:10:24.0405 7140 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys20:10:24.0408 7140 volmgr - ok20:10:24.0539 7140 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys20:10:24.0547 7140 volmgrx - ok20:10:24.0606 7140 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys20:10:24.0611 7140 volsnap - ok20:10:24.0666 7140 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys20:10:24.0667 7140 vsmraid - ok20:10:24.0765 7140 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe20:10:24.0798 7140 VSS - ok20:10:24.0870 7140 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys20:10:24.0871 7140 vwifibus - ok20:10:24.0916 7140 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys20:10:24.0917 7140 vwififlt - ok20:10:24.0992 7140 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll20:10:25.0008 7140 W32Time - ok20:10:25.0057 7140 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys20:10:25.0059 7140 WacomPen - ok20:10:25.0143 7140 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys20:10:25.0145 7140 WANARP - ok20:10:25.0160 7140 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys20:10:25.0163 7140 Wanarpv6 - ok20:10:25.0254 7140 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe20:10:25.0367 7140 WatAdminSvc - ok20:10:25.0469 7140 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe20:10:25.0582 7140 wbengine - ok20:10:25.0656 7140 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll20:10:25.0674 7140 WbioSrvc - ok20:10:25.0753 7140 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll20:10:25.0816 7140 wcncsvc - ok20:10:25.0856 7140 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll20:10:25.0863 7140 WcsPlugInService - ok20:10:25.0950 7140 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys20:10:25.0951 7140 Wd - ok20:10:26.0011 7140 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys20:10:26.0032 7140 Wdf01000 - ok20:10:26.0071 7140 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll20:10:26.0078 7140 WdiServiceHost - ok20:10:26.0086 7140 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll20:10:26.0091 7140 WdiSystemHost - ok20:10:26.0149 7140 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll20:10:26.0208 7140 WebClient - ok20:10:26.0276 7140 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll20:10:26.0294 7140 Wecsvc - ok20:10:26.0338 7140 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll20:10:26.0344 7140 wercplsupport - ok20:10:26.0384 7140 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll20:10:26.0389 7140 WerSvc - ok20:10:26.0432 7140 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys20:10:26.0433 7140 WfpLwf - ok20:10:26.0487 7140 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys20:10:26.0490 7140 WimFltr - ok20:10:26.0538 7140 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys20:10:26.0539 7140 WIMMount - ok20:10:26.0595 7140 WinDefend - ok20:10:26.0609 7140 WinHttpAutoProxySvc - ok20:10:26.0692 7140 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll20:10:26.0705 7140 Winmgmt - ok20:10:26.0811 7140 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll20:10:26.0918 7140 WinRM - ok20:10:27.0013 7140 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys20:10:27.0014 7140 WinUsb - ok20:10:27.0111 7140 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll20:10:27.0143 7140 Wlansvc - ok20:10:27.0308 7140 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE20:10:27.0464 7140 wlidsvc - ok20:10:27.0534 7140 wltrysvc (a96d6c0613dcf84f2d07faeb75663072) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE20:10:27.0537 7140 wltrysvc - ok20:10:27.0666 7140 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys20:10:27.0667 7140 WmiAcpi - ok20:10:27.0755 7140 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe20:10:27.0769 7140 wmiApSrv - ok20:10:27.0827 7140 WMPNetworkSvc - ok20:10:27.0922 7140 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll20:10:27.0928 7140 WPCSvc - ok20:10:27.0998 7140 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll20:10:28.0059 7140 WPDBusEnum - ok20:10:28.0133 7140 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys20:10:28.0134 7140 ws2ifsl - ok20:10:28.0209 7140 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll20:10:28.0216 7140 wscsvc - ok20:10:28.0283 7140 WSearch - ok20:10:28.0406 7140 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll20:10:28.0461 7140 wuauserv - ok20:10:28.0532 7140 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys20:10:28.0534 7140 WudfPf - ok20:10:28.0605 7140 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys20:10:28.0608 7140 WUDFRd - ok20:10:28.0649 7140 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll20:10:28.0698 7140 wudfsvc - ok20:10:28.0775 7140 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll20:10:28.0801 7140 WwanSvc - ok20:10:28.0892 7140 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys20:10:28.0893 7140 xusb21 - ok20:10:28.0922 7140 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR020:10:28.0988 7140 \Device\Harddisk0\DR0 - ok20:10:28.0996 7140 Boot (0x1200) (3d9d29fb97dc3555f5c5013ee94d2649) \Device\Harddisk0\DR0\Partition020:10:28.0999 7140 \Device\Harddisk0\DR0\Partition0 - ok20:10:29.0016 7140 Boot (0x1200) (a883389abd1c5c98901fd0bdc4fd521f) \Device\Harddisk0\DR0\Partition120:10:29.0019 7140 \Device\Harddisk0\DR0\Partition1 - ok20:10:29.0024 7140 ============================================================20:10:29.0024 7140 Scan finished20:10:29.0024 7140 ============================================================20:10:29.0036 11140 Detected object count: 120:10:29.0036 11140 Actual detected object count: 120:11:14.0824 11140 sptd ( LockedFile.Multi.Generic ) - skipped by user20:11:14.0824 11140 sptd ( LockedFile.Multi.Generic ) - User select action: Skip Link to post Share on other sites More sharing options...
Larusso Posted April 10, 2012 ID:541200 Share Posted April 10, 2012 Hy there.Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OKIMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.Do not re-enable these drivers until otherwise instructed.Download ComboFix from one of these locations:Link 1Link 2* IMPORTANT- Save ComboFix.exe to your Desktop====================================================Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications====================================================Double click on combofix.exe & follow the prompts.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that. Link to post Share on other sites More sharing options...
dazvondon Posted April 10, 2012 Author ID:541296 Share Posted April 10, 2012 Hi Daniel, Combi fix log here for you to look at.Thanks,DarrenComboFix 12-04-10.01 - Dirty 10/04/2012 14:34:20.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3957.2784 [GMT 1:00]Running from: c:\users\Dirty\Desktop\ComboFix.exeAV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\Install.exe..((((((((((((((((((((((((( Files Created from 2012-03-10 to 2012-04-10 )))))))))))))))))))))))))))))))..2012-04-10 14:05 . 2012-04-10 14:05 -------- d-----w- c:\users\Guest\AppData\Local\temp2012-04-10 14:05 . 2012-04-10 14:05 -------- d-----w- c:\users\Default\AppData\Local\temp2012-04-09 08:52 . 2012-04-09 08:52 8767136 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe2012-04-09 08:45 . 2012-04-09 08:52 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-03-23 21:50 . 2012-03-23 21:50 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll2012-03-23 21:50 . 2012-03-23 21:50 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll2012-03-16 23:40 . 2012-03-16 23:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2012-03-16 23:40 . 2011-12-10 15:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys2012-03-16 23:29 . 2012-03-16 23:29 -------- d-----w- c:\users\Guest\AppData\Local\Apps2012-03-14 00:25 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe2012-03-14 00:25 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2012-03-14 00:25 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2012-03-13 17:45 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys2012-03-13 17:45 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll2012-03-13 17:45 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll2012-03-13 17:44 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe2012-03-13 17:44 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll2012-03-13 17:44 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll2012-03-13 17:44 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll2012-03-13 17:44 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll2012-03-13 17:44 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-03-13 17:44 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-04-09 08:52 . 2011-07-08 17:53 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-03-03 17:04 . 2012-03-03 17:04 0 ----a-w- c:\windows\SysWow64\sho79AB.tmp2012-02-24 19:24 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll2012-02-24 19:24 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2010-07-21 165184].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 136176]R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 253600]R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 136176]R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x]S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL*Deregistered* - mfeavfk01.Contents of the 'Scheduled Tasks' folder.2012-04-10 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 08:52].2012-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 22:40].2012-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 22:40]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-04-02 3217056]"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-16 5470208].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x0.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.google.co.uk/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.htmlTCP: DhcpNameServer = 194.168.4.100 194.168.8.100FF - ProfilePath - c:\users\Dirty\AppData\Roaming\Mozilla\Firefox\Profiles\binzybo1.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.google.co.ukFF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=FF - prefs.js: network.proxy.type - 0.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exeToolbar-Locked - (no file)HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exeAddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exec:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exec:\windows\SysWOW64\rundll32.exec:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe.**************************************************************************.Completion time: 2012-04-10 15:18:09 - machine was rebootedComboFix-quarantined-files.txt 2012-04-10 14:18.Pre-Run: 124,162,007,040 bytes freePost-Run: 124,336,173,056 bytes free.- - End Of File - - 93AB57420F41B1183A65772954A11AD6 Link to post Share on other sites More sharing options...
Larusso Posted April 10, 2012 ID:541370 Share Posted April 10, 2012 Nothing.Please download aswMBR.exe and save it to your desktop. Double click aswMBR.exe to start the tool.Vista/Windows 7 users: Right click to "Run as AdministratorThe tool may ask youThis application can use AVAST! Free Antivirus to scanningWould you like to download latest AVAST! virus definitions ?Please click Yes ( The download could take some time ) Click ScanUpon completion of the scan, click Save log and save it to your desktop, and post the aswmbr.txt in your next reply for review. Note - do NOT attempt any Fix yet. You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well. Link to post Share on other sites More sharing options...
dazvondon Posted April 12, 2012 Author ID:542148 Share Posted April 12, 2012 I tried this twice and it scans but about 5 mins in it crashes and re-starts my laptop. Link to post Share on other sites More sharing options...
Larusso Posted April 13, 2012 ID:542248 Share Posted April 13, 2012 Could you try it in Safemode please Link to post Share on other sites More sharing options...
LDTate Posted May 3, 2012 ID:548428 Share Posted May 3, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts