Audio Ads > maljava, svchost trojans, etc

mcarey · July 17, 2012

Starting today I began getting often overlapping audio ads/content running in the background. Had not realized the virus protection on my Win 7 machine had lapsed. Installed Norton, Malware Bytes Pro, Super AntiSpyware Pro.

First, maljava trojan was id'd and supposedly removed (along with some minor tracing cookie stuff). Then an svchost.exe trojan was found in C://Windows/ (repeatedly, on repeated scans) but not removed.

Am also getting frequent alerts from Malware Bytes that it "Successfully blocked access to a potentially malicious IP" (outgoing, via svchost), usually for 206.161.121.3 but occasionally now for 78.41.203.125

Here are the dds and attach logs.

Thank you so much for your help with this.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by mcarey at 15:46:44 on 2012-07-17

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6142.4182 [GMT -4:00]

.

AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\SPBA\upeksvr.exe

C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe

C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

-netsvcs

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\notepad.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\IPS\IPSBHO.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [AdobeBridge]

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

mRun: [<NO NAME>]

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\mcarey\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\mcarey\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\mcarey\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLSY~1.LNK - C:\Program Files (x86)\Dell\Dell System Manager\DCPSysMgr.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {3D679FAC-C75F-11D2-A4D6-00C04F68FE3A} - hxxp://mastermoo/projectcentral/objects/1033/pjcintl.cab

DPF: {484A7A26-FDB0-11D0-8D2B-00C04FB92E89} - hxxp://mastermoo/projectcentral/objects/pjclient.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 68.237.161.12 71.250.0.12

TCP: Interfaces\{B968EFD3-D874-4496-A693-369F2804D119} : DhcpNameServer = 68.237.161.12 71.250.0.12

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

LSA: Authentication Packages = msv1_0 wvauth

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll

BHO-X64: Trend Micro NSC BHO - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

mRun-x64: [(Default)]

mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

Hosts: 74.82.131.50 abigbigworld_staging.com

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\mcarey\AppData\Roaming\Mozilla\Firefox\Profiles\6cbvho6i.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\mcarey\AppData\Roaming\Mozilla\plugins\npatgpc.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NAVx64\1307010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\NAVx64\1307010.005\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1307010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\NAVx64\1307010.005\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\BASHDefs\20120402.001\BHDrvx64.sys [2012-7-17 1160824]

R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\system32\drivers\NAVx64\1307010.005\ccSetx64.sys --> C:\Windows\system32\drivers\NAVx64\1307010.005\ccSetx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\IPSDefs\20120202.002\IDSviA64.sys [2012-7-17 488568]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NAVx64\1307010.005\Ironx64.SYS --> C:\Windows\system32\drivers\NAVx64\1307010.005\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\NAVx64\1307010.005\SYMNETS.SYS --> C:\Windows\system32\drivers\NAVx64\1307010.005\SYMNETS.SYS [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]

R2 BrcmMgmtAgent;Broadcom Management Agent;C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-6-29 158720]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 dcpsysmgrsvc;Dell System Manager Service;C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-8-24 517488]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-15 13336]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-17 655944]

R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe [2012-7-17 138232]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-7-1 1600000]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-7-17 138912]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-4 116648]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-27 250056]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-4 116648]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]

S3 netvsc;netvsc;C:\Windows\system32\DRIVERS\netvsc60.sys --> C:\Windows\system32\DRIVERS\netvsc60.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 SynthVid;SynthVid;C:\Windows\system32\DRIVERS\VMBusVideoM.sys --> C:\Windows\system32\DRIVERS\VMBusVideoM.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-07-17 19:19:05 20480 ----a-w- C:\Windows\svchost.exe

2012-07-17 16:49:54 -------- d-----w- C:\Users\mcarey\AppData\Roaming\Malwarebytes

2012-07-17 16:48:53 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-17 16:48:52 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-17 16:48:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-17 16:30:00 -------- d-----w- C:\Users\mcarey\AppData\Roaming\SUPERAntiSpyware.com

2012-07-17 16:29:56 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2012-07-17 16:29:56 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2012-07-17 15:58:58 -------- d-----w- C:\ProgramData\Norton

2012-07-17 15:36:53 -------- d-----w- C:\ProgramData\Symantec Shared

2012-07-17 15:35:51 -------- d-----w- C:\ProgramData\regid.1992_12.com.symantec

2012-07-17 15:35:31 503808 ----a-w- C:\Windows\SysWow64\MSVCP71.DLL

2012-07-17 15:35:31 348160 ----a-w- C:\Windows\SysWow64\MSVCR71.DLL

2012-07-17 15:35:31 1060864 ----a-w- C:\Windows\SysWow64\MFC71.DLL

2012-07-17 15:35:31 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

2012-07-17 15:35:15 -------- d-----w- C:\ProgramData\Symantec

2012-07-17 15:35:14 -------- d-----w- C:\Program Files (x86)\Symantec

2012-07-17 15:13:29 -------- d-----w- C:\ProgramData\Symantec_Endpoint_Protection_12.1_RU1_MP1_Part1_Trialware_EN

2012-07-17 14:03:38 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{15028223-8B09-445D-8E6E-21AC7F789F87}\mpengine.dll

2012-07-11 21:55:05 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 14:06:02 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll

2012-07-11 14:06:02 2048 ----a-w- C:\Windows\System32\msxml3r.dll

2012-07-11 14:06:02 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-07-11 14:06:02 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-07-11 14:06:02 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-07-11 14:06:02 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-29 21:32:07 -------- d-----w- C:\Users\mcarey\AppData\Roaming\Macrovision

2012-06-29 21:28:45 -------- d-----w- C:\Program Files (x86)\Amazon

2012-06-21 14:03:24 -------- d-----w- C:\Users\mcarey\AppData\Local\Macromedia

2012-06-20 14:15:55 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-20 14:15:55 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-19 14:29:13 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-19 14:29:03 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-19 14:28:50 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-19 14:28:50 186752 ----a-w- C:\Windows\System32\wuwebv.dll

.

==================== Find3M ====================

.

2012-07-17 16:00:16 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-07-12 17:27:11 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 17:27:11 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-21 14:48:19 60304 ----a-w- C:\Users\mcarey\g2mdlhlpx.exe

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

.

============= FINISH: 15:47:27.20 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 12/21/2011 10:54:11 AM

System Uptime: 7/17/2012 3:25:15 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 09KPNV

Processor: Intel® Xeon® CPU W3530 @ 2.80GHz | CPU | 2800/4800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 232 GiB total, 98.695 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 112 GiB total, 9.039 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP88: 6/14/2012 6:32:49 PM - Windows Update

RP89: 6/19/2012 10:28:36 AM - Windows Update

RP90: 6/19/2012 10:31:21 AM - Windows Update

RP91: 6/26/2012 10:18:24 AM - Windows Update

RP92: 6/29/2012 10:22:58 AM - Windows Update

RP93: 7/3/2012 3:37:17 PM - Windows Update

RP94: 7/10/2012 9:26:49 AM - Windows Update

RP95: 7/10/2012 9:33:22 AM - Dell Updates

RP96: 7/11/2012 5:51:57 PM - Windows Update

RP97: 7/17/2012 10:03:07 AM - Windows Update

RP99: 7/17/2012 10:55:56 AM - Windows Defender Checkpoint

RP100: 7/17/2012 11:34:42 AM - Installed Symantec Endpoint Protection Manager.

.

==== Installed Programs ======================

.

Adobe Acrobat X Pro - English, Français, Deutsch

Adobe AIR

Adobe Community Help

Adobe Creative Suite 5.5 Master Collection

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.1)

Adobe Shockwave Player 11.6

Adobe Story

Adobe Widget Browser

Amazon MP3 Downloader 1.0.15

Apple Application Support

Apple Software Update

ATI Catalyst Control Center

Audacity 1.3.14 (Unicode)

AVS Screen Capture version 2.0.1

AVS Update Manager 1.0

AVS Video Editor 6

AVS Video Recorder 2.4

AVS4YOU Software Navigator 1.4

Bing Bar

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Cisco WebEx Meetings

CyberLink PowerDVD 9.5

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell Client System Update

Dell Data Protection | Access

Dell Data Protection | Access | Drivers

Dell Data Protection | Access | Middleware

DirectX 9 Runtime

Dropbox

ExamDiff Pro 3.5

FileZilla Client 3.5.2

firstobject XML Editor version 2.4.2

Google Chrome

Google Earth

Google Update Helper

GoToMeeting 5.2.0.952

HandBrake 0.9.5

Intel® Rapid Storage Technology

Java Auto Updater

Java 6 Update 31

Junk Mail filter update

LAME v3.98.3 for Audacity

LiveUpdate 3.3 (Symantec Corporation)

Malwarebytes Anti-Malware version 1.62.0.1300

Mesh Runtime

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Business 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Norton AntiVirus

PDF Settings CS5

PhotoShowExpress

QuickTime

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition

Simon SIO 1

Skins

Skype Click to Call

Skype™ 5.10

Sonic CinePlayer Decoder Pack

SoundMAX

swMSM

Symantec Endpoint Protection Manager

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

.

==== Event Viewer Messages From Past Week ========

.

7/17/2012 3:30:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

7/17/2012 3:30:54 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/17/2012 3:26:32 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.36 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.

7/17/2012 3:26:32 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002ab87ef, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071712-52151-01.

7/17/2012 10:52:07 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect.

7/17/2012 10:52:07 AM, Error: Service Control Manager [7000] - The Intel® Rapid Storage Technology service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/17/2012 10:47:27 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000001, 0x0000000000000002, 0x0000000000000000, 0xfffff80002aa2442). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071712-64225-01.

.

==== End Of File ===========================

Maniac · July 18, 2012

Hello mcarey and :welcome: ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

If you have installed Norton at the beginning there will be no need to be here now. Antivirus protection is very important.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

TDSSKiller log
Malwarebytes' Anti-Malware log

mcarey · July 18, 2012

OK, sorry for the delay. This is a work computer and I just recently got in to the office. I am a paying customer, is it your recommendation that I use the customer help desk instead of this forum? Also, I've disconnected from the internet, but do not have a flash drive onhand and do not want to compromise the external drive I have (and have no place to dump its contents safely). So I'll need to go get a flash drive so that I can transfer the tools you need me to use and the logs w/o use of the internet. So I will go and do that and post back asap. Thanks for your help, Maura

mcarey · July 18, 2012

I have contacted the customer support but in the meantime of hearing back from them (because of their note: "the community forums can have faster response times than the email tickets"), I am proceeding with your instructions. I've downloaded TDSSKiller to a thumb drive and can run it on the infected computer momentarily, but before I do, I wanted to ask whether I should re-connect an external hard drive that was connected to the computer when it got infected, so that the tool can take it into account, or whether I should leave that drive disconnected. Please advise. Thanks!!

mcarey · July 18, 2012

Actually, in the interest of time, I'll just proceed with the external drive disconnected.

mcarey · July 18, 2012

[no reply yet from cust support/help desk]

Here are the TDSSKiller and MBAM logs.

NOTE - Just as I had completed the TDSSKiller scan and was about to reboot, Norton alerted to a blocked attempt by a Trojan.Gen.2 to run. So I've included that alert log from Norton. Maybe I was supposed to disable Norton before running TDSSKiller(?) but since I didn't see that in your instructions, I had left it on. Please let me know what I should do next. Thank you!

***************************************************************

* TDSSKiller ***************************************

***************************************************************

11:15:55.0277 3976 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11

11:15:55.0317 3976 ============================================================

11:15:55.0317 3976 Current date / time: 2012/07/18 11:15:55.0317

11:15:55.0317 3976 SystemInfo:

11:15:55.0317 3976

11:15:55.0317 3976 OS Version: 6.1.7601 ServicePack: 1.0

11:15:55.0317 3976 Product type: Workstation

11:15:55.0317 3976 ComputerName: MCAREY-PC

11:15:55.0317 3976 UserName: mcarey

11:15:55.0317 3976 Windows directory: C:\Windows

11:15:55.0317 3976 System windows directory: C:\Windows

11:15:55.0317 3976 Running under WOW64

11:15:55.0317 3976 Processor architecture: Intel x64

11:15:55.0317 3976 Number of processors: 4

11:15:55.0317 3976 Page size: 0x1000

11:15:55.0317 3976 Boot type: Normal boot

11:15:55.0317 3976 ============================================================

11:15:55.0917 3976 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

11:15:55.0927 3976 Drive \Device\Harddisk1\DR2 - Size: 0xEEB00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

11:15:55.0927 3976 ============================================================

11:15:55.0927 3976 \Device\Harddisk0\DR0:

11:15:55.0927 3976 MBR partitions:

11:15:55.0927 3976 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x177000

11:15:55.0927 3976 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x18B000, BlocksNum 0x1D03A000

11:15:55.0927 3976 \Device\Harddisk1\DR2:

11:15:55.0927 3976 MBR partitions:

11:15:55.0927 3976 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x7757E0

11:15:55.0927 3976 ============================================================

11:15:55.0957 3976 C: <-> \Device\Harddisk0\DR0\Partition1

11:15:55.0957 3976 ============================================================

11:15:55.0957 3976 Initialize success

11:15:55.0957 3976 ============================================================

11:16:18.0269 5524 ============================================================

11:16:18.0269 5524 Scan started

11:16:18.0269 5524 Mode: Manual; SigCheck; TDLFS;

11:16:18.0269 5524 ============================================================

11:16:18.0469 5524 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

11:16:18.0559 5524 !SASCORE - ok

11:16:18.0719 5524 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

11:16:18.0739 5524 1394ohci - ok

11:16:18.0789 5524 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

11:16:18.0799 5524 ACPI - ok

11:16:18.0809 5524 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

11:16:18.0839 5524 AcpiPmi - ok

11:16:18.0889 5524 ADIHdAudAddService (dbae970e1660d33f41f460d245a30a6a) C:\Windows\system32\drivers\ADIHdAud.sys

11:16:18.0939 5524 ADIHdAudAddService - ok

11:16:19.0019 5524 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

11:16:19.0029 5524 AdobeARMservice - ok

11:16:19.0159 5524 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

11:16:19.0189 5524 AdobeFlashPlayerUpdateSvc - ok

11:16:19.0319 5524 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

11:16:19.0339 5524 adp94xx - ok

11:16:19.0379 5524 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

11:16:19.0389 5524 adpahci - ok

11:16:19.0439 5524 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

11:16:19.0469 5524 adpu320 - ok

11:16:19.0529 5524 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

11:16:19.0649 5524 AeLookupSvc - ok

11:16:19.0729 5524 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

11:16:19.0769 5524 AFD - ok

11:16:19.0799 5524 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

11:16:19.0809 5524 agp440 - ok

11:16:19.0829 5524 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

11:16:19.0849 5524 ALG - ok

11:16:19.0869 5524 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

11:16:19.0879 5524 aliide - ok

11:16:19.0919 5524 AMD External Events Utility (dceee24e57e8176115207312f827c130) C:\Windows\system32\atiesrxx.exe

11:16:19.0970 5524 AMD External Events Utility - ok

11:16:19.0990 5524 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

11:16:20.0000 5524 amdide - ok

11:16:20.0010 5524 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

11:16:20.0050 5524 AmdK8 - ok

11:16:20.0380 5524 amdkmdag (f6640d83af0fd74c50e23e68548ea9a0) C:\Windows\system32\DRIVERS\atikmdag.sys

11:16:20.0530 5524 amdkmdag - ok

11:16:20.0670 5524 amdkmdap (20b63276a1920b41e1c56720b395049b) C:\Windows\system32\DRIVERS\atikmpag.sys

11:16:20.0710 5524 amdkmdap - ok

11:16:20.0730 5524 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

11:16:20.0750 5524 AmdPPM - ok

11:16:20.0790 5524 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

11:16:20.0800 5524 amdsata - ok

11:16:20.0830 5524 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

11:16:20.0840 5524 amdsbs - ok

11:16:20.0860 5524 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

11:16:20.0870 5524 amdxata - ok

11:16:20.0880 5524 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

11:16:21.0040 5524 AppID - ok

11:16:21.0060 5524 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

11:16:21.0100 5524 AppIDSvc - ok

11:16:21.0120 5524 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

11:16:21.0150 5524 Appinfo - ok

11:16:21.0230 5524 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

11:16:21.0240 5524 Apple Mobile Device - ok

11:16:21.0300 5524 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

11:16:21.0330 5524 AppMgmt - ok

11:16:21.0360 5524 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

11:16:21.0370 5524 arc - ok

11:16:21.0390 5524 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

11:16:21.0400 5524 arcsas - ok

11:16:21.0500 5524 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

11:16:21.0500 5524 aspnet_state - ok

11:16:21.0520 5524 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

11:16:21.0550 5524 AsyncMac - ok

11:16:21.0590 5524 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

11:16:21.0600 5524 atapi - ok

11:16:22.0000 5524 atikmdag (f6640d83af0fd74c50e23e68548ea9a0) C:\Windows\system32\DRIVERS\atikmdag.sys

11:16:22.0060 5524 atikmdag - ok

11:16:22.0220 5524 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

11:16:22.0270 5524 AudioEndpointBuilder - ok

11:16:22.0270 5524 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

11:16:22.0300 5524 AudioSrv - ok

11:16:22.0330 5524 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

11:16:22.0360 5524 AxInstSV - ok

11:16:22.0440 5524 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

11:16:22.0480 5524 b06bdrv - ok

11:16:22.0550 5524 b57nd60a (00e4fd35ce3e817f19d6bc2b6f97fd90) C:\Windows\system32\DRIVERS\b57nd60a.sys

11:16:22.0580 5524 b57nd60a - ok

11:16:22.0680 5524 BBSvc (87f3bcf82a63e900af896cd930bf7e05) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

11:16:22.0690 5524 BBSvc - ok

11:16:22.0750 5524 BBUpdate (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

11:16:22.0760 5524 BBUpdate - ok

11:16:22.0810 5524 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

11:16:22.0820 5524 BDESVC - ok

11:16:22.0850 5524 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

11:16:22.0890 5524 Beep - ok

11:16:22.0960 5524 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

11:16:23.0000 5524 BFE - ok

11:16:23.0280 5524 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\BASHDefs\20120711.002\BHDrvx64.sys

11:16:23.0310 5524 BHDrvx64 - ok

11:16:23.0460 5524 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

11:16:23.0510 5524 BITS - ok

11:16:23.0560 5524 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

11:16:23.0580 5524 blbdrive - ok

11:16:23.0640 5524 Blfp (228086f7ed08e8f1f8622e8f0ded7b6e) C:\Windows\system32\DRIVERS\basp.sys

11:16:23.0670 5524 Blfp - ok

11:16:23.0760 5524 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

11:16:23.0770 5524 Bonjour Service - ok

11:16:23.0840 5524 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

11:16:23.0860 5524 bowser - ok

11:16:23.0950 5524 BrcmMgmtAgent (96afb6d33247fe90421a5b2e76f4ed59) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe

11:16:23.0960 5524 BrcmMgmtAgent ( UnsignedFile.Multi.Generic ) - warning

11:16:23.0960 5524 BrcmMgmtAgent - detected UnsignedFile.Multi.Generic (1)

11:16:24.0000 5524 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

11:16:24.0020 5524 BrFiltLo - ok

11:16:24.0020 5524 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

11:16:24.0040 5524 BrFiltUp - ok

11:16:24.0080 5524 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

11:16:24.0120 5524 Browser - ok

11:16:24.0130 5524 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

11:16:24.0160 5524 Brserid - ok

11:16:24.0170 5524 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

11:16:24.0190 5524 BrSerWdm - ok

11:16:24.0190 5524 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

11:16:24.0240 5524 BrUsbMdm - ok

11:16:24.0240 5524 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

11:16:24.0250 5524 BrUsbSer - ok

11:16:24.0260 5524 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

11:16:24.0270 5524 BTHMODEM - ok

11:16:24.0300 5524 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

11:16:24.0330 5524 bthserv - ok

11:16:24.0400 5524 ccSet_NAV (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NAVx64\1307010.005\ccSetx64.sys

11:16:24.0410 5524 ccSet_NAV - ok

11:16:24.0440 5524 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

11:16:24.0480 5524 cdfs - ok

11:16:24.0510 5524 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

11:16:24.0540 5524 cdrom - ok

11:16:24.0560 5524 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

11:16:24.0610 5524 CertPropSvc - ok

11:16:24.0640 5524 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

11:16:24.0660 5524 circlass - ok

11:16:24.0690 5524 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

11:16:24.0710 5524 CLFS - ok

11:16:24.0800 5524 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

11:16:24.0800 5524 clr_optimization_v2.0.50727_32 - ok

11:16:24.0860 5524 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

11:16:24.0870 5524 clr_optimization_v2.0.50727_64 - ok

11:16:24.0940 5524 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

11:16:24.0950 5524 clr_optimization_v4.0.30319_32 - ok

11:16:25.0000 5524 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

11:16:25.0010 5524 clr_optimization_v4.0.30319_64 - ok

11:16:25.0050 5524 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

11:16:25.0070 5524 CmBatt - ok

11:16:25.0080 5524 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

11:16:25.0080 5524 cmdide - ok

11:16:25.0170 5524 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

11:16:25.0210 5524 CNG - ok

11:16:25.0230 5524 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

11:16:25.0240 5524 Compbatt - ok

11:16:25.0260 5524 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

11:16:25.0290 5524 CompositeBus - ok

11:16:25.0300 5524 COMSysApp - ok

11:16:25.0300 5524 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

11:16:25.0310 5524 crcdisk - ok

11:16:25.0350 5524 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

11:16:25.0370 5524 CryptSvc - ok

11:16:25.0430 5524 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

11:16:25.0470 5524 CSC - ok

11:16:25.0510 5524 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

11:16:25.0540 5524 CscService - ok

11:16:25.0690 5524 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

11:16:25.0740 5524 cvhsvc - ok

11:16:25.0870 5524 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

11:16:25.0920 5524 DcomLaunch - ok

11:16:26.0020 5524 dcpsysmgrsvc (230bfb96a86ab29da6deb234f8985d34) c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe

11:16:26.0030 5524 dcpsysmgrsvc - ok

11:16:26.0070 5524 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

11:16:26.0100 5524 defragsvc - ok

11:16:26.0160 5524 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

11:16:26.0200 5524 DfsC - ok

11:16:26.0250 5524 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

11:16:26.0300 5524 Dhcp - ok

11:16:26.0320 5524 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

11:16:26.0360 5524 discache - ok

11:16:26.0390 5524 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

11:16:26.0400 5524 Disk - ok

11:16:26.0440 5524 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys

11:16:26.0450 5524 dmvsc - ok

11:16:26.0490 5524 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

11:16:26.0520 5524 Dnscache - ok

11:16:26.0580 5524 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

11:16:26.0620 5524 dot3svc - ok

11:16:26.0680 5524 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

11:16:26.0700 5524 Dot4 - ok

11:16:26.0730 5524 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys

11:16:26.0740 5524 Dot4Print - ok

11:16:26.0760 5524 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

11:16:26.0790 5524 dot4usb - ok

11:16:26.0830 5524 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

11:16:26.0870 5524 DPS - ok

11:16:26.0930 5524 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

11:16:26.0960 5524 drmkaud - ok

11:16:27.0030 5524 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

11:16:27.0050 5524 DXGKrnl - ok

11:16:27.0070 5524 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

11:16:27.0100 5524 EapHost - ok

11:16:27.0240 5524 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

11:16:27.0320 5524 ebdrv - ok

11:16:27.0450 5524 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

11:16:27.0470 5524 eeCtrl - ok

11:16:27.0590 5524 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

11:16:27.0610 5524 EFS - ok

11:16:27.0700 5524 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

11:16:27.0760 5524 ehRecvr - ok

11:16:27.0780 5524 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

11:16:27.0790 5524 ehSched - ok

11:16:27.0870 5524 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

11:16:27.0890 5524 elxstor - ok

11:16:27.0990 5524 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

11:16:28.0000 5524 EraserUtilRebootDrv - ok

11:16:28.0000 5524 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

11:16:28.0030 5524 ErrDev - ok

11:16:28.0070 5524 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

11:16:28.0110 5524 EventSystem - ok

11:16:28.0150 5524 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

11:16:28.0180 5524 exfat - ok

11:16:28.0200 5524 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

11:16:28.0240 5524 fastfat - ok

11:16:28.0280 5524 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

11:16:28.0320 5524 Fax - ok

11:16:28.0330 5524 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

11:16:28.0340 5524 fdc - ok

11:16:28.0370 5524 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

11:16:28.0400 5524 fdPHost - ok

11:16:28.0420 5524 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

11:16:28.0470 5524 FDResPub - ok

11:16:28.0500 5524 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

11:16:28.0510 5524 FileInfo - ok

11:16:28.0520 5524 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

11:16:28.0560 5524 Filetrace - ok

11:16:28.0580 5524 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

11:16:28.0590 5524 flpydisk - ok

11:16:28.0620 5524 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

11:16:28.0630 5524 FltMgr - ok

11:16:28.0720 5524 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

11:16:28.0770 5524 FontCache - ok

11:16:28.0850 5524 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

11:16:28.0860 5524 FontCache3.0.0.0 - ok

11:16:28.0910 5524 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

11:16:28.0920 5524 FsDepends - ok

11:16:28.0950 5524 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

11:16:28.0960 5524 Fs_Rec - ok

11:16:28.0991 5524 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

11:16:29.0011 5524 fvevol - ok

11:16:29.0031 5524 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

11:16:29.0041 5524 gagp30kx - ok

11:16:29.0051 5524 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

11:16:29.0061 5524 GEARAspiWDM - ok

11:16:29.0131 5524 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

11:16:29.0161 5524 gpsvc - ok

11:16:29.0241 5524 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

11:16:29.0241 5524 gupdate - ok

11:16:29.0251 5524 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

11:16:29.0261 5524 gupdatem - ok

11:16:29.0281 5524 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

11:16:29.0301 5524 hcw85cir - ok

11:16:29.0341 5524 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

11:16:29.0361 5524 HDAudBus - ok

11:16:29.0361 5524 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

11:16:29.0381 5524 HidBatt - ok

11:16:29.0391 5524 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

11:16:29.0401 5524 HidBth - ok

11:16:29.0401 5524 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

11:16:29.0421 5524 HidIr - ok

11:16:29.0451 5524 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

11:16:29.0481 5524 hidserv - ok

11:16:29.0511 5524 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

11:16:29.0521 5524 HidUsb - ok

11:16:29.0531 5524 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

11:16:29.0571 5524 hkmsvc - ok

11:16:29.0601 5524 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

11:16:29.0621 5524 HomeGroupListener - ok

11:16:29.0671 5524 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

11:16:29.0731 5524 HomeGroupProvider - ok

11:16:29.0761 5524 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

11:16:29.0771 5524 HpSAMD - ok

11:16:29.0821 5524 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

11:16:29.0861 5524 HTTP - ok

11:16:29.0881 5524 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

11:16:29.0891 5524 hwpolicy - ok

11:16:29.0901 5524 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

11:16:29.0921 5524 i8042prt - ok

11:16:29.0961 5524 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys

11:16:29.0971 5524 iaStor - ok

11:16:30.0031 5524 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

11:16:30.0041 5524 IAStorDataMgrSvc - ok

11:16:30.0081 5524 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

11:16:30.0091 5524 iaStorV - ok

11:16:30.0181 5524 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

11:16:30.0201 5524 IDriverT ( UnsignedFile.Multi.Generic ) - warning

11:16:30.0201 5524 IDriverT - detected UnsignedFile.Multi.Generic (1)

11:16:30.0311 5524 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

11:16:30.0351 5524 idsvc - ok

11:16:30.0541 5524 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\IPSDefs\20120715.001\IDSvia64.sys

11:16:30.0561 5524 IDSVia64 - ok

11:16:30.0651 5524 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

11:16:30.0661 5524 iirsp - ok

11:16:30.0731 5524 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

11:16:30.0801 5524 IKEEXT - ok

11:16:30.0811 5524 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

11:16:30.0821 5524 intelide - ok

11:16:30.0841 5524 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

11:16:30.0871 5524 intelppm - ok

11:16:30.0881 5524 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

11:16:30.0921 5524 IPBusEnum - ok

11:16:30.0931 5524 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

11:16:30.0951 5524 IpFilterDriver - ok

11:16:30.0981 5524 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

11:16:31.0011 5524 iphlpsvc - ok

11:16:31.0021 5524 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

11:16:31.0041 5524 IPMIDRV - ok

11:16:31.0041 5524 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

11:16:31.0071 5524 IPNAT - ok

11:16:31.0161 5524 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe

11:16:31.0171 5524 iPod Service - ok

11:16:31.0191 5524 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

11:16:31.0211 5524 IRENUM - ok

11:16:31.0211 5524 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

11:16:31.0221 5524 isapnp - ok

11:16:31.0241 5524 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

11:16:31.0261 5524 iScsiPrt - ok

11:16:31.0291 5524 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

11:16:31.0301 5524 kbdclass - ok

11:16:31.0321 5524 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

11:16:31.0341 5524 kbdhid - ok

11:16:31.0381 5524 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:16:31.0391 5524 KeyIso - ok

11:16:31.0421 5524 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

11:16:31.0431 5524 KSecDD - ok

11:16:31.0451 5524 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

11:16:31.0461 5524 KSecPkg - ok

11:16:31.0471 5524 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

11:16:31.0501 5524 ksthunk - ok

11:16:31.0541 5524 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

11:16:31.0591 5524 KtmRm - ok

11:16:31.0631 5524 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

11:16:31.0681 5524 LanmanServer - ok

11:16:31.0741 5524 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

11:16:31.0771 5524 LanmanWorkstation - ok

11:16:31.0991 5524 LiveUpdate (da3d2b2106c71533b3360e9785244c75) C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE

11:16:32.0041 5524 LiveUpdate - ok

11:16:32.0181 5524 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

11:16:32.0221 5524 lltdio - ok

11:16:32.0261 5524 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

11:16:32.0311 5524 lltdsvc - ok

11:16:32.0321 5524 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

11:16:32.0351 5524 lmhosts - ok

11:16:32.0371 5524 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

11:16:32.0381 5524 LSI_FC - ok

11:16:32.0381 5524 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

11:16:32.0401 5524 LSI_SAS - ok

11:16:32.0401 5524 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

11:16:32.0411 5524 LSI_SAS2 - ok

11:16:32.0411 5524 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

11:16:32.0431 5524 LSI_SCSI - ok

11:16:32.0451 5524 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

11:16:32.0491 5524 luafv - ok

11:16:32.0541 5524 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys

11:16:32.0551 5524 MBAMProtector - ok

11:16:32.0731 5524 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

11:16:32.0751 5524 MBAMService - ok

11:16:32.0791 5524 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

11:16:32.0801 5524 Mcx2Svc - ok

11:16:32.0811 5524 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

11:16:32.0821 5524 megasas - ok

11:16:32.0861 5524 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

11:16:32.0881 5524 MegaSR - ok

11:16:32.0911 5524 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

11:16:32.0951 5524 MMCSS - ok

11:16:32.0951 5524 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

11:16:32.0991 5524 Modem - ok

11:16:33.0011 5524 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

11:16:33.0041 5524 monitor - ok

11:16:33.0061 5524 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

11:16:33.0071 5524 mouclass - ok

11:16:33.0091 5524 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

11:16:33.0111 5524 mouhid - ok

11:16:33.0141 5524 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

11:16:33.0151 5524 mountmgr - ok

11:16:33.0261 5524 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

11:16:33.0271 5524 MozillaMaintenance - ok

11:16:33.0301 5524 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

11:16:33.0311 5524 mpio - ok

11:16:33.0331 5524 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

11:16:33.0351 5524 mpsdrv - ok

11:16:33.0411 5524 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

11:16:33.0451 5524 MpsSvc - ok

11:16:33.0461 5524 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

11:16:33.0481 5524 MRxDAV - ok

11:16:33.0511 5524 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

11:16:33.0541 5524 mrxsmb - ok

11:16:33.0571 5524 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

11:16:33.0581 5524 mrxsmb10 - ok

11:16:33.0601 5524 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

11:16:33.0611 5524 mrxsmb20 - ok

11:16:33.0611 5524 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

11:16:33.0621 5524 msahci - ok

11:16:33.0641 5524 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

11:16:33.0661 5524 msdsm - ok

11:16:33.0691 5524 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

11:16:33.0751 5524 MSDTC - ok

11:16:33.0781 5524 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

11:16:33.0811 5524 Msfs - ok

11:16:33.0821 5524 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

11:16:33.0861 5524 mshidkmdf - ok

11:16:33.0871 5524 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

11:16:33.0881 5524 msisadrv - ok

11:16:33.0911 5524 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

11:16:33.0951 5524 MSiSCSI - ok

11:16:33.0951 5524 msiserver - ok

11:16:33.0981 5524 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

11:16:34.0011 5524 MSKSSRV - ok

11:16:34.0031 5524 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

11:16:34.0061 5524 MSPCLOCK - ok

11:16:34.0061 5524 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

11:16:34.0091 5524 MSPQM - ok

11:16:34.0121 5524 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

11:16:34.0131 5524 MsRPC - ok

11:16:34.0141 5524 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

11:16:34.0151 5524 mssmbios - ok

11:16:34.0181 5524 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

11:16:34.0211 5524 MSTEE - ok

11:16:34.0211 5524 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

11:16:34.0231 5524 MTConfig - ok

11:16:34.0251 5524 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

11:16:34.0261 5524 Mup - ok

11:16:34.0311 5524 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

11:16:34.0351 5524 napagent - ok

11:16:34.0391 5524 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

11:16:34.0421 5524 NativeWifiP - ok

11:16:34.0551 5524 NAV (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe

11:16:34.0561 5524 NAV - ok

11:16:35.0071 5524 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\VirusDefs\20120716.018\ENG64.SYS

11:16:35.0091 5524 NAVENG - ok

11:16:35.0211 5524 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\VirusDefs\20120716.018\EX64.SYS

11:16:35.0271 5524 NAVEX15 - ok

11:16:35.0431 5524 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys

11:16:35.0451 5524 NDIS - ok

11:16:35.0481 5524 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

11:16:35.0521 5524 NdisCap - ok

11:16:35.0541 5524 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

11:16:35.0561 5524 NdisTapi - ok

11:16:35.0571 5524 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

11:16:35.0601 5524 Ndisuio - ok

11:16:35.0621 5524 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

11:16:35.0661 5524 NdisWan - ok

11:16:35.0671 5524 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

11:16:35.0701 5524 NDProxy - ok

11:16:35.0761 5524 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

11:16:35.0801 5524 NetBIOS - ok

11:16:35.0831 5524 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

11:16:35.0851 5524 NetBT - ok

11:16:35.0891 5524 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:16:35.0901 5524 Netlogon - ok

11:16:35.0941 5524 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

11:16:35.0981 5524 Netman - ok

11:16:36.0101 5524 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:16:36.0111 5524 NetMsmqActivator - ok

11:16:36.0131 5524 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:16:36.0141 5524 NetPipeActivator - ok

11:16:36.0161 5524 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

11:16:36.0201 5524 netprofm - ok

11:16:36.0201 5524 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:16:36.0211 5524 NetTcpActivator - ok

11:16:36.0211 5524 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:16:36.0221 5524 NetTcpPortSharing - ok

11:16:36.0301 5524 netvsc (73ce12b8bdd747b0063cb0a7ef44cea7) C:\Windows\system32\DRIVERS\netvsc60.sys

11:16:36.0331 5524 netvsc - ok

11:16:36.0351 5524 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

11:16:36.0371 5524 nfrd960 - ok

11:16:36.0401 5524 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

11:16:36.0451 5524 NlaSvc - ok

11:16:36.0611 5524 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

11:16:36.0631 5524 Npfs - ok

11:16:36.0661 5524 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

11:16:36.0701 5524 nsi - ok

11:16:36.0711 5524 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

11:16:36.0751 5524 nsiproxy - ok

11:16:36.0911 5524 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

11:16:36.0951 5524 Ntfs - ok

11:16:37.0092 5524 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

11:16:37.0122 5524 Null - ok

11:16:37.0142 5524 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

11:16:37.0152 5524 nvraid - ok

11:16:37.0162 5524 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

11:16:37.0172 5524 nvstor - ok

11:16:37.0202 5524 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

11:16:37.0212 5524 nv_agp - ok

11:16:37.0222 5524 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

11:16:37.0242 5524 ohci1394 - ok

11:16:37.0332 5524 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

11:16:37.0342 5524 ose - ok

11:16:37.0752 5524 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

11:16:37.0872 5524 osppsvc - ok

11:16:38.0032 5524 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

11:16:38.0072 5524 p2pimsvc - ok

11:16:38.0112 5524 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

11:16:38.0132 5524 p2psvc - ok

11:16:38.0182 5524 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

11:16:38.0192 5524 Parport - ok

11:16:38.0222 5524 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

11:16:38.0232 5524 partmgr - ok

11:16:38.0262 5524 PBADRV (363b3f857abee85767e01e3044c539cd) C:\Windows\system32\DRIVERS\PBADRV.sys

11:16:38.0272 5524 PBADRV - ok

11:16:38.0292 5524 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

11:16:38.0322 5524 PcaSvc - ok

11:16:38.0352 5524 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

11:16:38.0362 5524 pci - ok

11:16:38.0372 5524 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

11:16:38.0382 5524 pciide - ok

11:16:38.0392 5524 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

11:16:38.0412 5524 pcmcia - ok

11:16:38.0422 5524 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

11:16:38.0432 5524 pcw - ok

11:16:38.0482 5524 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

11:16:38.0522 5524 PEAUTH - ok

11:16:38.0602 5524 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

11:16:38.0632 5524 PeerDistSvc - ok

11:16:38.0752 5524 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

11:16:38.0772 5524 PerfHost - ok

11:16:38.0912 5524 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

11:16:38.0952 5524 pla - ok

11:16:39.0002 5524 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

11:16:39.0032 5524 PlugPlay - ok

11:16:39.0052 5524 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

11:16:39.0072 5524 PNRPAutoReg - ok

11:16:39.0112 5524 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

11:16:39.0122 5524 PNRPsvc - ok

11:16:39.0172 5524 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

11:16:39.0212 5524 PolicyAgent - ok

11:16:39.0242 5524 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

11:16:39.0272 5524 Power - ok

11:16:39.0322 5524 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

11:16:39.0352 5524 PptpMiniport - ok

11:16:39.0382 5524 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

11:16:39.0402 5524 Processor - ok

11:16:39.0442 5524 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

11:16:39.0452 5524 ProfSvc - ok

11:16:39.0482 5524 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:16:39.0492 5524 ProtectedStorage - ok

11:16:39.0532 5524 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

11:16:39.0562 5524 Psched - ok

11:16:39.0602 5524 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

11:16:39.0612 5524 PxHlpa64 - ok

11:16:39.0742 5524 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

11:16:39.0792 5524 ql2300 - ok

11:16:40.0352 5524 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

11:16:40.0382 5524 ql40xx - ok

11:16:40.0442 5524 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

11:16:40.0462 5524 QWAVE - ok

11:16:40.0502 5524 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

11:16:40.0532 5524 QWAVEdrv - ok

11:16:40.0532 5524 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

11:16:40.0572 5524 RasAcd - ok

11:16:40.0662 5524 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

11:16:40.0702 5524 RasAgileVpn - ok

11:16:40.0712 5524 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

11:16:40.0752 5524 RasAuto - ok

11:16:40.0802 5524 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

11:16:40.0842 5524 Rasl2tp - ok

11:16:40.0892 5524 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

11:16:40.0942 5524 RasMan - ok

11:16:40.0962 5524 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

11:16:40.0992 5524 RasPppoe - ok

11:16:41.0022 5524 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

11:16:41.0052 5524 RasSstp - ok

11:16:41.0082 5524 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

11:16:41.0112 5524 rdbss - ok

11:16:41.0122 5524 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

11:16:41.0142 5524 rdpbus - ok

11:16:41.0142 5524 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

11:16:41.0172 5524 RDPCDD - ok

11:16:41.0202 5524 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

11:16:41.0222 5524 RDPDR - ok

11:16:41.0242 5524 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

11:16:41.0282 5524 RDPENCDD - ok

11:16:41.0292 5524 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

11:16:41.0312 5524 RDPREFMP - ok

11:16:41.0352 5524 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

11:16:41.0362 5524 RDPWD - ok

11:16:41.0412 5524 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

11:16:41.0422 5524 rdyboost - ok

11:16:41.0442 5524 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

11:16:41.0482 5524 RemoteAccess - ok

11:16:41.0512 5524 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

11:16:41.0542 5524 RemoteRegistry - ok

11:16:41.0702 5524 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe

11:16:41.0722 5524 RoxMediaDB12OEM - ok

11:16:41.0782 5524 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe

11:16:41.0792 5524 RoxWatch12 - ok

11:16:41.0892 5524 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

11:16:41.0942 5524 RpcEptMapper - ok

11:16:42.0022 5524 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

11:16:42.0032 5524 RpcLocator - ok

11:16:42.0072 5524 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

11:16:42.0102 5524 RpcSs - ok

11:16:42.0152 5524 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

11:16:42.0192 5524 rspndr - ok

11:16:42.0212 5524 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

11:16:42.0232 5524 s3cap - ok

11:16:42.0252 5524 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:16:42.0262 5524 SamSs - ok

11:16:42.0422 5524 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

11:16:42.0432 5524 SASDIFSV - ok

11:16:42.0442 5524 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

11:16:42.0452 5524 SASKUTIL - ok

11:16:42.0472 5524 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

11:16:42.0482 5524 sbp2port - ok

11:16:42.0522 5524 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

11:16:42.0572 5524 SCardSvr - ok

11:16:42.0602 5524 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

11:16:42.0632 5524 scfilter - ok

11:16:42.0722 5524 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

11:16:42.0802 5524 Schedule - ok

11:16:42.0892 5524 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

11:16:42.0942 5524 SCPolicySvc - ok

11:16:42.0982 5524 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

11:16:43.0012 5524 SDRSVC - ok

11:16:43.0062 5524 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

11:16:43.0102 5524 secdrv - ok

11:16:43.0122 5524 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

11:16:43.0142 5524 seclogon - ok

11:16:43.0722 5524 SecureStorageService (8365191d0fe7df5972b889821adbe62b) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe

11:16:43.0832 5524 SecureStorageService - ok

11:16:43.0952 5524 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

11:16:43.0982 5524 SENS - ok

11:16:44.0002 5524 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

11:16:44.0022 5524 SensrSvc - ok

11:16:44.0082 5524 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

11:16:44.0102 5524 Serenum - ok

11:16:44.0142 5524 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

11:16:44.0152 5524 Serial - ok

11:16:44.0162 5524 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

11:16:44.0182 5524 sermouse - ok

11:16:44.0212 5524 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

11:16:44.0252 5524 SessionEnv - ok

11:16:44.0252 5524 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

11:16:44.0262 5524 sffdisk - ok

11:16:44.0272 5524 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

11:16:44.0282 5524 sffp_mmc - ok

11:16:44.0282 5524 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

11:16:44.0292 5524 sffp_sd - ok

11:16:44.0292 5524 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

11:16:44.0312 5524 sfloppy - ok

11:16:44.0402 5524 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

11:16:44.0432 5524 Sftfs - ok

11:16:44.0552 5524 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

11:16:44.0592 5524 sftlist - ok

11:16:44.0642 5524 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

11:16:44.0662 5524 Sftplay - ok

11:16:44.0672 5524 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

11:16:44.0682 5524 Sftredir - ok

11:16:44.0702 5524 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

11:16:44.0712 5524 Sftvol - ok

11:16:44.0722 5524 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

11:16:44.0732 5524 sftvsa - ok

11:16:44.0812 5524 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

11:16:44.0852 5524 SharedAccess - ok

11:16:44.0892 5524 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

11:16:44.0932 5524 ShellHWDetection - ok

11:16:44.0972 5524 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

11:16:44.0982 5524 SiSRaid2 - ok

11:16:44.0982 5524 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

11:16:44.0992 5524 SiSRaid4 - ok

11:16:45.0062 5524 SkypeUpdate (f07af60b152221472fbdb2fecec4896d) C:\Program Files (x86)\Skype\Updater\Updater.exe

11:16:45.0072 5524 SkypeUpdate - ok

11:16:45.0102 5524 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

11:16:45.0122 5524 Smb - ok

11:16:45.0142 5524 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

11:16:45.0162 5524 SNMPTRAP - ok

11:16:45.0172 5524 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

11:16:45.0182 5524 spldr - ok

11:16:45.0222 5524 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

11:16:45.0262 5524 Spooler - ok

11:16:45.0622 5524 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

11:16:45.0722 5524 sppsvc - ok

11:16:46.0143 5524 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

11:16:46.0183 5524 sppuinotify - ok

11:16:47.0083 5524 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\system32\drivers\NAVx64\1307010.005\SRTSP64.SYS

11:16:47.0123 5524 SRTSP - ok

11:16:47.0133 5524 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\NAVx64\1307010.005\SRTSPX64.SYS

11:16:47.0153 5524 SRTSPX - ok

11:16:47.0233 5524 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

11:16:47.0263 5524 srv - ok

11:16:47.0333 5524 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

11:16:47.0363 5524 srv2 - ok

11:16:47.0383 5524 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

11:16:47.0393 5524 srvnet - ok

11:16:47.0443 5524 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

11:16:47.0473 5524 SSDPSRV - ok

11:16:47.0493 5524 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

11:16:47.0523 5524 SstpSvc - ok

11:16:47.0543 5524 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

11:16:47.0553 5524 stexstor - ok

11:16:47.0593 5524 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

11:16:47.0623 5524 stisvc - ok

11:16:47.0693 5524 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

11:16:47.0703 5524 stllssvr - ok

11:16:47.0733 5524 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll

11:16:47.0753 5524 StorSvc - ok

11:16:47.0783 5524 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

11:16:47.0793 5524 storvsc - ok

11:16:47.0813 5524 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

11:16:47.0823 5524 swenum - ok

11:16:47.0913 5524 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

11:16:47.0983 5524 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning

11:16:47.0983 5524 SwitchBoard - detected UnsignedFile.Multi.Generic (1)

11:16:48.0053 5524 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

11:16:48.0103 5524 swprv - ok

11:16:48.0193 5524 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NAVx64\1307010.005\SYMDS64.SYS

11:16:48.0233 5524 SymDS - ok

11:16:48.0303 5524 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NAVx64\1307010.005\SYMEFA64.SYS

11:16:48.0343 5524 SymEFA - ok

11:16:48.0703 5524 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

11:16:48.0723 5524 SymEvent - ok

11:16:50.0023 5524 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NAVx64\1307010.005\Ironx64.SYS

11:16:50.0063 5524 SymIRON - ok

11:16:51.0513 5524 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\system32\drivers\NAVx64\1307010.005\SYMNETS.SYS

11:16:51.0533 5524 SymNetS - ok

11:16:51.0573 5524 SynthVid (4cdd7df58730d23ba9cb5829a6e2ecea) C:\Windows\system32\DRIVERS\VMBusVideoM.sys

11:16:51.0593 5524 SynthVid - ok

11:16:51.0773 5524 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

11:16:51.0823 5524 SysMain - ok

11:16:52.0273 5524 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

11:16:52.0303 5524 TabletInputService - ok

11:16:52.0333 5524 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

11:16:52.0383 5524 TapiSrv - ok

11:16:52.0423 5524 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

11:16:52.0453 5524 TBS - ok

11:16:52.0643 5524 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

11:16:52.0713 5524 Tcpip - ok

11:16:53.0083 5524 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

11:16:53.0103 5524 TCPIP6 - ok

11:16:53.0703 5524 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

11:16:53.0733 5524 tcpipreg - ok

11:16:54.0933 5524 tcsd_win32.exe (3d52b206d9f6f3ecfdb5d676614e47b6) C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe

11:16:54.0993 5524 tcsd_win32.exe ( UnsignedFile.Multi.Generic ) - warning

11:16:54.0993 5524 tcsd_win32.exe - detected UnsignedFile.Multi.Generic (1)

11:16:56.0154 5524 TdmService (e2f626e4a23e12de31d8820ff143a456) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe

11:16:56.0274 5524 TdmService - ok

11:16:56.0634 5524 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

11:16:56.0644 5524 TDPIPE - ok

11:16:56.0674 5524 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

11:16:56.0704 5524 TDTCP - ok

11:16:56.0724 5524 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

11:16:56.0754 5524 tdx - ok

11:16:56.0784 5524 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

11:16:56.0794 5524 TermDD - ok

11:16:56.0874 5524 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

11:16:56.0934 5524 TermService - ok

11:16:56.0954 5524 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

11:16:56.0964 5524 Themes - ok

11:16:56.0994 5524 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

11:16:57.0024 5524 THREADORDER - ok

11:16:57.0064 5524 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

11:16:57.0104 5524 TrkWks - ok

11:16:57.0614 5524 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

11:16:57.0654 5524 TrustedInstaller - ok

11:16:57.0694 5524 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

11:16:57.0734 5524 tssecsrv - ok

11:16:57.0784 5524 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

11:16:57.0794 5524 TsUsbFlt - ok

11:16:57.0794 5524 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

11:16:57.0804 5524 TsUsbGD - ok

11:16:57.0844 5524 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

11:16:57.0884 5524 tunnel - ok

11:16:57.0884 5524 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

11:16:57.0894 5524 uagp35 - ok

11:16:57.0914 5524 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

11:16:57.0944 5524 udfs - ok

11:16:58.0134 5524 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

11:16:58.0184 5524 UI0Detect - ok

11:16:58.0194 5524 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

11:16:58.0204 5524 uliagpkx - ok

11:16:58.0224 5524 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

11:16:58.0254 5524 umbus - ok

11:16:58.0264 5524 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

11:16:58.0284 5524 UmPass - ok

11:16:58.0344 5524 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

11:16:58.0354 5524 UmRdpService - ok

11:16:58.0394 5524 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

11:16:58.0454 5524 upnphost - ok

11:16:58.0494 5524 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

11:16:58.0504 5524 USBAAPL64 - ok

11:16:58.0544 5524 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

11:16:58.0574 5524 usbaudio - ok

11:16:58.0604 5524 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys

11:16:58.0634 5524 usbccgp - ok

11:16:58.0674 5524 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

11:16:58.0684 5524 usbcir - ok

11:16:58.0734 5524 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

11:16:58.0774 5524 usbehci - ok

11:16:58.0844 5524 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys

11:16:58.0864 5524 usbhub - ok

11:16:58.0874 5524 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

11:16:58.0904 5524 usbohci - ok

11:16:58.0914 5524 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

11:16:58.0934 5524 usbprint - ok

11:16:58.0954 5524 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

11:16:58.0974 5524 USBSTOR - ok

11:16:58.0984 5524 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

11:16:59.0004 5524 usbuhci - ok

11:16:59.0034 5524 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

11:16:59.0054 5524 UxSms - ok

11:16:59.0084 5524 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:16:59.0094 5524 VaultSvc - ok

11:16:59.0124 5524 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

11:16:59.0134 5524 vdrvroot - ok

11:16:59.0194 5524 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

11:16:59.0254 5524 vds - ok

11:16:59.0274 5524 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

11:16:59.0284 5524 vga - ok

11:16:59.0304 5524 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

11:16:59.0344 5524 VgaSave - ok

11:16:59.0354 5524 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

11:16:59.0364 5524 vhdmp - ok

11:16:59.0364 5524 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

11:16:59.0374 5524 viaide - ok

11:16:59.0504 5524 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

11:16:59.0564 5524 VMBusHID - ok

11:16:59.0584 5524 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

11:16:59.0594 5524 volmgr - ok

11:16:59.0634 5524 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

11:16:59.0654 5524 volmgrx - ok

11:16:59.0684 5524 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

11:16:59.0704 5524 volsnap - ok

11:16:59.0744 5524 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys

11:16:59.0764 5524 vpcbus - ok

11:16:59.0784 5524 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys

11:16:59.0824 5524 vpcnfltr - ok

11:16:59.0844 5524 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys

11:16:59.0864 5524 vpcusb - ok

11:16:59.0904 5524 vpcvmm (30d4243726a15a14f5c5e45898d14394) C:\Windows\system32\drivers\vpcvmm.sys

11:16:59.0914 5524 vpcvmm - ok

11:16:59.0944 5524 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

11:16:59.0964 5524 vsmraid - ok

11:17:00.0134 5524 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

11:17:00.0204 5524 VSS - ok

11:17:00.0334 5524 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

11:17:00.0364 5524 vwifibus - ok

11:17:00.0444 5524 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

11:17:00.0474 5524 W32Time - ok

11:17:00.0504 5524 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

11:17:00.0544 5524 WacomPen - ok

11:17:00.0564 5524 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:17:00.0604 5524 WANARP - ok

11:17:00.0614 5524 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:17:00.0634 5524 Wanarpv6 - ok

11:17:00.0764 5524 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

11:17:00.0804 5524 WatAdminSvc - ok

11:17:01.0114 5524 Wave Authentication Manager Service (e45bce01f15eeb240fe9db83b9d86be3) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe

11:17:01.0164 5524 Wave Authentication Manager Service ( UnsignedFile.Multi.Generic ) - warning

11:17:01.0164 5524 Wave Authentication Manager Service - detected UnsignedFile.Multi.Generic (1)

11:17:01.0514 5524 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

11:17:01.0594 5524 wbengine - ok

11:17:01.0774 5524 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

11:17:01.0804 5524 WbioSrvc - ok

11:17:01.0844 5524 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

11:17:01.0874 5524 wcncsvc - ok

11:17:01.0894 5524 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

11:17:01.0904 5524 WcsPlugInService - ok

11:17:01.0934 5524 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

11:17:01.0944 5524 Wd - ok

11:17:01.0994 5524 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

11:17:02.0014 5524 Wdf01000 - ok

11:17:02.0034 5524 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

11:17:02.0094 5524 WdiServiceHost - ok

11:17:02.0094 5524 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

11:17:02.0104 5524 WdiSystemHost - ok

11:17:02.0134 5524 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

11:17:02.0164 5524 WebClient - ok

11:17:02.0204 5524 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

11:17:02.0244 5524 Wecsvc - ok

11:17:02.0274 5524 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

11:17:02.0304 5524 wercplsupport - ok

11:17:02.0334 5524 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

11:17:02.0374 5524 WerSvc - ok

11:17:02.0424 5524 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

11:17:02.0454 5524 WfpLwf - ok

11:17:02.0464 5524 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

11:17:02.0474 5524 WIMMount - ok

11:17:02.0504 5524 WinDefend - ok

11:17:02.0504 5524 WinHttpAutoProxySvc - ok

11:17:02.0594 5524 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

11:17:02.0634 5524 Winmgmt - ok

11:17:02.0784 5524 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

11:17:02.0854 5524 WinRM - ok

11:17:03.0074 5524 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

11:17:03.0104 5524 WinUsb - ok

11:17:03.0204 5524 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

11:17:03.0244 5524 Wlansvc - ok

11:17:03.0314 5524 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

11:17:03.0324 5524 wlcrasvc - ok

11:17:03.0494 5524 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

11:17:03.0564 5524 wlidsvc - ok

11:17:03.0754 5524 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

11:17:03.0784 5524 WmiAcpi - ok

11:17:03.0864 5524 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

11:17:03.0904 5524 wmiApSrv - ok

11:17:03.0934 5524 WMPNetworkSvc - ok

11:17:03.0984 5524 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

11:17:04.0004 5524 WPCSvc - ok

11:17:04.0024 5524 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

11:17:04.0035 5524 WPDBusEnum - ok

11:17:04.0125 5524 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

11:17:04.0155 5524 ws2ifsl - ok

11:17:04.0165 5524 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

11:17:04.0195 5524 wscsvc - ok

11:17:04.0195 5524 WSearch - ok

11:17:04.0365 5524 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

11:17:04.0415 5524 wuauserv - ok

11:17:04.0575 5524 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

11:17:04.0605 5524 WudfPf - ok

11:17:04.0635 5524 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

11:17:04.0675 5524 WUDFRd - ok

11:17:04.0715 5524 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

11:17:04.0745 5524 wudfsvc - ok

11:17:04.0775 5524 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

11:17:04.0795 5524 WwanSvc - ok

11:17:04.0805 5524 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

11:17:04.0835 5524 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

11:17:04.0835 5524 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

11:17:04.0875 5524 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

11:17:04.0875 5524 \Device\Harddisk0\DR0 - detected TDSS File System (1)

11:17:04.0875 5524 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2

11:17:04.0985 5524 \Device\Harddisk1\DR2 - ok

11:17:05.0005 5524 Boot (0x1200) (edab0b7a8ac90262be59f5acbdaa389a) \Device\Harddisk0\DR0\Partition0

11:17:05.0005 5524 \Device\Harddisk0\DR0\Partition0 - ok

11:17:05.0015 5524 Boot (0x1200) (cf02d3dc828f49dd943ce7e9317aadec) \Device\Harddisk0\DR0\Partition1

11:17:05.0015 5524 \Device\Harddisk0\DR0\Partition1 - ok

11:17:05.0015 5524 Boot (0x1200) (54f6c44998748425cf72a50061f12a58) \Device\Harddisk1\DR2\Partition0

11:17:05.0015 5524 \Device\Harddisk1\DR2\Partition0 - ok

11:17:05.0015 5524 ============================================================

11:17:05.0015 5524 Scan finished

11:17:05.0015 5524 ============================================================

11:17:05.0025 5636 Detected object count: 7

11:17:05.0025 5636 Actual detected object count: 7

11:17:53.0931 5636 BrcmMgmtAgent ( UnsignedFile.Multi.Generic ) - skipped by user

11:17:53.0931 5636 BrcmMgmtAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:17:53.0931 5636 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

11:17:53.0931 5636 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:17:53.0931 5636 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user

11:17:53.0931 5636 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:17:53.0931 5636 tcsd_win32.exe ( UnsignedFile.Multi.Generic ) - skipped by user

11:17:53.0931 5636 tcsd_win32.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:17:53.0931 5636 Wave Authentication Manager Service ( UnsignedFile.Multi.Generic ) - skipped by user

11:17:53.0931 5636 Wave Authentication Manager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:17:54.0471 5636 \Device\Harddisk0\DR0\# - copied to quarantine

11:17:54.0471 5636 \Device\Harddisk0\DR0 - copied to quarantine

11:17:54.0501 5636 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

11:17:54.0501 5636 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

11:17:54.0511 5636 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

11:17:54.0511 5636 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

11:17:54.0521 5636 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

11:17:54.0531 5636 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

11:17:54.0531 5636 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

11:17:54.0531 5636 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

11:17:54.0541 5636 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

11:17:54.0541 5636 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

11:17:54.0541 5636 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

11:17:54.0541 5636 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

11:17:54.0541 5636 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

11:17:54.0541 5636 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

11:17:54.0581 5636 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

11:17:54.0581 5636 \Device\Harddisk0\DR0 - ok

11:17:54.0581 5636 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

11:17:54.0581 5636 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

11:17:54.0581 5636 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

11:18:04.0789 3392 Deinitialize success

***************************************************************

* MBAM *********************************************

***************************************************************

Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.17.11

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

mcarey :: MCAREY-PC [administrator]

Protection: Enabled

7/18/2012 11:24:02 AM

mbam-log-2012-07-18 (11-24-02).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 218441

Time elapsed: 2 minute(s), 23 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

***************************************************************

* Norton *********************************************

***************************************************************

Full Path: c:\tdsskiller_quarantine\18.07.2012_11.15.55\mbr0000\tdlfs0000\tsk0002.dta

Threat: Trojan.Gen.2

____________________________

On computers as of 7/18/2012 at 11:17:56 AM

Last Used 7/18/2012 at 11:17:56 AM

Startup Item No

Launched No

____________________________

Unknown

Number of users in the Norton Community that have used this file: Unknown

____________________________

Unknown

This file release is currently not known.

____________________________

High

This file risk is high.

____________________________

Threat Details

Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.

____________________________

File Actions

File: c:\tdsskiller_quarantine\18.07.2012_11.15.55\mbr0000\tdlfs0000\tsk0002.dta

Blocked

____________________________

File Thumbprint - SHA:

62719409aad19654a1fc7fb7511c8d402878ccd7b96f2076c6266534bc0da357

____________________________

File Thumbprint - MD5:

aa1f99b6b6a40ec9c4d0f5bef9b79382

____________________________

Maniac · July 18, 2012

Everything is under control.

Step 1

Please re-run TDSSKiller and use Delete option for this entry:

11:17:54.0581 5636 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

11:17:54.0581 5636 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

mcarey · July 19, 2012

I've attempted to run ComboFix as directed. It appears to be hanging at Stage 4. It has not frozen my computer, and the cursor in the blue console window is still blinking, but it is not progressing (and it has been approx 45 minutes this way). What should I do now?

mcarey · July 19, 2012

It occurred to me that I had not removed the thumb drive I had used to transfer ComboFix.exe to the infected computer's desktop in order to run it. So I closed the hanging instance of ComboFix, removed the thumb drive, and attempted to re-run ComboFix. It appears that this didn't make a difference. Still getting a hang after Stage4 Completed (20 minutes & counting).

(Should also note that I had done the TDSSKiller scan ahead of all this with the delete action on the specified file as directed.)

Maniac · July 19, 2012

Don't worry!

Delete your ComboFix copy, download a new fresh one and try to run it agian in Safe mode with Networking:

http://windows.microsoft.com/en-us/windows7/start-your-computer-in-safe-mode

mcarey · July 19, 2012

OK, since you mention downloading a fresh new copy of ComboFix, it makes me wonder something... Since the infected computer is not connected to the internet, I'm downloading the tools on another computer, copying to thumb drive, and transferring to infected computer to use. The other computer I'm using to download the tools is Win XP, not Win 7 (the infected computer OS). Is it possible that the ComboFix download differentiates by OS? In other words, since I am using a Win XP machine to download ComboFix, am I getting the wrong version of it to use on the infected Win 7 machine? If so, should I temporarily connect the infected machine to the internet to pull down the new copy of ComboFix?

Maniac · July 19, 2012

No, it doesn't matter. ComboFix supports all of them.

mcarey · July 19, 2012

OK, it worked in Safe Mode with Networking.

Below is the ComboFix log. NOTE - when all was done I attempted to open windows file explorer (to copy the log file to thumb drive), but got the following error: "C:\Windows\explorer.exe Illegal operation attempted on a registry key that has been marked for deletion." ...So please advise how to correct that. In the meantime I just saved the opened log txt file to the thumb drive to copy its contents here and took no further action on the infected machine.

Thx!!

ComboFix 12-07-19.02 - mcarey 07/19/2012 18:23:59.3.4 - x64 NETWORK

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6142.4898 [GMT -4:00]

Running from: c:\users\mcarey\Desktop\ComboFix.exe

AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\mcarey\g2mdlhlpx.exe

.

((((((((((((((((((((((((( Files Created from 2012-06-19 to 2012-07-19 )))))))))))))))))))))))))))))))

.

2012-07-18 15:17 . 2012-07-19 15:10 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-17 16:49 . 2012-07-17 16:49 -------- d-----w- c:\users\mcarey\AppData\Roaming\Malwarebytes

2012-07-17 16:48 . 2012-07-17 16:48 -------- d-----w- c:\programdata\Malwarebytes

2012-07-17 16:48 . 2012-07-17 16:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-17 16:48 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-17 16:30 . 2012-07-17 16:30 -------- d-----w- c:\users\mcarey\AppData\Roaming\SUPERAntiSpyware.com

2012-07-17 16:29 . 2012-07-17 16:30 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-07-17 16:29 . 2012-07-17 16:29 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-07-17 16:00 . 2012-07-17 16:00 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-07-17 16:00 . 2012-07-17 16:00 -------- d-----w- c:\program files\Symantec

2012-07-17 16:00 . 2012-07-17 16:00 -------- d-----w- c:\program files\Common Files\Symantec Shared

2012-07-17 16:00 . 2012-07-17 16:00 -------- d-----w- c:\windows\system32\drivers\NAVx64

2012-07-17 16:00 . 2012-07-17 16:00 -------- d-----w- c:\program files (x86)\Norton AntiVirus

2012-07-17 16:00 . 2012-07-17 16:00 -------- d-----w- c:\program files (x86)\NortonInstaller

2012-07-17 15:58 . 2012-07-17 16:01 -------- d-----w- c:\programdata\Norton

2012-07-17 15:36 . 2012-07-17 15:36 -------- d-----w- c:\programdata\Symantec Shared

2012-07-17 15:35 . 2012-07-17 15:35 -------- d-----w- c:\programdata\regid.1992_12.com.symantec

2012-07-17 15:35 . 2012-07-17 16:19 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared

2012-07-17 15:35 . 2007-03-22 00:39 1060864 ----a-w- c:\windows\SysWow64\MFC71.DLL

2012-07-17 15:35 . 2007-03-22 00:33 503808 ----a-w- c:\windows\SysWow64\MSVCP71.DLL

2012-07-17 15:35 . 2007-03-22 00:33 348160 ----a-w- c:\windows\SysWow64\MSVCR71.DLL

2012-07-17 15:35 . 2012-07-17 15:35 -------- d-----w- c:\programdata\Symantec

2012-07-17 15:35 . 2012-07-17 15:35 -------- d-----w- c:\program files (x86)\Symantec

2012-07-17 15:07 . 2012-07-17 15:30 -------- d-----w- c:\users\mcarey\AppData\Roaming\Download Manager

2012-07-17 14:03 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{15028223-8B09-445D-8E6E-21AC7F789F87}\mpengine.dll

2012-07-11 21:55 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 14:06 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-07-11 14:06 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-07-11 14:06 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-07-11 14:06 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-07-11 14:06 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll

2012-07-11 14:06 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll

2012-06-29 21:32 . 2012-06-29 21:32 -------- d-----w- c:\users\mcarey\AppData\Roaming\Macrovision

2012-06-29 21:29 . 2012-06-29 21:29 -------- d-----w- c:\users\mcarey\AppData\Roaming\Amazon

2012-06-29 21:28 . 2012-06-29 21:28 -------- d-----w- c:\program files (x86)\Amazon

2012-06-21 14:03 . 2012-06-21 14:03 -------- d-----w- c:\users\mcarey\AppData\Local\Macromedia

2012-06-20 14:15 . 2012-06-20 14:15 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-20 14:15 . 2012-06-20 14:15 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-12 17:27 . 2012-04-10 21:28 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-12 17:27 . 2011-12-15 04:08 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-11 21:53 . 2011-12-22 15:29 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-06-02 22:19 . 2012-06-19 14:29 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-19 14:29 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-19 14:29 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-19 14:29 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-19 14:29 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-19 14:29 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-19 14:29 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-19 14:28 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:15 . 2012-06-19 14:28 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-31 16:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-05-24 21:05 . 2012-05-24 21:05 65536 ----a-r- c:\users\mcarey\AppData\Roaming\Microsoft\Installer\{F5EDBC7C-DCC0-44F1-B969-194AC63832E7}\NewShortcut2_F5EDBC7CDCC044F1B969194AC63832E7.exe

2012-05-04 11:06 . 2012-06-14 14:15 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 10:03 . 2012-06-14 14:15 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03 . 2012-06-14 14:15 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40 . 2012-06-14 14:15 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-04-28 03:55 . 2012-06-14 14:15 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 05:41 . 2012-06-14 14:15 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 05:41 . 2012-06-14 14:15 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 05:34 . 2012-06-14 14:15 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-04-24 05:37 . 2012-06-14 14:15 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-04-24 05:37 . 2012-06-14 14:15 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-04-24 05:37 . 2012-06-14 14:15 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-04-24 04:36 . 2012-06-14 14:15 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-04-24 04:36 . 2012-06-14 14:15 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-04-24 04:36 . 2012-06-14 14:15 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]