Multiple threat detections and svchost.exe winrscmde infection

kevindargie · July 19, 2012

I've removed uTorrent and any p2p software I could find on this computer. I originally ran a full system scan with AVG Free and it found 2 major infections, both Trojans. AVG could not fix these issues even by forcing them so I ran Malwarebytes software on full system scan it proceeded to fix the problems and asked to restart, so I did.

After doing this, I no longer get random computer reboots and I have yet to get any noisey sound ads and music in the background. The only thing that really bugs the crap out of me is that I keep getting threat detections with both Malwarebytes and AVG Free, and when I boot the computer up fresh and open my browser for the first time it forwards me to a weird URL Address.

This will be my first time doing a virus removal, I'm use to reformatting when this happens. I heard you have excellent help here so I'm giving this a try as my last resort, and the fact that I saw a similar thread about the same issues on the forums already.

Larusso · July 19, 2012

Hy

my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Download DDS and save it to your desktop from here or here

Double click dds to run the tool.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
[*]Save both reports to your desktop and post them in your next reply

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

kevindargie · July 19, 2012

DDS.txt ===============================================

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by user at 12:25:54 on 2012-07-19

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4003.2583 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\bKernelMain.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\bNETCommando.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe

C:\windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

C:\windows\system32\svchost.exe -k bthsvcs

C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

C:\windows\Explorer.EXE

C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe

C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\wbem\wmiprvse.exe

-netsvcs

C:\windows\system32\conhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\windows\system32\sppsvc.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll

BHO: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll

BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll

TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

uRun: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [<NO NAME>]

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{19FFE6A5-BB6A-4A1B-B841-AF607848FA10} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{F21D68E5-3287-44E1-ACDF-B96053DD43D7} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{F21D68E5-3287-44E1-ACDF-B96053DD43D7}\373686D6964647 : DhcpNameServer = 192.168.0.1

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.3\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

IFEO: notepad.exe - "C:\Program Files\Notepad2\Notepad2.exe" /z

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll

BHO-X64: Updater For Spam Free Search Bar - No File

BHO-X64: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll

BHO-X64: Spam Free Search Bar - No File

BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO-X64: AVG Do Not Track - No File

BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

BHO-X64: uTorrentControl2 - No File

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll

BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll

TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"

TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll

mRun-x64: [(Default)]

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

IFEO-X64: notepad.exe - "C:\Program Files\Notepad2\Notepad2.exe" /z

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\m8o4jobv.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=

FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.3\npsitesafety.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\user\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\m8o4jobv.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\windows\system32\DRIVERS\avgidsha.sys --> C:\windows\system32\DRIVERS\avgidsha.sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]

R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]

R1 avgtp;avgtp;\??\C:\windows\system32\drivers\avgtpx64.sys --> C:\windows\system32\drivers\avgtpx64.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 .Net bCNGKeyLock;CNG Key Isolation Service x2.0b;system32\bNETCommando.exe --> system32\bNETCommando.exe [?]

R2 .Net bKernelMain;Microsoft.NET Framework KernelMain x2.0b;system32\bKernelMain.exe --> system32\bKernelMain.exe [?]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]

R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-18 655944]

R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-27 2886528]

R2 vToolbarUpdater12.1.3;vToolbarUpdater12.1.3;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe [2012-7-17 830048]

R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys --> C:\windows\system32\DRIVERS\avgidsdrivera.sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\avgidsfiltera.sys --> C:\windows\system32\DRIVERS\avgidsfiltera.sys [?]

R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\system32\DRIVERS\btmaux.sys --> C:\windows\system32\DRIVERS\btmaux.sys [?]

R3 btmhsf;btmhsf;C:\windows\system32\DRIVERS\btmhsf.sys --> C:\windows\system32\DRIVERS\btmhsf.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys --> C:\windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 iBtFltCoex;iBtFltCoex;C:\windows\system32\DRIVERS\iBtFltCoex.sys --> C:\windows\system32\DRIVERS\iBtFltCoex.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]

R3 iwdbus;IWD Bus Enumerator;C:\windows\system32\DRIVERS\iwdbus.sys --> C:\windows\system32\DRIVERS\iwdbus.sys [?]

R3 Lycosa;Lycosa Keyboard;C:\windows\system32\drivers\Lycosa.sys --> C:\windows\system32\drivers\Lycosa.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

S1 fanio;FanIO driver;C:\Windows\System32\drivers\fanio.sys [2012-2-24 14464]

S2 .Net bKernelSecurity;Microsoft.NET Framework KernelSecurity x2.0b;system32\bKernelSecurity.exe --> system32\bKernelSecurity.exe [?]

S2 .Net bSecurityCrypt;Microsoft.NET Framework SecurityCrypt x2.0b;system32\bSecurityCrypt.exe --> system32\bSecurityCrypt.exe [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 250056]

S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]

S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\system32\drivers\intelaud.sys --> C:\windows\system32\drivers\intelaud.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S4 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-8-20 89600]

S4 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-3 897088]

S4 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-3 1298496]

S4 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]

S4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-20 13336]

S4 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]

S4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]

S4 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]

S4 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S4 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-8-20 1688384]

S4 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-20 2655768]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-07-18 23:08:05 20480 ----a-w- C:\windows\svchost.exe

2012-07-18 20:58:03 -------- d-----w- C:\Users\user\AppData\Roaming\Malwarebytes

2012-07-18 20:57:48 24904 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-07-18 20:57:48 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-18 20:57:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-17 20:40:34 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%

2012-07-17 20:24:01 -------- d-----w- C:\Users\user\AppData\Roaming\AVG2012

2012-07-17 20:23:37 -------- d-----w- C:\Users\user\AppData\Local\AVG Secure Search

2012-07-17 20:23:10 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AD116119-EF1B-473E-AE65-042F54A359B6}\mpengine.dll

2012-07-17 20:23:09 -------- d-----w- C:\ProgramData\AVG Secure Search

2012-07-17 20:23:01 30568 ----a-w- C:\windows\System32\drivers\avgtpx64.sys

2012-07-17 20:22:52 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search

2012-07-17 20:22:49 -------- d-----w- C:\Program Files (x86)\AVG Secure Search

2012-07-17 20:22:09 -------- d-----w- C:\windows\SysWow64\drivers\AVG

2012-07-17 20:21:36 -------- d--h--w- C:\$AVG

2012-07-17 20:21:35 -------- d-----w- C:\windows\System32\drivers\AVG

2012-07-17 20:21:35 -------- d-----w- C:\ProgramData\AVG2012

2012-07-17 20:20:31 -------- d-----w- C:\Program Files (x86)\AVG

2012-07-17 20:17:16 -------- d--h--w- C:\ProgramData\Common Files

2012-07-17 20:17:16 -------- d-----w- C:\ProgramData\MFAData

2012-07-16 22:19:28 -------- d-----w- C:\Program Files\Notepad2

2012-07-16 19:51:38 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-14 04:31:43 3148800 ----a-w- C:\windows\System32\win32k.sys

2012-07-11 14:05:40 2004480 ----a-w- C:\windows\System32\msxml6.dll

2012-07-04 04:22:42 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2A02CAAD-AEC4-45AD-B518-A7E66A4D0512}\gapaengine.dll

.

==================== Find3M ====================

.

2012-07-14 05:37:35 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-14 05:37:35 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll

2012-06-02 19:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll

2012-06-02 19:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll

2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe

2012-04-24 05:37:37 184320 ----a-w- C:\windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll

2011-10-14 15:25:46 405504 --sh--r- C:\windows\System32\vshadow.exe

2011-10-14 15:25:50 364032 --sh--r- C:\windows\System32\vshadowamd64.exe

2011-10-14 15:25:52 352256 --sh--r- C:\windows\System32\vshadowXP.exe

.

============= FINISH: 12:27:39.37 ===============

Attach.txt ==================================================

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 10/28/2011 10:22:43 AM

System Uptime: 7/19/2012 12:20:53 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 034W60

Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz | CPU 1 | 2100/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 310.234 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Intel® Centrino® Wireless-N 1030

Device ID: PCI\VEN_8086&DEV_008A&SUBSYS_53258086&REV_34\AC7289FFFF48C04C00

Manufacturer: Intel Corporation

Name: Intel® Centrino® Wireless-N 1030

PNP Device ID: PCI\VEN_8086&DEV_008A&SUBSYS_53258086&REV_34\AC7289FFFF48C04C00

Service: NETwNs64

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Bluetooth Device (Personal Area Network)

Device ID: BTH\MS_BTHPAN\7&1C536469&0&2

Manufacturer: Microsoft

Name: Bluetooth Device (Personal Area Network)

PNP Device ID: BTH\MS_BTHPAN\7&1C536469&0&2

Service: BthPan

.

==== System Restore Points ===================

.

RP90: 6/29/2012 11:51:26 AM - Windows Update

RP91: 7/2/2012 1:18:05 PM - Windows Update

RP92: 7/6/2012 1:25:19 AM - Windows Update

RP93: 7/10/2012 9:49:54 AM - Windows Update

RP94: 7/14/2012 12:26:03 AM - Windows Update

RP95: 7/17/2012 4:19:01 PM - Windows Update

RP96: 7/17/2012 4:19:32 PM - Installed AVG 2012

RP97: 7/17/2012 4:20:53 PM - Installed AVG 2012

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X MUI

Advanced Audio FX Engine

Anti-phishing Domain Advisor

Apple Application Support

Apple Software Update

Bing Bar

Bing Rewards Client Installer

Counter-Strike: Source

Cozi

D3DX10

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Digital Delivery

Dell Getting Started Guide

Dell Home Systems Service Agreement

Dell MusicStage

Dell Perks Webslice IE8

Dell PhotoStage

Dell Product Registration

Dell Stage

Dell VideoStage

Dell Webcam Central

DirectX 9 Runtime

EA Download Manager

eBay

FileZilla Client 3.5.3

FINAL FANTASY XI

GnuWin32: Bzip2-1.0.5

Google Chrome

GoToAssist 8.0.0.514

Grand Theft Auto: San Andreas

HLSW v1.4.0.2

IDT Audio

iExplorer 2.2.1.3

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Intel® WiDi

Internet Explorer

Java Auto Updater

Java™ 6 Update 31

Junk Mail filter update

Malwarebytes Anti-Malware version 1.62.0.1300

Mesh Runtime

Microsoft Office 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft WSE 3.0 Runtime

Might and Magic: Clash of Heroes

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mumble 1.2.3

PhotoShowExpress

Pidgin

Portal

QuickTime

Razer Mamba

Realtek Ethernet Controller Driver

Realtek USB 2.0 Card Reader

Renesas Electronics USB 3.0 Host Controller Driver

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Safari

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Skype Toolbars

Skype™ 4.2

Sonic CinePlayer Decoder Pack

Spam Free Search Bar

SpeedFan (remove only)

Star Wars: The Old Republic

Steam

System Requirements Lab CYRI

Team Fortress 2

TeamViewer 7

The Sims™ 3

The Sims™ 3 High-End Loft Stuff

The Sims™ 3 Late Night

The Sims™ 3 World Adventures

TrustedID

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

uTorrentControl2 Toolbar

Visual Studio 2008 x64 Redistributables

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

World of Warcraft

.

==== Event Viewer Messages From Past Week ========

.

7/19/2012 12:22:07 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

7/19/2012 12:22:07 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

7/19/2012 12:21:24 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

7/19/2012 12:21:24 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

7/19/2012 12:21:23 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

.

==== End Of File ===========================

kevindargie · July 19, 2012

TDSSKiller ================================================================

12:28:33.0192 4616 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11

12:28:33.0614 4616 ============================================================

12:28:33.0614 4616 Current date / time: 2012/07/19 12:28:33.0614

12:28:33.0614 4616 SystemInfo:

12:28:33.0614 4616

12:28:33.0614 4616 OS Version: 6.1.7601 ServicePack: 1.0

12:28:33.0614 4616 Product type: Workstation

12:28:33.0614 4616 ComputerName: USER-PC

12:28:33.0614 4616 UserName: user

12:28:33.0614 4616 Windows directory: C:\windows

12:28:33.0614 4616 System windows directory: C:\windows

12:28:33.0614 4616 Running under WOW64

12:28:33.0614 4616 Processor architecture: Intel x64

12:28:33.0614 4616 Number of processors: 4

12:28:33.0614 4616 Page size: 0x1000

12:28:33.0614 4616 Boot type: Normal boot

12:28:33.0614 4616 ============================================================

12:28:34.0716 4616 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

12:28:34.0721 4616 ============================================================

12:28:34.0721 4616 \Device\Harddisk0\DR0:

12:28:34.0722 4616 MBR partitions:

12:28:34.0722 4616 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000

12:28:34.0722 4616 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030

12:28:34.0722 4616 ============================================================

12:28:34.0959 4616 C: <-> \Device\Harddisk0\DR0\Partition1

12:28:34.0959 4616 ============================================================

12:28:34.0959 4616 Initialize success

12:28:34.0959 4616 ============================================================

12:28:41.0681 4884 ============================================================

12:28:41.0681 4884 Scan started

12:28:41.0681 4884 Mode: Manual;

12:28:41.0681 4884 ============================================================

12:28:44.0308 4884 .Net bCNGKeyLock (4be1bcc105c97583236553548b6e1b36) C:\windows\system32\bNETCommando.exe

12:28:44.0309 4884 Suspicious file (NoAccess): C:\windows\system32\bNETCommando.exe. md5: 4be1bcc105c97583236553548b6e1b36

12:28:44.0309 4884 .Net bCNGKeyLock ( LockedFile.Multi.Generic ) - warning

12:28:44.0309 4884 .Net bCNGKeyLock - detected LockedFile.Multi.Generic (1)

12:28:44.0340 4884 Suspicious service (NoAccess): .Net bKernelMain

12:28:45.0385 4884 .Net bKernelMain (458d5764982ecf5c623fda21b1e559c2) C:\windows\system32\bKernelMain.exe

12:28:45.0385 4884 Suspicious file (NoAccess): C:\windows\system32\bKernelMain.exe. md5: 458d5764982ecf5c623fda21b1e559c2

12:28:45.0401 4884 .Net bKernelMain ( LockedService.Multi.Generic ) - warning

12:28:45.0401 4884 .Net bKernelMain - detected LockedService.Multi.Generic (1)

12:28:46.0920 4884 .Net bKernelSecurity (f324b99ed72aac1cd99d4f89a1eae21b) C:\windows\system32\bKernelSecurity.exe

12:28:46.0921 4884 Suspicious file (NoAccess): C:\windows\system32\bKernelSecurity.exe. md5: f324b99ed72aac1cd99d4f89a1eae21b

12:28:46.0945 4884 .Net bKernelSecurity ( LockedFile.Multi.Generic ) - warning

12:28:46.0945 4884 .Net bKernelSecurity - detected LockedFile.Multi.Generic (1)

12:28:48.0220 4884 .Net bSecurityCrypt (0bf1f22e5aeda077b56041f55bc307e1) C:\windows\system32\bSecurityCrypt.exe

12:28:48.0220 4884 Suspicious file (NoAccess): C:\windows\system32\bSecurityCrypt.exe. md5: 0bf1f22e5aeda077b56041f55bc307e1

12:28:48.0244 4884 .Net bSecurityCrypt ( LockedFile.Multi.Generic ) - warning

12:28:48.0244 4884 .Net bSecurityCrypt - detected LockedFile.Multi.Generic (1)

12:28:48.0464 4884 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

12:28:48.0484 4884 1394ohci - ok

12:28:48.0587 4884 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

12:28:48.0591 4884 ACPI - ok

12:28:48.0611 4884 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

12:28:48.0612 4884 AcpiPmi - ok

12:28:48.0814 4884 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

12:28:48.0816 4884 AdobeFlashPlayerUpdateSvc - ok

12:28:48.0927 4884 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys

12:28:48.0956 4884 adp94xx - ok

12:28:49.0004 4884 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys

12:28:49.0035 4884 adpahci - ok

12:28:49.0058 4884 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys

12:28:49.0061 4884 adpu320 - ok

12:28:49.0106 4884 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll

12:28:49.0107 4884 AeLookupSvc - ok

12:28:49.0289 4884 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe

12:28:49.0291 4884 AESTFilters - ok

12:28:49.0374 4884 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys

12:28:49.0379 4884 AFD - ok

12:28:49.0428 4884 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

12:28:49.0429 4884 agp440 - ok

12:28:49.0466 4884 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe

12:28:49.0468 4884 ALG - ok

12:28:49.0503 4884 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

12:28:49.0505 4884 aliide - ok

12:28:49.0522 4884 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

12:28:49.0523 4884 amdide - ok

12:28:49.0544 4884 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys

12:28:49.0547 4884 AmdK8 - ok

12:28:49.0560 4884 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys

12:28:49.0561 4884 AmdPPM - ok

12:28:49.0654 4884 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys

12:28:49.0657 4884 amdsata - ok

12:28:49.0699 4884 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys

12:28:49.0702 4884 amdsbs - ok

12:28:49.0827 4884 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys

12:28:49.0828 4884 amdxata - ok

12:28:49.0990 4884 ApfiltrService (24ed0eb2b2558970176ecee680f8f806) C:\windows\system32\DRIVERS\Apfiltr.sys

12:28:49.0992 4884 ApfiltrService - ok

12:28:50.0034 4884 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys

12:28:50.0035 4884 AppID - ok

12:28:50.0066 4884 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll

12:28:50.0067 4884 AppIDSvc - ok

12:28:50.0109 4884 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll

12:28:50.0111 4884 Appinfo - ok

12:28:50.0233 4884 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

12:28:50.0235 4884 Apple Mobile Device - ok

12:28:50.0266 4884 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys

12:28:50.0268 4884 arc - ok

12:28:50.0289 4884 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys

12:28:50.0291 4884 arcsas - ok

12:28:50.0558 4884 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

12:28:50.0590 4884 aspnet_state - ok

12:28:50.0610 4884 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

12:28:50.0611 4884 AsyncMac - ok

12:28:50.0635 4884 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys

12:28:50.0637 4884 atapi - ok

12:28:50.0723 4884 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

12:28:50.0752 4884 AudioEndpointBuilder - ok

12:28:50.0761 4884 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

12:28:50.0765 4884 AudioSrv - ok

12:28:51.0281 4884 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

12:28:51.0364 4884 AVGIDSAgent - ok

12:28:51.0705 4884 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\windows\system32\DRIVERS\avgidsdrivera.sys

12:28:51.0707 4884 AVGIDSDriver - ok

12:28:51.0774 4884 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\windows\system32\DRIVERS\avgidsfiltera.sys

12:28:51.0775 4884 AVGIDSFilter - ok

12:28:51.0818 4884 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\windows\system32\DRIVERS\avgidsha.sys

12:28:51.0824 4884 AVGIDSHA - ok

12:28:51.0876 4884 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\windows\system32\DRIVERS\avgldx64.sys

12:28:51.0880 4884 Avgldx64 - ok

12:28:51.0961 4884 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\windows\system32\DRIVERS\avgmfx64.sys

12:28:51.0962 4884 Avgmfx64 - ok

12:28:52.0036 4884 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\windows\system32\DRIVERS\avgrkx64.sys

12:28:52.0037 4884 Avgrkx64 - ok

12:28:52.0095 4884 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\windows\system32\DRIVERS\avgtdia.sys

12:28:52.0098 4884 Avgtdia - ok

12:28:52.0131 4884 avgtp (3c8f504fa1df6a77b173bdbd0a79e334) C:\windows\system32\drivers\avgtpx64.sys

12:28:52.0132 4884 avgtp - ok

12:28:52.0352 4884 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

12:28:52.0354 4884 avgwd - ok

12:28:52.0440 4884 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll

12:28:52.0446 4884 AxInstSV - ok

12:28:52.0527 4884 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys

12:28:52.0544 4884 b06bdrv - ok

12:28:52.0623 4884 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

12:28:52.0660 4884 b57nd60a - ok

12:28:52.0716 4884 bakerneldrv (eaeb6d36e2dae256ff265ba48e1ef41b) C:\windows\system32\Drivers\bakerneldrv64.sys

12:28:52.0716 4884 Suspicious file (NoAccess): C:\windows\system32\Drivers\bakerneldrv64.sys. md5: eaeb6d36e2dae256ff265ba48e1ef41b

12:28:52.0735 4884 bakerneldrv ( LockedFile.Multi.Generic ) - warning

12:28:52.0736 4884 bakerneldrv - detected LockedFile.Multi.Generic (1)

12:28:52.0754 4884 bapcmci (b29ccb1e0bcab156b7ece3603b42a059) C:\windows\system32\Drivers\bapcmci64.sys

12:28:52.0754 4884 Suspicious file (NoAccess): C:\windows\system32\Drivers\bapcmci64.sys. md5: b29ccb1e0bcab156b7ece3603b42a059

12:28:52.0755 4884 bapcmci ( LockedFile.Multi.Generic ) - warning

12:28:52.0755 4884 bapcmci - detected LockedFile.Multi.Generic (1)

12:28:52.0927 4884 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe

12:28:52.0929 4884 BBSvc - ok

12:28:53.0090 4884 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe

12:28:53.0148 4884 BBUpdate - ok

12:28:53.0177 4884 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll

12:28:53.0179 4884 BDESVC - ok

12:28:53.0200 4884 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

12:28:53.0201 4884 Beep - ok

12:28:53.0291 4884 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll

12:28:53.0318 4884 BITS - ok

12:28:53.0358 4884 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

12:28:53.0360 4884 blbdrive - ok

12:28:53.0577 4884 Bluetooth Device Monitor (093b1b419ef25b15d3a1ca6953f41afb) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

12:28:53.0615 4884 Bluetooth Device Monitor - ok

12:28:53.0858 4884 Bluetooth Media Service (03a7341e94acd92e0831336d4f3ace92) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

12:28:53.0935 4884 Bluetooth Media Service - ok

12:28:54.0152 4884 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

12:28:54.0172 4884 Bonjour Service - ok

12:28:54.0458 4884 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys

12:28:54.0459 4884 bowser - ok

12:28:54.0492 4884 bpcrasys (888343846ce9e1457eb1e092176b972c) C:\windows\system32\Drivers\bpcrasys64.sys

12:28:54.0493 4884 Suspicious file (NoAccess): C:\windows\system32\Drivers\bpcrasys64.sys. md5: 888343846ce9e1457eb1e092176b972c

12:28:54.0493 4884 bpcrasys ( LockedFile.Multi.Generic ) - warning

12:28:54.0493 4884 bpcrasys - detected LockedFile.Multi.Generic (1)

12:28:54.0530 4884 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys

12:28:54.0532 4884 BrFiltLo - ok

12:28:54.0539 4884 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys

12:28:54.0559 4884 BrFiltUp - ok

12:28:54.0632 4884 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll

12:28:54.0642 4884 Browser - ok

12:28:54.0692 4884 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

12:28:54.0715 4884 Brserid - ok

12:28:54.0726 4884 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

12:28:54.0728 4884 BrSerWdm - ok

12:28:54.0735 4884 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

12:28:54.0737 4884 BrUsbMdm - ok

12:28:54.0745 4884 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

12:28:54.0746 4884 BrUsbSer - ok

12:28:54.0840 4884 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys

12:28:54.0842 4884 BthEnum - ok

12:28:54.0850 4884 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys

12:28:54.0852 4884 BTHMODEM - ok

12:28:54.0892 4884 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys

12:28:54.0896 4884 BthPan - ok

12:28:55.0005 4884 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys

12:28:55.0015 4884 BTHPORT - ok

12:28:55.0063 4884 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll

12:28:55.0065 4884 bthserv - ok

12:28:55.0112 4884 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys

12:28:55.0114 4884 BTHUSB - ok

12:28:55.0166 4884 btmaux (16c1bac9760c9fa85a30f3fa0fbb1b7a) C:\windows\system32\DRIVERS\btmaux.sys

12:28:55.0168 4884 btmaux - ok

12:28:55.0374 4884 btmhsf (0c468d8da95be16bfdd380bb9de88259) C:\windows\system32\DRIVERS\btmhsf.sys

12:28:55.0390 4884 btmhsf - ok

12:28:55.0437 4884 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

12:28:55.0439 4884 cdfs - ok

12:28:55.0487 4884 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys

12:28:55.0496 4884 cdrom - ok

12:28:55.0541 4884 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

12:28:55.0543 4884 CertPropSvc - ok

12:28:55.0561 4884 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys

12:28:55.0563 4884 circlass - ok

12:28:55.0606 4884 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

12:28:55.0611 4884 CLFS - ok

12:28:55.0813 4884 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:28:55.0828 4884 clr_optimization_v2.0.50727_32 - ok

12:28:55.0942 4884 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

12:28:55.0959 4884 clr_optimization_v2.0.50727_64 - ok

12:28:56.0083 4884 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

12:28:56.0085 4884 clr_optimization_v4.0.30319_32 - ok

12:28:56.0147 4884 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

12:28:56.0150 4884 clr_optimization_v4.0.30319_64 - ok

12:28:56.0204 4884 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

12:28:56.0206 4884 CmBatt - ok

12:28:56.0225 4884 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys

12:28:56.0227 4884 cmdide - ok

12:28:56.0310 4884 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys

12:28:56.0315 4884 CNG - ok

12:28:56.0354 4884 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys

12:28:56.0355 4884 Compbatt - ok

12:28:56.0539 4884 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys

12:28:56.0571 4884 CompositeBus - ok

12:28:56.0587 4884 COMSysApp - ok

12:28:56.0610 4884 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys

12:28:56.0612 4884 crcdisk - ok

12:28:56.0680 4884 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll

12:28:56.0683 4884 CryptSvc - ok

12:28:56.0751 4884 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\windows\system32\DRIVERS\CtClsFlt.sys

12:28:56.0761 4884 CtClsFlt - ok

12:28:56.0861 4884 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

12:28:56.0868 4884 DcomLaunch - ok

12:28:56.0932 4884 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll

12:28:56.0936 4884 defragsvc - ok

12:28:57.0021 4884 DellDigitalDelivery (5c2bf6f94afe6e585b632ee12f861949) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe

12:28:57.0031 4884 DellDigitalDelivery - ok

12:28:57.0080 4884 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys

12:28:57.0082 4884 DfsC - ok

12:28:57.0164 4884 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll

12:28:57.0168 4884 Dhcp - ok

12:28:57.0187 4884 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

12:28:57.0188 4884 discache - ok

12:28:57.0221 4884 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys

12:28:57.0222 4884 Disk - ok

12:28:57.0267 4884 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll

12:28:57.0296 4884 Dnscache - ok

12:28:57.0372 4884 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll

12:28:57.0399 4884 dot3svc - ok

12:28:57.0457 4884 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll

12:28:57.0466 4884 DPS - ok

12:28:57.0510 4884 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

12:28:57.0512 4884 drmkaud - ok

12:28:57.0614 4884 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys

12:28:57.0620 4884 DXGKrnl - ok

12:28:57.0664 4884 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll

12:28:57.0667 4884 EapHost - ok

12:28:58.0111 4884 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys

12:28:58.0177 4884 ebdrv - ok

12:28:58.0407 4884 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe

12:28:58.0408 4884 EFS - ok

12:28:58.0644 4884 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe

12:28:58.0656 4884 ehRecvr - ok

12:28:58.0691 4884 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe

12:28:58.0693 4884 ehSched - ok

12:28:58.0814 4884 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys

12:28:58.0830 4884 elxstor - ok

12:28:58.0838 4884 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys

12:28:58.0839 4884 ErrDev - ok

12:28:58.0904 4884 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll

12:28:58.0925 4884 EventSystem - ok

12:28:59.0312 4884 EvtEng (8b6c9924b0d333dbf76086b8258a0891) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

12:28:59.0344 4884 EvtEng - ok

12:28:59.0542 4884 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

12:28:59.0550 4884 exfat - ok

12:28:59.0583 4884 fanio (e80421eaf15298955eadb850293fd6b1) C:\windows\system32\drivers\fanio.sys

12:28:59.0584 4884 fanio - ok

12:28:59.0703 4884 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

12:28:59.0706 4884 fastfat - ok

12:28:59.0791 4884 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe

12:28:59.0816 4884 Fax - ok

12:28:59.0834 4884 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys

12:28:59.0836 4884 fdc - ok

12:28:59.0851 4884 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll

12:28:59.0853 4884 fdPHost - ok

12:28:59.0876 4884 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll

12:28:59.0878 4884 FDResPub - ok

12:28:59.0940 4884 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

12:28:59.0941 4884 FileInfo - ok

12:28:59.0960 4884 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

12:28:59.0962 4884 Filetrace - ok

12:29:00.0003 4884 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys

12:29:00.0008 4884 flpydisk - ok

12:29:00.0046 4884 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys

12:29:00.0049 4884 FltMgr - ok

12:29:00.0334 4884 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll

12:29:00.0347 4884 FontCache - ok

12:29:00.0570 4884 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

12:29:00.0692 4884 FontCache3.0.0.0 - ok

12:29:00.0965 4884 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

12:29:01.0008 4884 FsDepends - ok

12:29:01.0073 4884 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys

12:29:01.0074 4884 Fs_Rec - ok

12:29:01.0120 4884 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys

12:29:01.0124 4884 fvevol - ok

12:29:01.0146 4884 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys

12:29:01.0148 4884 gagp30kx - ok

12:29:01.0314 4884 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys

12:29:01.0314 4884 GEARAspiWDM - ok

12:29:01.0511 4884 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe

12:29:01.0512 4884 GoToAssist - ok

12:29:01.0627 4884 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll

12:29:01.0645 4884 gpsvc - ok

12:29:01.0676 4884 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

12:29:01.0677 4884 hcw85cir - ok

12:29:01.0729 4884 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys

12:29:01.0773 4884 HdAudAddService - ok

12:29:01.0810 4884 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys

12:29:01.0813 4884 HDAudBus - ok

12:29:01.0817 4884 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys

12:29:01.0818 4884 HidBatt - ok

12:29:01.0829 4884 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys

12:29:01.0831 4884 HidBth - ok

12:29:01.0837 4884 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys

12:29:01.0840 4884 HidIr - ok

12:29:01.0869 4884 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll

12:29:01.0871 4884 hidserv - ok

12:29:01.0910 4884 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys

12:29:01.0912 4884 HidUsb - ok

12:29:01.0943 4884 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll

12:29:01.0945 4884 hkmsvc - ok

12:29:01.0974 4884 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll

12:29:01.0993 4884 HomeGroupListener - ok

12:29:02.0037 4884 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll

12:29:02.0056 4884 HomeGroupProvider - ok

12:29:02.0088 4884 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys

12:29:02.0090 4884 HpSAMD - ok

12:29:02.0188 4884 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys

12:29:02.0198 4884 HTTP - ok

12:29:02.0276 4884 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys

12:29:02.0276 4884 hwpolicy - ok

12:29:02.0412 4884 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys

12:29:02.0438 4884 i8042prt - ok

12:29:02.0489 4884 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\windows\system32\DRIVERS\iaStor.sys

12:29:02.0492 4884 iaStor - ok

12:29:02.0785 4884 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

12:29:02.0787 4884 IAStorDataMgrSvc - ok

12:29:02.0857 4884 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys

12:29:02.0879 4884 iaStorV - ok

12:29:02.0917 4884 iBtFltCoex (fc85972037815fa7b413e790b426acb2) C:\windows\system32\DRIVERS\iBtFltCoex.sys

12:29:02.0918 4884 iBtFltCoex - ok

12:29:03.0204 4884 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

12:29:03.0216 4884 idsvc - ok

12:29:05.0195 4884 igfx (174bcac474de13b2650e444cf124828e) C:\windows\system32\DRIVERS\igdkmd64.sys

12:29:05.0421 4884 igfx - ok

12:29:05.0595 4884 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys

12:29:05.0596 4884 iirsp - ok

12:29:05.0699 4884 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll

12:29:05.0734 4884 IKEEXT - ok

12:29:05.0792 4884 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\windows\system32\drivers\intelaud.sys

12:29:05.0793 4884 intaud_WaveExtensible - ok

12:29:05.0864 4884 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys

12:29:05.0904 4884 IntcDAud - ok

12:29:05.0947 4884 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys

12:29:05.0949 4884 intelide - ok

12:29:05.0990 4884 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

12:29:05.0992 4884 intelppm - ok

12:29:06.0017 4884 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll

12:29:06.0020 4884 IPBusEnum - ok

12:29:06.0047 4884 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys

12:29:06.0049 4884 IpFilterDriver - ok

12:29:06.0072 4884 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys

12:29:06.0075 4884 IPMIDRV - ok

12:29:06.0108 4884 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

12:29:06.0111 4884 IPNAT - ok

12:29:06.0278 4884 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

12:29:06.0284 4884 iPod Service - ok

12:29:06.0333 4884 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

12:29:06.0335 4884 IRENUM - ok

12:29:06.0357 4884 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys

12:29:06.0358 4884 isapnp - ok

12:29:06.0395 4884 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys

12:29:06.0442 4884 iScsiPrt - ok

12:29:06.0530 4884 iwdbus (716f66336f10885d935b08174dc54242) C:\windows\system32\DRIVERS\iwdbus.sys

12:29:06.0531 4884 iwdbus - ok

12:29:06.0543 4884 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys

12:29:06.0544 4884 kbdclass - ok

12:29:06.0557 4884 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys

12:29:06.0559 4884 kbdhid - ok

12:29:06.0606 4884 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

12:29:06.0608 4884 KeyIso - ok

12:29:06.0650 4884 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys

12:29:06.0652 4884 KSecDD - ok

12:29:06.0716 4884 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys

12:29:06.0718 4884 KSecPkg - ok

12:29:06.0753 4884 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

12:29:06.0754 4884 ksthunk - ok

12:29:06.0823 4884 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll

12:29:06.0872 4884 KtmRm - ok

12:29:06.0947 4884 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll

12:29:06.0975 4884 LanmanServer - ok

12:29:07.0031 4884 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll

12:29:07.0050 4884 LanmanWorkstation - ok

12:29:07.0090 4884 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

12:29:07.0092 4884 lltdio - ok

12:29:07.0146 4884 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll

12:29:07.0189 4884 lltdsvc - ok

12:29:07.0218 4884 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll

12:29:07.0220 4884 lmhosts - ok

12:29:07.0324 4884 LMS (0803906d607a9b83184447b75b60ecc2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

12:29:07.0353 4884 LMS - ok

12:29:07.0394 4884 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys

12:29:07.0396 4884 LSI_FC - ok

12:29:07.0430 4884 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys

12:29:07.0432 4884 LSI_SAS - ok

12:29:07.0450 4884 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys

12:29:07.0452 4884 LSI_SAS2 - ok

12:29:07.0482 4884 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys

12:29:07.0484 4884 LSI_SCSI - ok

12:29:07.0518 4884 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

12:29:07.0521 4884 luafv - ok

12:29:07.0579 4884 Lycosa (e5ecf40e5fd459141e5f6685ffd51804) C:\windows\system32\drivers\Lycosa.sys

12:29:07.0580 4884 Lycosa - ok

12:29:07.0624 4884 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\windows\system32\drivers\mbam.sys

12:29:07.0625 4884 MBAMProtector - ok

12:29:07.0744 4884 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

12:29:07.0752 4884 MBAMService - ok

12:29:07.0801 4884 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll

12:29:07.0804 4884 Mcx2Svc - ok

12:29:07.0830 4884 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys

12:29:07.0832 4884 megasas - ok

12:29:07.0867 4884 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys

12:29:07.0871 4884 MegaSR - ok

12:29:07.0901 4884 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys

12:29:07.0902 4884 MEIx64 - ok

12:29:07.0944 4884 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

12:29:07.0947 4884 MMCSS - ok

12:29:07.0955 4884 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

12:29:07.0956 4884 Modem - ok

12:29:07.0979 4884 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

12:29:07.0980 4884 monitor - ok

12:29:08.0008 4884 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

12:29:08.0009 4884 mouclass - ok

12:29:08.0040 4884 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

12:29:08.0072 4884 mouhid - ok

12:29:08.0092 4884 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys

12:29:08.0093 4884 mountmgr - ok

12:29:08.0237 4884 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

12:29:08.0263 4884 MozillaMaintenance - ok

12:29:08.0322 4884 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\windows\system32\DRIVERS\MpFilter.sys

12:29:08.0331 4884 MpFilter - ok

12:29:08.0401 4884 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys

12:29:08.0411 4884 mpio - ok

12:29:08.0432 4884 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

12:29:08.0434 4884 mpsdrv - ok

12:29:08.0458 4884 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys

12:29:08.0469 4884 MRxDAV - ok

12:29:08.0505 4884 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys

12:29:08.0524 4884 mrxsmb - ok

12:29:08.0592 4884 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys

12:29:08.0604 4884 mrxsmb10 - ok

12:29:08.0636 4884 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys

12:29:08.0638 4884 mrxsmb20 - ok

12:29:08.0659 4884 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys

12:29:08.0660 4884 msahci - ok

12:29:08.0675 4884 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys

12:29:08.0678 4884 msdsm - ok

12:29:08.0722 4884 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe

12:29:08.0726 4884 MSDTC - ok

12:29:08.0766 4884 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

12:29:08.0768 4884 Msfs - ok

12:29:08.0786 4884 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

12:29:08.0788 4884 mshidkmdf - ok

12:29:08.0798 4884 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys

12:29:08.0799 4884 msisadrv - ok

12:29:08.0854 4884 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll

12:29:08.0865 4884 MSiSCSI - ok

12:29:08.0872 4884 msiserver - ok

12:29:08.0932 4884 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

12:29:08.0935 4884 MSKSSRV - ok

12:29:08.0967 4884 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

12:29:08.0968 4884 MSPCLOCK - ok

12:29:08.0987 4884 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

12:29:08.0989 4884 MSPQM - ok

12:29:09.0040 4884 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys

12:29:09.0045 4884 MsRPC - ok

12:29:09.0082 4884 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys

12:29:09.0083 4884 mssmbios - ok

12:29:09.0088 4884 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

12:29:09.0089 4884 MSTEE - ok

12:29:09.0096 4884 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys

12:29:09.0098 4884 MTConfig - ok

12:29:09.0125 4884 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

12:29:09.0126 4884 Mup - ok

12:29:09.0506 4884 MyWiFiDHCPDNS (6ed8935257672f4cd04a88a0f3de093d) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

12:29:09.0550 4884 MyWiFiDHCPDNS - ok

12:29:09.0752 4884 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll

12:29:09.0761 4884 napagent - ok

12:29:09.0856 4884 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

12:29:09.0861 4884 NativeWifiP - ok

12:29:10.0011 4884 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys

12:29:10.0022 4884 NDIS - ok

12:29:10.0049 4884 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

12:29:10.0051 4884 NdisCap - ok

12:29:10.0070 4884 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

12:29:10.0071 4884 NdisTapi - ok

12:29:10.0089 4884 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys

12:29:10.0091 4884 Ndisuio - ok

12:29:10.0122 4884 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys

12:29:10.0129 4884 NdisWan - ok

12:29:10.0142 4884 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys

12:29:10.0145 4884 NDProxy - ok

12:29:10.0178 4884 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

12:29:10.0180 4884 NetBIOS - ok

12:29:10.0211 4884 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys

12:29:10.0214 4884 NetBT - ok

12:29:10.0252 4884 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

12:29:10.0254 4884 Netlogon - ok

12:29:10.0342 4884 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll

12:29:10.0359 4884 Netman - ok

12:29:10.0461 4884 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

12:29:10.0464 4884 NetMsmqActivator - ok

12:29:10.0471 4884 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

12:29:10.0472 4884 NetPipeActivator - ok

12:29:10.0510 4884 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll

12:29:10.0515 4884 netprofm - ok

12:29:10.0519 4884 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

12:29:10.0521 4884 NetTcpActivator - ok

12:29:10.0526 4884 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

12:29:10.0527 4884 NetTcpPortSharing - ok

12:29:11.0143 4884 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\windows\system32\DRIVERS\NETwNs64.sys

12:29:11.0309 4884 NETwNs64 - ok

12:29:11.0442 4884 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys

12:29:11.0444 4884 nfrd960 - ok

12:29:11.0485 4884 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys

12:29:11.0489 4884 NisDrv - ok

12:29:11.0608 4884 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe

12:29:11.0638 4884 NisSrv - ok

12:29:11.0711 4884 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll

12:29:11.0715 4884 NlaSvc - ok

12:29:11.0962 4884 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

12:29:12.0030 4884 NOBU - ok

12:29:12.0156 4884 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

12:29:12.0158 4884 Npfs - ok

12:29:12.0181 4884 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll

12:29:12.0183 4884 nsi - ok

12:29:12.0197 4884 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

12:29:12.0198 4884 nsiproxy - ok

12:29:12.0344 4884 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys

12:29:12.0376 4884 Ntfs - ok

12:29:12.0522 4884 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

12:29:12.0523 4884 Null - ok

12:29:12.0567 4884 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\windows\system32\DRIVERS\nusb3hub.sys

12:29:12.0569 4884 nusb3hub - ok

12:29:12.0614 4884 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\windows\system32\DRIVERS\nusb3xhc.sys

12:29:12.0623 4884 nusb3xhc - ok

12:29:12.0691 4884 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys

12:29:12.0701 4884 nvraid - ok

12:29:12.0754 4884 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys

12:29:12.0763 4884 nvstor - ok

12:29:12.0813 4884 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys

12:29:12.0834 4884 nv_agp - ok

12:29:12.0845 4884 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys

12:29:12.0847 4884 ohci1394 - ok

12:29:12.0932 4884 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

12:29:12.0941 4884 p2pimsvc - ok

12:29:13.0024 4884 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll

12:29:13.0039 4884 p2psvc - ok

12:29:13.0054 4884 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys

12:29:13.0056 4884 Parport - ok

12:29:13.0101 4884 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys

12:29:13.0102 4884 partmgr - ok

12:29:13.0131 4884 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll

12:29:13.0139 4884 PcaSvc - ok

12:29:13.0173 4884 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys

12:29:13.0175 4884 pci - ok

12:29:13.0197 4884 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys

12:29:13.0198 4884 pciide - ok

12:29:13.0221 4884 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys

12:29:13.0224 4884 pcmcia - ok

12:29:13.0244 4884 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

12:29:13.0245 4884 pcw - ok

12:29:13.0312 4884 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

12:29:13.0335 4884 PEAUTH - ok

12:29:13.0429 4884 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe

12:29:13.0434 4884 PerfHost - ok

12:29:13.0651 4884 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll

12:29:13.0683 4884 pla - ok

12:29:13.0752 4884 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll

12:29:13.0766 4884 PlugPlay - ok

12:29:13.0787 4884 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll

12:29:13.0789 4884 PNRPAutoReg - ok

12:29:13.0830 4884 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

12:29:13.0833 4884 PNRPsvc - ok

12:29:13.0903 4884 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll

12:29:13.0910 4884 PolicyAgent - ok

12:29:13.0937 4884 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll

12:29:13.0940 4884 Power - ok

12:29:14.0039 4884 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys

12:29:14.0041 4884 PptpMiniport - ok

12:29:14.0059 4884 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys

12:29:14.0061 4884 Processor - ok

12:29:14.0115 4884 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll

12:29:14.0133 4884 ProfSvc - ok

12:29:14.0184 4884 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

12:29:14.0185 4884 ProtectedStorage - ok

12:29:14.0222 4884 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys

12:29:14.0224 4884 Psched - ok

12:29:14.0252 4884 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys

12:29:14.0253 4884 PxHlpa64 - ok

12:29:14.0390 4884 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys

12:29:14.0437 4884 ql2300 - ok

12:29:14.0568 4884 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys

12:29:14.0587 4884 ql40xx - ok

12:29:14.0638 4884 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll

12:29:14.0652 4884 QWAVE - ok

12:29:14.0683 4884 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

12:29:14.0684 4884 QWAVEdrv - ok

12:29:14.0692 4884 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

12:29:14.0708 4884 RasAcd - ok

12:29:14.0752 4884 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

12:29:14.0753 4884 RasAgileVpn - ok

12:29:14.0777 4884 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll

12:29:14.0780 4884 RasAuto - ok

12:29:14.0807 4884 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys

12:29:14.0810 4884 Rasl2tp - ok

12:29:14.0889 4884 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll

12:29:14.0908 4884 RasMan - ok

12:29:14.0926 4884 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

12:29:14.0928 4884 RasPppoe - ok

12:29:14.0951 4884 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

12:29:14.0953 4884 RasSstp - ok

12:29:14.0991 4884 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys

12:29:15.0002 4884 rdbss - ok

12:29:15.0025 4884 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys

12:29:15.0027 4884 rdpbus - ok

12:29:15.0043 4884 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

12:29:15.0043 4884 RDPCDD - ok

12:29:15.0070 4884 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

12:29:15.0071 4884 RDPENCDD - ok

12:29:15.0084 4884 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

12:29:15.0085 4884 RDPREFMP - ok

12:29:15.0136 4884 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys

12:29:15.0138 4884 RDPWD - ok

12:29:15.0195 4884 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys

12:29:15.0201 4884 rdyboost - ok

12:29:15.0416 4884 RegSrvc (189c5a8d2098e0aa14fd157a954b34fc) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

12:29:15.0437 4884 RegSrvc - ok

12:29:15.0496 4884 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll

12:29:15.0499 4884 RemoteAccess - ok

12:29:15.0546 4884 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll

12:29:15.0557 4884 RemoteRegistry - ok

12:29:15.0640 4884 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys

12:29:15.0648 4884 RFCOMM - ok

12:29:15.0850 4884 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe

12:29:15.0870 4884 RoxMediaDB12OEM - ok

12:29:15.0918 4884 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe

12:29:15.0935 4884 RoxWatch12 - ok

12:29:16.0065 4884 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll

12:29:16.0071 4884 RpcEptMapper - ok

12:29:16.0095 4884 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe

12:29:16.0097 4884 RpcLocator - ok

12:29:16.0148 4884 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

12:29:16.0152 4884 RpcSs - ok

12:29:16.0224 4884 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

12:29:16.0226 4884 rspndr - ok

12:29:16.0286 4884 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys

12:29:16.0288 4884 RSUSBSTOR - ok

12:29:16.0366 4884 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\windows\system32\DRIVERS\Rt64win7.sys

12:29:16.0370 4884 RTL8167 - ok

12:29:16.0418 4884 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

12:29:16.0420 4884 SamSs - ok

12:29:16.0450 4884 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys

12:29:16.0454 4884 sbp2port - ok

12:29:16.0503 4884 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll

12:29:16.0521 4884 SCardSvr - ok

12:29:16.0564 4884 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys

12:29:16.0568 4884 scfilter - ok

12:29:16.0674 4884 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll

12:29:16.0691 4884 Schedule - ok

12:29:16.0730 4884 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

12:29:16.0731 4884 SCPolicySvc - ok

12:29:16.0758 4884 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll

12:29:16.0767 4884 SDRSVC - ok

12:29:16.0827 4884 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

12:29:16.0828 4884 secdrv - ok

12:29:16.0848 4884 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll

12:29:16.0850 4884 seclogon - ok

12:29:16.0866 4884 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll

12:29:16.0868 4884 SENS - ok

12:29:16.0882 4884 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll

12:29:16.0884 4884 SensrSvc - ok

12:29:16.0902 4884 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys

12:29:16.0903 4884 Serenum - ok

12:29:16.0930 4884 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys

12:29:16.0932 4884 Serial - ok

12:29:16.0940 4884 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys

12:29:16.0942 4884 sermouse - ok

12:29:17.0001 4884 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll

12:29:17.0024 4884 SessionEnv - ok

12:29:17.0037 4884 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys

12:29:17.0039 4884 sffdisk - ok

12:29:17.0063 4884 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys

12:29:17.0065 4884 sffp_mmc - ok

12:29:17.0077 4884 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys

12:29:17.0079 4884 sffp_sd - ok

12:29:17.0094 4884 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys

12:29:17.0096 4884 sfloppy - ok

12:29:17.0306 4884 SftService (6f36ee03af65de9aeb024809866d19b1) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

12:29:17.0343 4884 SftService - ok

12:29:17.0518 4884 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll

12:29:17.0570 4884 ShellHWDetection - ok

12:29:17.0623 4884 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys

12:29:17.0625 4884 SiSRaid2 - ok

12:29:17.0649 4884 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys

12:29:17.0652 4884 SiSRaid4 - ok

12:29:17.0676 4884 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

12:29:17.0678 4884 Smb - ok

12:29:17.0699 4884 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe

12:29:17.0702 4884 SNMPTRAP - ok

12:29:17.0811 4884 speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\windows\syswow64\speedfan.sys

12:29:17.0813 4884 speedfan - ok

12:29:17.0844 4884 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

12:29:17.0845 4884 spldr - ok

12:29:17.0898 4884 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe

12:29:17.0902 4884 Spooler - ok

12:29:18.0121 4884 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe

12:29:18.0187 4884 sppsvc - ok

12:29:18.0292 4884 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll

12:29:18.0295 4884 sppuinotify - ok

12:29:18.0367 4884 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys

12:29:18.0380 4884 srv - ok

12:29:18.0434 4884 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys

12:29:18.0454 4884 srv2 - ok

12:29:18.0495 4884 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys

12:29:18.0502 4884 srvnet - ok

12:29:18.0541 4884 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll

12:29:18.0583 4884 SSDPSRV - ok

12:29:18.0609 4884 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll

12:29:18.0611 4884 SstpSvc - ok

12:29:18.0751 4884 STacSV (b2d8b364a831427a5741f6c408fa8ae3) C:\Program Files\IDT\WDM\STacSV64.exe

12:29:18.0754 4884 STacSV - ok

12:29:18.0820 4884 Steam Client Service - ok

12:29:18.0857 4884 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys

12:29:18.0858 4884 stexstor - ok

12:29:18.0920 4884 STHDA (ef5acde92ba3f691bbfef781cb063501) C:\windows\system32\DRIVERS\stwrt64.sys

12:29:18.0945 4884 STHDA - ok

12:29:19.0056 4884 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll

12:29:19.0075 4884 stisvc - ok

12:29:19.0125 4884 stllssvr (7731f46ec0d687a931cba063e8f90ef0) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

12:29:19.0127 4884 stllssvr - ok

12:29:19.0148 4884 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys

12:29:19.0149 4884 swenum - ok

12:29:19.0216 4884 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll

12:29:19.0223 4884 swprv - ok

12:29:19.0367 4884 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll

12:29:19.0413 4884 SysMain - ok

12:29:19.0554 4884 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll

12:29:19.0557 4884 TabletInputService - ok

12:29:19.0595 4884 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll

12:29:19.0603 4884 TapiSrv - ok

12:29:19.0623 4884 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll

12:29:19.0625 4884 TBS - ok

12:29:19.0805 4884 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys

12:29:19.0844 4884 Tcpip - ok

12:29:20.0046 4884 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys

12:29:20.0057 4884 TCPIP6 - ok

12:29:20.0139 4884 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys

12:29:20.0141 4884 tcpipreg - ok

12:29:20.0158 4884 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

12:29:20.0160 4884 TDPIPE - ok

12:29:20.0187 4884 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys

12:29:20.0189 4884 TDTCP - ok

12:29:20.0220 4884 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys

12:29:20.0223 4884 tdx - ok

12:29:20.0568 4884 TeamViewer7 (74fc70ae64a7b7dabec9697ce0a1f4fa) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

12:29:20.0585 4884 TeamViewer7 - ok

12:29:20.0733 4884 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys

12:29:20.0734 4884 TermDD - ok

12:29:20.0838 4884 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll

12:29:20.0875 4884 TermService - ok

12:29:20.0924 4884 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll

12:29:20.0926 4884 Themes - ok

12:29:20.0965 4884 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

12:29:20.0967 4884 THREADORDER - ok

12:29:20.0990 4884 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll

12:29:21.0013 4884 TrkWks - ok

12:29:21.0070 4884 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe

12:29:21.0072 4884 TrustedInstaller - ok

12:29:21.0098 4884 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys

12:29:21.0100 4884 tssecsrv - ok

12:29:21.0124 4884 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys

12:29:21.0127 4884 TsUsbFlt - ok

12:29:21.0143 4884 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys

12:29:21.0145 4884 TsUsbGD - ok

12:29:21.0187 4884 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys

12:29:21.0213 4884 tunnel - ok

12:29:21.0237 4884 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys

12:29:21.0239 4884 uagp35 - ok

12:29:21.0281 4884 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys

12:29:21.0291 4884 udfs - ok

12:29:21.0351 4884 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe

12:29:21.0354 4884 UI0Detect - ok

12:29:21.0382 4884 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys

12:29:21.0384 4884 uliagpkx - ok

12:29:21.0417 4884 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys

12:29:21.0419 4884 umbus - ok

12:29:21.0426 4884 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys

12:29:21.0428 4884 UmPass - ok

12:29:21.0708 4884 UNS (eb79c6c91a99930015ef29ae7fa802d1) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

12:29:21.0780 4884 UNS - ok

12:29:21.0914 4884 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll

12:29:21.0919 4884 upnphost - ok

12:29:21.0979 4884 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys

12:29:21.0980 4884 USBAAPL64 - ok

12:29:22.0047 4884 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys

12:29:22.0049 4884 usbaudio - ok

12:29:22.0083 4884 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\windows\system32\DRIVERS\usbccgp.sys

12:29:22.0084 4884 usbccgp - ok

12:29:22.0134 4884 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys

12:29:22.0136 4884 usbcir - ok

12:29:22.0160 4884 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys

12:29:22.0162 4884 usbehci - ok

12:29:22.0228 4884 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys

12:29:22.0241 4884 usbhub - ok

12:29:22.0285 4884 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\drivers\usbohci.sys

12:29:22.0288 4884 usbohci - ok

12:29:22.0327 4884 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys

12:29:22.0329 4884 usbprint - ok

12:29:22.0367 4884 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS

12:29:22.0369 4884 USBSTOR - ok

12:29:22.0375 4884 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\drivers\usbuhci.sys

12:29:22.0377 4884 usbuhci - ok

12:29:22.0428 4884 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys

12:29:22.0436 4884 usbvideo - ok

12:29:22.0488 4884 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll

12:29:22.0519 4884 UxSms - ok

12:29:22.0562 4884 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

12:29:22.0563 4884 VaultSvc - ok

12:29:22.0599 4884 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys

12:29:22.0600 4884 vdrvroot - ok

12:29:22.0663 4884 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe

12:29:22.0679 4884 vds - ok

12:29:22.0710 4884 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

12:29:22.0711 4884 vga - ok

12:29:22.0724 4884 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

12:29:22.0726 4884 VgaSave - ok

12:29:22.0752 4884 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys

12:29:22.0757 4884 vhdmp - ok

12:29:22.0763 4884 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys

12:29:22.0766 4884 viaide - ok

12:29:22.0798 4884 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys

12:29:22.0800 4884 volmgr - ok

12:29:22.0844 4884 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys

12:29:22.0850 4884 volmgrx - ok

12:29:22.0910 4884 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys

12:29:22.0913 4884 volsnap - ok

12:29:22.0977 4884 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys

12:29:22.0986 4884 vsmraid - ok

12:29:23.0133 4884 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe

12:29:23.0168 4884 VSS - ok

12:29:23.0301 4884 vToolbarUpdater12.1.3 (f98a970d02b35870c8013b43736f7904) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe

12:29:23.0307 4884 vToolbarUpdater12.1.3 - ok

12:29:23.0447 4884 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

12:29:23.0448 4884 vwifibus - ok

12:29:23.0500 4884 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

12:29:23.0501 4884 vwififlt - ok

12:29:23.0533 4884 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys

12:29:23.0534 4884 vwifimp - ok

12:29:23.0591 4884 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll

12:29:23.0628 4884 W32Time - ok

12:29:23.0656 4884 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys

12:29:23.0656 4884 WacomPen - ok

12:29:23.0691 4884 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

12:29:23.0693 4884 WANARP - ok

12:29:23.0698 4884 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

12:29:23.0701 4884 Wanarpv6 - ok

12:29:23.0826 4884 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe

12:29:23.0843 4884 WatAdminSvc - ok

12:29:23.0962 4884 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe

12:29:24.0000 4884 wbengine - ok

12:29:24.0125 4884 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll

12:29:24.0140 4884 WbioSrvc - ok

12:29:24.0194 4884 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll

12:29:24.0212 4884 wcncsvc - ok

12:29:24.0242 4884 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll

12:29:24.0245 4884 WcsPlugInService - ok

12:29:24.0271 4884 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys

12:29:24.0272 4884 Wd - ok

12:29:24.0327 4884 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

12:29:24.0335 4884 Wdf01000 - ok

12:29:24.0357 4884 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

12:29:24.0360 4884 WdiServiceHost - ok

12:29:24.0364 4884 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

12:29:24.0366 4884 WdiSystemHost - ok

12:29:24.0401 4884 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll

12:29:24.0418 4884 WebClient - ok

12:29:24.0451 4884 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll

12:29:24.0457 4884 Wecsvc - ok

12:29:24.0476 4884 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll

12:29:24.0478 4884 wercplsupport - ok

12:29:24.0521 4884 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll

12:29:24.0527 4884 WerSvc - ok

12:29:24.0614 4884 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

12:29:24.0615 4884 WfpLwf - ok

12:29:24.0657 4884 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys

12:29:24.0669 4884 WimFltr - ok

12:29:24.0713 4884 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

12:29:24.0714 4884 WIMMount - ok

12:29:24.0723 4884 WinHttpAutoProxySvc - ok

12:29:24.0791 4884 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll

12:29:24.0797 4884 Winmgmt - ok

12:29:24.0997 4884 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll

12:29:25.0037 4884 WinRM - ok

12:29:25.0216 4884 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys

12:29:25.0217 4884 WinUsb - ok

12:29:25.0307 4884 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll

12:29:25.0317 4884 Wlansvc - ok

12:29:25.0385 4884 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

12:29:25.0389 4884 wlcrasvc - ok

12:29:25.0637 4884 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

12:29:25.0651 4884 wlidsvc - ok

12:29:25.0784 4884 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys

12:29:25.0786 4884 WmiAcpi - ok

12:29:25.0909 4884 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe

12:29:25.0917 4884 wmiApSrv - ok

12:29:25.0959 4884 WMPNetworkSvc - ok

12:29:25.0995 4884 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll

12:29:25.0997 4884 WPCSvc - ok

12:29:26.0025 4884 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll

12:29:26.0028 4884 WPDBusEnum - ok

12:29:26.0058 4884 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

12:29:26.0059 4884 ws2ifsl - ok

12:29:26.0064 4884 WSearch - ok

12:29:26.0237 4884 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll

12:29:26.0288 4884 wuauserv - ok

12:29:26.0408 4884 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys

12:29:26.0410 4884 WudfPf - ok

12:29:26.0460 4884 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys

12:29:26.0469 4884 WUDFRd - ok

12:29:26.0496 4884 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll

12:29:26.0499 4884 wudfsvc - ok

12:29:26.0572 4884 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll

12:29:26.0610 4884 WwanSvc - ok

12:29:26.0647 4884 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

12:29:26.0675 4884 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

12:29:26.0675 4884 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

12:29:26.0709 4884 Boot (0x1200) (17e6064b18aa88ed8319b3238fe06a25) \Device\Harddisk0\DR0\Partition0

12:29:26.0714 4884 \Device\Harddisk0\DR0\Partition0 - ok

12:29:26.0753 4884 Boot (0x1200) (9353cf31a6ec515e78353d1600509a2f) \Device\Harddisk0\DR0\Partition1

12:29:26.0756 4884 \Device\Harddisk0\DR0\Partition1 - ok

12:29:26.0757 4884 ============================================================

12:29:26.0757 4884 Scan finished

12:29:26.0757 4884 ============================================================

12:29:26.0765 3860 Detected object count: 8

12:29:26.0765 3860 Actual detected object count: 8

12:29:55.0867 3860 .Net bCNGKeyLock ( LockedFile.Multi.Generic ) - skipped by user

12:29:55.0867 3860 .Net bCNGKeyLock ( LockedFile.Multi.Generic ) - User select action: Skip

12:29:55.0867 3860 .Net bKernelMain ( LockedService.Multi.Generic ) - skipped by user

12:29:55.0867 3860 .Net bKernelMain ( LockedService.Multi.Generic ) - User select action: Skip

12:29:55.0869 3860 .Net bKernelSecurity ( LockedFile.Multi.Generic ) - skipped by user

12:29:55.0869 3860 .Net bKernelSecurity ( LockedFile.Multi.Generic ) - User select action: Skip

12:29:55.0870 3860 .Net bSecurityCrypt ( LockedFile.Multi.Generic ) - skipped by user

12:29:55.0870 3860 .Net bSecurityCrypt ( LockedFile.Multi.Generic ) - User select action: Skip

12:29:55.0872 3860 bakerneldrv ( LockedFile.Multi.Generic ) - skipped by user

12:29:55.0872 3860 bakerneldrv ( LockedFile.Multi.Generic ) - User select action: Skip

12:29:55.0873 3860 bapcmci ( LockedFile.Multi.Generic ) - skipped by user

12:29:55.0873 3860 bapcmci ( LockedFile.Multi.Generic ) - User select action: Skip

12:29:55.0874 3860 bpcrasys ( LockedFile.Multi.Generic ) - skipped by user

12:29:55.0874 3860 bpcrasys ( LockedFile.Multi.Generic ) - User select action: Skip

12:29:55.0876 3860 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user

12:29:55.0876 3860 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip

12:30:40.0517 1072 Deinitialize success

Larusso · July 20, 2012

Execute TDSSKiller.exe and press Start Scan.

Look for these detections and ensure Cure is selected ( it should be by default )
12:29:55.0876 3860 \Device\Harddisk0\DR0
Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed
Click Continue then click Reboot now.

Once complete, a log will be produced at the root drive which is typically C:\

For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt.

Please post the contents of that log in your next reply.

Download ComboFix from this location:

Link 1

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications

====================================================

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.

Larusso · July 20, 2012

Ignore this please and follow the steps above

LDTate · July 25, 2012

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Sign In

Multiple threat detections and svchost.exe winrscmde infection

Recommended Posts

kevindargie

Link to post

Share on other sites

Larusso

Link to post

Share on other sites

kevindargie

Link to post

Share on other sites

kevindargie

Link to post

Share on other sites

Larusso

Link to post

Share on other sites

Larusso

Link to post

Share on other sites

LDTate

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information