Jump to content

root kit zeroaccess? help

Kana

By Kana
in Resolved Malware Removal Logs

 Share

Recommended Posts

Kana

Kana

Posted
Posted

Hi,

Came back from a short trip and my computer was behaving badly. Mcafee AV found:

C:\Windows\assembly\GAC_32\Desktop.ini

C:\Windows\assembly\GAC_64\Desktop.ini

SAS and MBAM didn't find these.

*After a youtube crash course I manually removed rootkit from a windows installer folder and a user app data local folder. (

I then ran hitman pro which identified a couple rootkits and a bunch of adware.

Also ran TDSSKiller and GMER (both found nothing).

I then patched my windows firewall which brought it and the Mcafee firewall back on line.

Mcafee AV finds:

desktop.ini (unable to delete)

I also deleted temp files and cleared restore points. (before finding this forum)

I have retired from my <24 hour IT career and would reeeeaaaly love some help.

DDS and attach .txt follows.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31

Run by Sean at 21:19:20 on 2012-07-23

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6511 [GMT -7:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Program Files\HitmanPro\hmpsched.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Secunia\PSI\PSIA.exe

C:\Program Files (x86)\Secunia\PSI\sua.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Windows\system32\atieclxx.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\vds.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\msiexec.exe

C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

C:\Program Files\Common Files\McAfee\Core\mchost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.1\youtubedownloaderToolbarIE.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120630170357.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.1\youtubedownloaderToolbarIE.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.1\youtubedownloaderToolbarIE.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [sUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [CAHeadless] c:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [<NO NAME>]

mRun: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe

StartupFolder: C:\Users\Sean\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{F9907F90-D25C-462D-A2D4-A23B67D8A209} : NameServer = 208.67.222.222,208.67.220.220

TCP: Interfaces\{F9907F90-D25C-462D-A2D4-A23B67D8A209} : DhcpNameServer = 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO-X64: McAfee Phishing Filter - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120630170357.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.1\youtubedownloaderToolbarIE.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.1\youtubedownloaderToolbarIE.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [(Default)]

mRun-x64: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe

SEH-X64: SABShellExecuteHook Class: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\uw4visyg.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=

FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2010-2-17 12872]

S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-2-17 66632]

S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]

S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-2-17 12872]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

.

=============== Created Last 30 ================

.

2012-07-24 04:09:38 -------- d-----w- C:\Program Files (x86)\YouTube Downloader Toolbar

2012-07-24 04:09:38 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot

2012-07-24 04:09:38 -------- d-----w- C:\Program Files (x86)\Application Updater

2012-07-22 20:20:47 16200 ----a-w- C:\Windows\stinger.sys

2012-07-22 20:20:27 -------- d-----w- C:\Program Files (x86)\stinger

2012-07-22 19:14:41 -------- d-----w- C:\ProgramData\Sophos

2012-07-22 11:05:03 -------- d-----w- C:\Program Files (x86)\ESET

2012-07-22 10:20:57 12872 ----a-w- C:\Windows\System32\bootdelete.exe

2012-07-22 10:15:17 -------- d-----w- C:\Program Files\HitmanPro

2012-07-22 10:11:01 -------- d-----w- C:\ProgramData\HitmanPro

2012-07-21 09:07:35 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-07-11 10:03:03 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-01 00:03:56 29312 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll

2012-06-30 01:51:34 -------- d-----w- C:\Users\Sean\AppData\Local\{00EFFB3D-4E78-472F-9B6F-95C67FFF36B7}

2012-06-30 01:51:22 -------- d-----w- C:\Users\Sean\AppData\Local\{CF05FEAA-C710-4D5C-B7AA-40E55E14DC82}

2012-06-30 01:44:57 -------- d-----w- C:\Windows\en

2012-06-30 01:41:52 19736 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-06-30 01:31:28 7450888 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\107d49831cd566004\bingbarsetup.exe

2012-06-30 01:31:17 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b0d8fa11cd566003\MeshBetaRemover.exe

2012-06-30 01:31:15 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7d392221cd566002\DSETUP.dll

2012-06-30 01:31:15 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7d392221cd566002\DXSETUP.exe

2012-06-30 01:31:15 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7d392221cd566002\dsetup32.dll

.

==================== Find3M ====================

.

2012-07-12 05:31:07 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 05:31:07 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll

2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

.

============= FINISH: 21:20:09.81 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 4/10/2010 9:38:07 PM

System Uptime: 7/23/2012 4:40:02 PM (5 hours ago)

.

Motherboard: DELL Inc. | | 0X501H

Processor: Intel® Core i7 CPU 920 @ 2.67GHz | CPU 1 | 2668/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 684 GiB total, 561.91 GiB free.

D: is CDROM ()

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP199: 7/22/2012 4:48:38 PM - Aftermath

RP200: 7/22/2012 4:49:13 PM - Aftermath recovery

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop Elements 8.0

Adobe Photoshop.com Inspiration Browser

Adobe Premiere Elements 8.0

Adobe Reader X (10.1.3)

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Software Update

ATI Catalyst Control Center

Banctec Service Agreement

Bing Bar

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Citrix Presentation Server Client - Web Only

Complete Care Consumer Service Agreement

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Getting Started Guide

Dell Support Center (Support Software)

Diablo III

DirectXInstallService

EMC 10 Content

ESET Online Scanner v3

EVE Online (remove only)

FileZilla Client 3.5.1

Givit

GoToAssist 8.0.0.514

Java Auto Updater

Java 6 Update 31

Junk Mail filter update

Malwarebytes Anti-Malware version 1.62.0.1300

McAfee Security Scan Plus

McAfee SecurityCenter

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Live Add-in 1.5

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 10.0.6 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

PowerDVD DX

Quicken 2010

QuickTime

Realtek High Definition Audio Driver

Roxio Activation Module

Roxio BackOnTrack

Roxio Central Audio

Roxio Central Copy

Roxio Central Core

Roxio Central Data

Roxio Central Tools

Roxio Easy CD and DVD Burning

Roxio Express Labeler 3

Roxio Update Manager

Secunia PSI (2.0.0.3001)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition

Skins

SmartSound Quicktracks for Premiere Elements 8.0

Sonic CinePlayer Decoder Pack

Spelling Dictionaries Support For Adobe Reader 9

SUPERAntiSpyware Free Edition

TeamSpeak 3 Client

TrueCrypt

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

YouTube Downloader 3.5

YouTube Downloader Toolbar v6.1

.

==== Event Viewer Messages From Past Week ========

.

7/23/2012 9:19:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.

7/23/2012 9:05:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service.

7/22/2012 8:47:55 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004

7/22/2012 8:47:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter SASDIFSV SASKUTIL

7/22/2012 8:47:49 PM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified.

7/22/2012 8:47:30 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

7/22/2012 8:47:30 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

7/22/2012 4:37:25 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

7/22/2012 4:37:24 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The service has returned a service-specific error code.

7/22/2012 4:37:22 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..

7/22/2012 4:33:10 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.

7/22/2012 4:21:39 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

7/22/2012 4:11:55 PM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.

7/22/2012 4:11:55 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.

7/22/2012 4:11:55 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.

7/22/2012 4:09:30 PM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.

7/22/2012 4:09:29 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.

7/22/2012 1:40:58 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

7/22/2012 1:20:48 PM, Error: Service Control Manager [7034] - The SupportSoft Sprocket Service (DellSupportCenter) service terminated unexpectedly. It has done this 1 time(s).

7/22/2012 1:20:48 PM, Error: Service Control Manager [7034] - The Secunia Update Agent service terminated unexpectedly. It has done this 1 time(s).

7/22/2012 1:20:48 PM, Error: Service Control Manager [7034] - The Secunia PSI Agent service terminated unexpectedly. It has done this 1 time(s).

7/22/2012 1:20:48 PM, Error: Service Control Manager [7034] - The Adobe Active File Monitor V8 service terminated unexpectedly. It has done this 1 time(s).

7/22/2012 1:20:48 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

7/22/2012 1:12:36 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

7/22/2012 1:12:35 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

7/22/2012 1:12:34 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

7/21/2012 3:09:55 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

.

==== End Of File ===========================

Link to post
Share on other sites
Kana

Kana

Posted
  • Author
Posted

Scan result of Farbar Recovery Scan Tool Version: 20-07-2012 01

Ran by SYSTEM at 23-07-2012 22:02:49

Running from F:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8158240 2009-10-02] (Realtek Semiconductor)

HKLM\...\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-12-09] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807600 2009-11-13] ()

HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)

HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)

HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [1091976 2012-07-19] (Spigot, Inc.)

HKU\DJ\...\Run: [Google Update] "C:\Users\DJ\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-12-22] (Google Inc.)

HKU\Sean\...\Run: [sUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010864 2010-04-01] (SUPERAntiSpyware.com)

HKU\Sean\...\Run: [CAHeadless] c:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe [615808 2009-09-18] (Adobe Systems Incorporated)

HKLM\...\RunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161008 2009-11-23] ()

HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165104 2009-12-02] (Softthinks)

HKLM-x32\...\runonceex: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{F9907F90-D25C-462D-A2D4-A23B67D8A209}: [NameServer]208.67.222.222,208.67.220.220

Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\DJ\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Sean\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\UpdatusUser\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ======

2 AdobeActiveFileMonitor8.0; C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-09-18] (Adobe Systems Incorporated)

2 Application Updater; "C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe" [792512 2012-07-19] (Spigot, Inc.)

2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [108392 2012-07-22] (SurfRight B.V.)

3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)

2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [502032 2012-04-19] (McAfee, Inc.)

2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.)

2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.)

2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.)

2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 Secunia PSI Agent; "C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service [993848 2011-01-10] (Secunia)

2 Secunia Update Agent; "C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service [399416 2011-01-10] (Secunia)

3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74392 2009-04-30] (MicroVision Development, Inc.)

2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

========================== Drivers (Whitelisted) =============

3 61883; C:\Windows\System32\Drivers\61883.sys [60288 2009-07-13] (Microsoft Corporation)

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)

3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)

3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)

3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)

0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)

1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)

3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)

0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)

1 RxFilter; C:\Windows\SysWow64\Drivers\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)

1 SASDIFSV; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

3 SASENUM; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [12872 2010-02-17] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

1 SASKUTIL; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [66632 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

3 mfeavfk01; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-07-23 23:23 - 2012-07-23 23:23 - 00013265 ____A C:\Users\Sean\Desktop\Attach.txt

2012-07-23 23:22 - 2012-07-23 23:22 - 00021788 ____A C:\Users\Sean\Desktop\DDS.txt

2012-07-23 23:15 - 2012-07-23 23:15 - 00607260 ____R (Swearware) C:\Users\Sean\Desktop\dds.scr

2012-07-23 23:09 - 2012-07-23 23:09 - 00000000 ____D C:\Program Files (x86)\YouTube Downloader Toolbar

2012-07-23 23:09 - 2012-07-23 23:09 - 00000000 ____D C:\Program Files (x86)\Application Updater

2012-07-23 22:02 - 2012-07-23 22:02 - 00000000 ____D C:\FRST

2012-07-22 21:54 - 2012-07-22 21:54 - 00302592 ____A C:\Users\Sean\Desktop\yohwo4nl.exe

2012-07-22 20:03 - 2012-07-22 20:04 - 00000000 ____D C:\Users\Sean\Desktop\Firewall recovery after zeroaccess

2012-07-22 16:36 - 2012-07-22 16:36 - 02322184 ____A (ESET) C:\Users\Sean\Downloads\esetsmartinstaller_enu(2).exe

2012-07-22 15:36 - 2012-07-22 15:36 - 00347424 ____A (Microsoft Corporation) C:\Users\Sean\Downloads\MicrosoftFixit.WindowsFirewall.RNP.136266420139127716.1.1.Run.exe

2012-07-22 15:24 - 2012-07-22 15:24 - 00000040 ___RH C:\Users\Sean\Downloads\stinger.opt

2012-07-22 15:20 - 2012-07-22 15:24 - 00000000 ____D C:\Program Files (x86)\stinger

2012-07-22 15:20 - 2012-07-22 15:20 - 00016200 ____A (McAfee, Inc.) C:\Windows\stinger.sys

2012-07-22 15:18 - 2012-07-22 15:18 - 09670760 ____A (McAfee Inc.) C:\Users\Sean\Downloads\stinger.exe

2012-07-22 14:14 - 2012-07-22 14:14 - 00000000 ____D C:\Users\All Users\Sophos

2012-07-22 14:14 - 2012-07-22 14:14 - 00000000 ____D C:\Users\All Users\Application Data\Sophos

2012-07-22 14:13 - 2012-07-22 14:13 - 76157064 ____A (Sophos Limited) C:\Users\Sean\Downloads\Sophos Virus Removal Tool.exe

2012-07-22 12:44 - 2012-07-22 12:44 - 02322184 ____A (ESET) C:\Users\Sean\Downloads\esetsmartinstaller_enu(1).exe

2012-07-22 06:05 - 2012-07-22 06:05 - 00000000 ____D C:\Program Files (x86)\ESET

2012-07-22 06:04 - 2012-07-22 06:04 - 02322184 ____A (ESET) C:\Users\Sean\Downloads\esetsmartinstaller_enu.exe

2012-07-22 05:22 - 2012-07-22 05:22 - 00302592 ____A C:\Users\Sean\Downloads\eldyeo30.exe

2012-07-22 05:20 - 2012-07-22 05:20 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe

2012-07-22 05:15 - 2012-07-22 11:55 - 00000000 ____D C:\Program Files\HitmanPro

2012-07-22 05:12 - 2012-07-22 05:12 - 02117152 ____A C:\Users\Sean\Downloads\tdsskiller(1).zip

2012-07-22 05:11 - 2012-07-22 05:20 - 00000000 ____D C:\Users\All Users\HitmanPro

2012-07-22 05:11 - 2012-07-22 05:20 - 00000000 ____D C:\Users\All Users\Application Data\HitmanPro

2012-07-22 05:10 - 2012-07-22 05:10 - 08834304 ____A (SurfRight B.V.) C:\Users\Sean\Desktop\HitmanPro36_x64.exe

2012-07-22 05:03 - 2012-07-22 05:04 - 00000000 ____D C:\Users\Sean\Downloads\tdsskiller

2012-07-22 05:03 - 2012-07-22 05:03 - 02108825 ____A C:\Users\Sean\Downloads\tdsskiller.zip

2012-07-22 03:33 - 2012-07-22 03:33 - 00000000 ____D C:\Users\Sean\Application Data\Roxio

2012-07-22 03:33 - 2012-07-22 03:33 - 00000000 ____D C:\Users\Sean\AppData\Roaming\Roxio

2012-07-22 03:01 - 2012-07-22 03:31 - 120776704 ____A C:\Users\Sean\Downloads\slacko-5.3.3-4g-SCSI.iso

2012-07-22 01:54 - 2012-07-22 04:47 - 00000246 ____A C:\Users\Sean\My Documents\zeroaccess Sirefef.P info.txt

2012-07-22 01:54 - 2012-07-22 04:47 - 00000246 ____A C:\Users\Sean\Documents\zeroaccess Sirefef.P info.txt

2012-07-21 18:43 - 2012-07-21 18:43 - 00000237 ____A C:\Windows\SysWOW64\RootkitRemover20120721164335.txt

2012-07-21 17:16 - 2012-07-21 17:17 - 00000237 ____A C:\Windows\SysWOW64\RootkitRemover20120721151609.txt

2012-07-21 17:15 - 2012-07-21 17:15 - 00177792 ____A C:\Users\Sean\Downloads\562354-5.zip

2012-07-21 04:07 - 2012-07-21 04:07 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

2012-07-17 00:11 - 2012-07-22 05:12 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Sean\Desktop\TDSSKiller.exe

2012-07-11 05:03 - 2012-06-11 22:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-11 00:23 - 2012-06-09 00:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-07-11 00:23 - 2012-06-08 23:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-07-11 00:23 - 2012-06-06 01:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-07-11 00:23 - 2012-06-06 01:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-07-11 00:23 - 2012-06-06 01:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-07-11 00:23 - 2012-06-06 00:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-07-11 00:23 - 2012-06-06 00:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-07-11 00:23 - 2012-06-06 00:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-07-11 00:23 - 2012-06-02 00:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-07-11 00:23 - 2012-06-02 00:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-07-11 00:23 - 2012-06-02 00:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-07-11 00:23 - 2012-06-02 00:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-07-11 00:23 - 2012-06-02 00:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-07-11 00:23 - 2012-06-01 23:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-07-11 00:23 - 2012-06-01 23:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-07-11 00:23 - 2012-06-01 23:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-07-11 00:23 - 2012-06-01 23:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-07-11 00:23 - 2010-06-25 22:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll

2012-07-11 00:23 - 2010-06-25 22:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2012-06-29 20:56 - 2012-06-29 20:56 - 00046080 __ASH C:\Users\Sean\My Documents\Thumbs.db

2012-06-29 20:56 - 2012-06-29 20:56 - 00046080 __ASH C:\Users\Sean\Documents\Thumbs.db

2012-06-29 20:51 - 2012-06-29 20:52 - 00000000 ____D C:\Users\Sean\Local Settings\Application Data\{00EFFB3D-4E78-472F-9B6F-95C67FFF36B7}

2012-06-29 20:51 - 2012-06-29 20:52 - 00000000 ____D C:\Users\Sean\Local Settings\{00EFFB3D-4E78-472F-9B6F-95C67FFF36B7}

2012-06-29 20:51 - 2012-06-29 20:52 - 00000000 ____D C:\Users\Sean\AppData\Local\{00EFFB3D-4E78-472F-9B6F-95C67FFF36B7}

2012-06-29 20:51 - 2012-06-29 20:51 - 00000000 ____D C:\Users\Sean\Local Settings\Application Data\{CF05FEAA-C710-4D5C-B7AA-40E55E14DC82}

2012-06-29 20:51 - 2012-06-29 20:51 - 00000000 ____D C:\Users\Sean\Local Settings\{CF05FEAA-C710-4D5C-B7AA-40E55E14DC82}

2012-06-29 20:51 - 2012-06-29 20:51 - 00000000 ____D C:\Users\Sean\AppData\Local\{CF05FEAA-C710-4D5C-B7AA-40E55E14DC82}

2012-06-29 20:44 - 2012-06-29 20:44 - 00000000 ____D C:\Windows\en

2012-06-29 20:42 - 2012-06-29 20:42 - 00000000 ____D C:\Program Files\Windows Live

2012-06-29 20:39 - 2012-06-29 20:39 - 01287528 ____A (Microsoft Corporation) C:\Users\Sean\Downloads\wlsetup-web(1).exe

2012-06-29 20:28 - 2012-06-29 20:28 - 01287528 ____A (Microsoft Corporation) C:\Users\Sean\Downloads\wlsetup-web.exe

============ 3 Months Modified Files ========================

2012-07-23 23:58 - 2009-07-14 00:10 - 02024321 ____A C:\Windows\WindowsUpdate.log

2012-07-23 23:41 - 2010-12-22 13:04 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2336530531-3346422161-3029251777-1003UA.job

2012-07-23 23:41 - 2010-12-22 13:04 - 00000844 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2336530531-3346422161-3029251777-1003Core.job

2012-07-23 23:31 - 2012-03-31 15:01 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-07-23 23:23 - 2012-07-23 23:23 - 00013265 ____A C:\Users\Sean\Desktop\Attach.txt

2012-07-23 23:22 - 2012-07-23 23:22 - 00021788 ____A C:\Users\Sean\Desktop\DDS.txt

2012-07-23 23:15 - 2012-07-23 23:15 - 00607260 ____R (Swearware) C:\Users\Sean\Desktop\dds.scr

2012-07-22 22:55 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-07-22 22:55 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-07-22 22:53 - 2009-07-14 00:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI

2012-07-22 22:47 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-07-22 22:47 - 2009-07-13 23:51 - 00057172 ____A C:\Windows\setupact.log

2012-07-22 21:54 - 2012-07-22 21:54 - 00302592 ____A C:\Users\Sean\Desktop\yohwo4nl.exe

2012-07-22 16:36 - 2012-07-22 16:36 - 02322184 ____A (ESET) C:\Users\Sean\Downloads\esetsmartinstaller_enu(2).exe

2012-07-22 15:36 - 2012-07-22 15:36 - 00347424 ____A (Microsoft Corporation) C:\Users\Sean\Downloads\MicrosoftFixit.WindowsFirewall.RNP.136266420139127716.1.1.Run.exe

2012-07-22 15:24 - 2012-07-22 15:24 - 00000040 ___RH C:\Users\Sean\Downloads\stinger.opt

2012-07-22 15:20 - 2012-07-22 15:20 - 00016200 ____A (McAfee, Inc.) C:\Windows\stinger.sys

2012-07-22 15:18 - 2012-07-22 15:18 - 09670760 ____A (McAfee Inc.) C:\Users\Sean\Downloads\stinger.exe

2012-07-22 14:13 - 2012-07-22 14:13 - 76157064 ____A (Sophos Limited) C:\Users\Sean\Downloads\Sophos Virus Removal Tool.exe

2012-07-22 12:44 - 2012-07-22 12:44 - 02322184 ____A (ESET) C:\Users\Sean\Downloads\esetsmartinstaller_enu(1).exe

2012-07-22 06:04 - 2012-07-22 06:04 - 02322184 ____A (ESET) C:\Users\Sean\Downloads\esetsmartinstaller_enu.exe

2012-07-22 05:22 - 2012-07-22 05:22 - 00302592 ____A C:\Users\Sean\Downloads\eldyeo30.exe

2012-07-22 05:20 - 2012-07-22 05:20 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe

2012-07-22 05:12 - 2012-07-22 05:12 - 02117152 ____A C:\Users\Sean\Downloads\tdsskiller(1).zip

2012-07-22 05:12 - 2012-07-17 00:11 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Sean\Desktop\TDSSKiller.exe

2012-07-22 05:10 - 2012-07-22 05:10 - 08834304 ____A (SurfRight B.V.) C:\Users\Sean\Desktop\HitmanPro36_x64.exe

2012-07-22 05:03 - 2012-07-22 05:03 - 02108825 ____A C:\Users\Sean\Downloads\tdsskiller.zip

2012-07-22 04:47 - 2012-07-22 01:54 - 00000246 ____A C:\Users\Sean\My Documents\zeroaccess Sirefef.P info.txt

2012-07-22 04:47 - 2012-07-22 01:54 - 00000246 ____A C:\Users\Sean\Documents\zeroaccess Sirefef.P info.txt

2012-07-22 03:31 - 2012-07-22 03:01 - 120776704 ____A C:\Users\Sean\Downloads\slacko-5.3.3-4g-SCSI.iso

2012-07-21 18:43 - 2012-07-21 18:43 - 00000237 ____A C:\Windows\SysWOW64\RootkitRemover20120721164335.txt

2012-07-21 17:17 - 2012-07-21 17:16 - 00000237 ____A C:\Windows\SysWOW64\RootkitRemover20120721151609.txt

2012-07-21 17:15 - 2012-07-21 17:15 - 00177792 ____A C:\Users\Sean\Downloads\562354-5.zip

2012-07-21 16:53 - 2010-04-01 13:36 - 00546428 ____A C:\Windows\PFRO.log

2012-07-18 11:11 - 2010-04-11 01:33 - 00000426 ____A C:\Windows\BRWMARK.INI

2012-07-12 00:31 - 2012-03-31 15:01 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-07-12 00:31 - 2011-05-14 02:14 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-07-11 05:06 - 2009-07-13 23:45 - 00462600 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-11 05:01 - 2010-04-11 00:22 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-03 15:46 - 2010-04-11 22:51 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-06-29 20:56 - 2012-06-29 20:56 - 00046080 __ASH C:\Users\Sean\My Documents\Thumbs.db

2012-06-29 20:56 - 2012-06-29 20:56 - 00046080 __ASH C:\Users\Sean\Documents\Thumbs.db

2012-06-29 20:41 - 2010-04-01 11:52 - 00080300 ____A C:\Windows\DirectX.log

2012-06-29 20:39 - 2012-06-29 20:39 - 01287528 ____A (Microsoft Corporation) C:\Users\Sean\Downloads\wlsetup-web(1).exe

2012-06-29 20:28 - 2012-06-29 20:28 - 01287528 ____A (Microsoft Corporation) C:\Users\Sean\Downloads\wlsetup-web.exe

2012-06-16 15:50 - 2012-06-16 15:50 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-06-16 15:50 - 2012-06-16 15:50 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk

2012-06-11 22:08 - 2012-07-11 05:03 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-09 00:43 - 2012-07-11 00:23 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-08 23:41 - 2012-07-11 00:23 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-06-06 01:06 - 2012-07-11 00:23 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-06 01:06 - 2012-07-11 00:23 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-06 01:02 - 2012-07-11 00:23 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-06 00:05 - 2012-07-11 00:23 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-06-06 00:05 - 2012-07-11 00:23 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-06-06 00:03 - 2012-07-11 00:23 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-06-02 17:19 - 2012-06-22 14:12 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 17:19 - 2012-06-22 14:12 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 17:19 - 2012-06-22 14:12 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 17:19 - 2012-06-22 14:12 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 17:19 - 2012-06-22 14:12 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 17:19 - 2012-06-22 14:12 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 17:15 - 2012-06-22 14:12 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 17:15 - 2012-06-22 14:12 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 17:15 - 2012-06-22 14:12 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-02 00:50 - 2012-07-11 00:23 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-02 00:48 - 2012-07-11 00:23 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-02 00:48 - 2012-07-11 00:23 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-02 00:45 - 2012-07-11 00:23 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-02 00:44 - 2012-07-11 00:23 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-06-01 23:40 - 2012-07-11 00:23 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-06-01 23:40 - 2012-07-11 00:23 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-06-01 23:39 - 2012-07-11 00:23 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-06-01 23:34 - 2012-07-11 00:23 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-05-19 19:40 - 2012-05-19 19:40 - 00001195 ____A C:\Users\Public\Desktop\Diablo III.lnk

2012-05-19 19:40 - 2012-05-19 19:40 - 00001195 ____A C:\Users\All Users\Desktop\Diablo III.lnk

2012-05-19 19:38 - 2012-05-19 19:38 - 32288896 ____A (Blizzard Entertainment) C:\Users\Sean\Downloads\Diablo-III-Setup-enUS.exe

2012-05-14 23:01 - 2012-06-13 09:29 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-05-14 22:59 - 2012-06-13 09:29 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-05-14 22:03 - 2012-06-13 09:29 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-05-14 22:00 - 2012-06-13 09:28 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-05-13 14:36 - 2012-05-13 14:31 - 00001531 ____A C:\Users\Sean\Desktop\Singularity.lnk

2012-05-04 06:06 - 2012-06-13 09:28 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-05-04 05:03 - 2012-06-13 09:28 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-05-04 05:03 - 2012-06-13 09:28 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-05-01 00:40 - 2012-06-13 09:28 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll

2012-04-28 11:24 - 2012-04-28 11:24 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2012-04-27 22:55 - 2012-06-13 09:28 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

2012-04-26 00:41 - 2012-06-13 09:29 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll

2012-04-26 00:41 - 2012-06-13 09:29 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll

2012-04-26 00:34 - 2012-06-13 09:29 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%

Total physical RAM: 8182.99 MB

Available physical RAM: 7358.34 MB

Total Pagefile: 8181.14 MB

Available Pagefile: 7350.55 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:684.47 GB) (Free:561.83 GB) NTFS

3 Drive e: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

4 Drive f: (Cruzer) (Removable) (Total:7.47 GB) (Free:7.28 GB) FAT32

9 Drive k: (RECOVERY) (Fixed) (Total:14.12 GB) (Free:6.87 GB) NTFS ==>[system with boot components (obtained from reading drive)]

14 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 698 GB 0 B

Disk 1 Online 7663 MB 0 B

Disk 2 No Media 0 B 0 B

Disk 3 No Media 0 B 0 B

Disk 4 No Media 0 B 0 B

Disk 5 No Media 0 B 0 B

Disk 6 No Media 0 B 0 B

Disk 7 No Media 0 B 0 B

Disk 8 No Media 0 B 0 B

Disk 9 No Media 0 B 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 39 MB 31 KB

Partition 2 Primary 14 GB 40 MB

Partition 3 Primary 684 GB 14 GB

==================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 13 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 K RECOVERY NTFS Partition 14 GB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 C OS NTFS Partition 684 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 7655 MB 22 KB

==================================================================================

Disk: 1

Partition 1

Type : 0B

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 F Cruzer FAT32 Removable 7655 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-22 07:41

======================= End Of Log ==========================

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hello Kana,

This system had some serious backdoor trojans, spyware, and likely, a rookit.

This is a point where you need to decide about whether to make a clean start.

Backdoor trojans allow hackers to remotely control your computer, steal critical system information, and download and execute files.

You are strongly advised to do the following immediately.

1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.

* Take any other steps you think appropriate for an attempted identity theft.

You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh. While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions.

Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo.com/2007/10/03/what-is-a-backdoor-trojan

Danger: Remote Access Trojans http://www.microsoft.com/technet/security/alerts/info/virusrat.mspx

Consumers – Identity Theft http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/index.html

When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

Rootkits: The Obscure Hacker Attack http://www.microsoft.com/technet/community/columns/sectip/st1005.mspx

Help: I Got Hacked. Now What Do I Do? http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

Help: I Got Hacked. Now What Do I Do? Part II http://www.microsoft.com/technet/community/columns/secmgmt/sm0704.mspx

Microsoft Says Recovery from Malware Becoming Impossible http://www.eweek.com/article2/0,1895,1945808,00.asp

IF you have a full-image backup of the system prior to the onset of the infection, you may want to consider restoring the system from it.

Let me know what you decide.

IF you decide to try to continue cleaning, do the following.

Stop trying to self-medicate and follow my guidance.

Do not run any tools or programs outside of what I guide you to.

IF you did not purchase S*uperantispyware, uninstall it.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.


Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

Step 4

This will be a batch-fix and should run very quickly

  • Press the Windows-key on keyboard.
  • In the 10-16-2011%204-33-46%20PM.png box, type notepad and press Enter.
  • Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
    @Echo off
    del /f /q C:\Windows\assembly\GAC_64\Desktop.ini
    del %0


  • Select File -> Save AS.
  • Press the Desktop button on the left side of the save dialog.
  • In the 10-16-2011%204-37-58%20PM.png box, type in Fix.bat.
  • Press 10-16-2011%204-36-39%20PM.png.
  • Close Notepad.
  • Right click Fix.bat on your desktop, and choose 10-16-2011%204-40-48%20PM.png.
  • Press Yes if prompted by User Account Control.

Step 5

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply.

Do NOT press any FIX button. This 1st run is to get information only.

Copy and Paste the contents of aswMBR log

Step 6

Start MBAM. Do a Quick scan. If it tags something, have each item tagged placed in quarantine or removed. Copy & Paste MBAM log in a reply.

Run a new DDS run & copy & paste DDS.txt + Attach.txt in a reply.

Link to post
Share on other sites
Kana

Kana

Posted
  • Author
Posted

Hi,

Thanks for the reply. I would go for a clean install except that there are some word docs and photos I would like to transfer if possible. Can this be done safely? -If not I would like to try cleaning. I am at work now but can follow your instructions when I get home.

Regardless of the outcome, thank you for taking the time to assist!

Link to post
Share on other sites
Kana

Kana

Posted
  • Author
Posted

aswMBR log (FIX button was not enabled)

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-24 17:58:53

-----------------------------

17:58:53.429 OS Version: Windows x64 6.1.7601 Service Pack 1

17:58:53.429 Number of processors: 8 586 0x1A05

17:58:53.429 ComputerName: SEAN-PC UserName: Sean

17:58:55.020 Initialize success

17:59:16.810 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

17:59:16.810 Disk 0 Vendor: ST375052 CC45 Size: 715404MB BusType: 3

17:59:16.841 Disk 0 MBR read successfully

17:59:16.841 Disk 0 MBR scan

17:59:16.841 Disk 0 Windows VISTA default MBR code

17:59:16.857 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63

17:59:16.857 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 14462 MB offset 81920

17:59:16.857 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 700901 MB offset 29700096

17:59:16.872 Disk 0 scanning C:\Windows\system32\drivers

17:59:23.752 Service scanning

17:59:35.935 Modules scanning

17:59:35.935 Scan finished successfully

18:00:02.346 Disk 0 MBR has been saved successfully to "C:\Users\Sean\Desktop\MBR.dat"

18:00:02.346 The log file has been saved successfully to "C:\Users\Sean\Desktop\aswMBR.txt"

Link to post
Share on other sites
Kana

Kana

Posted
  • Author
Posted

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.24.12

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Sean :: SEAN-PC [administrator]

7/24/2012 6:03:55 PM

mbam-log-2012-07-24 (18-03-55).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 234501

Time elapsed: 2 minute(s), 29 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites
Kana

Kana

Posted
  • Author
Posted

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31

Run by Sean at 18:10:33 on 2012-07-24

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6393 [GMT -7:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Program Files\HitmanPro\hmpsched.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Secunia\PSI\PSIA.exe

C:\Program Files (x86)\Secunia\PSI\sua.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Windows\system32\atieclxx.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\taskhost.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\System32\vds.exe

C:\Program Files\Common Files\McAfee\Core\mchost.exe

C:\Program Files\Common Files\McAfee\Core\mchost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.1\youtubedownloaderToolbarIE.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120630170357.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.1\youtubedownloaderToolbarIE.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.1\youtubedownloaderToolbarIE.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [CAHeadless] c:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [<NO NAME>]

mRun: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

mRunOnce: [Launcher] C1\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe

StartupFolder: C:\Users\Sean\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{F9907F90-D25C-462D-A2D4-A23B67D8A209} : NameServer = 208.67.222.222,208.67.220.220

TCP: Interfaces\{F9907F90-D25C-462D-A2D4-A23B67D8A209} : DhcpNameServer = 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO-X64: McAfee Phishing Filter - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120630170357.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.1\youtubedownloaderToolbarIE.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.1\youtubedownloaderToolbarIE.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [(Default)]

mRun-x64: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

mRunOnce-x64: [Launcher] C1\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\uw4visyg.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=

FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-7-19 792512]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2012-7-22 108392]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-2 249936]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-2 249936]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-2 249936]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-9-11 199272]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-9-11 210584]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-9-11 162192]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-13 2348352]

R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-1-10 993848]

R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-1-10 399416]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-4-1 656624]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 250056]

S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]

S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

SUnknown SASKUTIL;SASKUTIL; [x]

.

=============== Created Last 30 ================

.

2012-07-24 04:09:38 -------- d-----w- C:\Program Files (x86)\YouTube Downloader Toolbar

2012-07-24 04:09:38 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot

2012-07-24 04:09:38 -------- d-----w- C:\Program Files (x86)\Application Updater

2012-07-24 03:02:34 -------- d-----w- C:\FRST

2012-07-22 20:20:47 16200 ----a-w- C:\Windows\stinger.sys

2012-07-22 20:20:27 -------- d-----w- C:\Program Files (x86)\stinger

2012-07-22 19:14:41 -------- d-----w- C:\ProgramData\Sophos

2012-07-22 11:05:03 -------- d-----w- C:\Program Files (x86)\ESET

2012-07-22 10:20:57 12872 ----a-w- C:\Windows\System32\bootdelete.exe

2012-07-22 10:15:17 -------- d-----w- C:\Program Files\HitmanPro

2012-07-22 10:11:01 -------- d-----w- C:\ProgramData\HitmanPro

2012-07-21 09:07:35 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-07-11 10:03:03 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-01 00:03:56 29312 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll

2012-06-30 01:51:34 -------- d-----w- C:\Users\Sean\AppData\Local\{00EFFB3D-4E78-472F-9B6F-95C67FFF36B7}

2012-06-30 01:51:22 -------- d-----w- C:\Users\Sean\AppData\Local\{CF05FEAA-C710-4D5C-B7AA-40E55E14DC82}

2012-06-30 01:44:57 -------- d-----w- C:\Windows\en

2012-06-30 01:41:52 19736 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-06-30 01:31:28 7450888 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\107d49831cd566004\bingbarsetup.exe

2012-06-30 01:31:17 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b0d8fa11cd566003\MeshBetaRemover.exe

2012-06-30 01:31:15 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7d392221cd566002\DSETUP.dll

2012-06-30 01:31:15 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7d392221cd566002\DXSETUP.exe

2012-06-30 01:31:15 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7d392221cd566002\dsetup32.dll

.

==================== Find3M ====================

.

2012-07-12 05:31:07 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 05:31:07 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll

2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

.

============= FINISH: 18:10:51.18 ===============

Link to post
Share on other sites
Kana

Kana

Posted
  • Author
Posted

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 4/10/2010 9:38:07 PM

System Uptime: 7/24/2012 2:26:57 PM (4 hours ago)

.

Motherboard: DELL Inc. | | 0X501H

Processor: Intel® Core i7 CPU 920 @ 2.67GHz | CPU 1 | 2668/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 684 GiB total, 561.497 GiB free.

D: is CDROM ()

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP199: 7/22/2012 4:48:38 PM - Aftermath

RP200: 7/22/2012 4:49:13 PM - Aftermath recovery

RP201: 7/24/2012 5:14:05 PM - Removed SUPERAntiSpyware Free Edition

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop Elements 8.0

Adobe Photoshop.com Inspiration Browser

Adobe Premiere Elements 8.0

Adobe Reader X (10.1.3)

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Software Update

ATI Catalyst Control Center

Banctec Service Agreement

Bing Bar

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Citrix Presentation Server Client - Web Only

Complete Care Consumer Service Agreement

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Getting Started Guide

Dell Support Center (Support Software)

Diablo III

DirectXInstallService

EMC 10 Content

ERUNT 1.1j

ESET Online Scanner v3

EVE Online (remove only)

FileZilla Client 3.5.1

Givit

GoToAssist 8.0.0.514

Java Auto Updater

Java 6 Update 31

Junk Mail filter update

Malwarebytes Anti-Malware version 1.62.0.1300

McAfee Security Scan Plus

McAfee SecurityCenter

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Live Add-in 1.5

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 10.0.6 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

PowerDVD DX

Quicken 2010

QuickTime

Realtek High Definition Audio Driver

Roxio Activation Module

Roxio BackOnTrack

Roxio Central Audio

Roxio Central Copy

Roxio Central Core

Roxio Central Data

Roxio Central Tools

Roxio Easy CD and DVD Burning

Roxio Express Labeler 3

Roxio Update Manager

Secunia PSI (2.0.0.3001)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition

Skins

SmartSound Quicktracks for Premiere Elements 8.0

Sonic CinePlayer Decoder Pack

Spelling Dictionaries Support For Adobe Reader 9

TeamSpeak 3 Client

TrueCrypt

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

YouTube Downloader 3.5

YouTube Downloader Toolbar v6.1

.

==== Event Viewer Messages From Past Week ========

.

7/24/2012 5:15:02 PM, Error: Service Control Manager [7000] - The SASKUTIL service failed to start due to the following error: This driver has been blocked from loading

7/24/2012 5:15:02 PM, Error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: This driver has been blocked from loading

7/24/2012 5:15:02 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

7/24/2012 5:15:02 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

7/23/2012 9:57:55 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.

7/23/2012 9:27:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service.

7/23/2012 9:27:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SSDPSRV service.

7/23/2012 9:26:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FontCache service.

7/23/2012 9:26:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.

7/23/2012 10:05:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter SASDIFSV SASKUTIL

7/23/2012 10:05:05 PM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified.

7/22/2012 8:47:55 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004

7/22/2012 4:37:25 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

7/22/2012 4:37:24 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The service has returned a service-specific error code.

7/22/2012 4:37:22 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..

7/22/2012 4:21:39 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

7/22/2012 4:11:55 PM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.

7/22/2012 4:11:55 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.

7/22/2012 4:11:55 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.

7/22/2012 4:09:30 PM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.

7/22/2012 4:09:29 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.

7/22/2012 1:40:58 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

7/22/2012 1:20:48 PM, Error: Service Control Manager [7034] - The SupportSoft Sprocket Service (DellSupportCenter) service terminated unexpectedly. It has done this 1 time(s).

7/22/2012 1:20:48 PM, Error: Service Control Manager [7034] - The Secunia Update Agent service terminated unexpectedly. It has done this 1 time(s).

7/22/2012 1:20:48 PM, Error: Service Control Manager [7034] - The Secunia PSI Agent service terminated unexpectedly. It has done this 1 time(s).

7/22/2012 1:20:48 PM, Error: Service Control Manager [7034] - The Adobe Active File Monitor V8 service terminated unexpectedly. It has done this 1 time(s).

7/22/2012 1:20:48 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

7/22/2012 1:12:36 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

7/22/2012 1:12:35 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

7/22/2012 1:12:34 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

7/21/2012 3:09:55 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

.

==== End Of File ===========================

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

No need to repeat. But kindly tell me, How is the system now ?

and

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites
Kana

Kana

Posted
  • Author
Posted

It seems fine...but the only thing I've used it for has been limited to what you asked me to do. It hasn't been hooked up to the internet except to post some of these logs (after enabling firewall and AV).

Do you want me to run the security check program with offline with the AV, spyware, firewall and script tracking turned off still? Or shall I turn everything back on and run it?

Link to post
Share on other sites
Kana

Kana

Posted
  • Author
Posted

Results of screen317's Security Check version 0.99.43

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

McAfee Anti-Virus and Anti-Spyware

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Secunia PSI (2.0.0.3001)

Malwarebytes Anti-Malware version 1.62.0.1300

Java 6 Update 31

Java version out of Date!

Adobe Reader 9 Adobe Reader out of Date!

Adobe Reader X (10.1.3)

Mozilla Firefox 10.0.6 Firefox out of Date!

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Link to post
Share on other sites
Kana

Kana

Posted
  • Author
Posted

12:17:09.0119 3440 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11

12:17:11.0132 3440 ============================================================

12:17:11.0132 3440 Current date / time: 2012/07/26 12:17:11.0132

12:17:11.0132 3440 SystemInfo:

12:17:11.0132 3440

12:17:11.0132 3440 OS Version: 6.1.7601 ServicePack: 1.0

12:17:11.0132 3440 Product type: Workstation

12:17:11.0132 3440 ComputerName: SEAN-PC

12:17:11.0132 3440 UserName: Sean

12:17:11.0132 3440 Windows directory: C:\Windows

12:17:11.0132 3440 System windows directory: C:\Windows

12:17:11.0132 3440 Running under WOW64

12:17:11.0132 3440 Processor architecture: Intel x64

12:17:11.0132 3440 Number of processors: 8

12:17:11.0132 3440 Page size: 0x1000

12:17:11.0132 3440 Boot type: Normal boot

12:17:11.0132 3440 ============================================================

12:17:11.0756 3440 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

12:17:11.0771 3440 ============================================================

12:17:11.0771 3440 \Device\Harddisk0\DR0:

12:17:11.0771 3440 MBR partitions:

12:17:11.0771 3440 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1C3F000

12:17:11.0771 3440 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C53000, BlocksNum 0x558F2800

12:17:11.0771 3440 ============================================================

12:17:11.0787 3440 C: <-> \Device\Harddisk0\DR0\Partition1

12:17:11.0787 3440 ============================================================

12:17:11.0787 3440 Initialize success

12:17:11.0787 3440 ============================================================

12:18:47.0088 6428 ============================================================

12:18:47.0088 6428 Scan started

12:18:47.0088 6428 Mode: Manual;

12:18:47.0088 6428 ============================================================

12:18:47.0572 6428 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

12:18:47.0572 6428 1394ohci - ok

12:18:47.0619 6428 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys

12:18:47.0619 6428 61883 - ok

12:18:47.0634 6428 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

12:18:47.0634 6428 ACPI - ok

12:18:47.0650 6428 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

12:18:47.0650 6428 AcpiPmi - ok

12:18:47.0728 6428 AdobeActiveFileMonitor8.0 (765fe0463e711e5a68ac7b69538ed922) c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

12:18:47.0728 6428 AdobeActiveFileMonitor8.0 - ok

12:18:47.0806 6428 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

12:18:47.0806 6428 AdobeARMservice - ok

12:18:47.0915 6428 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

12:18:47.0915 6428 AdobeFlashPlayerUpdateSvc - ok

12:18:47.0962 6428 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

12:18:47.0962 6428 adp94xx - ok

12:18:47.0993 6428 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

12:18:47.0993 6428 adpahci - ok

12:18:48.0009 6428 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

12:18:48.0009 6428 adpu320 - ok

12:18:48.0040 6428 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

12:18:48.0040 6428 AeLookupSvc - ok

12:18:48.0071 6428 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

12:18:48.0087 6428 AFD - ok

12:18:48.0087 6428 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

12:18:48.0087 6428 agp440 - ok

12:18:48.0102 6428 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

12:18:48.0102 6428 ALG - ok

12:18:48.0118 6428 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

12:18:48.0133 6428 aliide - ok

12:18:48.0165 6428 AMD External Events Utility (f0e61cf2c0fda5b011cd1cb2e2353c9a) C:\Windows\system32\atiesrxx.exe

12:18:48.0211 6428 AMD External Events Utility - ok

12:18:48.0211 6428 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

12:18:48.0211 6428 amdide - ok

12:18:48.0243 6428 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

12:18:48.0243 6428 AmdK8 - ok

12:18:48.0445 6428 amdkmdag (cf3db4d8b2ce0b282ab39c9d846eca74) C:\Windows\system32\DRIVERS\atikmdag.sys

12:18:48.0508 6428 amdkmdag - ok

12:18:48.0601 6428 amdkmdap (7d07db26f6d3a16a6c8d34ce6c09fd01) C:\Windows\system32\DRIVERS\atikmpag.sys

12:18:48.0648 6428 amdkmdap - ok

12:18:48.0664 6428 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

12:18:48.0679 6428 AmdPPM - ok

12:18:48.0695 6428 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

12:18:48.0742 6428 amdsata - ok

12:18:48.0804 6428 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

12:18:48.0804 6428 amdsbs - ok

12:18:48.0820 6428 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

12:18:48.0851 6428 amdxata - ok

12:18:48.0898 6428 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

12:18:48.0898 6428 AppID - ok

12:18:48.0913 6428 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

12:18:48.0929 6428 AppIDSvc - ok

12:18:48.0976 6428 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

12:18:48.0976 6428 Appinfo - ok

12:18:49.0069 6428 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

12:18:49.0069 6428 Apple Mobile Device - ok

12:18:49.0147 6428 Application Updater (295f7a66d6d50d3a3496fbf9098a1e1c) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

12:18:49.0210 6428 Application Updater - ok

12:18:49.0241 6428 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

12:18:49.0241 6428 arc - ok

12:18:49.0257 6428 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

12:18:49.0257 6428 arcsas - ok

12:18:49.0288 6428 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

12:18:49.0288 6428 AsyncMac - ok

12:18:49.0303 6428 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

12:18:49.0303 6428 atapi - ok

12:18:49.0335 6428 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys

12:18:49.0381 6428 AtiHdmiService - ok

12:18:49.0584 6428 atikmdag (cf3db4d8b2ce0b282ab39c9d846eca74) C:\Windows\system32\DRIVERS\atikmdag.sys

12:18:49.0647 6428 atikmdag - ok

12:18:49.0725 6428 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

12:18:49.0771 6428 AudioEndpointBuilder - ok

12:18:49.0787 6428 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

12:18:49.0787 6428 AudioSrv - ok

12:18:49.0818 6428 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys

12:18:49.0818 6428 Avc - ok

12:18:49.0849 6428 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

12:18:49.0896 6428 AxInstSV - ok

12:18:49.0912 6428 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

12:18:49.0927 6428 b06bdrv - ok

12:18:49.0943 6428 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

12:18:49.0943 6428 b57nd60a - ok

12:18:50.0037 6428 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

12:18:50.0037 6428 BBSvc - ok

12:18:50.0068 6428 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

12:18:50.0068 6428 BDESVC - ok

12:18:50.0083 6428 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

12:18:50.0083 6428 Beep - ok

12:18:50.0130 6428 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

12:18:50.0161 6428 BFE - ok

12:18:50.0193 6428 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

12:18:50.0208 6428 BITS - ok

12:18:50.0224 6428 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

12:18:50.0224 6428 blbdrive - ok

12:18:50.0286 6428 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

12:18:50.0302 6428 Bonjour Service - ok

12:18:50.0333 6428 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

12:18:50.0333 6428 bowser - ok

12:18:50.0349 6428 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

12:18:50.0349 6428 BrFiltLo - ok

12:18:50.0364 6428 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

12:18:50.0364 6428 BrFiltUp - ok

12:18:50.0395 6428 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

12:18:50.0427 6428 Browser - ok

12:18:50.0458 6428 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

12:18:50.0458 6428 Brserid - ok

12:18:50.0473 6428 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

12:18:50.0473 6428 BrSerWdm - ok

12:18:50.0489 6428 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

12:18:50.0489 6428 BrUsbMdm - ok

12:18:50.0489 6428 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

12:18:50.0489 6428 BrUsbSer - ok

12:18:50.0505 6428 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

12:18:50.0505 6428 BTHMODEM - ok

12:18:50.0536 6428 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

12:18:50.0536 6428 bthserv - ok

12:18:50.0551 6428 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

12:18:50.0551 6428 cdfs - ok

12:18:50.0583 6428 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

12:18:50.0629 6428 cdrom - ok

12:18:50.0629 6428 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

12:18:50.0661 6428 CertPropSvc - ok

12:18:50.0692 6428 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys

12:18:50.0692 6428 cfwids - ok

12:18:50.0707 6428 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

12:18:50.0707 6428 circlass - ok

12:18:50.0739 6428 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

12:18:50.0739 6428 CLFS - ok

12:18:50.0785 6428 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:18:50.0801 6428 clr_optimization_v2.0.50727_32 - ok

12:18:50.0817 6428 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

12:18:50.0817 6428 clr_optimization_v2.0.50727_64 - ok

12:18:50.0910 6428 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

12:18:50.0910 6428 clr_optimization_v4.0.30319_32 - ok

12:18:50.0941 6428 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

12:18:50.0941 6428 clr_optimization_v4.0.30319_64 - ok

12:18:50.0957 6428 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

12:18:50.0957 6428 CmBatt - ok

12:18:50.0973 6428 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

12:18:50.0973 6428 cmdide - ok

12:18:51.0035 6428 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

12:18:51.0035 6428 CNG - ok

12:18:51.0035 6428 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

12:18:51.0035 6428 Compbatt - ok

12:18:51.0066 6428 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

12:18:51.0066 6428 CompositeBus - ok

12:18:51.0082 6428 COMSysApp - ok

12:18:51.0097 6428 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

12:18:51.0097 6428 crcdisk - ok

12:18:51.0129 6428 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

12:18:51.0175 6428 CryptSvc - ok

12:18:51.0207 6428 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

12:18:51.0222 6428 DcomLaunch - ok

12:18:51.0238 6428 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

12:18:51.0238 6428 defragsvc - ok

12:18:51.0285 6428 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

12:18:51.0285 6428 DfsC - ok

12:18:51.0300 6428 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

12:18:51.0331 6428 Dhcp - ok

12:18:51.0378 6428 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

12:18:51.0378 6428 discache - ok

12:18:51.0394 6428 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

12:18:51.0394 6428 Disk - ok

12:18:51.0425 6428 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

12:18:51.0472 6428 Dnscache - ok

12:18:51.0534 6428 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe

12:18:51.0534 6428 DockLoginService - ok

12:18:51.0581 6428 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

12:18:51.0628 6428 dot3svc - ok

12:18:51.0643 6428 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

12:18:51.0690 6428 DPS - ok

12:18:51.0737 6428 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

12:18:51.0737 6428 drmkaud - ok

12:18:51.0784 6428 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

12:18:51.0799 6428 DXGKrnl - ok

12:18:51.0815 6428 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

12:18:51.0815 6428 EapHost - ok

12:18:51.0924 6428 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

12:18:51.0924 6428 ebdrv - ok

12:18:52.0002 6428 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

12:18:52.0049 6428 EFS - ok

12:18:52.0096 6428 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

12:18:52.0143 6428 ehRecvr - ok

12:18:52.0158 6428 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

12:18:52.0174 6428 ehSched - ok

12:18:52.0189 6428 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

12:18:52.0189 6428 elxstor - ok

12:18:52.0221 6428 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

12:18:52.0221 6428 ErrDev - ok

12:18:52.0236 6428 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

12:18:52.0252 6428 EventSystem - ok

12:18:52.0267 6428 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

12:18:52.0267 6428 exfat - ok

12:18:52.0283 6428 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

12:18:52.0299 6428 fastfat - ok

12:18:52.0330 6428 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

12:18:52.0345 6428 Fax - ok

12:18:52.0361 6428 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

12:18:52.0361 6428 fdc - ok

12:18:52.0377 6428 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

12:18:52.0377 6428 fdPHost - ok

12:18:52.0392 6428 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

12:18:52.0392 6428 FDResPub - ok

12:18:52.0408 6428 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

12:18:52.0423 6428 FileInfo - ok

12:18:52.0423 6428 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

12:18:52.0423 6428 Filetrace - ok

12:18:52.0501 6428 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

12:18:52.0501 6428 FLEXnet Licensing Service - ok

12:18:52.0517 6428 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

12:18:52.0533 6428 flpydisk - ok

12:18:52.0564 6428 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

12:18:52.0564 6428 FltMgr - ok

12:18:52.0611 6428 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

12:18:52.0626 6428 FontCache - ok

12:18:52.0689 6428 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

12:18:52.0751 6428 FontCache3.0.0.0 - ok

12:18:52.0767 6428 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

12:18:52.0767 6428 FsDepends - ok

12:18:52.0798 6428 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

12:18:52.0798 6428 Fs_Rec - ok

12:18:52.0813 6428 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

12:18:52.0813 6428 fvevol - ok

12:18:52.0829 6428 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

12:18:52.0829 6428 gagp30kx - ok

12:18:52.0891 6428 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

12:18:52.0891 6428 GEARAspiWDM - ok

12:18:52.0923 6428 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe

12:18:52.0923 6428 GoToAssist - ok

12:18:53.0001 6428 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

12:18:53.0016 6428 gpsvc - ok

12:18:53.0032 6428 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

12:18:53.0032 6428 hcw85cir - ok

12:18:53.0063 6428 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

12:18:53.0079 6428 HdAudAddService - ok

12:18:53.0110 6428 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

12:18:53.0110 6428 HDAudBus - ok

12:18:53.0125 6428 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

12:18:53.0125 6428 HidBatt - ok

12:18:53.0141 6428 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

12:18:53.0141 6428 HidBth - ok

12:18:53.0172 6428 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

12:18:53.0172 6428 HidIr - ok

12:18:53.0188 6428 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

12:18:53.0188 6428 hidserv - ok

12:18:53.0203 6428 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

12:18:53.0203 6428 HidUsb - ok

12:18:53.0266 6428 HitmanProScheduler (f9d7af93b7171d566f533e4401393fc0) C:\Program Files\HitmanPro\hmpsched.exe

12:18:53.0266 6428 HitmanProScheduler - ok

12:18:53.0297 6428 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

12:18:53.0344 6428 hkmsvc - ok

12:18:53.0391 6428 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

12:18:53.0391 6428 HomeGroupListener - ok

12:18:53.0422 6428 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

12:18:53.0422 6428 HomeGroupProvider - ok

12:18:53.0437 6428 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

12:18:53.0469 6428 HpSAMD - ok

12:18:53.0531 6428 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

12:18:53.0531 6428 HTTP - ok

12:18:53.0547 6428 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

12:18:53.0547 6428 hwpolicy - ok

12:18:53.0562 6428 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

12:18:53.0562 6428 i8042prt - ok

12:18:53.0640 6428 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

12:18:53.0656 6428 IAANTMON - ok

12:18:53.0687 6428 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys

12:18:53.0687 6428 iaStor - ok

12:18:53.0703 6428 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

12:18:53.0749 6428 iaStorV - ok

12:18:53.0827 6428 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

12:18:53.0890 6428 idsvc - ok

12:18:53.0937 6428 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

12:18:53.0937 6428 iirsp - ok

12:18:53.0983 6428 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

12:18:54.0030 6428 IKEEXT - ok

12:18:54.0108 6428 IntcAzAudAddService (2a7cf87be453241fe0baa1c8651e7aa4) C:\Windows\system32\drivers\RTKVHD64.sys

12:18:54.0124 6428 IntcAzAudAddService - ok

12:18:54.0171 6428 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

12:18:54.0171 6428 intelide - ok

12:18:54.0202 6428 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

12:18:54.0202 6428 intelppm - ok

12:18:54.0217 6428 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

12:18:54.0217 6428 IPBusEnum - ok

12:18:54.0264 6428 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

12:18:54.0264 6428 IpFilterDriver - ok

12:18:54.0295 6428 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

12:18:54.0295 6428 IPMIDRV - ok

12:18:54.0295 6428 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

12:18:54.0311 6428 IPNAT - ok

12:18:54.0389 6428 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe

12:18:54.0405 6428 iPod Service - ok

12:18:54.0405 6428 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

12:18:54.0405 6428 IRENUM - ok

12:18:54.0451 6428 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

12:18:54.0451 6428 isapnp - ok

12:18:54.0467 6428 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

12:18:54.0514 6428 iScsiPrt - ok

12:18:54.0545 6428 JRAID (71235f7baa7e5e79d38157df7a0f806a) C:\Windows\system32\DRIVERS\jraid.sys

12:18:54.0545 6428 JRAID - ok

12:18:54.0561 6428 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

12:18:54.0561 6428 kbdclass - ok

12:18:54.0561 6428 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

12:18:54.0592 6428 kbdhid - ok

12:18:54.0623 6428 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:18:54.0623 6428 KeyIso - ok

12:18:54.0654 6428 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

12:18:54.0701 6428 KSecDD - ok

12:18:54.0748 6428 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

12:18:54.0795 6428 KSecPkg - ok

12:18:54.0795 6428 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

12:18:54.0795 6428 ksthunk - ok

12:18:54.0826 6428 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

12:18:54.0841 6428 KtmRm - ok

12:18:54.0873 6428 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

12:18:54.0919 6428 LanmanServer - ok

12:18:54.0951 6428 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

12:18:54.0966 6428 LanmanWorkstation - ok

12:18:55.0013 6428 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

12:18:55.0013 6428 lltdio - ok

12:18:55.0044 6428 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

12:18:55.0044 6428 lltdsvc - ok

12:18:55.0060 6428 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

12:18:55.0060 6428 lmhosts - ok

12:18:55.0091 6428 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

12:18:55.0091 6428 LSI_FC - ok

12:18:55.0107 6428 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

12:18:55.0107 6428 LSI_SAS - ok

12:18:55.0122 6428 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

12:18:55.0122 6428 LSI_SAS2 - ok

12:18:55.0138 6428 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

12:18:55.0138 6428 LSI_SCSI - ok

12:18:55.0153 6428 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

12:18:55.0153 6428 luafv - ok

12:18:55.0247 6428 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe

12:18:55.0247 6428 McComponentHostService - ok

12:18:55.0356 6428 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

12:18:55.0356 6428 McMPFSvc - ok

12:18:55.0356 6428 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

12:18:55.0372 6428 mcmscsvc - ok

12:18:55.0372 6428 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

12:18:55.0372 6428 McNaiAnn - ok

12:18:55.0372 6428 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

12:18:55.0387 6428 McNASvc - ok

12:18:55.0434 6428 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\McAfee\VirusScan\mcods.exe

12:18:55.0434 6428 McODS - ok

12:18:55.0450 6428 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

12:18:55.0450 6428 McProxy - ok

12:18:55.0481 6428 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

12:18:55.0481 6428 McShield - ok

12:18:55.0575 6428 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

12:18:55.0606 6428 Mcx2Svc - ok

12:18:55.0621 6428 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

12:18:55.0621 6428 megasas - ok

12:18:55.0637 6428 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

12:18:55.0637 6428 MegaSR - ok

12:18:55.0684 6428 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys

12:18:55.0684 6428 mfeapfk - ok

12:18:55.0715 6428 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys

12:18:55.0715 6428 mfeavfk - ok

12:18:55.0731 6428 mfeavfk01 - ok

12:18:55.0746 6428 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

12:18:55.0746 6428 mfefire - ok

12:18:55.0793 6428 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys

12:18:55.0793 6428 mfefirek - ok

12:18:55.0824 6428 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys

12:18:55.0824 6428 mfehidk - ok

12:18:55.0871 6428 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys

12:18:55.0918 6428 mfenlfk - ok

12:18:55.0933 6428 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys

12:18:55.0965 6428 mferkdet - ok

12:18:56.0058 6428 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

12:18:56.0105 6428 mfevtp - ok

12:18:56.0136 6428 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys

12:18:56.0136 6428 mfewfpk - ok

12:18:56.0183 6428 Microsoft SharePoint Workspace Audit Service - ok

12:18:56.0230 6428 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

12:18:56.0230 6428 MMCSS - ok

12:18:56.0261 6428 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

12:18:56.0261 6428 Modem - ok

12:18:56.0308 6428 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

12:18:56.0308 6428 monitor - ok

12:18:56.0323 6428 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

12:18:56.0339 6428 mouclass - ok

12:18:56.0355 6428 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

12:18:56.0355 6428 mouhid - ok

12:18:56.0386 6428 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

12:18:56.0401 6428 mountmgr - ok

12:18:56.0417 6428 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

12:18:56.0448 6428 mpio - ok

12:18:56.0464 6428 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

12:18:56.0464 6428 mpsdrv - ok

12:18:56.0511 6428 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

12:18:56.0557 6428 MpsSvc - ok

12:18:56.0589 6428 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

12:18:56.0589 6428 MRxDAV - ok

12:18:56.0604 6428 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

12:18:56.0620 6428 mrxsmb - ok

12:18:56.0635 6428 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

12:18:56.0635 6428 mrxsmb10 - ok

12:18:56.0635 6428 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

12:18:56.0651 6428 mrxsmb20 - ok

12:18:56.0651 6428 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

12:18:56.0651 6428 msahci - ok

12:18:56.0682 6428 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

12:18:56.0729 6428 msdsm - ok

12:18:56.0745 6428 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

12:18:56.0745 6428 MSDTC - ok

12:18:56.0791 6428 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys

12:18:56.0791 6428 MSDV - ok

12:18:56.0807 6428 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

12:18:56.0807 6428 Msfs - ok

12:18:56.0823 6428 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

12:18:56.0823 6428 mshidkmdf - ok

12:18:56.0823 6428 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

12:18:56.0838 6428 msisadrv - ok

12:18:56.0869 6428 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

12:18:56.0869 6428 MSiSCSI - ok

12:18:56.0869 6428 msiserver - ok

12:18:56.0979 6428 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

12:18:56.0979 6428 MSK80Service - ok

12:18:56.0994 6428 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

12:18:56.0994 6428 MSKSSRV - ok

12:18:57.0010 6428 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

12:18:57.0010 6428 MSPCLOCK - ok

12:18:57.0025 6428 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

12:18:57.0025 6428 MSPQM - ok

12:18:57.0057 6428 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

12:18:57.0072 6428 MsRPC - ok

12:18:57.0072 6428 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

12:18:57.0072 6428 mssmbios - ok

12:18:57.0088 6428 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

12:18:57.0088 6428 MSTEE - ok

12:18:57.0088 6428 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

12:18:57.0088 6428 MTConfig - ok

12:18:57.0103 6428 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

12:18:57.0103 6428 Mup - ok

12:18:57.0135 6428 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

12:18:57.0135 6428 napagent - ok

12:18:57.0166 6428 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

12:18:57.0166 6428 NativeWifiP - ok

12:18:57.0228 6428 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

12:18:57.0244 6428 NDIS - ok

12:18:57.0259 6428 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

12:18:57.0259 6428 NdisCap - ok

12:18:57.0275 6428 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

12:18:57.0275 6428 NdisTapi - ok

12:18:57.0306 6428 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

12:18:57.0306 6428 Ndisuio - ok

12:18:57.0322 6428 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

12:18:57.0322 6428 NdisWan - ok

12:18:57.0353 6428 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

12:18:57.0353 6428 NDProxy - ok

12:18:57.0369 6428 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

12:18:57.0384 6428 NetBIOS - ok

12:18:57.0400 6428 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

12:18:57.0400 6428 NetBT - ok

12:18:57.0431 6428 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:18:57.0431 6428 Netlogon - ok

12:18:57.0462 6428 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

12:18:57.0478 6428 Netman - ok

12:18:57.0493 6428 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

12:18:57.0493 6428 netprofm - ok

12:18:57.0540 6428 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

12:18:57.0540 6428 NetTcpPortSharing - ok

12:18:57.0571 6428 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

12:18:57.0571 6428 nfrd960 - ok

12:18:57.0587 6428 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

12:18:57.0587 6428 NlaSvc - ok

12:18:57.0603 6428 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

12:18:57.0603 6428 Npfs - ok

12:18:57.0618 6428 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

12:18:57.0618 6428 nsi - ok

12:18:57.0634 6428 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

12:18:57.0634 6428 nsiproxy - ok

12:18:57.0696 6428 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

12:18:57.0759 6428 Ntfs - ok

12:18:57.0790 6428 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

12:18:57.0790 6428 Null - ok

12:18:57.0837 6428 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys

12:18:57.0837 6428 NVHDA - ok

12:18:58.0180 6428 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys

12:18:58.0242 6428 nvlddmkm - ok

12:18:58.0320 6428 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

12:18:58.0367 6428 nvraid - ok

12:18:58.0383 6428 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

12:18:58.0383 6428 nvstor - ok

12:18:58.0445 6428 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe

12:18:58.0445 6428 nvsvc - ok

12:18:58.0554 6428 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

12:18:58.0570 6428 nvUpdatusService - ok

12:18:58.0632 6428 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

12:18:58.0648 6428 nv_agp - ok

12:18:58.0648 6428 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

12:18:58.0663 6428 ohci1394 - ok

12:18:58.0726 6428 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

12:18:58.0726 6428 ose - ok

12:18:58.0944 6428 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

12:18:59.0038 6428 osppsvc - ok

12:18:59.0085 6428 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

12:18:59.0085 6428 p2pimsvc - ok

12:18:59.0100 6428 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

12:18:59.0116 6428 p2psvc - ok

12:18:59.0131 6428 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

12:18:59.0131 6428 Parport - ok

12:18:59.0163 6428 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

12:18:59.0178 6428 partmgr - ok

12:18:59.0178 6428 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

12:18:59.0194 6428 PcaSvc - ok

12:18:59.0225 6428 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

12:18:59.0225 6428 pci - ok

12:18:59.0241 6428 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

12:18:59.0241 6428 pciide - ok

12:18:59.0256 6428 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

12:18:59.0272 6428 pcmcia - ok

12:18:59.0272 6428 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

12:18:59.0287 6428 pcw - ok

12:18:59.0303 6428 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

12:18:59.0319 6428 PEAUTH - ok

12:18:59.0365 6428 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

12:18:59.0365 6428 PerfHost - ok

12:18:59.0443 6428 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

12:18:59.0506 6428 pla - ok

12:18:59.0553 6428 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

12:18:59.0599 6428 PlugPlay - ok

12:18:59.0599 6428 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

12:18:59.0599 6428 PNRPAutoReg - ok

12:18:59.0631 6428 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

12:18:59.0631 6428 PNRPsvc - ok

12:18:59.0646 6428 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

12:18:59.0693 6428 PolicyAgent - ok

12:18:59.0709 6428 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

12:18:59.0724 6428 Power - ok

12:18:59.0771 6428 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

12:18:59.0771 6428 PptpMiniport - ok

12:18:59.0787 6428 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

12:18:59.0787 6428 Processor - ok

12:18:59.0818 6428 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

12:18:59.0818 6428 ProfSvc - ok

12:18:59.0849 6428 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:18:59.0865 6428 ProtectedStorage - ok

12:18:59.0896 6428 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

12:18:59.0896 6428 Psched - ok

12:18:59.0927 6428 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys

12:18:59.0989 6428 PSI - ok

12:19:00.0005 6428 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

12:19:00.0036 6428 PxHlpa64 - ok

12:19:00.0099 6428 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

12:19:00.0114 6428 ql2300 - ok

12:19:00.0177 6428 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

12:19:00.0177 6428 ql40xx - ok

12:19:00.0192 6428 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

12:19:00.0208 6428 QWAVE - ok

12:19:00.0208 6428 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

12:19:00.0208 6428 QWAVEdrv - ok

12:19:00.0223 6428 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

12:19:00.0223 6428 RasAcd - ok

12:19:00.0239 6428 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

12:19:00.0239 6428 RasAgileVpn - ok

12:19:00.0255 6428 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

12:19:00.0255 6428 RasAuto - ok

12:19:00.0301 6428 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

12:19:00.0301 6428 Rasl2tp - ok

12:19:00.0333 6428 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

12:19:00.0364 6428 RasMan - ok

12:19:00.0379 6428 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

12:19:00.0379 6428 RasPppoe - ok

12:19:00.0395 6428 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

12:19:00.0395 6428 RasSstp - ok

12:19:00.0411 6428 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

12:19:00.0426 6428 rdbss - ok

12:19:00.0426 6428 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

12:19:00.0426 6428 rdpbus - ok

12:19:00.0442 6428 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

12:19:00.0442 6428 RDPCDD - ok

12:19:00.0457 6428 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

12:19:00.0457 6428 RDPENCDD - ok

12:19:00.0457 6428 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

12:19:00.0457 6428 RDPREFMP - ok

12:19:00.0504 6428 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

12:19:00.0504 6428 RDPWD - ok

12:19:00.0551 6428 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

12:19:00.0551 6428 rdyboost - ok

12:19:00.0582 6428 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

12:19:00.0582 6428 RemoteAccess - ok

12:19:00.0598 6428 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

12:19:00.0613 6428 RemoteRegistry - ok

12:19:00.0738 6428 RoxMediaDB10 (05fc44d32a144925eae45570029fd6e1) c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

12:19:00.0754 6428 RoxMediaDB10 - ok

12:19:00.0754 6428 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

12:19:00.0769 6428 RpcEptMapper - ok

12:19:00.0769 6428 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

12:19:00.0785 6428 RpcLocator - ok

12:19:00.0816 6428 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

12:19:00.0816 6428 RpcSs - ok

12:19:00.0863 6428 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

12:19:00.0863 6428 rspndr - ok

12:19:00.0894 6428 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys

12:19:00.0894 6428 RSUSBSTOR - ok

12:19:00.0925 6428 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys

12:19:00.0972 6428 RTL8167 - ok

12:19:00.0972 6428 RxFilter - ok

12:19:01.0003 6428 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:19:01.0003 6428 SamSs - ok

12:19:01.0035 6428 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

12:19:01.0066 6428 sbp2port - ok

12:19:01.0097 6428 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

12:19:01.0113 6428 SCardSvr - ok

12:19:01.0128 6428 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

12:19:01.0128 6428 scfilter - ok

12:19:01.0191 6428 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

12:19:01.0237 6428 Schedule - ok

12:19:01.0269 6428 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

12:19:01.0269 6428 SCPolicySvc - ok

12:19:01.0300 6428 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

12:19:01.0300 6428 SDRSVC - ok

12:19:01.0393 6428 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

12:19:01.0393 6428 SeaPort - ok

12:19:01.0409 6428 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

12:19:01.0425 6428 secdrv - ok

12:19:01.0425 6428 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

12:19:01.0471 6428 seclogon - ok

12:19:01.0549 6428 Secunia PSI Agent (7198bbfbe46c0070257278c536386687) C:\Program Files (x86)\Secunia\PSI\PSIA.exe

12:19:01.0565 6428 Secunia PSI Agent - ok

12:19:01.0581 6428 Secunia Update Agent (d2fca567f9be87e29b9a9fa32ffe79ca) C:\Program Files (x86)\Secunia\PSI\sua.exe

12:19:01.0581 6428 Secunia Update Agent - ok

12:19:01.0643 6428 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

12:19:01.0643 6428 SENS - ok

12:19:01.0659 6428 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

12:19:01.0659 6428 SensrSvc - ok

12:19:01.0690 6428 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

12:19:01.0690 6428 Serenum - ok

12:19:01.0705 6428 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

12:19:01.0705 6428 Serial - ok

12:19:01.0752 6428 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

12:19:01.0752 6428 sermouse - ok

12:19:01.0783 6428 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

12:19:01.0783 6428 SessionEnv - ok

12:19:01.0830 6428 SessionLauncher - ok

12:19:01.0877 6428 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

12:19:01.0877 6428 sffdisk - ok

12:19:01.0893 6428 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

12:19:01.0893 6428 sffp_mmc - ok

12:19:01.0908 6428 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

12:19:01.0908 6428 sffp_sd - ok

12:19:01.0924 6428 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

12:19:01.0924 6428 sfloppy - ok

12:19:01.0971 6428 SftService (16a5cc62f79a32a974b55110a898945c) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

12:19:01.0971 6428 SftService - ok

12:19:02.0017 6428 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

12:19:02.0017 6428 SharedAccess - ok

12:19:02.0064 6428 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

12:19:02.0080 6428 ShellHWDetection - ok

12:19:02.0111 6428 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

12:19:02.0111 6428 SiSRaid2 - ok

12:19:02.0127 6428 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

12:19:02.0127 6428 SiSRaid4 - ok

12:19:02.0158 6428 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

12:19:02.0158 6428 Smb - ok

12:19:02.0189 6428 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

12:19:02.0189 6428 SNMPTRAP - ok

12:19:02.0189 6428 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

12:19:02.0205 6428 spldr - ok

12:19:02.0220 6428 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

12:19:02.0283 6428 Spooler - ok

12:19:02.0392 6428 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

12:19:02.0454 6428 sppsvc - ok

12:19:02.0501 6428 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

12:19:02.0501 6428 sppuinotify - ok

12:19:02.0563 6428 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

12:19:02.0563 6428 sprtsvc_DellSupportCenter - ok

12:19:02.0610 6428 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

12:19:02.0610 6428 srv - ok

12:19:02.0641 6428 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

12:19:02.0641 6428 srv2 - ok

12:19:02.0657 6428 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

12:19:02.0657 6428 srvnet - ok

12:19:02.0688 6428 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

12:19:02.0688 6428 SSDPSRV - ok

12:19:02.0704 6428 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

12:19:02.0719 6428 SstpSvc - ok

12:19:02.0797 6428 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

12:19:02.0797 6428 Stereo Service - ok

12:19:02.0813 6428 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

12:19:02.0813 6428 stexstor - ok

12:19:02.0875 6428 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

12:19:02.0907 6428 stisvc - ok

12:19:02.0985 6428 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

12:19:02.0985 6428 stllssvr - ok

12:19:03.0016 6428 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

12:19:03.0016 6428 swenum - ok

12:19:03.0047 6428 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

12:19:03.0047 6428 swprv - ok

12:19:03.0125 6428 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

12:19:03.0156 6428 SysMain - ok

12:19:03.0234 6428 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

12:19:03.0281 6428 TabletInputService - ok

12:19:03.0312 6428 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

12:19:03.0359 6428 TapiSrv - ok

12:19:03.0375 6428 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

12:19:03.0375 6428 TBS - ok

12:19:03.0468 6428 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

12:19:03.0484 6428 Tcpip - ok

12:19:03.0562 6428 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

12:19:03.0577 6428 TCPIP6 - ok

12:19:03.0640 6428 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

12:19:03.0640 6428 tcpipreg - ok

12:19:03.0655 6428 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

12:19:03.0655 6428 TDPIPE - ok

12:19:03.0687 6428 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

12:19:03.0687 6428 TDTCP - ok

12:19:03.0718 6428 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

12:19:03.0718 6428 tdx - ok

12:19:03.0733 6428 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

12:19:03.0733 6428 TermDD - ok

12:19:03.0765 6428 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

12:19:03.0811 6428 TermService - ok

12:19:03.0811 6428 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

12:19:03.0827 6428 Themes - ok

12:19:03.0858 6428 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

12:19:03.0858 6428 THREADORDER - ok

12:19:03.0874 6428 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

12:19:03.0874 6428 TrkWks - ok

12:19:03.0921 6428 truecrypt (8de922cd4fea6f83b10805df965b9a08) C:\Windows\system32\drivers\truecrypt.sys

12:19:03.0921 6428 truecrypt - ok

12:19:03.0936 6428 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

12:19:03.0936 6428 TrustedInstaller - ok

12:19:03.0967 6428 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

12:19:03.0967 6428 tssecsrv - ok

12:19:03.0999 6428 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

12:19:04.0014 6428 TsUsbFlt - ok

12:19:04.0061 6428 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

12:19:04.0061 6428 tunnel - ok

12:19:04.0077 6428 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

12:19:04.0077 6428 uagp35 - ok

12:19:04.0092 6428 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

12:19:04.0092 6428 udfs - ok

12:19:04.0123 6428 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

12:19:04.0123 6428 UI0Detect - ok

12:19:04.0139 6428 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

12:19:04.0155 6428 uliagpkx - ok

12:19:04.0155 6428 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

12:19:04.0201 6428 umbus - ok

12:19:04.0217 6428 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

12:19:04.0217 6428 UmPass - ok

12:19:04.0233 6428 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

12:19:04.0248 6428 upnphost - ok

12:19:04.0279 6428 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

12:19:04.0279 6428 USBAAPL64 - ok

12:19:04.0295 6428 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

12:19:04.0295 6428 usbccgp - ok

12:19:04.0326 6428 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

12:19:04.0326 6428 usbcir - ok

12:19:04.0326 6428 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

12:19:04.0326 6428 usbehci - ok

12:19:04.0357 6428 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

12:19:04.0404 6428 usbhub - ok

12:19:04.0420 6428 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

12:19:04.0451 6428 usbohci - ok

12:19:04.0451 6428 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

12:19:04.0451 6428 usbprint - ok

12:19:04.0467 6428 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

12:19:04.0498 6428 USBSTOR - ok

12:19:04.0513 6428 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

12:19:04.0545 6428 usbuhci - ok

12:19:04.0560 6428 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

12:19:04.0560 6428 UxSms - ok

12:19:04.0591 6428 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:19:04.0591 6428 VaultSvc - ok

12:19:04.0607 6428 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

12:19:04.0607 6428 vdrvroot - ok

12:19:04.0638 6428 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

12:19:04.0685 6428 vds - ok

12:19:04.0701 6428 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

12:19:04.0701 6428 vga - ok

12:19:04.0716 6428 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

12:19:04.0716 6428 VgaSave - ok

12:19:04.0732 6428 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

12:19:04.0732 6428 vhdmp - ok

12:19:04.0747 6428 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

12:19:04.0763 6428 viaide - ok

12:19:04.0779 6428 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

12:19:04.0810 6428 volmgr - ok

12:19:04.0857 6428 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

12:19:04.0857 6428 volmgrx - ok

12:19:04.0872 6428 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

12:19:04.0919 6428 volsnap - ok

12:19:04.0966 6428 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

12:19:04.0966 6428 vsmraid - ok

12:19:05.0044 6428 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

12:19:05.0044 6428 VSS - ok

12:19:05.0106 6428 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

12:19:05.0106 6428 vwifibus - ok

12:19:05.0153 6428 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

12:19:05.0153 6428 W32Time - ok

12:19:05.0184 6428 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

12:19:05.0184 6428 WacomPen - ok

12:19:05.0200 6428 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

12:19:05.0200 6428 WANARP - ok

12:19:05.0200 6428 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

12:19:05.0200 6428 Wanarpv6 - ok

12:19:05.0262 6428 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

12:19:05.0325 6428 WatAdminSvc - ok

12:19:05.0387 6428 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

12:19:05.0449 6428 wbengine - ok

12:19:05.0496 6428 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

12:19:05.0512 6428 WbioSrvc - ok

12:19:05.0543 6428 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

12:19:05.0574 6428 wcncsvc - ok

12:19:05.0590 6428 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

12:19:05.0590 6428 WcsPlugInService - ok

12:19:05.0605 6428 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

12:19:05.0605 6428 Wd - ok

12:19:05.0637 6428 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

12:19:05.0637 6428 Wdf01000 - ok

12:19:05.0652 6428 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

12:19:05.0652 6428 WdiServiceHost - ok

12:19:05.0668 6428 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

12:19:05.0668 6428 WdiSystemHost - ok

12:19:05.0699 6428 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

12:19:05.0730 6428 WebClient - ok

12:19:05.0746 6428 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

12:19:05.0746 6428 Wecsvc - ok

12:19:05.0761 6428 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

12:19:05.0761 6428 wercplsupport - ok

12:19:05.0793 6428 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

12:19:05.0793 6428 WerSvc - ok

12:19:05.0808 6428 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

12:19:05.0808 6428 WfpLwf - ok

12:19:05.0855 6428 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

12:19:05.0855 6428 WimFltr - ok

12:19:05.0871 6428 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

12:19:05.0871 6428 WIMMount - ok

12:19:05.0871 6428 WinHttpAutoProxySvc - ok

12:19:05.0933 6428 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

12:19:05.0949 6428 Winmgmt - ok

12:19:06.0027 6428 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

12:19:06.0089 6428 WinRM - ok

12:19:06.0183 6428 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

12:19:06.0183 6428 WinUsb - ok

12:19:06.0214 6428 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

12:19:06.0229 6428 Wlansvc - ok

12:19:06.0354 6428 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

12:19:06.0370 6428 wlidsvc - ok

12:19:06.0448 6428 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

12:19:06.0448 6428 WmiAcpi - ok

12:19:06.0479 6428 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

12:19:06.0479 6428 wmiApSrv - ok

12:19:06.0510 6428 WMPNetworkSvc - ok

12:19:06.0541 6428 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

12:19:06.0541 6428 WPCSvc - ok

12:19:06.0573 6428 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

12:19:06.0573 6428 WPDBusEnum - ok

12:19:06.0604 6428 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

12:19:06.0604 6428 ws2ifsl - ok

12:19:06.0635 6428 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

12:19:06.0635 6428 wscsvc - ok

12:19:06.0651 6428 WSearch - ok

12:19:06.0744 6428 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

12:19:06.0760 6428 wuauserv - ok

12:19:06.0822 6428 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

12:19:06.0869 6428 WudfPf - ok

12:19:06.0900 6428 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

12:19:06.0900 6428 WUDFRd - ok

12:19:06.0931 6428 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

12:19:06.0963 6428 wudfsvc - ok

12:19:06.0994 6428 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

12:19:06.0994 6428 WwanSvc - ok

12:19:07.0025 6428 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0

12:19:07.0165 6428 \Device\Harddisk0\DR0 - ok

12:19:07.0165 6428 Boot (0x1200) (1b2fc8aa85aaff0685a7463cd6a9b34c) \Device\Harddisk0\DR0\Partition0

12:19:07.0165 6428 \Device\Harddisk0\DR0\Partition0 - ok

12:19:07.0181 6428 Boot (0x1200) (698d3e72a01e75390da4f0a95291681b) \Device\Harddisk0\DR0\Partition1

12:19:07.0181 6428 \Device\Harddisk0\DR0\Partition1 - ok

12:19:07.0181 6428 ============================================================

12:19:07.0181 6428 Scan finished

12:19:07.0181 6428 ============================================================

12:19:07.0197 3868 Detected object count: 0

12:19:07.0197 3868 Actual detected object count: 0

Link to post
Share on other sites
Kana

Kana

Posted
  • Author
Posted

Here's one more run with TDSS with all the parameter options checked:

12:31:34.0640 6528 ============================================================

12:31:34.0640 6528 Scan started

12:31:34.0640 6528 Mode: Manual; SigCheck; TDLFS;

12:31:34.0640 6528 ============================================================

12:31:34.0968 6528 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

12:31:35.0062 6528 1394ohci - ok

12:31:35.0093 6528 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys

12:31:35.0155 6528 61883 - ok

12:31:35.0186 6528 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

12:31:35.0202 6528 ACPI - ok

12:31:35.0218 6528 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

12:31:35.0233 6528 AcpiPmi - ok

12:31:35.0311 6528 AdobeActiveFileMonitor8.0 (765fe0463e711e5a68ac7b69538ed922) c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

12:31:35.0327 6528 AdobeActiveFileMonitor8.0 - ok

12:31:35.0374 6528 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

12:31:35.0389 6528 AdobeARMservice - ok

12:31:35.0467 6528 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

12:31:35.0483 6528 AdobeFlashPlayerUpdateSvc - ok

12:31:35.0514 6528 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

12:31:35.0545 6528 adp94xx - ok

12:31:35.0561 6528 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

12:31:35.0576 6528 adpahci - ok

12:31:35.0576 6528 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

12:31:35.0592 6528 adpu320 - ok

12:31:35.0608 6528 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

12:31:35.0717 6528 AeLookupSvc - ok

12:31:35.0764 6528 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

12:31:35.0810 6528 AFD - ok

12:31:35.0826 6528 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

12:31:35.0857 6528 agp440 - ok

12:31:35.0857 6528 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

12:31:35.0920 6528 ALG - ok

12:31:35.0935 6528 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

12:31:35.0951 6528 aliide - ok

12:31:35.0982 6528 AMD External Events Utility (f0e61cf2c0fda5b011cd1cb2e2353c9a) C:\Windows\system32\atiesrxx.exe

12:31:36.0029 6528 AMD External Events Utility - ok

12:31:36.0044 6528 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

12:31:36.0060 6528 amdide - ok

12:31:36.0076 6528 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

12:31:36.0091 6528 AmdK8 - ok

12:31:36.0278 6528 amdkmdag (cf3db4d8b2ce0b282ab39c9d846eca74) C:\Windows\system32\DRIVERS\atikmdag.sys

12:31:36.0403 6528 amdkmdag - ok

12:31:36.0481 6528 amdkmdap (7d07db26f6d3a16a6c8d34ce6c09fd01) C:\Windows\system32\DRIVERS\atikmpag.sys

12:31:36.0575 6528 amdkmdap - ok

12:31:36.0590 6528 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

12:31:36.0637 6528 AmdPPM - ok

12:31:36.0653 6528 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

12:31:36.0715 6528 amdsata - ok

12:31:36.0731 6528 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

12:31:36.0746 6528 amdsbs - ok

12:31:36.0746 6528 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

12:31:36.0793 6528 amdxata - ok

12:31:36.0824 6528 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

12:31:36.0856 6528 AppID - ok

12:31:36.0871 6528 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

12:31:36.0918 6528 AppIDSvc - ok

12:31:36.0965 6528 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

12:31:37.0012 6528 Appinfo - ok

12:31:37.0105 6528 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

12:31:37.0121 6528 Apple Mobile Device - ok

12:31:37.0168 6528 Application Updater (295f7a66d6d50d3a3496fbf9098a1e1c) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

12:31:37.0246 6528 Application Updater - ok

12:31:37.0261 6528 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

12:31:37.0261 6528 arc - ok

12:31:37.0292 6528 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

12:31:37.0292 6528 arcsas - ok

12:31:37.0308 6528 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

12:31:37.0355 6528 AsyncMac - ok

12:31:37.0370 6528 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

12:31:37.0370 6528 atapi - ok

12:31:37.0402 6528 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys

12:31:37.0480 6528 AtiHdmiService - ok

12:31:37.0667 6528 atikmdag (cf3db4d8b2ce0b282ab39c9d846eca74) C:\Windows\system32\DRIVERS\atikmdag.sys

12:31:37.0760 6528 atikmdag - ok

12:31:37.0854 6528 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

12:31:37.0916 6528 AudioEndpointBuilder - ok

12:31:37.0916 6528 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

12:31:37.0948 6528 AudioSrv - ok

12:31:37.0979 6528 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys

12:31:38.0026 6528 Avc - ok

12:31:38.0041 6528 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

12:31:38.0104 6528 AxInstSV - ok

12:31:38.0119 6528 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

12:31:38.0182 6528 b06bdrv - ok

12:31:38.0197 6528 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

12:31:38.0228 6528 b57nd60a - ok

12:31:38.0291 6528 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

12:31:38.0322 6528 BBSvc - ok

12:31:38.0353 6528 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

12:31:38.0400 6528 BDESVC - ok

12:31:38.0400 6528 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

12:31:38.0447 6528 Beep - ok

12:31:38.0494 6528 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

12:31:38.0556 6528 BFE - ok

12:31:38.0603 6528 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

12:31:38.0650 6528 BITS - ok

12:31:38.0681 6528 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

12:31:38.0712 6528 blbdrive - ok

12:31:38.0759 6528 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

12:31:38.0774 6528 Bonjour Service - ok

12:31:38.0806 6528 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

12:31:38.0852 6528 bowser - ok

12:31:38.0852 6528 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

12:31:38.0884 6528 BrFiltLo - ok

12:31:38.0899 6528 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

12:31:38.0915 6528 BrFiltUp - ok

12:31:38.0962 6528 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

12:31:39.0040 6528 Browser - ok

12:31:39.0055 6528 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

12:31:39.0086 6528 Brserid - ok

12:31:39.0102 6528 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

12:31:39.0118 6528 BrSerWdm - ok

12:31:39.0133 6528 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

12:31:39.0180 6528 BrUsbMdm - ok

12:31:39.0196 6528 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

12:31:39.0211 6528 BrUsbSer - ok

12:31:39.0227 6528 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

12:31:39.0274 6528 BTHMODEM - ok

12:31:39.0289 6528 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

12:31:39.0352 6528 bthserv - ok

12:31:39.0383 6528 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

12:31:39.0430 6528 cdfs - ok

12:31:39.0461 6528 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

12:31:39.0523 6528 cdrom - ok

12:31:39.0554 6528 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

12:31:39.0601 6528 CertPropSvc - ok

12:31:39.0617 6528 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys

12:31:39.0632 6528 cfwids - ok

12:31:39.0648 6528 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

12:31:39.0695 6528 circlass - ok

12:31:39.0710 6528 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

12:31:39.0742 6528 CLFS - ok

12:31:39.0773 6528 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:31:39.0788 6528 clr_optimization_v2.0.50727_32 - ok

12:31:39.0804 6528 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

12:31:39.0820 6528 clr_optimization_v2.0.50727_64 - ok

12:31:39.0882 6528 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

12:31:39.0898 6528 clr_optimization_v4.0.30319_32 - ok

12:31:39.0929 6528 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

12:31:39.0944 6528 clr_optimization_v4.0.30319_64 - ok

12:31:39.0960 6528 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

12:31:39.0991 6528 CmBatt - ok

12:31:40.0022 6528 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

12:31:40.0038 6528 cmdide - ok

12:31:40.0069 6528 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

12:31:40.0116 6528 CNG - ok

12:31:40.0116 6528 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

12:31:40.0132 6528 Compbatt - ok

12:31:40.0163 6528 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

12:31:40.0194 6528 CompositeBus - ok

12:31:40.0210 6528 COMSysApp - ok

12:31:40.0225 6528 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

12:31:40.0225 6528 crcdisk - ok

12:31:40.0256 6528 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

12:31:40.0319 6528 CryptSvc - ok

12:31:40.0366 6528 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

12:31:40.0412 6528 DcomLaunch - ok

12:31:40.0444 6528 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

12:31:40.0475 6528 defragsvc - ok

12:31:40.0522 6528 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

12:31:40.0568 6528 DfsC - ok

12:31:40.0600 6528 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

12:31:40.0646 6528 Dhcp - ok

12:31:40.0662 6528 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

12:31:40.0740 6528 discache - ok

12:31:40.0756 6528 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

12:31:40.0771 6528 Disk - ok

12:31:40.0802 6528 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

12:31:40.0849 6528 Dnscache - ok

12:31:40.0912 6528 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe

12:31:40.0927 6528 DockLoginService ( UnsignedFile.Multi.Generic ) - warning

12:31:40.0927 6528 DockLoginService - detected UnsignedFile.Multi.Generic (1)

12:31:40.0958 6528 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

12:31:41.0005 6528 dot3svc - ok

12:31:41.0021 6528 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

12:31:41.0083 6528 DPS - ok

12:31:41.0099 6528 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

12:31:41.0130 6528 drmkaud - ok

12:31:41.0177 6528 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

12:31:41.0208 6528 DXGKrnl - ok

12:31:41.0239 6528 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

12:31:41.0302 6528 EapHost - ok

12:31:41.0395 6528 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

12:31:41.0458 6528 ebdrv - ok

12:31:41.0536 6528 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

12:31:41.0598 6528 EFS - ok

12:31:41.0645 6528 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

12:31:41.0676 6528 ehRecvr - ok

12:31:41.0692 6528 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

12:31:41.0723 6528 ehSched - ok

12:31:41.0754 6528 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

12:31:41.0785 6528 elxstor - ok

12:31:41.0801 6528 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

12:31:41.0816 6528 ErrDev - ok

12:31:41.0832 6528 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

12:31:41.0894 6528 EventSystem - ok

12:31:41.0910 6528 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

12:31:41.0957 6528 exfat - ok

12:31:41.0972 6528 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

12:31:42.0019 6528 fastfat - ok

12:31:42.0050 6528 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

12:31:42.0128 6528 Fax - ok

12:31:42.0128 6528 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

12:31:42.0160 6528 fdc - ok

12:31:42.0175 6528 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

12:31:42.0222 6528 fdPHost - ok

12:31:42.0238 6528 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

12:31:42.0284 6528 FDResPub - ok

12:31:42.0300 6528 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

12:31:42.0300 6528 FileInfo - ok

12:31:42.0316 6528 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

12:31:42.0347 6528 Filetrace - ok

12:31:42.0425 6528 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

12:31:42.0440 6528 FLEXnet Licensing Service - ok

12:31:42.0456 6528 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

12:31:42.0487 6528 flpydisk - ok

12:31:42.0503 6528 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

12:31:42.0503 6528 FltMgr - ok

12:31:42.0550 6528 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

12:31:42.0628 6528 FontCache - ok

12:31:42.0674 6528 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

12:31:42.0690 6528 FontCache3.0.0.0 - ok

12:31:42.0706 6528 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

12:31:42.0721 6528 FsDepends - ok

12:31:42.0752 6528 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

12:31:42.0768 6528 Fs_Rec - ok

12:31:42.0784 6528 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

12:31:42.0799 6528 fvevol - ok

12:31:42.0815 6528 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

12:31:42.0830 6528 gagp30kx - ok

12:31:42.0862 6528 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

12:31:42.0877 6528 GEARAspiWDM - ok

12:31:42.0908 6528 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe

12:31:42.0924 6528 GoToAssist - ok

12:31:42.0971 6528 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

12:31:43.0049 6528 gpsvc - ok

12:31:43.0049 6528 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

12:31:43.0111 6528 hcw85cir - ok

12:31:43.0142 6528 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

12:31:43.0189 6528 HdAudAddService - ok

12:31:43.0220 6528 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

12:31:43.0267 6528 HDAudBus - ok

12:31:43.0283 6528 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

12:31:43.0298 6528 HidBatt - ok

12:31:43.0314 6528 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

12:31:43.0330 6528 HidBth - ok

12:31:43.0330 6528 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

12:31:43.0345 6528 HidIr - ok

12:31:43.0376 6528 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

12:31:43.0423 6528 hidserv - ok

12:31:43.0423 6528 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

12:31:43.0439 6528 HidUsb - ok

12:31:43.0486 6528 HitmanProScheduler (f9d7af93b7171d566f533e4401393fc0) C:\Program Files\HitmanPro\hmpsched.exe

12:31:43.0486 6528 HitmanProScheduler - ok

12:31:43.0501 6528 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

12:31:43.0564 6528 hkmsvc - ok

12:31:43.0595 6528 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

12:31:43.0657 6528 HomeGroupListener - ok

12:31:43.0688 6528 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

12:31:43.0704 6528 HomeGroupProvider - ok

12:31:43.0720 6528 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

12:31:43.0782 6528 HpSAMD - ok

12:31:43.0829 6528 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

12:31:43.0876 6528 HTTP - ok

12:31:43.0876 6528 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

12:31:43.0891 6528 hwpolicy - ok

12:31:43.0891 6528 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

12:31:43.0907 6528 i8042prt - ok

12:31:43.0985 6528 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

12:31:44.0000 6528 IAANTMON - ok

12:31:44.0032 6528 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys

12:31:44.0047 6528 iaStor - ok

12:31:44.0078 6528 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

12:31:44.0125 6528 iaStorV - ok

12:31:44.0203 6528 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

12:31:44.0234 6528 idsvc - ok

12:31:44.0266 6528 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

12:31:44.0266 6528 iirsp - ok

12:31:44.0297 6528 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

12:31:44.0359 6528 IKEEXT - ok

12:31:44.0422 6528 IntcAzAudAddService (2a7cf87be453241fe0baa1c8651e7aa4) C:\Windows\system32\drivers\RTKVHD64.sys

12:31:44.0468 6528 IntcAzAudAddService - ok

12:31:44.0500 6528 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

12:31:44.0515 6528 intelide - ok

12:31:44.0531 6528 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

12:31:44.0546 6528 intelppm - ok

12:31:44.0578 6528 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

12:31:44.0624 6528 IPBusEnum - ok

12:31:44.0656 6528 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

12:31:44.0718 6528 IpFilterDriver - ok

12:31:44.0749 6528 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

12:31:44.0780 6528 IPMIDRV - ok

12:31:44.0796 6528 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

12:31:44.0858 6528 IPNAT - ok

12:31:44.0936 6528 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe

12:31:44.0952 6528 iPod Service - ok

12:31:44.0968 6528 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

12:31:45.0014 6528 IRENUM - ok

12:31:45.0030 6528 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

12:31:45.0061 6528 isapnp - ok

12:31:45.0077 6528 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

12:31:45.0124 6528 iScsiPrt - ok

12:31:45.0139 6528 JRAID (71235f7baa7e5e79d38157df7a0f806a) C:\Windows\system32\DRIVERS\jraid.sys

12:31:45.0170 6528 JRAID - ok

12:31:45.0186 6528 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

12:31:45.0202 6528 kbdclass - ok

12:31:45.0217 6528 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

12:31:45.0264 6528 kbdhid - ok

12:31:45.0311 6528 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:31:45.0326 6528 KeyIso - ok

12:31:45.0373 6528 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

12:31:45.0404 6528 KSecDD - ok

12:31:45.0436 6528 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

12:31:45.0498 6528 KSecPkg - ok

12:31:45.0498 6528 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

12:31:45.0560 6528 ksthunk - ok

12:31:45.0576 6528 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

12:31:45.0654 6528 KtmRm - ok

12:31:45.0701 6528 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

12:31:45.0748 6528 LanmanServer - ok

12:31:45.0779 6528 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

12:31:45.0810 6528 LanmanWorkstation - ok

12:31:45.0826 6528 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

12:31:45.0888 6528 lltdio - ok

12:31:45.0904 6528 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

12:31:45.0982 6528 lltdsvc - ok

12:31:45.0997 6528 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

12:31:46.0028 6528 lmhosts - ok

12:31:46.0044 6528 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

12:31:46.0060 6528 LSI_FC - ok

12:31:46.0075 6528 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

12:31:46.0091 6528 LSI_SAS - ok

12:31:46.0106 6528 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

12:31:46.0122 6528 LSI_SAS2 - ok

12:31:46.0122 6528 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

12:31:46.0138 6528 LSI_SCSI - ok

12:31:46.0153 6528 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

12:31:46.0200 6528 luafv - ok

12:31:46.0262 6528 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe

12:31:46.0278 6528 McComponentHostService - ok

12:31:46.0372 6528 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

12:31:46.0403 6528 McMPFSvc - ok

12:31:46.0403 6528 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

12:31:46.0418 6528 mcmscsvc - ok

12:31:46.0418 6528 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

12:31:46.0434 6528 McNaiAnn - ok

12:31:46.0434 6528 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

12:31:46.0450 6528 McNASvc - ok

12:31:46.0496 6528 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\McAfee\VirusScan\mcods.exe

12:31:46.0528 6528 McODS - ok

12:31:46.0528 6528 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

12:31:46.0528 6528 McProxy - ok

12:31:46.0574 6528 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

12:31:46.0574 6528 McShield - ok

12:31:46.0668 6528 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

12:31:46.0699 6528 Mcx2Svc - ok

12:31:46.0715 6528 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

12:31:46.0730 6528 megasas - ok

12:31:46.0730 6528 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

12:31:46.0746 6528 MegaSR - ok

12:31:46.0777 6528 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys

12:31:46.0777 6528 mfeapfk - ok

12:31:46.0808 6528 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys

12:31:46.0824 6528 mfeavfk - ok

12:31:46.0824 6528 mfeavfk01 - ok

12:31:46.0855 6528 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

12:31:46.0855 6528 mfefire - ok

12:31:46.0902 6528 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys

12:31:46.0902 6528 mfefirek - ok

12:31:46.0949 6528 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys

12:31:46.0964 6528 mfehidk - ok

12:31:46.0996 6528 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys

12:31:47.0058 6528 mfenlfk - ok

12:31:47.0058 6528 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys

12:31:47.0105 6528 mferkdet - ok

12:31:47.0198 6528 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

12:31:47.0214 6528 mfevtp - ok

12:31:47.0230 6528 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys

12:31:47.0245 6528 mfewfpk - ok

12:31:47.0292 6528 Microsoft SharePoint Workspace Audit Service - ok

12:31:47.0339 6528 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

12:31:47.0386 6528 MMCSS - ok

12:31:47.0401 6528 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

12:31:47.0448 6528 Modem - ok

12:31:47.0479 6528 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

12:31:47.0510 6528 monitor - ok

12:31:47.0542 6528 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

12:31:47.0557 6528 mouclass - ok

12:31:47.0573 6528 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

12:31:47.0588 6528 mouhid - ok

12:31:47.0620 6528 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

12:31:47.0620 6528 mountmgr - ok

12:31:47.0651 6528 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

12:31:47.0698 6528 mpio - ok

12:31:47.0713 6528 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

12:31:47.0760 6528 mpsdrv - ok

12:31:47.0791 6528 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

12:31:47.0869 6528 MpsSvc - ok

12:31:47.0900 6528 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

12:31:47.0947 6528 MRxDAV - ok

12:31:47.0978 6528 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

12:31:48.0025 6528 mrxsmb - ok

12:31:48.0056 6528 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

12:31:48.0088 6528 mrxsmb10 - ok

12:31:48.0119 6528 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

12:31:48.0134 6528 mrxsmb20 - ok

12:31:48.0150 6528 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

12:31:48.0166 6528 msahci - ok

12:31:48.0181 6528 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

12:31:48.0244 6528 msdsm - ok

12:31:48.0259 6528 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

12:31:48.0306 6528 MSDTC - ok

12:31:48.0337 6528 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys

12:31:48.0368 6528 MSDV - ok

12:31:48.0368 6528 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

12:31:48.0415 6528 Msfs - ok

12:31:48.0431 6528 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

12:31:48.0478 6528 mshidkmdf - ok

12:31:48.0478 6528 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

12:31:48.0493 6528 msisadrv - ok

12:31:48.0509 6528 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

12:31:48.0556 6528 MSiSCSI - ok

12:31:48.0556 6528 msiserver - ok

12:31:48.0665 6528 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

12:31:48.0680 6528 MSK80Service - ok

12:31:48.0696 6528 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

12:31:48.0758 6528 MSKSSRV - ok

12:31:48.0758 6528 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

12:31:48.0805 6528 MSPCLOCK - ok

12:31:48.0805 6528 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

12:31:48.0852 6528 MSPQM - ok

12:31:48.0883 6528 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

12:31:48.0914 6528 MsRPC - ok

12:31:48.0930 6528 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

12:31:48.0930 6528 mssmbios - ok

12:31:48.0930 6528 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

12:31:48.0977 6528 MSTEE - ok

12:31:48.0992 6528 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

12:31:49.0008 6528 MTConfig - ok

12:31:49.0024 6528 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

12:31:49.0039 6528 Mup - ok

12:31:49.0055 6528 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

12:31:49.0117 6528 napagent - ok

12:31:49.0133 6528 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

12:31:49.0164 6528 NativeWifiP - ok

12:31:49.0195 6528 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

12:31:49.0226 6528 NDIS - ok

12:31:49.0258 6528 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

12:31:49.0289 6528 NdisCap - ok

12:31:49.0304 6528 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

12:31:49.0336 6528 NdisTapi - ok

12:31:49.0367 6528 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

12:31:49.0445 6528 Ndisuio - ok

12:31:49.0460 6528 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

12:31:49.0507 6528 NdisWan - ok

12:31:49.0523 6528 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

12:31:49.0554 6528 NDProxy - ok

12:31:49.0570 6528 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

12:31:49.0632 6528 NetBIOS - ok

12:31:49.0648 6528 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

12:31:49.0679 6528 NetBT - ok

12:31:49.0710 6528 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:31:49.0726 6528 Netlogon - ok

12:31:49.0757 6528 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

12:31:49.0804 6528 Netman - ok

12:31:49.0835 6528 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

12:31:49.0882 6528 netprofm - ok

12:31:49.0928 6528 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

12:31:49.0944 6528 NetTcpPortSharing - ok

12:31:49.0960 6528 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

12:31:49.0960 6528 nfrd960 - ok

12:31:49.0975 6528 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

12:31:50.0006 6528 NlaSvc - ok

12:31:50.0022 6528 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

12:31:50.0069 6528 Npfs - ok

12:31:50.0069 6528 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

12:31:50.0116 6528 nsi - ok

12:31:50.0131 6528 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

12:31:50.0194 6528 nsiproxy - ok

12:31:50.0256 6528 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

12:31:50.0318 6528 Ntfs - ok

12:31:50.0350 6528 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

12:31:50.0412 6528 Null - ok

12:31:50.0443 6528 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys

12:31:50.0443 6528 NVHDA - ok

12:31:50.0740 6528 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys

12:31:50.0896 6528 nvlddmkm - ok

12:31:50.0974 6528 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

12:31:51.0020 6528 nvraid - ok

12:31:51.0052 6528 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

12:31:51.0067 6528 nvstor - ok

12:31:51.0098 6528 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe

12:31:51.0114 6528 nvsvc - ok

12:31:51.0208 6528 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

12:31:51.0254 6528 nvUpdatusService - ok

12:31:51.0301 6528 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

12:31:51.0332 6528 nv_agp - ok

12:31:51.0348 6528 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

12:31:51.0364 6528 ohci1394 - ok

12:31:51.0426 6528 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

12:31:51.0442 6528 ose - ok

12:31:51.0660 6528 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

12:31:51.0707 6528 osppsvc - ok

12:31:51.0785 6528 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

12:31:51.0816 6528 p2pimsvc - ok

12:31:51.0847 6528 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

12:31:51.0863 6528 p2psvc - ok

12:31:51.0894 6528 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

12:31:51.0910 6528 Parport - ok

12:31:51.0941 6528 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

12:31:51.0956 6528 partmgr - ok

12:31:51.0956 6528 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

12:31:51.0988 6528 PcaSvc - ok

12:31:52.0034 6528 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

12:31:52.0034 6528 pci - ok

12:31:52.0050 6528 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

12:31:52.0066 6528 pciide - ok

12:31:52.0081 6528 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

12:31:52.0097 6528 pcmcia - ok

12:31:52.0112 6528 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

12:31:52.0112 6528 pcw - ok

12:31:52.0144 6528 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

12:31:52.0206 6528 PEAUTH - ok

12:31:52.0253 6528 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

12:31:52.0268 6528 PerfHost - ok

12:31:52.0346 6528 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

12:31:52.0440 6528 pla - ok

12:31:52.0471 6528 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

12:31:52.0502 6528 PlugPlay - ok

12:31:52.0518 6528 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

12:31:52.0534 6528 PNRPAutoReg - ok

12:31:52.0580 6528 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

12:31:52.0596 6528 PNRPsvc - ok

12:31:52.0643 6528 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

12:31:52.0690 6528 PolicyAgent - ok

12:31:52.0705 6528 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

12:31:52.0752 6528 Power - ok

12:31:52.0799 6528 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

12:31:52.0861 6528 PptpMiniport - ok

12:31:52.0892 6528 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

12:31:52.0908 6528 Processor - ok

12:31:52.0955 6528 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

12:31:53.0002 6528 ProfSvc - ok

12:31:53.0033 6528 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:31:53.0064 6528 ProtectedStorage - ok

12:31:53.0095 6528 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

12:31:53.0158 6528 Psched - ok

12:31:53.0173 6528 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys

12:31:53.0236 6528 PSI - ok

12:31:53.0251 6528 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

12:31:53.0298 6528 PxHlpa64 - ok

12:31:53.0360 6528 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

12:31:53.0392 6528 ql2300 - ok

12:31:53.0438 6528 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

12:31:53.0454 6528 ql40xx - ok

12:31:53.0485 6528 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

12:31:53.0501 6528 QWAVE - ok

12:31:53.0516 6528 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

12:31:53.0548 6528 QWAVEdrv - ok

12:31:53.0579 6528 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

12:31:53.0626 6528 RasAcd - ok

12:31:53.0641 6528 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

12:31:53.0672 6528 RasAgileVpn - ok

12:31:53.0688 6528 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

12:31:53.0735 6528 RasAuto - ok

12:31:53.0766 6528 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

12:31:53.0813 6528 Rasl2tp - ok

12:31:53.0828 6528 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

12:31:53.0860 6528 RasMan - ok

12:31:53.0875 6528 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

12:31:53.0938 6528 RasPppoe - ok

12:31:53.0953 6528 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

12:31:53.0984 6528 RasSstp - ok

12:31:54.0016 6528 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

12:31:54.0047 6528 rdbss - ok

12:31:54.0047 6528 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

12:31:54.0062 6528 rdpbus - ok

12:31:54.0078 6528 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

12:31:54.0125 6528 RDPCDD - ok

12:31:54.0125 6528 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

12:31:54.0187 6528 RDPENCDD - ok

12:31:54.0187 6528 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

12:31:54.0234 6528 RDPREFMP - ok

12:31:54.0265 6528 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

12:31:54.0296 6528 RDPWD - ok

12:31:54.0328 6528 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

12:31:54.0343 6528 rdyboost - ok

12:31:54.0359 6528 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

12:31:54.0406 6528 RemoteAccess - ok

12:31:54.0421 6528 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

12:31:54.0468 6528 RemoteRegistry - ok

12:31:54.0593 6528 RoxMediaDB10 (05fc44d32a144925eae45570029fd6e1) c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

12:31:54.0624 6528 RoxMediaDB10 - ok

12:31:54.0640 6528 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

12:31:54.0702 6528 RpcEptMapper - ok

12:31:54.0718 6528 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

12:31:54.0733 6528 RpcLocator - ok

12:31:54.0764 6528 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

12:31:54.0796 6528 RpcSs - ok

12:31:54.0827 6528 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

12:31:54.0889 6528 rspndr - ok

12:31:54.0920 6528 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys

12:31:54.0936 6528 RSUSBSTOR - ok

12:31:54.0967 6528 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys

12:31:55.0045 6528 RTL8167 - ok

12:31:55.0045 6528 RxFilter - ok

12:31:55.0076 6528 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:31:55.0092 6528 SamSs - ok

12:31:55.0123 6528 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

12:31:55.0170 6528 sbp2port - ok

12:31:55.0186 6528 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

12:31:55.0248 6528 SCardSvr - ok

12:31:55.0279 6528 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

12:31:55.0326 6528 scfilter - ok

12:31:55.0388 6528 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

12:31:55.0482 6528 Schedule - ok

12:31:55.0498 6528 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

12:31:55.0529 6528 SCPolicySvc - ok

12:31:55.0560 6528 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

12:31:55.0622 6528 SDRSVC - ok

12:31:55.0685 6528 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

12:31:55.0716 6528 SeaPort - ok

12:31:55.0747 6528 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

12:31:55.0810 6528 secdrv - ok

12:31:55.0825 6528 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

12:31:55.0888 6528 seclogon - ok

12:31:55.0950 6528 Secunia PSI Agent (7198bbfbe46c0070257278c536386687) C:\Program Files (x86)\Secunia\PSI\PSIA.exe

12:31:55.0981 6528 Secunia PSI Agent - ok

12:31:55.0997 6528 Secunia Update Agent (d2fca567f9be87e29b9a9fa32ffe79ca) C:\Program Files (x86)\Secunia\PSI\sua.exe

12:31:56.0012 6528 Secunia Update Agent - ok

12:31:56.0075 6528 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

12:31:56.0137 6528 SENS - ok

12:31:56.0137 6528 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

12:31:56.0184 6528 SensrSvc - ok

12:31:56.0200 6528 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

12:31:56.0231 6528 Serenum - ok

12:31:56.0246 6528 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

12:31:56.0262 6528 Serial - ok

12:31:56.0293 6528 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

12:31:56.0309 6528 sermouse - ok

12:31:56.0340 6528 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

12:31:56.0402 6528 SessionEnv - ok

12:31:56.0418 6528 SessionLauncher - ok

12:31:56.0434 6528 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

12:31:56.0465 6528 sffdisk - ok

12:31:56.0480 6528 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

12:31:56.0527 6528 sffp_mmc - ok

12:31:56.0543 6528 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

12:31:56.0558 6528 sffp_sd - ok

12:31:56.0574 6528 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

12:31:56.0574 6528 sfloppy - ok

12:31:56.0652 6528 SftService (16a5cc62f79a32a974b55110a898945c) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

12:31:56.0668 6528 SftService - ok

12:31:56.0683 6528 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

12:31:56.0746 6528 SharedAccess - ok

12:31:56.0792 6528 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

12:31:56.0824 6528 ShellHWDetection - ok

12:31:56.0855 6528 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

12:31:56.0870 6528 SiSRaid2 - ok

12:31:56.0886 6528 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

12:31:56.0902 6528 SiSRaid4 - ok

12:31:56.0917 6528 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

12:31:56.0948 6528 Smb - ok

12:31:56.0980 6528 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

12:31:56.0995 6528 SNMPTRAP - ok

12:31:57.0011 6528 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

12:31:57.0026 6528 spldr - ok

12:31:57.0042 6528 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

12:31:57.0089 6528 Spooler - ok

12:31:57.0198 6528 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

12:31:57.0260 6528 sppsvc - ok

12:31:57.0307 6528 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

12:31:57.0370 6528 sppuinotify - ok

12:31:57.0401 6528 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

12:31:57.0416 6528 sprtsvc_DellSupportCenter - ok

12:31:57.0448 6528 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

12:31:57.0526 6528 srv - ok

12:31:57.0557 6528 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

12:31:57.0588 6528 srv2 - ok

12:31:57.0604 6528 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

12:31:57.0635 6528 srvnet - ok

12:31:57.0650 6528 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

12:31:57.0697 6528 SSDPSRV - ok

12:31:57.0713 6528 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

12:31:57.0744 6528 SstpSvc - ok

12:31:57.0806 6528 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

12:31:57.0838 6528 Stereo Service - ok

12:31:57.0853 6528 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

12:31:57.0869 6528 stexstor - ok

12:31:57.0884 6528 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

12:31:57.0947 6528 stisvc - ok

12:31:58.0009 6528 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

12:31:58.0025 6528 stllssvr - ok

12:31:58.0040 6528 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

12:31:58.0072 6528 swenum - ok

12:31:58.0087 6528 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

12:31:58.0134 6528 swprv - ok

12:31:58.0196 6528 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

12:31:58.0259 6528 SysMain - ok

12:31:58.0321 6528 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

12:31:58.0352 6528 TabletInputService - ok

12:31:58.0368 6528 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

12:31:58.0399 6528 TapiSrv - ok

12:31:58.0415 6528 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

12:31:58.0462 6528 TBS - ok

12:31:58.0540 6528 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

12:31:58.0571 6528 Tcpip - ok

12:31:58.0649 6528 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

12:31:58.0696 6528 TCPIP6 - ok

12:31:58.0758 6528 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

12:31:58.0805 6528 tcpipreg - ok

12:31:58.0836 6528 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

12:31:58.0867 6528 TDPIPE - ok

12:31:58.0898 6528 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

12:31:58.0930 6528 TDTCP - ok

12:31:58.0961 6528 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

12:31:59.0008 6528 tdx - ok

12:31:59.0023 6528 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

12:31:59.0039 6528 TermDD - ok

12:31:59.0070 6528 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

12:31:59.0132 6528 TermService - ok

12:31:59.0132 6528 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

12:31:59.0179 6528 Themes - ok

12:31:59.0210 6528 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

12:31:59.0242 6528 THREADORDER - ok

12:31:59.0257 6528 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

12:31:59.0304 6528 TrkWks - ok

12:31:59.0335 6528 truecrypt (8de922cd4fea6f83b10805df965b9a08) C:\Windows\system32\drivers\truecrypt.sys

12:31:59.0351 6528 truecrypt - ok

12:31:59.0382 6528 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

12:31:59.0429 6528 TrustedInstaller - ok

12:31:59.0460 6528 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

12:31:59.0491 6528 tssecsrv - ok

12:31:59.0522 6528 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

12:31:59.0554 6528 TsUsbFlt - ok

12:31:59.0585 6528 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

12:31:59.0632 6528 tunnel - ok

12:31:59.0647 6528 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

12:31:59.0663 6528 uagp35 - ok

12:31:59.0678 6528 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

12:31:59.0725 6528 udfs - ok

12:31:59.0741 6528 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

12:31:59.0756 6528 UI0Detect - ok

12:31:59.0788 6528 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

12:31:59.0803 6528 uliagpkx - ok

12:31:59.0819 6528 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

12:31:59.0866 6528 umbus - ok

12:31:59.0881 6528 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

12:31:59.0897 6528 UmPass - ok

12:31:59.0928 6528 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

12:31:59.0990 6528 upnphost - ok

12:32:00.0022 6528 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

12:32:00.0053 6528 USBAAPL64 - ok

12:32:00.0068 6528 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

12:32:00.0084 6528 usbccgp - ok

12:32:00.0115 6528 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

12:32:00.0131 6528 usbcir - ok

12:32:00.0146 6528 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

12:32:00.0178 6528 usbehci - ok

12:32:00.0193 6528 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

12:32:00.0287 6528 usbhub - ok

12:32:00.0302 6528 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

12:32:00.0365 6528 usbohci - ok

12:32:00.0380 6528 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

12:32:00.0412 6528 usbprint - ok

12:32:00.0427 6528 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

12:32:00.0474 6528 USBSTOR - ok

12:32:00.0505 6528 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

12:32:00.0568 6528 usbuhci - ok

12:32:00.0583 6528 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

12:32:00.0646 6528 UxSms - ok

12:32:00.0661 6528 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:32:00.0677 6528 VaultSvc - ok

12:32:00.0692 6528 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

12:32:00.0708 6528 vdrvroot - ok

12:32:00.0739 6528 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

12:32:00.0833 6528 vds - ok

12:32:00.0864 6528 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

12:32:00.0880 6528 vga - ok

12:32:00.0880 6528 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

12:32:00.0926 6528 VgaSave - ok

12:32:00.0942 6528 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

12:32:00.0958 6528 vhdmp - ok

12:32:00.0973 6528 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

12:32:00.0989 6528 viaide - ok

12:32:00.0989 6528 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

12:32:01.0036 6528 volmgr - ok

12:32:01.0067 6528 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

12:32:01.0098 6528 volmgrx - ok

12:32:01.0114 6528 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

12:32:01.0160 6528 volsnap - ok

12:32:01.0176 6528 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

12:32:01.0207 6528 vsmraid - ok

12:32:01.0270 6528 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

12:32:01.0332 6528 VSS - ok

12:32:01.0394 6528 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

12:32:01.0441 6528 vwifibus - ok

12:32:01.0457 6528 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

12:32:01.0519 6528 W32Time - ok

12:32:01.0535 6528 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

12:32:01.0550 6528 WacomPen - ok

12:32:01.0550 6528 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

12:32:01.0613 6528 WANARP - ok

12:32:01.0613 6528 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

12:32:01.0644 6528 Wanarpv6 - ok

12:32:01.0691 6528 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

12:32:01.0738 6528 WatAdminSvc - ok

12:32:01.0800 6528 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

12:32:01.0831 6528 wbengine - ok

12:32:01.0878 6528 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

12:32:01.0909 6528 WbioSrvc - ok

12:32:01.0956 6528 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

12:32:02.0018 6528 wcncsvc - ok

12:32:02.0050 6528 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

12:32:02.0081 6528 WcsPlugInService - ok

12:32:02.0096 6528 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

12:32:02.0112 6528 Wd - ok

12:32:02.0128 6528 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

12:32:02.0143 6528 Wdf01000 - ok

12:32:02.0159 6528 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

12:32:02.0206 6528 WdiServiceHost - ok

12:32:02.0206 6528 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

12:32:02.0237 6528 WdiSystemHost - ok

12:32:02.0252 6528 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

12:32:02.0284 6528 WebClient - ok

12:32:02.0299 6528 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

12:32:02.0346 6528 Wecsvc - ok

12:32:02.0377 6528 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

12:32:02.0440 6528 wercplsupport - ok

12:32:02.0455 6528 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

12:32:02.0502 6528 WerSvc - ok

12:32:02.0518 6528 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

12:32:02.0564 6528 WfpLwf - ok

12:32:02.0596 6528 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

12:32:02.0611 6528 WimFltr - ok

12:32:02.0627 6528 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

12:32:02.0642 6528 WIMMount - ok

12:32:02.0642 6528 WinHttpAutoProxySvc - ok

12:32:02.0689 6528 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

12:32:02.0736 6528 Winmgmt - ok

12:32:02.0814 6528 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

12:32:02.0892 6528 WinRM - ok

12:32:02.0970 6528 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

12:32:03.0001 6528 WinUsb - ok

12:32:03.0017 6528 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

12:32:03.0079 6528 Wlansvc - ok

12:32:03.0204 6528 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

12:32:03.0235 6528 wlidsvc - ok

12:32:03.0313 6528 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

12:32:03.0329 6528 WmiAcpi - ok

12:32:03.0344 6528 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

12:32:03.0376 6528 wmiApSrv - ok

12:32:03.0391 6528 WMPNetworkSvc - ok

12:32:03.0407 6528 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

12:32:03.0422 6528 WPCSvc - ok

12:32:03.0469 6528 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

12:32:03.0500 6528 WPDBusEnum - ok

12:32:03.0500 6528 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

12:32:03.0594 6528 ws2ifsl - ok

12:32:03.0610 6528 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

12:32:03.0641 6528 wscsvc - ok

12:32:03.0641 6528 WSearch - ok

12:32:03.0734 6528 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

12:32:03.0781 6528 wuauserv - ok

12:32:03.0828 6528 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

12:32:03.0922 6528 WudfPf - ok

12:32:03.0922 6528 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

12:32:03.0984 6528 WUDFRd - ok

12:32:04.0015 6528 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

12:32:04.0062 6528 wudfsvc - ok

12:32:04.0078 6528 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

12:32:04.0093 6528 WwanSvc - ok

12:32:04.0109 6528 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0

12:32:04.0327 6528 \Device\Harddisk0\DR0 - ok

12:32:04.0327 6528 Boot (0x1200) (1b2fc8aa85aaff0685a7463cd6a9b34c) \Device\Harddisk0\DR0\Partition0

12:32:04.0327 6528 \Device\Harddisk0\DR0\Partition0 - ok

12:32:04.0358 6528 Boot (0x1200) (698d3e72a01e75390da4f0a95291681b) \Device\Harddisk0\DR0\Partition1

12:32:04.0358 6528 \Device\Harddisk0\DR0\Partition1 - ok

12:32:04.0358 6528 ============================================================

12:32:04.0358 6528 Scan finished

12:32:04.0358 6528 ============================================================

12:32:04.0358 4296 Detected object count: 1

12:32:04.0358 4296 Actual detected object count: 1

12:33:10.0721 4296 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user

12:33:10.0721 4296 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Please do not run tools more than once....unless I had asked you to. If you ever have questions, or need clarification, please Stop and ask first.

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member Kana only. If you are a casual viewer, do NOT try this on your system!

If you are not and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh !

Reply & attach the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

Link to post
Share on other sites
Kana

Kana

Posted
  • Author
Posted (edited)

sorry that was the one the combofix left open on notepad. Here is the C:\Combofix.txt.

ComboFix 12-07-27.02 - Sean 07/26/2012 13:28:47.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6240 [GMT -7:00]

Running from: c:\users\Sean\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\windows\assembly\GAC_64\Desktop.ini

.

.

((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 )))))))))))))))))))))))))))))))

.

.

2012-07-26 20:35 . 2012-07-26 20:35 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-07-25 00:27 . 2012-07-25 00:28 -------- d-----w- c:\program files (x86)\ERUNT

2012-07-24 04:09 . 2012-07-24 04:09 -------- d-----w- c:\program files (x86)\YouTube Downloader Toolbar

2012-07-24 04:09 . 2012-07-24 04:09 -------- d-----w- c:\program files (x86)\Application Updater

2012-07-24 04:09 . 2012-07-24 04:09 -------- d-----w- c:\program files (x86)\Common Files\Spigot

2012-07-24 03:02 . 2012-07-24 03:02 -------- d-----w- C:\FRST

2012-07-22 20:20 . 2012-07-22 20:20 16200 ----a-w- c:\windows\stinger.sys

2012-07-22 20:20 . 2012-07-22 20:24 -------- d-----w- c:\program files (x86)\stinger

2012-07-22 19:14 . 2012-07-22 19:14 -------- d-----w- c:\programdata\Sophos

2012-07-22 11:05 . 2012-07-22 11:05 -------- d-----w- c:\program files (x86)\ESET

2012-07-22 10:20 . 2012-07-22 10:20 12872 ----a-w- c:\windows\system32\bootdelete.exe

2012-07-22 10:15 . 2012-07-22 16:55 -------- d-----w- c:\program files\HitmanPro

2012-07-22 10:11 . 2012-07-22 10:20 -------- d-----w- c:\programdata\HitmanPro

2012-07-22 08:33 . 2012-07-22 08:33 -------- d-----w- c:\users\Sean\AppData\Roaming\Roxio

2012-07-21 09:07 . 2012-07-21 09:07 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-07-11 10:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-01 00:03 . 2012-05-26 00:09 29312 ----a-w- c:\program files (x86)\Mozilla Firefox\ScriptFF.dll

2012-06-30 01:44 . 2012-06-30 01:44 -------- d-----w- c:\windows\en

2012-06-30 01:42 . 2012-06-30 01:42 -------- d-----w- c:\program files\Windows Live

2012-06-30 01:41 . 2012-06-30 01:41 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-06-30 01:31 . 2012-06-30 01:31 7450888 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\107d49831cd566004\bingbarsetup.exe

2012-06-30 01:31 . 2012-06-30 01:31 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\b0d8fa11cd566003\MeshBetaRemover.exe

2012-06-30 01:31 . 2012-06-30 01:31 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7d392221cd566002\DSETUP.dll

2012-06-30 01:31 . 2012-06-30 01:31 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7d392221cd566002\DXSETUP.exe

2012-06-30 01:31 . 2012-06-30 01:31 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7d392221cd566002\dsetup32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-12 05:31 . 2012-03-31 20:01 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-12 05:31 . 2011-05-14 07:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-11 10:01 . 2010-04-11 05:22 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-03 20:46 . 2010-04-12 03:51 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-02 22:19 . 2012-06-22 19:12 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 19:12 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-22 19:12 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 19:12 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 19:12 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 22:19 . 2012-06-22 19:12 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-22 19:12 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-22 19:12 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 22:15 . 2012-06-22 19:12 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-05-15 04:01 . 2012-06-13 14:29 1188864 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 03:59 . 2012-06-13 14:29 64512 ----a-w- c:\windows\system32\jsproxy.dll

2012-05-15 03:03 . 2012-06-13 14:29 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2012-05-04 11:06 . 2012-06-13 14:28 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 10:03 . 2012-06-13 14:28 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03 . 2012-06-13 14:28 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40 . 2012-06-13 14:28 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-04-28 03:55 . 2012-06-13 14:28 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CAHeadless"="c:\program files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe" [2009-09-18 615808]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-10 98304]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]

"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]

"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-07-19 1091976]

.

c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

c:\users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-1-10 291896]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]

R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-18 6853632]

R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-18 263680]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-11 1255736]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]

S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-18 203264]

S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-07-19 792512]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2012-07-22 108392]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2012-03-20 162192]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-01-10 993848]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-01-10 399416]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-12-02 656624]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 05:31]

.

2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2336530531-3346422161-3029251777-1003Core.job

- c:\users\DJ\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-22 18:04]

.

2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2336530531-3346422161-3029251777-1003UA.job

- c:\users\DJ\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-22 18:04]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-03 8158240]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{F9907F90-D25C-462D-A2D4-A23B67D8A209}: NameServer = 208.67.222.222,208.67.220.220

FF - ProfilePath - c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\uw4visyg.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=

FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2336530531-3346422161-3029251777-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2336530531-3346422161-3029251777-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe

.

**************************************************************************

.

Completion time: 2012-07-26 14:13:14 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-26 21:13

.

Pre-Run: 601,384,566,784 bytes free

Post-Run: 601,431,236,608 bytes free

.

- - End Of File - - 2E1E48B2F4F11C438AA199BA2B5520E4

Edited by Maurice Naggar
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Result from Combofix is promising.

This system needs 3 updates, for security-related issues: Java, Adobe Reader, & Firefox.

Start Firefox. Use Help >> About Firefox >> Check for Updates. Allow update to be applied.

Older versions of Adobe Reader pose a potential security risk.

De-install your Adobe Reader: Use Control Panel's Program and Features, Un-install Adobe Reader.

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

javaicon.gifYour Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of >> Windows Offline << from here and save it to your desktop.
  • Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
  • Close any programs you may have running - especially your web browser(s).
  • Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u5-windows-i586.exe to install the newest version.
    ( jre-7u5-windows-x64.exe if this is a 64-bit Windows o.s.)

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml

When all is well, you should see Java Version: Java 7 Update 5 from Sun Microsystems Inc.

Online scan at F-Secure

Turn off your antivirus so that it does not interfere. Leave your firewall on.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Please perform this online scan: F-Secure Online Scanner

The online scanner is on the bottom right of the page.

Follow the directions in the F-Secure page for proper Installation.

You may receive an alert on the address bar at this point to install the ActiveX control.

Click on that alert and then click "Install ActiveX component".

Read the license agreement and click "Accept".

Click "Custom Scan" and be sure the following are checked:

  • Scan whole System
  • Scan all files
  • Scan whole system for rootkits
  • Scan whole system for spyware
  • Use advanced heuristics

When the scan completes, click the "I want to decide item by item" button.

For each item found, Select "Disinfect" and click "Next".

When done, click the "Show Report" button, then copy and paste the entire report into your next reply :excl:

Re-enable your antivirus.

Tell me, How is the system now ?

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.