Jump to content

winrscmde infection can anyone help?


Recommended Posts

It appears my computer is infected. The fan started spooling up today so I satrted digging and found that there was cpu spikes, and there where a bunch of network connections to ip addresses i did not know. I shut off the internet connection and everything died down. Every time I connect it all starts again. I am not sure where I picked this up but I am afraid to do anything on this pc now. Can anyone tell me where to start?

Link to post
Share on other sites

Hy

my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Download DDS and save it to your desktop from here.

Double click DDS to run the tool and press Start

Don't change any stettings without instruction

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Please post both in your next reply. ( They will be saved on your desktop )

Link to post
Share on other sites

Daniel, thanks for helping. Here are the logs requested:

DDS:

DDS (Ver_2012-11-07.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.5.1

Run by aviator8 at 13:28:05 on 2012-11-17

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4004.2765 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\WLANExt.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files (x86)\Skype\Updater\Updater.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\System32\vds.exe

C:\windows\system32\svchost.exe -k bthsvcs

C:\windows\system32\taskhost.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\taskeng.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

"C:\Users\aviator8\AppData\Roaming\System\svchost.exe" 3

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\SearchProtocolHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\system32\SearchFilterHost.exe

C:\Windows\system32\WUDFHost.exe

\\.\globalroot\systemroot\svchost.exe -netsvcs

C:\windows\SysWOW64\RunDll32.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

\\?\C:\windows\system32\wbem\WMIADAP.EXE

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.excite.com/

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DealCabby: {2D311D87-E36C-47A4-BF28-B31B48DE9773} - C:\Users\aviator8\AppData\Local\dealcabby\ie\dealcabby_20121004075001.dll

BHO: AwardWallet: {6AB2B33D-A637-2F56-41D1-414D72009665} - C:\Program Files (x86)\AwardWallet\bho32.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Facebook Update] "C:\Users\aviator8\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [Google Update] "C:\Users\aviator8\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Windows Services Host] "C:\Users\aviator8\AppData\Roaming\System\svchost.exe" 3

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot

mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"

mRunOnce: [sTToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: NameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{8BF80D3B-3484-4C58-9762-E0CDFCB8A3D2} : DHCPNameServer = 172.6.1.161

TCP: Interfaces\{C6ADE2D9-95D4-40FF-81A7-242EC8CD10C7} : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{C6ADE2D9-95D4-40FF-81A7-242EC8CD10C7}\24F696E676F60284F6473707F647 : DHCPNameServer = 10.1.0.1

TCP: Interfaces\{C6ADE2D9-95D4-40FF-81A7-242EC8CD10C7}\66C697E6F62766F6C6B6 : DHCPNameServer = 10.1.0.1

TCP: Interfaces\{C6ADE2D9-95D4-40FF-81A7-242EC8CD10C7}\74564716771697 : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe

x64-Run: [stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet

x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.excite.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\aviator8\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\aviator8\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2012-10-03 20:03; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2012-3-3 55856]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-3-3 89600]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]

R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-3-3 689472]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]

R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

R3 BTWAMPFL;BTWAMPFL;C:\windows\System32\drivers\btwampfl.sys [2012-3-3 349736]

R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2012-3-3 39464]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2012-3-3 176096]

R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-3-4 317440]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-3-3 533096]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-3 13336]

S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-3 2656280]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-3-4 250984]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-7-10 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-11-17 17:25:11 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F2B00DF7-BCB7-49F0-A019-3105EE929862}\offreg.dll

2012-11-17 16:51:33 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F2B00DF7-BCB7-49F0-A019-3105EE929862}\mpengine.dll

2012-11-11 01:21:09 20480 ----a-w- C:\windows\svchost.exe

2012-11-11 01:19:20 5632 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\1EC2.tmp

2012-11-11 01:19:20 5632 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\1EC1.tmp

2012-11-03 03:42:25 -------- d-----w- C:\Users\aviator8\AppData\Roaming\System

.

==================== Find3M ====================

.

2012-10-09 15:45:03 696760 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-10-09 15:45:02 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-09 03:51:09 10220472 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe

2012-09-14 19:19:29 2048 ----a-w- C:\windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2012-08-31 18:19:35 1659760 ----a-w- C:\windows\System32\drivers\ntfs.sys

2012-08-30 18:03:45 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-08-30 17:12:02 3968880 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12:02 3914096 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-08-24 18:05:07 220160 ----a-w- C:\windows\System32\wintrust.dll

2012-08-24 16:57:48 172544 ----a-w- C:\windows\SysWow64\wintrust.dll

2012-08-24 10:31:32 2312704 ----a-w- C:\windows\System32\jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:\windows\System32\vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:\windows\SysWow64\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-08-22 18:12:50 1913200 ----a-w- C:\windows\System32\drivers\tcpip.sys

2012-08-22 18:12:40 950128 ----a-w- C:\windows\System32\drivers\ndis.sys

2012-08-22 18:12:40 376688 ----a-w- C:\windows\System32\drivers\netio.sys

2012-08-22 18:12:33 288624 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS

2012-08-21 21:01:00 245760 ----a-w- C:\windows\System32\OxpsConverter.exe

2012-08-20 18:48:44 362496 ----a-w- C:\windows\System32\wow64win.dll

2012-08-20 18:48:44 243200 ----a-w- C:\windows\System32\wow64.dll

2012-08-20 18:48:44 13312 ----a-w- C:\windows\System32\wow64cpu.dll

2012-08-20 18:48:43 215040 ----a-w- C:\windows\System32\winsrv.dll

2012-08-20 18:48:37 16384 ----a-w- C:\windows\System32\ntvdm64.dll

2012-08-20 18:48:35 424448 ----a-w- C:\windows\System32\KernelBase.dll

2012-08-20 18:46:22 338432 ----a-w- C:\windows\System32\conhost.exe

2012-08-20 17:40:21 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll

2012-08-20 17:38:44 44032 ----a-w- C:\windows\apppatch\acwow64.dll

2012-08-20 17:38:26 25600 ----a-w- C:\windows\SysWow64\setup16.exe

2012-08-20 17:37:19 5120 ----a-w- C:\windows\SysWow64\wow32.dll

2012-08-20 17:37:18 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll

2012-08-20 15:38:21 7680 ----a-w- C:\windows\SysWow64\instnm.exe

2012-08-20 15:38:20 2048 ----a-w- C:\windows\SysWow64\user.exe

2012-08-20 15:33:28 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33:28 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33:28 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33:28 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 13:28:53.47 ===============

Attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-07.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 7/8/2012 8:44:54 PM

System Uptime: 11/17/2012 1:26:13 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 01HXXJ

Processor: Intel® Core i3-2350M CPU @ 2.30GHz | CPU 1 | 2300/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 414.25 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP18: 9/4/2012 1:44:29 PM - Windows Update

RP19: 9/8/2012 8:47:01 PM - Windows Update

RP20: 9/9/2012 1:28:03 PM - Installed Remote Control USB Driver

RP21: 9/9/2012 1:28:27 PM - Installed Logitech Harmony Remote Software 7

RP22: 9/17/2012 2:07:01 AM - Windows Update

RP23: 9/18/2012 3:00:44 AM - Windows Update

RP24: 9/26/2012 10:47:06 PM - Windows Update

RP25: 9/26/2012 10:47:37 PM - Scheduled Checkpoint

RP26: 9/27/2012 3:00:23 AM - Windows Update

RP27: 10/1/2012 1:21:02 PM - Windows Update

RP28: 10/5/2012 4:43:47 AM - Windows Update

RP29: 10/9/2012 10:34:14 PM - Windows Update

RP30: 10/11/2012 3:00:55 AM - Windows Update

RP31: 11/2/2012 11:41:18 PM - Windows Update

RP32: 11/10/2012 8:24:23 PM - Windows Update

RP33: 11/13/2012 9:07:13 PM - Windows Update

RP34: 11/17/2012 11:50:40 AM - Windows Update

.

==== Installed Programs ======================

.

Accidental Damage Services Agreement

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X MUI

Advanced Audio FX Engine

AwardWallet (remove only)

Banctec Service Agreement

Bing Bar

Blio

Complete Care Business Service Agreement

Consumer In-Home Service Agreement

D3DX10

DealCabby

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Edoc Viewer

Dell Getting Started Guide

Dell Home Systems Service Agreement

Dell MusicStage

Dell PhotoStage

Dell Product Registration

Dell Stage

Dell Stage Remote

Dell Support Center

Dell Touchpad

Dell VideoStage

Dell Webcam Central

DirectX 9 Runtime

DW WLAN Card

Facebook Video Calling 1.2.0.287

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

IDT Audio

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Java Auto Updater

Java 7 Update 1 (64-bit)

Java 7 Update 5

JavaFX 2.1.1

Junk Mail filter update

Logitech Harmony Remote Software 7

McAfee Security Scan Plus

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox 15.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

PhotoShowExpress

PlayReady PC Runtime x86

Premium Service Agreement

QualxServ Service Agreement

Quickset64

RBVirtualFolder64Inst

Realtek Ethernet Controller Driver

Realtek USB 2.0 Card Reader

Remote Control USB Driver

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Roxio File Backup

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Skype Click to Call

Skype™ 5.10

Sonic CinePlayer Decoder Pack

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

WIDCOMM Bluetooth Software

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Zinio Reader 4

.

==== Event Viewer Messages From Past Week ========

.

11/17/2012 12:21:09 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

11/17/2012 12:21:09 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.

11/17/2012 12:21:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

11/17/2012 1:26:32 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MfeFire. This service might not be installed.

.

==== End Of File ===========================

Link to post
Share on other sites

You are welcome.

I need a second log to analyze your System before we move on to fix it.

Btw, do you have an USB Stick handy ?

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

Link to post
Share on other sites

Yes I do have a usb stick. I am using it to go back and forth, as I am keeping the problem pc offline until i am sure it is safe. Here are the results, looks like a rootkit:

14:26:23.0640 2028 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

14:26:23.0656 2028 ============================================================

14:26:23.0656 2028 Current date / time: 2012/11/17 14:26:23.0656

14:26:23.0656 2028 SystemInfo:

14:26:23.0656 2028

14:26:23.0656 2028 OS Version: 6.1.7601 ServicePack: 1.0

14:26:23.0656 2028 Product type: Workstation

14:26:23.0656 2028 ComputerName: AVIATOR8-PC

14:26:23.0656 2028 UserName: aviator8

14:26:23.0656 2028 Windows directory: C:\windows

14:26:23.0656 2028 System windows directory: C:\windows

14:26:23.0656 2028 Running under WOW64

14:26:23.0656 2028 Processor architecture: Intel x64

14:26:23.0656 2028 Number of processors: 4

14:26:23.0656 2028 Page size: 0x1000

14:26:23.0656 2028 Boot type: Normal boot

14:26:23.0656 2028 ============================================================

14:26:23.0952 2028 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

14:26:23.0968 2028 Drive \Device\Harddisk1\DR2 - Size: 0x1E2000000 (7.53 Gb), SectorSize: 0x200, Cylinders: 0x3D7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

14:26:23.0968 2028 ============================================================

14:26:23.0968 2028 \Device\Harddisk0\DR0:

14:26:23.0968 2028 MBR partitions:

14:26:23.0968 2028 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000

14:26:23.0968 2028 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030

14:26:23.0968 2028 \Device\Harddisk1\DR2:

14:26:23.0968 2028 MBR partitions:

14:26:23.0968 2028 ============================================================

14:26:23.0999 2028 C: <-> \Device\Harddisk0\DR0\Partition2

14:26:23.0999 2028 ============================================================

14:26:23.0999 2028 Initialize success

14:26:23.0999 2028 ============================================================

14:26:27.0026 4112 ============================================================

14:26:27.0026 4112 Scan started

14:26:27.0026 4112 Mode: Manual;

14:26:27.0026 4112 ============================================================

14:26:27.0322 4112 ================ Scan system memory ========================

14:26:27.0322 4112 System memory - ok

14:26:27.0322 4112 ================ Scan services =============================

14:26:27.0462 4112 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys

14:26:27.0462 4112 1394ohci - ok

14:26:27.0556 4112 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys

14:26:27.0556 4112 ACPI - ok

14:26:27.0587 4112 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys

14:26:27.0603 4112 AcpiPmi - ok

14:26:27.0743 4112 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

14:26:27.0759 4112 AdobeFlashPlayerUpdateSvc - ok

14:26:27.0790 4112 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys

14:26:27.0806 4112 adp94xx - ok

14:26:27.0837 4112 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys

14:26:27.0852 4112 adpahci - ok

14:26:27.0868 4112 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys

14:26:27.0868 4112 adpu320 - ok

14:26:27.0962 4112 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll

14:26:27.0962 4112 AeLookupSvc - ok

14:26:28.0040 4112 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe

14:26:28.0055 4112 AESTFilters - ok

14:26:28.0118 4112 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys

14:26:28.0118 4112 AFD - ok

14:26:28.0211 4112 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys

14:26:28.0211 4112 agp440 - ok

14:26:28.0242 4112 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe

14:26:28.0242 4112 ALG - ok

14:26:28.0258 4112 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys

14:26:28.0258 4112 aliide - ok

14:26:28.0274 4112 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys

14:26:28.0274 4112 amdide - ok

14:26:28.0274 4112 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys

14:26:28.0289 4112 AmdK8 - ok

14:26:28.0289 4112 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys

14:26:28.0289 4112 AmdPPM - ok

14:26:28.0367 4112 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys

14:26:28.0367 4112 amdsata - ok

14:26:28.0383 4112 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys

14:26:28.0383 4112 amdsbs - ok

14:26:28.0398 4112 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys

14:26:28.0398 4112 amdxata - ok

14:26:28.0461 4112 [ 6690E42CED5D067233ABAD42DA141213 ] ApfiltrService C:\windows\system32\DRIVERS\Apfiltr.sys

14:26:28.0461 4112 ApfiltrService - ok

14:26:28.0570 4112 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys

14:26:28.0570 4112 AppID - ok

14:26:28.0601 4112 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll

14:26:28.0601 4112 AppIDSvc - ok

14:26:28.0648 4112 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll

14:26:28.0648 4112 Appinfo - ok

14:26:28.0664 4112 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys

14:26:28.0664 4112 arc - ok

14:26:28.0695 4112 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys

14:26:28.0695 4112 arcsas - ok

14:26:28.0804 4112 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

14:26:28.0804 4112 aspnet_state - ok

14:26:28.0820 4112 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys

14:26:28.0820 4112 AsyncMac - ok

14:26:28.0866 4112 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys

14:26:28.0866 4112 atapi - ok

14:26:28.0929 4112 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll

14:26:28.0929 4112 AudioEndpointBuilder - ok

14:26:28.0944 4112 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll

14:26:28.0944 4112 AudioSrv - ok

14:26:28.0976 4112 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll

14:26:28.0976 4112 AxInstSV - ok

14:26:29.0022 4112 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys

14:26:29.0038 4112 b06bdrv - ok

14:26:29.0069 4112 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys

14:26:29.0069 4112 b57nd60a - ok

14:26:29.0163 4112 [ 87F3BCF82A63E900AF896CD930BF7E05 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

14:26:29.0163 4112 BBSvc - ok

14:26:29.0194 4112 [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

14:26:29.0194 4112 BBUpdate - ok

14:26:29.0334 4112 [ 783F1C7ED6B39454A8D1028D4F30768D ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys

14:26:29.0412 4112 BCM43XX - ok

14:26:29.0459 4112 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll

14:26:29.0459 4112 BDESVC - ok

14:26:29.0490 4112 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys

14:26:29.0490 4112 Beep - ok

14:26:29.0568 4112 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll

14:26:29.0568 4112 BFE - ok

14:26:29.0615 4112 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll

14:26:29.0615 4112 BITS - ok

14:26:29.0646 4112 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys

14:26:29.0646 4112 blbdrive - ok

14:26:29.0678 4112 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys

14:26:29.0678 4112 bowser - ok

14:26:29.0693 4112 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys

14:26:29.0693 4112 BrFiltLo - ok

14:26:29.0709 4112 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys

14:26:29.0709 4112 BrFiltUp - ok

14:26:29.0740 4112 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll

14:26:29.0740 4112 Browser - ok

14:26:29.0771 4112 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys

14:26:29.0771 4112 Brserid - ok

14:26:29.0771 4112 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys

14:26:29.0771 4112 BrSerWdm - ok

14:26:29.0771 4112 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys

14:26:29.0771 4112 BrUsbMdm - ok

14:26:29.0787 4112 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys

14:26:29.0787 4112 BrUsbSer - ok

14:26:29.0818 4112 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys

14:26:29.0818 4112 BthEnum - ok

14:26:29.0849 4112 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys

14:26:29.0849 4112 BTHMODEM - ok

14:26:29.0880 4112 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys

14:26:29.0880 4112 BthPan - ok

14:26:29.0943 4112 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys

14:26:29.0943 4112 BTHPORT - ok

14:26:29.0990 4112 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll

14:26:29.0990 4112 bthserv - ok

14:26:30.0021 4112 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys

14:26:30.0021 4112 BTHUSB - ok

14:26:30.0099 4112 [ A0DFB69ADE3444C78B17636FCF28E898 ] BTWAMPFL C:\windows\system32\DRIVERS\btwampfl.sys

14:26:30.0099 4112 BTWAMPFL - ok

14:26:30.0146 4112 [ F6135859A582A7294BA7A3336E08BAA1 ] btwaudio C:\windows\system32\drivers\btwaudio.sys

14:26:30.0146 4112 btwaudio - ok

14:26:30.0161 4112 [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt C:\windows\system32\DRIVERS\btwavdt.sys

14:26:30.0161 4112 btwavdt - ok

14:26:30.0239 4112 [ B7DEA77EE893806859072274EE8EC8FC ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

14:26:30.0239 4112 btwdins - ok

14:26:30.0270 4112 [ 9AD0FA253ED531D39FB2D74FE12A5FA9 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys

14:26:30.0286 4112 btwl2cap - ok

14:26:30.0302 4112 [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys

14:26:30.0317 4112 btwrchid - ok

14:26:30.0333 4112 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys

14:26:30.0333 4112 cdfs - ok

14:26:30.0395 4112 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys

14:26:30.0395 4112 cdrom - ok

14:26:30.0442 4112 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll

14:26:30.0442 4112 CertPropSvc - ok

14:26:30.0473 4112 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys

14:26:30.0489 4112 circlass - ok

14:26:30.0504 4112 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys

14:26:30.0504 4112 CLFS - ok

14:26:30.0582 4112 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:26:30.0598 4112 clr_optimization_v2.0.50727_32 - ok

14:26:30.0629 4112 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

14:26:30.0629 4112 clr_optimization_v2.0.50727_64 - ok

14:26:30.0692 4112 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:26:30.0692 4112 clr_optimization_v4.0.30319_32 - ok

14:26:30.0723 4112 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

14:26:30.0723 4112 clr_optimization_v4.0.30319_64 - ok

14:26:30.0770 4112 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys

14:26:30.0770 4112 CmBatt - ok

14:26:30.0785 4112 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys

14:26:30.0785 4112 cmdide - ok

14:26:30.0832 4112 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys

14:26:30.0832 4112 CNG - ok

14:26:30.0879 4112 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys

14:26:30.0879 4112 Compbatt - ok

14:26:30.0894 4112 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys

14:26:30.0894 4112 CompositeBus - ok

14:26:30.0894 4112 COMSysApp - ok

14:26:30.0910 4112 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys

14:26:30.0910 4112 crcdisk - ok

14:26:30.0957 4112 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll

14:26:30.0957 4112 CryptSvc - ok

14:26:31.0019 4112 [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt C:\windows\system32\DRIVERS\CtClsFlt.sys

14:26:31.0019 4112 CtClsFlt - ok

14:26:31.0050 4112 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll

14:26:31.0050 4112 DcomLaunch - ok

14:26:31.0082 4112 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll

14:26:31.0082 4112 defragsvc - ok

14:26:31.0113 4112 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys

14:26:31.0113 4112 DfsC - ok

14:26:31.0160 4112 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll

14:26:31.0160 4112 Dhcp - ok

14:26:31.0175 4112 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys

14:26:31.0175 4112 discache - ok

14:26:31.0206 4112 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys

14:26:31.0222 4112 Disk - ok

14:26:31.0269 4112 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll

14:26:31.0269 4112 Dnscache - ok

14:26:31.0269 4112 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll

14:26:31.0284 4112 dot3svc - ok

14:26:31.0284 4112 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll

14:26:31.0284 4112 DPS - ok

14:26:31.0316 4112 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys

14:26:31.0316 4112 drmkaud - ok

14:26:31.0347 4112 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys

14:26:31.0362 4112 DXGKrnl - ok

14:26:31.0409 4112 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll

14:26:31.0409 4112 EapHost - ok

14:26:31.0472 4112 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys

14:26:31.0534 4112 ebdrv - ok

14:26:31.0550 4112 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe

14:26:31.0550 4112 EFS - ok

14:26:31.0643 4112 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe

14:26:31.0643 4112 ehRecvr - ok

14:26:31.0674 4112 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe

14:26:31.0674 4112 ehSched - ok

14:26:31.0721 4112 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys

14:26:31.0721 4112 elxstor - ok

14:26:31.0737 4112 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys

14:26:31.0737 4112 ErrDev - ok

14:26:31.0784 4112 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll

14:26:31.0784 4112 EventSystem - ok

14:26:31.0815 4112 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys

14:26:31.0815 4112 exfat - ok

14:26:31.0846 4112 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys

14:26:31.0846 4112 fastfat - ok

14:26:31.0908 4112 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe

14:26:31.0908 4112 Fax - ok

14:26:31.0924 4112 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys

14:26:31.0940 4112 fdc - ok

14:26:31.0971 4112 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll

14:26:31.0971 4112 fdPHost - ok

14:26:31.0971 4112 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll

14:26:31.0971 4112 FDResPub - ok

14:26:32.0002 4112 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys

14:26:32.0002 4112 FileInfo - ok

14:26:32.0002 4112 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys

14:26:32.0002 4112 Filetrace - ok

14:26:32.0033 4112 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys

14:26:32.0049 4112 flpydisk - ok

14:26:32.0080 4112 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys

14:26:32.0080 4112 FltMgr - ok

14:26:32.0111 4112 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll

14:26:32.0127 4112 FontCache - ok

14:26:32.0189 4112 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

14:26:32.0189 4112 FontCache3.0.0.0 - ok

14:26:32.0220 4112 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys

14:26:32.0220 4112 FsDepends - ok

14:26:32.0252 4112 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys

14:26:32.0252 4112 Fs_Rec - ok

14:26:32.0267 4112 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys

14:26:32.0283 4112 fvevol - ok

14:26:32.0314 4112 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys

14:26:32.0314 4112 gagp30kx - ok

14:26:32.0345 4112 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll

14:26:32.0361 4112 gpsvc - ok

14:26:32.0439 4112 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

14:26:32.0439 4112 gupdate - ok

14:26:32.0439 4112 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

14:26:32.0439 4112 gupdatem - ok

14:26:32.0470 4112 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

14:26:32.0470 4112 gusvc - ok

14:26:32.0517 4112 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys

14:26:32.0517 4112 hcw85cir - ok

14:26:32.0548 4112 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys

14:26:32.0548 4112 HdAudAddService - ok

14:26:32.0595 4112 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys

14:26:32.0595 4112 HDAudBus - ok

14:26:32.0610 4112 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys

14:26:32.0610 4112 HidBatt - ok

14:26:32.0610 4112 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys

14:26:32.0610 4112 HidBth - ok

14:26:32.0610 4112 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys

14:26:32.0610 4112 HidIr - ok

14:26:32.0657 4112 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll

14:26:32.0657 4112 hidserv - ok

14:26:32.0688 4112 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys

14:26:32.0688 4112 HidUsb - ok

14:26:32.0735 4112 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll

14:26:32.0735 4112 hkmsvc - ok

14:26:32.0766 4112 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll

14:26:32.0766 4112 HomeGroupListener - ok

14:26:32.0813 4112 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll

14:26:32.0813 4112 HomeGroupProvider - ok

14:26:32.0860 4112 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys

14:26:32.0860 4112 HpSAMD - ok

14:26:32.0891 4112 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys

14:26:32.0891 4112 HTTP - ok

14:26:32.0922 4112 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys

14:26:32.0922 4112 hwpolicy - ok

14:26:32.0954 4112 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys

14:26:32.0954 4112 i8042prt - ok

14:26:33.0016 4112 [ D469B77687E12FE43E344806740B624D ] iaStor C:\windows\system32\DRIVERS\iaStor.sys

14:26:33.0016 4112 iaStor - ok

14:26:33.0078 4112 [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

14:26:33.0078 4112 IAStorDataMgrSvc - ok

14:26:33.0110 4112 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys

14:26:33.0125 4112 iaStorV - ok

14:26:33.0172 4112 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

14:26:33.0172 4112 idsvc - ok

14:26:33.0406 4112 [ 795C99DC4F574C97C03D0BB39CF099EE ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys

14:26:33.0593 4112 igfx - ok

14:26:33.0640 4112 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys

14:26:33.0656 4112 iirsp - ok

14:26:33.0687 4112 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll

14:26:33.0702 4112 IKEEXT - ok

14:26:33.0765 4112 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys

14:26:33.0765 4112 IntcDAud - ok

14:26:33.0765 4112 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys

14:26:33.0765 4112 intelide - ok

14:26:33.0812 4112 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys

14:26:33.0812 4112 intelppm - ok

14:26:33.0843 4112 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll

14:26:33.0843 4112 IPBusEnum - ok

14:26:33.0858 4112 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys

14:26:33.0858 4112 IpFilterDriver - ok

14:26:33.0905 4112 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll

14:26:33.0905 4112 iphlpsvc - ok

14:26:33.0905 4112 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys

14:26:33.0905 4112 IPMIDRV - ok

14:26:33.0921 4112 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys

14:26:33.0921 4112 IPNAT - ok

14:26:33.0952 4112 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys

14:26:33.0952 4112 IRENUM - ok

14:26:33.0983 4112 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys

14:26:33.0983 4112 isapnp - ok

14:26:33.0999 4112 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys

14:26:33.0999 4112 iScsiPrt - ok

14:26:34.0030 4112 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys

14:26:34.0030 4112 kbdclass - ok

14:26:34.0030 4112 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys

14:26:34.0030 4112 kbdhid - ok

14:26:34.0046 4112 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe

14:26:34.0046 4112 KeyIso - ok

14:26:34.0092 4112 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys

14:26:34.0092 4112 KSecDD - ok

14:26:34.0108 4112 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys

14:26:34.0108 4112 KSecPkg - ok

14:26:34.0139 4112 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys

14:26:34.0139 4112 ksthunk - ok

14:26:34.0170 4112 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll

14:26:34.0170 4112 KtmRm - ok

14:26:34.0233 4112 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll

14:26:34.0233 4112 LanmanServer - ok

14:26:34.0280 4112 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll

14:26:34.0280 4112 LanmanWorkstation - ok

14:26:34.0342 4112 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys

14:26:34.0342 4112 lltdio - ok

14:26:34.0373 4112 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll

14:26:34.0389 4112 lltdsvc - ok

14:26:34.0404 4112 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll

14:26:34.0404 4112 lmhosts - ok

14:26:34.0467 4112 [ 98B16E756243BEA9410E32025B19C06F ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

14:26:34.0467 4112 LMS - ok

14:26:34.0498 4112 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys

14:26:34.0498 4112 LSI_FC - ok

14:26:34.0514 4112 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys

14:26:34.0514 4112 LSI_SAS - ok

14:26:34.0514 4112 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys

14:26:34.0514 4112 LSI_SAS2 - ok

14:26:34.0545 4112 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys

14:26:34.0545 4112 LSI_SCSI - ok

14:26:34.0560 4112 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys

14:26:34.0560 4112 luafv - ok

14:26:34.0623 4112 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe

14:26:34.0623 4112 McComponentHostService - ok

14:26:34.0654 4112 McMPFSvc - ok

14:26:34.0685 4112 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll

14:26:34.0685 4112 Mcx2Svc - ok

14:26:34.0685 4112 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys

14:26:34.0685 4112 megasas - ok

14:26:34.0716 4112 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys

14:26:34.0716 4112 MegaSR - ok

14:26:34.0763 4112 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys

14:26:34.0763 4112 MEIx64 - ok

14:26:34.0794 4112 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll

14:26:34.0810 4112 MMCSS - ok

14:26:34.0810 4112 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys

14:26:34.0810 4112 Modem - ok

14:26:34.0841 4112 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys

14:26:34.0841 4112 monitor - ok

14:26:34.0857 4112 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys

14:26:34.0857 4112 mouclass - ok

14:26:34.0872 4112 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys

14:26:34.0872 4112 mouhid - ok

14:26:34.0904 4112 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys

14:26:34.0904 4112 mountmgr - ok

14:26:34.0966 4112 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

14:26:34.0966 4112 MozillaMaintenance - ok

14:26:34.0997 4112 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys

14:26:34.0997 4112 mpio - ok

14:26:35.0028 4112 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys

14:26:35.0028 4112 mpsdrv - ok

14:26:35.0075 4112 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll

14:26:35.0075 4112 MpsSvc - ok

14:26:35.0075 4112 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys

14:26:35.0091 4112 MRxDAV - ok

14:26:35.0106 4112 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys

14:26:35.0106 4112 mrxsmb - ok

14:26:35.0106 4112 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys

14:26:35.0106 4112 mrxsmb10 - ok

14:26:35.0122 4112 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys

14:26:35.0122 4112 mrxsmb20 - ok

14:26:35.0138 4112 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys

14:26:35.0138 4112 msahci - ok

14:26:35.0169 4112 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys

14:26:35.0169 4112 msdsm - ok

14:26:35.0184 4112 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe

14:26:35.0184 4112 MSDTC - ok

14:26:35.0200 4112 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys

14:26:35.0200 4112 Msfs - ok

14:26:35.0216 4112 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys

14:26:35.0216 4112 mshidkmdf - ok

14:26:35.0247 4112 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys

14:26:35.0247 4112 msisadrv - ok

14:26:35.0262 4112 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll

14:26:35.0262 4112 MSiSCSI - ok

14:26:35.0278 4112 msiserver - ok

14:26:35.0309 4112 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys

14:26:35.0309 4112 MSKSSRV - ok

14:26:35.0325 4112 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys

14:26:35.0325 4112 MSPCLOCK - ok

14:26:35.0340 4112 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys

14:26:35.0340 4112 MSPQM - ok

14:26:35.0372 4112 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys

14:26:35.0372 4112 MsRPC - ok

14:26:35.0403 4112 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys

14:26:35.0403 4112 mssmbios - ok

14:26:35.0418 4112 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys

14:26:35.0418 4112 MSTEE - ok

14:26:35.0434 4112 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys

14:26:35.0434 4112 MTConfig - ok

14:26:35.0450 4112 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys

14:26:35.0450 4112 Mup - ok

14:26:35.0481 4112 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll

14:26:35.0481 4112 napagent - ok

14:26:35.0528 4112 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys

14:26:35.0528 4112 NativeWifiP - ok

14:26:35.0590 4112 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys

14:26:35.0590 4112 NDIS - ok

14:26:35.0621 4112 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys

14:26:35.0621 4112 NdisCap - ok

14:26:35.0637 4112 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys

14:26:35.0637 4112 NdisTapi - ok

14:26:35.0652 4112 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys

14:26:35.0652 4112 Ndisuio - ok

14:26:35.0684 4112 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys

14:26:35.0684 4112 NdisWan - ok

14:26:35.0699 4112 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys

14:26:35.0699 4112 NDProxy - ok

14:26:35.0730 4112 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys

14:26:35.0730 4112 NetBIOS - ok

14:26:35.0762 4112 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys

14:26:35.0762 4112 NetBT - ok

14:26:35.0777 4112 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe

14:26:35.0777 4112 Netlogon - ok

14:26:35.0808 4112 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll

14:26:35.0824 4112 Netman - ok

14:26:35.0840 4112 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

14:26:35.0840 4112 NetMsmqActivator - ok

14:26:35.0855 4112 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

14:26:35.0855 4112 NetPipeActivator - ok

14:26:35.0886 4112 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll

14:26:35.0886 4112 netprofm - ok

14:26:35.0886 4112 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

14:26:35.0886 4112 NetTcpActivator - ok

14:26:35.0902 4112 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

14:26:35.0902 4112 NetTcpPortSharing - ok

14:26:35.0933 4112 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys

14:26:35.0933 4112 nfrd960 - ok

14:26:35.0964 4112 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll

14:26:35.0964 4112 NlaSvc - ok

14:26:36.0105 4112 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

14:26:36.0136 4112 NOBU - ok

14:26:36.0183 4112 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys

14:26:36.0183 4112 Npfs - ok

14:26:36.0230 4112 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll

14:26:36.0245 4112 nsi - ok

14:26:36.0276 4112 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys

14:26:36.0276 4112 nsiproxy - ok

14:26:36.0323 4112 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys

14:26:36.0339 4112 Ntfs - ok

14:26:36.0354 4112 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys

14:26:36.0354 4112 Null - ok

14:26:36.0386 4112 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys

14:26:36.0401 4112 nvraid - ok

14:26:36.0417 4112 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys

14:26:36.0417 4112 nvstor - ok

14:26:36.0448 4112 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys

14:26:36.0448 4112 nv_agp - ok

14:26:36.0464 4112 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys

14:26:36.0464 4112 ohci1394 - ok

14:26:36.0495 4112 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll

14:26:36.0495 4112 p2pimsvc - ok

14:26:36.0510 4112 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll

14:26:36.0526 4112 p2psvc - ok

14:26:36.0542 4112 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys

14:26:36.0542 4112 Parport - ok

14:26:36.0573 4112 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys

14:26:36.0573 4112 partmgr - ok

14:26:36.0588 4112 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll

14:26:36.0588 4112 PcaSvc - ok

14:26:36.0604 4112 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys

14:26:36.0604 4112 pci - ok

14:26:36.0620 4112 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys

14:26:36.0620 4112 pciide - ok

14:26:36.0635 4112 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys

14:26:36.0635 4112 pcmcia - ok

14:26:36.0651 4112 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys

14:26:36.0666 4112 pcw - ok

14:26:36.0682 4112 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys

14:26:36.0682 4112 PEAUTH - ok

14:26:36.0744 4112 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe

14:26:36.0744 4112 PerfHost - ok

14:26:36.0791 4112 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll

14:26:36.0807 4112 pla - ok

14:26:36.0854 4112 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll

14:26:36.0854 4112 PlugPlay - ok

14:26:36.0885 4112 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll

14:26:36.0885 4112 PNRPAutoReg - ok

14:26:36.0900 4112 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll

14:26:36.0900 4112 PNRPsvc - ok

14:26:36.0932 4112 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll

14:26:36.0932 4112 PolicyAgent - ok

14:26:36.0947 4112 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\windows\system32\umpo.dll

14:26:36.0947 4112 Power - ok

14:26:36.0994 4112 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys

14:26:36.0994 4112 PptpMiniport - ok

14:26:37.0010 4112 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys

14:26:37.0010 4112 Processor - ok

14:26:37.0056 4112 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll

14:26:37.0056 4112 ProfSvc - ok

14:26:37.0072 4112 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe

14:26:37.0072 4112 ProtectedStorage - ok

14:26:37.0103 4112 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys

14:26:37.0103 4112 Psched - ok

14:26:37.0119 4112 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys

14:26:37.0119 4112 PxHlpa64 - ok

14:26:37.0181 4112 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys

14:26:37.0197 4112 ql2300 - ok

14:26:37.0197 4112 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys

14:26:37.0197 4112 ql40xx - ok

14:26:37.0228 4112 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll

14:26:37.0228 4112 QWAVE - ok

14:26:37.0259 4112 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys

14:26:37.0259 4112 QWAVEdrv - ok

14:26:37.0259 4112 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys

14:26:37.0259 4112 RasAcd - ok

14:26:37.0290 4112 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys

14:26:37.0290 4112 RasAgileVpn - ok

14:26:37.0306 4112 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll

14:26:37.0306 4112 RasAuto - ok

14:26:37.0322 4112 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys

14:26:37.0322 4112 Rasl2tp - ok

14:26:37.0368 4112 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll

14:26:37.0368 4112 RasMan - ok

14:26:37.0384 4112 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys

14:26:37.0384 4112 RasPppoe - ok

14:26:37.0400 4112 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys

14:26:37.0400 4112 RasSstp - ok

14:26:37.0415 4112 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys

14:26:37.0415 4112 rdbss - ok

14:26:37.0431 4112 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys

14:26:37.0431 4112 rdpbus - ok

14:26:37.0446 4112 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys

14:26:37.0462 4112 RDPCDD - ok

14:26:37.0478 4112 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys

14:26:37.0478 4112 RDPENCDD - ok

14:26:37.0493 4112 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys

14:26:37.0493 4112 RDPREFMP - ok

14:26:37.0540 4112 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys

14:26:37.0540 4112 RDPWD - ok

14:26:37.0556 4112 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys

14:26:37.0556 4112 rdyboost - ok

14:26:37.0587 4112 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll

14:26:37.0602 4112 RemoteAccess - ok

14:26:37.0618 4112 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll

14:26:37.0634 4112 RemoteRegistry - ok

14:26:37.0649 4112 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys

14:26:37.0649 4112 RFCOMM - ok

14:26:37.0821 4112 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe

14:26:37.0836 4112 RoxMediaDB12OEM - ok

14:26:37.0883 4112 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe

14:26:37.0883 4112 RoxWatch12 - ok

14:26:37.0914 4112 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll

14:26:37.0914 4112 RpcEptMapper - ok

14:26:37.0946 4112 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe

14:26:37.0946 4112 RpcLocator - ok

14:26:37.0961 4112 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll

14:26:37.0961 4112 RpcSs - ok

14:26:37.0992 4112 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys

14:26:37.0992 4112 rspndr - ok

14:26:38.0055 4112 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys

14:26:38.0055 4112 RSUSBSTOR - ok

14:26:38.0070 4112 [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys

14:26:38.0086 4112 RTL8167 - ok

14:26:38.0117 4112 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe

14:26:38.0117 4112 SamSs - ok

14:26:38.0117 4112 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys

14:26:38.0133 4112 sbp2port - ok

14:26:38.0148 4112 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll

14:26:38.0164 4112 SCardSvr - ok

14:26:38.0164 4112 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys

14:26:38.0164 4112 scfilter - ok

14:26:38.0195 4112 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll

14:26:38.0211 4112 Schedule - ok

14:26:38.0226 4112 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll

14:26:38.0242 4112 SCPolicySvc - ok

14:26:38.0242 4112 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll

14:26:38.0258 4112 SDRSVC - ok

14:26:38.0289 4112 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys

14:26:38.0289 4112 secdrv - ok

14:26:38.0304 4112 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll

14:26:38.0304 4112 seclogon - ok

14:26:38.0351 4112 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll

14:26:38.0351 4112 SENS - ok

14:26:38.0382 4112 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll

14:26:38.0382 4112 SensrSvc - ok

14:26:38.0429 4112 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys

14:26:38.0429 4112 Serenum - ok

14:26:38.0445 4112 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys

14:26:38.0445 4112 Serial - ok

14:26:38.0476 4112 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys

14:26:38.0476 4112 sermouse - ok

14:26:38.0507 4112 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll

14:26:38.0507 4112 SessionEnv - ok

14:26:38.0507 4112 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys

14:26:38.0507 4112 sffdisk - ok

14:26:38.0507 4112 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys

14:26:38.0507 4112 sffp_mmc - ok

14:26:38.0523 4112 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys

14:26:38.0523 4112 sffp_sd - ok

14:26:38.0523 4112 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys

14:26:38.0523 4112 sfloppy - ok

14:26:38.0570 4112 [ E1974A92AC0914A3859359A0A8C82C68 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

14:26:38.0570 4112 SftService - ok

14:26:38.0601 4112 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll

14:26:38.0601 4112 SharedAccess - ok

14:26:38.0632 4112 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll

14:26:38.0632 4112 ShellHWDetection - ok

14:26:38.0648 4112 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys

14:26:38.0663 4112 SiSRaid2 - ok

14:26:38.0663 4112 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys

14:26:38.0663 4112 SiSRaid4 - ok

14:26:38.0819 4112 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

14:26:38.0835 4112 Skype C2C Service - ok

14:26:38.0882 4112 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

14:26:38.0897 4112 SkypeUpdate - ok

14:26:38.0928 4112 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys

14:26:38.0928 4112 Smb - ok

14:26:38.0975 4112 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe

14:26:38.0975 4112 SNMPTRAP - ok

14:26:39.0006 4112 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys

14:26:39.0006 4112 spldr - ok

14:26:39.0038 4112 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe

14:26:39.0053 4112 Spooler - ok

14:26:39.0116 4112 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe

14:26:39.0131 4112 sppsvc - ok

14:26:39.0162 4112 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll

14:26:39.0162 4112 sppuinotify - ok

14:26:39.0209 4112 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys

14:26:39.0209 4112 srv - ok

14:26:39.0209 4112 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys

14:26:39.0225 4112 srv2 - ok

14:26:39.0225 4112 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys

14:26:39.0225 4112 srvnet - ok

14:26:39.0272 4112 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll

14:26:39.0272 4112 SSDPSRV - ok

14:26:39.0287 4112 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll

14:26:39.0287 4112 SstpSvc - ok

14:26:39.0365 4112 [ A6B2EC3A2B6AD7C3F7B2F3495CADE4C0 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe

14:26:39.0365 4112 STacSV - ok

14:26:39.0381 4112 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys

14:26:39.0381 4112 stexstor - ok

14:26:39.0428 4112 [ EBA98394A7D58F7552C52192BD8FA7E6 ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys

14:26:39.0428 4112 STHDA - ok

14:26:39.0459 4112 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll

14:26:39.0459 4112 stisvc - ok

14:26:39.0521 4112 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

14:26:39.0521 4112 stllssvr - ok

14:26:39.0537 4112 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys

14:26:39.0537 4112 swenum - ok

14:26:39.0568 4112 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll

14:26:39.0568 4112 swprv - ok

14:26:39.0615 4112 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll

14:26:39.0615 4112 SysMain - ok

14:26:39.0662 4112 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll

14:26:39.0662 4112 TabletInputService - ok

14:26:39.0677 4112 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll

14:26:39.0677 4112 TapiSrv - ok

14:26:39.0708 4112 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll

14:26:39.0708 4112 TBS - ok

14:26:39.0786 4112 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys

14:26:39.0802 4112 Tcpip - ok

14:26:39.0833 4112 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys

14:26:39.0849 4112 TCPIP6 - ok

14:26:39.0880 4112 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys

14:26:39.0880 4112 tcpipreg - ok

14:26:39.0896 4112 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys

14:26:39.0896 4112 TDPIPE - ok

14:26:39.0927 4112 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys

14:26:39.0927 4112 TDTCP - ok

14:26:39.0958 4112 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys

14:26:39.0958 4112 tdx - ok

14:26:39.0974 4112 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys

14:26:39.0974 4112 TermDD - ok

14:26:40.0005 4112 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll

14:26:40.0005 4112 TermService - ok

14:26:40.0036 4112 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll

14:26:40.0036 4112 Themes - ok

14:26:40.0052 4112 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll

14:26:40.0052 4112 THREADORDER - ok

14:26:40.0052 4112 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll

14:26:40.0067 4112 TrkWks - ok

14:26:40.0114 4112 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe

14:26:40.0114 4112 TrustedInstaller - ok

14:26:40.0130 4112 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys

14:26:40.0130 4112 tssecsrv - ok

14:26:40.0161 4112 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys

14:26:40.0176 4112 TsUsbFlt - ok

14:26:40.0192 4112 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys

14:26:40.0192 4112 TsUsbGD - ok

14:26:40.0239 4112 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys

14:26:40.0239 4112 tunnel - ok

14:26:40.0254 4112 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys

14:26:40.0254 4112 uagp35 - ok

14:26:40.0270 4112 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys

14:26:40.0270 4112 udfs - ok

14:26:40.0301 4112 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe

14:26:40.0301 4112 UI0Detect - ok

14:26:40.0317 4112 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys

14:26:40.0317 4112 uliagpkx - ok

14:26:40.0348 4112 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys

14:26:40.0348 4112 umbus - ok

14:26:40.0364 4112 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys

14:26:40.0364 4112 UmPass - ok

14:26:40.0473 4112 [ 7A78ED1088890114DFDE2C4AB038D6B6 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

14:26:40.0488 4112 UNS - ok

14:26:40.0520 4112 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll

14:26:40.0520 4112 upnphost - ok

14:26:40.0551 4112 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys

14:26:40.0551 4112 usbccgp - ok

14:26:40.0582 4112 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys

14:26:40.0582 4112 usbcir - ok

14:26:40.0598 4112 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys

14:26:40.0598 4112 usbehci - ok

14:26:40.0644 4112 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys

14:26:40.0644 4112 usbhub - ok

14:26:40.0660 4112 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys

14:26:40.0660 4112 usbohci - ok

14:26:40.0676 4112 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys

14:26:40.0676 4112 usbprint - ok

14:26:40.0707 4112 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS

14:26:40.0707 4112 USBSTOR - ok

14:26:40.0707 4112 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys

14:26:40.0707 4112 usbuhci - ok

14:26:40.0738 4112 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys

14:26:40.0738 4112 usbvideo - ok

14:26:40.0769 4112 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll

14:26:40.0769 4112 UxSms - ok

14:26:40.0800 4112 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe

14:26:40.0800 4112 VaultSvc - ok

14:26:40.0832 4112 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys

14:26:40.0832 4112 vdrvroot - ok

14:26:40.0847 4112 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe

14:26:40.0847 4112 vds - ok

14:26:40.0894 4112 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys

14:26:40.0894 4112 vga - ok

14:26:40.0910 4112 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys

14:26:40.0910 4112 VgaSave - ok

14:26:40.0910 4112 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys

14:26:40.0925 4112 vhdmp - ok

14:26:40.0941 4112 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys

14:26:40.0941 4112 viaide - ok

14:26:40.0972 4112 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys

14:26:40.0972 4112 volmgr - ok

14:26:40.0988 4112 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys

14:26:41.0003 4112 volmgrx - ok

14:26:41.0003 4112 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys

14:26:41.0003 4112 volsnap - ok

14:26:41.0050 4112 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys

14:26:41.0050 4112 vsmraid - ok

14:26:41.0097 4112 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe

14:26:41.0112 4112 VSS - ok

14:26:41.0144 4112 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys

14:26:41.0144 4112 vwifibus - ok

14:26:41.0159 4112 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys

14:26:41.0159 4112 vwififlt - ok

14:26:41.0190 4112 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll

14:26:41.0190 4112 W32Time - ok

14:26:41.0206 4112 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys

14:26:41.0206 4112 WacomPen - ok

14:26:41.0237 4112 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys

14:26:41.0237 4112 WANARP - ok

14:26:41.0237 4112 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys

14:26:41.0237 4112 Wanarpv6 - ok

14:26:41.0300 4112 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe

14:26:41.0315 4112 WatAdminSvc - ok

14:26:41.0378 4112 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe

14:26:41.0393 4112 wbengine - ok

14:26:41.0409 4112 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll

14:26:41.0409 4112 WbioSrvc - ok

14:26:41.0424 4112 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll

14:26:41.0424 4112 wcncsvc - ok

14:26:41.0424 4112 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll

14:26:41.0440 4112 WcsPlugInService - ok

14:26:41.0456 4112 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys

14:26:41.0456 4112 Wd - ok

14:26:41.0487 4112 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys

14:26:41.0487 4112 Wdf01000 - ok

14:26:41.0502 4112 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll

14:26:41.0502 4112 WdiServiceHost - ok

14:26:41.0502 4112 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll

14:26:41.0502 4112 WdiSystemHost - ok

14:26:41.0534 4112 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll

14:26:41.0549 4112 WebClient - ok

14:26:41.0565 4112 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll

14:26:41.0565 4112 Wecsvc - ok

14:26:41.0580 4112 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll

14:26:41.0580 4112 wercplsupport - ok

14:26:41.0596 4112 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll

14:26:41.0612 4112 WerSvc - ok

14:26:41.0627 4112 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys

14:26:41.0627 4112 WfpLwf - ok

14:26:41.0674 4112 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\windows\system32\DRIVERS\wimfltr.sys

14:26:41.0674 4112 WimFltr - ok

14:26:41.0690 4112 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys

14:26:41.0690 4112 WIMMount - ok

14:26:41.0705 4112 WinDefend - ok

14:26:41.0721 4112 WinHttpAutoProxySvc - ok

14:26:41.0768 4112 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll

14:26:41.0768 4112 Winmgmt - ok

14:26:41.0846 4112 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll

14:26:41.0861 4112 WinRM - ok

14:26:41.0939 4112 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys

14:26:41.0939 4112 WinUsb - ok

14:26:41.0970 4112 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll

14:26:41.0986 4112 Wlansvc - ok

14:26:42.0017 4112 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

14:26:42.0033 4112 wlcrasvc - ok

14:26:42.0095 4112 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

14:26:42.0111 4112 wlidsvc - ok

14:26:42.0158 4112 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys

14:26:42.0158 4112 WmiAcpi - ok

14:26:42.0189 4112 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe

14:26:42.0189 4112 wmiApSrv - ok

14:26:42.0220 4112 WMPNetworkSvc - ok

14:26:42.0267 4112 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll

14:26:42.0267 4112 WPCSvc - ok

14:26:42.0282 4112 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll

14:26:42.0282 4112 WPDBusEnum - ok

14:26:42.0298 4112 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys

14:26:42.0298 4112 ws2ifsl - ok

14:26:42.0298 4112 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll

14:26:42.0314 4112 wscsvc - ok

14:26:42.0314 4112 WSearch - ok

14:26:42.0376 4112 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll

14:26:42.0392 4112 wuauserv - ok

14:26:42.0407 4112 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys

14:26:42.0407 4112 WudfPf - ok

14:26:42.0438 4112 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys

14:26:42.0438 4112 WUDFRd - ok

14:26:42.0454 4112 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll

14:26:42.0470 4112 wudfsvc - ok

14:26:42.0470 4112 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll

14:26:42.0485 4112 WwanSvc - ok

14:26:42.0485 4112 ================ Scan global ===============================

14:26:42.0516 4112 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll

14:26:42.0548 4112 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll

14:26:42.0548 4112 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll

14:26:42.0579 4112 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll

14:26:42.0610 4112 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe

14:26:42.0610 4112 [Global] - ok

14:26:42.0610 4112 ================ Scan MBR ==================================

14:26:42.0626 4112 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

14:26:42.0626 4112 Suspicious mbr (Forged): \Device\Harddisk0\DR0

14:26:42.0688 4112 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

14:26:42.0688 4112 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

14:26:42.0704 4112 [ E3255F24EB30D0E706AAD12BD4F2B4C2 ] \Device\Harddisk1\DR2

14:26:44.0232 4112 \Device\Harddisk1\DR2 - ok

14:26:44.0232 4112 ================ Scan VBR ==================================

14:26:44.0232 4112 [ B4A651EA79A9998884DA67ECFFB5E2E7 ] \Device\Harddisk0\DR0\Partition1

14:26:44.0232 4112 \Device\Harddisk0\DR0\Partition1 - ok

14:26:44.0248 4112 [ 9353CF31A6EC515E78353D1600509A2F ] \Device\Harddisk0\DR0\Partition2

14:26:44.0248 4112 \Device\Harddisk0\DR0\Partition2 - ok

14:26:44.0248 4112 ============================================================

14:26:44.0248 4112 Scan finished

14:26:44.0248 4112 ============================================================

14:26:44.0248 2140 Detected object count: 1

14:26:44.0248 2140 Actual detected object count: 1

14:27:01.0299 2140 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user

14:27:01.0299 2140 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip

Link to post
Share on other sites

Well done.

Execute TDSSKiller.exe and press Start Scan.

  • Ensure Cure is selected ( it should be by default )
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed
  • Click Continue then click Reboot now.

Once complete, a log will be produced at the root drive which is typically C:\

For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt.

Please post the contents of that log in your next reply.

Important: If TDSSK asked you to write a default MBR Code, dont allow it and let me know.

Link to post
Share on other sites

ran with cure. two logs produced:

first:

15:44:16.0898 1824 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

15:44:16.0898 1824 ============================================================

15:44:16.0898 1824 Current date / time: 2012/11/17 15:44:16.0898

15:44:16.0898 1824 SystemInfo:

15:44:16.0898 1824

15:44:16.0898 1824 OS Version: 6.1.7601 ServicePack: 1.0

15:44:16.0898 1824 Product type: Workstation

15:44:16.0898 1824 ComputerName: AVIATOR8-PC

15:44:16.0898 1824 UserName: aviator8

15:44:16.0898 1824 Windows directory: C:\windows

15:44:16.0898 1824 System windows directory: C:\windows

15:44:16.0898 1824 Running under WOW64

15:44:16.0898 1824 Processor architecture: Intel x64

15:44:16.0898 1824 Number of processors: 4

15:44:16.0898 1824 Page size: 0x1000

15:44:16.0898 1824 Boot type: Normal boot

15:44:16.0898 1824 ============================================================

15:44:17.0194 1824 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:44:17.0210 1824 Drive \Device\Harddisk1\DR3 - Size: 0x1E2000000 (7.53 Gb), SectorSize: 0x200, Cylinders: 0x3D7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

15:44:17.0210 1824 ============================================================

15:44:17.0210 1824 \Device\Harddisk0\DR0:

15:44:17.0210 1824 MBR partitions:

15:44:17.0210 1824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000

15:44:17.0210 1824 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030

15:44:17.0210 1824 \Device\Harddisk1\DR3:

15:44:17.0210 1824 MBR partitions:

15:44:17.0210 1824 ============================================================

15:44:17.0256 1824 C: <-> \Device\Harddisk0\DR0\Partition2

15:44:17.0256 1824 ============================================================

15:44:17.0256 1824 Initialize success

15:44:17.0256 1824 ============================================================

15:44:20.0798 2376 ============================================================

15:44:20.0798 2376 Scan started

15:44:20.0798 2376 Mode: Manual;

15:44:20.0798 2376 ============================================================

15:44:21.0032 2376 ================ Scan system memory ========================

15:44:21.0032 2376 System memory - ok

15:44:21.0032 2376 ================ Scan services =============================

15:44:21.0188 2376 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys

15:44:21.0203 2376 1394ohci - ok

15:44:21.0234 2376 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys

15:44:21.0234 2376 ACPI - ok

15:44:21.0297 2376 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys

15:44:21.0297 2376 AcpiPmi - ok

15:44:21.0390 2376 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

15:44:21.0390 2376 AdobeFlashPlayerUpdateSvc - ok

15:44:21.0422 2376 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys

15:44:21.0422 2376 adp94xx - ok

15:44:21.0468 2376 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys

15:44:21.0468 2376 adpahci - ok

15:44:21.0484 2376 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys

15:44:21.0484 2376 adpu320 - ok

15:44:21.0515 2376 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll

15:44:21.0515 2376 AeLookupSvc - ok

15:44:21.0593 2376 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe

15:44:21.0593 2376 AESTFilters - ok

15:44:21.0702 2376 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys

15:44:21.0702 2376 AFD - ok

15:44:21.0749 2376 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys

15:44:21.0749 2376 agp440 - ok

15:44:21.0796 2376 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe

15:44:21.0796 2376 ALG - ok

15:44:21.0812 2376 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys

15:44:21.0812 2376 aliide - ok

15:44:21.0812 2376 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys

15:44:21.0812 2376 amdide - ok

15:44:21.0827 2376 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys

15:44:21.0827 2376 AmdK8 - ok

15:44:21.0843 2376 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys

15:44:21.0843 2376 AmdPPM - ok

15:44:21.0874 2376 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys

15:44:21.0874 2376 amdsata - ok

15:44:21.0890 2376 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys

15:44:21.0890 2376 amdsbs - ok

15:44:21.0905 2376 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys

15:44:21.0905 2376 amdxata - ok

15:44:21.0968 2376 [ 6690E42CED5D067233ABAD42DA141213 ] ApfiltrService C:\windows\system32\DRIVERS\Apfiltr.sys

15:44:21.0968 2376 ApfiltrService - ok

15:44:21.0999 2376 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys

15:44:21.0999 2376 AppID - ok

15:44:22.0046 2376 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll

15:44:22.0046 2376 AppIDSvc - ok

15:44:22.0061 2376 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll

15:44:22.0061 2376 Appinfo - ok

15:44:22.0077 2376 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys

15:44:22.0077 2376 arc - ok

15:44:22.0077 2376 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys

15:44:22.0077 2376 arcsas - ok

15:44:22.0264 2376 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

15:44:22.0264 2376 aspnet_state - ok

15:44:22.0295 2376 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys

15:44:22.0295 2376 AsyncMac - ok

15:44:22.0326 2376 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys

15:44:22.0326 2376 atapi - ok

15:44:22.0373 2376 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll

15:44:22.0373 2376 AudioEndpointBuilder - ok

15:44:22.0389 2376 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll

15:44:22.0389 2376 AudioSrv - ok

15:44:22.0467 2376 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll

15:44:22.0467 2376 AxInstSV - ok

15:44:22.0514 2376 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys

15:44:22.0529 2376 b06bdrv - ok

15:44:22.0560 2376 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys

15:44:22.0560 2376 b57nd60a - ok

15:44:22.0654 2376 [ 87F3BCF82A63E900AF896CD930BF7E05 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

15:44:22.0654 2376 BBSvc - ok

15:44:22.0685 2376 [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

15:44:22.0685 2376 BBUpdate - ok

15:44:22.0810 2376 [ 783F1C7ED6B39454A8D1028D4F30768D ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys

15:44:22.0826 2376 BCM43XX - ok

15:44:22.0888 2376 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll

15:44:22.0888 2376 BDESVC - ok

15:44:22.0904 2376 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys

15:44:22.0904 2376 Beep - ok

15:44:22.0950 2376 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll

15:44:22.0950 2376 BFE - ok

15:44:22.0997 2376 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll

15:44:22.0997 2376 BITS - ok

15:44:23.0028 2376 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys

15:44:23.0028 2376 blbdrive - ok

15:44:23.0075 2376 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys

15:44:23.0075 2376 bowser - ok

15:44:23.0106 2376 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys

15:44:23.0106 2376 BrFiltLo - ok

15:44:23.0106 2376 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys

15:44:23.0106 2376 BrFiltUp - ok

15:44:23.0169 2376 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll

15:44:23.0169 2376 Browser - ok

15:44:23.0184 2376 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys

15:44:23.0200 2376 Brserid - ok

15:44:23.0200 2376 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys

15:44:23.0200 2376 BrSerWdm - ok

15:44:23.0200 2376 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys

15:44:23.0200 2376 BrUsbMdm - ok

15:44:23.0216 2376 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys

15:44:23.0216 2376 BrUsbSer - ok

15:44:23.0262 2376 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys

15:44:23.0262 2376 BthEnum - ok

15:44:23.0294 2376 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys

15:44:23.0294 2376 BTHMODEM - ok

15:44:23.0309 2376 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys

15:44:23.0309 2376 BthPan - ok

15:44:23.0372 2376 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys

15:44:23.0372 2376 BTHPORT - ok

15:44:23.0418 2376 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll

15:44:23.0418 2376 bthserv - ok

15:44:23.0450 2376 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys

15:44:23.0450 2376 BTHUSB - ok

15:44:23.0496 2376 [ A0DFB69ADE3444C78B17636FCF28E898 ] BTWAMPFL C:\windows\system32\DRIVERS\btwampfl.sys

15:44:23.0496 2376 BTWAMPFL - ok

15:44:23.0559 2376 [ F6135859A582A7294BA7A3336E08BAA1 ] btwaudio C:\windows\system32\drivers\btwaudio.sys

15:44:23.0559 2376 btwaudio - ok

15:44:23.0574 2376 [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt C:\windows\system32\DRIVERS\btwavdt.sys

15:44:23.0574 2376 btwavdt - ok

15:44:23.0668 2376 [ B7DEA77EE893806859072274EE8EC8FC ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

15:44:23.0668 2376 btwdins - ok

15:44:23.0699 2376 [ 9AD0FA253ED531D39FB2D74FE12A5FA9 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys

15:44:23.0699 2376 btwl2cap - ok

15:44:23.0746 2376 [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys

15:44:23.0746 2376 btwrchid - ok

15:44:23.0777 2376 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys

15:44:23.0777 2376 cdfs - ok

15:44:23.0808 2376 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys

15:44:23.0808 2376 cdrom - ok

15:44:23.0855 2376 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll

15:44:23.0855 2376 CertPropSvc - ok

15:44:23.0871 2376 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys

15:44:23.0871 2376 circlass - ok

15:44:23.0918 2376 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys

15:44:23.0918 2376 CLFS - ok

15:44:23.0980 2376 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:44:23.0980 2376 clr_optimization_v2.0.50727_32 - ok

15:44:24.0011 2376 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

15:44:24.0011 2376 clr_optimization_v2.0.50727_64 - ok

15:44:24.0089 2376 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:44:24.0089 2376 clr_optimization_v4.0.30319_32 - ok

15:44:24.0120 2376 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

15:44:24.0120 2376 clr_optimization_v4.0.30319_64 - ok

15:44:24.0152 2376 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys

15:44:24.0152 2376 CmBatt - ok

15:44:24.0167 2376 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys

15:44:24.0167 2376 cmdide - ok

15:44:24.0214 2376 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys

15:44:24.0214 2376 CNG - ok

15:44:24.0245 2376 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys

15:44:24.0245 2376 Compbatt - ok

15:44:24.0276 2376 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys

15:44:24.0276 2376 CompositeBus - ok

15:44:24.0292 2376 COMSysApp - ok

15:44:24.0323 2376 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys

15:44:24.0323 2376 crcdisk - ok

15:44:24.0370 2376 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll

15:44:24.0370 2376 CryptSvc - ok

15:44:24.0432 2376 [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt C:\windows\system32\DRIVERS\CtClsFlt.sys

15:44:24.0432 2376 CtClsFlt - ok

15:44:24.0464 2376 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll

15:44:24.0464 2376 DcomLaunch - ok

15:44:24.0495 2376 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll

15:44:24.0495 2376 defragsvc - ok

15:44:24.0526 2376 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys

15:44:24.0526 2376 DfsC - ok

15:44:24.0542 2376 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll

15:44:24.0557 2376 Dhcp - ok

15:44:24.0573 2376 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys

15:44:24.0573 2376 discache - ok

15:44:24.0620 2376 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys

15:44:24.0620 2376 Disk - ok

15:44:24.0651 2376 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll

15:44:24.0651 2376 Dnscache - ok

15:44:24.0666 2376 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll

15:44:24.0666 2376 dot3svc - ok

15:44:24.0682 2376 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll

15:44:24.0682 2376 DPS - ok

15:44:24.0713 2376 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys

15:44:24.0713 2376 drmkaud - ok

15:44:24.0760 2376 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys

15:44:24.0760 2376 DXGKrnl - ok

15:44:24.0807 2376 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll

15:44:24.0807 2376 EapHost - ok

15:44:24.0869 2376 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys

15:44:24.0900 2376 ebdrv - ok

15:44:24.0932 2376 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe

15:44:24.0932 2376 EFS - ok

15:44:24.0994 2376 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe

15:44:24.0994 2376 ehRecvr - ok

15:44:25.0025 2376 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe

15:44:25.0025 2376 ehSched - ok

15:44:25.0056 2376 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys

15:44:25.0072 2376 elxstor - ok

15:44:25.0072 2376 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys

15:44:25.0072 2376 ErrDev - ok

15:44:25.0119 2376 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll

15:44:25.0119 2376 EventSystem - ok

15:44:25.0150 2376 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys

15:44:25.0150 2376 exfat - ok

15:44:25.0166 2376 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys

15:44:25.0166 2376 fastfat - ok

15:44:25.0228 2376 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe

15:44:25.0228 2376 Fax - ok

15:44:25.0228 2376 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys

15:44:25.0228 2376 fdc - ok

15:44:25.0259 2376 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll

15:44:25.0259 2376 fdPHost - ok

15:44:25.0275 2376 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll

15:44:25.0275 2376 FDResPub - ok

15:44:25.0306 2376 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys

15:44:25.0306 2376 FileInfo - ok

15:44:25.0337 2376 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys

15:44:25.0337 2376 Filetrace - ok

15:44:25.0368 2376 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys

15:44:25.0368 2376 flpydisk - ok

15:44:25.0384 2376 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys

15:44:25.0400 2376 FltMgr - ok

15:44:25.0431 2376 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll

15:44:25.0446 2376 FontCache - ok

15:44:25.0493 2376 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

15:44:25.0493 2376 FontCache3.0.0.0 - ok

15:44:25.0524 2376 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys

15:44:25.0524 2376 FsDepends - ok

15:44:25.0556 2376 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys

15:44:25.0556 2376 Fs_Rec - ok

15:44:25.0587 2376 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys

15:44:25.0587 2376 fvevol - ok

15:44:25.0602 2376 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys

15:44:25.0602 2376 gagp30kx - ok

15:44:25.0680 2376 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll

15:44:25.0680 2376 gpsvc - ok

15:44:25.0774 2376 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

15:44:25.0774 2376 gupdate - ok

15:44:25.0774 2376 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

15:44:25.0774 2376 gupdatem - ok

15:44:25.0805 2376 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

15:44:25.0805 2376 gusvc - ok

15:44:25.0852 2376 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys

15:44:25.0852 2376 hcw85cir - ok

15:44:25.0868 2376 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys

15:44:25.0868 2376 HdAudAddService - ok

15:44:25.0899 2376 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys

15:44:25.0899 2376 HDAudBus - ok

15:44:25.0899 2376 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys

15:44:25.0899 2376 HidBatt - ok

15:44:25.0899 2376 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys

15:44:25.0914 2376 HidBth - ok

15:44:25.0930 2376 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys

15:44:25.0930 2376 HidIr - ok

15:44:25.0961 2376 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll

15:44:25.0977 2376 hidserv - ok

15:44:25.0992 2376 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys

15:44:25.0992 2376 HidUsb - ok

15:44:26.0039 2376 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll

15:44:26.0039 2376 hkmsvc - ok

15:44:26.0055 2376 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll

15:44:26.0055 2376 HomeGroupListener - ok

15:44:26.0086 2376 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll

15:44:26.0086 2376 HomeGroupProvider - ok

15:44:26.0117 2376 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys

15:44:26.0117 2376 HpSAMD - ok

15:44:26.0164 2376 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys

15:44:26.0164 2376 HTTP - ok

15:44:26.0195 2376 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys

15:44:26.0195 2376 hwpolicy - ok

15:44:26.0211 2376 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys

15:44:26.0211 2376 i8042prt - ok

15:44:26.0258 2376 [ D469B77687E12FE43E344806740B624D ] iaStor C:\windows\system32\DRIVERS\iaStor.sys

15:44:26.0258 2376 iaStor - ok

15:44:26.0367 2376 [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

15:44:26.0367 2376 IAStorDataMgrSvc - ok

15:44:26.0398 2376 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys

15:44:26.0398 2376 iaStorV - ok

15:44:26.0445 2376 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

15:44:26.0460 2376 idsvc - ok

15:44:26.0694 2376 [ 795C99DC4F574C97C03D0BB39CF099EE ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys

15:44:26.0757 2376 igfx - ok

15:44:26.0804 2376 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys

15:44:26.0804 2376 iirsp - ok

15:44:26.0850 2376 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll

15:44:26.0850 2376 IKEEXT - ok

15:44:26.0882 2376 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys

15:44:26.0882 2376 IntcDAud - ok

15:44:26.0897 2376 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys

15:44:26.0897 2376 intelide - ok

15:44:26.0928 2376 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys

15:44:26.0928 2376 intelppm - ok

15:44:26.0944 2376 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll

15:44:26.0944 2376 IPBusEnum - ok

15:44:26.0975 2376 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys

15:44:26.0975 2376 IpFilterDriver - ok

15:44:27.0022 2376 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll

15:44:27.0022 2376 iphlpsvc - ok

15:44:27.0022 2376 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys

15:44:27.0022 2376 IPMIDRV - ok

15:44:27.0038 2376 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys

15:44:27.0038 2376 IPNAT - ok

15:44:27.0053 2376 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys

15:44:27.0053 2376 IRENUM - ok

15:44:27.0069 2376 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys

15:44:27.0069 2376 isapnp - ok

15:44:27.0100 2376 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys

15:44:27.0100 2376 iScsiPrt - ok

15:44:27.0131 2376 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys

15:44:27.0131 2376 kbdclass - ok

15:44:27.0131 2376 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys

15:44:27.0131 2376 kbdhid - ok

15:44:27.0147 2376 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe

15:44:27.0147 2376 KeyIso - ok

15:44:27.0178 2376 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys

15:44:27.0178 2376 KSecDD - ok

15:44:27.0209 2376 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys

15:44:27.0209 2376 KSecPkg - ok

15:44:27.0225 2376 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys

15:44:27.0225 2376 ksthunk - ok

15:44:27.0256 2376 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll

15:44:27.0256 2376 KtmRm - ok

15:44:27.0303 2376 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll

15:44:27.0303 2376 LanmanServer - ok

15:44:27.0334 2376 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll

15:44:27.0334 2376 LanmanWorkstation - ok

15:44:27.0396 2376 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys

15:44:27.0396 2376 lltdio - ok

15:44:27.0443 2376 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll

15:44:27.0443 2376 lltdsvc - ok

15:44:27.0459 2376 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll

15:44:27.0459 2376 lmhosts - ok

15:44:27.0521 2376 [ 98B16E756243BEA9410E32025B19C06F ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

15:44:27.0521 2376 LMS - ok

15:44:27.0552 2376 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys

15:44:27.0552 2376 LSI_FC - ok

15:44:27.0568 2376 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys

15:44:27.0568 2376 LSI_SAS - ok

15:44:27.0568 2376 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys

15:44:27.0568 2376 LSI_SAS2 - ok

15:44:27.0584 2376 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys

15:44:27.0584 2376 LSI_SCSI - ok

15:44:27.0599 2376 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys

15:44:27.0615 2376 luafv - ok

15:44:27.0677 2376 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe

15:44:27.0677 2376 McComponentHostService - ok

15:44:27.0693 2376 McMPFSvc - ok

15:44:27.0724 2376 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll

15:44:27.0724 2376 Mcx2Svc - ok

15:44:27.0724 2376 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys

15:44:27.0724 2376 megasas - ok

15:44:27.0755 2376 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys

15:44:27.0755 2376 MegaSR - ok

15:44:27.0802 2376 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys

15:44:27.0802 2376 MEIx64 - ok

15:44:27.0833 2376 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll

15:44:27.0833 2376 MMCSS - ok

15:44:27.0833 2376 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys

15:44:27.0833 2376 Modem - ok

15:44:27.0864 2376 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys

15:44:27.0864 2376 monitor - ok

15:44:27.0896 2376 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys

15:44:27.0896 2376 mouclass - ok

15:44:27.0911 2376 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys

15:44:27.0911 2376 mouhid - ok

15:44:27.0942 2376 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys

15:44:27.0942 2376 mountmgr - ok

15:44:27.0989 2376 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

15:44:27.0989 2376 MozillaMaintenance - ok

15:44:28.0020 2376 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys

15:44:28.0020 2376 mpio - ok

15:44:28.0052 2376 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys

15:44:28.0052 2376 mpsdrv - ok

15:44:28.0098 2376 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll

15:44:28.0114 2376 MpsSvc - ok

15:44:28.0114 2376 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys

15:44:28.0114 2376 MRxDAV - ok

15:44:28.0130 2376 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys

15:44:28.0130 2376 mrxsmb - ok

15:44:28.0145 2376 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys

15:44:28.0145 2376 mrxsmb10 - ok

15:44:28.0161 2376 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys

15:44:28.0161 2376 mrxsmb20 - ok

15:44:28.0176 2376 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys

15:44:28.0176 2376 msahci - ok

15:44:28.0192 2376 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys

15:44:28.0192 2376 msdsm - ok

15:44:28.0208 2376 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe

15:44:28.0208 2376 MSDTC - ok

15:44:28.0223 2376 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys

15:44:28.0223 2376 Msfs - ok

15:44:28.0254 2376 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys

15:44:28.0254 2376 mshidkmdf - ok

15:44:28.0270 2376 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys

15:44:28.0270 2376 msisadrv - ok

15:44:28.0301 2376 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll

15:44:28.0301 2376 MSiSCSI - ok

15:44:28.0301 2376 msiserver - ok

15:44:28.0348 2376 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys

15:44:28.0348 2376 MSKSSRV - ok

15:44:28.0364 2376 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys

15:44:28.0364 2376 MSPCLOCK - ok

15:44:28.0379 2376 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys

15:44:28.0379 2376 MSPQM - ok

15:44:28.0410 2376 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys

15:44:28.0410 2376 MsRPC - ok

15:44:28.0442 2376 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys

15:44:28.0442 2376 mssmbios - ok

15:44:28.0457 2376 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys

15:44:28.0457 2376 MSTEE - ok

15:44:28.0473 2376 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys

15:44:28.0473 2376 MTConfig - ok

15:44:28.0504 2376 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys

15:44:28.0504 2376 Mup - ok

15:44:28.0535 2376 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll

15:44:28.0535 2376 napagent - ok

15:44:28.0566 2376 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys

15:44:28.0566 2376 NativeWifiP - ok

15:44:28.0629 2376 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys

15:44:28.0629 2376 NDIS - ok

15:44:28.0676 2376 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys

15:44:28.0676 2376 NdisCap - ok

15:44:28.0691 2376 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys

15:44:28.0691 2376 NdisTapi - ok

15:44:28.0707 2376 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys

15:44:28.0707 2376 Ndisuio - ok

15:44:28.0722 2376 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys

15:44:28.0722 2376 NdisWan - ok

15:44:28.0738 2376 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys

15:44:28.0738 2376 NDProxy - ok

15:44:28.0754 2376 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys

15:44:28.0754 2376 NetBIOS - ok

15:44:28.0769 2376 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys

15:44:28.0769 2376 NetBT - ok

15:44:28.0785 2376 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe

15:44:28.0785 2376 Netlogon - ok

15:44:28.0816 2376 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll

15:44:28.0832 2376 Netman - ok

15:44:28.0847 2376 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:44:28.0847 2376 NetMsmqActivator - ok

15:44:28.0863 2376 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:44:28.0863 2376 NetPipeActivator - ok

15:44:28.0894 2376 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll

15:44:28.0894 2376 netprofm - ok

15:44:28.0894 2376 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:44:28.0894 2376 NetTcpActivator - ok

15:44:28.0894 2376 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:44:28.0910 2376 NetTcpPortSharing - ok

15:44:28.0941 2376 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys

15:44:28.0941 2376 nfrd960 - ok

15:44:28.0956 2376 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll

15:44:28.0972 2376 NlaSvc - ok

15:44:29.0097 2376 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

15:44:29.0112 2376 NOBU - ok

15:44:29.0128 2376 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys

15:44:29.0128 2376 Npfs - ok

15:44:29.0159 2376 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll

15:44:29.0159 2376 nsi - ok

15:44:29.0190 2376 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys

15:44:29.0190 2376 nsiproxy - ok

15:44:29.0237 2376 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys

15:44:29.0253 2376 Ntfs - ok

15:44:29.0268 2376 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys

15:44:29.0268 2376 Null - ok

15:44:29.0284 2376 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys

15:44:29.0284 2376 nvraid - ok

15:44:29.0300 2376 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys

15:44:29.0300 2376 nvstor - ok

15:44:29.0331 2376 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys

15:44:29.0331 2376 nv_agp - ok

15:44:29.0346 2376 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys

15:44:29.0346 2376 ohci1394 - ok

15:44:29.0378 2376 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll

15:44:29.0378 2376 p2pimsvc - ok

15:44:29.0424 2376 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll

15:44:29.0440 2376 p2psvc - ok

15:44:29.0456 2376 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys

15:44:29.0456 2376 Parport - ok

15:44:29.0487 2376 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys

15:44:29.0487 2376 partmgr - ok

15:44:29.0502 2376 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll

15:44:29.0502 2376 PcaSvc - ok

15:44:29.0534 2376 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys

15:44:29.0534 2376 pci - ok

15:44:29.0549 2376 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys

15:44:29.0549 2376 pciide - ok

15:44:29.0565 2376 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys

15:44:29.0565 2376 pcmcia - ok

15:44:29.0580 2376 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys

15:44:29.0580 2376 pcw - ok

15:44:29.0612 2376 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys

15:44:29.0612 2376 PEAUTH - ok

15:44:29.0690 2376 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe

15:44:29.0690 2376 PerfHost - ok

15:44:29.0736 2376 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll

15:44:29.0736 2376 pla - ok

15:44:29.0783 2376 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll

15:44:29.0783 2376 PlugPlay - ok

15:44:29.0799 2376 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll

15:44:29.0799 2376 PNRPAutoReg - ok

15:44:29.0814 2376 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll

15:44:29.0814 2376 PNRPsvc - ok

15:44:29.0846 2376 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll

15:44:29.0861 2376 PolicyAgent - ok

15:44:29.0861 2376 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\windows\system32\umpo.dll

15:44:29.0861 2376 Power - ok

15:44:29.0908 2376 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys

15:44:29.0908 2376 PptpMiniport - ok

15:44:29.0939 2376 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys

15:44:29.0939 2376 Processor - ok

15:44:29.0955 2376 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll

15:44:29.0970 2376 ProfSvc - ok

15:44:29.0986 2376 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe

15:44:29.0986 2376 ProtectedStorage - ok

15:44:30.0017 2376 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys

15:44:30.0017 2376 Psched - ok

15:44:30.0048 2376 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys

15:44:30.0048 2376 PxHlpa64 - ok

15:44:30.0095 2376 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys

15:44:30.0095 2376 ql2300 - ok

15:44:30.0095 2376 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys

15:44:30.0095 2376 ql40xx - ok

15:44:30.0126 2376 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll

15:44:30.0142 2376 QWAVE - ok

15:44:30.0158 2376 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys

15:44:30.0158 2376 QWAVEdrv - ok

15:44:30.0173 2376 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys

15:44:30.0173 2376 RasAcd - ok

15:44:30.0204 2376 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys

15:44:30.0204 2376 RasAgileVpn - ok

15:44:30.0220 2376 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll

15:44:30.0220 2376 RasAuto - ok

15:44:30.0236 2376 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys

15:44:30.0236 2376 Rasl2tp - ok

15:44:30.0251 2376 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll

15:44:30.0267 2376 RasMan - ok

15:44:30.0282 2376 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys

15:44:30.0282 2376 RasPppoe - ok

15:44:30.0298 2376 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys

15:44:30.0298 2376 RasSstp - ok

15:44:30.0314 2376 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys

15:44:30.0314 2376 rdbss - ok

15:44:30.0329 2376 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys

15:44:30.0329 2376 rdpbus - ok

15:44:30.0360 2376 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys

15:44:30.0360 2376 RDPCDD - ok

15:44:30.0360 2376 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys

15:44:30.0360 2376 RDPENCDD - ok

15:44:30.0392 2376 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys

15:44:30.0392 2376 RDPREFMP - ok

15:44:30.0407 2376 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys

15:44:30.0407 2376 RDPWD - ok

15:44:30.0438 2376 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys

15:44:30.0438 2376 rdyboost - ok

15:44:30.0470 2376 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll

15:44:30.0485 2376 RemoteAccess - ok

15:44:30.0516 2376 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll

15:44:30.0516 2376 RemoteRegistry - ok

15:44:30.0532 2376 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys

15:44:30.0548 2376 RFCOMM - ok

15:44:30.0688 2376 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe

15:44:30.0704 2376 RoxMediaDB12OEM - ok

15:44:30.0735 2376 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe

15:44:30.0750 2376 RoxWatch12 - ok

15:44:30.0766 2376 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll

15:44:30.0766 2376 RpcEptMapper - ok

15:44:30.0797 2376 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe

15:44:30.0797 2376 RpcLocator - ok

15:44:30.0813 2376 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll

15:44:30.0813 2376 RpcSs - ok

15:44:30.0860 2376 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys

15:44:30.0860 2376 rspndr - ok

15:44:30.0906 2376 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys

15:44:30.0906 2376 RSUSBSTOR - ok

15:44:30.0938 2376 [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys

15:44:30.0938 2376 RTL8167 - ok

15:44:30.0953 2376 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe

15:44:30.0969 2376 SamSs - ok

15:44:30.0984 2376 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys

15:44:30.0984 2376 sbp2port - ok

15:44:31.0031 2376 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll

15:44:31.0031 2376 SCardSvr - ok

15:44:31.0047 2376 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys

15:44:31.0047 2376 scfilter - ok

15:44:31.0078 2376 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll

15:44:31.0078 2376 Schedule - ok

15:44:31.0109 2376 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll

15:44:31.0109 2376 SCPolicySvc - ok

15:44:31.0125 2376 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll

15:44:31.0125 2376 SDRSVC - ok

15:44:31.0156 2376 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys

15:44:31.0156 2376 secdrv - ok

15:44:31.0172 2376 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll

15:44:31.0172 2376 seclogon - ok

15:44:31.0218 2376 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll

15:44:31.0218 2376 SENS - ok

15:44:31.0234 2376 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll

15:44:31.0234 2376 SensrSvc - ok

15:44:31.0250 2376 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys

15:44:31.0250 2376 Serenum - ok

15:44:31.0265 2376 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys

15:44:31.0265 2376 Serial - ok

15:44:31.0296 2376 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys

15:44:31.0296 2376 sermouse - ok

15:44:31.0312 2376 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll

15:44:31.0312 2376 SessionEnv - ok

15:44:31.0312 2376 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys

15:44:31.0312 2376 sffdisk - ok

15:44:31.0312 2376 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys

15:44:31.0312 2376 sffp_mmc - ok

15:44:31.0328 2376 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys

15:44:31.0328 2376 sffp_sd - ok

15:44:31.0328 2376 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys

15:44:31.0328 2376 sfloppy - ok

15:44:31.0374 2376 [ E1974A92AC0914A3859359A0A8C82C68 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

15:44:31.0374 2376 SftService - ok

15:44:31.0406 2376 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll

15:44:31.0406 2376 SharedAccess - ok

15:44:31.0437 2376 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll

15:44:31.0437 2376 ShellHWDetection - ok

15:44:31.0468 2376 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys

15:44:31.0468 2376 SiSRaid2 - ok

15:44:31.0484 2376 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys

15:44:31.0484 2376 SiSRaid4 - ok

15:44:31.0593 2376 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

15:44:31.0608 2376 Skype C2C Service - ok

15:44:31.0671 2376 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

15:44:31.0671 2376 SkypeUpdate - ok

15:44:31.0702 2376 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys

15:44:31.0702 2376 Smb - ok

15:44:31.0749 2376 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe

15:44:31.0749 2376 SNMPTRAP - ok

15:44:31.0780 2376 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys

15:44:31.0780 2376 spldr - ok

15:44:31.0827 2376 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe

15:44:31.0827 2376 Spooler - ok

15:44:31.0905 2376 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe

15:44:31.0920 2376 sppsvc - ok

15:44:31.0936 2376 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll

15:44:31.0936 2376 sppuinotify - ok

15:44:31.0983 2376 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys

15:44:31.0983 2376 srv - ok

15:44:31.0998 2376 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys

15:44:32.0014 2376 srv2 - ok

15:44:32.0014 2376 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys

15:44:32.0014 2376 srvnet - ok

15:44:32.0045 2376 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll

15:44:32.0045 2376 SSDPSRV - ok

15:44:32.0061 2376 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll

15:44:32.0061 2376 SstpSvc - ok

15:44:32.0139 2376 [ A6B2EC3A2B6AD7C3F7B2F3495CADE4C0 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe

15:44:32.0139 2376 STacSV - ok

15:44:32.0154 2376 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys

15:44:32.0154 2376 stexstor - ok

15:44:32.0201 2376 [ EBA98394A7D58F7552C52192BD8FA7E6 ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys

15:44:32.0201 2376 STHDA - ok

15:44:32.0232 2376 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll

15:44:32.0232 2376 stisvc - ok

15:44:32.0295 2376 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

15:44:32.0295 2376 stllssvr - ok

15:44:32.0326 2376 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys

15:44:32.0326 2376 swenum - ok

15:44:32.0373 2376 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll

15:44:32.0373 2376 swprv - ok

15:44:32.0420 2376 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll

15:44:32.0435 2376 SysMain - ok

15:44:32.0466 2376 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll

15:44:32.0466 2376 TabletInputService - ok

15:44:32.0498 2376 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll

15:44:32.0498 2376 TapiSrv - ok

15:44:32.0513 2376 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll

15:44:32.0513 2376 TBS - ok

15:44:32.0576 2376 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys

15:44:32.0591 2376 Tcpip - ok

15:44:32.0638 2376 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys

15:44:32.0654 2376 TCPIP6 - ok

15:44:32.0685 2376 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys

15:44:32.0685 2376 tcpipreg - ok

15:44:32.0700 2376 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys

15:44:32.0700 2376 TDPIPE - ok

15:44:32.0716 2376 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys

15:44:32.0716 2376 TDTCP - ok

15:44:32.0732 2376 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys

15:44:32.0747 2376 tdx - ok

15:44:32.0763 2376 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys

15:44:32.0763 2376 TermDD - ok

15:44:32.0810 2376 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll

15:44:32.0810 2376 TermService - ok

15:44:32.0841 2376 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll

15:44:32.0841 2376 Themes - ok

15:44:32.0872 2376 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll

15:44:32.0872 2376 THREADORDER - ok

15:44:32.0903 2376 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll

15:44:32.0919 2376 TrkWks - ok

15:44:32.0981 2376 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe

15:44:32.0981 2376 TrustedInstaller - ok

15:44:32.0997 2376 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys

15:44:32.0997 2376 tssecsrv - ok

15:44:33.0028 2376 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys

15:44:33.0028 2376 TsUsbFlt - ok

15:44:33.0075 2376 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys

15:44:33.0075 2376 TsUsbGD - ok

15:44:33.0090 2376 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys

15:44:33.0090 2376 tunnel - ok

15:44:33.0122 2376 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys

15:44:33.0122 2376 uagp35 - ok

15:44:33.0137 2376 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys

15:44:33.0137 2376 udfs - ok

15:44:33.0168 2376 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe

15:44:33.0168 2376 UI0Detect - ok

15:44:33.0184 2376 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys

15:44:33.0184 2376 uliagpkx - ok

15:44:33.0215 2376 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys

15:44:33.0215 2376 umbus - ok

15:44:33.0231 2376 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys

15:44:33.0231 2376 UmPass - ok

15:44:33.0340 2376 [ 7A78ED1088890114DFDE2C4AB038D6B6 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

15:44:33.0356 2376 UNS - ok

15:44:33.0387 2376 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll

15:44:33.0402 2376 upnphost - ok

15:44:33.0434 2376 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys

15:44:33.0434 2376 usbccgp - ok

15:44:33.0465 2376 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys

15:44:33.0465 2376 usbcir - ok

15:44:33.0480 2376 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys

15:44:33.0480 2376 usbehci - ok

15:44:33.0527 2376 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys

15:44:33.0527 2376 usbhub - ok

15:44:33.0543 2376 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys

15:44:33.0543 2376 usbohci - ok

15:44:33.0558 2376 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys

15:44:33.0558 2376 usbprint - ok

15:44:33.0590 2376 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS

15:44:33.0590 2376 USBSTOR - ok

15:44:33.0590 2376 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys

15:44:33.0590 2376 usbuhci - ok

15:44:33.0621 2376 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys

15:44:33.0621 2376 usbvideo - ok

15:44:33.0636 2376 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll

15:44:33.0636 2376 UxSms - ok

15:44:33.0668 2376 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe

15:44:33.0668 2376 VaultSvc - ok

15:44:33.0699 2376 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys

15:44:33.0699 2376 vdrvroot - ok

15:44:33.0714 2376 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe

15:44:33.0714 2376 vds - ok

15:44:33.0777 2376 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys

15:44:33.0777 2376 vga - ok

15:44:33.0792 2376 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys

15:44:33.0792 2376 VgaSave - ok

15:44:33.0808 2376 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys

15:44:33.0808 2376 vhdmp - ok

15:44:33.0824 2376 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys

15:44:33.0824 2376 viaide - ok

15:44:33.0839 2376 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys

15:44:33.0839 2376 volmgr - ok

15:44:33.0870 2376 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys

15:44:33.0886 2376 volmgrx - ok

15:44:33.0902 2376 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys

15:44:33.0902 2376 volsnap - ok

15:44:33.0933 2376 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys

15:44:33.0933 2376 vsmraid - ok

15:44:33.0980 2376 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe

15:44:33.0995 2376 VSS - ok

15:44:34.0026 2376 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys

15:44:34.0026 2376 vwifibus - ok

15:44:34.0042 2376 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys

15:44:34.0058 2376 vwififlt - ok

15:44:34.0073 2376 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll

15:44:34.0089 2376 W32Time - ok

15:44:34.0104 2376 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys

15:44:34.0104 2376 WacomPen - ok

15:44:34.0136 2376 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys

15:44:34.0136 2376 WANARP - ok

15:44:34.0151 2376 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys

15:44:34.0151 2376 Wanarpv6 - ok

15:44:34.0198 2376 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe

15:44:34.0214 2376 WatAdminSvc - ok

15:44:34.0260 2376 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe

15:44:34.0260 2376 wbengine - ok

15:44:34.0276 2376 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll

15:44:34.0276 2376 WbioSrvc - ok

15:44:34.0292 2376 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll

15:44:34.0292 2376 wcncsvc - ok

15:44:34.0323 2376 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll

15:44:34.0323 2376 WcsPlugInService - ok

15:44:34.0354 2376 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys

15:44:34.0354 2376 Wd - ok

15:44:34.0385 2376 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys

15:44:34.0385 2376 Wdf01000 - ok

15:44:34.0401 2376 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll

15:44:34.0401 2376 WdiServiceHost - ok

15:44:34.0401 2376 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll

15:44:34.0401 2376 WdiSystemHost - ok

15:44:34.0432 2376 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll

15:44:34.0432 2376 WebClient - ok

15:44:34.0463 2376 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll

15:44:34.0463 2376 Wecsvc - ok

15:44:34.0479 2376 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll

15:44:34.0479 2376 wercplsupport - ok

15:44:34.0494 2376 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll

15:44:34.0494 2376 WerSvc - ok

15:44:34.0510 2376 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys

15:44:34.0526 2376 WfpLwf - ok

15:44:34.0557 2376 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\windows\system32\DRIVERS\wimfltr.sys

15:44:34.0557 2376 WimFltr - ok

15:44:34.0588 2376 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys

15:44:34.0588 2376 WIMMount - ok

15:44:34.0604 2376 WinDefend - ok

15:44:34.0619 2376 WinHttpAutoProxySvc - ok

15:44:34.0682 2376 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll

15:44:34.0682 2376 Winmgmt - ok

15:44:34.0744 2376 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll

15:44:34.0744 2376 WinRM - ok

15:44:34.0806 2376 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys

15:44:34.0806 2376 WinUsb - ok

15:44:34.0853 2376 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll

15:44:34.0869 2376 Wlansvc - ok

15:44:34.0916 2376 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

15:44:34.0916 2376 wlcrasvc - ok

15:44:34.0978 2376 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

15:44:34.0994 2376 wlidsvc - ok

15:44:35.0040 2376 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys

15:44:35.0040 2376 WmiAcpi - ok

15:44:35.0072 2376 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe

15:44:35.0072 2376 wmiApSrv - ok

15:44:35.0103 2376 WMPNetworkSvc - ok

15:44:35.0134 2376 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll

15:44:35.0134 2376 WPCSvc - ok

15:44:35.0134 2376 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll

15:44:35.0134 2376 WPDBusEnum - ok

15:44:35.0165 2376 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys

15:44:35.0165 2376 ws2ifsl - ok

15:44:35.0181 2376 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll

15:44:35.0181 2376 wscsvc - ok

15:44:35.0181 2376 WSearch - ok

15:44:35.0243 2376 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll

15:44:35.0259 2376 wuauserv - ok

15:44:35.0274 2376 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys

15:44:35.0274 2376 WudfPf - ok

15:44:35.0321 2376 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys

15:44:35.0321 2376 WUDFRd - ok

15:44:35.0352 2376 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll

15:44:35.0352 2376 wudfsvc - ok

15:44:35.0368 2376 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll

15:44:35.0368 2376 WwanSvc - ok

15:44:35.0399 2376 ================ Scan global ===============================

15:44:35.0415 2376 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll

15:44:35.0446 2376 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll

15:44:35.0462 2376 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll

15:44:35.0477 2376 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll

15:44:35.0524 2376 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe

15:44:35.0524 2376 [Global] - ok

15:44:35.0524 2376 ================ Scan MBR ==================================

15:44:35.0540 2376 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

15:44:35.0540 2376 Suspicious mbr (Forged): \Device\Harddisk0\DR0

15:44:35.0602 2376 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

15:44:35.0602 2376 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

15:44:35.0602 2376 [ E3255F24EB30D0E706AAD12BD4F2B4C2 ] \Device\Harddisk1\DR3

15:44:37.0146 2376 \Device\Harddisk1\DR3 - ok

15:44:37.0146 2376 ================ Scan VBR ==================================

15:44:37.0162 2376 [ B4A651EA79A9998884DA67ECFFB5E2E7 ] \Device\Harddisk0\DR0\Partition1

15:44:37.0178 2376 \Device\Harddisk0\DR0\Partition1 - ok

15:44:37.0209 2376 [ 9353CF31A6EC515E78353D1600509A2F ] \Device\Harddisk0\DR0\Partition2

15:44:37.0224 2376 \Device\Harddisk0\DR0\Partition2 - ok

15:44:37.0224 2376 ============================================================

15:44:37.0224 2376 Scan finished

15:44:37.0224 2376 ============================================================

15:44:37.0224 3760 Detected object count: 1

15:44:37.0224 3760 Actual detected object count: 1

15:44:55.0632 3760 \Device\Harddisk0\DR0\# - copied to quarantine

15:44:55.0632 3760 \Device\Harddisk0\DR0 - copied to quarantine

15:44:55.0695 3760 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

15:44:55.0710 3760 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

15:44:55.0710 3760 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

15:44:55.0710 3760 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

15:44:55.0710 3760 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

15:44:55.0726 3760 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

15:44:55.0726 3760 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

15:44:55.0726 3760 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

15:44:55.0726 3760 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

15:44:55.0726 3760 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

15:44:55.0726 3760 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

15:44:55.0726 3760 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

15:44:55.0726 3760 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

15:44:55.0726 3760 \Device\Harddisk0\DR0 - ok

15:44:55.0804 3760 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

15:45:01.0014 2016 Deinitialize success

second:

15:46:00.0427 3384 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

15:46:00.0802 3384 ============================================================

15:46:00.0802 3384 Current date / time: 2012/11/17 15:46:00.0802

15:46:00.0802 3384 SystemInfo:

15:46:00.0802 3384

15:46:00.0802 3384 OS Version: 6.1.7601 ServicePack: 1.0

15:46:00.0802 3384 Product type: Workstation

15:46:00.0802 3384 ComputerName: AVIATOR8-PC

15:46:00.0802 3384 UserName: aviator8

15:46:00.0802 3384 Windows directory: C:\windows

15:46:00.0802 3384 System windows directory: C:\windows

15:46:00.0802 3384 Running under WOW64

15:46:00.0802 3384 Processor architecture: Intel x64

15:46:00.0802 3384 Number of processors: 4

15:46:00.0802 3384 Page size: 0x1000

15:46:00.0802 3384 Boot type: Normal boot

15:46:00.0802 3384 ============================================================

15:46:01.0738 3384 BG loaded

15:46:02.0138 3384 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:46:02.0138 3384 Drive \Device\Harddisk1\DR1 - Size: 0x1E2000000 (7.53 Gb), SectorSize: 0x200, Cylinders: 0x3D7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

15:46:02.0138 3384 ============================================================

15:46:02.0138 3384 \Device\Harddisk0\DR0:

15:46:02.0138 3384 MBR partitions:

15:46:02.0138 3384 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000

15:46:02.0138 3384 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030

15:46:02.0138 3384 \Device\Harddisk1\DR1:

15:46:02.0138 3384 MBR partitions:

15:46:02.0138 3384 ============================================================

15:46:02.0218 3384 C: <-> \Device\Harddisk0\DR0\Partition2

15:46:02.0218 3384 ============================================================

15:46:02.0218 3384 Initialize success

15:46:02.0218 3384 ============================================================

Link to post
Share on other sites

Download ComboFix from this location:

Link 1

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications

====================================================

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.

Link to post
Share on other sites

Good Morning. Here are the results of combofix

ComboFix 12-11-16.02 - aviator8 11/18/2012 10:54:41.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4004.2633 [GMT -5:00]

Running from: c:\users\aviator8\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\$recycle.bin\S-1-5-21-928059848-1520413163-3489737491-1000\$3b99f81f31d5dbab1bcf87d0107a285a\@

c:\$recycle.bin\S-1-5-21-928059848-1520413163-3489737491-1000\$3b99f81f31d5dbab1bcf87d0107a285a\n

c:\$recycle.bin\S-1-5-21-928059848-1520413163-3489737491-1000\$3b99f81f31d5dbab1bcf87d0107a285a\U\00000001.@

c:\$recycle.bin\S-1-5-21-928059848-1520413163-3489737491-1000\$3b99f81f31d5dbab1bcf87d0107a285a\U\80000000.@

c:\$recycle.bin\S-1-5-21-928059848-1520413163-3489737491-1000\$3b99f81f31d5dbab1bcf87d0107a285a\U\800000cb.@

c:\programdata\Microsoft\Windows\DRM\1EC1.tmp

c:\programdata\Microsoft\Windows\DRM\1EC2.tmp

c:\users\aviator8\AppData\Local\dealcabby

c:\users\aviator8\AppData\Local\dealcabby\ie\dealcabby_20121004075001.dll

c:\users\aviator8\AppData\Local\dealcabby\license.txt

c:\users\aviator8\AppData\Local\dealcabby\sqlite3.exe

c:\users\aviator8\AppData\Local\dealcabby\uninst.exe

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\bootstrap.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\defaults\preferences\prefs.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\harness-options.json

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\icon.png

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\icon64.png

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\install.rdf

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\locale\en-GB.json

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\locale\eo.json

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\locale\fr-FR.json

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\locales.json

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\addon-kit\lib\page-mod.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\addon-kit\lib\request.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\addon-kit\lib\windows.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\data\content-proxy.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\data\test-content-symbiont.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\data\test-message-manager.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\data\test-trusted-document.html

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\data\worker.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\api-utils.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\base.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\byte-streams.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\channel.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\collection.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\content.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\content\loader.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\content\symbiont.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\content\worker.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\cortex.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\cuddlefish.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\dom\events.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\environment.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\errors.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\event\core.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\event\target.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\events.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\events\assembler.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\file.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\functional.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\globals!.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\hidden-frame.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\light-traits.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\list.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\match-pattern.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\memory.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\message-manager.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\namespace.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\observer-service.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\plain-text-console.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\preferences-service.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\process.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\querystring.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\runtime.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\sandbox.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\self!.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\system.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\tabs\events.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\tabs\observer.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\tabs\tab.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\tabs\utils.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\text-streams.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\timer.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\traceback.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\traits.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\traits\core.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\unload.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\url.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\utils\data.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\utils\object.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\utils\registry.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\utils\thumbnail.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\uuid.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\window-utils.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\window\utils.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\windows\dom.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\windows\loader.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\windows\observer.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\windows\tabs.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\xhr.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\xpcom.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\api-utils\lib\xul-app.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\dealcabby\lib\main.js

c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\extensions\dealcabby@jetpack\resources\dealcabby\lib\main.js.old

c:\users\aviator8\AppData\Roaming\system\svchost.exe

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-10-18 to 2012-11-18 )))))))))))))))))))))))))))))))

.

.

2012-11-18 15:58 . 2012-11-18 15:58 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-18 08:35 . 2012-11-18 08:35 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F2B00DF7-BCB7-49F0-A019-3105EE929862}\offreg.dll

2012-11-18 08:11 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-18 08:11 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-18 08:11 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-18 08:11 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-18 08:03 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-18 08:03 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-11-18 08:03 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-18 08:03 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-18 08:03 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-18 08:02 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-18 08:02 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-17 20:44 . 2012-11-17 20:44 -------- d-----w- C:\TDSSKiller_Quarantine

2012-11-17 16:51 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F2B00DF7-BCB7-49F0-A019-3105EE929862}\mpengine.dll

2012-11-17 16:51 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-11-17 16:51 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-11-17 16:51 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-11-17 16:51 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

2012-11-17 16:51 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys

2012-11-03 03:42 . 2012-11-18 15:58 -------- d-----w- c:\users\aviator8\AppData\Roaming\System

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-18 08:04 . 2012-07-16 18:36 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-10-09 15:45 . 2012-07-10 16:35 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-09 15:45 . 2012-03-04 04:06 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-09 03:51 . 2012-10-09 03:51 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-09-14 19:19 . 2012-10-11 00:33 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-11 00:33 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-08-31 18:19 . 2012-10-11 00:34 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-30 18:03 . 2012-10-11 00:34 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-11 00:34 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12 . 2012-10-11 00:34 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-08-24 18:05 . 2012-10-11 00:34 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 16:57 . 2012-10-11 00:34 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-08-22 18:12 . 2012-09-17 06:10 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-17 06:10 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-17 06:10 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 21:01 . 2012-09-27 02:49 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-08-20 18:48 . 2012-10-11 00:34 243200 ----a-w- c:\windows\system32\wow64.dll

2012-08-20 18:48 . 2012-10-11 00:34 362496 ----a-w- c:\windows\system32\wow64win.dll

2012-08-20 18:48 . 2012-10-11 00:34 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2012-08-20 18:48 . 2012-10-11 00:34 215040 ----a-w- c:\windows\system32\winsrv.dll

2012-08-20 18:48 . 2012-10-11 00:34 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2012-08-20 18:48 . 2012-10-11 00:34 424448 ----a-w- c:\windows\system32\KernelBase.dll

2012-08-20 18:48 . 2012-10-11 00:34 1162240 ----a-w- c:\windows\system32\kernel32.dll

2012-08-20 18:46 . 2012-10-11 00:34 338432 ----a-w- c:\windows\system32\conhost.exe

2012-08-20 18:38 . 2012-10-11 00:34 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 18:38 . 2012-10-11 00:34 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 18:38 . 2012-10-11 00:34 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 18:38 . 2012-10-11 00:34 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 18:38 . 2012-10-11 00:34 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 18:38 . 2012-10-11 00:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 18:38 . 2012-10-11 00:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 18:38 . 2012-10-11 00:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 18:38 . 2012-10-11 00:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 18:38 . 2012-10-11 00:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 18:38 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 18:38 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-08-20 18:38 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-08-20 18:38 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 18:38 . 2012-10-11 00:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 18:38 . 2012-10-11 00:34 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-08-20 18:38 . 2012-10-11 00:34 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 18:38 . 2012-10-11 00:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 18:38 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-08-20 18:38 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 18:38 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-08-20 18:38 . 2012-10-11 00:34 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-08-20 18:38 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 18:38 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-20 18:38 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-08-20 18:38 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-08-20 18:38 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-08-20 18:38 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-08-20 17:40 . 2012-10-11 00:34 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2012-08-20 17:38 . 2012-10-11 00:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-08-20 17:38 . 2012-10-11 00:34 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2012-08-20 17:37 . 2012-10-11 00:34 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2012-08-20 17:37 . 2012-10-11 00:34 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

2012-08-20 17:32 . 2012-10-11 00:34 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 17:32 . 2012-10-11 00:34 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 17:32 . 2012-10-11 00:34 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 17:32 . 2012-10-11 00:34 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 17:32 . 2012-10-11 00:34 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 17:32 . 2012-10-11 00:34 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 17:32 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2012-08-20 17:32 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 17:32 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 17:32 . 2012-10-11 00:34 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2012-08-20 17:32 . 2012-10-11 00:34 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 17:32 . 2012-10-11 00:34 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 17:32 . 2012-10-11 00:34 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 17:32 . 2012-10-11 00:34 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 17:32 . 2012-10-11 00:34 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 17:32 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2012-08-20 17:32 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

2012-08-20 17:32 . 2012-10-11 00:34 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 17:32 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 17:32 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-20 17:32 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

2012-08-20 17:32 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

2012-08-20 17:32 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

2012-08-20 17:32 . 2012-10-11 00:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6AB2B33D-A637-2F56-41D1-414D72009665}]

2012-06-27 13:36 654344 ----a-w- c:\program files (x86)\AwardWallet\bho32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-09 39408]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"Facebook Update"="c:\users\aviator8\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-10-03 138096]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]

"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2011-08-04 4165440]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]

"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-11-03 957440]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-12 163040]

"DSUpdateLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" [2010-07-21 18240]

"STToasterLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe" [2010-08-12 120032]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-1-13 1138464]

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-10 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]

S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]

S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-08-18 349736]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-08-18 39464]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 533096]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-10 15:45]

.

2012-11-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-928059848-1520413163-3489737491-1000Core.job

- c:\users\aviator8\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-03 13:20]

.

2012-11-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-928059848-1520413163-3489737491-1000UA.job

- c:\users\aviator8\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-03 13:20]

.

2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-09 01:00]

.

2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-09 01:00]

.

2012-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928059848-1520413163-3489737491-1000Core.job

- c:\users\aviator8\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-04 23:59]

.

2012-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928059848-1520413163-3489737491-1000UA.job

- c:\users\aviator8\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-04 23:59]

.

2012-07-20 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]

.

2012-11-17 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\pcdrcui.exe [2011-12-14 04:09]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]

"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]

"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-11-03 2190704]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.excite.com/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

FF - ProfilePath - c:\users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.excite.com/

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2012-10-03 20:03; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{2D311D87-E36C-47A4-BF28-B31B48DE9773} - c:\users\aviator8\AppData\Local\dealcabby\ie\dealcabby_20121004075001.dll

Wow6432Node-HKCU-Run-Windows Services Host - c:\users\aviator8\AppData\Roaming\System\svchost.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

SafeBoot-59052895.sys

AddRemove-DealCabby - c:\users\aviator8\AppData\Local\dealcabby\uninst.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,

89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{2D311D87-E36C-47A4-BF28-B31B48DE9773}"=hex:51,66,7a,6c,4c,1d,38,12,e9,1e,22,

29,5e,ad,ca,02,c0,3e,f0,5b,4d,80,d3,67

"{6AB2B33D-A637-2F56-41D1-414D72009665}"=hex:51,66,7a,6c,4c,1d,38,12,53,b0,a1,

6e,05,e8,38,6a,3e,c7,02,0d,77,5e,d2,71

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:6f,b7,ae,a9,0d,c2,cd,01

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-18 11:00:14

ComboFix-quarantined-files.txt 2012-11-18 16:00

.

Pre-Run: 443,213,840,384 bytes free

Post-Run: 443,628,474,368 bytes free

.

- - End Of File - - 544B4C4B6F24EEBAB405B82F529A2583

Link to post
Share on other sites

Download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware

    [*]Then click Finish.[*]If an update is found, it will download and install the latest version.[*]Once the program has loaded, select Perform Quick scan, then click Scan.[*]When the scan is complete, click OK, then Show Results to view the results.[*]Be sure that everything is checked, and click Remove Selected.[*]When completed, a log will open in Notepad. Save it to your desktop.

Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

I see no evidence of an AntiVirus program on your system. This must be resolved. Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware.
Here are a few very good free Antivirus products which are available:

Select one of these, or another of your choice. Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

Install, update definitions, and run a full system scan with the Anti-Virus of your choice.

Please launch DDS

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop and post both in your next reply

Link to post
Share on other sites

OK ran Malware and fixed 2 items found.

ESET found 14 items and repaired

Installed Kaspersky and ran. It found the traces of the rootkit in quarantine, a java virus and one other, all either fixed or deleted

DDS log:

DDS (Ver_2012-11-07.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.5.1

Run by aviator8 at 21:19:29 on 2012-11-18

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4004.2227 [GMT -5:00]

.

AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\WLANExt.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\svchost.exe -k bthsvcs

C:\windows\System32\WUDFHost.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe

C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe

C:\windows\SysWOW64\RunDll32.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\taskeng.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.excite.com/

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

BHO: AwardWallet: {6AB2B33D-A637-2F56-41D1-414D72009665} - C:\Program Files (x86)\AwardWallet\bho32.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Facebook Update] "C:\Users\aviator8\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot

mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"

mRunOnce: [sTToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

TCP: NameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{8BF80D3B-3484-4C58-9762-E0CDFCB8A3D2} : DHCPNameServer = 172.6.1.161

TCP: Interfaces\{C6ADE2D9-95D4-40FF-81A7-242EC8CD10C7} : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{C6ADE2D9-95D4-40FF-81A7-242EC8CD10C7}\24F696E676F60284F6473707F647 : DHCPNameServer = 10.1.0.1

TCP: Interfaces\{C6ADE2D9-95D4-40FF-81A7-242EC8CD10C7}\66C697E6F62766F6C6B6 : DHCPNameServer = 10.1.0.1

TCP: Interfaces\{C6ADE2D9-95D4-40FF-81A7-242EC8CD10C7}\74564716771697 : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet

x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup

x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-Notify: klogon - C:\windows\System32\klogon.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\aviator8\AppData\Roaming\Mozilla\Firefox\Profiles\cmd810fj.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.excite.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\aviator8\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\aviator8\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2012-10-03 20:03; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2012-3-3 55856]

R1 kl2;kl2;C:\windows\System32\drivers\kl2.sys [2011-3-4 11864]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\drivers\klim6.sys [2011-3-10 29488]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-3-3 89600]

R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 206448]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-3 13336]

R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-3-3 689472]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-3 2656280]

R3 BTWAMPFL;BTWAMPFL;C:\windows\System32\drivers\btwampfl.sys [2012-3-3 349736]

R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2012-3-3 39464]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2012-3-3 176096]

R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-3-4 317440]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-3-3 533096]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]

S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\drivers\klmouflt.sys [2009-11-2 22544]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-3-4 250984]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-7-10 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-11-18 23:29:25 -------- d-sh--w- C:\$RECYCLE.BIN

2012-11-18 23:27:18 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F2B00DF7-BCB7-49F0-A019-3105EE929862}\offreg.dll

2012-11-18 23:27:14 -------- d-----w- C:\ProgramData\Kaspersky Lab

2012-11-18 23:27:14 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab

2012-11-18 22:38:38 -------- d-----w- C:\Program Files (x86)\ESET

2012-11-18 22:23:53 -------- d-----w- C:\Users\aviator8\AppData\Roaming\Malwarebytes

2012-11-18 15:53:50 98816 ----a-w- C:\windows\sed.exe

2012-11-18 15:53:50 256000 ----a-w- C:\windows\PEV.exe

2012-11-18 15:53:50 208896 ----a-w- C:\windows\MBR.exe

2012-11-18 08:11:57 9728 ----a-w- C:\windows\System32\Wdfres.dll

2012-11-18 08:11:57 785512 ----a-w- C:\windows\System32\drivers\Wdf01000.sys

2012-11-18 08:11:57 54376 ----a-w- C:\windows\System32\drivers\WdfLdr.sys

2012-11-18 08:11:57 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui

2012-11-18 08:03:04 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys

2012-11-18 08:03:04 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys

2012-11-18 08:03:01 84992 ----a-w- C:\windows\System32\WUDFSvc.dll

2012-11-18 08:03:01 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll

2012-11-18 08:03:00 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll

2012-11-18 08:02:59 744448 ----a-w- C:\windows\System32\WUDFx.dll

2012-11-18 08:02:59 229888 ----a-w- C:\windows\System32\WUDFHost.exe

2012-11-17 20:44:55 -------- d-----w- C:\TDSSKiller_Quarantine

2012-11-17 16:51:33 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F2B00DF7-BCB7-49F0-A019-3105EE929862}\mpengine.dll

2012-11-17 16:51:05 226816 ----a-w- C:\windows\System32\dhcpcore6.dll

2012-11-17 16:51:04 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll

2012-11-17 16:51:04 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll

2012-11-17 16:51:04 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll

2012-11-17 16:51:02 3149824 ----a-w- C:\windows\System32\win32k.sys

2012-11-03 03:42:25 -------- d-----w- C:\Users\aviator8\AppData\Roaming\System

.

==================== Find3M ====================

.

2012-10-09 15:45:03 696760 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-10-09 15:45:02 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-09 03:51:09 10220472 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe

2012-10-08 11:31:03 2312704 ----a-w- C:\windows\System32\jscript9.dll

2012-10-08 11:23:52 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-10-08 11:22:55 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-10-08 11:18:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-10-08 11:17:35 599040 ----a-w- C:\windows\System32\vbscript.dll

2012-10-08 11:13:33 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-10-08 07:56:24 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- C:\windows\SysWow64\vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-10-03 17:56:54 1914248 ----a-w- C:\windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\windows\System32\drivers\tcpipreg.sys

2012-09-25 22:47:43 78336 ----a-w- C:\windows\SysWow64\synceng.dll

2012-09-25 22:46:17 95744 ----a-w- C:\windows\System32\synceng.dll

2012-09-14 19:19:29 2048 ----a-w- C:\windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2012-08-31 18:19:35 1659760 ----a-w- C:\windows\System32\drivers\ntfs.sys

2012-08-30 18:03:45 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-08-30 17:12:02 3968880 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12:02 3914096 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-08-24 18:05:07 220160 ----a-w- C:\windows\System32\wintrust.dll

2012-08-24 16:57:48 172544 ----a-w- C:\windows\SysWow64\wintrust.dll

2012-08-22 18:12:40 950128 ----a-w- C:\windows\System32\drivers\ndis.sys

2012-08-22 18:12:40 376688 ----a-w- C:\windows\System32\drivers\netio.sys

2012-08-22 18:12:33 288624 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS

2012-08-21 21:01:00 245760 ----a-w- C:\windows\System32\OxpsConverter.exe

.

============= FINISH: 21:20:04.32 ===============

Attach log

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-07.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 7/8/2012 8:44:54 PM

System Uptime: 11/18/2012 7:57:42 PM (2 hours ago)

.

Motherboard: Dell Inc. | | 01HXXJ

Processor: Intel® Core i3-2350M CPU @ 2.30GHz | CPU 1 | 2300/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 411.507 GiB free.

D: is CDROM (CDFS)

E: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP20: 9/9/2012 1:28:03 PM - Installed Remote Control USB Driver

RP21: 9/9/2012 1:28:27 PM - Installed Logitech Harmony Remote Software 7

RP22: 9/17/2012 2:07:01 AM - Windows Update

RP23: 9/18/2012 3:00:44 AM - Windows Update

RP24: 9/26/2012 10:47:06 PM - Windows Update

RP25: 9/26/2012 10:47:37 PM - Scheduled Checkpoint

RP26: 9/27/2012 3:00:23 AM - Windows Update

RP27: 10/1/2012 1:21:02 PM - Windows Update

RP28: 10/5/2012 4:43:47 AM - Windows Update

RP29: 10/9/2012 10:34:14 PM - Windows Update

RP30: 10/11/2012 3:00:55 AM - Windows Update

RP31: 11/2/2012 11:41:18 PM - Windows Update

RP32: 11/10/2012 8:24:23 PM - Windows Update

RP33: 11/13/2012 9:07:13 PM - Windows Update

RP34: 11/17/2012 11:50:40 AM - Windows Update

RP35: 11/18/2012 3:01:05 AM - Windows Update

.

==== Installed Programs ======================

.

Accidental Damage Services Agreement

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X MUI

Advanced Audio FX Engine

AwardWallet (remove only)

Banctec Service Agreement

Bing Bar

Blio

Complete Care Business Service Agreement

Consumer In-Home Service Agreement

D3DX10

DealCabby

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Edoc Viewer

Dell Getting Started Guide

Dell Home Systems Service Agreement

Dell MusicStage

Dell PhotoStage

Dell Product Registration

Dell Stage

Dell Stage Remote

Dell Support Center

Dell Touchpad

Dell VideoStage

Dell Webcam Central

DirectX 9 Runtime

DW WLAN Card

ESET Online Scanner v3

Facebook Video Calling 1.2.0.287

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

IDT Audio

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Java Auto Updater

Java 7 Update 1 (64-bit)

Java 7 Update 5

JavaFX 2.1.1

Junk Mail filter update

Kaspersky Internet Security 2012

Logitech Harmony Remote Software 7

McAfee Security Scan Plus

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox 15.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

PhotoShowExpress

PlayReady PC Runtime x86

Premium Service Agreement

QualxServ Service Agreement

Quickset64

RBVirtualFolder64Inst

Realtek Ethernet Controller Driver

Realtek USB 2.0 Card Reader

Remote Control USB Driver

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Roxio File Backup

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Skype Click to Call

Skype™ 5.10

Sonic CinePlayer Decoder Pack

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

WIDCOMM Bluetooth Software

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Zinio Reader 4

.

==== Event Viewer Messages From Past Week ========

.

11/18/2012 6:26:15 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004

11/18/2012 6:26:11 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MfeFire. This service might not be installed.

11/18/2012 10:58:49 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

11/18/2012 10:58:03 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

11/18/2012 10:53:26 AM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).

11/17/2012 12:21:09 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

11/17/2012 12:21:09 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.

11/17/2012 12:21:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

.

==== End Of File ===========================

Link to post
Share on other sites

I also need the MBAM and ESET Logfiles.

Please post the most recent Malwarebytes Logfile

Launch Malwarebytes --> Logs --> click on the last Logfile. A notepad Window will appear. Copy/Paste its content here in your topic.

The ESET Log can be found in C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt

Link to post
Share on other sites

it appears like the kaspersky install removed malwarebytes, but I have the log file from my desktop:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.18.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

aviator8 :: AVIATOR8-PC [administrator]

11/18/2012 5:24:45 PM

mbam-log-2012-11-18 (17-24-45).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 205610

Time elapsed: 1 minute(s), 28 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2D311D87-E36C-47A4-BF28-B31B48DE9773} (Adware.DealCabby) -> Quarantined and deleted successfully.

HKCR\CLSID\{2D311D87-E36C-47A4-BF28-B31B48DE9773} (Adware.DealCabby) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

the eset log was just named log.txt, so i hope this is the right one:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=162234c09b66554a89b78887d6ce0f9e

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-11-18 11:19:44

# local_time=2012-11-18 06:19:44 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776573 100 94 0 104821935 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=121330

# found=14

# cleaned=14

# scan_time=2298

C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-928059848-1520413163-3489737491-1000\$3b99f81f31d5dbab1bcf87d0107a285a\n.vir Win64/Sirefef.AT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-928059848-1520413163-3489737491-1000\$3b99f81f31d5dbab1bcf87d0107a285a\U\80000000.@.vir Win64/Sirefef.AW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-928059848-1520413163-3489737491-1000\$3b99f81f31d5dbab1bcf87d0107a285a\U\800000cb.@.vir Win64/Sirefef.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\1EC1.tmp.vir Win64/Olmarik.AO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\1EC2.tmp.vir Win64/Olmarik.AO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Users\aviator8\AppData\Roaming\System\svchost.exe.vir a variant of MSIL/Kryptik.GP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\17.11.2012_15.44.16\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\17.11.2012_15.44.16\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\17.11.2012_15.44.16\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\17.11.2012_15.44.16\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\17.11.2012_15.44.16\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\17.11.2012_15.44.16\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\aviator8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\70IHQUBX\base[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\aviator8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\70IHQUBX\be175[1].pdf JS/Exploit.Pdfka.PUN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

it appears like the kaspersky install removed malwarebytes

I never heared this.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Enviroment 7 Update 9 and save it to your desktop.
  • Scroll down to where it says Java SE 7 Update 9
  • Click the red Download JRE button on the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u7-windows-i586 to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)

  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are three options in the window to clear the cache - Make sure all are checked
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

Unless you have any open isses, you are good to go. Please follow these last few steps.

Please press the windows.jpg + R Key and Copy/Paste the following single-line command into the Run box and click OK

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Empty your Recycle Bin if it does not do so automatically.

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Now that you appear to be free from malware lets help you stay that way!

It is vital that you keep your system up to date


  • Please enable Automatic Updates to keep your system up to date.
  • Windows Updates
    • Win XP: Start --> Control Panel and double- click on Automatic Updates.
    • Vista / 7: Start --> Control Panel --> System and Security --> Windows Updates

    [*]Software Updates

    Your installed Software also can have vulnerabilities that malware can use to infect your system.

    To keep your installed Software up to date I recommend File Hippo.

Anti Virus Software


  • Make sure to have one Anti Virus programme installed and update it on a regular basis. It is useless with out of date definitions.

Additional Protection

  • Malwarebytes Anti Malware
    The freeware Version is an on demand scanner which will check your system for malware. Update it once a week and run a Quick Scan. You can also buy a licence which offers more features.
  • WinPatrol
    WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

Safer Browsing

Use an alternate browser

Other browsers tend to be more secure than IE as they do not make use of active x objects. Active x objects can be used by spyware as an infection point on your computer.

Note: If you use Firefox you may want to have a look on this Add Ons.

Computer Maintenance

Clean out your temp files on a regular basis -I recommend TFC ( Temp File Cleaner ).

Thinking while surfing

There is no software which will protect your system from yourself.

I have included some security related articles that I advise you read through in your own time. These articles will give you tips and advice on preventing infection, and how to stay safe whilst browsing the internet.

If you have any questions kindly ask.

Please respond to this thread one more time so we can mark this thread as resolved.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.