Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Accidentally used combofix


  • This topic is locked This topic is locked
8 replies to this topic

#1 tarantela23

tarantela23

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 30 March 2012 - 02:34 AM

I realized the moment after I clicked run that combofix was a bad bet, but I found it appearing on several forums, but I missed the warnings that came after and the tutorials, because I was just doing a basic search. I messed up, I know that, I shouldn't have used it.

Everything I click on says "Illegal operation attempted on a registry key that has been marked for deletion." I haven't restarted the computer, for fear it would delete everything. I have no idea what to do now. I can't access the internet on that computer now, so I can't send the log file from the run. Ugh, I feel like such an idiot.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:19 AM

Posted 30 March 2012 - 03:30 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


Restart the computer!!


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 tarantela23

tarantela23
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 30 March 2012 - 11:57 AM

Okay, I restarted it. Everything seems to be working fine. Internet works. I didn't have to restore it manually or anything. What malwarebytes keeps coming up with, and freezes before it can start deleting it is PUP.RewardsArcade. I think it's pretty clear I don't know what I'm doing. I'm going to download the defogger, and you let me know what is the best way to proceed from here.

I also did a scan with TDSSKiller prior to using combofix, and I posted it below the combofix txt.

Here's the log from combofix:[/font][/size]
[/b]
ComboFix 12-03-30.01 - Brian Mathwich 03/30/2012 0:47.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2012.904 [GMT -6:00]
Running from: c:\users\Brian Mathwich\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Brian Mathwich\AppData\Local\Windows Server
c:\windows\system32\service
c:\windows\system32\service\15042011_TIS17_SfFniAU.log
c:\windows\system32\service\15052011_TIS17_SfFniAU.log
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-30 )))))))))))))))))))))))))))))))
.
.
2012-03-30 06:59 . 2012-03-30 07:06 -------- d-----w- c:\users\Brian Mathwich\AppData\Local\temp
2012-03-30 06:59 . 2012-03-30 06:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-29 19:04 . 2012-03-29 19:04 -------- d-----w- c:\users\Brian Mathwich\AppData\Roaming\Foxit Software
2012-03-29 17:37 . 2012-03-29 17:37 -------- d-----w- c:\program files\Foxit Software
2012-03-29 17:30 . 2012-03-30 01:43 -------- d-----w- c:\program files\Portal
2012-03-20 19:06 . 2012-03-20 21:52 -------- d-----w- c:\users\Brian Mathwich\AppData\Roaming\Mount&Blade
2012-03-14 00:53 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 00:53 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 00:53 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 00:53 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 00:53 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 00:53 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 00:53 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-03-13 20:45 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-13 20:45 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-11 22:12 . 2011-03-31 00:43 538472 ------w- c:\windows\system32\HPDiscoPMa011.dll
2012-03-11 22:11 . 2012-03-11 22:11 -------- d-----w- c:\program files\HP
2012-03-11 22:10 . 2012-03-11 22:26 -------- d-----w- c:\users\Brian Mathwich\AppData\Local\HP
2012-03-11 22:07 . 2012-03-13 13:08 -------- d-----w- c:\programdata\HP
2012-03-11 22:06 . 2011-03-30 21:19 268136 ----a-w- c:\windows\system32\hpinkstsa011LM.dll
2012-03-11 22:06 . 2011-03-30 21:19 214888 ----a-w- c:\windows\system32\hpinkcoia011.dll
2012-03-11 22:06 . 2011-03-30 21:19 465256 ----a-w- c:\windows\system32\HPWia2_DJ3050A_J611.dll
2012-03-11 22:06 . 2011-03-30 21:19 1841000 ----a-w- c:\windows\system32\HPScanTRDrv_DJ3050A_J611.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-21 02:10 . 2011-08-06 00:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2008-03-09 13:25 . 2011-08-31 18:28 236 ----a-w- c:\program files\Common Files\dx.reg
2011-08-30 22:59 . 2011-08-31 15:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-12 15:00 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-12 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-18 6246400]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-12 982880]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-15 928096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA&inst=NwA3AC0ANAAwADYANwAzADUAOQA3ADQALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsANQAtAEYAOQBNADEAMABCACsAMQAtAFgATwA5ACsAMQAtAEYAOQBNADIAKwAxAA&prod=90&ver=9.0.894" [?]
.
c:\users\Brian Mathwich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
Kuma_Tray.lnk - c:\program files\History Channel Games\kgsystray\Kuma_tray.exe [N/A]
Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk - c:\windows\system32\RunDll32.exe [2006-11-2 44544]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe [2009-1-15 53248]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-01-15 16:02 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 18:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-08-14 00:48 136176 ----atw- c:\users\Brian Mathwich\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 07:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-07-16 21:35 5458704 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 21:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-10 17:54 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-07-18 73728]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-15 18:28]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-28 01:49]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-28 01:49]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3990092310-5596125-84659524-1000Core.job
- c:\users\Brian Mathwich\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-14 00:48]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3990092310-5596125-84659524-1000UA.job
- c:\users\Brian Mathwich\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-14 00:48]
.
2012-03-30 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2009-01-15 11:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?AF=110141&babsrc=HP_ss&mntrId=80cee71c0000000000000021704c6ff7
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Brian Mathwich\AppData\Roaming\Mozilla\Firefox\Profiles\y9taogyn.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=110141&babsrc=HP_ss&mntrId=80cee71c0000000000000021704c6ff7
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb5a25aa2-02be-4e83-b60a-4c4c9cb888f7%7D&mid=78304d3f5cf73fc39ed6fe8355e9860f-77b32fb6fac56b6e48a998847aeeb6886613b9f0&ds=AVG&v=10.2.0.3&lang=us&pr=fr&d=2012-02-14%2008%3A51%3A45&sap=ku&q=
FF - user.js: extensions.BabylonToolbar_i.id - 80cee71c0000000000000021704c6ff7
FF - user.js: extensions.BabylonToolbar_i.hardId - 80cee71c0000000000000021704c6ff7
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15399
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:54
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110141
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-LELA - c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
HKLM-Run-Turbine Download Manager Tray Icon - c:\users\Brian Mathwich\Turbine Download Manager\TurbineDownloadManagerIcon.exe
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-BattlEye A2 Free - c:\program files\Bohemia Interactive\ArmA 2 FreeBattlEye\UnInstallBE.exe
AddRemove-com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 - c:\program files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.7\uninstall.exe
AddRemove-FinalTorrent_is1 - c:\program files\FinalTorrent\unins000.exe
AddRemove-RewardsArcade - c:\program files\RewardsArcade\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-30 01:04
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\programdata\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Dell Remote Access\ezi_ra.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2012-03-30 01:15:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-30 07:15
.
Pre-Run: 261,380,481,024 bytes free
Post-Run: 261,311,795,200 bytes free
.
- - End Of File - - 9ECF9E38BEAC34E48842A3BE117FE3DD



Here's the TDSSKiller scan.


22:18:25.0895 4984 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
22:18:26.0472 4984 ============================================================
22:18:26.0472 4984 Current date / time: 2012/03/29 22:18:26.0472
22:18:26.0472 4984 SystemInfo:
22:18:26.0472 4984
22:18:26.0472 4984 OS Version: 6.0.6002 ServicePack: 2.0
22:18:26.0472 4984 Product type: Workstation
22:18:26.0472 4984 ComputerName: BRIANMATHWIC-PC
22:18:26.0472 4984 UserName: Brian Mathwich
22:18:26.0472 4984 Windows directory: C:\Windows
22:18:26.0472 4984 System windows directory: C:\Windows
22:18:26.0472 4984 Processor architecture: Intel x86
22:18:26.0472 4984 Number of processors: 2
22:18:26.0472 4984 Page size: 0x1000
22:18:26.0472 4984 Boot type: Normal boot
22:18:26.0472 4984 ============================================================
22:18:39.0842 4984 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:18:40.0138 4984 \Device\Harddisk0\DR0:
22:18:40.0154 4984 MBR used
22:18:40.0154 4984 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x18000, BlocksNum 0x1E00000
22:18:40.0154 4984 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E18000, BlocksNum 0x3856D800
22:18:40.0512 4984 Initialize success
22:18:40.0512 4984 ============================================================
22:19:07.0954 5096 ============================================================
22:19:07.0954 5096 Scan started
22:19:07.0954 5096 Mode: Manual; SigCheck; TDLFS;
22:19:07.0954 5096 ============================================================
22:19:34.0037 5096 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:19:34.0177 5096 ACPI - ok
22:19:34.0677 5096 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
22:19:34.0739 5096 adp94xx - ok
22:19:34.0973 5096 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
22:19:35.0004 5096 adpahci - ok
22:19:35.0129 5096 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
22:19:35.0160 5096 adpu160m - ok
22:19:35.0285 5096 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
22:19:35.0316 5096 adpu320 - ok
22:19:35.0441 5096 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
22:19:36.0159 5096 AeLookupSvc - ok
22:19:36.0424 5096 AERTFilters (b6d7239e7af6d1b64c790a28067dc6e5) C:\Windows\system32\AERTSrv.exe
22:19:36.0798 5096 AERTFilters - ok
22:19:37.0110 5096 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:19:37.0453 5096 AFD - ok
22:19:37.0641 5096 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
22:19:37.0687 5096 agp440 - ok
22:19:37.0859 5096 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:19:37.0890 5096 aic78xx - ok
22:19:37.0999 5096 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
22:19:38.0639 5096 ALG - ok
22:19:38.0920 5096 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
22:19:38.0951 5096 aliide - ok
22:19:39.0060 5096 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
22:19:39.0076 5096 amdagp - ok
22:19:39.0341 5096 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
22:19:39.0372 5096 amdide - ok
22:19:39.0700 5096 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
22:19:39.0762 5096 AmdK7 - ok
22:19:39.0903 5096 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
22:19:39.0996 5096 AmdK8 - ok
22:19:40.0511 5096 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
22:19:40.0729 5096 Appinfo - ok
22:19:41.0088 5096 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:19:41.0166 5096 Apple Mobile Device - ok
22:19:41.0431 5096 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
22:19:41.0478 5096 arc - ok
22:19:41.0587 5096 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
22:19:41.0665 5096 arcsas - ok
22:19:42.0274 5096 aspnet_state (40c145f12ff461a0220303bda134f598) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:19:42.0352 5096 aspnet_state - ok
22:19:42.0477 5096 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:19:42.0617 5096 AsyncMac - ok
22:19:42.0820 5096 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:19:42.0820 5096 atapi - ok
22:19:43.0116 5096 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
22:19:43.0257 5096 AudioEndpointBuilder - ok
22:19:43.0303 5096 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
22:19:43.0335 5096 Audiosrv - ok
22:19:43.0959 5096 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
22:19:43.0974 5096 AVG Security Toolbar Service - ok
22:19:46.0018 5096 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
22:19:48.0795 5096 AVGIDSAgent - ok
22:19:49.0185 5096 AVGIDSDriver (1c8d965bbcaa9ee5defdb54743437086) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
22:19:49.0372 5096 AVGIDSDriver - ok
22:19:50.0058 5096 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
22:19:50.0089 5096 AVGIDSEH - ok
22:19:50.0370 5096 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
22:19:50.0386 5096 AVGIDSFilter - ok
22:19:50.0526 5096 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
22:19:50.0573 5096 AVGIDSShim - ok
22:19:50.0713 5096 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
22:19:50.0776 5096 Avgldx86 - ok
22:19:51.0103 5096 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
22:19:51.0119 5096 Avgmfx86 - ok
22:19:51.0447 5096 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
22:19:51.0493 5096 Avgrkx86 - ok
22:19:51.0837 5096 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
22:19:51.0899 5096 Avgtdix - ok
22:19:52.0429 5096 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files\AVG\AVG10\avgwdsvc.exe
22:19:52.0507 5096 avgwd - ok
22:19:53.0007 5096 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
22:19:53.0100 5096 BBSvc - ok
22:19:53.0334 5096 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
22:19:53.0397 5096 BBUpdate - ok
22:19:53.0818 5096 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:19:53.0927 5096 Beep - ok
22:19:54.0317 5096 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
22:19:54.0504 5096 BFE - ok
22:19:54.0988 5096 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
22:19:55.0393 5096 BITS - ok
22:19:55.0939 5096 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
22:19:56.0080 5096 blbdrive - ok
22:19:56.0454 5096 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
22:19:56.0595 5096 Bonjour Service - ok
22:19:56.0860 5096 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:19:56.0985 5096 bowser - ok
22:19:57.0312 5096 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:19:57.0390 5096 BrFiltLo - ok
22:19:57.0609 5096 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:19:57.0655 5096 BrFiltUp - ok
22:19:57.0811 5096 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
22:19:57.0936 5096 Browser - ok
22:19:58.0123 5096 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:19:59.0543 5096 Brserid - ok
22:19:59.0871 5096 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:19:59.0964 5096 BrSerWdm - ok
22:20:00.0105 5096 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:20:00.0198 5096 BrUsbMdm - ok
22:20:00.0229 5096 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:20:00.0323 5096 BrUsbSer - ok
22:20:00.0385 5096 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:20:00.0541 5096 BTHMODEM - ok
22:20:00.0900 5096 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:20:00.0978 5096 cdfs - ok
22:20:01.0197 5096 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:20:01.0275 5096 cdrom - ok
22:20:01.0384 5096 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
22:20:01.0477 5096 CertPropSvc - ok
22:20:01.0540 5096 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
22:20:01.0602 5096 circlass - ok
22:20:01.0836 5096 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:20:01.0899 5096 CLFS - ok
22:20:02.0070 5096 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:20:02.0117 5096 clr_optimization_v2.0.50727_32 - ok
22:20:02.0601 5096 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:20:02.0975 5096 clr_optimization_v4.0.30319_32 - ok
22:20:03.0209 5096 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
22:20:03.0271 5096 cmdide - ok
22:20:03.0381 5096 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
22:20:03.0412 5096 Compbatt - ok
22:20:03.0537 5096 COMSysApp - ok
22:20:03.0599 5096 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
22:20:03.0630 5096 crcdisk - ok
22:20:03.0661 5096 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
22:20:03.0708 5096 Crusoe - ok
22:20:04.0020 5096 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
22:20:04.0067 5096 CryptSvc - ok
22:20:04.0395 5096 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
22:20:04.0504 5096 DcomLaunch - ok
22:20:04.0582 5096 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
22:20:04.0691 5096 DfsC - ok
22:20:05.0440 5096 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
22:20:06.0485 5096 DFSR - ok
22:20:06.0657 5096 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
22:20:06.0750 5096 Dhcp - ok
22:20:06.0797 5096 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:20:06.0813 5096 disk - ok
22:20:06.0937 5096 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
22:20:07.0125 5096 Dnscache - ok
22:20:07.0483 5096 DockLoginService (db29915209770d8b59654345ec2d943a) C:\Program Files\Dell\DellDock\DockLogin.exe
22:20:07.0608 5096 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
22:20:07.0608 5096 DockLoginService - detected UnsignedFile.Multi.Generic (1)
22:20:07.0936 5096 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
22:20:08.0076 5096 dot3svc - ok
22:20:08.0248 5096 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
22:20:08.0357 5096 DPS - ok
22:20:08.0560 5096 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:20:08.0747 5096 drmkaud - ok
22:20:08.0887 5096 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
22:20:08.0997 5096 DXGKrnl - ok
22:20:09.0480 5096 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
22:20:09.0589 5096 e1express - ok
22:20:09.0761 5096 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:20:09.0855 5096 E1G60 - ok
22:20:10.0167 5096 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
22:20:10.0229 5096 EapHost - ok
22:20:10.0494 5096 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:20:10.0525 5096 Ecache - ok
22:20:10.0650 5096 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
22:20:10.0775 5096 ehRecvr - ok
22:20:10.0806 5096 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
22:20:11.0149 5096 ehSched - ok
22:20:11.0259 5096 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
22:20:11.0321 5096 ehstart - ok
22:20:11.0446 5096 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
22:20:11.0539 5096 elxstor - ok
22:20:11.0633 5096 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
22:20:12.0132 5096 EMDMgmt - ok
22:20:12.0475 5096 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
22:20:12.0585 5096 ErrDev - ok
22:20:12.0694 5096 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
22:20:12.0741 5096 EventSystem - ok
22:20:12.0990 5096 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:20:13.0115 5096 exfat - ok
22:20:13.0240 5096 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:20:13.0255 5096 fastfat - ok
22:20:13.0287 5096 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
22:20:13.0333 5096 fdc - ok
22:20:13.0365 5096 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
22:20:13.0380 5096 fdPHost - ok
22:20:13.0380 5096 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
22:20:13.0443 5096 FDResPub - ok
22:20:13.0536 5096 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:20:13.0567 5096 FileInfo - ok
22:20:13.0645 5096 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:20:13.0677 5096 Filetrace - ok
22:20:13.0692 5096 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:20:13.0755 5096 flpydisk - ok
22:20:13.0786 5096 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:20:13.0801 5096 FltMgr - ok
22:20:14.0004 5096 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
22:20:14.0269 5096 FontCache - ok
22:20:14.0379 5096 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:20:14.0394 5096 FontCache3.0.0.0 - ok
22:20:14.0410 5096 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:20:14.0519 5096 Fs_Rec - ok
22:20:14.0644 5096 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
22:20:14.0659 5096 gagp30kx - ok
22:20:14.0784 5096 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files\WildTangent Games\App\GamesAppService.exe
22:20:14.0815 5096 GamesAppService - ok
22:20:14.0878 5096 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:20:14.0878 5096 GEARAspiWDM - ok
22:20:14.0909 5096 getPlusHelper (360fc9e29ebcd7cb75320e2663eba0f2) C:\Program Files\NOS\bin\getPlus_Helper.dll
22:20:14.0940 5096 getPlusHelper - ok
22:20:15.0081 5096 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
22:20:15.0159 5096 GoToAssist - ok
22:20:15.0252 5096 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
22:20:15.0361 5096 gpsvc - ok
22:20:15.0439 5096 gupdate1c9af477e115bc1 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
22:20:15.0486 5096 gupdate1c9af477e115bc1 - ok
22:20:15.0517 5096 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
22:20:15.0580 5096 gupdatem - ok
22:20:15.0705 5096 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:20:15.0720 5096 gusvc - ok
22:20:15.0798 5096 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:20:15.0845 5096 HDAudBus - ok
22:20:16.0032 5096 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:20:16.0141 5096 HidBth - ok
22:20:16.0251 5096 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:20:16.0344 5096 HidIr - ok
22:20:16.0375 5096 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
22:20:16.0438 5096 hidserv - ok
22:20:16.0469 5096 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:20:16.0500 5096 HidUsb - ok
22:20:16.0625 5096 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
22:20:16.0734 5096 hkmsvc - ok
22:20:16.0906 5096 hnmsvc (11accb0d76e0fe109624224b6713893c) c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
22:20:17.0031 5096 hnmsvc - ok
22:20:17.0171 5096 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
22:20:17.0202 5096 HpCISSs - ok
22:20:17.0421 5096 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:20:17.0686 5096 HTTP - ok
22:20:17.0873 5096 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
22:20:17.0935 5096 i2omp - ok
22:20:18.0107 5096 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:20:18.0138 5096 i8042prt - ok
22:20:18.0201 5096 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\drivers\iastor.sys
22:20:18.0216 5096 iaStor - ok
22:20:18.0247 5096 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
22:20:18.0279 5096 iaStorV - ok
22:20:18.0669 5096 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:20:18.0731 5096 IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:20:18.0731 5096 IDriverT - detected UnsignedFile.Multi.Generic (1)
22:20:19.0215 5096 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:20:19.0527 5096 idsvc - ok
22:20:20.0837 5096 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:20:28.0996 5096 igfx - ok
22:20:29.0448 5096 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:20:29.0464 5096 iirsp - ok
22:20:29.0776 5096 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
22:20:30.0057 5096 IKEEXT - ok
22:20:31.0383 5096 IntcAzAudAddService (32abc54d0dde1a8885c9439537dd3bad) C:\Windows\system32\drivers\RTKVHDA.sys
22:20:33.0036 5096 IntcAzAudAddService - ok
22:20:34.0128 5096 IntcHdmiAddService (c7e7e43cbd34d3b0a0156b51b917dfcc) C:\Windows\system32\drivers\IntcHdmi.sys
22:20:34.0503 5096 IntcHdmiAddService - ok
22:20:35.0891 5096 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
22:20:35.0938 5096 intelide - ok
22:20:36.0921 5096 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:20:37.0045 5096 intelppm - ok
22:20:37.0669 5096 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
22:20:37.0747 5096 IPBusEnum - ok
22:20:37.0981 5096 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:20:38.0075 5096 IpFilterDriver - ok
22:20:38.0434 5096 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
22:20:38.0621 5096 iphlpsvc - ok
22:20:38.0839 5096 IpInIp - ok
22:20:39.0167 5096 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
22:20:39.0245 5096 IPMIDRV - ok
22:20:39.0791 5096 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:20:39.0822 5096 IPNAT - ok
22:20:40.0150 5096 iPod Service (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe
22:20:40.0290 5096 iPod Service - ok
22:20:40.0914 5096 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:20:40.0977 5096 IRENUM - ok
22:20:41.0274 5096 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
22:20:41.0321 5096 isapnp - ok
22:20:41.0773 5096 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:20:41.0836 5096 iScsiPrt - ok
22:20:41.0945 5096 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:20:41.0960 5096 iteatapi - ok
22:20:42.0194 5096 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:20:42.0241 5096 iteraid - ok
22:20:42.0647 5096 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:20:42.0694 5096 kbdclass - ok
22:20:42.0865 5096 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
22:20:42.0974 5096 kbdhid - ok
22:20:43.0333 5096 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:20:43.0536 5096 KeyIso - ok
22:20:44.0004 5096 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
22:20:44.0144 5096 KSecDD - ok
22:20:44.0612 5096 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
22:20:44.0971 5096 KtmRm - ok
22:20:45.0502 5096 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
22:20:45.0673 5096 LanmanServer - ok
22:20:45.0985 5096 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
22:20:46.0157 5096 LanmanWorkstation - ok
22:20:46.0796 5096 LinksysUpdater (06dc2fdc6282f0d68910417b1150c848) C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
22:20:46.0890 5096 LinksysUpdater ( UnsignedFile.Multi.Generic ) - warning
22:20:46.0890 5096 LinksysUpdater - detected UnsignedFile.Multi.Generic (1)
22:20:47.0296 5096 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:20:47.0389 5096 lltdio - ok
22:20:47.0686 5096 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
22:20:47.0857 5096 lltdsvc - ok
22:20:48.0216 5096 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
22:20:48.0356 5096 lmhosts - ok
22:20:48.0668 5096 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
22:20:48.0715 5096 LSI_FC - ok
22:20:48.0824 5096 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
22:20:48.0887 5096 LSI_SAS - ok
22:20:48.0949 5096 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
22:20:48.0980 5096 LSI_SCSI - ok
22:20:49.0027 5096 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:20:49.0090 5096 luafv - ok
22:20:49.0386 5096 lvpopflt (9fb982de1c8dd769f8ed681dd878b12f) C:\Windows\system32\DRIVERS\lvpopflt.sys
22:20:49.0417 5096 lvpopflt - ok
22:20:49.0480 5096 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
22:20:49.0480 5096 LVPr2Mon - ok
22:20:49.0870 5096 LVPrcSrv (0ddfdcaa92c7f553328db06ba599bea9) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
22:20:49.0885 5096 LVPrcSrv - ok
22:20:49.0979 5096 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\Windows\system32\DRIVERS\lvrs.sys
22:20:49.0994 5096 LVRS - ok
22:20:50.0353 5096 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\Windows\system32\DRIVERS\LVUSBSta.sys
22:20:50.0384 5096 LVUSBSta - ok
22:20:50.0962 5096 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\Windows\system32\DRIVERS\lvuvc.sys
22:20:51.0445 5096 LVUVC - ok
22:20:51.0492 5096 McShield - ok
22:20:51.0508 5096 McSysmon - ok
22:20:51.0882 5096 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
22:20:51.0944 5096 Mcx2Svc - ok
22:20:52.0054 5096 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
22:20:52.0069 5096 megasas - ok
22:20:52.0225 5096 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
22:20:52.0241 5096 MegaSR - ok
22:20:52.0288 5096 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\Windows\system32\drivers\mfeavfk.sys
22:20:52.0303 5096 mfeavfk - ok
22:20:52.0334 5096 mfebopk (1d003e3056a43d881597d6763e83b943) C:\Windows\system32\drivers\mfebopk.sys
22:20:52.0350 5096 mfebopk - ok
22:20:52.0490 5096 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\Windows\system32\drivers\mfehidk.sys
22:20:52.0553 5096 mfehidk - ok
22:20:52.0678 5096 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
22:20:52.0709 5096 mferkdk - ok
22:20:52.0834 5096 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
22:20:52.0849 5096 mfesmfk - ok
22:20:52.0896 5096 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
22:20:52.0943 5096 MMCSS - ok
22:20:52.0990 5096 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:20:53.0036 5096 Modem - ok
22:20:53.0068 5096 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:20:53.0130 5096 monitor - ok
22:20:53.0161 5096 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:20:53.0192 5096 mouclass - ok
22:20:53.0208 5096 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:20:53.0302 5096 mouhid - ok
22:20:53.0317 5096 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:20:53.0380 5096 MountMgr - ok
22:20:53.0520 5096 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
22:20:53.0536 5096 mpio - ok
22:20:53.0582 5096 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:20:53.0692 5096 mpsdrv - ok
22:20:53.0816 5096 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
22:20:53.0863 5096 MpsSvc - ok
22:20:54.0144 5096 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:20:54.0175 5096 Mraid35x - ok
22:20:54.0206 5096 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:20:54.0269 5096 MRxDAV - ok
22:20:54.0316 5096 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:20:54.0362 5096 mrxsmb - ok
22:20:54.0565 5096 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:20:54.0612 5096 mrxsmb10 - ok
22:20:54.0674 5096 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:20:54.0706 5096 mrxsmb20 - ok
22:20:54.0862 5096 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
22:20:54.0893 5096 msahci - ok
22:20:54.0986 5096 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
22:20:55.0002 5096 msdsm - ok
22:20:55.0049 5096 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
22:20:55.0096 5096 MSDTC - ok
22:20:55.0142 5096 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:20:55.0220 5096 Msfs - ok
22:20:55.0252 5096 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:20:55.0283 5096 msisadrv - ok
22:20:55.0361 5096 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
22:20:55.0423 5096 MSiSCSI - ok
22:20:55.0517 5096 msiserver - ok
22:20:55.0564 5096 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:20:55.0610 5096 MSKSSRV - ok
22:20:55.0688 5096 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:20:55.0751 5096 MSPCLOCK - ok
22:20:55.0922 5096 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:20:55.0985 5096 MSPQM - ok
22:20:56.0110 5096 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:20:56.0906 5096 MsRPC - ok
22:20:57.0265 5096 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:20:57.0281 5096 mssmbios - ok
22:20:57.0327 5096 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:20:57.0421 5096 MSTEE - ok
22:20:57.0452 5096 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:20:57.0468 5096 Mup - ok
22:20:57.0780 5096 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
22:20:57.0936 5096 napagent - ok
22:20:58.0014 5096 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:20:58.0061 5096 NativeWifiP - ok
22:20:58.0248 5096 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:20:58.0326 5096 NDIS - ok
22:20:58.0419 5096 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:20:58.0482 5096 NdisTapi - ok
22:20:58.0653 5096 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:20:58.0685 5096 Ndisuio - ok
22:20:58.0716 5096 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:20:58.0763 5096 NdisWan - ok
22:20:58.0794 5096 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:20:58.0809 5096 NDProxy - ok
22:20:58.0872 5096 Netaapl (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys
22:20:58.0950 5096 Netaapl - ok
22:20:58.0965 5096 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:20:59.0012 5096 NetBIOS - ok
22:20:59.0059 5096 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:20:59.0121 5096 netbt - ok
22:20:59.0153 5096 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:20:59.0168 5096 Netlogon - ok
22:20:59.0496 5096 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
22:20:59.0558 5096 Netman - ok
22:20:59.0589 5096 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
22:20:59.0636 5096 netprofm - ok
22:20:59.0761 5096 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:20:59.0777 5096 NetTcpPortSharing - ok
22:20:59.0839 5096 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:20:59.0855 5096 nfrd960 - ok
22:20:59.0901 5096 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
22:20:59.0948 5096 NlaSvc - ok
22:21:00.0151 5096 nmservice (82c5a813e8ea7e94dc1afa24cd803b80) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
22:21:00.0245 5096 nmservice - ok
22:21:00.0260 5096 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:21:00.0307 5096 Npfs - ok
22:21:00.0338 5096 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
22:21:00.0385 5096 nsi - ok
22:21:00.0416 5096 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:21:00.0463 5096 nsiproxy - ok
22:21:00.0775 5096 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:21:00.0915 5096 Ntfs - ok
22:21:00.0947 5096 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:21:00.0993 5096 ntrigdigi - ok
22:21:01.0118 5096 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:21:01.0212 5096 Null - ok
22:21:01.0227 5096 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
22:21:01.0243 5096 nvraid - ok
22:21:01.0274 5096 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
22:21:01.0290 5096 nvstor - ok
22:21:01.0305 5096 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
22:21:01.0321 5096 nv_agp - ok
22:21:01.0368 5096 NwlnkFlt - ok
22:21:01.0368 5096 NwlnkFwd - ok
22:21:01.0602 5096 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:21:01.0711 5096 odserv - ok
22:21:01.0773 5096 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
22:21:01.0805 5096 ohci1394 - ok
22:21:01.0883 5096 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:21:01.0898 5096 ose - ok
22:21:02.0007 5096 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:21:02.0179 5096 p2pimsvc - ok
22:21:02.0257 5096 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:21:02.0319 5096 p2psvc - ok
22:21:02.0429 5096 Packet (9d80e0be979c3edaf2863f23b88f4de6) C:\Windows\system32\DRIVERS\packet.sys
22:21:02.0631 5096 Packet - ok
22:21:02.0725 5096 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:21:02.0787 5096 Parport - ok
22:21:02.0912 5096 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:21:02.0990 5096 partmgr - ok
22:21:03.0068 5096 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:21:03.0115 5096 Parvdm - ok
22:21:03.0146 5096 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
22:21:03.0193 5096 PcaSvc - ok
22:21:03.0224 5096 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:21:03.0240 5096 pci - ok
22:21:03.0318 5096 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
22:21:03.0333 5096 pciide - ok
22:21:03.0349 5096 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:21:03.0365 5096 pcmcia - ok
22:21:03.0427 5096 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:21:03.0489 5096 PEAUTH - ok
22:21:03.0630 5096 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
22:21:03.0723 5096 pla - ok
22:21:03.0879 5096 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
22:21:03.0926 5096 PlugPlay - ok
22:21:03.0957 5096 pmxmouse (fab495f1defeb596c44b9752a25e2a60) C:\Windows\system32\DRIVERS\pmxmouse.sys
22:21:03.0989 5096 pmxmouse ( UnsignedFile.Multi.Generic ) - warning
22:21:03.0989 5096 pmxmouse - detected UnsignedFile.Multi.Generic (1)
22:21:04.0004 5096 pmxusblf (020eae9dfe3cd277994ce60e4c2c71cf) C:\Windows\system32\DRIVERS\pmxusblf.sys
22:21:04.0020 5096 pmxusblf - ok
22:21:04.0051 5096 pnarp (b63a3ae87ed0ac525b3aa88b39608bfc) C:\Windows\system32\DRIVERS\pnarp.sys
22:21:04.0113 5096 pnarp - ok
22:21:04.0285 5096 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:21:04.0332 5096 PNRPAutoReg - ok
22:21:04.0347 5096 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:21:04.0379 5096 PNRPsvc - ok
22:21:04.0441 5096 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
22:21:04.0503 5096 PolicyAgent - ok
22:21:04.0581 5096 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:21:04.0628 5096 PptpMiniport - ok
22:21:04.0691 5096 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
22:21:04.0737 5096 Processor - ok
22:21:04.0784 5096 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
22:21:04.0831 5096 ProfSvc - ok
22:21:04.0940 5096 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:21:04.0971 5096 ProtectedStorage - ok
22:21:05.0127 5096 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:21:05.0315 5096 PSched - ok
22:21:05.0517 5096 purendis (633cc728d6493c4263368a86928b0bfd) C:\Windows\system32\DRIVERS\purendis.sys
22:21:05.0533 5096 purendis - ok
22:21:05.0658 5096 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
22:21:05.0923 5096 ql2300 - ok
22:21:05.0954 5096 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:21:05.0970 5096 ql40xx - ok
22:21:06.0001 5096 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
22:21:06.0048 5096 QWAVE - ok
22:21:06.0063 5096 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:21:06.0110 5096 QWAVEdrv - ok
22:21:06.0344 5096 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
22:21:06.0485 5096 R300 - ok
22:21:06.0531 5096 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:21:06.0594 5096 RasAcd - ok
22:21:06.0609 5096 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
22:21:06.0687 5096 RasAuto - ok
22:21:06.0703 5096 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:21:06.0781 5096 Rasl2tp - ok
22:21:06.0843 5096 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
22:21:06.0906 5096 RasMan - ok
22:21:06.0953 5096 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:21:06.0999 5096 RasPppoe - ok
22:21:07.0109 5096 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:21:07.0140 5096 RasSstp - ok
22:21:07.0187 5096 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:21:07.0218 5096 rdbss - ok
22:21:07.0233 5096 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:21:07.0280 5096 RDPCDD - ok
22:21:07.0343 5096 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
22:21:07.0389 5096 rdpdr - ok
22:21:07.0405 5096 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:21:07.0436 5096 RDPENCDD - ok
22:21:07.0467 5096 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
22:21:07.0499 5096 RDPWD - ok
22:21:07.0545 5096 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
22:21:07.0561 5096 RemoteAccess - ok
22:21:07.0748 5096 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
22:21:07.0795 5096 RemoteRegistry - ok
22:21:07.0826 5096 RimUsb - ok
22:21:07.0920 5096 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
22:21:08.0091 5096 RimVSerPort - ok
22:21:08.0138 5096 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
22:21:08.0154 5096 ROOTMODEM - ok
22:21:08.0357 5096 RoxLiveShare9 - ok
22:21:08.0481 5096 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
22:21:08.0513 5096 RpcLocator - ok
22:21:08.0575 5096 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
22:21:08.0825 5096 RpcSs - ok
22:21:08.0856 5096 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:21:08.0903 5096 rspndr - ok
22:21:08.0965 5096 RTL8169 (53892cbd9735a80712ee9439268344b4) C:\Windows\system32\DRIVERS\Rtlh86.sys
22:21:09.0168 5096 RTL8169 - ok
22:21:09.0215 5096 RtNdPt60 (7f8d15ee000577be703537849d4f9397) C:\Windows\system32\DRIVERS\RtNdPt60.sys
22:21:09.0246 5096 RtNdPt60 - ok
22:21:09.0293 5096 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:21:09.0308 5096 SamSs - ok
22:21:09.0386 5096 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:21:09.0417 5096 sbp2port - ok
22:21:09.0449 5096 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
22:21:09.0480 5096 SCardSvr - ok
22:21:09.0714 5096 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
22:21:09.0979 5096 Schedule - ok
22:21:10.0073 5096 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
22:21:10.0104 5096 SCPolicySvc - ok
22:21:10.0260 5096 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
22:21:10.0322 5096 SDRSVC - ok
22:21:10.0338 5096 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:21:10.0400 5096 secdrv - ok
22:21:10.0509 5096 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
22:21:10.0556 5096 seclogon - ok
22:21:10.0572 5096 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
22:21:10.0619 5096 SENS - ok
22:21:10.0650 5096 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:21:10.0712 5096 Serenum - ok
22:21:10.0790 5096 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:21:10.0868 5096 Serial - ok
22:21:10.0899 5096 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:21:10.0931 5096 sermouse - ok
22:21:10.0962 5096 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
22:21:11.0009 5096 SessionEnv - ok
22:21:11.0024 5096 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
22:21:11.0055 5096 sffdisk - ok
22:21:11.0118 5096 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
22:21:11.0913 5096 sffp_mmc - ok
22:21:11.0976 5096 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
22:21:12.0023 5096 sffp_sd - ok
22:21:12.0038 5096 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:21:12.0085 5096 sfloppy - ok
22:21:12.0303 5096 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
22:21:12.0397 5096 SharedAccess - ok
22:21:12.0428 5096 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
22:21:12.0506 5096 ShellHWDetection - ok
22:21:12.0537 5096 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
22:21:12.0569 5096 sisagp - ok
22:21:12.0662 5096 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
22:21:12.0678 5096 SiSRaid2 - ok
22:21:12.0693 5096 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
22:21:12.0693 5096 SiSRaid4 - ok
22:21:12.0787 5096 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
22:21:13.0115 5096 slsvc - ok
22:21:13.0161 5096 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
22:21:13.0208 5096 SLUINotify - ok
22:21:13.0364 5096 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:21:13.0411 5096 Smb - ok
22:21:13.0536 5096 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
22:21:13.0583 5096 SNMPTRAP - ok
22:21:13.0614 5096 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:21:13.0614 5096 spldr - ok
22:21:13.0661 5096 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
22:21:13.0707 5096 Spooler - ok
22:21:13.0754 5096 sprtsvc_DellSupportCenter (777115c9cc675bd98127660712d2f784) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
22:21:13.0770 5096 sprtsvc_DellSupportCenter - ok
22:21:13.0832 5096 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:21:13.0879 5096 srv - ok
22:21:13.0895 5096 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:21:13.0926 5096 srv2 - ok
22:21:14.0035 5096 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:21:14.0160 5096 srvnet - ok
22:21:14.0222 5096 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
22:21:14.0253 5096 SSDPSRV - ok
22:21:14.0285 5096 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
22:21:14.0300 5096 SstpSvc - ok
22:21:14.0550 5096 Steam Client Service - ok
22:21:14.0597 5096 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
22:21:14.0706 5096 stisvc - ok
22:21:14.0862 5096 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:21:14.0893 5096 swenum - ok
22:21:14.0955 5096 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
22:21:15.0033 5096 swprv - ok
22:21:15.0049 5096 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:21:15.0065 5096 Symc8xx - ok
22:21:15.0096 5096 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:21:15.0127 5096 Sym_hi - ok
22:21:15.0189 5096 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:21:15.0205 5096 Sym_u3 - ok
22:21:15.0345 5096 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
22:21:15.0579 5096 SysMain - ok
22:21:15.0611 5096 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
22:21:15.0642 5096 TabletInputService - ok
22:21:15.0751 5096 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
22:21:15.0891 5096 TapiSrv - ok
22:21:15.0907 5096 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
22:21:15.0969 5096 TBS - ok
22:21:16.0219 5096 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
22:21:16.0344 5096 Tcpip - ok
22:21:16.0422 5096 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
22:21:16.0453 5096 Tcpip6 - ok
22:21:16.0578 5096 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:21:16.0656 5096 tcpipreg - ok
22:21:16.0718 5096 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:21:16.0781 5096 TDPIPE - ok
22:21:16.0796 5096 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:21:16.0827 5096 TDTCP - ok
22:21:16.0968 5096 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:21:17.0015 5096 tdx - ok
22:21:17.0046 5096 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:21:17.0093 5096 TermDD - ok
22:21:17.0202 5096 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
22:21:17.0311 5096 TermService - ok
22:21:17.0373 5096 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
22:21:17.0389 5096 Themes - ok
22:21:17.0545 5096 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
22:21:17.0576 5096 THREADORDER - ok
22:21:17.0607 5096 TlntSvr (5e1bc006cb4a26507d4512795cf08373) C:\Windows\System32\tlntsvr.exe
22:21:17.0670 5096 TlntSvr - ok
22:21:17.0701 5096 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
22:21:17.0732 5096 TrkWks - ok
22:21:17.0763 5096 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
22:21:17.0841 5096 TrustedInstaller - ok
22:21:17.0888 5096 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:21:17.0919 5096 tssecsrv - ok
22:21:17.0951 5096 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:21:18.0044 5096 tunmp - ok
22:21:18.0169 5096 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:21:18.0231 5096 tunnel - ok
22:21:18.0263 5096 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
22:21:18.0278 5096 uagp35 - ok
22:21:18.0341 5096 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:21:18.0387 5096 udfs - ok
22:21:18.0419 5096 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
22:21:18.0481 5096 UI0Detect - ok
22:21:18.0497 5096 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
22:21:18.0512 5096 uliagpkx - ok
22:21:18.0543 5096 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
22:21:18.0575 5096 uliahci - ok
22:21:18.0621 5096 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:21:18.0653 5096 UlSata - ok
22:21:18.0684 5096 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:21:18.0715 5096 ulsata2 - ok
22:21:18.0746 5096 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:21:18.0793 5096 umbus - ok
22:21:18.0840 5096 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
22:21:18.0887 5096 upnphost - ok
22:21:18.0933 5096 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
22:21:19.0011 5096 USBAAPL - ok
22:21:19.0074 5096 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
22:21:19.0121 5096 usbaudio - ok
22:21:19.0183 5096 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:21:19.0230 5096 usbccgp - ok
22:21:19.0277 5096 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:21:19.0339 5096 usbcir - ok
22:21:19.0417 5096 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:21:19.0448 5096 usbehci - ok
22:21:19.0526 5096 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:21:19.0620 5096 usbhub - ok
22:21:19.0651 5096 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:21:19.0682 5096 usbohci - ok
22:21:19.0729 5096 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:21:19.0745 5096 usbprint - ok
22:21:19.0807 5096 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
22:21:19.0869 5096 usbscan - ok
22:21:19.0947 5096 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:21:19.0979 5096 USBSTOR - ok
22:21:20.0057 5096 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:21:20.0072 5096 usbuhci - ok
22:21:20.0181 5096 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
22:21:20.0322 5096 usbvideo - ok
22:21:20.0805 5096 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
22:21:20.0852 5096 UxSms - ok
22:21:21.0211 5096 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
22:21:21.0414 5096 vds - ok
22:21:21.0679 5096 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:21:21.0741 5096 vga - ok
22:21:21.0757 5096 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:21:21.0835 5096 VgaSave - ok
22:21:22.0100 5096 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
22:21:22.0163 5096 viaagp - ok
22:21:22.0334 5096 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
22:21:22.0381 5096 ViaC7 - ok
22:21:22.0428 5096 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
22:21:22.0443 5096 viaide - ok
22:21:22.0506 5096 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:21:22.0537 5096 volmgr - ok
22:21:22.0584 5096 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:21:22.0599 5096 volmgrx - ok
22:21:22.0662 5096 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:21:22.0677 5096 volsnap - ok
22:21:22.0693 5096 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
22:21:22.0709 5096 vsmraid - ok
22:21:22.0787 5096 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
22:21:23.0036 5096 VSS - ok
22:21:23.0114 5096 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
22:21:23.0177 5096 vToolbarUpdater10.2.0 - ok
22:21:23.0255 5096 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
22:21:23.0301 5096 W32Time - ok
22:21:23.0426 5096 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:21:23.0489 5096 WacomPen - ok
22:21:23.0551 5096 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:21:23.0567 5096 Wanarp - ok
22:21:23.0567 5096 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:21:23.0582 5096 Wanarpv6 - ok
22:21:23.0660 5096 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
22:21:23.0738 5096 wcncsvc - ok
22:21:23.0863 5096 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
22:21:23.0925 5096 WcsPlugInService - ok
22:21:23.0957 5096 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
22:21:23.0957 5096 Wd - ok
22:21:24.0066 5096 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
22:21:24.0144 5096 WDC_SAM - ok
22:21:24.0175 5096 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:21:24.0206 5096 Wdf01000 - ok
22:21:24.0253 5096 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
22:21:24.0331 5096 WdiServiceHost - ok
22:21:24.0347 5096 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
22:21:24.0378 5096 WdiSystemHost - ok
22:21:24.0471 5096 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
22:21:24.0518 5096 WebClient - ok
22:21:24.0549 5096 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
22:21:24.0737 5096 Wecsvc - ok
22:21:24.0799 5096 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
22:21:24.0846 5096 wercplsupport - ok
22:21:24.0908 5096 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
22:21:24.0939 5096 WerSvc - ok
22:21:25.0033 5096 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
22:21:25.0080 5096 WinDefend - ok
22:21:25.0080 5096 WinHttpAutoProxySvc - ok
22:21:25.0142 5096 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
22:21:25.0189 5096 Winmgmt - ok
22:21:25.0236 5096 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
22:21:25.0392 5096 WinRM - ok
22:21:25.0470 5096 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
22:21:25.0532 5096 Wlansvc - ok
22:21:25.0595 5096 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
22:21:25.0626 5096 WmiAcpi - ok
22:21:26.0063 5096 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
22:21:26.0187 5096 wmiApSrv - ok
22:21:26.0297 5096 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:21:26.0546 5096 WMPNetworkSvc - ok
22:21:26.0640 5096 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
22:21:26.0765 5096 WPCSvc - ok
22:21:26.0811 5096 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
22:21:26.0874 5096 WPDBusEnum - ok
22:21:26.0921 5096 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
22:21:26.0967 5096 WpdUsb - ok
22:21:27.0139 5096 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:21:27.0186 5096 WPFFontCache_v0400 - ok
22:21:27.0233 5096 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:21:27.0264 5096 ws2ifsl - ok
22:21:27.0326 5096 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
22:21:27.0373 5096 wscsvc - ok
22:21:27.0389 5096 WSearch - ok
22:21:27.0451 5096 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
22:21:27.0545 5096 wuauserv - ok
22:21:27.0654 5096 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:21:27.0685 5096 WUDFRd - ok
22:21:27.0716 5096 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
22:21:27.0747 5096 wudfsvc - ok
22:21:27.0810 5096 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:21:28.0122 5096 \Device\Harddisk0\DR0 - ok
22:21:28.0169 5096 Boot (0x1200) (179181609d3260ed026feaf6957c276b) \Device\Harddisk0\DR0\Partition0
22:21:28.0200 5096 \Device\Harddisk0\DR0\Partition0 - ok
22:21:28.0231 5096 Boot (0x1200) (0c888d2fcf8f2379863bf761d6e82095) \Device\Harddisk0\DR0\Partition1
22:21:28.0231 5096 \Device\Harddisk0\DR0\Partition1 - ok
22:21:28.0231 5096 ============================================================
22:21:28.0231 5096 Scan finished
22:21:28.0231 5096 ============================================================
22:21:28.0247 1924 Detected object count: 4
22:21:28.0247 1924 Actual detected object count: 4
22:22:21.0895 1924 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
22:22:21.0895 1924 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:22:21.0895 1924 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:22:21.0895 1924 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:22:21.0895 1924 LinksysUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
22:22:21.0895 1924 LinksysUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:22:21.0895 1924 pmxmouse ( UnsignedFile.Multi.Generic ) - skipped by user
22:22:21.0895 1924 pmxmouse ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:23:54.0528 0740 Deinitialize success

Edited by tarantela23, 30 March 2012 - 12:00 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:19 AM

Posted 30 March 2012 - 01:00 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\program files\facemoods.com
c:\program files\RewardsArcade

DDS::
uStart Page = hxxp://search.babylon.com/?AF=110141&babsrc=HP_ss&mntrId=80cee71c0000000000000021704c6ff7


Firefox::
FF - ProfilePath - c:\users\Brian Mathwich\AppData\Roaming\Mozilla\Firefox\Profiles\y9taogyn.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=110141&babsrc=HP_ss&mntrId=80cee71c0000000000000021704c6ff7
FF - user.js: extensions.BabylonToolbar_i.id - 80cee71c0000000000000021704c6ff7
FF - user.js: extensions.BabylonToolbar_i.hardId - 80cee71c0000000000000021704c6ff7
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15399
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:54
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110141
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 tarantela23

tarantela23
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 30 March 2012 - 01:24 PM

Is there anyway of doing this without using combofix? I'm a little nervous about using it now.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:19 AM

Posted 30 March 2012 - 02:58 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:19 AM

Posted 01 April 2012 - 11:23 PM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:19 AM

Posted 05 April 2012 - 01:05 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:19 AM

Posted 07 April 2012 - 11:23 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users