Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malicious code found in Master Boot Record


  • This topic is locked This topic is locked
16 replies to this topic

#1 cokiju

cokiju

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 25 May 2012 - 05:45 PM

Hello, and thank you so much in advance for your willingness to help!

My computer has been having a difficult time - I often get blue screens and crash dumps when I start it, and because I have no idea how to fix it, I just restart it until it works. Today it would not start in regular mode until I used the F8 key and used the option that said "restart from last sucessful configuration". So now I am afraid to turn it off!

Is this fixable or do I just need a new computer?

I have an error message that reads "F-Secure Anti-Virus" "Malicious code found in Master Boot Record of disk MBR (0x80). Infection: Trojan:Boot/TDSS.gen!A" I typed this into the Bing Search engine, and it led me to this post: http://www.bleepingcomputer.com/forums/topic406639.html. However, reading through that thread, the user was not having any other problems and his computer was running well, which is not the case with me.

I am using Windows Vista Home Premium, and having no other problems once the system is up and running. My internet is fast, and all programs run as they should.

I have attempted to attach The "Attach" and "Ark" files, but I am getting a message that Internet Explorer cannot display the webpage. I tried with Firefox as well, and the attach field just went blank. Please let me know if there is another way to send them.

Thanks so much for your help!

Here is the DDS file:


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Rory at 13:40:57 on 2012-05-25
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1765 [GMT -7:00]
.
AV: Core Security 9.13 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: Core Security 9.13 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Frontier\Security\Anti-Virus\fsgk32st.exe
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files\Frontier\Security\Anti-Virus\FSGK32.EXE
C:\Program Files\Frontier\Security\Common\FSMA32.EXE
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Frontier\Security\Common\FSHDLL32.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Frontier\Security\ORSP Client\fsorsp.exe
C:\Program Files\Frontier\Security\Anti-Virus\fssm32.exe
C:\Program Files\Frontier\Security\FWES\Program\fsdfwd.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Frontier\Security\Anti-Virus\fsav32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Frontier\Security\Common\FSM32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: ShopAtHomeIEHelper Class: {e8daaa30-6caa-4b58-9603-8e54238219e2} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
TB: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRun: [F-Secure Manager] "c:\program files\frontier\security\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\frontier\security\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\rory\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\users\rory\appdata\roaming\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\program files\frontier\security\fsps\program\FSLSP.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.mpix.com/customer/uploading/activex/ImageUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab102118.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://millerstraining.webex.com/client/T27LB/training/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{EEC10C87-5A34-4C33-8A12-9406EE079868} : DhcpNameServer = 192.168.254.254
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rory\appdata\roaming\mozilla\firefox\profiles\7qxodkrz.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z002&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z002&form=ZGAADF&q=
FF - component: c:\users\rory\appdata\roaming\mozilla\firefox\profiles\7qxodkrz.default\extensions\textlinks@playsushi.com\components\PlaySushiFF.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\nuance\pdf reader\bin\nppdf.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2011-6-8 44184]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\frontier\security\hips\drivers\fshs.sys [2011-6-8 68144]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2011-6-8 41552]
R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2011-6-8 71120]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\frontier\security\anti-virus\minifilter\fsvista.sys [2011-6-8 12464]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-30 172032]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\frontier\security\anti-virus\fsgk32st.exe [2011-6-8 219824]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-12-30 21504]
R2 Freemake Improver;Freemake Improver;c:\programdata\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2012-4-14 96768]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-3-29 583640]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2012-3-22 4869488]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2012-3-22 416112]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\frontier\security\anti-virus\minifilter\fsgk.sys [2011-6-8 148632]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\frontier\security\orsp client\fsorsp.exe [2011-6-8 61088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-12 135664]
S3 10667;10667;c:\windows\system32\drivers\10667 [2011-3-3 9072]
S3 10840;10840;c:\windows\system32\drivers\10840 [2010-12-12 9072]
S3 29246;29246;c:\windows\system32\drivers\29246 [2010-11-28 9072]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-10 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-12 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 129976]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2012-3-22 16240]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\frontier\security\anti-virus\win2k\fsfilter.sys [2011-6-8 39856]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\frontier\security\anti-virus\win2k\fsrec.sys [2011-6-8 25264]
.
=============== Created Last 30 ================
.
2012-05-21 19:58:00 652296 ----a-w- c:\programdata\microsoft\ehome\packages\sportstemplate\sportstemplatecore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-21 19:57:53 677136 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2012-05-21 19:57:50 416128 ----a-w- c:\programdata\microsoft\ehome\packages\nettv\browse\NetTVResources.dll
2012-05-21 01:15:12 -------- d-----w- c:\program files\ASIO4ALL v2
2012-05-21 00:53:59 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-05-21 00:49:22 -------- d-----w- c:\windows\system32\directx
2012-05-20 22:15:57 -------- d-----w- c:\program files\DubTurbo2
2012-05-10 00:01:29 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-10 00:01:28 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-05-10 00:01:28 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-05-10 00:01:28 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-10 00:01:28 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll
2012-05-10 00:01:27 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe
2012-05-10 00:01:22 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 00:01:22 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 00:01:22 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 00:01:21 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 00:01:21 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-10 00:00:50 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 00:00:48 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2012-05-09 17:21:00 44184 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-05-06 03:21:22 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-06 03:21:22 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-10 18:32:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-29 15:11:45 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11:42 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09:53 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32:37 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 13:42:20.29 ===============

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:17 PM

Posted 25 May 2012 - 07:27 PM

Hi,

Please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Delete is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 cokiju

cokiju
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 26 May 2012 - 05:01 PM

The TDSSKiller log:

14:47:56.0633 8036 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
14:47:57.0257 8036 ============================================================
14:47:57.0257 8036 Current date / time: 2012/05/26 14:47:57.0257
14:47:57.0257 8036 SystemInfo:
14:47:57.0257 8036
14:47:57.0257 8036 OS Version: 6.0.6002 ServicePack: 2.0
14:47:57.0257 8036 Product type: Workstation
14:47:57.0257 8036 ComputerName: KARI-PC
14:47:57.0257 8036 UserName: Rory
14:47:57.0257 8036 Windows directory: C:\Windows
14:47:57.0257 8036 System windows directory: C:\Windows
14:47:57.0257 8036 Processor architecture: Intel x86
14:47:57.0257 8036 Number of processors: 4
14:47:57.0257 8036 Page size: 0x1000
14:47:57.0257 8036 Boot type: Normal boot
14:47:57.0257 8036 ============================================================
14:47:57.0819 8036 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:47:57.0819 8036 ============================================================
14:47:57.0819 8036 \Device\Harddisk0\DR0:
14:47:57.0819 8036 MBR partitions:
14:47:57.0819 8036 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
14:47:57.0819 8036 ============================================================
14:47:57.0835 8036 C: <-> \Device\Harddisk0\DR0\Partition0
14:47:57.0835 8036 ============================================================
14:47:57.0835 8036 Initialize success
14:47:57.0835 8036 ============================================================
14:48:29.0315 2964 ============================================================
14:48:29.0331 2964 Scan started
14:48:29.0331 2964 Mode: Manual; TDLFS;
14:48:29.0331 2964 ============================================================
14:48:30.0220 2964 10667 (34804da52276661c31422b5b98edbeb7) C:\Windows\system32\DRIVERS\10667
14:48:30.0236 2964 10667 - ok
14:48:30.0267 2964 10840 (34804da52276661c31422b5b98edbeb7) C:\Windows\system32\DRIVERS\10840
14:48:30.0267 2964 10840 - ok
14:48:30.0314 2964 29246 (34804da52276661c31422b5b98edbeb7) C:\Windows\system32\DRIVERS\29246
14:48:30.0314 2964 29246 - ok
14:48:30.0470 2964 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
14:48:30.0470 2964 ACDaemon - ok
14:48:30.0485 2964 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:48:30.0485 2964 ACPI - ok
14:48:30.0579 2964 AdobeActiveFileMonitor8.0 (34400005de52842c4d6d4ee978b4d7ce) C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
14:48:30.0579 2964 AdobeActiveFileMonitor8.0 - ok
14:48:30.0673 2964 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:48:30.0673 2964 AdobeFlashPlayerUpdateSvc - ok
14:48:30.0688 2964 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
14:48:30.0704 2964 adp94xx - ok
14:48:30.0719 2964 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
14:48:30.0719 2964 adpahci - ok
14:48:30.0751 2964 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
14:48:30.0751 2964 adpu160m - ok
14:48:30.0766 2964 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
14:48:30.0766 2964 adpu320 - ok
14:48:30.0813 2964 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
14:48:30.0813 2964 AeLookupSvc - ok
14:48:30.0844 2964 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
14:48:30.0844 2964 Afc - ok
14:48:30.0891 2964 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:48:30.0891 2964 AFD - ok
14:48:30.0922 2964 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
14:48:30.0922 2964 agp440 - ok
14:48:30.0938 2964 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:48:30.0938 2964 aic78xx - ok
14:48:30.0969 2964 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
14:48:30.0969 2964 ALG - ok
14:48:30.0985 2964 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
14:48:30.0985 2964 aliide - ok
14:48:31.0000 2964 AMD External Events Utility (62a91789c1165e86196980827fef492e) C:\Windows\system32\atiesrxx.exe
14:48:31.0000 2964 AMD External Events Utility - ok
14:48:31.0031 2964 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
14:48:31.0031 2964 amdagp - ok
14:48:31.0047 2964 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
14:48:31.0047 2964 amdide - ok
14:48:31.0063 2964 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
14:48:31.0063 2964 AmdK7 - ok
14:48:31.0063 2964 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
14:48:31.0063 2964 AmdK8 - ok
14:48:31.0094 2964 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
14:48:31.0094 2964 Appinfo - ok
14:48:31.0312 2964 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:48:31.0312 2964 Apple Mobile Device - ok
14:48:31.0328 2964 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
14:48:31.0328 2964 arc - ok
14:48:31.0343 2964 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
14:48:31.0343 2964 arcsas - ok
14:48:31.0359 2964 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:48:31.0359 2964 AsyncMac - ok
14:48:31.0375 2964 atapi (a779ca2c76da4fcb595e692c05e8e4eb) C:\Windows\system32\drivers\atapi.sys
14:48:31.0375 2964 atapi - ok
14:48:31.0577 2964 atikmdag (fcd4c95b1cb2a7dfbf8df5609c74734a) C:\Windows\system32\DRIVERS\atikmdag.sys
14:48:31.0609 2964 atikmdag - ok
14:48:31.0702 2964 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:48:31.0702 2964 AudioEndpointBuilder - ok
14:48:31.0702 2964 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:48:31.0702 2964 Audiosrv - ok
14:48:31.0749 2964 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:48:31.0749 2964 Beep - ok
14:48:31.0780 2964 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
14:48:31.0780 2964 BFE - ok
14:48:31.0827 2964 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
14:48:31.0827 2964 BITS - ok
14:48:31.0827 2964 blbdrive - ok
14:48:31.0905 2964 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:48:31.0905 2964 Bonjour Service - ok
14:48:31.0952 2964 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:48:31.0952 2964 bowser - ok
14:48:31.0983 2964 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:48:31.0983 2964 BrFiltLo - ok
14:48:31.0999 2964 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:48:32.0014 2964 BrFiltUp - ok
14:48:32.0030 2964 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
14:48:32.0030 2964 Browser - ok
14:48:32.0045 2964 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:48:32.0045 2964 Brserid - ok
14:48:32.0061 2964 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:48:32.0061 2964 BrSerWdm - ok
14:48:32.0077 2964 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:48:32.0077 2964 BrUsbMdm - ok
14:48:32.0092 2964 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:48:32.0092 2964 BrUsbSer - ok
14:48:32.0123 2964 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
14:48:32.0123 2964 BthEnum - ok
14:48:32.0139 2964 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:48:32.0139 2964 BTHMODEM - ok
14:48:32.0155 2964 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
14:48:32.0155 2964 BthPan - ok
14:48:32.0217 2964 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
14:48:32.0217 2964 BTHPORT - ok
14:48:32.0248 2964 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
14:48:32.0248 2964 BthServ - ok
14:48:32.0264 2964 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
14:48:32.0264 2964 BTHUSB - ok
14:48:32.0264 2964 btusbflt - ok
14:48:32.0279 2964 btwaudio (fc23e3a7ae18b02dcc1a34cbef3f80af) C:\Windows\system32\drivers\btwaudio.sys
14:48:32.0279 2964 btwaudio - ok
14:48:32.0295 2964 btwavdt (5e14c92763e51130bfb9a670afd7eddf) C:\Windows\system32\drivers\btwavdt.sys
14:48:32.0295 2964 btwavdt - ok
14:48:32.0311 2964 btwrchid (ac3fd5a3bbfa114098f75b80c4c1f3e7) C:\Windows\system32\DRIVERS\btwrchid.sys
14:48:32.0311 2964 btwrchid - ok
14:48:32.0326 2964 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:48:32.0326 2964 cdfs - ok
14:48:32.0326 2964 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:48:32.0326 2964 cdrom - ok
14:48:32.0342 2964 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:48:32.0342 2964 CertPropSvc - ok
14:48:32.0373 2964 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
14:48:32.0373 2964 circlass - ok
14:48:32.0389 2964 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:48:32.0404 2964 CLFS - ok
14:48:32.0498 2964 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:48:32.0498 2964 clr_optimization_v2.0.50727_32 - ok
14:48:32.0545 2964 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:48:32.0560 2964 clr_optimization_v4.0.30319_32 - ok
14:48:32.0576 2964 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
14:48:32.0576 2964 cmdide - ok
14:48:32.0576 2964 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
14:48:32.0576 2964 Compbatt - ok
14:48:32.0576 2964 COMSysApp - ok
14:48:32.0607 2964 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
14:48:32.0607 2964 crcdisk - ok
14:48:32.0623 2964 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
14:48:32.0623 2964 Crusoe - ok
14:48:32.0654 2964 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
14:48:32.0654 2964 CryptSvc - ok
14:48:32.0685 2964 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:48:32.0685 2964 DcomLaunch - ok
14:48:32.0732 2964 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:48:32.0732 2964 DfsC - ok
14:48:32.0825 2964 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
14:48:32.0857 2964 DFSR - ok
14:48:32.0935 2964 DFUBTUSB (31273c758c6df7fc27b00be78c7220e9) C:\Windows\system32\Drivers\frmupgr.sys
14:48:32.0950 2964 DFUBTUSB - ok
14:48:32.0966 2964 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
14:48:32.0966 2964 Dhcp - ok
14:48:32.0997 2964 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:48:32.0997 2964 disk - ok
14:48:33.0028 2964 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
14:48:33.0028 2964 Dnscache - ok
14:48:33.0044 2964 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
14:48:33.0044 2964 dot3svc - ok
14:48:33.0059 2964 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
14:48:33.0059 2964 DPS - ok
14:48:33.0091 2964 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:48:33.0091 2964 drmkaud - ok
14:48:33.0153 2964 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:48:33.0153 2964 DXGKrnl - ok
14:48:33.0184 2964 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
14:48:33.0184 2964 e1express - ok
14:48:33.0200 2964 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:48:33.0200 2964 E1G60 - ok
14:48:33.0200 2964 EagleNT - ok
14:48:33.0215 2964 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
14:48:33.0215 2964 EapHost - ok
14:48:33.0247 2964 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:48:33.0247 2964 Ecache - ok
14:48:33.0278 2964 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
14:48:33.0278 2964 ehRecvr - ok
14:48:33.0293 2964 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
14:48:33.0293 2964 ehSched - ok
14:48:33.0309 2964 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
14:48:33.0309 2964 ehstart - ok
14:48:33.0325 2964 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
14:48:33.0325 2964 elxstor - ok
14:48:33.0356 2964 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
14:48:33.0356 2964 EMDMgmt - ok
14:48:33.0387 2964 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
14:48:33.0403 2964 EventSystem - ok
14:48:33.0418 2964 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:48:33.0418 2964 exfat - ok
14:48:33.0512 2964 F-Secure Filter (4564a3e6bb0246db88d6281cac25f188) C:\Program Files\Frontier\Security\Anti-Virus\Win2K\FSfilter.sys
14:48:33.0512 2964 F-Secure Filter - ok
14:48:33.0543 2964 F-Secure Gatekeeper (29d12e1e45d93b45d2598e2663bbeff4) C:\Program Files\Frontier\Security\Anti-Virus\minifilter\fsgk.sys
14:48:33.0543 2964 F-Secure Gatekeeper - ok
14:48:33.0559 2964 F-Secure Gatekeeper Handler Starter (0e20090f2d329ff4613625ffd79e94b5) C:\Program Files\Frontier\Security\Anti-Virus\fsgk32st.exe
14:48:33.0559 2964 F-Secure Gatekeeper Handler Starter - ok
14:48:33.0605 2964 F-Secure HIPS (eab491e2f5a02c2f9e32ec2ca58da295) C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys
14:48:33.0605 2964 F-Secure HIPS - ok
14:48:33.0621 2964 F-Secure Recognizer (9f190f367e88f87e691f6b396190e17f) C:\Program Files\Frontier\Security\Anti-Virus\Win2K\FSrec.sys
14:48:33.0621 2964 F-Secure Recognizer - ok
14:48:33.0652 2964 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:48:33.0652 2964 fastfat - ok
14:48:33.0668 2964 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
14:48:33.0668 2964 fdc - ok
14:48:33.0699 2964 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
14:48:33.0699 2964 fdPHost - ok
14:48:33.0715 2964 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
14:48:33.0715 2964 FDResPub - ok
14:48:33.0730 2964 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:48:33.0730 2964 FileInfo - ok
14:48:33.0761 2964 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:48:33.0761 2964 Filetrace - ok
14:48:33.0855 2964 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:48:33.0871 2964 FLEXnet Licensing Service - ok
14:48:33.0886 2964 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
14:48:33.0886 2964 flpydisk - ok
14:48:33.0902 2964 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:48:33.0902 2964 FltMgr - ok
14:48:33.0964 2964 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
14:48:33.0964 2964 FontCache - ok
14:48:34.0027 2964 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:48:34.0027 2964 FontCache3.0.0.0 - ok
14:48:34.0105 2964 Freemake Improver (565619f1b6da86e3c7ba75a1e60ecfcd) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
14:48:34.0105 2964 Freemake Improver - ok
14:48:34.0136 2964 fsbts (1d2de58a837e6909f98ca35103d10739) C:\Windows\system32\Drivers\fsbts.sys
14:48:34.0136 2964 fsbts - ok
14:48:34.0198 2964 FSDFWD (5dab98ee332658747d2386c1e206d39d) C:\Program Files\Frontier\Security\FWES\Program\fsdfwd.exe
14:48:34.0198 2964 FSDFWD - ok
14:48:34.0229 2964 FSES (45d83eb65fc09acfffa5d27053eb9ff3) C:\Windows\system32\drivers\fses.sys
14:48:34.0229 2964 FSES - ok
14:48:34.0245 2964 FSFW (8ecd55ead60a0d018f2026307ba8670e) C:\Windows\system32\drivers\fsdfw.sys
14:48:34.0261 2964 FSFW - ok
14:48:34.0292 2964 FSMA (efc6192c76cd7067958d5dce14ef92df) C:\Program Files\Frontier\Security\Common\FSMA32.EXE
14:48:34.0292 2964 FSMA - ok
14:48:34.0385 2964 FSORSPClient (42aef6a385354aca65fc210ce7ce4d7c) C:\Program Files\Frontier\Security\ORSP Client\fsorsp.exe
14:48:34.0385 2964 FSORSPClient - ok
14:48:34.0432 2964 fsvista (2aeddefc5a89a2abc322a744d1640444) C:\Program Files\Frontier\Security\Anti-Virus\minifilter\fsvista.sys
14:48:34.0432 2964 fsvista - ok
14:48:34.0479 2964 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
14:48:34.0479 2964 Fs_Rec - ok
14:48:34.0510 2964 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
14:48:34.0510 2964 gagp30kx - ok
14:48:34.0510 2964 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:48:34.0510 2964 GEARAspiWDM - ok
14:48:34.0541 2964 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
14:48:34.0557 2964 gpsvc - ok
14:48:34.0619 2964 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
14:48:34.0619 2964 gupdate - ok
14:48:34.0619 2964 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
14:48:34.0619 2964 gupdatem - ok
14:48:34.0635 2964 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:48:34.0635 2964 gusvc - ok
14:48:34.0666 2964 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
14:48:34.0666 2964 HdAudAddService - ok
14:48:34.0713 2964 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:48:34.0713 2964 HDAudBus - ok
14:48:34.0729 2964 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:48:34.0729 2964 HidBth - ok
14:48:34.0760 2964 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:48:34.0760 2964 HidIr - ok
14:48:34.0775 2964 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
14:48:34.0775 2964 hidserv - ok
14:48:34.0807 2964 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:48:34.0807 2964 HidUsb - ok
14:48:34.0822 2964 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
14:48:34.0822 2964 hkmsvc - ok
14:48:34.0838 2964 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
14:48:34.0853 2964 HpCISSs - ok
14:48:34.0885 2964 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
14:48:34.0885 2964 HSF_DPV - ok
14:48:34.0916 2964 HSXHWBS2 (5f60f0ad32d43b9ab9ac9373117d8e54) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
14:48:34.0916 2964 HSXHWBS2 - ok
14:48:34.0931 2964 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
14:48:34.0947 2964 HTTP - ok
14:48:34.0963 2964 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
14:48:34.0963 2964 i2omp - ok
14:48:34.0978 2964 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:48:34.0978 2964 i8042prt - ok
14:48:34.0994 2964 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
14:48:35.0009 2964 iaStorV - ok
14:48:35.0103 2964 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:48:35.0119 2964 IDriverT - ok
14:48:35.0197 2964 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:48:35.0212 2964 idsvc - ok
14:48:35.0259 2964 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:48:35.0275 2964 iirsp - ok
14:48:35.0290 2964 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
14:48:35.0306 2964 IKEEXT - ok
14:48:35.0321 2964 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
14:48:35.0321 2964 intelide - ok
14:48:35.0337 2964 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:48:35.0337 2964 intelppm - ok
14:48:35.0353 2964 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
14:48:35.0368 2964 IPBusEnum - ok
14:48:35.0384 2964 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:48:35.0384 2964 IpFilterDriver - ok
14:48:35.0431 2964 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
14:48:35.0431 2964 iphlpsvc - ok
14:48:35.0431 2964 IpInIp - ok
14:48:35.0493 2964 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
14:48:35.0509 2964 IPMIDRV - ok
14:48:35.0524 2964 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:48:35.0524 2964 IPNAT - ok
14:48:35.0680 2964 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
14:48:35.0680 2964 iPod Service - ok
14:48:35.0743 2964 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:48:35.0743 2964 IRENUM - ok
14:48:35.0774 2964 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
14:48:35.0774 2964 isapnp - ok
14:48:35.0805 2964 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:48:35.0805 2964 iScsiPrt - ok
14:48:35.0821 2964 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:48:35.0821 2964 iteatapi - ok
14:48:35.0836 2964 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:48:35.0836 2964 iteraid - ok
14:48:35.0852 2964 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:48:35.0852 2964 kbdclass - ok
14:48:35.0867 2964 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
14:48:35.0867 2964 kbdhid - ok
14:48:35.0899 2964 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:48:35.0914 2964 KeyIso - ok
14:48:36.0055 2964 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
14:48:36.0055 2964 KSecDD - ok
14:48:36.0086 2964 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
14:48:36.0086 2964 KtmRm - ok
14:48:36.0133 2964 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
14:48:36.0133 2964 LanmanServer - ok
14:48:36.0164 2964 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
14:48:36.0164 2964 LanmanWorkstation - ok
14:48:36.0195 2964 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:48:36.0195 2964 lltdio - ok
14:48:36.0226 2964 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
14:48:36.0226 2964 lltdsvc - ok
14:48:36.0257 2964 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
14:48:36.0257 2964 lmhosts - ok
14:48:36.0273 2964 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
14:48:36.0273 2964 LSI_FC - ok
14:48:36.0289 2964 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
14:48:36.0289 2964 LSI_SAS - ok
14:48:36.0304 2964 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
14:48:36.0304 2964 LSI_SCSI - ok
14:48:36.0320 2964 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:48:36.0320 2964 luafv - ok
14:48:36.0351 2964 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
14:48:36.0351 2964 Mcx2Svc - ok
14:48:36.0382 2964 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:48:36.0382 2964 mdmxsdk - ok
14:48:36.0413 2964 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
14:48:36.0413 2964 megasas - ok
14:48:36.0445 2964 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:48:36.0445 2964 MMCSS - ok
14:48:36.0460 2964 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:48:36.0460 2964 Modem - ok
14:48:36.0460 2964 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:48:36.0476 2964 monitor - ok
14:48:36.0491 2964 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:48:36.0491 2964 mouclass - ok
14:48:36.0507 2964 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:48:36.0507 2964 mouhid - ok
14:48:36.0507 2964 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:48:36.0507 2964 MountMgr - ok
14:48:36.0554 2964 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:48:36.0554 2964 MozillaMaintenance - ok
14:48:36.0585 2964 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
14:48:36.0585 2964 mpio - ok
14:48:36.0663 2964 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:48:36.0663 2964 mpsdrv - ok
14:48:36.0788 2964 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
14:48:36.0788 2964 MpsSvc - ok
14:48:36.0819 2964 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:48:36.0819 2964 Mraid35x - ok
14:48:36.0850 2964 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:48:36.0850 2964 MRxDAV - ok
14:48:36.0881 2964 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:48:36.0881 2964 mrxsmb - ok
14:48:36.0913 2964 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:48:36.0913 2964 mrxsmb10 - ok
14:48:36.0913 2964 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:48:36.0913 2964 mrxsmb20 - ok
14:48:36.0944 2964 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
14:48:36.0944 2964 msahci - ok
14:48:37.0100 2964 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
14:48:37.0100 2964 msdsm - ok
14:48:37.0349 2964 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
14:48:37.0396 2964 MSDTC - ok
14:48:37.0427 2964 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:48:37.0427 2964 Msfs - ok
14:48:37.0427 2964 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:48:37.0427 2964 msisadrv - ok
14:48:37.0474 2964 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
14:48:37.0474 2964 MSiSCSI - ok
14:48:37.0474 2964 msiserver - ok
14:48:37.0490 2964 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:48:37.0490 2964 MSKSSRV - ok
14:48:37.0521 2964 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:48:37.0521 2964 MSPCLOCK - ok
14:48:37.0521 2964 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:48:37.0537 2964 MSPQM - ok
14:48:37.0552 2964 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:48:37.0552 2964 MsRPC - ok
14:48:37.0552 2964 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:48:37.0552 2964 mssmbios - ok
14:48:37.0568 2964 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:48:37.0568 2964 MSTEE - ok
14:48:37.0615 2964 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:48:37.0615 2964 Mup - ok
14:48:37.0630 2964 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
14:48:37.0646 2964 napagent - ok
14:48:37.0677 2964 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:48:37.0677 2964 NativeWifiP - ok
14:48:37.0817 2964 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:48:37.0817 2964 NDIS - ok
14:48:37.0817 2964 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:48:37.0817 2964 NdisTapi - ok
14:48:37.0833 2964 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:48:37.0849 2964 Ndisuio - ok
14:48:37.0864 2964 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:48:37.0880 2964 NdisWan - ok
14:48:37.0880 2964 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:48:37.0880 2964 NDProxy - ok
14:48:37.0880 2964 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:48:37.0880 2964 NetBIOS - ok
14:48:37.0895 2964 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:48:37.0895 2964 netbt - ok
14:48:37.0927 2964 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:48:37.0927 2964 Netlogon - ok
14:48:38.0223 2964 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
14:48:38.0223 2964 Netman - ok
14:48:38.0301 2964 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
14:48:38.0301 2964 netprofm - ok
14:48:38.0363 2964 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:48:38.0363 2964 NetTcpPortSharing - ok
14:48:38.0395 2964 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:48:38.0395 2964 nfrd960 - ok
14:48:38.0426 2964 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
14:48:38.0426 2964 NlaSvc - ok
14:48:38.0457 2964 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:48:38.0457 2964 Npfs - ok
14:48:38.0473 2964 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
14:48:38.0473 2964 nsi - ok
14:48:38.0488 2964 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:48:38.0488 2964 nsiproxy - ok
14:48:38.0582 2964 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:48:38.0597 2964 Ntfs - ok
14:48:38.0613 2964 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:48:38.0613 2964 ntrigdigi - ok
14:48:38.0629 2964 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:48:38.0629 2964 Null - ok
14:48:38.0660 2964 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
14:48:38.0660 2964 nvraid - ok
14:48:38.0675 2964 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
14:48:38.0675 2964 nvstor - ok
14:48:38.0707 2964 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
14:48:38.0707 2964 nv_agp - ok
14:48:38.0707 2964 NwlnkFlt - ok
14:48:38.0722 2964 NwlnkFwd - ok
14:48:38.0738 2964 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
14:48:38.0738 2964 ohci1394 - ok
14:48:38.0738 2964 OMCI - ok
14:48:38.0785 2964 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:48:38.0800 2964 p2pimsvc - ok
14:48:38.0800 2964 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:48:38.0800 2964 p2psvc - ok
14:48:38.0956 2964 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:48:38.0956 2964 Parport - ok
14:48:39.0081 2964 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
14:48:39.0081 2964 partmgr - ok
14:48:39.0143 2964 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:48:39.0143 2964 Parvdm - ok
14:48:39.0253 2964 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
14:48:39.0253 2964 PcaSvc - ok
14:48:39.0596 2964 PCD5SRVC{3F6A8B78-EC003E00-05040104} (42ede7d217325ff56cb8a9983cd7f73b) C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms
14:48:39.0643 2964 PCD5SRVC{3F6A8B78-EC003E00-05040104} - ok
14:48:39.0705 2964 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:48:39.0705 2964 pci - ok
14:48:39.0721 2964 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys
14:48:39.0721 2964 pciide - ok
14:48:39.0752 2964 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:48:39.0752 2964 pcmcia - ok
14:48:39.0877 2964 PCToolsSSDMonitorSvc (e6e503845208a148a9e3e7faa63b97a4) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
14:48:39.0877 2964 PCToolsSSDMonitorSvc - ok
14:48:40.0610 2964 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:48:40.0641 2964 PEAUTH - ok
14:48:40.0657 2964 pfc - ok
14:48:40.0891 2964 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
14:48:40.0922 2964 pla - ok
14:48:41.0608 2964 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
14:48:41.0624 2964 PlugPlay - ok
14:48:41.0655 2964 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:48:41.0671 2964 PNRPAutoReg - ok
14:48:41.0671 2964 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:48:41.0686 2964 PNRPsvc - ok
14:48:41.0702 2964 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
14:48:41.0717 2964 PolicyAgent - ok
14:48:41.0749 2964 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:48:41.0764 2964 PptpMiniport - ok
14:48:41.0780 2964 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
14:48:41.0780 2964 Processor - ok
14:48:41.0811 2964 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
14:48:41.0811 2964 ProfSvc - ok
14:48:41.0858 2964 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:48:41.0858 2964 ProtectedStorage - ok
14:48:41.0889 2964 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:48:41.0889 2964 PSched - ok
14:48:41.0983 2964 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
14:48:41.0998 2964 PxHelp20 - ok
14:48:42.0045 2964 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
14:48:42.0045 2964 ql2300 - ok
14:48:42.0092 2964 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:48:42.0107 2964 ql40xx - ok
14:48:42.0139 2964 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
14:48:42.0139 2964 QWAVE - ok
14:48:42.0154 2964 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:48:42.0154 2964 QWAVEdrv - ok
14:48:42.0154 2964 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:48:42.0154 2964 RasAcd - ok
14:48:42.0185 2964 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
14:48:42.0185 2964 RasAuto - ok
14:48:42.0201 2964 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:48:42.0201 2964 Rasl2tp - ok
14:48:42.0217 2964 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
14:48:42.0232 2964 RasMan - ok
14:48:42.0232 2964 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:48:42.0232 2964 RasPppoe - ok
14:48:42.0248 2964 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:48:42.0248 2964 RasSstp - ok
14:48:42.0263 2964 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:48:42.0263 2964 rdbss - ok
14:48:42.0279 2964 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:48:42.0279 2964 RDPCDD - ok
14:48:42.0295 2964 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
14:48:42.0295 2964 rdpdr - ok
14:48:42.0310 2964 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:48:42.0326 2964 RDPENCDD - ok
14:48:42.0357 2964 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
14:48:42.0373 2964 RDPWD - ok
14:48:42.0404 2964 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
14:48:42.0404 2964 RemoteAccess - ok
14:48:42.0435 2964 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
14:48:42.0435 2964 RemoteRegistry - ok
14:48:42.0451 2964 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
14:48:42.0451 2964 RFCOMM - ok
14:48:42.0482 2964 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
14:48:42.0482 2964 RpcLocator - ok
14:48:42.0544 2964 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:48:42.0544 2964 RpcSs - ok
14:48:42.0575 2964 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:48:42.0575 2964 rspndr - ok
14:48:42.0591 2964 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:48:42.0607 2964 SamSs - ok
14:48:42.0622 2964 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:48:42.0622 2964 sbp2port - ok
14:48:42.0653 2964 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
14:48:42.0653 2964 SCardSvr - ok
14:48:42.0700 2964 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
14:48:42.0700 2964 Schedule - ok
14:48:42.0716 2964 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:48:42.0716 2964 SCPolicySvc - ok
14:48:42.0763 2964 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
14:48:42.0778 2964 SDRSVC - ok
14:48:42.0794 2964 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:48:42.0794 2964 secdrv - ok
14:48:42.0809 2964 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
14:48:42.0809 2964 seclogon - ok
14:48:42.0841 2964 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
14:48:42.0841 2964 SENS - ok
14:48:42.0872 2964 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:48:42.0872 2964 Serenum - ok
14:48:42.0903 2964 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:48:42.0903 2964 Serial - ok
14:48:42.0919 2964 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:48:42.0919 2964 sermouse - ok
14:48:42.0950 2964 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
14:48:42.0950 2964 SessionEnv - ok
14:48:42.0965 2964 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
14:48:42.0965 2964 sffdisk - ok
14:48:42.0981 2964 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
14:48:42.0981 2964 sffp_mmc - ok
14:48:42.0981 2964 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
14:48:42.0981 2964 sffp_sd - ok
14:48:42.0997 2964 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:48:42.0997 2964 sfloppy - ok
14:48:43.0028 2964 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
14:48:43.0043 2964 SharedAccess - ok
14:48:43.0075 2964 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
14:48:43.0075 2964 ShellHWDetection - ok
14:48:43.0106 2964 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
14:48:43.0106 2964 sisagp - ok
14:48:43.0121 2964 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
14:48:43.0121 2964 SiSRaid2 - ok
14:48:43.0137 2964 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
14:48:43.0137 2964 SiSRaid4 - ok
14:48:43.0652 2964 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
14:48:43.0699 2964 slsvc - ok
14:48:43.0901 2964 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
14:48:43.0901 2964 SLUINotify - ok
14:48:43.0948 2964 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:48:43.0948 2964 Smb - ok
14:48:43.0979 2964 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
14:48:43.0979 2964 SNMPTRAP - ok
14:48:43.0995 2964 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:48:43.0995 2964 spldr - ok
14:48:44.0026 2964 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
14:48:44.0026 2964 Spooler - ok
14:48:44.0229 2964 sprtsvc_DellSupportCenter (777115c9cc675bd98127660712d2f784) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
14:48:44.0229 2964 sprtsvc_DellSupportCenter - ok
14:48:44.0276 2964 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:48:44.0291 2964 srv - ok
14:48:44.0307 2964 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:48:44.0323 2964 srv2 - ok
14:48:44.0323 2964 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:48:44.0323 2964 srvnet - ok
14:48:44.0354 2964 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
14:48:44.0354 2964 SSDPSRV - ok
14:48:44.0369 2964 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
14:48:44.0369 2964 SstpSvc - ok
14:48:44.0385 2964 STacSV (b218068eba6f46f102b4218bdb81be0b) C:\Windows\system32\STacSV.exe
14:48:44.0401 2964 STacSV - ok
14:48:44.0416 2964 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys
14:48:44.0432 2964 STHDA - ok
14:48:44.0463 2964 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
14:48:44.0463 2964 stisvc - ok
14:48:44.0650 2964 stllssvr (7489520e98a119b5a9a00857f4f87d16) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
14:48:44.0666 2964 stllssvr - ok
14:48:44.0681 2964 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:48:44.0681 2964 swenum - ok
14:48:44.0713 2964 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
14:48:44.0713 2964 swprv - ok
14:48:44.0744 2964 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:48:44.0744 2964 Symc8xx - ok
14:48:44.0759 2964 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:48:44.0759 2964 Sym_hi - ok
14:48:44.0775 2964 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:48:44.0775 2964 Sym_u3 - ok
14:48:44.0806 2964 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
14:48:44.0822 2964 SysMain - ok
14:48:44.0837 2964 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
14:48:44.0837 2964 TabletInputService - ok
14:48:45.0992 2964 TabletServicePen (c9d5fa17200768ef92538f1f95735a2e) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
14:48:46.0007 2964 TabletServicePen - ok
14:48:46.0741 2964 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
14:48:46.0741 2964 TapiSrv - ok
14:48:46.0772 2964 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
14:48:46.0772 2964 TBS - ok
14:48:46.0959 2964 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
14:48:46.0975 2964 Tcpip - ok
14:48:46.0990 2964 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
14:48:46.0990 2964 Tcpip6 - ok
14:48:47.0084 2964 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
14:48:47.0162 2964 tcpipreg - ok
14:48:47.0193 2964 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:48:47.0193 2964 TDPIPE - ok
14:48:47.0209 2964 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:48:47.0209 2964 TDTCP - ok
14:48:47.0224 2964 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:48:47.0224 2964 tdx - ok
14:48:47.0240 2964 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:48:47.0240 2964 TermDD - ok
14:48:47.0287 2964 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
14:48:47.0318 2964 TermService - ok
14:48:47.0365 2964 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
14:48:47.0365 2964 Themes - ok
14:48:47.0396 2964 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:48:47.0411 2964 THREADORDER - ok
14:48:47.0708 2964 TouchServicePen (8d83c60de67c2db212452d8ebe7ca196) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
14:48:47.0708 2964 TouchServicePen - ok
14:48:47.0739 2964 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
14:48:47.0739 2964 TrkWks - ok
14:48:47.0770 2964 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
14:48:47.0770 2964 TrustedInstaller - ok
14:48:47.0833 2964 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:48:47.0833 2964 tssecsrv - ok
14:48:47.0895 2964 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:48:47.0895 2964 tunmp - ok
14:48:47.0895 2964 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:48:47.0895 2964 tunnel - ok
14:48:47.0942 2964 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
14:48:47.0942 2964 uagp35 - ok
14:48:47.0957 2964 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:48:47.0957 2964 udfs - ok
14:48:47.0989 2964 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
14:48:47.0989 2964 UI0Detect - ok
14:48:48.0004 2964 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
14:48:48.0004 2964 uliagpkx - ok
14:48:48.0035 2964 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
14:48:48.0035 2964 uliahci - ok
14:48:48.0067 2964 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:48:48.0067 2964 UlSata - ok
14:48:48.0082 2964 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:48:48.0082 2964 ulsata2 - ok
14:48:48.0098 2964 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:48:48.0098 2964 umbus - ok
14:48:48.0129 2964 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
14:48:48.0129 2964 upnphost - ok
14:48:48.0176 2964 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
14:48:48.0176 2964 USBAAPL - ok
14:48:48.0285 2964 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:48:48.0285 2964 usbccgp - ok
14:48:48.0301 2964 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:48:48.0316 2964 usbcir - ok
14:48:48.0332 2964 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:48:48.0332 2964 usbehci - ok
14:48:48.0347 2964 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:48:48.0347 2964 usbhub - ok
14:48:48.0379 2964 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
14:48:48.0379 2964 usbohci - ok
14:48:48.0394 2964 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:48:48.0394 2964 usbprint - ok
14:48:48.0425 2964 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
14:48:48.0425 2964 usbscan - ok
14:48:48.0425 2964 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:48:48.0425 2964 USBSTOR - ok
14:48:48.0457 2964 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:48:48.0457 2964 usbuhci - ok
14:48:48.0472 2964 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
14:48:48.0472 2964 UxSms - ok
14:48:48.0488 2964 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
14:48:48.0503 2964 vds - ok
14:48:48.0519 2964 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
14:48:48.0519 2964 vga - ok
14:48:48.0535 2964 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:48:48.0535 2964 VgaSave - ok
14:48:48.0566 2964 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
14:48:48.0566 2964 viaagp - ok
14:48:48.0581 2964 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
14:48:48.0581 2964 ViaC7 - ok
14:48:48.0597 2964 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
14:48:48.0613 2964 viaide - ok
14:48:48.0628 2964 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:48:48.0628 2964 volmgr - ok
14:48:48.0659 2964 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:48:48.0659 2964 volmgrx - ok
14:48:48.0675 2964 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:48:48.0675 2964 volsnap - ok
14:48:48.0706 2964 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
14:48:48.0706 2964 vsmraid - ok
14:48:49.0003 2964 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
14:48:49.0018 2964 VSS - ok
14:48:49.0533 2964 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS
14:48:49.0564 2964 VSTHWBS2 - ok
14:48:49.0736 2964 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
14:48:49.0751 2964 VST_DPV - ok
14:48:49.0798 2964 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
14:48:49.0798 2964 W32Time - ok
14:48:49.0814 2964 wacmoumonitor (f24ee97511fb901189e11cbbd51605ba) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
14:48:49.0814 2964 wacmoumonitor - ok
14:48:49.0845 2964 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
14:48:49.0845 2964 wacommousefilter - ok
14:48:49.0876 2964 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:48:49.0876 2964 WacomPen - ok
14:48:49.0892 2964 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
14:48:49.0892 2964 wacomvhid - ok
14:48:49.0907 2964 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:48:49.0907 2964 Wanarp - ok
14:48:49.0907 2964 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:48:49.0907 2964 Wanarpv6 - ok
14:48:49.0939 2964 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
14:48:50.0001 2964 wcncsvc - ok
14:48:50.0017 2964 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
14:48:50.0017 2964 WcsPlugInService - ok
14:48:50.0048 2964 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
14:48:50.0048 2964 Wd - ok
14:48:50.0079 2964 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:48:50.0079 2964 Wdf01000 - ok
14:48:50.0110 2964 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:48:50.0110 2964 WdiServiceHost - ok
14:48:50.0110 2964 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:48:50.0110 2964 WdiSystemHost - ok
14:48:50.0141 2964 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
14:48:50.0141 2964 WebClient - ok
14:48:50.0173 2964 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
14:48:50.0188 2964 Wecsvc - ok
14:48:50.0188 2964 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
14:48:50.0188 2964 wercplsupport - ok
14:48:50.0204 2964 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
14:48:50.0219 2964 WerSvc - ok
14:48:50.0251 2964 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
14:48:50.0251 2964 winachsf - ok
14:48:50.0765 2964 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
14:48:50.0781 2964 WinDefend - ok
14:48:50.0781 2964 WinHttpAutoProxySvc - ok
14:48:50.0828 2964 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
14:48:50.0828 2964 Winmgmt - ok
14:48:51.0031 2964 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
14:48:51.0062 2964 WinRM - ok
14:48:51.0124 2964 WinUsb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
14:48:51.0124 2964 WinUsb - ok
14:48:51.0171 2964 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
14:48:51.0187 2964 Wlansvc - ok
14:48:51.0202 2964 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
14:48:51.0202 2964 WmiAcpi - ok
14:48:51.0249 2964 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
14:48:51.0249 2964 wmiApSrv - ok
14:48:51.0452 2964 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:48:51.0452 2964 WMPNetworkSvc - ok
14:48:51.0483 2964 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
14:48:51.0483 2964 WPCSvc - ok
14:48:51.0530 2964 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
14:48:51.0545 2964 WPDBusEnum - ok
14:48:51.0577 2964 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
14:48:51.0577 2964 WpdUsb - ok
14:48:51.0733 2964 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:48:51.0748 2964 WPFFontCache_v0400 - ok
14:48:51.0764 2964 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:48:51.0764 2964 ws2ifsl - ok
14:48:51.0779 2964 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
14:48:51.0795 2964 wscsvc - ok
14:48:51.0795 2964 WSearch - ok
14:48:51.0889 2964 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
14:48:51.0951 2964 wuauserv - ok
14:48:52.0076 2964 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:48:52.0076 2964 WUDFRd - ok
14:48:52.0107 2964 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
14:48:52.0107 2964 wudfsvc - ok
14:48:52.0123 2964 XAudio (e3fcf2870b5d7979b3bf10e98a71c847) C:\Windows\system32\DRIVERS\xaudio.sys
14:48:52.0123 2964 XAudio - ok
14:48:52.0154 2964 XAudioService (96db5621857e1fddd1aa60733748bf17) C:\Windows\system32\DRIVERS\xaudio.exe
14:48:52.0154 2964 XAudioService - ok
14:48:52.0169 2964 MBR (0x1B8) (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0
14:48:52.0201 2964 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
14:48:52.0201 2964 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
14:48:52.0232 2964 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:48:52.0232 2964 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:48:52.0247 2964 Boot (0x1200) (9db5b8db800607043532272758fdd40e) \Device\Harddisk0\DR0\Partition0
14:48:52.0263 2964 \Device\Harddisk0\DR0\Partition0 - ok
14:48:52.0263 2964 ============================================================
14:48:52.0263 2964 Scan finished
14:48:52.0263 2964 ============================================================
14:48:52.0263 6608 Detected object count: 2
14:48:52.0263 6608 Actual detected object count: 2
14:49:36.0676 6608 \Device\Harddisk0\DR0\# - copied to quarantine
14:49:36.0692 6608 \Device\Harddisk0\DR0 - copied to quarantine
14:49:36.0692 6608 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
14:49:36.0692 6608 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
14:49:36.0739 6608 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
14:49:36.0739 6608 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
14:49:36.0739 6608 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
14:49:36.0739 6608 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
14:49:37.0269 6608 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
14:49:37.0394 6608 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
14:49:38.0002 6608 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
14:49:48.0595 6608 \Device\Harddisk0\DR0\TDLFS\socks.dll - copied to quarantine
14:49:49.0141 6608 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
14:49:49.0141 6608 \Device\Harddisk0\DR0 - ok
14:49:49.0141 6608 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
14:49:49.0203 6608 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
14:49:49.0203 6608 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
14:49:49.0468 6608 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
14:49:49.0671 6608 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
14:49:49.0671 6608 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
14:49:49.0765 6608 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
14:49:49.0780 6608 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
14:49:49.0780 6608 \Device\Harddisk0\DR0\TDLFS\socks.dll - copied to quarantine
14:49:49.0780 6608 \Device\Harddisk0\DR0\TDLFS - deleted
14:49:49.0780 6608 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
14:50:09.0062 6376 Deinitialize success

The TDSSKiller log:

14:47:56.0633 8036 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
14:47:57.0257 8036 ============================================================
14:47:57.0257 8036 Current date / time: 2012/05/26 14:47:57.0257
14:47:57.0257 8036 SystemInfo:
14:47:57.0257 8036
14:47:57.0257 8036 OS Version: 6.0.6002 ServicePack: 2.0
14:47:57.0257 8036 Product type: Workstation
14:47:57.0257 8036 ComputerName: KARI-PC
14:47:57.0257 8036 UserName: Rory
14:47:57.0257 8036 Windows directory: C:\Windows
14:47:57.0257 8036 System windows directory: C:\Windows
14:47:57.0257 8036 Processor architecture: Intel x86
14:47:57.0257 8036 Number of processors: 4
14:47:57.0257 8036 Page size: 0x1000
14:47:57.0257 8036 Boot type: Normal boot
14:47:57.0257 8036 ============================================================
14:47:57.0819 8036 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:47:57.0819 8036 ============================================================
14:47:57.0819 8036 \Device\Harddisk0\DR0:
14:47:57.0819 8036 MBR partitions:
14:47:57.0819 8036 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
14:47:57.0819 8036 ============================================================
14:47:57.0835 8036 C: <-> \Device\Harddisk0\DR0\Partition0
14:47:57.0835 8036 ============================================================
14:47:57.0835 8036 Initialize success
14:47:57.0835 8036 ============================================================
14:48:29.0315 2964 ============================================================
14:48:29.0331 2964 Scan started
14:48:29.0331 2964 Mode: Manual; TDLFS;
14:48:29.0331 2964 ============================================================
14:48:30.0220 2964 10667 (34804da52276661c31422b5b98edbeb7) C:\Windows\system32\DRIVERS\10667
14:48:30.0236 2964 10667 - ok
14:48:30.0267 2964 10840 (34804da52276661c31422b5b98edbeb7) C:\Windows\system32\DRIVERS\10840
14:48:30.0267 2964 10840 - ok
14:48:30.0314 2964 29246 (34804da52276661c31422b5b98edbeb7) C:\Windows\system32\DRIVERS\29246
14:48:30.0314 2964 29246 - ok
14:48:30.0470 2964 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
14:48:30.0470 2964 ACDaemon - ok
14:48:30.0485 2964 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:48:30.0485 2964 ACPI - ok
14:48:30.0579 2964 AdobeActiveFileMonitor8.0 (34400005de52842c4d6d4ee978b4d7ce) C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
14:48:30.0579 2964 AdobeActiveFileMonitor8.0 - ok
14:48:30.0673 2964 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:48:30.0673 2964 AdobeFlashPlayerUpdateSvc - ok
14:48:30.0688 2964 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
14:48:30.0704 2964 adp94xx - ok
14:48:30.0719 2964 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
14:48:30.0719 2964 adpahci - ok
14:48:30.0751 2964 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
14:48:30.0751 2964 adpu160m - ok
14:48:30.0766 2964 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
14:48:30.0766 2964 adpu320 - ok
14:48:30.0813 2964 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
14:48:30.0813 2964 AeLookupSvc - ok
14:48:30.0844 2964 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
14:48:30.0844 2964 Afc - ok
14:48:30.0891 2964 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:48:30.0891 2964 AFD - ok
14:48:30.0922 2964 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
14:48:30.0922 2964 agp440 - ok
14:48:30.0938 2964 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:48:30.0938 2964 aic78xx - ok
14:48:30.0969 2964 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
14:48:30.0969 2964 ALG - ok
14:48:30.0985 2964 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
14:48:30.0985 2964 aliide - ok
14:48:31.0000 2964 AMD External Events Utility (62a91789c1165e86196980827fef492e) C:\Windows\system32\atiesrxx.exe
14:48:31.0000 2964 AMD External Events Utility - ok
14:48:31.0031 2964 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
14:48:31.0031 2964 amdagp - ok
14:48:31.0047 2964 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
14:48:31.0047 2964 amdide - ok
14:48:31.0063 2964 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
14:48:31.0063 2964 AmdK7 - ok
14:48:31.0063 2964 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
14:48:31.0063 2964 AmdK8 - ok
14:48:31.0094 2964 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
14:48:31.0094 2964 Appinfo - ok
14:48:31.0312 2964 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:48:31.0312 2964 Apple Mobile Device - ok
14:48:31.0328 2964 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
14:48:31.0328 2964 arc - ok
14:48:31.0343 2964 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
14:48:31.0343 2964 arcsas - ok
14:48:31.0359 2964 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:48:31.0359 2964 AsyncMac - ok
14:48:31.0375 2964 atapi (a779ca2c76da4fcb595e692c05e8e4eb) C:\Windows\system32\drivers\atapi.sys
14:48:31.0375 2964 atapi - ok
14:48:31.0577 2964 atikmdag (fcd4c95b1cb2a7dfbf8df5609c74734a) C:\Windows\system32\DRIVERS\atikmdag.sys
14:48:31.0609 2964 atikmdag - ok
14:48:31.0702 2964 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:48:31.0702 2964 AudioEndpointBuilder - ok
14:48:31.0702 2964 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:48:31.0702 2964 Audiosrv - ok
14:48:31.0749 2964 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:48:31.0749 2964 Beep - ok
14:48:31.0780 2964 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
14:48:31.0780 2964 BFE - ok
14:48:31.0827 2964 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
14:48:31.0827 2964 BITS - ok
14:48:31.0827 2964 blbdrive - ok
14:48:31.0905 2964 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:48:31.0905 2964 Bonjour Service - ok
14:48:31.0952 2964 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:48:31.0952 2964 bowser - ok
14:48:31.0983 2964 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:48:31.0983 2964 BrFiltLo - ok
14:48:31.0999 2964 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:48:32.0014 2964 BrFiltUp - ok
14:48:32.0030 2964 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
14:48:32.0030 2964 Browser - ok
14:48:32.0045 2964 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:48:32.0045 2964 Brserid - ok
14:48:32.0061 2964 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:48:32.0061 2964 BrSerWdm - ok
14:48:32.0077 2964 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:48:32.0077 2964 BrUsbMdm - ok
14:48:32.0092 2964 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:48:32.0092 2964 BrUsbSer - ok
14:48:32.0123 2964 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
14:48:32.0123 2964 BthEnum - ok
14:48:32.0139 2964 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:48:32.0139 2964 BTHMODEM - ok
14:48:32.0155 2964 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
14:48:32.0155 2964 BthPan - ok
14:48:32.0217 2964 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
14:48:32.0217 2964 BTHPORT - ok
14:48:32.0248 2964 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
14:48:32.0248 2964 BthServ - ok
14:48:32.0264 2964 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
14:48:32.0264 2964 BTHUSB - ok
14:48:32.0264 2964 btusbflt - ok
14:48:32.0279 2964 btwaudio (fc23e3a7ae18b02dcc1a34cbef3f80af) C:\Windows\system32\drivers\btwaudio.sys
14:48:32.0279 2964 btwaudio - ok
14:48:32.0295 2964 btwavdt (5e14c92763e51130bfb9a670afd7eddf) C:\Windows\system32\drivers\btwavdt.sys
14:48:32.0295 2964 btwavdt - ok
14:48:32.0311 2964 btwrchid (ac3fd5a3bbfa114098f75b80c4c1f3e7) C:\Windows\system32\DRIVERS\btwrchid.sys
14:48:32.0311 2964 btwrchid - ok
14:48:32.0326 2964 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:48:32.0326 2964 cdfs - ok
14:48:32.0326 2964 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:48:32.0326 2964 cdrom - ok
14:48:32.0342 2964 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:48:32.0342 2964 CertPropSvc - ok
14:48:32.0373 2964 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
14:48:32.0373 2964 circlass - ok
14:48:32.0389 2964 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:48:32.0404 2964 CLFS - ok
14:48:32.0498 2964 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:48:32.0498 2964 clr_optimization_v2.0.50727_32 - ok
14:48:32.0545 2964 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:48:32.0560 2964 clr_optimization_v4.0.30319_32 - ok
14:48:32.0576 2964 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
14:48:32.0576 2964 cmdide - ok
14:48:32.0576 2964 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
14:48:32.0576 2964 Compbatt - ok
14:48:32.0576 2964 COMSysApp - ok
14:48:32.0607 2964 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
14:48:32.0607 2964 crcdisk - ok
14:48:32.0623 2964 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
14:48:32.0623 2964 Crusoe - ok
14:48:32.0654 2964 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
14:48:32.0654 2964 CryptSvc - ok
14:48:32.0685 2964 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:48:32.0685 2964 DcomLaunch - ok
14:48:32.0732 2964 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:48:32.0732 2964 DfsC - ok
14:48:32.0825 2964 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
14:48:32.0857 2964 DFSR - ok
14:48:32.0935 2964 DFUBTUSB (31273c758c6df7fc27b00be78c7220e9) C:\Windows\system32\Drivers\frmupgr.sys
14:48:32.0950 2964 DFUBTUSB - ok
14:48:32.0966 2964 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
14:48:32.0966 2964 Dhcp - ok
14:48:32.0997 2964 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:48:32.0997 2964 disk - ok
14:48:33.0028 2964 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
14:48:33.0028 2964 Dnscache - ok
14:48:33.0044 2964 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
14:48:33.0044 2964 dot3svc - ok
14:48:33.0059 2964 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
14:48:33.0059 2964 DPS - ok
14:48:33.0091 2964 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:48:33.0091 2964 drmkaud - ok
14:48:33.0153 2964 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:48:33.0153 2964 DXGKrnl - ok
14:48:33.0184 2964 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
14:48:33.0184 2964 e1express - ok
14:48:33.0200 2964 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:48:33.0200 2964 E1G60 - ok
14:48:33.0200 2964 EagleNT - ok
14:48:33.0215 2964 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
14:48:33.0215 2964 EapHost - ok
14:48:33.0247 2964 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:48:33.0247 2964 Ecache - ok
14:48:33.0278 2964 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
14:48:33.0278 2964 ehRecvr - ok
14:48:33.0293 2964 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
14:48:33.0293 2964 ehSched - ok
14:48:33.0309 2964 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
14:48:33.0309 2964 ehstart - ok
14:48:33.0325 2964 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
14:48:33.0325 2964 elxstor - ok
14:48:33.0356 2964 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
14:48:33.0356 2964 EMDMgmt - ok
14:48:33.0387 2964 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
14:48:33.0403 2964 EventSystem - ok
14:48:33.0418 2964 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:48:33.0418 2964 exfat - ok
14:48:33.0512 2964 F-Secure Filter (4564a3e6bb0246db88d6281cac25f188) C:\Program Files\Frontier\Security\Anti-Virus\Win2K\FSfilter.sys
14:48:33.0512 2964 F-Secure Filter - ok
14:48:33.0543 2964 F-Secure Gatekeeper (29d12e1e45d93b45d2598e2663bbeff4) C:\Program Files\Frontier\Security\Anti-Virus\minifilter\fsgk.sys
14:48:33.0543 2964 F-Secure Gatekeeper - ok
14:48:33.0559 2964 F-Secure Gatekeeper Handler Starter (0e20090f2d329ff4613625ffd79e94b5) C:\Program Files\Frontier\Security\Anti-Virus\fsgk32st.exe
14:48:33.0559 2964 F-Secure Gatekeeper Handler Starter - ok
14:48:33.0605 2964 F-Secure HIPS (eab491e2f5a02c2f9e32ec2ca58da295) C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys
14:48:33.0605 2964 F-Secure HIPS - ok
14:48:33.0621 2964 F-Secure Recognizer (9f190f367e88f87e691f6b396190e17f) C:\Program Files\Frontier\Security\Anti-Virus\Win2K\FSrec.sys
14:48:33.0621 2964 F-Secure Recognizer - ok
14:48:33.0652 2964 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:48:33.0652 2964 fastfat - ok
14:48:33.0668 2964 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
14:48:33.0668 2964 fdc - ok
14:48:33.0699 2964 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
14:48:33.0699 2964 fdPHost - ok
14:48:33.0715 2964 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
14:48:33.0715 2964 FDResPub - ok
14:48:33.0730 2964 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:48:33.0730 2964 FileInfo - ok
14:48:33.0761 2964 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:48:33.0761 2964 Filetrace - ok
14:48:33.0855 2964 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:48:33.0871 2964 FLEXnet Licensing Service - ok
14:48:33.0886 2964 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
14:48:33.0886 2964 flpydisk - ok
14:48:33.0902 2964 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:48:33.0902 2964 FltMgr - ok
14:48:33.0964 2964 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
14:48:33.0964 2964 FontCache - ok
14:48:34.0027 2964 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:48:34.0027 2964 FontCache3.0.0.0 - ok
14:48:34.0105 2964 Freemake Improver (565619f1b6da86e3c7ba75a1e60ecfcd) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
14:48:34.0105 2964 Freemake Improver - ok
14:48:34.0136 2964 fsbts (1d2de58a837e6909f98ca35103d10739) C:\Windows\system32\Drivers\fsbts.sys
14:48:34.0136 2964 fsbts - ok
14:48:34.0198 2964 FSDFWD (5dab98ee332658747d2386c1e206d39d) C:\Program Files\Frontier\Security\FWES\Program\fsdfwd.exe
14:48:34.0198 2964 FSDFWD - ok
14:48:34.0229 2964 FSES (45d83eb65fc09acfffa5d27053eb9ff3) C:\Windows\system32\drivers\fses.sys
14:48:34.0229 2964 FSES - ok
14:48:34.0245 2964 FSFW (8ecd55ead60a0d018f2026307ba8670e) C:\Windows\system32\drivers\fsdfw.sys
14:48:34.0261 2964 FSFW - ok
14:48:34.0292 2964 FSMA (efc6192c76cd7067958d5dce14ef92df) C:\Program Files\Frontier\Security\Common\FSMA32.EXE
14:48:34.0292 2964 FSMA - ok
14:48:34.0385 2964 FSORSPClient (42aef6a385354aca65fc210ce7ce4d7c) C:\Program Files\Frontier\Security\ORSP Client\fsorsp.exe
14:48:34.0385 2964 FSORSPClient - ok
14:48:34.0432 2964 fsvista (2aeddefc5a89a2abc322a744d1640444) C:\Program Files\Frontier\Security\Anti-Virus\minifilter\fsvista.sys
14:48:34.0432 2964 fsvista - ok
14:48:34.0479 2964 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
14:48:34.0479 2964 Fs_Rec - ok
14:48:34.0510 2964 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
14:48:34.0510 2964 gagp30kx - ok
14:48:34.0510 2964 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:48:34.0510 2964 GEARAspiWDM - ok
14:48:34.0541 2964 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
14:48:34.0557 2964 gpsvc - ok
14:48:34.0619 2964 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
14:48:34.0619 2964 gupdate - ok
14:48:34.0619 2964 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
14:48:34.0619 2964 gupdatem - ok
14:48:34.0635 2964 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:48:34.0635 2964 gusvc - ok
14:48:34.0666 2964 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
14:48:34.0666 2964 HdAudAddService - ok
14:48:34.0713 2964 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:48:34.0713 2964 HDAudBus - ok
14:48:34.0729 2964 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:48:34.0729 2964 HidBth - ok
14:48:34.0760 2964 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:48:34.0760 2964 HidIr - ok
14:48:34.0775 2964 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
14:48:34.0775 2964 hidserv - ok
14:48:34.0807 2964 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:48:34.0807 2964 HidUsb - ok
14:48:34.0822 2964 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
14:48:34.0822 2964 hkmsvc - ok
14:48:34.0838 2964 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
14:48:34.0853 2964 HpCISSs - ok
14:48:34.0885 2964 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
14:48:34.0885 2964 HSF_DPV - ok
14:48:34.0916 2964 HSXHWBS2 (5f60f0ad32d43b9ab9ac9373117d8e54) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
14:48:34.0916 2964 HSXHWBS2 - ok
14:48:34.0931 2964 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
14:48:34.0947 2964 HTTP - ok
14:48:34.0963 2964 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
14:48:34.0963 2964 i2omp - ok
14:48:34.0978 2964 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:48:34.0978 2964 i8042prt - ok
14:48:34.0994 2964 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
14:48:35.0009 2964 iaStorV - ok
14:48:35.0103 2964 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:48:35.0119 2964 IDriverT - ok
14:48:35.0197 2964 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:48:35.0212 2964 idsvc - ok
14:48:35.0259 2964 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:48:35.0275 2964 iirsp - ok
14:48:35.0290 2964 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
14:48:35.0306 2964 IKEEXT - ok
14:48:35.0321 2964 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
14:48:35.0321 2964 intelide - ok
14:48:35.0337 2964 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:48:35.0337 2964 intelppm - ok
14:48:35.0353 2964 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
14:48:35.0368 2964 IPBusEnum - ok
14:48:35.0384 2964 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:48:35.0384 2964 IpFilterDriver - ok
14:48:35.0431 2964 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
14:48:35.0431 2964 iphlpsvc - ok
14:48:35.0431 2964 IpInIp - ok
14:48:35.0493 2964 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
14:48:35.0509 2964 IPMIDRV - ok
14:48:35.0524 2964 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:48:35.0524 2964 IPNAT - ok
14:48:35.0680 2964 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
14:48:35.0680 2964 iPod Service - ok
14:48:35.0743 2964 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:48:35.0743 2964 IRENUM - ok
14:48:35.0774 2964 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
14:48:35.0774 2964 isapnp - ok
14:48:35.0805 2964 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:48:35.0805 2964 iScsiPrt - ok
14:48:35.0821 2964 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:48:35.0821 2964 iteatapi - ok
14:48:35.0836 2964 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:48:35.0836 2964 iteraid - ok
14:48:35.0852 2964 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:48:35.0852 2964 kbdclass - ok
14:48:35.0867 2964 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
14:48:35.0867 2964 kbdhid - ok
14:48:35.0899 2964 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:48:35.0914 2964 KeyIso - ok
14:48:36.0055 2964 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
14:48:36.0055 2964 KSecDD - ok
14:48:36.0086 2964 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
14:48:36.0086 2964 KtmRm - ok
14:48:36.0133 2964 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
14:48:36.0133 2964 LanmanServer - ok
14:48:36.0164 2964 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
14:48:36.0164 2964 LanmanWorkstation - ok
14:48:36.0195 2964 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:48:36.0195 2964 lltdio - ok
14:48:36.0226 2964 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
14:48:36.0226 2964 lltdsvc - ok
14:48:36.0257 2964 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
14:48:36.0257 2964 lmhosts - ok
14:48:36.0273 2964 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
14:48:36.0273 2964 LSI_FC - ok
14:48:36.0289 2964 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
14:48:36.0289 2964 LSI_SAS - ok
14:48:36.0304 2964 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
14:48:36.0304 2964 LSI_SCSI - ok
14:48:36.0320 2964 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:48:36.0320 2964 luafv - ok
14:48:36.0351 2964 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
14:48:36.0351 2964 Mcx2Svc - ok
14:48:36.0382 2964 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:48:36.0382 2964 mdmxsdk - ok
14:48:36.0413 2964 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
14:48:36.0413 2964 megasas - ok
14:48:36.0445 2964 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:48:36.0445 2964 MMCSS - ok
14:48:36.0460 2964 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:48:36.0460 2964 Modem - ok
14:48:36.0460 2964 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:48:36.0476 2964 monitor - ok
14:48:36.0491 2964 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:48:36.0491 2964 mouclass - ok
14:48:36.0507 2964 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:48:36.0507 2964 mouhid - ok
14:48:36.0507 2964 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:48:36.0507 2964 MountMgr - ok
14:48:36.0554 2964 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:48:36.0554 2964 MozillaMaintenance - ok
14:48:36.0585 2964 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
14:48:36.0585 2964 mpio - ok
14:48:36.0663 2964 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:48:36.0663 2964 mpsdrv - ok
14:48:36.0788 2964 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
14:48:36.0788 2964 MpsSvc - ok
14:48:36.0819 2964 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:48:36.0819 2964 Mraid35x - ok
14:48:36.0850 2964 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:48:36.0850 2964 MRxDAV - ok
14:48:36.0881 2964 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:48:36.0881 2964 mrxsmb - ok
14:48:36.0913 2964 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:48:36.0913 2964 mrxsmb10 - ok
14:48:36.0913 2964 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:48:36.0913 2964 mrxsmb20 - ok
14:48:36.0944 2964 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
14:48:36.0944 2964 msahci - ok
14:48:37.0100 2964 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
14:48:37.0100 2964 msdsm - ok
14:48:37.0349 2964 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
14:48:37.0396 2964 MSDTC - ok
14:48:37.0427 2964 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:48:37.0427 2964 Msfs - ok
14:48:37.0427 2964 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:48:37.0427 2964 msisadrv - ok
14:48:37.0474 2964 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
14:48:37.0474 2964 MSiSCSI - ok
14:48:37.0474 2964 msiserver - ok
14:48:37.0490 2964 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:48:37.0490 2964 MSKSSRV - ok
14:48:37.0521 2964 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:48:37.0521 2964 MSPCLOCK - ok
14:48:37.0521 2964 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:48:37.0537 2964 MSPQM - ok
14:48:37.0552 2964 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:48:37.0552 2964 MsRPC - ok
14:48:37.0552 2964 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:48:37.0552 2964 mssmbios - ok
14:48:37.0568 2964 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:48:37.0568 2964 MSTEE - ok
14:48:37.0615 2964 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:48:37.0615 2964 Mup - ok
14:48:37.0630 2964 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
14:48:37.0646 2964 napagent - ok
14:48:37.0677 2964 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:48:37.0677 2964 NativeWifiP - ok
14:48:37.0817 2964 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:48:37.0817 2964 NDIS - ok
14:48:37.0817 2964 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:48:37.0817 2964 NdisTapi - ok
14:48:37.0833 2964 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:48:37.0849 2964 Ndisuio - ok
14:48:37.0864 2964 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:48:37.0880 2964 NdisWan - ok
14:48:37.0880 2964 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:48:37.0880 2964 NDProxy - ok
14:48:37.0880 2964 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:48:37.0880 2964 NetBIOS - ok
14:48:37.0895 2964 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:48:37.0895 2964 netbt - ok
14:48:37.0927 2964 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:48:37.0927 2964 Netlogon - ok
14:48:38.0223 2964 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
14:48:38.0223 2964 Netman - ok
14:48:38.0301 2964 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
14:48:38.0301 2964 netprofm - ok
14:48:38.0363 2964 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:48:38.0363 2964 NetTcpPortSharing - ok
14:48:38.0395 2964 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:48:38.0395 2964 nfrd960 - ok
14:48:38.0426 2964 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
14:48:38.0426 2964 NlaSvc - ok
14:48:38.0457 2964 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:48:38.0457 2964 Npfs - ok
14:48:38.0473 2964 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
14:48:38.0473 2964 nsi - ok
14:48:38.0488 2964 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:48:38.0488 2964 nsiproxy - ok
14:48:38.0582 2964 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:48:38.0597 2964 Ntfs - ok
14:48:38.0613 2964 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:48:38.0613 2964 ntrigdigi - ok
14:48:38.0629 2964 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:48:38.0629 2964 Null - ok
14:48:38.0660 2964 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
14:48:38.0660 2964 nvraid - ok
14:48:38.0675 2964 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
14:48:38.0675 2964 nvstor - ok
14:48:38.0707 2964 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
14:48:38.0707 2964 nv_agp - ok
14:48:38.0707 2964 NwlnkFlt - ok
14:48:38.0722 2964 NwlnkFwd - ok
14:48:38.0738 2964 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
14:48:38.0738 2964 ohci1394 - ok
14:48:38.0738 2964 OMCI - ok
14:48:38.0785 2964 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:48:38.0800 2964 p2pimsvc - ok
14:48:38.0800 2964 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:48:38.0800 2964 p2psvc - ok
14:48:38.0956 2964 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:48:38.0956 2964 Parport - ok
14:48:39.0081 2964 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
14:48:39.0081 2964 partmgr - ok
14:48:39.0143 2964 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:48:39.0143 2964 Parvdm - ok
14:48:39.0253 2964 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
14:48:39.0253 2964 PcaSvc - ok
14:48:39.0596 2964 PCD5SRVC{3F6A8B78-EC003E00-05040104} (42ede7d217325ff56cb8a9983cd7f73b) C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms
14:48:39.0643 2964 PCD5SRVC{3F6A8B78-EC003E00-05040104} - ok
14:48:39.0705 2964 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:48:39.0705 2964 pci - ok
14:48:39.0721 2964 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys
14:48:39.0721 2964 pciide - ok
14:48:39.0752 2964 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:48:39.0752 2964 pcmcia - ok
14:48:39.0877 2964 PCToolsSSDMonitorSvc (e6e503845208a148a9e3e7faa63b97a4) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
14:48:39.0877 2964 PCToolsSSDMonitorSvc - ok
14:48:40.0610 2964 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:48:40.0641 2964 PEAUTH - ok
14:48:40.0657 2964 pfc - ok
14:48:40.0891 2964 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
14:48:40.0922 2964 pla - ok
14:48:41.0608 2964 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
14:48:41.0624 2964 PlugPlay - ok
14:48:41.0655 2964 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:48:41.0671 2964 PNRPAutoReg - ok
14:48:41.0671 2964 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:48:41.0686 2964 PNRPsvc - ok
14:48:41.0702 2964 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
14:48:41.0717 2964 PolicyAgent - ok
14:48:41.0749 2964 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:48:41.0764 2964 PptpMiniport - ok
14:48:41.0780 2964 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
14:48:41.0780 2964 Processor - ok
14:48:41.0811 2964 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
14:48:41.0811 2964 ProfSvc - ok
14:48:41.0858 2964 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:48:41.0858 2964 ProtectedStorage - ok
14:48:41.0889 2964 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:48:41.0889 2964 PSched - ok
14:48:41.0983 2964 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
14:48:41.0998 2964 PxHelp20 - ok
14:48:42.0045 2964 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
14:48:42.0045 2964 ql2300 - ok
14:48:42.0092 2964 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:48:42.0107 2964 ql40xx - ok
14:48:42.0139 2964 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
14:48:42.0139 2964 QWAVE - ok
14:48:42.0154 2964 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:48:42.0154 2964 QWAVEdrv - ok
14:48:42.0154 2964 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:48:42.0154 2964 RasAcd - ok
14:48:42.0185 2964 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
14:48:42.0185 2964 RasAuto - ok
14:48:42.0201 2964 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:48:42.0201 2964 Rasl2tp - ok
14:48:42.0217 2964 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
14:48:42.0232 2964 RasMan - ok
14:48:42.0232 2964 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:48:42.0232 2964 RasPppoe - ok
14:48:42.0248 2964 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:48:42.0248 2964 RasSstp - ok
14:48:42.0263 2964 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:48:42.0263 2964 rdbss - ok
14:48:42.0279 2964 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:48:42.0279 2964 RDPCDD - ok
14:48:42.0295 2964 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
14:48:42.0295 2964 rdpdr - ok
14:48:42.0310 2964 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:48:42.0326 2964 RDPENCDD - ok
14:48:42.0357 2964 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
14:48:42.0373 2964 RDPWD - ok
14:48:42.0404 2964 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
14:48:42.0404 2964 RemoteAccess - ok
14:48:42.0435 2964 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
14:48:42.0435 2964 RemoteRegistry - ok
14:48:42.0451 2964 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
14:48:42.0451 2964 RFCOMM - ok
14:48:42.0482 2964 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
14:48:42.0482 2964 RpcLocator - ok
14:48:42.0544 2964 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:48:42.0544 2964 RpcSs - ok
14:48:42.0575 2964 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:48:42.0575 2964 rspndr - ok
14:48:42.0591 2964 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:48:42.0607 2964 SamSs - ok
14:48:42.0622 2964 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:48:42.0622 2964 sbp2port - ok
14:48:42.0653 2964 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
14:48:42.0653 2964 SCardSvr - ok
14:48:42.0700 2964 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
14:48:42.0700 2964 Schedule - ok
14:48:42.0716 2964 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:48:42.0716 2964 SCPolicySvc - ok
14:48:42.0763 2964 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
14:48:42.0778 2964 SDRSVC - ok
14:48:42.0794 2964 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:48:42.0794 2964 secdrv - ok
14:48:42.0809 2964 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
14:48:42.0809 2964 seclogon - ok
14:48:42.0841 2964 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
14:48:42.0841 2964 SENS - ok
14:48:42.0872 2964 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:48:42.0872 2964 Serenum - ok
14:48:42.0903 2964 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:48:42.0903 2964 Serial - ok
14:48:42.0919 2964 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:48:42.0919 2964 sermouse - ok
14:48:42.0950 2964 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
14:48:42.0950 2964 SessionEnv - ok
14:48:42.0965 2964 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
14:48:42.0965 2964 sffdisk - ok
14:48:42.0981 2964 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
14:48:42.0981 2964 sffp_mmc - ok
14:48:42.0981 2964 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
14:48:42.0981 2964 sffp_sd - ok
14:48:42.0997 2964 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:48:42.0997 2964 sfloppy - ok
14:48:43.0028 2964 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
14:48:43.0043 2964 SharedAccess - ok
14:48:43.0075 2964 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
14:48:43.0075 2964 ShellHWDetection - ok
14:48:43.0106 2964 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
14:48:43.0106 2964 sisagp - ok
14:48:43.0121 2964 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
14:48:43.0121 2964 SiSRaid2 - ok
14:48:43.0137 2964 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
14:48:43.0137 2964 SiSRaid4 - ok
14:48:43.0652 2964 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
14:48:43.0699 2964 slsvc - ok
14:48:43.0901 2964 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
14:48:43.0901 2964 SLUINotify - ok
14:48:43.0948 2964 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:48:43.0948 2964 Smb - ok
14:48:43.0979 2964 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
14:48:43.0979 2964 SNMPTRAP - ok
14:48:43.0995 2964 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:48:43.0995 2964 spldr - ok
14:48:44.0026 2964 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
14:48:44.0026 2964 Spooler - ok
14:48:44.0229 2964 sprtsvc_DellSupportCenter (777115c9cc675bd98127660712d2f784) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
14:48:44.0229 2964 sprtsvc_DellSupportCenter - ok
14:48:44.0276 2964 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:48:44.0291 2964 srv - ok
14:48:44.0307 2964 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:48:44.0323 2964 srv2 - ok
14:48:44.0323 2964 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:48:44.0323 2964 srvnet - ok
14:48:44.0354 2964 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
14:48:44.0354 2964 SSDPSRV - ok
14:48:44.0369 2964 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
14:48:44.0369 2964 SstpSvc - ok
14:48:44.0385 2964 STacSV (b218068eba6f46f102b4218bdb81be0b) C:\Windows\system32\STacSV.exe
14:48:44.0401 2964 STacSV - ok
14:48:44.0416 2964 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys
14:48:44.0432 2964 STHDA - ok
14:48:44.0463 2964 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
14:48:44.0463 2964 stisvc - ok
14:48:44.0650 2964 stllssvr (7489520e98a119b5a9a00857f4f87d16) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
14:48:44.0666 2964 stllssvr - ok
14:48:44.0681 2964 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:48:44.0681 2964 swenum - ok
14:48:44.0713 2964 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
14:48:44.0713 2964 swprv - ok
14:48:44.0744 2964 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:48:44.0744 2964 Symc8xx - ok
14:48:44.0759 2964 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:48:44.0759 2964 Sym_hi - ok
14:48:44.0775 2964 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:48:44.0775 2964 Sym_u3 - ok
14:48:44.0806 2964 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
14:48:44.0822 2964 SysMain - ok
14:48:44.0837 2964 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
14:48:44.0837 2964 TabletInputService - ok
14:48:45.0992 2964 TabletServicePen (c9d5fa17200768ef92538f1f95735a2e) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
14:48:46.0007 2964 TabletServicePen - ok
14:48:46.0741 2964 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
14:48:46.0741 2964 TapiSrv - ok
14:48:46.0772 2964 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
14:48:46.0772 2964 TBS - ok
14:48:46.0959 2964 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
14:48:46.0975 2964 Tcpip - ok
14:48:46.0990 2964 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
14:48:46.0990 2964 Tcpip6 - ok
14:48:47.0084 2964 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
14:48:47.0162 2964 tcpipreg - ok
14:48:47.0193 2964 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:48:47.0193 2964 TDPIPE - ok
14:48:47.0209 2964 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:48:47.0209 2964 TDTCP - ok
14:48:47.0224 2964 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:48:47.0224 2964 tdx - ok
14:48:47.0240 2964 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:48:47.0240 2964 TermDD - ok
14:48:47.0287 2964 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
14:48:47.0318 2964 TermService - ok
14:48:47.0365 2964 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
14:48:47.0365 2964 Themes - ok
14:48:47.0396 2964 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:48:47.0411 2964 THREADORDER - ok
14:48:47.0708 2964 TouchServicePen (8d83c60de67c2db212452d8ebe7ca196) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
14:48:47.0708 2964 TouchServicePen - ok
14:48:47.0739 2964 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
14:48:47.0739 2964 TrkWks - ok
14:48:47.0770 2964 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
14:48:47.0770 2964 TrustedInstaller - ok
14:48:47.0833 2964 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:48:47.0833 2964 tssecsrv - ok
14:48:47.0895 2964 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:48:47.0895 2964 tunmp - ok
14:48:47.0895 2964 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:48:47.0895 2964 tunnel - ok
14:48:47.0942 2964 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
14:48:47.0942 2964 uagp35 - ok
14:48:47.0957 2964 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:48:47.0957 2964 udfs - ok
14:48:47.0989 2964 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
14:48:47.0989 2964 UI0Detect - ok
14:48:48.0004 2964 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
14:48:48.0004 2964 uliagpkx - ok
14:48:48.0035 2964 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
14:48:48.0035 2964 uliahci - ok
14:48:48.0067 2964 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:48:48.0067 2964 UlSata - ok
14:48:48.0082 2964 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:48:48.0082 2964 ulsata2 - ok
14:48:48.0098 2964 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:48:48.0098 2964 umbus - ok
14:48:48.0129 2964 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
14:48:48.0129 2964 upnphost - ok
14:48:48.0176 2964 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
14:48:48.0176 2964 USBAAPL - ok
14:48:48.0285 2964 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:48:48.0285 2964 usbccgp - ok
14:48:48.0301 2964 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:48:48.0316 2964 usbcir - ok
14:48:48.0332 2964 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:48:48.0332 2964 usbehci - ok
14:48:48.0347 2964 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:48:48.0347 2964 usbhub - ok
14:48:48.0379 2964 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
14:48:48.0379 2964 usbohci - ok
14:48:48.0394 2964 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:48:48.0394 2964 usbprint - ok
14:48:48.0425 2964 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
14:48:48.0425 2964 usbscan - ok
14:48:48.0425 2964 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:48:48.0425 2964 USBSTOR - ok
14:48:48.0457 2964 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:48:48.0457 2964 usbuhci - ok
14:48:48.0472 2964 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
14:48:48.0472 2964 UxSms - ok
14:48:48.0488 2964 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
14:48:48.0503 2964 vds - ok
14:48:48.0519 2964 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
14:48:48.0519 2964 vga - ok
14:48:48.0535 2964 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:48:48.0535 2964 VgaSave - ok
14:48:48.0566 2964 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
14:48:48.0566 2964 viaagp - ok
14:48:48.0581 2964 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
14:48:48.0581 2964 ViaC7 - ok
14:48:48.0597 2964 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
14:48:48.0613 2964 viaide - ok
14:48:48.0628 2964 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:48:48.0628 2964 volmgr - ok
14:48:48.0659 2964 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:48:48.0659 2964 volmgrx - ok
14:48:48.0675 2964 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:48:48.0675 2964 volsnap - ok
14:48:48.0706 2964 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
14:48:48.0706 2964 vsmraid - ok
14:48:49.0003 2964 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
14:48:49.0018 2964 VSS - ok
14:48:49.0533 2964 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS
14:48:49.0564 2964 VSTHWBS2 - ok
14:48:49.0736 2964 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
14:48:49.0751 2964 VST_DPV - ok
14:48:49.0798 2964 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
14:48:49.0798 2964 W32Time - ok
14:48:49.0814 2964 wacmoumonitor (f24ee97511fb901189e11cbbd51605ba) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
14:48:49.0814 2964 wacmoumonitor - ok
14:48:49.0845 2964 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
14:48:49.0845 2964 wacommousefilter - ok
14:48:49.0876 2964 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:48:49.0876 2964 WacomPen - ok
14:48:49.0892 2964 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
14:48:49.0892 2964 wacomvhid - ok
14:48:49.0907 2964 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:48:49.0907 2964 Wanarp - ok
14:48:49.0907 2964 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:48:49.0907 2964 Wanarpv6 - ok
14:48:49.0939 2964 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
14:48:50.0001 2964 wcncsvc - ok
14:48:50.0017 2964 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
14:48:50.0017 2964 WcsPlugInService - ok
14:48:50.0048 2964 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
14:48:50.0048 2964 Wd - ok
14:48:50.0079 2964 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:48:50.0079 2964 Wdf01000 - ok
14:48:50.0110 2964 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:48:50.0110 2964 WdiServiceHost - ok
14:48:50.0110 2964 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:48:50.0110 2964 WdiSystemHost - ok
14:48:50.0141 2964 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
14:48:50.0141 2964 WebClient - ok
14:48:50.0173 2964 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
14:48:50.0188 2964 Wecsvc - ok
14:48:50.0188 2964 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
14:48:50.0188 2964 wercplsupport - ok
14:48:50.0204 2964 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
14:48:50.0219 2964 WerSvc - ok
14:48:50.0251 2964 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
14:48:50.0251 2964 winachsf - ok
14:48:50.0765 2964 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
14:48:50.0781 2964 WinDefend - ok
14:48:50.0781 2964 WinHttpAutoProxySvc - ok
14:48:50.0828 2964 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
14:48:50.0828 2964 Winmgmt - ok
14:48:51.0031 2964 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
14:48:51.0062 2964 WinRM - ok
14:48:51.0124 2964 WinUsb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
14:48:51.0124 2964 WinUsb - ok
14:48:51.0171 2964 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
14:48:51.0187 2964 Wlansvc - ok
14:48:51.0202 2964 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
14:48:51.0202 2964 WmiAcpi - ok
14:48:51.0249 2964 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
14:48:51.0249 2964 wmiApSrv - ok
14:48:51.0452 2964 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:48:51.0452 2964 WMPNetworkSvc - ok
14:48:51.0483 2964 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
14:48:51.0483 2964 WPCSvc - ok
14:48:51.0530 2964 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
14:48:51.0545 2964 WPDBusEnum - ok
14:48:51.0577 2964 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
14:48:51.0577 2964 WpdUsb - ok
14:48:51.0733 2964 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:48:51.0748 2964 WPFFontCache_v0400 - ok
14:48:51.0764 2964 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:48:51.0764 2964 ws2ifsl - ok
14:48:51.0779 2964 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
14:48:51.0795 2964 wscsvc - ok
14:48:51.0795 2964 WSearch - ok
14:48:51.0889 2964 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
14:48:51.0951 2964 wuauserv - ok
14:48:52.0076 2964 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:48:52.0076 2964 WUDFRd - ok
14:48:52.0107 2964 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
14:48:52.0107 2964 wudfsvc - ok
14:48:52.0123 2964 XAudio (e3fcf2870b5d7979b3bf10e98a71c847) C:\Windows\system32\DRIVERS\xaudio.sys
14:48:52.0123 2964 XAudio - ok
14:48:52.0154 2964 XAudioService (96db5621857e1fddd1aa60733748bf17) C:\Windows\system32\DRIVERS\xaudio.exe
14:48:52.0154 2964 XAudioService - ok
14:48:52.0169 2964 MBR (0x1B8) (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0
14:48:52.0201 2964 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
14:48:52.0201 2964 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
14:48:52.0232 2964 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:48:52.0232 2964 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:48:52.0247 2964 Boot (0x1200) (9db5b8db800607043532272758fdd40e) \Device\Harddisk0\DR0\Partition0
14:48:52.0263 2964 \Device\Harddisk0\DR0\Partition0 - ok
14:48:52.0263 2964 ============================================================
14:48:52.0263 2964 Scan finished
14:48:52.0263 2964 ============================================================
14:48:52.0263 6608 Detected object count: 2
14:48:52.0263 6608 Actual detected object count: 2
14:49:36.0676 6608 \Device\Harddisk0\DR0\# - copied to quarantine
14:49:36.0692 6608 \Device\Harddisk0\DR0 - copied to quarantine
14:49:36.0692 6608 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
14:49:36.0692 6608 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
14:49:36.0739 6608 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
14:49:36.0739 6608 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
14:49:36.0739 6608 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
14:49:36.0739 6608 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
14:49:37.0269 6608 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
14:49:37.0394 6608 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
14:49:38.0002 6608 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
14:49:48.0595 6608 \Device\Harddisk0\DR0\TDLFS\socks.dll - copied to quarantine
14:49:49.0141 6608 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
14:49:49.0141 6608 \Device\Harddisk0\DR0 - ok
14:49:49.0141 6608 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
14:49:49.0203 6608 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
14:49:49.0203 6608 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
14:49:49.0468 6608 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
14:49:49.0671 6608 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
14:49:49.0671 6608 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
14:49:49.0765 6608 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
14:49:49.0780 6608 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
14:49:49.0780 6608 \Device\Harddisk0\DR0\TDLFS\socks.dll - copied to quarantine
14:49:49.0780 6608 \Device\Harddisk0\DR0\TDLFS - deleted
14:49:49.0780 6608 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
14:50:09.0062 6376 Deinitialize success

#4 cokiju

cokiju
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 26 May 2012 - 08:16 PM

Combo Fix log:

ComboFix 12-05-26.02 - Rory 05/26/2012 15:15:55.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.2105 [GMT -7:00]
Running from: c:\users\Rory\Desktop\ComboFix.exe
AV: Core Security 9.13 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: Core Security 9.13 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\program files\Shop to Win 11
c:\program files\Shop to Win 11\settings.xml
c:\program files\Shop to Win 11\version.txt
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\uninstall.dat
c:\users\Public\sdelevURL.tmp
c:\users\Rory\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH342C.tmp
c:\users\Rory\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH8E96.tmp
c:\users\Rory\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHCC25.tmp
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
F:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-26 to 2012-05-26 )))))))))))))))))))))))))))))))
.
.
2012-05-26 22:26 . 2012-05-26 22:26 -------- d-----w- c:\users\Justin(25)\AppData\Local\temp
2012-05-26 22:26 . 2012-05-26 22:26 -------- d-----w- c:\users\Justin B\AppData\Local\temp
2012-05-26 22:25 . 2012-05-26 22:25 -------- d-----w- c:\users\Josie\AppData\Local\temp
2012-05-26 22:25 . 2012-05-26 22:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-26 22:25 . 2012-05-26 22:25 -------- d-----w- c:\users\Cody\AppData\Local\temp
2012-05-26 22:25 . 2012-05-26 22:25 -------- d-----w- c:\users\Kimberly\AppData\Local\temp
2012-05-26 21:49 . 2012-05-26 21:49 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-25 23:06 . 2012-05-25 23:06 -------- d-----w- c:\users\Rory\AppData\Roaming\com.adobe.example.DubTurbo2.2C5EA5ABC1DEB308D2835FE19E22900BCCA96951.1
2012-05-21 19:58 . 2012-05-21 19:58 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-21 19:57 . 2012-05-21 19:57 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-05-21 19:57 . 2012-05-21 19:57 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2012-05-21 01:15 . 2012-05-21 01:27 -------- d-----w- c:\program files\ASIO4ALL v2
2012-05-21 00:53 . 2009-09-05 00:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-05-20 22:15 . 2012-05-20 22:17 -------- d-----w- c:\program files\DubTurbo2
2012-05-14 07:07 . 2012-05-14 07:13 -------- d-----w- c:\users\Public\Family History Records
2012-05-12 18:51 . 2012-05-12 18:51 -------- d-----w- c:\users\Justin B\AppData\Roaming\com.adobe.example.DubTurbo2.2C5EA5ABC1DEB308D2835FE19E22900BCCA96951.1
2012-05-12 17:41 . 2012-05-12 17:41 -------- d-----w- c:\users\Cody\AppData\Roaming\com.adobe.example.DubTurbo2.2C5EA5ABC1DEB308D2835FE19E22900BCCA96951.1
2012-05-12 17:18 . 2012-05-12 17:18 -------- d-----w- c:\users\Cody\AppData\Local\WinZip
2012-05-10 00:01 . 2012-02-01 15:11 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 00:01 . 2012-02-01 15:10 983040 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 00:01 . 2012-02-01 15:10 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 00:01 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 00:01 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-05-10 00:01 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe
2012-05-10 00:01 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 00:01 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 00:01 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 00:01 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-10 00:01 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 00:00 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 00:00 . 2012-03-30 12:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-09 17:21 . 2011-06-08 15:35 44184 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-05-06 03:21 . 2012-04-10 17:51 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-06 03:21 . 2012-04-10 17:51 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-10 18:32 . 2010-10-29 05:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-21 14:47 . 2012-03-21 14:47 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-21 14:47 . 2012-03-21 14:47 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-21 14:47 . 2012-03-21 14:47 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-21 14:47 . 2012-03-21 14:47 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-21 14:47 . 2012-03-21 14:47 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-21 14:47 . 2012-03-21 14:47 367104 ----a-w- c:\windows\system32\html.iec
2012-03-21 14:47 . 2012-03-21 14:47 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-21 14:47 . 2012-03-21 14:47 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-21 14:47 . 2012-03-21 14:47 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-21 14:47 . 2012-03-21 14:47 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-21 14:47 . 2012-03-21 14:47 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-21 14:47 . 2012-03-21 14:47 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-21 14:47 . 2012-03-21 14:47 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-21 14:47 . 2012-03-21 14:47 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-21 14:47 . 2012-03-21 14:47 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-21 14:47 . 2012-03-21 14:47 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-21 14:47 . 2012-03-21 14:47 101888 ----a-w- c:\windows\system32\admparse.dll
2012-03-21 14:47 . 2012-03-21 14:47 98816 ----a-w- c:\windows\system32\mfps.dll
2012-03-21 14:47 . 2012-03-21 14:47 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-03-21 14:47 . 2012-03-21 14:47 586240 ----a-w- c:\windows\system32\stobject.dll
2012-03-21 14:47 . 2012-03-21 14:47 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-03-21 14:47 . 2012-03-21 14:47 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-03-21 14:47 . 2012-03-21 14:47 2873344 ----a-w- c:\windows\system32\mf.dll
2012-03-21 14:47 . 2012-03-21 14:47 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-03-21 14:47 . 2012-03-21 14:47 209920 ----a-w- c:\windows\system32\mfplat.dll
2012-03-21 14:47 . 2012-03-21 14:47 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-03-21 14:47 . 2012-03-21 14:47 847360 ----a-w- c:\windows\system32\OpcServices.dll
2012-03-21 14:47 . 2012-03-21 14:47 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-03-21 14:47 . 2012-03-21 14:47 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-03-21 14:47 . 2012-03-21 14:47 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-03-21 14:47 . 2012-03-21 14:47 478720 ----a-w- c:\windows\system32\dxgi.dll
2012-03-21 14:47 . 2012-03-21 14:47 37376 ----a-w- c:\windows\system32\cdd.dll
2012-03-21 14:47 . 2012-03-21 14:47 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-03-21 14:47 . 2012-03-21 14:47 258048 ----a-w- c:\windows\system32\winspool.drv
2012-03-21 14:47 . 2012-03-21 14:47 189952 ----a-w- c:\windows\system32\d3d10core.dll
2012-03-21 14:47 . 2012-03-21 14:47 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2012-03-21 14:47 . 2012-03-21 14:47 1029120 ----a-w- c:\windows\system32\d3d10.dll
2012-02-29 15:11 . 2012-04-12 10:03 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2012-04-12 10:03 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09 . 2012-04-12 10:03 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32 . 2012-04-12 10:03 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18 . 2012-04-12 10:03 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-12 10:03 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 10:03 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-12 10:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-21 01:19 . 2012-04-26 01:13 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-13 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-25 98304]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-30 206064]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-05-07 405504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-08 1394000]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-16 479232]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 104408]
"F-Secure Manager"="c:\program files\Frontier\Security\Common\FSM32.EXE" [2010-04-07 199344]
"F-Secure TNB"="c:\program files\Frontier\Security\FSGUI\TNBUtil.exe" [2010-04-07 1653424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Kimberly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\users\Rory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2010-5-30 344064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-1-4 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-13 715568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
R3 10667;10667;c:\windows\system32\DRIVERS\10667 [2011-03-03 9072]
R3 10840;10840;c:\windows\system32\DRIVERS\10840 [2010-12-12 9072]
R3 29246;29246;c:\windows\system32\DRIVERS\29246 [2010-11-28 9072]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 03:21]
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 02:59]
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 02:59]
.
2012-05-26 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-03-29 15:46]
.
2012-05-26 c:\windows\Tasks\User_Feed_Synchronization-{0A342642-EDCE-4AFF-906F-FF4E391F1595}.job
- c:\windows\system32\msfeedssync.exe [2012-03-21 14:47]
.
2012-05-26 c:\windows\Tasks\User_Feed_Synchronization-{47908029-A6FD-4652-B755-79B09E539E18}.job
- c:\windows\system32\msfeedssync.exe [2012-03-21 14:47]
.
2012-05-26 c:\windows\Tasks\User_Feed_Synchronization-{693869A9-88FC-49A8-8B48-8A6798D7514B}.job
- c:\windows\system32\msfeedssync.exe [2012-03-21 14:47]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\program files\Frontier\Security\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 192.168.254.254
FF - ProfilePath - c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z002&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z002&form=ZGAADF&q=
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-eMusic Download Manager - c:\users\Kari\eMusic Download Manager\uninst.exe
AddRemove-RumbleFighter - c:\users\Cody\RumbleFighter\uninstall.exe
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-26 15:27
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\10667]
"ImagePath"="System32\DRIVERS\10667"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\10840]
"ImagePath"="System32\DRIVERS\10840"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\29246]
"ImagePath"="System32\DRIVERS\29246"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-05-26 15:30:56
ComboFix-quarantined-files.txt 2012-05-26 22:30
.
Pre-Run: 313,983,500,288 bytes free
Post-Run: 349,502,332,928 bytes free
.
- - End Of File - - 1AA577EFB89C150433CF77BD0453395B

#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:17 PM

Posted 26 May 2012 - 08:43 PM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/index.php?app=forums&module=post&section=post&do=reply_post&f=22&t=454890

Driver::
10667
10840
29246

Collect::
c:\windows\system32\DRIVERS\10667 
c:\windows\system32\DRIVERS\10840 
c:\windows\system32\DRIVERS\29246 

NetSvc::
10667
10840
29246

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.


NEXT



  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 cokiju

cokiju
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 27 May 2012 - 01:41 AM

***Panic!***
After I ran ComboFix and the computer rebooted, I can not open anything at all on my desktop. I get an error message that reads "Illegal operation attempted on a registry key that has been marked for deletion". I had to switch users and log in as my son to get back on the internet.

Here is the log from ComboFix:

ComboFix 12-05-26.02 - Rory 05/26/2012 22:55:08.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.2317 [GMT -7:00]
Running from: c:\users\Rory\Desktop\ComboFix.exe
Command switches used :: c:\users\Rory\Desktop\CFScript.txt
AV: Core Security 9.13 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: Core Security 9.13 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
file zipped: c:\windows\system32\DRIVERS\10667
file zipped: c:\windows\system32\DRIVERS\10840
file zipped: c:\windows\system32\DRIVERS\29246
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_10667
-------\Legacy_10840
-------\Legacy_29246
-------\Service_10667
-------\Service_10840
-------\Service_29246
.
.
((((((((((((((((((((((((( Files Created from 2012-04-27 to 2012-05-27 )))))))))))))))))))))))))))))))
.
.
2012-05-27 06:08 . 2012-05-27 06:08 -------- d-----w- c:\users\Kimberly\AppData\Local\temp
2012-05-27 06:08 . 2012-05-27 06:08 -------- d-----w- c:\users\Kari\AppData\Local\temp
2012-05-27 06:08 . 2012-05-27 06:08 -------- d-----w- c:\users\Justin(25)\AppData\Local\temp
2012-05-27 06:08 . 2012-05-27 06:08 -------- d-----w- c:\users\Justin B\AppData\Local\temp
2012-05-27 06:08 . 2012-05-27 06:08 -------- d-----w- c:\users\Josie\AppData\Local\temp
2012-05-27 06:08 . 2012-05-27 06:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-26 21:49 . 2012-05-26 21:49 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-25 23:06 . 2012-05-25 23:06 -------- d-----w- c:\users\Rory\AppData\Roaming\com.adobe.example.DubTurbo2.2C5EA5ABC1DEB308D2835FE19E22900BCCA96951.1
2012-05-21 19:58 . 2012-05-21 19:58 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-21 19:57 . 2012-05-21 19:57 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-05-21 19:57 . 2012-05-21 19:57 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2012-05-21 01:15 . 2012-05-21 01:27 -------- d-----w- c:\program files\ASIO4ALL v2
2012-05-21 00:54 . 2010-05-26 18:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-05-21 00:54 . 2010-05-26 18:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-05-21 00:54 . 2010-05-26 18:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-05-21 00:54 . 2010-05-26 18:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-05-21 00:54 . 2010-05-26 18:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-05-21 00:54 . 2009-09-05 00:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-05-21 00:54 . 2009-09-05 00:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2012-05-21 00:54 . 2009-09-05 00:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2012-05-20 22:15 . 2012-05-20 22:17 -------- d-----w- c:\program files\DubTurbo2
2012-05-14 07:07 . 2012-05-14 07:13 -------- d-----w- c:\users\Public\Family History Records
2012-05-12 18:51 . 2012-05-12 18:51 -------- d-----w- c:\users\Justin B\AppData\Roaming\com.adobe.example.DubTurbo2.2C5EA5ABC1DEB308D2835FE19E22900BCCA96951.1
2012-05-12 17:41 . 2012-05-12 17:41 -------- d-----w- c:\users\Cody\AppData\Roaming\com.adobe.example.DubTurbo2.2C5EA5ABC1DEB308D2835FE19E22900BCCA96951.1
2012-05-12 17:18 . 2012-05-12 17:18 -------- d-----w- c:\users\Cody\AppData\Local\WinZip
2012-05-10 00:01 . 2012-02-01 15:11 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 00:01 . 2012-02-01 15:10 983040 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 00:01 . 2012-02-01 15:10 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 00:01 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 00:01 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-05-10 00:01 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe
2012-05-10 00:01 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 00:01 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 00:01 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 00:01 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-10 00:01 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 00:00 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 00:00 . 2012-03-30 12:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 00:00 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 00:00 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-09 17:21 . 2011-06-08 15:35 44184 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-05-06 03:21 . 2012-04-10 17:51 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-06 03:21 . 2012-04-10 17:51 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-10 18:32 . 2010-10-29 05:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-02 13:36 . 2012-05-10 00:00 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-03-21 14:47 . 2012-03-21 14:47 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-21 14:47 . 2012-03-21 14:47 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-21 14:47 . 2012-03-21 14:47 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-21 14:47 . 2012-03-21 14:47 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-21 14:47 . 2012-03-21 14:47 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-21 14:47 . 2012-03-21 14:47 367104 ----a-w- c:\windows\system32\html.iec
2012-03-21 14:47 . 2012-03-21 14:47 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-21 14:47 . 2012-03-21 14:47 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-21 14:47 . 2012-03-21 14:47 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-21 14:47 . 2012-03-21 14:47 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-21 14:47 . 2012-03-21 14:47 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-21 14:47 . 2012-03-21 14:47 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-21 14:47 . 2012-03-21 14:47 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-21 14:47 . 2012-03-21 14:47 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-21 14:47 . 2012-03-21 14:47 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-21 14:47 . 2012-03-21 14:47 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-21 14:47 . 2012-03-21 14:47 101888 ----a-w- c:\windows\system32\admparse.dll
2012-03-21 14:47 . 2012-03-21 14:47 98816 ----a-w- c:\windows\system32\mfps.dll
2012-03-21 14:47 . 2012-03-21 14:47 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-03-21 14:47 . 2012-03-21 14:47 586240 ----a-w- c:\windows\system32\stobject.dll
2012-03-21 14:47 . 2012-03-21 14:47 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-03-21 14:47 . 2012-03-21 14:47 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-03-21 14:47 . 2012-03-21 14:47 2873344 ----a-w- c:\windows\system32\mf.dll
2012-03-21 14:47 . 2012-03-21 14:47 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-03-21 14:47 . 2012-03-21 14:47 209920 ----a-w- c:\windows\system32\mfplat.dll
2012-03-21 14:47 . 2012-03-21 14:47 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-03-21 14:47 . 2012-03-21 14:47 847360 ----a-w- c:\windows\system32\OpcServices.dll
2012-03-21 14:47 . 2012-03-21 14:47 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-03-21 14:47 . 2012-03-21 14:47 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-03-21 14:47 . 2012-03-21 14:47 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-03-21 14:47 . 2012-03-21 14:47 478720 ----a-w- c:\windows\system32\dxgi.dll
2012-03-21 14:47 . 2012-03-21 14:47 37376 ----a-w- c:\windows\system32\cdd.dll
2012-03-21 14:47 . 2012-03-21 14:47 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-03-21 14:47 . 2012-03-21 14:47 258048 ----a-w- c:\windows\system32\winspool.drv
2012-03-21 14:47 . 2012-03-21 14:47 189952 ----a-w- c:\windows\system32\d3d10core.dll
2012-03-21 14:47 . 2012-03-21 14:47 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2012-03-21 14:47 . 2012-03-21 14:47 1029120 ----a-w- c:\windows\system32\d3d10.dll
2012-02-29 15:11 . 2012-04-12 10:03 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2012-04-12 10:03 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09 . 2012-04-12 10:03 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32 . 2012-04-12 10:03 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18 . 2012-04-12 10:03 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-12 10:03 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 10:03 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-12 10:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-21 01:19 . 2012-04-26 01:13 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-13 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-25 98304]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-30 206064]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-05-07 405504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-08 1394000]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-16 479232]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 104408]
"F-Secure Manager"="c:\program files\Frontier\Security\Common\FSM32.EXE" [2010-04-07 199344]
"F-Secure TNB"="c:\program files\Frontier\Security\FSGUI\TNBUtil.exe" [2010-04-07 1653424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Kimberly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\users\Rory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2010-5-30 344064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-1-4 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-13 715568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 03:21]
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 02:59]
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 02:59]
.
2012-05-27 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-03-29 15:46]
.
2012-05-27 c:\windows\Tasks\User_Feed_Synchronization-{0A342642-EDCE-4AFF-906F-FF4E391F1595}.job
- c:\windows\system32\msfeedssync.exe [2012-03-21 14:47]
.
2012-05-27 c:\windows\Tasks\User_Feed_Synchronization-{47908029-A6FD-4652-B755-79B09E539E18}.job
- c:\windows\system32\msfeedssync.exe [2012-03-21 14:47]
.
2012-05-27 c:\windows\Tasks\User_Feed_Synchronization-{693869A9-88FC-49A8-8B48-8A6798D7514B}.job
- c:\windows\system32\msfeedssync.exe [2012-03-21 14:47]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\program files\Frontier\Security\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 192.168.254.254
FF - ProfilePath - c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z002&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z002&form=ZGAADF&q=
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(6076)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atiesrxx.exe
c:\program files\Tablet\Pen\Pen_TouchService.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\atieclxx.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Frontier\Security\Anti-Virus\fsgk32st.exe
c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
c:\program files\Frontier\Security\Anti-Virus\FSGK32.EXE
c:\program files\Frontier\Security\Common\FSMA32.EXE
c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe
c:\program files\Frontier\Security\Common\FSHDLL32.EXE
c:\windows\system32\STacSV.exe
c:\program files\Tablet\Pen\Pen_Tablet.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Frontier\Security\ORSP Client\fsorsp.exe
c:\program files\Frontier\Security\FWES\Program\fsdfwd.exe
c:\program files\Frontier\Security\Anti-Virus\fssm32.exe
c:\program files\Frontier\Security\Anti-Virus\fsav32.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Tablet\Pen\Pen_TouchUser.exe
c:\program files\Tablet\Pen\Pen_TabletUser.exe
c:\program files\Tablet\Pen\Pen_Tablet.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
.
**************************************************************************
.
Completion time: 2012-05-26 23:19:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-27 06:19
ComboFix2.txt 2012-05-26 22:30
.
Pre-Run: 348,011,614,208 bytes free
Post-Run: 348,653,731,840 bytes free
.
- - End Of File - - D7228B82B1A3DF6DEE2C3DDAD7F0BF9D
Upload was successful

#7 cokiju

cokiju
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 27 May 2012 - 01:49 AM

MBAM log:

Malwarebytes' Anti-Malware 1.44
Database version: 3805
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

5/26/2012 11:48:43 PM
mbam-log-2012-05-26 (23-48-43).txt

Scan type: Quick Scan
Objects scanned: 125800
Time elapsed: 4 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{98279c38-de4b-4bcf-93c9-8ec26069d6f4} (Adware.SelectRebates) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:17 PM

Posted 27 May 2012 - 05:24 AM

yes, I had warned about that happening in this post

http://www.bleepingcomputer.com/forums/topic454890.html/page__view__findpost__p__2711152

hopefully, your profile is fine now after a reboot

were you able to run the ESET scan?

please run the following as well

  • Press the Win key + R to open a run box, then copy/paste the following single-line command into the Run box and click OK:

    C:\Qoobox\Add-Remove Programs.txt

  • A text file should open.
  • Post the contents of that file in your next reply.


post both the ESET and Installed programs list

thanks

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 cokiju

cokiju
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 27 May 2012 - 09:15 AM

ESET Scan:

C:\Users\Cody\Downloads\SoftonicDownloader_for_asio4all.exe Win32/SoftonicDownloader.D application
C:\Users\Public\Downloads\7Zip.exe a variant of Win32/InstallIQ application
C:\Users\Rory\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\PlaySushiFF.dll probably a variant of Win32/Adware.Gamevance.AG application
C:\Users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\textlinks@playsushi.com\components\PlaySushiFF.dll probably a variant of Win32/Adware.Gamevance.AG application

#10 cokiju

cokiju
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 27 May 2012 - 09:19 AM

32 bit Windows Card Reader Driver
7-Zip 4.57
ACDSee Photo Manager 2009
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 7.0
Adobe Photoshop Elements 8.0
Adobe Reader 9.3.3
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression
ArcSoft Panorama Maker 5
ArcSoft Slide Show Maker
ASIO4ALL
ATI Catalyst Install Manager
Auslogics Disk Defrag
Bamboo
Bonjour
BookSmart® 2.6.0 2.6.0
BookSmart® 3.0.2 3.0.2
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Support Core Library
Canon Camera WIA Driver
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window DVC for ZoomBrowser EX
Canon Camera Window for ZoomBrowser EX
Canon EOS Kiss_N REBEL_XT 350D WIA Driver
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 1.6.1
Canon Utilities EOS Capture 1.3
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX
CanoScan Toolbox Ver4.1
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
CCleaner
Conexant D850 PCI V.92 Modem
Core Security
Coupon Printer for Windows
Dell Driver Download Manager
Dell Resource CD
Dell Support Center (Support Software)
DubTurbo2
EOS Capture 1.3
FamilySearch Indexing
File Uploader
Freemake Video Converter version 3.0.2
Google Chrome
Google SketchUp 7
Google Toolbar for Internet Explorer
Google Update Helper
Guitar Guru Supplemental Guitar Skins
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Imagenomic Portraiture 2.3 Plug-in (build 2308)
Intel® PRO Network Connections Drivers
iTunes
Java Auto Updater
Java™ 6 Update 31
Java™ SE Runtime Environment 6
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Digital Image Pro 9
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Miller's Remote Suite (PLUS)
Miller's ROES
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MuseScore 0.9.6.3 MuseScore score typesetter
Musicnotes Software Suite 1.4.6
MyFonts Order M2797778
myPANTONE Palettes 1.5
NEF Codec
Nikon Message Center
Nikon Transfer
OGPlanet Game Launcher
OpenOffice.org 3.1
Pando Media Booster
Pazaak Cantina
PhotoStitch
Picaboo X
Picture Control Utility
QuickTime
RAW Image Task 2.0
Registry Mechanic 10.0
RemoteCapture Task 1.1
ROES.whcc
RootsMagic 5.0.2.1
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
SigmaTel Audio
Sony Picture Utility
Sony USB Driver
Uninstall FamilySearch Indexing
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
ViewNX
WebEx
WebTablet IE Plugin
WebTablet Netscape Plugin
WIDCOMM Bluetooth Software 6.0.1.4300
Windows Driver Package - Logitech HIDClass (10/16/2006 1.0)
WinZip 14.5
Xvid 1.2.1 final uninstall

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:17 PM

Posted 27 May 2012 - 11:58 AM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Users\Rory\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\PlaySushiFF.dll 
C:\Users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\extensions\textlinks@playsushi.com\components\PlaySushiFF.dll 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT



Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Posted Image Your Java is out of date.
go to Start > Control panel > Programs and Features > remove all the java programs from your computer, then download the latest Java version 7 update 4 from here and install it
http://java.com/en/download/index.jsp

Please advise how the computer is running now and if there are any outstanding issues

Edited by CatByte, 27 May 2012 - 11:59 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 cokiju

cokiju
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 27 May 2012 - 03:43 PM

ComboFix 12-05-26.02 - Rory 05/26/2012 22:55:08.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.2317 [GMT -7:00]
Running from: c:\users\Rory\Desktop\ComboFix.exe
Command switches used :: c:\users\Rory\Desktop\CFScript.txt
AV: Core Security 9.13 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: Core Security 9.13 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
file zipped: c:\windows\system32\DRIVERS\10667
file zipped: c:\windows\system32\DRIVERS\10840
file zipped: c:\windows\system32\DRIVERS\29246
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_10667
-------\Legacy_10840
-------\Legacy_29246
-------\Service_10667
-------\Service_10840
-------\Service_29246
.
.
((((((((((((((((((((((((( Files Created from 2012-04-27 to 2012-05-27 )))))))))))))))))))))))))))))))
.
.
2012-05-27 06:08 . 2012-05-27 06:08 -------- d-----w- c:\users\Kimberly\AppData\Local\temp
2012-05-27 06:08 . 2012-05-27 06:08 -------- d-----w- c:\users\Kari\AppData\Local\temp
2012-05-27 06:08 . 2012-05-27 06:08 -------- d-----w- c:\users\Justin(25)\AppData\Local\temp
2012-05-27 06:08 . 2012-05-27 06:08 -------- d-----w- c:\users\Justin B\AppData\Local\temp
2012-05-27 06:08 . 2012-05-27 06:08 -------- d-----w- c:\users\Josie\AppData\Local\temp
2012-05-27 06:08 . 2012-05-27 06:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-26 21:49 . 2012-05-26 21:49 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-25 23:06 . 2012-05-25 23:06 -------- d-----w- c:\users\Rory\AppData\Roaming\com.adobe.example.DubTurbo2.2C5EA5ABC1DEB308D2835FE19E22900BCCA96951.1
2012-05-21 19:58 . 2012-05-21 19:58 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-21 19:57 . 2012-05-21 19:57 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-05-21 19:57 . 2012-05-21 19:57 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2012-05-21 01:15 . 2012-05-21 01:27 -------- d-----w- c:\program files\ASIO4ALL v2
2012-05-21 00:54 . 2010-05-26 18:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-05-21 00:54 . 2010-05-26 18:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-05-21 00:54 . 2010-05-26 18:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-05-21 00:54 . 2010-05-26 18:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-05-21 00:54 . 2010-05-26 18:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-05-21 00:54 . 2009-09-05 00:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-05-21 00:54 . 2009-09-05 00:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2012-05-21 00:54 . 2009-09-05 00:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2012-05-20 22:15 . 2012-05-20 22:17 -------- d-----w- c:\program files\DubTurbo2
2012-05-14 07:07 . 2012-05-14 07:13 -------- d-----w- c:\users\Public\Family History Records
2012-05-12 18:51 . 2012-05-12 18:51 -------- d-----w- c:\users\Justin B\AppData\Roaming\com.adobe.example.DubTurbo2.2C5EA5ABC1DEB308D2835FE19E22900BCCA96951.1
2012-05-12 17:41 . 2012-05-12 17:41 -------- d-----w- c:\users\Cody\AppData\Roaming\com.adobe.example.DubTurbo2.2C5EA5ABC1DEB308D2835FE19E22900BCCA96951.1
2012-05-12 17:18 . 2012-05-12 17:18 -------- d-----w- c:\users\Cody\AppData\Local\WinZip
2012-05-10 00:01 . 2012-02-01 15:11 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 00:01 . 2012-02-01 15:10 983040 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 00:01 . 2012-02-01 15:10 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 00:01 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 00:01 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-05-10 00:01 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe
2012-05-10 00:01 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 00:01 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 00:01 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 00:01 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-10 00:01 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 00:00 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 00:00 . 2012-03-30 12:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 00:00 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 00:00 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-09 17:21 . 2011-06-08 15:35 44184 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-05-06 03:21 . 2012-04-10 17:51 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-06 03:21 . 2012-04-10 17:51 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-10 18:32 . 2010-10-29 05:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-02 13:36 . 2012-05-10 00:00 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-03-21 14:47 . 2012-03-21 14:47 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-21 14:47 . 2012-03-21 14:47 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-21 14:47 . 2012-03-21 14:47 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-21 14:47 . 2012-03-21 14:47 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-21 14:47 . 2012-03-21 14:47 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-21 14:47 . 2012-03-21 14:47 367104 ----a-w- c:\windows\system32\html.iec
2012-03-21 14:47 . 2012-03-21 14:47 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-21 14:47 . 2012-03-21 14:47 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-21 14:47 . 2012-03-21 14:47 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-21 14:47 . 2012-03-21 14:47 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-21 14:47 . 2012-03-21 14:47 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-21 14:47 . 2012-03-21 14:47 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-21 14:47 . 2012-03-21 14:47 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-21 14:47 . 2012-03-21 14:47 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-21 14:47 . 2012-03-21 14:47 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-21 14:47 . 2012-03-21 14:47 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-21 14:47 . 2012-03-21 14:47 101888 ----a-w- c:\windows\system32\admparse.dll
2012-03-21 14:47 . 2012-03-21 14:47 98816 ----a-w- c:\windows\system32\mfps.dll
2012-03-21 14:47 . 2012-03-21 14:47 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-03-21 14:47 . 2012-03-21 14:47 586240 ----a-w- c:\windows\system32\stobject.dll
2012-03-21 14:47 . 2012-03-21 14:47 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-03-21 14:47 . 2012-03-21 14:47 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-03-21 14:47 . 2012-03-21 14:47 2873344 ----a-w- c:\windows\system32\mf.dll
2012-03-21 14:47 . 2012-03-21 14:47 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-03-21 14:47 . 2012-03-21 14:47 209920 ----a-w- c:\windows\system32\mfplat.dll
2012-03-21 14:47 . 2012-03-21 14:47 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-03-21 14:47 . 2012-03-21 14:47 847360 ----a-w- c:\windows\system32\OpcServices.dll
2012-03-21 14:47 . 2012-03-21 14:47 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-03-21 14:47 . 2012-03-21 14:47 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-03-21 14:47 . 2012-03-21 14:47 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-03-21 14:47 . 2012-03-21 14:47 478720 ----a-w- c:\windows\system32\dxgi.dll
2012-03-21 14:47 . 2012-03-21 14:47 37376 ----a-w- c:\windows\system32\cdd.dll
2012-03-21 14:47 . 2012-03-21 14:47 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-03-21 14:47 . 2012-03-21 14:47 258048 ----a-w- c:\windows\system32\winspool.drv
2012-03-21 14:47 . 2012-03-21 14:47 189952 ----a-w- c:\windows\system32\d3d10core.dll
2012-03-21 14:47 . 2012-03-21 14:47 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2012-03-21 14:47 . 2012-03-21 14:47 1029120 ----a-w- c:\windows\system32\d3d10.dll
2012-02-29 15:11 . 2012-04-12 10:03 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2012-04-12 10:03 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09 . 2012-04-12 10:03 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32 . 2012-04-12 10:03 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18 . 2012-04-12 10:03 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-12 10:03 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 10:03 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-12 10:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-21 01:19 . 2012-04-26 01:13 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-13 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-25 98304]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-30 206064]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-05-07 405504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-08 1394000]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-16 479232]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 104408]
"F-Secure Manager"="c:\program files\Frontier\Security\Common\FSM32.EXE" [2010-04-07 199344]
"F-Secure TNB"="c:\program files\Frontier\Security\FSGUI\TNBUtil.exe" [2010-04-07 1653424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Kimberly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\users\Rory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2010-5-30 344064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-1-4 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-13 715568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 03:21]
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 02:59]
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 02:59]
.
2012-05-27 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-03-29 15:46]
.
2012-05-27 c:\windows\Tasks\User_Feed_Synchronization-{0A342642-EDCE-4AFF-906F-FF4E391F1595}.job
- c:\windows\system32\msfeedssync.exe [2012-03-21 14:47]
.
2012-05-27 c:\windows\Tasks\User_Feed_Synchronization-{47908029-A6FD-4652-B755-79B09E539E18}.job
- c:\windows\system32\msfeedssync.exe [2012-03-21 14:47]
.
2012-05-27 c:\windows\Tasks\User_Feed_Synchronization-{693869A9-88FC-49A8-8B48-8A6798D7514B}.job
- c:\windows\system32\msfeedssync.exe [2012-03-21 14:47]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\program files\Frontier\Security\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 192.168.254.254
FF - ProfilePath - c:\users\Rory\AppData\Roaming\Mozilla\Firefox\Profiles\7qxodkrz.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z002&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z002&form=ZGAADF&q=
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(6076)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atiesrxx.exe
c:\program files\Tablet\Pen\Pen_TouchService.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\atieclxx.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Frontier\Security\Anti-Virus\fsgk32st.exe
c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
c:\program files\Frontier\Security\Anti-Virus\FSGK32.EXE
c:\program files\Frontier\Security\Common\FSMA32.EXE
c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe
c:\program files\Frontier\Security\Common\FSHDLL32.EXE
c:\windows\system32\STacSV.exe
c:\program files\Tablet\Pen\Pen_Tablet.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Frontier\Security\ORSP Client\fsorsp.exe
c:\program files\Frontier\Security\FWES\Program\fsdfwd.exe
c:\program files\Frontier\Security\Anti-Virus\fssm32.exe
c:\program files\Frontier\Security\Anti-Virus\fsav32.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Tablet\Pen\Pen_TouchUser.exe
c:\program files\Tablet\Pen\Pen_TabletUser.exe
c:\program files\Tablet\Pen\Pen_Tablet.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
.
**************************************************************************
.
Completion time: 2012-05-26 23:19:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-27 06:19
ComboFix2.txt 2012-05-26 22:30
.
Pre-Run: 348,011,614,208 bytes free
Post-Run: 348,653,731,840 bytes free
.
- - End Of File - - D7228B82B1A3DF6DEE2C3DDAD7F0BF9D
Upload was successful

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:17 PM

Posted 27 May 2012 - 03:46 PM

How is the computer running now?

Are there any outstanding issues?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 cokiju

cokiju
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 27 May 2012 - 04:05 PM

Excellent! I rebooted just to make sure, and it was very fast and had no problems.

Thank you so very much for your help! You are amazing!

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:17 PM

Posted 27 May 2012 - 04:28 PM

Hi

Just some housekeeping to do now,

Please do the following:


You can delete the DDS and TDSSKiller logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users