Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection Trojan cant be removed by malware


  • This topic is locked This topic is locked
14 replies to this topic

#1 13kylek

13kylek

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 11 July 2012 - 12:26 AM

DDS log;

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Kyle at 1:06:11 on 2012-07-11
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2171 [GMT -4:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Vuze\Azureus.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Users\Kyle\Desktop\aswMBR.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=Z015&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Akamai NetSession Interface] "C:\Users\Kyle\AppData\Local\Akamai\netsession_win.exe"
uRun: [Facebook Update] "C:\Users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [MFARestart] "C:\ProgramData\MFAData\pack\avgrunasx.exe" /usereg
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
StartupFolder: C:\Users\Kyle\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
LSP: mswsock.dll
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{0E1CB1F7-8DBC-40AF-B7A7-76F7B7971741} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{0E1CB1F7-8DBC-40AF-B7A7-76F7B7971741}\34169637F6E602E4564777F627B6 : DhcpNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{0E1CB1F7-8DBC-40AF-B7A7-76F7B7971741}\3716D61627162656163686 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{0E1CB1F7-8DBC-40AF-B7A7-76F7B7971741}\45865684F64756C6A4 : DhcpNameServer = 192.168.0.1 64.222.165.243 64.222.84.243
TCP: Interfaces\{0E1CB1F7-8DBC-40AF-B7A7-76F7B7971741}\B484A4D423 : DhcpNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{0E1CB1F7-8DBC-40AF-B7A7-76F7B7971741}\C696E6B6379737 : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [MFARestart] "C:\ProgramData\MFAData\pack\avgrunasx.exe" /usereg
mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\kdlgpl9e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Kyle\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\kdlgpl9e.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Kyle\AppData\Roaming\Mozilla\plugins\npicaN.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2010-7-29 89600]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-7-8 40384]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-3-23 2321520]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-5 689472]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-3 935008]
R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-7-8 40384]
R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-7-8 40384]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-4 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-2 250056]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-4 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-10 05:35:56 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-10 05:22:51 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-09 22:06:11 -------- d-----w- C:\Users\Kyle\AppData\Local\Apple
2012-07-09 22:05:49 -------- d-----w- C:\Users\Kyle\AppData\Local\Apple Computer
2012-07-09 19:42:15 -------- d-----w- C:\Users\Kyle\AppData\Roaming\SUPERAntiSpyware.com
2012-07-09 19:42:09 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-07-09 19:42:09 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-07-09 19:27:17 -------- d-----w- C:\Users\Kyle\AppData\Roaming\Malwarebytes
2012-07-09 19:27:10 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-09 19:27:10 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-09 19:27:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-08 21:58:32 61008 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-07-08 21:58:19 38848 ----a-w- C:\Windows\avastSS.scr
2012-07-08 21:58:16 -------- d-----w- C:\ProgramData\Alwil Software
2012-07-05 18:20:57 -------- d-----w- C:\Users\Kyle\AppData\Local\Macromedia
2012-07-04 02:39:18 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-07-04 02:38:55 -------- d-----w- C:\Users\Kyle\AppData\Roaming\AVG
2012-07-02 22:02:34 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-02 21:58:30 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-02 01:36:47 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D5DE46CF-6714-4A22-9B80-79B09AA7F40B}\mpengine.dll
2012-07-01 16:56:25 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-25 20:38:44 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-25 20:38:15 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-25 20:37:36 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-25 20:37:36 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-18 21:35:45 -------- d-----w- C:\Users\Kyle\AppData\Local\{2F697EE9-AF9B-44DC-992F-EE71A499DFDD}
2012-06-13 20:13:09 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-13 20:13:09 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-13 20:13:09 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-13 20:13:07 208896 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-13 20:13:05 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-13 20:13:04 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-13 20:13:04 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-13 20:13:00 3144192 ----a-w- C:\Windows\System32\win32k.sys
2012-06-13 20:12:59 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-13 20:12:58 3213824 ----a-w- C:\Windows\System32\msi.dll
2012-06-13 20:12:57 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-13 20:12:49 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-13 20:12:49 1460224 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-13 20:12:49 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-13 20:12:48 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-13 20:12:48 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-13 20:12:48 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-13 07:45:08 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{19128395-9091-4081-97AA-A98CB82D05C9}\gapaengine.dll
.
==================== Find3M ====================
.
2012-07-04 18:07:09 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-19 08:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
.
============= FINISH: 1:07:29.59 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/9/2010 3:58:55 PM
System Uptime: 7/10/2012 8:31:59 AM (17 hours ago)
.
Motherboard: Dell Inc. | | 0G848F
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz | Microprocessor | 2300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 187.898 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP658: 7/9/2012 4:12:51 PM - Removed Advanced Audio FX Engine
RP659: 7/9/2012 4:17:21 PM - Removed WinZip 15.0
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.1.2
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support
Apple Software Update
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Citrix XenApp Web Plugin
Consumer In-Home Service Agreement
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Webcam Central
EpicBot
ESET Online Scanner v3
Facebook Video Calling 1.2.0.159
Google Update Helper
GoToAssist 8.0.0.514
Java Auto Updater
Java™ 6 Update 22
Java™ 7 Update 4
JavaFX 2.1.0
Junk Mail filter update
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
QuickTime
Roxio Burn
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC80CRTRedist - 8.0.50727.6195
Visual Studio 2008 x64 Redistributables
Vuze
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
7/9/2012 3:56:38 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
7/9/2012 3:56:38 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
7/9/2012 3:56:35 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/9/2012 3:47:19 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/9/2012 3:47:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/9/2012 3:47:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/9/2012 3:47:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/9/2012 3:47:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/9/2012 3:47:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/9/2012 3:47:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/9/2012 3:46:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSP aswTdi Avgfwfd Avgldx64 Avgmfx64 Avgtdia DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf
7/9/2012 3:46:35 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/9/2012 3:46:35 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/9/2012 3:46:35 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/9/2012 3:46:35 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/9/2012 3:46:34 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/9/2012 3:46:34 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/9/2012 3:46:34 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
7/9/2012 3:46:34 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/9/2012 3:46:34 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/9/2012 3:46:34 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/9/2012 3:18:02 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
7/9/2012 2:49:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSP aswTdi Avgfwfd Avgldx64 Avgmfx64 Avgtdia DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
7/8/2012 9:47:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
7/8/2012 6:43:07 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
7/8/2012 5:40:17 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/8/2012 5:40:17 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
7/8/2012 4:30:18 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
7/8/2012 10:54:01 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
7/4/2012 12:54:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
7/11/2012 12:42:18 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
7/11/2012 12:42:18 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
7/10/2012 3:54:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
7/10/2012 10:07:59 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
7/10/2012 1:06:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Akamai service.
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:02:15 PM

Posted 15 July 2012 - 08:42 PM

13kylek,

:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

 

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.




:step1: Please download and run Combofix:

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you do not know how to do this you can find out >here< or >here<
3. Double click on combofix.exe & follow the prompts.

Notes:
  • Combofix may need to reboot your computer more than once to do its job. This is normal.
  • When finished, it will produce a report for you.

Important:
  • Do not mouseclick combofix's window while it's running. That may cause it to stall.
  • If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

In your next reply, please include:
  • Combofix log
  • How is your computer running now? Please be as descriptive as possible. Include any word-for-word error messages that you may have, and/or screenshots of strange behavior.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 13kylek

13kylek
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 16 July 2012 - 09:52 AM

ComboFix 12-07-14.01 - Kyle 07/16/2012 0:57.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2448 [GMT -4:00]
Running from: c:\users\Kyle\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{05811e29-9f43-9f3b-5e4d-cf283e0dd938}\@
c:\windows\Installer\{05811e29-9f43-9f3b-5e4d-cf283e0dd938}\L\00000004.@
c:\windows\Installer\{05811e29-9f43-9f3b-5e4d-cf283e0dd938}\L\1afb2d56
c:\windows\Installer\{05811e29-9f43-9f3b-5e4d-cf283e0dd938}\L\201d3dde
c:\windows\Installer\{05811e29-9f43-9f3b-5e4d-cf283e0dd938}\L\55490ac4
c:\windows\Installer\{05811e29-9f43-9f3b-5e4d-cf283e0dd938}\U\00000008.@
c:\windows\Installer\{05811e29-9f43-9f3b-5e4d-cf283e0dd938}\U\000000cb.@
c:\windows\Installer\{05811e29-9f43-9f3b-5e4d-cf283e0dd938}\U\80000064.@
c:\windows\Installer\{05811e29-9f43-9f3b-5e4d-cf283e0dd938}\U\trz64CA.tmp
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-16 to 2012-07-16 )))))))))))))))))))))))))))))))
.
.
2012-07-12 07:07 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 18:32 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 18:32 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 18:32 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 18:32 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 18:31 . 2012-06-02 05:38 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 18:31 . 2012-06-02 05:37 459216 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 18:31 . 2012-06-02 05:27 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 18:31 . 2012-06-02 05:27 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 18:31 . 2012-06-02 05:38 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 18:31 . 2012-06-02 04:48 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-11 18:31 . 2012-06-02 04:47 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-11 18:31 . 2012-06-02 04:48 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-11 18:31 . 2012-06-02 04:42 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-07-11 18:31 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 18:31 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-10 05:35 . 2012-07-10 05:35 -------- d-----w- c:\program files (x86)\ESET
2012-07-10 05:22 . 2012-07-10 05:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-09 22:06 . 2012-07-09 22:06 -------- d-----w- c:\users\Kyle\AppData\Local\Apple
2012-07-09 22:05 . 2012-07-09 22:05 -------- d-----w- c:\users\Kyle\AppData\Local\Apple Computer
2012-07-09 19:42 . 2012-07-09 19:42 -------- d-----w- c:\users\Kyle\AppData\Roaming\SUPERAntiSpyware.com
2012-07-09 19:42 . 2012-07-09 19:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-09 19:42 . 2012-07-09 19:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-09 19:27 . 2012-07-09 19:27 -------- d-----w- c:\users\Kyle\AppData\Roaming\Malwarebytes
2012-07-09 19:27 . 2012-07-09 19:27 -------- d-----w- c:\programdata\Malwarebytes
2012-07-09 19:27 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-09 19:27 . 2012-07-09 19:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-08 21:58 . 2010-06-28 20:37 121936 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-08 21:58 . 2010-06-28 20:33 28752 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-08 21:58 . 2010-06-28 20:32 20048 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-08 21:58 . 2010-06-28 20:37 51280 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-08 21:58 . 2010-06-28 20:33 61008 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-08 21:58 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2012-07-08 21:58 . 2010-06-28 20:57 165032 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-08 21:58 . 2012-07-08 21:58 -------- d-----w- c:\programdata\Alwil Software
2012-07-08 21:58 . 2012-07-08 21:58 -------- d-----w- c:\program files\Alwil Software
2012-07-05 18:20 . 2012-07-05 18:20 -------- d-----w- c:\users\Kyle\AppData\Local\Macromedia
2012-07-04 05:11 . 2012-07-12 22:21 -------- d-----w- c:\program files (x86)\Google
2012-07-04 02:39 . 2012-07-04 02:39 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-07-04 02:38 . 2012-07-04 02:39 -------- d-----w- c:\users\Kyle\AppData\Roaming\AVG
2012-07-02 22:02 . 2012-07-02 22:02 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-02 21:58 . 2012-07-12 00:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-02 01:36 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D5DE46CF-6714-4A22-9B80-79B09AA7F40B}\mpengine.dll
2012-07-01 16:56 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-25 20:38 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-25 20:38 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-25 20:38 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-25 20:38 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-25 20:38 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-25 20:38 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-25 20:38 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-25 20:37 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-25 20:37 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 00:07 . 2011-09-08 02:24 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-23 18:17 . 2012-05-23 18:17 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-04 10:52 . 2012-06-13 20:13 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:08 . 2012-06-13 20:13 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08 . 2012-06-13 20:13 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32 . 2012-06-13 20:13 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:50 . 2012-06-13 20:12 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:34 . 2012-06-13 20:13 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:34 . 2012-06-13 20:13 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:28 . 2012-06-13 20:13 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:59 . 2012-06-13 20:12 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:59 . 2012-06-13 20:12 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 05:59 . 2012-06-13 20:12 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 04:47 . 2012-06-13 20:12 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:47 . 2012-06-13 20:12 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-24 04:47 . 2012-06-13 20:12 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-19 08:50 . 2012-04-19 08:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-04 02:39 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-04 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Facebook Update"="c:\users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-26 4787072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-04 1107552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-07-21 165184]
.
c:\users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 lbqeaauz;lbqeaauz;c:\windows\system32\drivers\lbqeaauz.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-04 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-04 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-12 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
S1 aswSP;aswSP; [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-23 48992]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2009-03-02 89600]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 61008]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-03-23 2321520]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-04 935008]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-05-20 393728]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-02 00:07]
.
2012-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-787825875-780258353-603877844-1001Core.job
- c:\users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-24 23:39]
.
2012-07-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-787825875-780258353-603877844-1001UA.job
- c:\users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-24 23:39]
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-04 05:11]
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-04 05:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-25 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-21 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-21 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-21 365592]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/?pc=Z015&form=ZGAPHP
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\kdlgpl9e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Kyle\AppData\Local\Akamai\netsession_win.exe
Wow6432Node-HKLM-Run-MFARestart - c:\programdata\MFAData\pack\avgrunasx.exe
SafeBoot-MsMpSvc
Toolbar-Locked - (no file)
AddRemove-Akamai - c:\users\Kyle\AppData\Local\Akamai\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-787825875-780258353-603877844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-787825875-780258353-603877844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0c\03\15\03\1c\06?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-07-16 01:16:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-16 05:16
.
Pre-Run: 217,165,762,560 bytes free
Post-Run: 217,030,782,976 bytes free
.
- - End Of File - - E92B56E6420804461DFD58E53DA0D99F

Thanks a lot for the help Jason!

#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:02:15 PM

Posted 16 July 2012 - 10:08 AM

13kylek,

Looking much better. Combofix fixed the infection.

I notice your logs show multiple antivirus programs installed. I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to Programs and Features in the Control Panel and remove either Avast and/or Microsoft Security Essentials and/or AVG

If you have any questions or run into problems uninstalling any of these antivirus programs, please let me know.

Rerun Malwarebytes
Open Malwarebytes, click on the Update tab, and click the check for Updates button.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

In your next reply, please include:
  • Malwarebytes log
  • Feedback from you - how is your computer running now? Please be as descriptive as possible.

Edited by jntkwx, 16 July 2012 - 10:09 AM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 13kylek

13kylek
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 16 July 2012 - 11:19 AM

Ok so i have a few problems, when i originally tried to uninstall AVG i tried just deleting the files from where they were saved rather than uninstalling the program. Now im unable to access AVG but i kept getting messages from it saying i had an infection. On the control panel it gives me the option to uninstall AVG but when i click uninstall nothing happens.

Thanks, Kyle

#6 13kylek

13kylek
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 16 July 2012 - 11:40 AM

Also when i go into the control panel, it doesnt give me the option to uninstall Avast. I went to delete the program from where i saved it, and it says i need administrator permission to delete the files even tho i am the computer administrator.

#7 13kylek

13kylek
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 16 July 2012 - 03:46 PM

Ok so i was able to completely remove AVG and Avast... I would like your opinion on which antivirus software i should use, thanks. here is the Malwarebytes log;

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.16.11

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Kyle :: KYLE-PC [administrator]

7/16/2012 4:24:45 PM
mbam-log-2012-07-16 (16-24-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211651
Time elapsed: 2 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCR\Interface\{66666666-6666-6666-6666-660066466639} (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044464439} (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\InstalledBrowserExtensions\215 Apps|4639 (PUP.CrossFire.SA) -> Data: SavingsApp -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Kyle\Local Settings\Application Data\SavingsApp\Chrome\SavingsApp.crx (PUP.CrossFire.SA) -> Quarantined and deleted successfully.

(end)

#8 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:02:15 PM

Posted 16 July 2012 - 03:55 PM

13kylek,

I suspected you may have problems uninstalling Avast and AVG, however I'm glad you figured it out. :)

Personally, I recommend Microsoft Security Essentials. I use it myself. It's free, doesn't seem to slow down my computer, and is pretty good at detecting the latest viruses (no antivirus program is perfect - the best virus/malware defense is common sense.)

:step1: TDSSkiller
  • Download TDSSKiller.exe and save it to your desktop.
  • Double-click TDSSKiller.exe to run it.
  • Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  • Click Start scan and allow it to scan for Malicious objects.
  • If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
  • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents of the logfile in your next reply

:step2: aswMBR
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
When asked to update the definitions, click Yes.
Leave the AV Scan set to QuickScan.
Click the "Scan" button to start scan.

On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


In your next reply, please include:
  • TDSSkiller log
  • aswMBR log
  • How is your computer running now? Please be as descriptive as possible.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#9 13kylek

13kylek
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 16 July 2012 - 04:46 PM

TDSSkiller log;

17:09:09.0254 4252 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
17:09:09.0597 4252 ============================================================
17:09:09.0597 4252 Current date / time: 2012/07/16 17:09:09.0597
17:09:09.0597 4252 SystemInfo:
17:09:09.0597 4252
17:09:09.0597 4252 OS Version: 6.1.7600 ServicePack: 0.0
17:09:09.0597 4252 Product type: Workstation
17:09:09.0597 4252 ComputerName: KYLE-PC
17:09:09.0597 4252 UserName: Kyle
17:09:09.0597 4252 Windows directory: C:\Windows
17:09:09.0597 4252 System windows directory: C:\Windows
17:09:09.0597 4252 Running under WOW64
17:09:09.0597 4252 Processor architecture: Intel x64
17:09:09.0597 4252 Number of processors: 2
17:09:09.0597 4252 Page size: 0x1000
17:09:09.0597 4252 Boot type: Normal boot
17:09:09.0597 4252 ============================================================
17:09:10.0034 4252 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:09:10.0034 4252 Drive \Device\Harddisk1\DR1 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:09:10.0050 4252 ============================================================
17:09:10.0050 4252 \Device\Harddisk0\DR0:
17:09:10.0050 4252 MBR partitions:
17:09:10.0050 4252 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
17:09:10.0050 4252 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
17:09:10.0050 4252 \Device\Harddisk1\DR1:
17:09:10.0050 4252 MBR partitions:
17:09:10.0050 4252 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x468, BlocksNum 0x777B98
17:09:10.0050 4252 ============================================================
17:09:10.0081 4252 C: <-> \Device\Harddisk0\DR0\Partition1
17:09:10.0081 4252 ============================================================
17:09:10.0081 4252 Initialize success
17:09:10.0081 4252 ============================================================
17:10:03.0889 4424 ============================================================
17:10:03.0889 4424 Scan started
17:10:03.0889 4424 Mode: Manual;
17:10:03.0889 4424 ============================================================
17:10:04.0404 4424 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
17:10:04.0404 4424 !SASCORE - ok
17:10:04.0653 4424 1394ohci (69aa89a20dee08bfa650aab6ce37bd10) C:\Windows\system32\DRIVERS\1394ohci.sys
17:10:04.0669 4424 1394ohci - ok
17:10:04.0731 4424 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
17:10:04.0731 4424 ACPI - ok
17:10:04.0778 4424 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
17:10:04.0778 4424 AcpiPmi - ok
17:10:04.0950 4424 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:10:04.0965 4424 AdobeFlashPlayerUpdateSvc - ok
17:10:05.0043 4424 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:10:05.0090 4424 adp94xx - ok
17:10:05.0199 4424 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:10:05.0199 4424 adpahci - ok
17:10:05.0262 4424 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:10:05.0262 4424 adpu320 - ok
17:10:05.0324 4424 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:10:05.0324 4424 AeLookupSvc - ok
17:10:05.0464 4424 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe
17:10:05.0464 4424 AESTFilters - ok
17:10:05.0558 4424 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
17:10:05.0574 4424 AFD - ok
17:10:05.0620 4424 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
17:10:05.0620 4424 agp440 - ok
17:10:06.0026 4424 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll
17:10:06.0026 4424 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
17:10:06.0042 4424 Akamai ( HiddenFile.Multi.Generic ) - warning
17:10:06.0042 4424 Akamai - detected HiddenFile.Multi.Generic (1)
17:10:06.0213 4424 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:10:06.0213 4424 ALG - ok
17:10:06.0307 4424 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
17:10:06.0322 4424 aliide - ok
17:10:06.0354 4424 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
17:10:06.0354 4424 amdide - ok
17:10:06.0416 4424 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:10:06.0416 4424 AmdK8 - ok
17:10:06.0463 4424 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:10:06.0463 4424 AmdPPM - ok
17:10:06.0525 4424 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
17:10:06.0525 4424 amdsata - ok
17:10:06.0572 4424 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:10:06.0588 4424 amdsbs - ok
17:10:06.0603 4424 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
17:10:06.0603 4424 amdxata - ok
17:10:06.0681 4424 ApfiltrService (98449a2957778a6f025c418438a380f4) C:\Windows\system32\DRIVERS\Apfiltr.sys
17:10:06.0697 4424 ApfiltrService - ok
17:10:06.0759 4424 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
17:10:06.0759 4424 AppID - ok
17:10:06.0806 4424 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:10:06.0806 4424 AppIDSvc - ok
17:10:06.0837 4424 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
17:10:06.0837 4424 Appinfo - ok
17:10:06.0978 4424 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:10:06.0978 4424 Apple Mobile Device - ok
17:10:07.0056 4424 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:10:07.0071 4424 arc - ok
17:10:07.0087 4424 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:10:07.0087 4424 arcsas - ok
17:10:07.0102 4424 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:10:07.0102 4424 AsyncMac - ok
17:10:07.0165 4424 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
17:10:07.0180 4424 atapi - ok
17:10:07.0274 4424 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
17:10:07.0290 4424 AudioEndpointBuilder - ok
17:10:07.0305 4424 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
17:10:07.0305 4424 AudioSrv - ok
17:10:07.0321 4424 AVGIDSHA - ok
17:10:07.0368 4424 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
17:10:07.0368 4424 AxInstSV - ok
17:10:07.0461 4424 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:10:07.0477 4424 b06bdrv - ok
17:10:07.0570 4424 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:10:07.0586 4424 b57nd60a - ok
17:10:07.0648 4424 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
17:10:07.0648 4424 BCM42RLY - ok
17:10:07.0882 4424 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
17:10:07.0960 4424 BCM43XX - ok
17:10:08.0132 4424 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:10:08.0132 4424 BDESVC - ok
17:10:08.0226 4424 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:10:08.0226 4424 Beep - ok
17:10:08.0350 4424 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
17:10:08.0382 4424 BFE - ok
17:10:08.0491 4424 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
17:10:08.0506 4424 BITS - ok
17:10:08.0522 4424 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:10:08.0538 4424 blbdrive - ok
17:10:08.0694 4424 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:10:08.0709 4424 Bonjour Service - ok
17:10:08.0787 4424 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
17:10:08.0787 4424 bowser - ok
17:10:08.0803 4424 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:10:08.0803 4424 BrFiltLo - ok
17:10:08.0850 4424 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:10:08.0850 4424 BrFiltUp - ok
17:10:08.0896 4424 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:10:08.0896 4424 BridgeMP - ok
17:10:08.0943 4424 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
17:10:08.0959 4424 Browser - ok
17:10:08.0990 4424 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:10:09.0006 4424 Brserid - ok
17:10:09.0037 4424 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:10:09.0037 4424 BrSerWdm - ok
17:10:09.0068 4424 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:10:09.0084 4424 BrUsbMdm - ok
17:10:09.0099 4424 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:10:09.0099 4424 BrUsbSer - ok
17:10:09.0130 4424 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:10:09.0146 4424 BTHMODEM - ok
17:10:09.0193 4424 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:10:09.0193 4424 bthserv - ok
17:10:09.0224 4424 catchme - ok
17:10:09.0255 4424 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:10:09.0255 4424 cdfs - ok
17:10:09.0302 4424 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
17:10:09.0302 4424 cdrom - ok
17:10:09.0364 4424 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
17:10:09.0364 4424 CertPropSvc - ok
17:10:09.0411 4424 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:10:09.0411 4424 circlass - ok
17:10:09.0442 4424 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:10:09.0458 4424 CLFS - ok
17:10:09.0567 4424 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:10:09.0567 4424 clr_optimization_v2.0.50727_32 - ok
17:10:09.0645 4424 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:10:09.0645 4424 clr_optimization_v2.0.50727_64 - ok
17:10:09.0754 4424 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:10:09.0770 4424 clr_optimization_v4.0.30319_32 - ok
17:10:09.0817 4424 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:10:09.0832 4424 clr_optimization_v4.0.30319_64 - ok
17:10:09.0879 4424 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:10:09.0879 4424 CmBatt - ok
17:10:09.0926 4424 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
17:10:09.0926 4424 cmdide - ok
17:10:10.0004 4424 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
17:10:10.0020 4424 CNG - ok
17:10:10.0066 4424 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:10:10.0066 4424 Compbatt - ok
17:10:10.0082 4424 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:10:10.0082 4424 CompositeBus - ok
17:10:10.0098 4424 COMSysApp - ok
17:10:10.0129 4424 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:10:10.0129 4424 crcdisk - ok
17:10:10.0191 4424 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
17:10:10.0207 4424 CryptSvc - ok
17:10:10.0269 4424 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
17:10:10.0285 4424 CtClsFlt - ok
17:10:10.0410 4424 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
17:10:10.0425 4424 DcomLaunch - ok
17:10:10.0488 4424 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:10:10.0503 4424 defragsvc - ok
17:10:10.0566 4424 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
17:10:10.0566 4424 DfsC - ok
17:10:10.0612 4424 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
17:10:10.0628 4424 Dhcp - ok
17:10:10.0675 4424 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:10:10.0675 4424 discache - ok
17:10:10.0722 4424 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:10:10.0722 4424 Disk - ok
17:10:10.0800 4424 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
17:10:10.0800 4424 Dnscache - ok
17:10:10.0940 4424 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
17:10:10.0940 4424 DockLoginService - ok
17:10:11.0018 4424 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
17:10:11.0018 4424 dot3svc - ok
17:10:11.0049 4424 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
17:10:11.0049 4424 DPS - ok
17:10:11.0096 4424 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:10:11.0096 4424 drmkaud - ok
17:10:11.0190 4424 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
17:10:11.0205 4424 DXGKrnl - ok
17:10:11.0268 4424 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:10:11.0268 4424 EapHost - ok
17:10:11.0517 4424 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:10:11.0595 4424 ebdrv - ok
17:10:11.0736 4424 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
17:10:11.0751 4424 EFS - ok
17:10:11.0860 4424 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
17:10:11.0860 4424 ehRecvr - ok
17:10:11.0907 4424 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:10:11.0923 4424 ehSched - ok
17:10:12.0032 4424 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:10:12.0048 4424 elxstor - ok
17:10:12.0079 4424 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
17:10:12.0079 4424 ErrDev - ok
17:10:12.0172 4424 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:10:12.0188 4424 EventSystem - ok
17:10:12.0219 4424 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:10:12.0235 4424 exfat - ok
17:10:12.0250 4424 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:10:12.0266 4424 fastfat - ok
17:10:12.0360 4424 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
17:10:12.0375 4424 Fax - ok
17:10:12.0406 4424 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:10:12.0406 4424 fdc - ok
17:10:12.0453 4424 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:10:12.0453 4424 fdPHost - ok
17:10:12.0469 4424 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:10:12.0469 4424 FDResPub - ok
17:10:12.0516 4424 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:10:12.0516 4424 FileInfo - ok
17:10:12.0547 4424 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:10:12.0547 4424 Filetrace - ok
17:10:12.0578 4424 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:10:12.0578 4424 flpydisk - ok
17:10:12.0609 4424 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
17:10:12.0640 4424 FltMgr - ok
17:10:12.0765 4424 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
17:10:12.0781 4424 FontCache - ok
17:10:12.0937 4424 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:10:12.0937 4424 FontCache3.0.0.0 - ok
17:10:13.0015 4424 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:10:13.0015 4424 FsDepends - ok
17:10:13.0062 4424 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
17:10:13.0062 4424 Fs_Rec - ok
17:10:13.0140 4424 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:10:13.0140 4424 fvevol - ok
17:10:13.0186 4424 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:10:13.0186 4424 gagp30kx - ok
17:10:13.0358 4424 GameConsoleService (1fda0df739234c4023851a282dd28704) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
17:10:13.0374 4424 GameConsoleService - ok
17:10:13.0436 4424 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:10:13.0436 4424 GEARAspiWDM - ok
17:10:13.0514 4424 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
17:10:13.0514 4424 GoToAssist - ok
17:10:13.0608 4424 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
17:10:13.0639 4424 gpsvc - ok
17:10:13.0748 4424 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:10:13.0748 4424 gupdate - ok
17:10:13.0748 4424 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:10:13.0748 4424 gupdatem - ok
17:10:13.0795 4424 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:10:13.0795 4424 hcw85cir - ok
17:10:13.0826 4424 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:10:13.0842 4424 HDAudBus - ok
17:10:13.0842 4424 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:10:13.0842 4424 HidBatt - ok
17:10:13.0873 4424 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:10:13.0873 4424 HidBth - ok
17:10:13.0888 4424 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:10:13.0888 4424 HidIr - ok
17:10:13.0935 4424 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
17:10:13.0935 4424 hidserv - ok
17:10:13.0966 4424 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
17:10:13.0966 4424 HidUsb - ok
17:10:14.0013 4424 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
17:10:14.0013 4424 hkmsvc - ok
17:10:14.0044 4424 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
17:10:14.0044 4424 HomeGroupListener - ok
17:10:14.0091 4424 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
17:10:14.0107 4424 HomeGroupProvider - ok
17:10:14.0138 4424 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
17:10:14.0138 4424 HpSAMD - ok
17:10:14.0216 4424 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
17:10:14.0247 4424 HTTP - ok
17:10:14.0263 4424 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
17:10:14.0263 4424 hwpolicy - ok
17:10:14.0325 4424 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:10:14.0325 4424 i8042prt - ok
17:10:14.0466 4424 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
17:10:14.0466 4424 IAANTMON - ok
17:10:14.0528 4424 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
17:10:14.0544 4424 iaStor - ok
17:10:14.0622 4424 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
17:10:14.0637 4424 iaStorV - ok
17:10:14.0840 4424 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:10:14.0856 4424 idsvc - ok
17:10:15.0308 4424 igfx (44a4cfdf95dec95cfe8a5c111a2cbf71) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:10:15.0480 4424 igfx - ok
17:10:15.0667 4424 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:10:15.0667 4424 iirsp - ok
17:10:15.0776 4424 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
17:10:15.0792 4424 IKEEXT - ok
17:10:15.0838 4424 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
17:10:15.0838 4424 intelide - ok
17:10:15.0885 4424 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:10:15.0885 4424 intelppm - ok
17:10:15.0901 4424 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:10:15.0916 4424 IPBusEnum - ok
17:10:15.0932 4424 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:10:15.0948 4424 IpFilterDriver - ok
17:10:16.0010 4424 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
17:10:16.0026 4424 iphlpsvc - ok
17:10:16.0072 4424 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:10:16.0072 4424 IPMIDRV - ok
17:10:16.0104 4424 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:10:16.0119 4424 IPNAT - ok
17:10:16.0275 4424 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
17:10:16.0291 4424 iPod Service - ok
17:10:16.0369 4424 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:10:16.0369 4424 IRENUM - ok
17:10:16.0384 4424 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
17:10:16.0384 4424 isapnp - ok
17:10:16.0416 4424 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
17:10:16.0431 4424 iScsiPrt - ok
17:10:16.0462 4424 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:10:16.0462 4424 kbdclass - ok
17:10:16.0494 4424 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
17:10:16.0494 4424 kbdhid - ok
17:10:16.0540 4424 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:10:16.0540 4424 KeyIso - ok
17:10:16.0587 4424 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
17:10:16.0587 4424 KSecDD - ok
17:10:16.0618 4424 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
17:10:16.0618 4424 KSecPkg - ok
17:10:16.0665 4424 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:10:16.0665 4424 ksthunk - ok
17:10:16.0759 4424 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:10:16.0759 4424 KtmRm - ok
17:10:16.0837 4424 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
17:10:16.0852 4424 LanmanServer - ok
17:10:16.0915 4424 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
17:10:16.0915 4424 LanmanWorkstation - ok
17:10:16.0962 4424 lbqeaauz - ok
17:10:17.0008 4424 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:10:17.0008 4424 lltdio - ok
17:10:17.0086 4424 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:10:17.0118 4424 lltdsvc - ok
17:10:17.0149 4424 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:10:17.0149 4424 lmhosts - ok
17:10:17.0211 4424 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:10:17.0211 4424 LSI_FC - ok
17:10:17.0227 4424 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:10:17.0242 4424 LSI_SAS - ok
17:10:17.0258 4424 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:10:17.0258 4424 LSI_SAS2 - ok
17:10:17.0289 4424 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:10:17.0289 4424 LSI_SCSI - ok
17:10:17.0336 4424 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:10:17.0336 4424 luafv - ok
17:10:17.0383 4424 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
17:10:17.0383 4424 Mcx2Svc - ok
17:10:17.0414 4424 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:10:17.0414 4424 megasas - ok
17:10:17.0445 4424 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:10:17.0461 4424 MegaSR - ok
17:10:17.0539 4424 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:10:17.0539 4424 MMCSS - ok
17:10:17.0570 4424 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:10:17.0570 4424 Modem - ok
17:10:17.0617 4424 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:10:17.0617 4424 monitor - ok
17:10:17.0679 4424 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:10:17.0679 4424 mouclass - ok
17:10:17.0710 4424 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:10:17.0710 4424 mouhid - ok
17:10:17.0742 4424 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
17:10:17.0742 4424 mountmgr - ok
17:10:17.0851 4424 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:10:17.0851 4424 MozillaMaintenance - ok
17:10:17.0944 4424 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
17:10:17.0960 4424 MpFilter - ok
17:10:18.0022 4424 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
17:10:18.0022 4424 mpio - ok
17:10:18.0054 4424 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:10:18.0054 4424 mpsdrv - ok
17:10:18.0163 4424 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
17:10:18.0210 4424 MpsSvc - ok
17:10:18.0256 4424 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
17:10:18.0272 4424 MRxDAV - ok
17:10:18.0319 4424 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:10:18.0319 4424 mrxsmb - ok
17:10:18.0397 4424 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:10:18.0412 4424 mrxsmb10 - ok
17:10:18.0490 4424 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:10:18.0490 4424 mrxsmb20 - ok
17:10:18.0537 4424 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
17:10:18.0537 4424 msahci - ok
17:10:18.0584 4424 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
17:10:18.0584 4424 msdsm - ok
17:10:18.0631 4424 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:10:18.0631 4424 MSDTC - ok
17:10:18.0662 4424 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:10:18.0678 4424 Msfs - ok
17:10:18.0678 4424 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:10:18.0678 4424 mshidkmdf - ok
17:10:18.0709 4424 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
17:10:18.0709 4424 msisadrv - ok
17:10:18.0771 4424 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:10:18.0787 4424 MSiSCSI - ok
17:10:18.0787 4424 msiserver - ok
17:10:18.0818 4424 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:10:18.0834 4424 MSKSSRV - ok
17:10:18.0849 4424 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:10:18.0849 4424 MSPCLOCK - ok
17:10:18.0865 4424 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:10:18.0865 4424 MSPQM - ok
17:10:18.0912 4424 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
17:10:18.0927 4424 MsRPC - ok
17:10:18.0943 4424 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:10:18.0943 4424 mssmbios - ok
17:10:18.0974 4424 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:10:18.0974 4424 MSTEE - ok
17:10:18.0990 4424 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:10:18.0990 4424 MTConfig - ok
17:10:19.0036 4424 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:10:19.0036 4424 Mup - ok
17:10:19.0114 4424 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
17:10:19.0130 4424 napagent - ok
17:10:19.0192 4424 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:10:19.0208 4424 NativeWifiP - ok
17:10:19.0302 4424 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
17:10:19.0302 4424 NDIS - ok
17:10:19.0333 4424 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:10:19.0333 4424 NdisCap - ok
17:10:19.0395 4424 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:10:19.0395 4424 NdisTapi - ok
17:10:19.0411 4424 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
17:10:19.0411 4424 Ndisuio - ok
17:10:19.0442 4424 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:10:19.0458 4424 NdisWan - ok
17:10:19.0473 4424 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
17:10:19.0473 4424 NDProxy - ok
17:10:19.0489 4424 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:10:19.0489 4424 NetBIOS - ok
17:10:19.0520 4424 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
17:10:19.0536 4424 NetBT - ok
17:10:19.0567 4424 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:10:19.0582 4424 Netlogon - ok
17:10:19.0645 4424 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:10:19.0660 4424 Netman - ok
17:10:19.0723 4424 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:10:19.0738 4424 netprofm - ok
17:10:19.0894 4424 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:10:19.0894 4424 NetTcpPortSharing - ok
17:10:19.0957 4424 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:10:19.0957 4424 nfrd960 - ok
17:10:20.0035 4424 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:10:20.0035 4424 NisDrv - ok
17:10:20.0175 4424 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
17:10:20.0191 4424 NisSrv - ok
17:10:20.0284 4424 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
17:10:20.0316 4424 NlaSvc - ok
17:10:20.0362 4424 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:10:20.0362 4424 Npfs - ok
17:10:20.0378 4424 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:10:20.0378 4424 nsi - ok
17:10:20.0409 4424 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:10:20.0409 4424 nsiproxy - ok
17:10:20.0565 4424 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
17:10:20.0612 4424 Ntfs - ok
17:10:20.0799 4424 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:10:20.0799 4424 Null - ok
17:10:20.0846 4424 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
17:10:20.0846 4424 nvraid - ok
17:10:20.0908 4424 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
17:10:20.0908 4424 nvstor - ok
17:10:20.0955 4424 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
17:10:20.0955 4424 nv_agp - ok
17:10:21.0018 4424 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
17:10:21.0018 4424 ohci1394 - ok
17:10:21.0080 4424 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:10:21.0080 4424 p2pimsvc - ok
17:10:21.0142 4424 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:10:21.0174 4424 p2psvc - ok
17:10:21.0220 4424 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:10:21.0220 4424 Parport - ok
17:10:21.0267 4424 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
17:10:21.0267 4424 partmgr - ok
17:10:21.0298 4424 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:10:21.0314 4424 PcaSvc - ok
17:10:21.0330 4424 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
17:10:21.0345 4424 pci - ok
17:10:21.0392 4424 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
17:10:21.0392 4424 pciide - ok
17:10:21.0423 4424 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:10:21.0423 4424 pcmcia - ok
17:10:21.0454 4424 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:10:21.0454 4424 pcw - ok
17:10:21.0517 4424 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:10:21.0532 4424 PEAUTH - ok
17:10:21.0642 4424 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:10:21.0642 4424 PerfHost - ok
17:10:21.0798 4424 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
17:10:21.0844 4424 pla - ok
17:10:21.0922 4424 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
17:10:21.0938 4424 PlugPlay - ok
17:10:21.0985 4424 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:10:21.0985 4424 PNRPAutoReg - ok
17:10:22.0016 4424 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:10:22.0032 4424 PNRPsvc - ok
17:10:22.0094 4424 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
17:10:22.0141 4424 PolicyAgent - ok
17:10:22.0203 4424 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:10:22.0203 4424 Power - ok
17:10:22.0297 4424 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
17:10:22.0297 4424 PptpMiniport - ok
17:10:22.0359 4424 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:10:22.0359 4424 Processor - ok
17:10:22.0406 4424 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
17:10:22.0406 4424 ProfSvc - ok
17:10:22.0453 4424 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:10:22.0453 4424 ProtectedStorage - ok
17:10:22.0515 4424 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
17:10:22.0515 4424 Psched - ok
17:10:22.0578 4424 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
17:10:22.0578 4424 PxHlpa64 - ok
17:10:22.0718 4424 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:10:22.0765 4424 ql2300 - ok
17:10:22.0968 4424 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:10:22.0968 4424 ql40xx - ok
17:10:23.0030 4424 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:10:23.0046 4424 QWAVE - ok
17:10:23.0077 4424 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:10:23.0077 4424 QWAVEdrv - ok
17:10:23.0092 4424 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:10:23.0092 4424 RasAcd - ok
17:10:23.0155 4424 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:10:23.0155 4424 RasAgileVpn - ok
17:10:23.0202 4424 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:10:23.0202 4424 RasAuto - ok
17:10:23.0233 4424 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:10:23.0233 4424 Rasl2tp - ok
17:10:23.0280 4424 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
17:10:23.0295 4424 RasMan - ok
17:10:23.0342 4424 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:10:23.0342 4424 RasPppoe - ok
17:10:23.0373 4424 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:10:23.0373 4424 RasSstp - ok
17:10:23.0404 4424 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
17:10:23.0420 4424 rdbss - ok
17:10:23.0451 4424 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:10:23.0451 4424 rdpbus - ok
17:10:23.0467 4424 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:10:23.0467 4424 RDPCDD - ok
17:10:23.0529 4424 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:10:23.0529 4424 RDPENCDD - ok
17:10:23.0545 4424 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:10:23.0545 4424 RDPREFMP - ok
17:10:23.0607 4424 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
17:10:23.0607 4424 RDPWD - ok
17:10:23.0701 4424 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
17:10:23.0701 4424 rdyboost - ok
17:10:23.0763 4424 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:10:23.0763 4424 RemoteAccess - ok
17:10:23.0810 4424 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:10:23.0826 4424 RemoteRegistry - ok
17:10:23.0857 4424 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:10:23.0857 4424 RpcEptMapper - ok
17:10:23.0888 4424 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:10:23.0888 4424 RpcLocator - ok
17:10:23.0950 4424 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
17:10:23.0950 4424 RpcSs - ok
17:10:23.0997 4424 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:10:24.0013 4424 rspndr - ok
17:10:24.0060 4424 RSUSBSTOR (4a25dc970c58104602ed274dacafd784) C:\Windows\system32\Drivers\RtsUStor.sys
17:10:24.0075 4424 RSUSBSTOR - ok
17:10:24.0138 4424 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:10:24.0138 4424 SamSs - ok
17:10:24.0247 4424 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
17:10:24.0247 4424 SASDIFSV - ok
17:10:24.0262 4424 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
17:10:24.0262 4424 SASKUTIL - ok
17:10:24.0309 4424 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
17:10:24.0309 4424 sbp2port - ok
17:10:24.0372 4424 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:10:24.0372 4424 SCardSvr - ok
17:10:24.0403 4424 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
17:10:24.0403 4424 scfilter - ok
17:10:24.0528 4424 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
17:10:24.0559 4424 Schedule - ok
17:10:24.0590 4424 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
17:10:24.0590 4424 SCPolicySvc - ok
17:10:24.0621 4424 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
17:10:24.0637 4424 SDRSVC - ok
17:10:24.0715 4424 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:10:24.0715 4424 secdrv - ok
17:10:24.0746 4424 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
17:10:24.0746 4424 seclogon - ok
17:10:24.0762 4424 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
17:10:24.0762 4424 SENS - ok
17:10:24.0777 4424 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:10:24.0777 4424 SensrSvc - ok
17:10:24.0808 4424 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:10:24.0808 4424 Serenum - ok
17:10:24.0840 4424 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:10:24.0840 4424 Serial - ok
17:10:24.0855 4424 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:10:24.0855 4424 sermouse - ok
17:10:24.0902 4424 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
17:10:24.0902 4424 SessionEnv - ok
17:10:24.0949 4424 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
17:10:24.0949 4424 sffdisk - ok
17:10:24.0949 4424 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:10:24.0949 4424 sffp_mmc - ok
17:10:24.0964 4424 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:10:24.0964 4424 sffp_sd - ok
17:10:24.0980 4424 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:10:24.0980 4424 sfloppy - ok
17:10:25.0152 4424 SftService (e1974a92ac0914a3859359a0a8c82c68) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
17:10:25.0167 4424 SftService - ok
17:10:25.0276 4424 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:10:25.0276 4424 SharedAccess - ok
17:10:25.0354 4424 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
17:10:25.0370 4424 ShellHWDetection - ok
17:10:25.0464 4424 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:10:25.0464 4424 SiSRaid2 - ok
17:10:25.0495 4424 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:10:25.0495 4424 SiSRaid4 - ok
17:10:25.0542 4424 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:10:25.0542 4424 Smb - ok
17:10:25.0588 4424 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:10:25.0604 4424 SNMPTRAP - ok
17:10:25.0651 4424 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:10:25.0651 4424 spldr - ok
17:10:25.0713 4424 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
17:10:25.0729 4424 Spooler - ok
17:10:25.0947 4424 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
17:10:26.0041 4424 sppsvc - ok
17:10:26.0166 4424 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:10:26.0166 4424 sppuinotify - ok
17:10:26.0306 4424 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
17:10:26.0306 4424 sprtsvc_DellSupportCenter - ok
17:10:26.0400 4424 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
17:10:26.0415 4424 srv - ok
17:10:26.0478 4424 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
17:10:26.0478 4424 srv2 - ok
17:10:26.0540 4424 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
17:10:26.0540 4424 srvnet - ok
17:10:26.0602 4424 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:10:26.0618 4424 SSDPSRV - ok
17:10:26.0634 4424 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:10:26.0634 4424 SstpSvc - ok
17:10:26.0790 4424 STacSV (5697fb5dcf36ada09c153378e88ae6ad) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe
17:10:26.0805 4424 STacSV - ok
17:10:26.0852 4424 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:10:26.0852 4424 stexstor - ok
17:10:26.0930 4424 STHDA (f3f6c17f70eba268cdbe4f9704e3eac5) C:\Windows\system32\DRIVERS\stwrt64.sys
17:10:26.0946 4424 STHDA - ok
17:10:27.0024 4424 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
17:10:27.0055 4424 stisvc - ok
17:10:27.0070 4424 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:10:27.0070 4424 swenum - ok
17:10:27.0133 4424 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:10:27.0148 4424 swprv - ok
17:10:27.0304 4424 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
17:10:27.0367 4424 SysMain - ok
17:10:27.0507 4424 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
17:10:27.0507 4424 TabletInputService - ok
17:10:27.0554 4424 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
17:10:27.0570 4424 TapiSrv - ok
17:10:27.0585 4424 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:10:27.0585 4424 TBS - ok
17:10:27.0804 4424 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
17:10:27.0866 4424 Tcpip - ok
17:10:28.0162 4424 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
17:10:28.0178 4424 TCPIP6 - ok
17:10:28.0272 4424 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
17:10:28.0272 4424 tcpipreg - ok
17:10:28.0303 4424 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:10:28.0303 4424 TDPIPE - ok
17:10:28.0365 4424 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
17:10:28.0365 4424 TDTCP - ok
17:10:28.0381 4424 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
17:10:28.0381 4424 tdx - ok
17:10:28.0412 4424 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
17:10:28.0412 4424 TermDD - ok
17:10:28.0506 4424 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
17:10:28.0537 4424 TermService - ok
17:10:28.0552 4424 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:10:28.0552 4424 Themes - ok
17:10:28.0615 4424 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:10:28.0615 4424 THREADORDER - ok
17:10:28.0646 4424 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:10:28.0646 4424 TrkWks - ok
17:10:28.0724 4424 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
17:10:28.0740 4424 TrustedInstaller - ok
17:10:28.0786 4424 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:10:28.0786 4424 tssecsrv - ok
17:10:28.0849 4424 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
17:10:28.0849 4424 tunnel - ok
17:10:28.0880 4424 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:10:28.0880 4424 uagp35 - ok
17:10:28.0958 4424 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
17:10:28.0974 4424 udfs - ok
17:10:29.0020 4424 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:10:29.0020 4424 UI0Detect - ok
17:10:29.0083 4424 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
17:10:29.0083 4424 uliagpkx - ok
17:10:29.0114 4424 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
17:10:29.0114 4424 umbus - ok
17:10:29.0130 4424 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:10:29.0145 4424 UmPass - ok
17:10:29.0208 4424 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:10:29.0223 4424 upnphost - ok
17:10:29.0301 4424 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
17:10:29.0301 4424 USBAAPL64 - ok
17:10:29.0379 4424 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
17:10:29.0379 4424 usbccgp - ok
17:10:29.0442 4424 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
17:10:29.0442 4424 usbcir - ok
17:10:29.0488 4424 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
17:10:29.0488 4424 usbehci - ok
17:10:29.0535 4424 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
17:10:29.0551 4424 usbhub - ok
17:10:29.0598 4424 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
17:10:29.0598 4424 usbohci - ok
17:10:29.0629 4424 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:10:29.0644 4424 usbprint - ok
17:10:29.0691 4424 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:10:29.0691 4424 USBSTOR - ok
17:10:29.0738 4424 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\DRIVERS\usbuhci.sys
17:10:29.0738 4424 usbuhci - ok
17:10:29.0800 4424 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
17:10:29.0816 4424 usbvideo - ok
17:10:29.0863 4424 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:10:29.0863 4424 UxSms - ok
17:10:29.0911 4424 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:10:29.0911 4424 VaultSvc - ok
17:10:29.0973 4424 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
17:10:29.0989 4424 vdrvroot - ok
17:10:30.0051 4424 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
17:10:30.0082 4424 vds - ok
17:10:30.0113 4424 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:10:30.0113 4424 vga - ok
17:10:30.0129 4424 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:10:30.0129 4424 VgaSave - ok
17:10:30.0176 4424 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
17:10:30.0176 4424 vhdmp - ok
17:10:30.0223 4424 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
17:10:30.0223 4424 viaide - ok
17:10:30.0269 4424 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
17:10:30.0269 4424 volmgr - ok
17:10:30.0316 4424 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
17:10:30.0316 4424 volmgrx - ok
17:10:30.0363 4424 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
17:10:30.0379 4424 volsnap - ok
17:10:30.0425 4424 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:10:30.0425 4424 vsmraid - ok
17:10:30.0581 4424 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
17:10:30.0628 4424 VSS - ok
17:10:30.0800 4424 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:10:30.0800 4424 vwifibus - ok
17:10:30.0831 4424 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:10:30.0831 4424 vwififlt - ok
17:10:30.0910 4424 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:10:30.0910 4424 W32Time - ok
17:10:30.0941 4424 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:10:30.0941 4424 WacomPen - ok
17:10:30.0972 4424 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:10:30.0988 4424 WANARP - ok
17:10:30.0988 4424 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:10:30.0988 4424 Wanarpv6 - ok
17:10:31.0128 4424 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:10:31.0175 4424 WatAdminSvc - ok
17:10:31.0347 4424 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
17:10:31.0409 4424 wbengine - ok
17:10:31.0550 4424 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:10:31.0565 4424 WbioSrvc - ok
17:10:31.0643 4424 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
17:10:31.0643 4424 wcncsvc - ok
17:10:31.0659 4424 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:10:31.0674 4424 WcsPlugInService - ok
17:10:31.0737 4424 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:10:31.0737 4424 Wd - ok
17:10:31.0815 4424 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:10:31.0830 4424 Wdf01000 - ok
17:10:31.0862 4424 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:10:31.0862 4424 WdiServiceHost - ok
17:10:31.0877 4424 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:10:31.0877 4424 WdiSystemHost - ok
17:10:31.0940 4424 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
17:10:31.0955 4424 WebClient - ok
17:10:31.0986 4424 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:10:32.0018 4424 Wecsvc - ok
17:10:32.0033 4424 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:10:32.0049 4424 wercplsupport - ok
17:10:32.0080 4424 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:10:32.0080 4424 WerSvc - ok
17:10:32.0174 4424 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:10:32.0174 4424 WfpLwf - ok
17:10:32.0236 4424 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
17:10:32.0252 4424 WimFltr - ok
17:10:32.0283 4424 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:10:32.0283 4424 WIMMount - ok
17:10:32.0376 4424 WinDefend - ok
17:10:32.0376 4424 WinHttpAutoProxySvc - ok
17:10:32.0486 4424 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:10:32.0486 4424 Winmgmt - ok
17:10:32.0657 4424 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
17:10:32.0720 4424 WinRM - ok
17:10:32.0954 4424 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys
17:10:32.0954 4424 WinUsb - ok
17:10:33.0047 4424 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:10:33.0063 4424 Wlansvc - ok
17:10:33.0359 4424 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:10:33.0422 4424 wlidsvc - ok
17:10:33.0500 4424 wltrysvc (13b0a570e1ae451c92da550085d72cf3) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
17:10:33.0515 4424 wltrysvc - ok
17:10:33.0702 4424 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:10:33.0702 4424 WmiAcpi - ok
17:10:33.0796 4424 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:10:33.0812 4424 wmiApSrv - ok
17:10:33.0921 4424 WMPNetworkSvc - ok
17:10:33.0952 4424 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:10:33.0968 4424 WPCSvc - ok
17:10:33.0983 4424 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
17:10:33.0999 4424 WPDBusEnum - ok
17:10:34.0030 4424 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:10:34.0046 4424 ws2ifsl - ok
17:10:34.0124 4424 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
17:10:34.0124 4424 wscsvc - ok
17:10:34.0124 4424 WSearch - ok
17:10:34.0342 4424 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
17:10:34.0420 4424 wuauserv - ok
17:10:34.0638 4424 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
17:10:34.0654 4424 WudfPf - ok
17:10:34.0685 4424 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:10:34.0701 4424 WUDFRd - ok
17:10:34.0748 4424 wudfsvc (27b9bee5aac00139e3a3af5d6227a0dc) C:\Windows\System32\WUDFSvc.dll
17:10:34.0748 4424 wudfsvc - ok
17:10:34.0810 4424 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:10:34.0857 4424 WwanSvc - ok
17:10:34.0966 4424 yukonw7 (79d9ce9614c955dd31aa2556b4014662) C:\Windows\system32\DRIVERS\yk62x64.sys
17:10:34.0966 4424 yukonw7 - ok
17:10:35.0013 4424 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
17:10:35.0652 4424 \Device\Harddisk0\DR0 - ok
17:10:35.0652 4424 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
17:10:38.0107 4424 \Device\Harddisk1\DR1 - ok
17:10:38.0107 4424 Boot (0x1200) (fc30ba75ac3c1bda98dccc7373abbba4) \Device\Harddisk0\DR0\Partition0
17:10:38.0107 4424 \Device\Harddisk0\DR0\Partition0 - ok
17:10:38.0154 4424 Boot (0x1200) (b6d642b07fea1a770d85010e638c1dd2) \Device\Harddisk0\DR0\Partition1
17:10:38.0154 4424 \Device\Harddisk0\DR0\Partition1 - ok
17:10:38.0154 4424 Boot (0x1200) (51937d03d439cb00327c8a907b418eca) \Device\Harddisk1\DR1\Partition0
17:10:38.0154 4424 \Device\Harddisk1\DR1\Partition0 - ok
17:10:38.0154 4424 ============================================================
17:10:38.0154 4424 Scan finished
17:10:38.0154 4424 ============================================================
17:10:38.0185 4924 Detected object count: 1
17:10:38.0185 4924 Actual detected object count: 1
17:10:56.0203 4924 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
17:10:56.0219 4924 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip


aswmbr log;

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-10 01:26:49
-----------------------------
01:26:49.134 OS Version: Windows x64 6.1.7600
01:26:49.135 Number of processors: 2 586 0x170A
01:26:49.136 ComputerName: KYLE-PC UserName: Kyle
01:26:50.433 Initialize success
01:26:51.444 AVAST engine defs: 12070901
01:26:59.535 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:26:59.539 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
01:26:59.554 Disk 0 MBR read successfully
01:26:59.559 Disk 0 MBR scan
01:26:59.565 Disk 0 Windows VISTA default MBR code
01:26:59.570 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
01:26:59.581 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
01:26:59.596 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920
01:26:59.621 Disk 0 scanning C:\Windows\system32\drivers
01:27:13.675 Service scanning
01:27:44.374 Modules scanning
01:27:44.388 Disk 0 trace - called modules:
01:27:44.417 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
01:27:44.758 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004562060]
01:27:44.767 3 CLASSPNP.SYS[fffff880013cf43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80040f3050]
01:27:45.549 AVAST engine scan C:\Windows
01:27:48.272 AVAST engine scan C:\Windows\system32
01:29:25.738 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
01:29:28.130 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
01:30:23.381 AVAST engine scan C:\Windows\system32\drivers
01:30:34.624 AVAST engine scan C:\Users\Kyle
01:31:14.491 Disk 0 MBR has been saved successfully to "C:\Users\Kyle\Desktop\MBR.dat"
01:31:14.504 The log file has been saved successfully to "C:\Users\Kyle\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-16 17:13:29
-----------------------------
17:13:29.556 OS Version: Windows x64 6.1.7600
17:13:29.556 Number of processors: 2 586 0x170A
17:13:29.556 ComputerName: KYLE-PC UserName: Kyle
17:13:31.006 Initialize success
17:14:27.367 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:14:27.383 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
17:14:27.399 Disk 0 MBR read successfully
17:14:27.399 Disk 0 MBR scan
17:14:27.399 Disk 0 Windows VISTA default MBR code
17:14:27.399 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
17:14:27.414 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
17:14:27.430 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920
17:14:27.461 Disk 0 scanning C:\Windows\system32\drivers
17:14:34.044 Service scanning
17:14:54.948 Modules scanning
17:14:54.948 Disk 0 trace - called modules:
17:14:54.995 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:14:54.995 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004455060]
17:14:55.510 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80040f9050]
17:14:55.510 Scan finished successfully
17:38:15.896 Disk 0 MBR has been saved successfully to "C:\Users\Kyle\Desktop\MBR.dat"
17:38:15.911 The log file has been saved successfully to "C:\Users\Kyle\Desktop\aswMBR.txt"

#10 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:02:15 PM

Posted 16 July 2012 - 07:40 PM

13kylek,

Those logs look clean. How is your computer running now? Please be as descriptive as possible.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#11 13kylek

13kylek
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 17 July 2012 - 08:21 PM

My computer is running good! thanks for the help so much, if i have anymore problems ill be sure to turn to this forum!

#12 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:02:15 PM

Posted 17 July 2012 - 08:24 PM

Please copy and paste the contents of C:\Qoobox\Add-Remove Programs.txt in your next reply.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#13 13kylek

13kylek
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 17 July 2012 - 10:17 PM

Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.1.2
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support
Apple Software Update
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Citrix XenApp Web Plugin
Consumer In-Home Service Agreement
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Webcam Central
EpicBot
ESET Online Scanner v3
Facebook Video Calling 1.2.0.159
Google Chrome
Google Update Helper
GoToAssist 8.0.0.514
Java Auto Updater
Java™ 6 Update 22
Java™ 7 Update 4
JavaFX 2.1.0
Junk Mail filter update
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
QuickTime
Roxio Burn
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC80CRTRedist - 8.0.50727.6195
Visual Studio 2008 x64 Redistributables
Vuze
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources

#14 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:02:15 PM

Posted 18 July 2012 - 08:15 AM

13kylek,

Your computer looks clean!

Let's take some preventative steps to ensure you don't get infected again:


:step1: Uninstall Combofix
Hold down the Windows key Posted Image and press the R key.
In the Run window, type the following bolded text and click OK:

Combofix.exe /Uninstall

:step2: Please download OTCleanIt and save it to desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

:step3: Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
    64-bit OS users, should read: Which Java download should I choose for my 64-bit Windows operating system?
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u5-windows-i586.exe (or jre-7u5-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

:step4: Like Java, outdated versions of Adobe Reader have vulnerabilities that malware can use to reinfect your computer.
I strongly recommend updating to the latest, secure version:

:step5: Install the Latest Version of Common Software:
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting http://secunia.com/vulnerability_scanning/online/ and http://www.calendarofupdates.com/updates/calendar.html.

I recommend FileHippo's update checker that scans your computer for programs it recognizes and allows you to easily download new versions of common software: http://filehippo.com/updatechecker/UpdateChecker.exe

:step6: Finally, read this tutorial and follow each of the steps:
http://www.bleepingcomputer.com/tutorials/tutorial82.html

Please feel free to post any future computer problems in the appropriate forum. Have a great day! :)
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#15 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:02:15 PM

Posted 22 July 2012 - 07:33 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users