Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

my AV found a virus, please help me


  • This topic is locked This topic is locked
11 replies to this topic

#1 robo122

robo122

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 31 July 2012 - 11:32 AM

hi,

you guys have helped me in the past on this machine, and i hope you can work your magic again. i was using IE9, and all of a sudden my AV popped up in the corner that it blocked malware located at "C:\ProgramData\microsoft\windows\drm\EDB3.tmp".
---------------------------------------------------------------------------

so i took it upon myself to run a MBAM scan, i perfromed a full scan and it found 2 items, which i listed below:

Files Detected: 2
C:\ProgramData\Microsoft\Windows\DRM\EDB3.tmp.dat (Rootkit.TDSS.EXPD1) -> Quarantined and deleted successfully.
C:\Users\Xps8300\AppData\Local\Temp\D806.tmp (Rootkit.TDSS.EXPD1) -> Quarantined and deleted successfully.

i deleted them.
---------------------------------------------------------------

i then did a TDSS scan, and that as well found 1 item, assigned to DellDigitalDelivery, listed below:

10:49:21.0864 6572 Detected object count: 1
10:49:21.0864 6572 Actual detected object count: 1
10:49:43.0829 6572 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - skipped by user
10:49:43.0829 6572 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - User select action: Skip

---------------------------------------------------------------
i then did an ESET scan, and it found 2 items, listed below:

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application

-------------------------------------------------------------------

i am not able to run any scripts on my computer, because they come up associated with another program already installed on my computer, so i was not able to do a DDS scan.

i am running 64-bit so i did not go a GMER scam

please help me clean up this computer, and get an all-clean.

thanks so much

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:26 PM

Posted 05 August 2012 - 09:21 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Lets start with these scans.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 robo122

robo122
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 07 August 2012 - 07:40 AM

i ran the 2 scans you requested. the TDSSKiller did not find anything. i did actually run that scan before i posted on this forum, and it had found something then. i have that log to post if you would like to see it

------------------------------------------------------------------------------------

TDSSkiller Log (7 Aug 12)

08:28:55.0504 8240 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
08:28:55.0738 8240 ============================================================
08:28:55.0738 8240 Current date / time: 2012/08/07 08:28:55.0738
08:28:55.0738 8240 SystemInfo:
08:28:55.0738 8240
08:28:55.0738 8240 OS Version: 6.1.7601 ServicePack: 1.0
08:28:55.0738 8240 Product type: Workstation
08:28:55.0738 8240 ComputerName: ROB
08:28:55.0738 8240 UserName: Xps8300
08:28:55.0738 8240 Windows directory: C:\Windows
08:28:55.0738 8240 System windows directory: C:\Windows
08:28:55.0738 8240 Running under WOW64
08:28:55.0738 8240 Processor architecture: Intel x64
08:28:55.0738 8240 Number of processors: 8
08:28:55.0738 8240 Page size: 0x1000
08:28:55.0738 8240 Boot type: Normal boot
08:28:55.0738 8240 ============================================================
08:28:56.0034 8240 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:28:56.0050 8240 ============================================================
08:28:56.0050 8240 \Device\Harddisk0\DR0:
08:28:56.0050 8240 MBR partitions:
08:28:56.0050 8240 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x216E000
08:28:56.0050 8240 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2182000, BlocksNum 0x72584000
08:28:56.0050 8240 ============================================================
08:28:56.0065 8240 C: <-> \Device\Harddisk0\DR0\Partition1
08:28:56.0065 8240 ============================================================
08:28:56.0065 8240 Initialize success
08:28:56.0065 8240 ============================================================
08:29:05.0425 9156 ============================================================
08:29:05.0425 9156 Scan started
08:29:05.0425 9156 Mode: Manual;
08:29:05.0425 9156 ============================================================
08:29:05.0878 9156 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:29:05.0878 9156 1394ohci - ok
08:29:05.0956 9156 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 (a15069eec83ebc54150564b2585cfdba) C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
08:29:05.0971 9156 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 - ok
08:29:05.0987 9156 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:29:05.0987 9156 ACPI - ok
08:29:05.0987 9156 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:29:06.0002 9156 AcpiPmi - ok
08:29:06.0065 9156 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:29:06.0065 9156 AdobeARMservice - ok
08:29:06.0112 9156 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:29:06.0112 9156 AdobeFlashPlayerUpdateSvc - ok
08:29:06.0143 9156 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
08:29:06.0158 9156 adp94xx - ok
08:29:06.0158 9156 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
08:29:06.0174 9156 adpahci - ok
08:29:06.0174 9156 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
08:29:06.0174 9156 adpu320 - ok
08:29:06.0205 9156 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
08:29:06.0205 9156 AeLookupSvc - ok
08:29:06.0252 9156 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:29:06.0252 9156 AFD - ok
08:29:06.0268 9156 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:29:06.0268 9156 agp440 - ok
08:29:06.0283 9156 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
08:29:06.0283 9156 ALG - ok
08:29:06.0299 9156 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:29:06.0299 9156 aliide - ok
08:29:06.0346 9156 AMD External Events Utility (9c616ba191b80f5cd1a1b9553e107100) C:\Windows\system32\atiesrxx.exe
08:29:06.0346 9156 AMD External Events Utility - ok
08:29:06.0346 9156 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:29:06.0361 9156 amdide - ok
08:29:06.0361 9156 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
08:29:06.0361 9156 AmdK8 - ok
08:29:06.0611 9156 amdkmdag (5165e83751b8ff40e5e4925996fcc506) C:\Windows\system32\DRIVERS\atikmdag.sys
08:29:06.0767 9156 amdkmdag - ok
08:29:06.0845 9156 amdkmdap (86ab3cf484260c4318f3a6e8b035f422) C:\Windows\system32\DRIVERS\atikmpag.sys
08:29:06.0860 9156 amdkmdap - ok
08:29:06.0876 9156 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
08:29:06.0876 9156 AmdPPM - ok
08:29:06.0892 9156 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:29:06.0907 9156 amdsata - ok
08:29:06.0923 9156 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
08:29:06.0938 9156 amdsbs - ok
08:29:06.0954 9156 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:29:06.0954 9156 amdxata - ok
08:29:07.0001 9156 Amsp (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
08:29:07.0001 9156 Amsp - ok
08:29:07.0032 9156 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:29:07.0032 9156 AppID - ok
08:29:07.0048 9156 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
08:29:07.0063 9156 AppIDSvc - ok
08:29:07.0063 9156 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
08:29:07.0063 9156 Appinfo - ok
08:29:07.0079 9156 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
08:29:07.0079 9156 AppMgmt - ok
08:29:07.0110 9156 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
08:29:07.0110 9156 arc - ok
08:29:07.0110 9156 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
08:29:07.0110 9156 arcsas - ok
08:29:07.0204 9156 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:29:07.0204 9156 aspnet_state - ok
08:29:07.0235 9156 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:29:07.0235 9156 AsyncMac - ok
08:29:07.0266 9156 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:29:07.0266 9156 atapi - ok
08:29:07.0297 9156 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
08:29:07.0297 9156 AtiHDAudioService - ok
08:29:07.0328 9156 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:29:07.0328 9156 AudioEndpointBuilder - ok
08:29:07.0344 9156 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:29:07.0344 9156 AudioSrv - ok
08:29:07.0406 9156 Autodesk Content Service (1992c2a1867d95aa3a0802539358d162) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
08:29:07.0406 9156 Autodesk Content Service - ok
08:29:07.0422 9156 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
08:29:07.0422 9156 AxInstSV - ok
08:29:07.0453 9156 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
08:29:07.0453 9156 b06bdrv - ok
08:29:07.0469 9156 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:29:07.0469 9156 b57nd60a - ok
08:29:07.0500 9156 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
08:29:07.0500 9156 BDESVC - ok
08:29:07.0500 9156 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:29:07.0500 9156 Beep - ok
08:29:07.0547 9156 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
08:29:07.0547 9156 BFE - ok
08:29:07.0594 9156 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
08:29:07.0594 9156 BITS - ok
08:29:07.0625 9156 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:29:07.0625 9156 blbdrive - ok
08:29:07.0687 9156 BOT4Service (2309601e5d37e0304f8bcfb57190756e) C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
08:29:07.0687 9156 BOT4Service - ok
08:29:07.0703 9156 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:29:07.0703 9156 bowser - ok
08:29:07.0718 9156 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
08:29:07.0718 9156 BrFiltLo - ok
08:29:07.0718 9156 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
08:29:07.0734 9156 BrFiltUp - ok
08:29:07.0750 9156 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
08:29:07.0750 9156 BridgeMP - ok
08:29:07.0765 9156 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
08:29:07.0765 9156 Browser - ok
08:29:07.0796 9156 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:29:07.0796 9156 Brserid - ok
08:29:07.0812 9156 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:29:07.0812 9156 BrSerWdm - ok
08:29:07.0828 9156 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:29:07.0828 9156 BrUsbMdm - ok
08:29:07.0859 9156 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:29:07.0859 9156 BrUsbSer - ok
08:29:07.0874 9156 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
08:29:07.0874 9156 BTHMODEM - ok
08:29:07.0906 9156 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
08:29:07.0906 9156 bthserv - ok
08:29:07.0952 9156 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:29:07.0952 9156 cdfs - ok
08:29:07.0984 9156 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
08:29:07.0984 9156 cdrom - ok
08:29:07.0999 9156 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:29:07.0999 9156 CertPropSvc - ok
08:29:08.0015 9156 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
08:29:08.0015 9156 circlass - ok
08:29:08.0030 9156 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:29:08.0030 9156 CLFS - ok
08:29:08.0108 9156 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:29:08.0124 9156 clr_optimization_v2.0.50727_32 - ok
08:29:08.0171 9156 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:29:08.0171 9156 clr_optimization_v2.0.50727_64 - ok
08:29:08.0218 9156 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:29:08.0218 9156 clr_optimization_v4.0.30319_32 - ok
08:29:08.0264 9156 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:29:08.0264 9156 clr_optimization_v4.0.30319_64 - ok
08:29:08.0264 9156 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
08:29:08.0264 9156 CmBatt - ok
08:29:08.0280 9156 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:29:08.0280 9156 cmdide - ok
08:29:08.0327 9156 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
08:29:08.0342 9156 CNG - ok
08:29:08.0342 9156 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
08:29:08.0358 9156 Compbatt - ok
08:29:08.0374 9156 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
08:29:08.0374 9156 CompositeBus - ok
08:29:08.0389 9156 COMSysApp - ok
08:29:08.0389 9156 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
08:29:08.0389 9156 crcdisk - ok
08:29:08.0420 9156 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
08:29:08.0436 9156 CryptSvc - ok
08:29:09.0497 9156 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
08:29:09.0497 9156 CSC - ok
08:29:09.0559 9156 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
08:29:09.0575 9156 CscService - ok
08:29:09.0606 9156 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:29:09.0622 9156 DcomLaunch - ok
08:29:09.0637 9156 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
08:29:09.0637 9156 defragsvc - ok
08:29:09.0715 9156 DellDigitalDelivery (18b5c959cbe24d4d4c2381efb87611de) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
08:29:09.0715 9156 DellDigitalDelivery - ok
08:29:09.0746 9156 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:29:09.0762 9156 DfsC - ok
08:29:09.0778 9156 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
08:29:09.0778 9156 Dhcp - ok
08:29:09.0793 9156 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:29:09.0793 9156 discache - ok
08:29:09.0824 9156 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
08:29:09.0824 9156 Disk - ok
08:29:09.0840 9156 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
08:29:09.0840 9156 dmvsc - ok
08:29:09.0856 9156 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
08:29:09.0856 9156 Dnscache - ok
08:29:09.0871 9156 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
08:29:09.0887 9156 dot3svc - ok
08:29:09.0887 9156 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
08:29:09.0887 9156 DPS - ok
08:29:09.0918 9156 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:29:09.0918 9156 drmkaud - ok
08:29:09.0949 9156 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:29:09.0965 9156 DXGKrnl - ok
08:29:09.0996 9156 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
08:29:09.0996 9156 EapHost - ok
08:29:10.0074 9156 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
08:29:10.0136 9156 ebdrv - ok
08:29:10.0246 9156 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
08:29:10.0246 9156 EFS - ok
08:29:10.0292 9156 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
08:29:10.0308 9156 ehRecvr - ok
08:29:10.0324 9156 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
08:29:10.0324 9156 ehSched - ok
08:29:10.0355 9156 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
08:29:10.0355 9156 elxstor - ok
08:29:10.0370 9156 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:29:10.0370 9156 ErrDev - ok
08:29:10.0402 9156 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
08:29:10.0402 9156 EventSystem - ok
08:29:10.0433 9156 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:29:10.0433 9156 exfat - ok
08:29:10.0448 9156 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:29:10.0448 9156 fastfat - ok
08:29:10.0480 9156 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
08:29:10.0495 9156 Fax - ok
08:29:10.0511 9156 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
08:29:10.0511 9156 fdc - ok
08:29:10.0526 9156 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
08:29:10.0526 9156 fdPHost - ok
08:29:10.0542 9156 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
08:29:10.0542 9156 FDResPub - ok
08:29:10.0558 9156 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:29:10.0558 9156 FileInfo - ok
08:29:10.0573 9156 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:29:10.0573 9156 Filetrace - ok
08:29:10.0651 9156 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:29:10.0667 9156 FLEXnet Licensing Service - ok
08:29:10.0760 9156 FLEXnet Licensing Service 64 (5cee6cd43ae5844c49300ea0b1e557ee) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
08:29:10.0760 9156 FLEXnet Licensing Service 64 - ok
08:29:10.0838 9156 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
08:29:10.0838 9156 flpydisk - ok
08:29:10.0854 9156 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:29:10.0854 9156 FltMgr - ok
08:29:10.0901 9156 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
08:29:10.0916 9156 FontCache - ok
08:29:10.0979 9156 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:29:10.0979 9156 FontCache3.0.0.0 - ok
08:29:10.0994 9156 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:29:11.0010 9156 FsDepends - ok
08:29:11.0026 9156 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
08:29:11.0026 9156 Fs_Rec - ok
08:29:11.0041 9156 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:29:11.0041 9156 fvevol - ok
08:29:11.0057 9156 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
08:29:11.0057 9156 gagp30kx - ok
08:29:11.0088 9156 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
08:29:11.0104 9156 gpsvc - ok
08:29:11.0150 9156 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:29:11.0150 9156 gupdate - ok
08:29:11.0166 9156 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:29:11.0166 9156 gupdatem - ok
08:29:11.0182 9156 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:29:11.0182 9156 hcw85cir - ok
08:29:11.0197 9156 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:29:11.0197 9156 HDAudBus - ok
08:29:11.0213 9156 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
08:29:11.0228 9156 HidBatt - ok
08:29:11.0244 9156 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
08:29:11.0244 9156 HidBth - ok
08:29:11.0275 9156 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
08:29:11.0275 9156 HidIr - ok
08:29:11.0291 9156 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
08:29:11.0291 9156 hidserv - ok
08:29:11.0306 9156 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
08:29:11.0306 9156 HidUsb - ok
08:29:11.0322 9156 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
08:29:11.0322 9156 hkmsvc - ok
08:29:11.0353 9156 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
08:29:11.0353 9156 HomeGroupListener - ok
08:29:11.0369 9156 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
08:29:11.0369 9156 HomeGroupProvider - ok
08:29:11.0400 9156 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:29:11.0400 9156 HpSAMD - ok
08:29:11.0431 9156 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:29:11.0447 9156 HTTP - ok
08:29:11.0462 9156 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:29:11.0462 9156 hwpolicy - ok
08:29:11.0494 9156 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:29:11.0494 9156 i8042prt - ok
08:29:11.0525 9156 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\drivers\iaStor.sys
08:29:11.0525 9156 iaStor - ok
08:29:11.0587 9156 IAStorDataMgrSvc (d41861e56e7552c13674d7f147a02464) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
08:29:11.0587 9156 IAStorDataMgrSvc - ok
08:29:11.0603 9156 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:29:11.0618 9156 iaStorV - ok
08:29:11.0728 9156 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:29:11.0728 9156 idsvc - ok
08:29:11.0759 9156 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
08:29:11.0759 9156 iirsp - ok
08:29:11.0790 9156 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
08:29:11.0806 9156 IKEEXT - ok
08:29:11.0884 9156 IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
08:29:11.0930 9156 IntcAzAudAddService - ok
08:29:12.0008 9156 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
08:29:12.0024 9156 IntcDAud - ok
08:29:12.0024 9156 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:29:12.0024 9156 intelide - ok
08:29:12.0040 9156 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:29:12.0040 9156 intelppm - ok
08:29:12.0071 9156 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
08:29:12.0071 9156 IPBusEnum - ok
08:29:12.0086 9156 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:29:12.0086 9156 IpFilterDriver - ok
08:29:12.0118 9156 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
08:29:12.0118 9156 iphlpsvc - ok
08:29:12.0133 9156 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:29:12.0133 9156 IPMIDRV - ok
08:29:12.0164 9156 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:29:12.0164 9156 IPNAT - ok
08:29:12.0180 9156 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:29:12.0180 9156 IRENUM - ok
08:29:12.0180 9156 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:29:12.0196 9156 isapnp - ok
08:29:12.0211 9156 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:29:12.0211 9156 iScsiPrt - ok
08:29:12.0242 9156 k57nd60a (12e27942dbb7c91880163634b0d8a776) C:\Windows\system32\DRIVERS\k57nd60a.sys
08:29:12.0242 9156 k57nd60a - ok
08:29:12.0274 9156 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:29:12.0274 9156 kbdclass - ok
08:29:12.0289 9156 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
08:29:12.0289 9156 kbdhid - ok
08:29:12.0305 9156 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:29:12.0320 9156 KeyIso - ok
08:29:12.0352 9156 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
08:29:12.0352 9156 KSecDD - ok
08:29:12.0367 9156 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
08:29:12.0367 9156 KSecPkg - ok
08:29:12.0367 9156 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:29:12.0383 9156 ksthunk - ok
08:29:12.0398 9156 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
08:29:12.0398 9156 KtmRm - ok
08:29:12.0445 9156 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
08:29:12.0445 9156 LanmanServer - ok
08:29:12.0461 9156 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
08:29:12.0476 9156 LanmanWorkstation - ok
08:29:12.0492 9156 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:29:12.0492 9156 lltdio - ok
08:29:12.0523 9156 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
08:29:12.0523 9156 lltdsvc - ok
08:29:12.0539 9156 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
08:29:12.0539 9156 lmhosts - ok
08:29:12.0554 9156 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
08:29:12.0554 9156 LSI_FC - ok
08:29:12.0586 9156 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
08:29:12.0586 9156 LSI_SAS - ok
08:29:12.0601 9156 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
08:29:12.0601 9156 LSI_SAS2 - ok
08:29:12.0601 9156 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
08:29:12.0601 9156 LSI_SCSI - ok
08:29:12.0632 9156 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:29:12.0632 9156 luafv - ok
08:29:12.0648 9156 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
08:29:12.0648 9156 Mcx2Svc - ok
08:29:12.0664 9156 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
08:29:12.0664 9156 megasas - ok
08:29:12.0695 9156 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
08:29:12.0695 9156 MegaSR - ok
08:29:12.0742 9156 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
08:29:12.0742 9156 MEIx64 - ok
08:29:12.0820 9156 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
08:29:12.0820 9156 Microsoft Office Groove Audit Service - ok
08:29:12.0851 9156 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:29:12.0851 9156 MMCSS - ok
08:29:12.0866 9156 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:29:12.0866 9156 Modem - ok
08:29:12.0898 9156 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:29:12.0898 9156 monitor - ok
08:29:12.0929 9156 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:29:12.0929 9156 mouclass - ok
08:29:12.0944 9156 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:29:12.0944 9156 mouhid - ok
08:29:12.0960 9156 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:29:12.0960 9156 mountmgr - ok
08:29:12.0976 9156 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:29:12.0976 9156 mpio - ok
08:29:12.0991 9156 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:29:12.0991 9156 mpsdrv - ok
08:29:13.0022 9156 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
08:29:13.0038 9156 MpsSvc - ok
08:29:13.0069 9156 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:29:13.0069 9156 MRxDAV - ok
08:29:13.0085 9156 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:29:13.0085 9156 mrxsmb - ok
08:29:13.0100 9156 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:29:13.0100 9156 mrxsmb10 - ok
08:29:13.0132 9156 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:29:13.0132 9156 mrxsmb20 - ok
08:29:13.0147 9156 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:29:13.0147 9156 msahci - ok
08:29:13.0163 9156 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:29:13.0163 9156 msdsm - ok
08:29:13.0178 9156 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
08:29:13.0194 9156 MSDTC - ok
08:29:13.0210 9156 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:29:13.0210 9156 Msfs - ok
08:29:13.0225 9156 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:29:13.0225 9156 mshidkmdf - ok
08:29:13.0225 9156 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:29:13.0241 9156 msisadrv - ok
08:29:13.0256 9156 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
08:29:13.0256 9156 MSiSCSI - ok
08:29:13.0272 9156 msiserver - ok
08:29:13.0288 9156 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:29:13.0288 9156 MSKSSRV - ok
08:29:13.0303 9156 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:29:13.0303 9156 MSPCLOCK - ok
08:29:13.0319 9156 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:29:13.0319 9156 MSPQM - ok
08:29:13.0334 9156 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:29:13.0350 9156 MsRPC - ok
08:29:13.0366 9156 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
08:29:13.0366 9156 mssmbios - ok
08:29:13.0366 9156 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:29:13.0366 9156 MSTEE - ok
08:29:13.0381 9156 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
08:29:13.0381 9156 MTConfig - ok
08:29:13.0412 9156 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:29:13.0412 9156 Mup - ok
08:29:13.0428 9156 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
08:29:13.0428 9156 napagent - ok
08:29:13.0459 9156 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:29:13.0475 9156 NativeWifiP - ok
08:29:13.0553 9156 NAUpdate (934bb0d23a25c8c136570800a5a149b6) C:\Program Files (x86)\Nero\Update\NASvc.exe
08:29:13.0553 9156 NAUpdate - ok
08:29:13.0600 9156 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
08:29:13.0615 9156 NDIS - ok
08:29:13.0646 9156 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:29:13.0646 9156 NdisCap - ok
08:29:13.0662 9156 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:29:13.0662 9156 NdisTapi - ok
08:29:13.0678 9156 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:29:13.0693 9156 Ndisuio - ok
08:29:13.0709 9156 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:29:13.0709 9156 NdisWan - ok
08:29:13.0740 9156 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:29:13.0740 9156 NDProxy - ok
08:29:13.0756 9156 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:29:13.0756 9156 NetBIOS - ok
08:29:13.0771 9156 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:29:13.0771 9156 NetBT - ok
08:29:13.0787 9156 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:29:13.0787 9156 Netlogon - ok
08:29:13.0802 9156 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
08:29:13.0802 9156 Netman - ok
08:29:13.0927 9156 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:29:13.0927 9156 NetMsmqActivator - ok
08:29:13.0943 9156 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:29:13.0943 9156 NetPipeActivator - ok
08:29:13.0974 9156 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
08:29:13.0974 9156 netprofm - ok
08:29:13.0974 9156 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:29:13.0974 9156 NetTcpActivator - ok
08:29:13.0974 9156 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:29:13.0990 9156 NetTcpPortSharing - ok
08:29:14.0021 9156 netvsc (73ce12b8bdd747b0063cb0a7ef44cea7) C:\Windows\system32\DRIVERS\netvsc60.sys
08:29:14.0021 9156 netvsc - ok
08:29:14.0052 9156 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
08:29:14.0052 9156 nfrd960 - ok
08:29:14.0068 9156 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
08:29:14.0068 9156 NlaSvc - ok
08:29:14.0208 9156 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
08:29:14.0224 9156 NOBU - ok
08:29:14.0302 9156 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:29:14.0302 9156 Npfs - ok
08:29:14.0302 9156 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
08:29:14.0302 9156 nsi - ok
08:29:14.0302 9156 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:29:14.0302 9156 nsiproxy - ok
08:29:14.0364 9156 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:29:14.0411 9156 Ntfs - ok
08:29:14.0442 9156 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:29:14.0442 9156 Null - ok
08:29:14.0458 9156 nusb3hub (f5bc2345e8c89d4e90fafd23a2239935) C:\Windows\system32\DRIVERS\nusb3hub.sys
08:29:14.0458 9156 nusb3hub - ok
08:29:14.0489 9156 nusb3xhc (5d42578241bc2a9b4a64837077436d5f) C:\Windows\system32\DRIVERS\nusb3xhc.sys
08:29:14.0489 9156 nusb3xhc - ok
08:29:14.0520 9156 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:29:14.0520 9156 nvraid - ok
08:29:14.0536 9156 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:29:14.0536 9156 nvstor - ok
08:29:14.0551 9156 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:29:14.0551 9156 nv_agp - ok
08:29:14.0629 9156 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:29:14.0629 9156 odserv - ok
08:29:14.0645 9156 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:29:14.0660 9156 ohci1394 - ok
08:29:14.0692 9156 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:29:14.0692 9156 ose - ok
08:29:14.0723 9156 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:29:14.0723 9156 p2pimsvc - ok
08:29:14.0738 9156 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
08:29:14.0754 9156 p2psvc - ok
08:29:14.0770 9156 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
08:29:14.0770 9156 Parport - ok
08:29:14.0785 9156 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
08:29:14.0801 9156 partmgr - ok
08:29:14.0801 9156 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
08:29:14.0816 9156 PcaSvc - ok
08:29:14.0832 9156 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:29:14.0832 9156 pci - ok
08:29:14.0848 9156 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:29:14.0848 9156 pciide - ok
08:29:14.0879 9156 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
08:29:14.0879 9156 pcmcia - ok
08:29:14.0894 9156 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:29:14.0894 9156 pcw - ok
08:29:14.0926 9156 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:29:14.0926 9156 PEAUTH - ok
08:29:14.0988 9156 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
08:29:15.0004 9156 PeerDistSvc - ok
08:29:15.0066 9156 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
08:29:15.0066 9156 PerfHost - ok
08:29:15.0144 9156 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
08:29:15.0160 9156 pla - ok
08:29:15.0222 9156 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
08:29:15.0222 9156 PlugPlay - ok
08:29:15.0238 9156 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
08:29:15.0238 9156 PNRPAutoReg - ok
08:29:15.0253 9156 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:29:15.0253 9156 PNRPsvc - ok
08:29:15.0284 9156 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
08:29:15.0284 9156 PolicyAgent - ok
08:29:15.0316 9156 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll
08:29:15.0316 9156 Power - ok
08:29:15.0347 9156 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:29:15.0347 9156 PptpMiniport - ok
08:29:15.0362 9156 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
08:29:15.0362 9156 Processor - ok
08:29:15.0394 9156 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
08:29:15.0409 9156 ProfSvc - ok
08:29:15.0425 9156 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:29:15.0425 9156 ProtectedStorage - ok
08:29:15.0440 9156 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:29:15.0440 9156 Psched - ok
08:29:15.0487 9156 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
08:29:15.0487 9156 PxHlpa64 - ok
08:29:15.0534 9156 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
08:29:15.0565 9156 ql2300 - ok
08:29:15.0628 9156 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
08:29:15.0628 9156 ql40xx - ok
08:29:15.0659 9156 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
08:29:15.0659 9156 QWAVE - ok
08:29:15.0674 9156 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:29:15.0674 9156 QWAVEdrv - ok
08:29:15.0690 9156 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:29:15.0690 9156 RasAcd - ok
08:29:15.0721 9156 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:29:15.0721 9156 RasAgileVpn - ok
08:29:15.0737 9156 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
08:29:15.0737 9156 RasAuto - ok
08:29:15.0737 9156 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:29:15.0752 9156 Rasl2tp - ok
08:29:15.0768 9156 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
08:29:15.0768 9156 RasMan - ok
08:29:15.0784 9156 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:29:15.0784 9156 RasPppoe - ok
08:29:15.0815 9156 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:29:15.0815 9156 RasSstp - ok
08:29:15.0830 9156 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:29:15.0830 9156 rdbss - ok
08:29:15.0846 9156 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:29:15.0846 9156 rdpbus - ok
08:29:15.0862 9156 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:29:15.0862 9156 RDPCDD - ok
08:29:15.0877 9156 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
08:29:15.0877 9156 RDPDR - ok
08:29:15.0893 9156 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:29:15.0893 9156 RDPENCDD - ok
08:29:15.0908 9156 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:29:15.0908 9156 RDPREFMP - ok
08:29:15.0940 9156 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
08:29:15.0940 9156 RDPWD - ok
08:29:15.0955 9156 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:29:15.0971 9156 rdyboost - ok
08:29:15.0971 9156 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
08:29:15.0986 9156 RemoteAccess - ok
08:29:15.0986 9156 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
08:29:16.0002 9156 RemoteRegistry - ok
08:29:16.0111 9156 RoxMediaDB13 (053a0d66b1982d93a20062e4da40b29b) C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe
08:29:16.0127 9156 RoxMediaDB13 - ok
08:29:16.0158 9156 RoxWatch12 (495c85b15470374a9499451893742ee6) C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe
08:29:16.0174 9156 RoxWatch12 - ok
08:29:16.0236 9156 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
08:29:16.0236 9156 RpcEptMapper - ok
08:29:16.0252 9156 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
08:29:16.0252 9156 RpcLocator - ok
08:29:16.0267 9156 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:29:16.0283 9156 RpcSs - ok
08:29:16.0314 9156 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:29:16.0314 9156 rspndr - ok
08:29:16.0330 9156 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
08:29:16.0330 9156 s3cap - ok
08:29:16.0361 9156 Sahdad64 (27db9153d259d632d15483deeab799ed) C:\Windows\system32\Drivers\Sahdad64.sys
08:29:16.0361 9156 Sahdad64 - ok
08:29:16.0376 9156 Saibad64 (f77849d909b90bcacfcf7295aecf299b) C:\Windows\system32\Drivers\Saibad64.sys
08:29:16.0376 9156 Saibad64 - ok
08:29:16.0376 9156 SaibVdAd64 (704d415290a568f68de20942dac23f7e) C:\Windows\system32\Drivers\SaibVdAd64.sys
08:29:16.0376 9156 SaibVdAd64 - ok
08:29:16.0392 9156 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:29:16.0392 9156 SamSs - ok
08:29:16.0408 9156 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:29:16.0408 9156 sbp2port - ok
08:29:16.0423 9156 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
08:29:16.0423 9156 SCardSvr - ok
08:29:16.0439 9156 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:29:16.0439 9156 scfilter - ok
08:29:16.0486 9156 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
08:29:16.0501 9156 Schedule - ok
08:29:16.0532 9156 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:29:16.0532 9156 SCPolicySvc - ok
08:29:16.0548 9156 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
08:29:16.0548 9156 SDRSVC - ok
08:29:16.0564 9156 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:29:16.0579 9156 secdrv - ok
08:29:16.0595 9156 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
08:29:16.0595 9156 seclogon - ok
08:29:16.0595 9156 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
08:29:16.0595 9156 SENS - ok
08:29:16.0610 9156 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
08:29:16.0610 9156 SensrSvc - ok
08:29:16.0657 9156 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
08:29:16.0657 9156 Serenum - ok
08:29:16.0673 9156 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
08:29:16.0673 9156 Serial - ok
08:29:16.0704 9156 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
08:29:16.0704 9156 sermouse - ok
08:29:16.0720 9156 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
08:29:16.0735 9156 SessionEnv - ok
08:29:16.0735 9156 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:29:16.0735 9156 sffdisk - ok
08:29:16.0751 9156 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:29:16.0751 9156 sffp_mmc - ok
08:29:16.0751 9156 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:29:16.0751 9156 sffp_sd - ok
08:29:16.0766 9156 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
08:29:16.0766 9156 sfloppy - ok
08:29:16.0891 9156 SftService (421c30c8e686dc41e64881269982b382) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
08:29:16.0907 9156 SftService - ok
08:29:16.0985 9156 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
08:29:17.0000 9156 SharedAccess - ok
08:29:17.0016 9156 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
08:29:17.0016 9156 ShellHWDetection - ok
08:29:17.0047 9156 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
08:29:17.0047 9156 SiSRaid2 - ok
08:29:17.0063 9156 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
08:29:17.0063 9156 SiSRaid4 - ok
08:29:17.0094 9156 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:29:17.0094 9156 Smb - ok
08:29:17.0125 9156 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
08:29:17.0125 9156 SNMPTRAP - ok
08:29:17.0125 9156 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:29:17.0125 9156 spldr - ok
08:29:17.0156 9156 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
08:29:17.0156 9156 Spooler - ok
08:29:17.0250 9156 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
08:29:17.0266 9156 sppsvc - ok
08:29:17.0328 9156 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
08:29:17.0328 9156 sppuinotify - ok
08:29:17.0359 9156 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:29:17.0359 9156 srv - ok
08:29:17.0375 9156 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:29:17.0390 9156 srv2 - ok
08:29:17.0406 9156 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:29:17.0406 9156 srvnet - ok
08:29:17.0422 9156 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
08:29:17.0437 9156 SSDPSRV - ok
08:29:17.0437 9156 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
08:29:17.0453 9156 SstpSvc - ok
08:29:17.0468 9156 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
08:29:17.0468 9156 stexstor - ok
08:29:17.0515 9156 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
08:29:17.0515 9156 stisvc - ok
08:29:17.0531 9156 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
08:29:17.0531 9156 StorSvc - ok
08:29:17.0546 9156 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
08:29:17.0546 9156 storvsc - ok
08:29:17.0562 9156 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
08:29:17.0562 9156 swenum - ok
08:29:17.0593 9156 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
08:29:17.0593 9156 swprv - ok
08:29:17.0609 9156 SynthVid (4cdd7df58730d23ba9cb5829a6e2ecea) C:\Windows\system32\DRIVERS\VMBusVideoM.sys
08:29:17.0609 9156 SynthVid - ok
08:29:17.0656 9156 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
08:29:17.0687 9156 SysMain - ok
08:29:17.0765 9156 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
08:29:17.0765 9156 TabletInputService - ok
08:29:17.0796 9156 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
08:29:17.0796 9156 TapiSrv - ok
08:29:17.0812 9156 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
08:29:17.0812 9156 TBS - ok
08:29:17.0890 9156 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
08:29:17.0921 9156 Tcpip - ok
08:29:17.0999 9156 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
08:29:18.0014 9156 TCPIP6 - ok
08:29:18.0061 9156 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:29:18.0061 9156 tcpipreg - ok
08:29:18.0077 9156 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:29:18.0077 9156 TDPIPE - ok
08:29:18.0092 9156 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
08:29:18.0092 9156 TDTCP - ok
08:29:18.0108 9156 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:29:18.0108 9156 tdx - ok
08:29:18.0124 9156 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
08:29:18.0124 9156 TermDD - ok
08:29:18.0155 9156 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
08:29:18.0170 9156 TermService - ok
08:29:18.0186 9156 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
08:29:18.0186 9156 Themes - ok
08:29:18.0202 9156 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:29:18.0202 9156 THREADORDER - ok
08:29:18.0248 9156 tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\Windows\system32\DRIVERS\tmactmon.sys
08:29:18.0248 9156 tmactmon - ok
08:29:18.0264 9156 tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\Windows\system32\DRIVERS\tmcomm.sys
08:29:18.0280 9156 tmcomm - ok
08:29:18.0295 9156 tmeevw (1161f882b3cfa8076870a09924e0adc2) C:\Windows\system32\DRIVERS\tmeevw.sys
08:29:18.0295 9156 tmeevw - ok
08:29:18.0311 9156 tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\Windows\system32\DRIVERS\tmevtmgr.sys
08:29:18.0311 9156 tmevtmgr - ok
08:29:18.0326 9156 tmnciesc (f0ae672ee91e7f1ef24644621b57ca7f) C:\Windows\system32\DRIVERS\tmnciesc.sys
08:29:18.0342 9156 tmnciesc - ok
08:29:18.0358 9156 tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys
08:29:18.0358 9156 tmtdi - ok
08:29:18.0373 9156 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
08:29:18.0373 9156 TrkWks - ok
08:29:18.0451 9156 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
08:29:18.0451 9156 TrustedInstaller - ok
08:29:18.0467 9156 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:29:18.0467 9156 tssecsrv - ok
08:29:18.0498 9156 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:29:18.0498 9156 TsUsbFlt - ok
08:29:18.0498 9156 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
08:29:18.0498 9156 TsUsbGD - ok
08:29:18.0529 9156 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:29:18.0529 9156 tunnel - ok
08:29:18.0529 9156 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
08:29:18.0545 9156 uagp35 - ok
08:29:18.0560 9156 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:29:18.0560 9156 udfs - ok
08:29:18.0592 9156 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
08:29:18.0592 9156 UI0Detect - ok
08:29:18.0623 9156 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:29:18.0623 9156 uliagpkx - ok
08:29:18.0670 9156 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
08:29:18.0670 9156 umbus - ok
08:29:18.0685 9156 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
08:29:18.0685 9156 UmPass - ok
08:29:18.0701 9156 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
08:29:18.0701 9156 UmRdpService - ok
08:29:18.0732 9156 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
08:29:18.0732 9156 upnphost - ok
08:29:18.0763 9156 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
08:29:18.0763 9156 usbccgp - ok
08:29:18.0779 9156 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:29:18.0779 9156 usbcir - ok
08:29:18.0779 9156 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
08:29:18.0794 9156 usbehci - ok
08:29:18.0810 9156 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:29:18.0810 9156 usbhub - ok
08:29:18.0826 9156 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
08:29:18.0826 9156 usbohci - ok
08:29:18.0841 9156 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
08:29:18.0841 9156 usbprint - ok
08:29:18.0857 9156 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:29:18.0857 9156 USBSTOR - ok
08:29:18.0872 9156 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
08:29:18.0872 9156 usbuhci - ok
08:29:18.0888 9156 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
08:29:18.0888 9156 UxSms - ok
08:29:18.0904 9156 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:29:18.0904 9156 VaultSvc - ok
08:29:18.0919 9156 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:29:18.0919 9156 vdrvroot - ok
08:29:18.0950 9156 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
08:29:18.0950 9156 vds - ok
08:29:18.0966 9156 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:29:18.0966 9156 vga - ok
08:29:18.0982 9156 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:29:18.0997 9156 VgaSave - ok
08:29:19.0013 9156 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:29:19.0013 9156 vhdmp - ok
08:29:19.0013 9156 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:29:19.0028 9156 viaide - ok
08:29:19.0028 9156 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
08:29:19.0028 9156 VMBusHID - ok
08:29:19.0044 9156 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:29:19.0044 9156 volmgr - ok
08:29:19.0060 9156 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:29:19.0060 9156 volmgrx - ok
08:29:19.0075 9156 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:29:19.0075 9156 volsnap - ok
08:29:19.0106 9156 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
08:29:19.0106 9156 vpcbus - ok
08:29:19.0122 9156 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
08:29:19.0122 9156 vpcnfltr - ok
08:29:19.0138 9156 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
08:29:19.0138 9156 vpcusb - ok
08:29:19.0153 9156 vpcvmm (30d4243726a15a14f5c5e45898d14394) C:\Windows\system32\drivers\vpcvmm.sys
08:29:19.0169 9156 vpcvmm - ok
08:29:19.0184 9156 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
08:29:19.0184 9156 vsmraid - ok
08:29:19.0231 9156 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
08:29:19.0231 9156 VSS - ok
08:29:19.0340 9156 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
08:29:19.0340 9156 vwifibus - ok
08:29:19.0372 9156 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
08:29:19.0372 9156 W32Time - ok
08:29:19.0387 9156 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
08:29:19.0387 9156 WacomPen - ok
08:29:19.0418 9156 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:29:19.0418 9156 WANARP - ok
08:29:19.0418 9156 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:29:19.0418 9156 Wanarpv6 - ok
08:29:19.0481 9156 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
08:29:19.0512 9156 WatAdminSvc - ok
08:29:19.0559 9156 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
08:29:19.0574 9156 wbengine - ok
08:29:19.0652 9156 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
08:29:19.0652 9156 WbioSrvc - ok
08:29:19.0668 9156 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
08:29:19.0684 9156 wcncsvc - ok
08:29:19.0684 9156 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
08:29:19.0699 9156 WcsPlugInService - ok
08:29:19.0715 9156 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
08:29:19.0715 9156 Wd - ok
08:29:19.0730 9156 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:29:19.0746 9156 Wdf01000 - ok
08:29:19.0762 9156 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:29:19.0777 9156 WdiServiceHost - ok
08:29:19.0777 9156 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:29:19.0777 9156 WdiSystemHost - ok
08:29:19.0793 9156 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
08:29:19.0793 9156 WebClient - ok
08:29:19.0808 9156 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
08:29:19.0824 9156 Wecsvc - ok
08:29:19.0840 9156 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
08:29:19.0840 9156 wercplsupport - ok
08:29:19.0855 9156 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
08:29:19.0871 9156 WerSvc - ok
08:29:19.0886 9156 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:29:19.0886 9156 WfpLwf - ok
08:29:19.0918 9156 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
08:29:19.0918 9156 WimFltr - ok
08:29:19.0933 9156 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:29:19.0933 9156 WIMMount - ok
08:29:19.0964 9156 WinDefend - ok
08:29:19.0964 9156 WinHttpAutoProxySvc - ok
08:29:20.0027 9156 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
08:29:20.0042 9156 Winmgmt - ok
08:29:20.0089 9156 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
08:29:20.0136 9156 WinRM - ok
08:29:20.0214 9156 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
08:29:20.0230 9156 Wlansvc - ok
08:29:20.0261 9156 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:29:20.0261 9156 wlcrasvc - ok
08:29:20.0386 9156 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:29:20.0401 9156 wlidsvc - ok
08:29:20.0495 9156 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:29:20.0495 9156 WmiAcpi - ok
08:29:20.0542 9156 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
08:29:20.0542 9156 wmiApSrv - ok
08:29:20.0557 9156 WMPNetworkSvc - ok
08:29:20.0573 9156 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
08:29:20.0573 9156 WPCSvc - ok
08:29:20.0588 9156 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
08:29:20.0604 9156 WPDBusEnum - ok
08:29:20.0604 9156 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:29:20.0620 9156 ws2ifsl - ok
08:29:20.0620 9156 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
08:29:20.0620 9156 wscsvc - ok
08:29:20.0635 9156 WSearch - ok
08:29:20.0713 9156 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
08:29:20.0760 9156 wuauserv - ok
08:29:20.0791 9156 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:29:20.0791 9156 WudfPf - ok
08:29:20.0822 9156 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:29:20.0822 9156 WUDFRd - ok
08:29:20.0838 9156 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
08:29:20.0838 9156 wudfsvc - ok
08:29:20.0854 9156 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
08:29:20.0854 9156 WwanSvc - ok
08:29:20.0869 9156 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:29:21.0025 9156 \Device\Harddisk0\DR0 - ok
08:29:21.0025 9156 Boot (0x1200) (07f0ea99f308de005323e00516ac7499) \Device\Harddisk0\DR0\Partition0
08:29:21.0025 9156 \Device\Harddisk0\DR0\Partition0 - ok
08:29:21.0056 9156 Boot (0x1200) (c18cdcf24848af75d8ec601f10d3843c) \Device\Harddisk0\DR0\Partition1
08:29:21.0072 9156 \Device\Harddisk0\DR0\Partition1 - ok
08:29:21.0072 9156 ============================================================
08:29:21.0072 9156 Scan finished
08:29:21.0072 9156 ============================================================
08:29:21.0072 7620 Detected object count: 0
08:29:21.0072 7620 Actual detected object count: 0
08:29:34.0894 8464 Deinitialize success

--------------------------------------------------------------------------------

ASWMbr (7 Aug 12)

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-07 08:32:31
-----------------------------
08:32:31.317 OS Version: Windows x64 6.1.7601 Service Pack 1
08:32:31.317 Number of processors: 8 586 0x2A07
08:32:31.317 ComputerName: ROB UserName:
08:32:32.159 Initialize success
08:33:53.849 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:33:53.849 Disk 0 Vendor: ST310005 JC4A Size: 953869MB BusType: 3
08:33:53.865 Disk 0 MBR read successfully
08:33:53.865 Disk 0 MBR scan
08:33:53.865 Disk 0 Windows 7 default MBR code
08:33:53.865 Disk 0 Partition 1 00 DE Dell Utility MSDOS5.0 39 MB offset 63
08:33:53.880 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 17116 MB offset 81920
08:33:53.896 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 936712 MB offset 35135488
08:33:53.912 Disk 0 scanning C:\Windows\system32\drivers
08:34:00.323 Service scanning
08:34:09.870 Modules scanning
08:34:09.870 Disk 0 trace - called modules:
08:34:09.886 ntoskrnl.exe CLASSPNP.SYS disk.sys Sahdad64.sys iaStor.sys hal.dll
08:34:09.886 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009cb7790]
08:34:09.902 3 CLASSPNP.SYS[fffff88001a5a43f] -> nt!IofCallDriver -> [0xfffffa8009bb6a20]
08:34:09.902 5 Sahdad64.sys[fffff88001de2e25] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007604050]
08:34:09.902 Scan finished successfully
08:34:24.722 Disk 0 MBR has been saved successfully to "C:\Users\Xps8300\Desktop\MBR.dat"
08:34:24.737 The log file has been saved successfully to "C:\Users\Xps8300\Desktop\aswMBR.txt"

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:26 PM

Posted 07 August 2012 - 09:08 AM

Lets continue.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============

#5 robo122

robo122
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 07 August 2012 - 11:22 AM

ComboFix 12-08-07.02 - Xps8300 08/07/2012 12:09:15.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8174.5878 [GMT -4:00]
Running from: c:\users\Xps8300\Desktop\ComboFix.exe
AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 )))))))))))))))))))))))))))))))
.
.
2012-08-07 16:12 . 2012-08-07 16:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-07 16:12 . 2012-08-07 16:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-31 14:53 . 2012-07-31 14:53 -------- d-----w- c:\program files (x86)\ESET
2012-07-18 13:07 . 2012-07-18 13:07 -------- d-----w- c:\users\Xps8300\AppData\Roaming\Catalina Marketing Corp
2012-07-18 13:07 . 2012-07-18 13:07 489712 ----a-w- c:\users\Xps8300\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2012-07-17 13:01 . 2012-07-17 13:01 -------- d-----w- c:\programdata\ATI
2012-07-17 13:01 . 2012-07-17 13:01 -------- d-----w- c:\program files (x86)\AMD APP
2012-07-12 23:02 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 16:36 . 2012-04-10 17:01 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 16:36 . 2012-03-28 07:43 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-13 02:47 . 2012-04-10 17:33 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 17:46 . 2012-05-09 12:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-20 16:56 . 2012-01-30 04:25 71104 ----a-w- c:\windows\CouponPrinter.ocx
2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
2012-06-11 18:29 . 2012-03-09 05:03 24826368 ----a-w- c:\windows\system32\atio6axx.dll
2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-06-11 17:50 . 2012-06-11 17:50 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 17:50 . 2012-06-11 17:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-06-11 17:50 . 2012-06-11 17:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-06-11 17:50 . 2012-06-11 17:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-06-11 17:50 . 2012-06-11 17:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-06-11 17:50 . 2012-06-11 17:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
2012-06-11 17:49 . 2012-06-11 17:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2012-03-28 09:15 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-06-11 17:23 . 2012-03-28 09:15 1090560 ----a-w- c:\windows\system32\aticfx64.dll
2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-06-11 17:16 . 2012-03-28 09:15 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-06-11 17:01 . 2012-03-28 09:15 6914560 ----a-w- c:\windows\system32\atidxx64.dll
2012-06-11 16:51 . 2012-03-28 09:15 4246528 ----a-w- c:\windows\system32\atiumd6a.dll
2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-06-11 16:45 . 2012-03-28 09:15 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll
2012-06-11 16:43 . 2012-03-28 09:15 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-06-11 16:36 . 2012-03-28 09:15 6605824 ----a-w- c:\windows\system32\atiumd64.dll
2012-06-11 16:27 . 2012-03-28 09:15 539136 ----a-w- c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-06-11 16:26 . 2012-03-09 03:58 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-03-09 03:58 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2012-03-28 09:15 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-06-11 16:25 . 2012-03-28 09:15 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-06-11 16:25 . 2012-03-28 09:15 45056 ----a-w- c:\windows\system32\atiu9p64.dll
2012-06-11 16:24 . 2012-03-28 09:15 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-06-02 22:19 . 2012-06-22 12:11 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 12:11 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 12:11 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 12:11 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 12:11 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 12:11 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 12:11 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-22 12:11 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-22 12:11 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-15 12:42 . 2012-05-15 12:42 772552 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-15 12:42 . 2012-04-10 18:46 687560 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Xps8300\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Xps8300\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Xps8300\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-11-03 957440]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" [2010-07-16 307184]
"Desktop Disc Tool"="c:\program files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe" [2010-06-30 477680]
"CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-08-25 84464]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
.
c:\users\Xps8300\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DING!.lnk - c:\program files (x86)\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
Dropbox.lnk - c:\users\Xps8300\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-10 116648]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-07-16 354288]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-12-20 1691848]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-04-10 1431888]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-10 116648]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
R3 RoxMediaDB13;RoxMediaDB13;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-07-16 1099248]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-10 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys [2009-06-02 27120]
S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys [2009-06-02 19952]
S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys [2009-06-02 27632]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2012-04-10 70928]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-06-02 457200]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 BOT4Service;BOT4Service;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-09-13 39408]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-08-02 173056]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-06-08 406056]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-10-27 75264]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-10-27 176640]
S3 tmeevw;tmeevw;c:\windows\system32\DRIVERS\tmeevw.sys [2012-04-10 67344]
S3 tmnciesc;tmnciesc;c:\windows\system32\DRIVERS\tmnciesc.sys [2012-04-10 210704]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 16:36]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-10 20:04]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-10 20:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Xps8300\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Xps8300\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Xps8300\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Xps8300\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 10920552]
"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-11-03 2190704]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-07-06 1304824]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yankees.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: windowsymbols.com\www
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2 192.168.1.1 167.206.254.1 167.206.254.2
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
.
**************************************************************************
.
Completion time: 2012-08-07 12:16:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-07 16:16
.
Pre-Run: 902,856,982,528 bytes free
Post-Run: 903,254,990,848 bytes free
.
- - End Of File - - 0E3508FC5B4EF046430F7CCBBF6E5416

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:26 PM

Posted 08 August 2012 - 07:02 AM

Looking good.

Just one last check.

Third party programs if not up to date can be an open door for an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please let me know if you have any issues with this computer.

#7 robo122

robo122
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 08 August 2012 - 07:25 AM

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Trend Micro Titanium Maximum Security 2012
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Adobe Reader X (10.1.3)
````````Process Check: objlist.exe by Laurent````````
Trend Micro AMSP coreServiceShell.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro AMSP coreFrameworkHost.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


----------------------------------------------------------------------------------------

computer seems to be working ok. never really noticed anything wrong, other than my AV reporting to me that it found a piece of malware. do you think my initial MBAM scan before i contacted you avoided a problem?

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:26 PM

Posted 08 August 2012 - 08:07 AM

Looks like MBAM did it.

All your other logs are clean.

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!

#9 robo122

robo122
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 08 August 2012 - 08:22 AM

all though i have a paid subscription to trend micro, is it worth it to also purchase the real-time coverage of malware-bytes? will they work together with each other? or is it overkill?

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:26 PM

Posted 08 August 2012 - 01:30 PM

These guys are doing a great job in identifying new Rogue programs.
If you can afford I suggest you do.

You will find no obstructions with the present virus protection programs.

#11 robo122

robo122
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 08 August 2012 - 01:34 PM

thanks for your help & advice. do i have an all clear? can i resume my normal activities?

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:26 PM

Posted 09 August 2012 - 07:26 AM

Yes.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users