Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help removing Smitfraud-c from Windows 7 laptop


  • This topic is locked This topic is locked
25 replies to this topic

#1 RobertBobM

RobertBobM

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 26 August 2012 - 12:42 PM

I need your help removing Smitfraud-c (svchost.exe) from my Windows 7 laptop. I first found it last Sunday when I noticed a reference to IP 63.209.69.107 prefacing www.google.com in IE. I downloaded/installed Spybot and Malwarebytes, ran them, they find it, but it keeps coming back after a reboot. Yesterday a PC Tech at a local store tried Combofix and Superantispyware but they couldn't remove it either. This is on the computer I use for my small business so I'm very dependent on it.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:12 PM

Posted 27 August 2012 - 01:27 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 RobertBobM

RobertBobM
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 27 August 2012 - 08:02 AM

Security Check results:

Results of screen317's Security Check version 0.99.46
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 30
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

#4 RobertBobM

RobertBobM
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 27 August 2012 - 08:18 AM

DDS Results: (Note: while DDS was running Malwarebytes blocked svchost.exe from trying to communicate with IP 206.161.121.123)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Moore at 8:08:47 on 2012-08-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2526 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.nativewaters.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111229165820.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
StartupFolder: C:\Users\Moore\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DC2A2BDC-0217-4A8A-9484-34812CA99173} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DC2A2BDC-0217-4A8A-9484-34812CA99173}\F64677966696 : DhcpNameServer = 198.6.1.1 204.117.214.10
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111229165820.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AbsoluteNotifier;Absolute Notifier;C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-8 10408]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-20 655944]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-7 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-9-7 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-9-7 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-9-7 149032]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-21 1153368]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-12-4 656624]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-10 136176]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-7 355440]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-7 355440]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-10 136176]
S3 mfebopk;McAfee Inc. mfebopk;C:\Windows\system32\drivers\mfebopk.sys --> C:\Windows\system32\drivers\mfebopk.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?]
S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-26 01:32:48 20480 ----a-w- C:\Windows\svchost.exe
2012-08-26 00:14:01 -------- d-s---w- C:\ComboFix
2012-08-25 23:41:40 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-25 22:53:47 -------- d-----w- C:\Users\Moore\AppData\Local\{7A22F1E2-1987-40EA-8DA8-DEA4C84A121E}
2012-08-25 21:36:51 -------- d-----w- C:\Users\Moore\AppData\Local\{C0CCD1F9-7CB1-4F83-AC92-12DE10509440}
2012-08-25 21:14:31 -------- d-----w- C:\Users\Moore\AppData\Roaming\SUPERAntiSpyware.com
2012-08-25 21:14:20 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-08-25 21:14:20 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-08-25 21:13:49 208896 ----a-w- C:\Windows\MBR.exe
2012-08-25 21:13:46 98816 ----a-w- C:\Windows\sed.exe
2012-08-25 21:13:46 518144 ----a-w- C:\Windows\SWREG.exe
2012-08-25 21:13:46 256000 ----a-w- C:\Windows\PEV.exe
2012-08-25 21:03:36 -------- d-----w- C:\Users\Moore\AppData\Local\{0369EBE4-514F-482F-A210-FE6750B843A6}
2012-08-25 16:34:42 -------- d-----w- C:\Users\Moore\AppData\Local\{06FD99E9-CABE-47F9-AF01-9D0CDBAD708B}
2012-08-23 12:25:29 -------- d-----w- C:\Users\Moore\AppData\Local\{888D20E3-6F44-40D2-85C3-C32CCD497168}
2012-08-22 03:32:53 -------- d-----w- C:\Users\Moore\AppData\Local\{A9A84F94-0E85-4977-BF40-FECCBE11ADF4}
2012-08-22 03:15:42 -------- d-----w- C:\Users\Moore\AppData\Local\{D5445F96-BF94-4C2B-BF83-696506C40C6F}
2012-08-22 02:33:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-22 02:33:27 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-22 02:33:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-22 02:26:41 -------- d-----w- C:\Users\Moore\AppData\Local\{F254C23F-7580-4BBB-B51A-296723BB2DED}
2012-08-21 16:03:55 -------- d-----w- C:\Users\Moore\AppData\Local\{E22EA15A-2AEA-4262-BFF4-7801BECB0A45}
2012-08-21 15:17:34 -------- d-----w- C:\Users\Moore\AppData\Local\{93CCDAA2-B3C0-41E3-BF7E-85C965CF5FA0}
2012-08-21 13:01:22 -------- d-----w- C:\Users\Moore\AppData\Local\{CE46B12B-1974-4D52-BE87-5C217C0FC68E}
2012-08-21 12:26:47 -------- d-----w- C:\Users\Moore\AppData\Local\{41C9B5F2-6210-4988-85D0-22300F490A43}
2012-08-21 11:33:37 -------- d-----w- C:\Users\Moore\AppData\Local\{E2AB1783-3D4B-43C5-931C-A971DEC64229}
2012-08-21 11:23:09 -------- d-----w- C:\Users\Moore\AppData\Local\{265ACA79-7901-49A3-9A10-2536AF819722}
2012-08-21 04:51:05 -------- d-----w- C:\Users\Moore\AppData\Local\{8FF17917-9DFB-4FAC-9280-E5892F9D438B}
2012-08-21 04:39:27 -------- d-----w- C:\Users\Moore\AppData\Local\{99A76FCC-5AA5-40BD-9B74-2F07F7C3867E}
2012-08-21 04:15:23 -------- d-----w- C:\Users\Moore\AppData\Local\{71A89336-4207-4581-8934-40E0168E5380}
2012-08-21 04:04:19 -------- d-----w- C:\Users\Moore\AppData\Local\{DD23DA17-FF53-484F-AD90-76AA1111D12C}
2012-08-21 03:48:52 -------- d-----w- C:\Users\Moore\AppData\Local\{3FB5E979-95E3-4C32-A2B0-0E4D36B7124B}
2012-08-21 03:35:20 -------- d-----w- C:\Users\Moore\AppData\Local\{76A968B8-FBEB-4653-8770-0AB0453691ED}
2012-08-21 03:23:01 -------- d-----w- C:\Users\Moore\AppData\Local\{750DE727-9A2E-4D69-8A15-41B88506AC6C}
2012-08-21 02:43:03 -------- d-----w- C:\Users\Moore\AppData\Local\{A38AD77F-A4E7-4FA5-8178-7347EE6543B9}
2012-08-21 02:29:59 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-21 02:04:14 -------- d-----w- C:\Users\Moore\AppData\Local\{B3C91EEF-3893-4C62-8537-8993D5D3F582}
2012-08-21 00:16:20 -------- d-----w- C:\Users\Moore\AppData\Local\{F44C885A-A70D-4794-B000-25095FFBCFD2}
2012-08-20 22:42:19 -------- d-----w- C:\Users\Moore\AppData\Local\{09E976D3-F604-4DC1-9CEF-9B82A51E0993}
2012-08-20 21:53:38 -------- d-----w- C:\Users\Moore\AppData\Local\{FBDF088E-DFE1-4A32-96A3-C549A2767B72}
2012-08-20 14:50:36 -------- d-----w- C:\Users\Moore\AppData\Local\{54C57F30-7B21-4CA7-A227-7AB2745FE20D}
2012-08-20 14:27:34 -------- d-----w- C:\Users\Moore\AppData\Local\{3E3034A7-BA33-4204-B839-C5C69812E82E}
2012-08-19 22:45:35 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-19 22:45:35 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-19 22:45:29 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-19 22:45:28 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-19 22:45:24 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-19 22:25:07 -------- d-----w- C:\Users\Moore\AppData\Local\{9826EF0A-495C-46C1-8253-50438CCD1A2C}
2012-08-19 20:19:41 -------- d-----w- C:\Users\Moore\AppData\Roaming\Malwarebytes
2012-08-19 20:19:21 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-19 20:19:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-19 16:34:20 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-08-19 16:34:20 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-08-19 13:11:51 -------- d-----w- C:\Users\Moore\AppData\Roaming\Macrovision
2012-08-19 13:02:49 -------- d-----w- C:\Users\Moore\AppData\Local\{7089B7AF-56C6-44BC-BF14-ECF0466A093B}
2012-08-19 01:01:39 -------- d-----w- C:\Users\Moore\AppData\Local\{FC66D21F-46FE-4873-A270-50B54C704F39}
2012-08-18 12:50:10 -------- d-----w- C:\Users\Moore\AppData\Local\{57280EBB-7A41-4BFF-89FA-6D4D7E99BB11}
2012-08-18 00:49:35 -------- d-----w- C:\Users\Moore\AppData\Local\{8EE4421D-A81D-43A1-BE95-BD98EEABC16F}
2012-08-18 00:29:49 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-08-17 12:48:58 -------- d-----w- C:\Users\Moore\AppData\Local\{F6A96431-E456-40D1-8DB3-14D5315C67C7}
2012-08-17 12:48:44 -------- d-----w- C:\Users\Moore\AppData\Local\{924D27C4-9DF6-4B09-B1E4-FE7E074C8CE9}
2012-08-16 20:01:38 -------- d-----w- C:\Users\Moore\AppData\Local\{4F9B8677-DD41-4A05-BEE4-BFBEF89944E5}
2012-08-16 20:01:16 -------- d-----w- C:\Users\Moore\AppData\Local\{58B1C0F0-1EAE-437F-977A-F4815B217986}
2012-08-16 08:00:50 -------- d-----w- C:\Users\Moore\AppData\Local\{E87A5829-642D-4D77-A99E-798E2078EDE9}
2012-08-16 00:13:00 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-16 00:13:00 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-16 00:12:52 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-15 01:54:11 -------- d-----w- C:\Users\Moore\AppData\Local\{B364E189-FAA4-491F-A35E-AE752857C92E}
2012-08-15 01:53:50 -------- d-----w- C:\Users\Moore\AppData\Local\{8C27335D-A5A1-40DE-87C6-DFA201083F26}
2012-08-14 12:19:33 -------- d-----w- C:\Users\Moore\AppData\Local\{E754E08B-9AE8-412F-93A2-20328426EF51}
2012-08-14 00:18:57 -------- d-----w- C:\Users\Moore\AppData\Local\{CA1C25CB-F580-4C74-85F2-68653FAE3559}
2012-08-13 12:18:22 -------- d-----w- C:\Users\Moore\AppData\Local\{2C5C3378-84B6-4C3F-AD7F-512408A9B5ED}
2012-08-12 18:17:30 -------- d-----w- C:\Users\Moore\AppData\Local\{7E63ED19-2172-47DE-BC16-AD8E1B461677}
2012-08-12 04:00:03 -------- d-----w- C:\Users\Moore\AppData\Local\{DE936419-ACFB-45FF-9E56-A97ED37BEAD9}
2012-08-11 15:52:27 -------- d-----w- C:\Users\Moore\AppData\Local\{02DEDA77-13FE-44C7-B85F-177992C2E8B5}
2012-08-11 03:45:57 -------- d-----w- C:\Users\Moore\AppData\Local\{5C4F4ADC-88BE-4F58-9522-1513ED466A32}
2012-08-10 15:15:18 -------- d-----w- C:\Users\Moore\AppData\Local\{8A73D36B-55FC-4F72-AD65-6B20C1A0F5AE}
2012-08-10 02:57:25 -------- d-----w- C:\Users\Moore\AppData\Local\{2A80B2C6-0E8A-4DA0-93F3-DEA55677A34A}
2012-08-09 14:54:50 -------- d-----w- C:\Users\Moore\AppData\Local\{BE5AFC9D-81BC-46FA-8D98-D2B4199F9EF5}
2012-08-09 01:15:52 -------- d-----w- C:\Users\Moore\AppData\Local\{A63EC95D-0FC8-4CC9-B86A-E1F925D6D1FA}
2012-08-09 01:15:33 -------- d-----w- C:\Users\Moore\AppData\Local\{A7FCE12B-8852-41F5-AB03-9F86CC829139}
2012-08-08 12:52:26 -------- d-----w- C:\Users\Moore\AppData\Local\{756C50B1-D242-42A8-93CD-4480AF5F1547}
2012-08-08 00:31:40 -------- d-----w- C:\Users\Moore\AppData\Local\{27BB4EA0-1F0B-4EA6-A363-3105F250F8E5}
2012-08-07 11:40:24 -------- d-----w- C:\Users\Moore\AppData\Local\{A9F2B2D3-024C-40EA-BD8D-63093F233FDB}
2012-08-06 03:04:28 -------- d-----w- C:\Users\Moore\AppData\Local\{8E43C7D0-4503-4323-BAC6-FA75F671793C}
2012-08-05 14:48:01 -------- d-----w- C:\Users\Moore\AppData\Local\{28BC07A4-D971-4BE0-B6BA-887CF1D71934}
2012-08-05 02:02:19 -------- d-----w- C:\Users\Moore\AppData\Local\{490E4F7E-CB0F-4A4B-9BAA-C327830A2A24}
2012-08-05 02:02:04 -------- d-----w- C:\Users\Moore\AppData\Local\{1ADDED2C-001F-4E62-920A-8F535DE9480C}
2012-08-04 13:06:50 -------- d-----w- C:\Users\Moore\AppData\Local\{82EC2D26-45AE-447E-B66B-0B106EEFF1C3}
2012-08-04 01:06:15 -------- d-----w- C:\Users\Moore\AppData\Local\{AF0FCD91-A54A-4E43-9830-40BCA895AD33}
2012-08-03 13:05:40 -------- d-----w- C:\Users\Moore\AppData\Local\{17F20C86-7D22-4A2B-BB88-094E18CBD04C}
2012-08-03 00:25:12 -------- d-----w- C:\Users\Moore\AppData\Local\{0A56DA8D-C2F1-4421-8C6F-344556C5DAB5}
2012-08-02 12:24:37 -------- d-----w- C:\Users\Moore\AppData\Local\{2F3CB5DA-E552-4385-B4F9-0E3C6F40301D}
2012-08-02 00:24:00 -------- d-----w- C:\Users\Moore\AppData\Local\{37FC07E3-6629-4D67-8EFC-2376C703CDEE}
2012-08-01 11:58:07 -------- d-----w- C:\Users\Moore\AppData\Local\{FA6DC904-2CB2-4199-8441-369D2E7A7FFC}
2012-08-01 11:57:53 -------- d-----w- C:\Users\Moore\AppData\Local\{2C750ED7-BBC2-4CB4-9CE3-2A82F87EB821}
2012-07-31 16:49:55 -------- d-----w- C:\Users\Moore\AppData\Local\{A5173E98-F440-4E42-AC35-1B18A0AFEE30}
2012-07-31 01:46:19 -------- d-----w- C:\Users\Moore\AppData\Local\{C42E9662-5430-4C40-82D5-D5D969EAB072}
2012-07-30 13:45:43 -------- d-----w- C:\Users\Moore\AppData\Local\{AA05F3C5-59AC-4370-9334-0A6E942E197F}
2012-07-30 01:45:08 -------- d-----w- C:\Users\Moore\AppData\Local\{7D5BAA64-8688-4EC9-A657-A0D23C991E68}
2012-07-29 13:44:33 -------- d-----w- C:\Users\Moore\AppData\Local\{6507B78B-2241-4FF2-AF32-1C5043F5F136}
2012-07-29 01:43:58 -------- d-----w- C:\Users\Moore\AppData\Local\{7329E891-B5C0-4D5D-A6D9-C7C91D575591}
2012-07-28 13:26:27 -------- d-----w- C:\Users\Moore\AppData\Local\{6C8080E0-22C6-4DB0-BE60-E393A1F730AE}
.
==================== Find3M ====================
.
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-07 01:59:42 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 8:11:49.97 ===============

#5 RobertBobM

RobertBobM
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 27 August 2012 - 08:31 AM

Attach.txt from DDS: (Malwarebytes blocked attempt by svchost.exe to communicate with IP 206.161.121.123.). I am disconnecting from the internet after downloading each time.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/10/2009 5:37:58 PM
System Uptime: 8/27/2012 7:35:00 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0G848F
Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz | Microprocessor | 1197/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 233.705 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP157: 7/8/2012 2:03:32 PM - Scheduled Checkpoint
RP158: 7/12/2012 3:00:46 AM - Windows Update
RP159: 7/25/2012 9:47:25 PM - Scheduled Checkpoint
RP160: 8/2/2012 1:13:41 PM - Scheduled Checkpoint
RP161: 8/9/2012 6:37:35 PM - Scheduled Checkpoint
RP162: 8/16/2012 3:00:44 AM - Windows Update
RP163: 8/19/2012 5:28:08 PM - Windows Update
RP164: 8/19/2012 10:27:10 PM - Windows Update
RP165: 8/19/2012 11:12:49 PM - Windows Update
RP166: 8/20/2012 1:13:52 AM - Restore Operation
RP167: 8/20/2012 10:59:28 PM - Windows Update
RP168: 8/21/2012 9:56:25 PM - Windows Update
RP169: 8/25/2012 4:14:04 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 3 (SP3)
Absolute Notifier
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1.2
Advanced Audio FX Engine
Banctec Service Agreement
Bing Bar
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Webcam Central
Google Earth Plug-in
Google SketchUp 8
Google SketchUp Viewer
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
Intel® Rapid Storage Technology
Internet TV for Windows Media Center
Java Auto Updater
Java™ 6 Update 30
Junk Mail filter update
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.62.0.1300
McAfee SecurityCenter
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSVCRT
MSVCRT_amd64
PowerDVD DX
Roxio Burn
Roxio Update Manager
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype Toolbars
Skype™ 5.5
Spybot - Search & Destroy
System Requirements Lab for Intel
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
.
==== Event Viewer Messages From Past Week ========
.
8/27/2012 7:18:04 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {00020827-0000-0000-C000-000000000046}. The error: "740" Happened while starting this command: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE -Embedding
8/26/2012 7:48:13 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/26/2012 7:48:13 AM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
8/26/2012 7:48:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
8/25/2012 8:18:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
8/25/2012 8:18:19 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/25/2012 6:26:28 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
8/25/2012 6:25:14 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/25/2012 6:23:37 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/25/2012 4:51:41 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
8/25/2012 4:11:33 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
8/25/2012 11:36:29 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
8/20/2012 11:48:50 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/20/2012 11:46:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
8/20/2012 11:43:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/20/2012 11:43:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/20/2012 11:43:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/20/2012 11:43:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/20/2012 11:42:58 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
8/20/2012 11:42:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
8/20/2012 1:17:07 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
8/20/2012 1:14:29 AM, Error: Service Control Manager [7038] - The lmhosts service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/20/2012 1:14:29 AM, Error: Service Control Manager [7000] - The TCP/IP NetBIOS Helper service failed to start due to the following error: The service did not start due to a logon failure.
.
==== End Of File ===========================

#6 RobertBobM

RobertBobM
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 27 August 2012 - 08:55 AM

Thank you for your help with this.
Each time I boot the infected laptop, I have to stop/start McAfee's firewall, in order to access the internet. (Maybe that helps contain it.)
While running DDS, Malwarebytes was active. If I need to rerun please let me know.
Also, each time I shut down, the shutdown script mentions waiting for a background process to end. But doesn't list the name of the process.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:12 PM

Posted 27 August 2012 - 01:17 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 RobertBobM

RobertBobM
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 27 August 2012 - 05:48 PM

ComboFix Log file:

ComboFix 12-08-25.04 - Moore 08/27/2012 16:38:24.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2633 [GMT -5:00]
Running from: c:\users\Moore\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Moore\GoToAssistDownloadHelper.exe
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-27 to 2012-08-27 )))))))))))))))))))))))))))))))
.
.
2012-08-27 21:54 . 2012-08-27 21:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-27 21:54 . 2012-08-27 21:54 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-08-25 21:14 . 2012-08-25 21:14 -------- d-----w- c:\users\Moore\AppData\Roaming\SUPERAntiSpyware.com
2012-08-25 21:14 . 2012-08-25 21:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-25 21:14 . 2012-08-25 21:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-22 02:33 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-22 02:33 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-22 02:33 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-22 02:33 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-21 02:29 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-19 22:45 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-19 22:45 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-19 22:45 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-19 22:45 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-19 22:45 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-19 20:19 . 2012-08-19 20:19 -------- d-----w- c:\users\Moore\AppData\Roaming\Malwarebytes
2012-08-19 20:19 . 2012-08-19 20:19 -------- d-----w- c:\programdata\Malwarebytes
2012-08-19 20:19 . 2012-08-21 03:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-19 17:31 . 2012-08-19 22:03 -------- d-----w- c:\users\Administrator.Moore-PC
2012-08-19 16:34 . 2012-08-27 20:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-19 16:34 . 2012-08-21 13:38 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-08-19 13:11 . 2012-08-19 13:11 -------- d-----w- c:\users\Moore\AppData\Roaming\Macrovision
2012-08-18 01:34 . 2012-08-18 01:34 -------- d-----w- c:\windows\system32\Macromed
2012-08-18 00:29 . 2012-08-18 00:29 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-16 00:13 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-16 00:13 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-16 00:12 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-21 03:59 . 2009-12-13 12:47 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-06-09 05:43 . 2012-07-11 12:24 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-07 01:59 . 2012-06-07 01:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 12:24 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 12:24 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 12:24 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 12:24 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 12:24 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 12:24 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 12:37 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 12:37 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 12:37 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 12:37 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 12:37 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 12:37 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 12:37 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-21 12:37 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-21 12:37 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 12:24 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 12:24 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 12:24 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 12:24 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 12:24 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 12:24 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 12:24 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 12:24 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 12:24 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-19 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 19550344]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-09-11 1779952]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1486392]
"Absolute Notifier"="c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2010-10-08 86184]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2012-03-08 4280184]
.
c:\users\Moore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-11 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-11 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 94992]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-14 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-04-14 75160]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-04-14 283744]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-08 10408]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-04-14 149032]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-09-17 656624]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 63056]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 441840]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-11 02:38]
.
2012-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-11 02:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.nativewaters.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-08-27 17:04:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-27 22:04
ComboFix2.txt 2012-08-25 23:34
.
Pre-Run: 250,963,857,408 bytes free
Post-Run: 250,879,279,104 bytes free
.
- - End Of File - - AFA376E137BC46C28CFD10AA0DB12009

Problems I had during this boot/running...
Before running ComboFix:
1) When I first tried to boot the PC it failed to boot. Instead I received the message "Your Computer was unable to start, Startup Repair checking your system for problems. I wrote down everything it said if you want that. But the one problem it reported was "Root Cause Found: Boot Critical File: c:\windows\System32\kdcom.dll is corrupt".
Repair Action File Repair, result failed Error Code 0x490
Repair Action System Restore, result failed Error Code 0x1f
Repair Action System Files Integrity Check, result failed Error Code 0x490
But then it booted ok.
Once it was up, Malwarebytes blocked svchost.exe trying to communicate with IP 206.161.121.126
Then McAfee blocked a program on this laptop (winrscmde - location: \\.\globalroot\systemroot\svchost.exe) trying to accept an incoming connection from the internet
Then Malwarebytes blocked svchost.exe again trying to communicate with IP 206.161.121.126
I stopped Spybot, Malwarebytes, SuperAntispyware, McAfee, etc., then downloaded ComboFix and stopped the internet connection. I forgot to stop McAfee Anti-Virus and Anti-Spyware before starting ComboFix, so it gave me a reminder message.
> After running ComboFix, I received the msg "Illegal Operation Attempted..." so I rebooted as per the instructions.
> Once the system was back up, Spybot kicked in and started flagging several attempted registry changes (for example: WinLogon Shell (old) explorer.exe to (new) Explorer.exe); SSToasterLauncher (sp?), Default User Name, GoToAssist, igfxcui, etc. Spyboy's "Denychange" button was greyed out on most of the changes so they all probably got applied.

HOW it's doing now:
> Now When I go to START and search on "svchost, I see only one instance of svchost.exe running (I think that's good.)It's properties show to be Microsoft Corporation, file version 6.1.7600.16385, Date created 7/13/2009 @ 6:31pm, size 26.5 kb.

What would you like for me to do next? I won't run Spybot or Malwarebytes to search for Smitfraud-c or instances of svchost.exe until you say it's okay to do so.
In the time it's taken for me to key this, Malwarebytes, Spybot, and McAfee have not given me any warnings of attempted communications by svchost.exe.

#9 RobertBobM

RobertBobM
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 27 August 2012 - 08:15 PM

I rebooted 2 times. Each time I checked for svchost.exe and see only one program by that name running - showing to be the Host Process for Windows Services I mentioned in the previous reply. (Previously 2 or more pgms named svchost.exe running)
Both times Spybot caught 3 registry changes (they were greyed out (ghosted out) so I allowed them):
1) ActiveX Distribution Unit, value deleted, {CAFEEFFAC-0016-0000-0014-ABCDEFFEDCB...
2) WINLOGON Notifiers, value deleted, 'GoToAssist'
3) WINLOGON Notifiers, value deleted, 'igfxcui'

#10 RobertBobM

RobertBobM
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 28 August 2012 - 08:12 AM

This morning at 7:18am CST, Malwarebytes displayed a msg saying it identified a TrojanAgent c:\windows\svchost.exe; I selected "Quarantine" for it. In the Malwarebytes log, the time shows as 12:18pm, not the local time of 7:18am)

About 10-15 minutes before that message from Malwarebytes, I checked for svchost.exe by START / Search "svchost.exe" and the only one that showed was the one with properties of Host Process for Windows Services, File Version 6.1.7600.16385, 26.5 kb, date/time= 7/13/09 @ 6:31pm.

After the Malwarebytes msg, I rechecked START / Search "svchost.exe" and had the same results... only one svchost.exe with the same properties

In Task Manager, processes from all users, 11 svchost.exe occurrences show up. All 11 described as Host Process for Windows Services. (3 user name = NETWORK SERVICE, 5 user name = LOCAL SERVICE, 3 user name = SYSTEM)
Also one svchost.exe*32, description = winrscmde (user name = SYSTEM)

The infected laptop has been off the internet since running ComboFix

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:12 PM

Posted 28 August 2012 - 07:11 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 RobertBobM

RobertBobM
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 29 August 2012 - 01:11 AM

TDSSKILLER ran twice: (The first scan requested a reboot at the completion of the scan. Then after the reboot TDSSKILLER presented the SCAN screen again so I clicked SCAN again. The first scan found infected bootkit. Both log files follow:
TDSKILLER FIRST SCAN Log:
21:54:10.0813 2072 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
21:54:10.0860 2072 ============================================================
21:54:10.0860 2072 Current date / time: 2012/08/28 21:54:10.0860
21:54:10.0860 2072 SystemInfo:
21:54:10.0860 2072
21:54:10.0860 2072 OS Version: 6.1.7601 ServicePack: 1.0
21:54:10.0860 2072 Product type: Workstation
21:54:10.0860 2072 ComputerName: MOORE-PC
21:54:10.0860 2072 UserName: Moore
21:54:10.0860 2072 Windows directory: C:\Windows
21:54:10.0860 2072 System windows directory: C:\Windows
21:54:10.0860 2072 Running under WOW64
21:54:10.0860 2072 Processor architecture: Intel x64
21:54:10.0860 2072 Number of processors: 2
21:54:10.0860 2072 Page size: 0x1000
21:54:10.0860 2072 Boot type: Normal boot
21:54:10.0860 2072 ============================================================
21:54:11.0359 2072 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:54:11.0359 2072 ============================================================
21:54:11.0359 2072 \Device\Harddisk0\DR0:
21:54:11.0359 2072 MBR partitions:
21:54:11.0359 2072 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
21:54:11.0359 2072 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
21:54:11.0359 2072 ============================================================
21:54:11.0390 2072 C: <-> \Device\Harddisk0\DR0\Partition2
21:54:11.0390 2072 ============================================================
21:54:11.0390 2072 Initialize success
21:54:11.0390 2072 ============================================================
21:54:18.0473 1060 ============================================================
21:54:18.0473 1060 Scan started
21:54:18.0473 1060 Mode: Manual;
21:54:18.0473 1060 ============================================================
21:54:19.0346 1060 ================ Scan system memory ========================
21:54:19.0346 1060 System memory - ok
21:54:19.0346 1060 ================ Scan services =============================
21:54:19.0440 1060 [ 7D9D615201A483D6FA99491C2E655A5A ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
21:54:19.0440 1060 !SASCORE - ok
21:54:19.0627 1060 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:54:19.0690 1060 1394ohci - ok
21:54:19.0783 1060 [ 426E0E8127BAC7D5DDEE8251F104E053 ] AbsoluteNotifier C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
21:54:19.0783 1060 AbsoluteNotifier - ok
21:54:19.0830 1060 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:54:19.0830 1060 ACPI - ok
21:54:19.0877 1060 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:54:19.0939 1060 AcpiPmi - ok
21:54:20.0002 1060 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:54:20.0049 1060 adp94xx - ok
21:54:20.0095 1060 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:54:20.0127 1060 adpahci - ok
21:54:20.0189 1060 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:54:20.0205 1060 adpu320 - ok
21:54:20.0251 1060 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:54:20.0251 1060 AeLookupSvc - ok
21:54:20.0314 1060 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:54:20.0329 1060 AFD - ok
21:54:20.0392 1060 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:54:20.0392 1060 agp440 - ok
21:54:20.0423 1060 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:54:20.0439 1060 ALG - ok
21:54:20.0470 1060 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:54:20.0470 1060 aliide - ok
21:54:20.0517 1060 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:54:20.0517 1060 amdide - ok
21:54:20.0548 1060 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:54:20.0563 1060 AmdK8 - ok
21:54:20.0610 1060 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:54:20.0610 1060 AmdPPM - ok
21:54:20.0688 1060 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:54:20.0751 1060 amdsata - ok
21:54:20.0782 1060 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:54:20.0797 1060 amdsbs - ok
21:54:20.0813 1060 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:54:20.0813 1060 amdxata - ok
21:54:20.0860 1060 [ 1412E9A88FE1F7E35CE6058A2EF03664 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
21:54:20.0922 1060 ApfiltrService - ok
21:54:20.0985 1060 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:54:21.0047 1060 AppID - ok
21:54:21.0078 1060 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:54:21.0094 1060 AppIDSvc - ok
21:54:21.0141 1060 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:54:21.0141 1060 Appinfo - ok
21:54:21.0203 1060 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:54:21.0219 1060 arc - ok
21:54:21.0250 1060 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:54:21.0265 1060 arcsas - ok
21:54:21.0328 1060 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:54:21.0328 1060 AsyncMac - ok
21:54:21.0359 1060 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:54:21.0375 1060 atapi - ok
21:54:21.0453 1060 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:54:21.0468 1060 AudioEndpointBuilder - ok
21:54:21.0484 1060 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:54:21.0499 1060 AudioSrv - ok
21:54:21.0546 1060 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:54:21.0593 1060 AxInstSV - ok
21:54:21.0702 1060 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:54:21.0733 1060 b06bdrv - ok
21:54:21.0811 1060 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:54:21.0827 1060 b57nd60a - ok
21:54:21.0921 1060 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
21:54:21.0921 1060 BBSvc - ok
21:54:21.0952 1060 [ E001DD475A7C27EBE5A0DB45C11BAD71 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
21:54:22.0014 1060 BCM42RLY - ok
21:54:22.0123 1060 [ 37394D3553E220FB732C21E217E1BD8B ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
21:54:22.0233 1060 BCM43XX - ok
21:54:22.0295 1060 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:54:22.0295 1060 BDESVC - ok
21:54:22.0342 1060 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:54:22.0342 1060 Beep - ok
21:54:22.0467 1060 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:54:22.0482 1060 BFE - ok
21:54:22.0545 1060 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
21:54:22.0576 1060 BITS - ok
21:54:22.0623 1060 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:54:22.0669 1060 blbdrive - ok
21:54:22.0732 1060 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:54:22.0732 1060 bowser - ok
21:54:22.0794 1060 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:54:22.0794 1060 BrFiltLo - ok
21:54:22.0857 1060 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:54:22.0857 1060 BrFiltUp - ok
21:54:22.0919 1060 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:54:22.0919 1060 BridgeMP - ok
21:54:23.0247 1060 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:54:23.0262 1060 Browser - ok
21:54:23.0449 1060 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:54:23.0465 1060 Brserid - ok
21:54:23.0543 1060 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:54:23.0543 1060 BrSerWdm - ok
21:54:23.0574 1060 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:54:23.0590 1060 BrUsbMdm - ok
21:54:23.0621 1060 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:54:23.0637 1060 BrUsbSer - ok
21:54:23.0683 1060 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:54:23.0683 1060 BTHMODEM - ok
21:54:23.0761 1060 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:54:23.0761 1060 bthserv - ok
21:54:23.0808 1060 catchme - ok
21:54:23.0839 1060 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:54:23.0839 1060 cdfs - ok
21:54:23.0917 1060 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
21:54:23.0964 1060 cdrom - ok
21:54:24.0073 1060 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:54:24.0073 1060 CertPropSvc - ok
21:54:24.0120 1060 [ 676535B3156FECF7133CF80B4D2F6CF7 ] cfwids C:\Windows\system32\drivers\cfwids.sys
21:54:24.0120 1060 cfwids - ok
21:54:24.0167 1060 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:54:24.0183 1060 circlass - ok
21:54:24.0229 1060 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:54:24.0245 1060 CLFS - ok
21:54:24.0385 1060 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:54:24.0385 1060 clr_optimization_v2.0.50727_32 - ok
21:54:24.0432 1060 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:54:24.0448 1060 clr_optimization_v2.0.50727_64 - ok
21:54:24.0541 1060 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:54:24.0573 1060 clr_optimization_v4.0.30319_32 - ok
21:54:24.0604 1060 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:54:24.0619 1060 clr_optimization_v4.0.30319_64 - ok
21:54:24.0635 1060 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:54:24.0651 1060 CmBatt - ok
21:54:24.0713 1060 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:54:24.0713 1060 cmdide - ok
21:54:24.0775 1060 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:54:24.0791 1060 CNG - ok
21:54:24.0822 1060 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:54:24.0822 1060 Compbatt - ok
21:54:24.0869 1060 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:54:24.0916 1060 CompositeBus - ok
21:54:24.0931 1060 COMSysApp - ok
21:54:24.0963 1060 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:54:24.0963 1060 crcdisk - ok
21:54:25.0009 1060 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:54:25.0056 1060 CryptSvc - ok
21:54:25.0087 1060 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
21:54:25.0150 1060 CtClsFlt - ok
21:54:25.0181 1060 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:54:25.0212 1060 DcomLaunch - ok
21:54:25.0259 1060 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:54:25.0259 1060 defragsvc - ok
21:54:25.0306 1060 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:54:25.0306 1060 DfsC - ok
21:54:25.0353 1060 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:54:25.0368 1060 Dhcp - ok
21:54:25.0399 1060 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:54:25.0399 1060 discache - ok
21:54:25.0446 1060 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:54:25.0446 1060 Disk - ok
21:54:25.0493 1060 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:54:25.0493 1060 Dnscache - ok
21:54:25.0571 1060 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
21:54:25.0571 1060 DockLoginService - ok
21:54:25.0618 1060 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:54:25.0665 1060 dot3svc - ok
21:54:25.0711 1060 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:54:25.0727 1060 DPS - ok
21:54:25.0758 1060 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:54:25.0774 1060 drmkaud - ok
21:54:25.0821 1060 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:54:25.0930 1060 DXGKrnl - ok
21:54:25.0961 1060 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:54:25.0961 1060 EapHost - ok
21:54:26.0070 1060 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:54:26.0211 1060 ebdrv - ok
21:54:26.0226 1060 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:54:26.0242 1060 EFS - ok
21:54:26.0304 1060 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:54:26.0382 1060 ehRecvr - ok
21:54:26.0398 1060 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:54:26.0413 1060 ehSched - ok
21:54:26.0445 1060 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:54:26.0460 1060 elxstor - ok
21:54:26.0476 1060 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:54:26.0491 1060 ErrDev - ok
21:54:26.0554 1060 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:54:26.0569 1060 EventSystem - ok
21:54:26.0601 1060 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:54:26.0616 1060 exfat - ok
21:54:26.0632 1060 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:54:26.0647 1060 fastfat - ok
21:54:26.0741 1060 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:54:26.0772 1060 Fax - ok
21:54:26.0788 1060 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:54:26.0803 1060 fdc - ok
21:54:26.0819 1060 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:54:26.0819 1060 fdPHost - ok
21:54:26.0835 1060 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:54:26.0835 1060 FDResPub - ok
21:54:26.0850 1060 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:54:26.0850 1060 FileInfo - ok
21:54:26.0866 1060 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:54:26.0881 1060 Filetrace - ok
21:54:26.0897 1060 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:54:26.0897 1060 flpydisk - ok
21:54:26.0959 1060 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:54:26.0959 1060 FltMgr - ok
21:54:27.0037 1060 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:54:27.0069 1060 FontCache - ok
21:54:27.0115 1060 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:54:27.0193 1060 FontCache3.0.0.0 - ok
21:54:27.0193 1060 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:54:27.0209 1060 FsDepends - ok
21:54:27.0240 1060 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:54:27.0303 1060 Fs_Rec - ok
21:54:27.0334 1060 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:54:27.0349 1060 fvevol - ok
21:54:27.0365 1060 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:54:27.0381 1060 gagp30kx - ok
21:54:27.0443 1060 [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
21:54:27.0443 1060 GameConsoleService - ok
21:54:27.0459 1060 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
21:54:27.0474 1060 GoToAssist - ok
21:54:27.0568 1060 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:54:27.0583 1060 gpsvc - ok
21:54:27.0693 1060 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:54:27.0693 1060 gupdate - ok
21:54:27.0708 1060 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:54:27.0708 1060 gupdatem - ok
21:54:27.0786 1060 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:54:27.0786 1060 gusvc - ok
21:54:27.0817 1060 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:54:27.0817 1060 hcw85cir - ok
21:54:27.0864 1060 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:54:27.0864 1060 HDAudBus - ok
21:54:27.0880 1060 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:54:27.0880 1060 HidBatt - ok
21:54:27.0911 1060 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:54:27.0911 1060 HidBth - ok
21:54:27.0942 1060 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:54:27.0942 1060 HidIr - ok
21:54:27.0973 1060 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
21:54:27.0973 1060 hidserv - ok
21:54:28.0005 1060 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
21:54:28.0051 1060 HidUsb - ok
21:54:28.0083 1060 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:54:28.0083 1060 hkmsvc - ok
21:54:28.0114 1060 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:54:28.0129 1060 HomeGroupListener - ok
21:54:28.0176 1060 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:54:28.0176 1060 HomeGroupProvider - ok
21:54:28.0192 1060 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:54:28.0239 1060 HpSAMD - ok
21:54:28.0317 1060 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:54:28.0332 1060 HTTP - ok
21:54:28.0379 1060 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:54:28.0379 1060 hwpolicy - ok
21:54:28.0410 1060 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:54:28.0426 1060 i8042prt - ok
21:54:28.0488 1060 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:54:28.0488 1060 IAANTMON - ok
21:54:28.0551 1060 [ 4F6FB2CDBDEEFC47E7D2066E78254580 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:54:28.0566 1060 iaStor - ok
21:54:28.0629 1060 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:54:28.0722 1060 iaStorV - ok
21:54:28.0800 1060 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:54:28.0894 1060 idsvc - ok
21:54:29.0097 1060 [ BABD5F9B2BCC82CE556A0BAF1AE208A7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:54:29.0346 1060 igfx - ok
21:54:29.0377 1060 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:54:29.0393 1060 iirsp - ok
21:54:29.0440 1060 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:54:29.0487 1060 IKEEXT - ok
21:54:29.0502 1060 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:54:29.0518 1060 intelide - ok
21:54:29.0549 1060 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:54:29.0549 1060 intelppm - ok
21:54:29.0565 1060 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:54:29.0580 1060 IPBusEnum - ok
21:54:29.0658 1060 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:54:29.0736 1060 IpFilterDriver - ok
21:54:29.0767 1060 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:54:29.0783 1060 iphlpsvc - ok
21:54:29.0830 1060 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:54:29.0877 1060 IPMIDRV - ok
21:54:29.0892 1060 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:54:29.0908 1060 IPNAT - ok
21:54:29.0939 1060 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:54:29.0939 1060 IRENUM - ok
21:54:29.0955 1060 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:54:29.0955 1060 isapnp - ok
21:54:29.0986 1060 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:54:30.0033 1060 iScsiPrt - ok
21:54:30.0048 1060 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:54:30.0064 1060 kbdclass - ok
21:54:30.0111 1060 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:54:30.0157 1060 kbdhid - ok
21:54:30.0173 1060 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:54:30.0189 1060 KeyIso - ok
21:54:30.0220 1060 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:54:30.0220 1060 KSecDD - ok
21:54:30.0267 1060 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:54:30.0267 1060 KSecPkg - ok
21:54:30.0313 1060 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:54:30.0313 1060 ksthunk - ok
21:54:30.0376 1060 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:54:30.0391 1060 KtmRm - ok
21:54:30.0454 1060 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:54:30.0469 1060 LanmanServer - ok
21:54:30.0501 1060 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:54:30.0501 1060 LanmanWorkstation - ok
21:54:30.0547 1060 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:54:30.0547 1060 lltdio - ok
21:54:30.0594 1060 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:54:30.0610 1060 lltdsvc - ok
21:54:30.0625 1060 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:54:30.0625 1060 lmhosts - ok
21:54:30.0688 1060 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:54:30.0703 1060 LSI_FC - ok
21:54:30.0735 1060 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:54:30.0750 1060 LSI_SAS - ok
21:54:30.0781 1060 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:54:30.0797 1060 LSI_SAS2 - ok
21:54:30.0813 1060 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:54:30.0813 1060 LSI_SCSI - ok
21:54:30.0844 1060 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:54:30.0859 1060 luafv - ok
21:54:30.0922 1060 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:54:30.0922 1060 MBAMProtector - ok
21:54:30.0984 1060 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:54:30.0984 1060 MBAMService - ok
21:54:31.0078 1060 [ 458A013DF72EAAB91877FA03533E2C8B ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:54:31.0093 1060 McMPFSvc - ok
21:54:31.0109 1060 [ 458A013DF72EAAB91877FA03533E2C8B ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:54:31.0109 1060 mcmscsvc - ok
21:54:31.0109 1060 [ 458A013DF72EAAB91877FA03533E2C8B ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:54:31.0125 1060 McNaiAnn - ok
21:54:31.0156 1060 [ 458A013DF72EAAB91877FA03533E2C8B ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:54:31.0156 1060 McNASvc - ok
21:54:31.0218 1060 [ 3809B77EB1734CD5FB317425F188ABC1 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
21:54:31.0218 1060 McODS - ok
21:54:31.0249 1060 [ 458A013DF72EAAB91877FA03533E2C8B ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:54:31.0249 1060 McProxy - ok
21:54:31.0312 1060 [ 87CC32F90123313A3FEBE6A71FC62DAD ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
21:54:31.0312 1060 McShield - ok
21:54:31.0359 1060 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:54:31.0405 1060 Mcx2Svc - ok
21:54:31.0437 1060 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:54:31.0452 1060 megasas - ok
21:54:31.0468 1060 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:54:31.0483 1060 MegaSR - ok
21:54:31.0515 1060 [ 31338E489314AE2A29534FBAA7AD2F1B ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
21:54:31.0515 1060 mfeapfk - ok
21:54:31.0561 1060 [ 5822E70233218BCF22A65FCEA74D012D ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
21:54:31.0608 1060 mfeavfk - ok
21:54:31.0671 1060 mfeavfk01 - ok
21:54:31.0702 1060 [ DD7B52227DA36F2718306C98E474B51B ] mfebopk C:\Windows\system32\drivers\mfebopk.sys
21:54:31.0749 1060 mfebopk - ok
21:54:31.0795 1060 [ AD2B622B46B78F212EB82330073B79E0 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
21:54:31.0795 1060 mfefire - ok
21:54:31.0827 1060 [ 5A24E7C834576313D8C5EAF0825DA844 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
21:54:31.0842 1060 mfefirek - ok
21:54:31.0889 1060 [ A2607740BB18D631DA01E01DCB81843B ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
21:54:31.0905 1060 mfehidk - ok
21:54:31.0936 1060 [ 50C3A9D7465D385061C0601DEEFB5A8E ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
21:54:31.0983 1060 mfenlfk - ok
21:54:32.0014 1060 [ EDF5EE799A0B3ED6DCE8BB16A51F3D1F ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
21:54:32.0076 1060 mferkdet - ok
21:54:32.0092 1060 [ 624D717B11E5004F68442B5740F17F21 ] mferkdk C:\Windows\system32\drivers\mferkdk.sys
21:54:32.0139 1060 mferkdk - ok
21:54:32.0185 1060 [ 0CD9DE7B96735F33F078C4EA044E8B34 ] mfesmfk C:\Windows\system32\drivers\mfesmfk.sys
21:54:32.0232 1060 mfesmfk - ok
21:54:32.0279 1060 [ 39E1DFB1700294E6C829465BD39E58B2 ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
21:54:32.0279 1060 mfevtp - ok
21:54:32.0326 1060 [ 9182FAF9ADDD5EA6308D155CEB502C6F ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
21:54:32.0388 1060 mfewfpk - ok
21:54:32.0404 1060 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:54:32.0404 1060 MMCSS - ok
21:54:32.0435 1060 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:54:32.0435 1060 Modem - ok
21:54:32.0466 1060 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:54:32.0466 1060 monitor - ok
21:54:32.0513 1060 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
21:54:32.0529 1060 mouclass - ok
21:54:32.0544 1060 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:54:32.0560 1060 mouhid - ok
21:54:32.0591 1060 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:54:32.0591 1060 mountmgr - ok
21:54:32.0607 1060 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:54:32.0653 1060 mpio - ok
21:54:32.0685 1060 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:54:32.0685 1060 mpsdrv - ok
21:54:32.0747 1060 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:54:32.0778 1060 MpsSvc - ok
21:54:32.0809 1060 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:54:32.0872 1060 MRxDAV - ok
21:54:32.0903 1060 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:54:32.0903 1060 mrxsmb - ok
21:54:32.0934 1060 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:54:32.0950 1060 mrxsmb10 - ok
21:54:32.0965 1060 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:54:32.0965 1060 mrxsmb20 - ok
21:54:33.0012 1060 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:54:33.0043 1060 msahci - ok
21:54:33.0090 1060 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:54:33.0153 1060 msdsm - ok
21:54:33.0168 1060 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:54:33.0184 1060 MSDTC - ok
21:54:33.0215 1060 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:54:33.0215 1060 Msfs - ok
21:54:33.0231 1060 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:54:33.0231 1060 mshidkmdf - ok
21:54:33.0262 1060 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:54:33.0277 1060 msisadrv - ok
21:54:33.0309 1060 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:54:33.0324 1060 MSiSCSI - ok
21:54:33.0340 1060 msiserver - ok
21:54:33.0387 1060 [ 458A013DF72EAAB91877FA03533E2C8B ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:54:33.0402 1060 MSK80Service - ok
21:54:33.0433 1060 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:54:33.0449 1060 MSKSSRV - ok
21:54:33.0465 1060 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:54:33.0480 1060 MSPCLOCK - ok
21:54:33.0480 1060 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:54:33.0480 1060 MSPQM - ok
21:54:33.0511 1060 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:54:33.0527 1060 MsRPC - ok
21:54:33.0558 1060 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:54:33.0558 1060 mssmbios - ok
21:54:33.0589 1060 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:54:33.0589 1060 MSTEE - ok
21:54:33.0605 1060 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:54:33.0605 1060 MTConfig - ok
21:54:33.0683 1060 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:54:33.0699 1060 Mup - ok
21:54:33.0730 1060 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:54:33.0745 1060 napagent - ok
21:54:33.0792 1060 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:54:33.0808 1060 NativeWifiP - ok
21:54:33.0839 1060 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
21:54:33.0870 1060 NDIS - ok
21:54:33.0901 1060 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:54:33.0917 1060 NdisCap - ok
21:54:33.0995 1060 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:54:33.0995 1060 NdisTapi - ok
21:54:34.0057 1060 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:54:34.0120 1060 Ndisuio - ok
21:54:34.0151 1060 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:54:34.0213 1060 NdisWan - ok
21:54:34.0245 1060 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:54:34.0307 1060 NDProxy - ok
21:54:34.0323 1060 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:54:34.0323 1060 NetBIOS - ok
21:54:34.0354 1060 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:54:34.0369 1060 NetBT - ok
21:54:34.0401 1060 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:54:34.0401 1060 Netlogon - ok
21:54:34.0447 1060 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:54:34.0447 1060 Netman - ok
21:54:34.0479 1060 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:54:34.0510 1060 netprofm - ok
21:54:34.0541 1060 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:54:34.0541 1060 NetTcpPortSharing - ok
21:54:34.0572 1060 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:54:34.0572 1060 nfrd960 - ok
21:54:34.0619 1060 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:54:34.0619 1060 NlaSvc - ok
21:54:34.0635 1060 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:54:34.0650 1060 Npfs - ok
21:54:34.0697 1060 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:54:34.0713 1060 nsi - ok
21:54:34.0713 1060 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:54:34.0728 1060 nsiproxy - ok
21:54:34.0806 1060 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:54:34.0853 1060 Ntfs - ok
21:54:34.0869 1060 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:54:34.0869 1060 Null - ok
21:54:34.0915 1060 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:54:34.0978 1060 nvraid - ok
21:54:35.0009 1060 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:54:35.0040 1060 nvstor - ok
21:54:35.0103 1060 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:54:35.0118 1060 nv_agp - ok
21:54:35.0212 1060 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:54:35.0227 1060 odserv - ok
21:54:35.0274 1060 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:54:35.0290 1060 ohci1394 - ok
21:54:35.0321 1060 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:54:35.0337 1060 ose - ok
21:54:35.0368 1060 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:54:35.0399 1060 p2pimsvc - ok
21:54:35.0430 1060 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:54:35.0461 1060 p2psvc - ok
21:54:35.0508 1060 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:54:35.0508 1060 Parport - ok
21:54:35.0539 1060 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:54:35.0539 1060 partmgr - ok
21:54:35.0555 1060 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:54:35.0555 1060 PcaSvc - ok
21:54:35.0586 1060 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:54:35.0586 1060 pci - ok
21:54:35.0617 1060 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:54:35.0633 1060 pciide - ok
21:54:35.0695 1060 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:54:35.0711 1060 pcmcia - ok
21:54:35.0742 1060 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:54:35.0742 1060 pcw - ok
21:54:35.0758 1060 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:54:35.0789 1060 PEAUTH - ok
21:54:35.0867 1060 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:54:35.0867 1060 PerfHost - ok
21:54:35.0961 1060 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:54:36.0054 1060 pla - ok
21:54:36.0117 1060 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:54:36.0132 1060 PlugPlay - ok
21:54:36.0148 1060 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:54:36.0163 1060 PNRPAutoReg - ok
21:54:36.0179 1060 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:54:36.0179 1060 PNRPsvc - ok
21:54:36.0226 1060 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:54:36.0226 1060 PolicyAgent - ok
21:54:36.0273 1060 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:54:36.0273 1060 Power - ok
21:54:36.0319 1060 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:54:36.0366 1060 PptpMiniport - ok
21:54:36.0397 1060 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:54:36.0413 1060 Processor - ok
21:54:36.0444 1060 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:54:36.0444 1060 ProfSvc - ok
21:54:36.0475 1060 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:54:36.0475 1060 ProtectedStorage - ok
21:54:36.0522 1060 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:54:36.0522 1060 Psched - ok
21:54:36.0569 1060 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
21:54:36.0569 1060 PxHlpa64 - ok
21:54:36.0631 1060 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:54:36.0741 1060 ql2300 - ok
21:54:36.0772 1060 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:54:36.0772 1060 ql40xx - ok
21:54:36.0819 1060 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:54:36.0834 1060 QWAVE - ok
21:54:36.0850 1060 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:54:36.0850 1060 QWAVEdrv - ok
21:54:36.0881 1060 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:54:36.0881 1060 RasAcd - ok
21:54:36.0959 1060 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:54:36.0959 1060 RasAgileVpn - ok
21:54:36.0975 1060 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:54:36.0990 1060 RasAuto - ok
21:54:37.0021 1060 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:54:37.0084 1060 Rasl2tp - ok
21:54:37.0115 1060 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:54:37.0115 1060 RasMan - ok
21:54:37.0146 1060 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:54:37.0162 1060 RasPppoe - ok
21:54:37.0177 1060 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:54:37.0177 1060 RasSstp - ok
21:54:37.0224 1060 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:54:37.0224 1060 rdbss - ok
21:54:37.0255 1060 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:54:37.0271 1060 rdpbus - ok
21:54:37.0287 1060 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:54:37.0287 1060 RDPCDD - ok
21:54:37.0318 1060 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:54:37.0318 1060 RDPENCDD - ok
21:54:37.0333 1060 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:54:37.0333 1060 RDPREFMP - ok
21:54:37.0365 1060 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:54:37.0411 1060 RDPWD - ok
21:54:37.0443 1060 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:54:37.0443 1060 rdyboost - ok
21:54:37.0474 1060 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:54:37.0489 1060 RemoteAccess - ok
21:54:37.0521 1060 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:54:37.0536 1060 RemoteRegistry - ok
21:54:37.0552 1060 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:54:37.0552 1060 RpcEptMapper - ok
21:54:37.0583 1060 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:54:37.0583 1060 RpcLocator - ok
21:54:37.0630 1060 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:54:37.0630 1060 RpcSs - ok
21:54:37.0708 1060 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:54:37.0708 1060 rspndr - ok
21:54:37.0739 1060 [ 4A25DC970C58104602ED274DACAFD784 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
21:54:37.0755 1060 RSUSBSTOR - ok
21:54:37.0770 1060 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:54:37.0770 1060 SamSs - ok
21:54:37.0833 1060 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
21:54:37.0833 1060 SASDIFSV - ok
21:54:37.0864 1060 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
21:54:37.0864 1060 SASKUTIL - ok
21:54:37.0895 1060 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:54:37.0957 1060 sbp2port - ok
21:54:38.0082 1060 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
21:54:38.0098 1060 SBSDWSCService - ok
21:54:38.0129 1060 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:54:38.0145 1060 SCardSvr - ok
21:54:38.0176 1060 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:54:38.0223 1060 scfilter - ok
21:54:38.0301 1060 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:54:38.0332 1060 Schedule - ok
21:54:38.0363 1060 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:54:38.0363 1060 SCPolicySvc - ok
21:54:38.0410 1060 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:54:38.0457 1060 SDRSVC - ok
21:54:38.0550 1060 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
21:54:38.0566 1060 SeaPort - ok
21:54:38.0597 1060 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:54:38.0613 1060 secdrv - ok
21:54:38.0644 1060 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:54:38.0644 1060 seclogon - ok
21:54:38.0706 1060 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
21:54:38.0706 1060 SENS - ok
21:54:38.0722 1060 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:54:38.0737 1060 SensrSvc - ok
21:54:38.0769 1060 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:54:38.0769 1060 Serenum - ok
21:54:38.0784 1060 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:54:38.0800 1060 Serial - ok
21:54:38.0847 1060 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:54:38.0847 1060 sermouse - ok
21:54:38.0893 1060 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:54:38.0940 1060 SessionEnv - ok
21:54:38.0987 1060 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:54:38.0987 1060 sffdisk - ok
21:54:39.0018 1060 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:54:39.0018 1060 sffp_mmc - ok
21:54:39.0034 1060 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:54:39.0096 1060 sffp_sd - ok
21:54:39.0096 1060 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:54:39.0112 1060 sfloppy - ok
21:54:39.0174 1060 [ 7F475425582163602EF1589C0071E521 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
21:54:39.0190 1060 SftService - ok
21:54:39.0237 1060 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:54:39.0252 1060 SharedAccess - ok
21:54:39.0299 1060 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:54:39.0361 1060 ShellHWDetection - ok
21:54:39.0377 1060 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:54:39.0393 1060 SiSRaid2 - ok
21:54:39.0408 1060 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:54:39.0408 1060 SiSRaid4 - ok
21:54:39.0455 1060 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:54:39.0455 1060 Smb - ok
21:54:39.0502 1060 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:54:39.0517 1060 SNMPTRAP - ok
21:54:39.0533 1060 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:54:39.0549 1060 spldr - ok
21:54:39.0595 1060 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:54:39.0611 1060 Spooler - ok
21:54:39.0767 1060 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:54:39.0783 1060 sppsvc - ok
21:54:39.0798 1060 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:54:39.0814 1060 sppuinotify - ok
21:54:39.0861 1060 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
21:54:39.0861 1060 sprtsvc_DellSupportCenter - ok
21:54:39.0923 1060 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:54:39.0939 1060 srv - ok
21:54:39.0954 1060 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:54:39.0970 1060 srv2 - ok
21:54:39.0985 1060 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:54:39.0985 1060 srvnet - ok
21:54:40.0017 1060 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:54:40.0017 1060 SSDPSRV - ok
21:54:40.0048 1060 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:54:40.0048 1060 SstpSvc - ok
21:54:40.0157 1060 [ 444109453A2B87E6C16BCDA5953E81A9 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
21:54:40.0157 1060 STacSV - ok
21:54:40.0204 1060 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:54:40.0204 1060 stexstor - ok
21:54:40.0251 1060 [ 02E784FA49032F84964DB90A3ED81890 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
21:54:40.0329 1060 STHDA - ok
21:54:40.0360 1060 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:54:40.0391 1060 stisvc - ok
21:54:40.0438 1060 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:54:40.0453 1060 swenum - ok
21:54:40.0500 1060 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:54:40.0516 1060 swprv - ok
21:54:40.0594 1060 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:54:40.0656 1060 SysMain - ok
21:54:40.0703 1060 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:54:40.0765 1060 TabletInputService - ok
21:54:40.0812 1060 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:54:40.0843 1060 TapiSrv - ok
21:54:40.0859 1060 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:54:40.0859 1060 TBS - ok
21:54:40.0953 1060 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:54:41.0015 1060 Tcpip - ok
21:54:41.0077 1060 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:54:41.0093 1060 TCPIP6 - ok
21:54:41.0124 1060 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:54:41.0171 1060 tcpipreg - ok
21:54:41.0218 1060 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:54:41.0218 1060 TDPIPE - ok
21:54:41.0265 1060 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:54:41.0327 1060 TDTCP - ok
21:54:41.0358 1060 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:54:41.0405 1060 tdx - ok
21:54:41.0436 1060 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:54:41.0467 1060 TermDD - ok
21:54:41.0530 1060 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:54:41.0545 1060 TermService - ok
21:54:41.0577 1060 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:54:41.0577 1060 Themes - ok
21:54:41.0608 1060 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:54:41.0608 1060 THREADORDER - ok
21:54:41.0639 1060 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:54:41.0670 1060 TrkWks - ok
21:54:41.0733 1060 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:54:41.0733 1060 TrustedInstaller - ok
21:54:41.0779 1060 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:54:41.0826 1060 tssecsrv - ok
21:54:41.0873 1060 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:54:41.0920 1060 TsUsbFlt - ok
21:54:41.0967 1060 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:54:41.0967 1060 tunnel - ok
21:54:42.0045 1060 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:54:42.0060 1060 uagp35 - ok
21:54:42.0123 1060 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:54:42.0185 1060 udfs - ok
21:54:42.0216 1060 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:54:42.0216 1060 UI0Detect - ok
21:54:42.0263 1060 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:54:42.0279 1060 uliagpkx - ok
21:54:42.0325 1060 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:54:42.0388 1060 umbus - ok
21:54:42.0419 1060 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:54:42.0435 1060 UmPass - ok
21:54:42.0466 1060 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:54:42.0481 1060 upnphost - ok
21:54:42.0513 1060 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:54:42.0575 1060 usbccgp - ok
21:54:42.0622 1060 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:54:42.0637 1060 usbcir - ok
21:54:42.0653 1060 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:54:42.0700 1060 usbehci - ok
21:54:42.0747 1060 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:54:42.0793 1060 usbhub - ok
21:54:42.0809 1060 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:54:42.0856 1060 usbohci - ok
21:54:42.0871 1060 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:54:42.0887 1060 usbprint - ok
21:54:42.0918 1060 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:54:42.0965 1060 USBSTOR - ok
21:54:42.0996 1060 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:54:43.0027 1060 usbuhci - ok
21:54:43.0059 1060 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
21:54:43.0090 1060 usbvideo - ok
21:54:43.0121 1060 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:54:43.0121 1060 UxSms - ok
21:54:43.0137 1060 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:54:43.0137 1060 VaultSvc - ok
21:54:43.0168 1060 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:54:43.0168 1060 vdrvroot - ok
21:54:43.0215 1060 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:54:43.0277 1060 vds - ok
21:54:43.0324 1060 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:54:43.0324 1060 vga - ok
21:54:43.0339 1060 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:54:43.0355 1060 VgaSave - ok
21:54:43.0402 1060 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:54:43.0449 1060 vhdmp - ok
21:54:43.0480 1060 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:54:43.0495 1060 viaide - ok
21:54:43.0511 1060 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:54:43.0511 1060 volmgr - ok
21:54:43.0558 1060 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:54:43.0573 1060 volmgrx - ok
21:54:43.0605 1060 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:54:43.0620 1060 volsnap - ok
21:54:43.0636 1060 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:54:43.0651 1060 vsmraid - ok
21:54:43.0745 1060 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:54:43.0792 1060 VSS - ok
21:54:43.0823 1060 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:54:43.0823 1060 vwifibus - ok
21:54:43.0854 1060 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:54:43.0854 1060 vwififlt - ok
21:54:43.0885 1060 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:54:43.0885 1060 vwifimp - ok
21:54:43.0932 1060 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:54:43.0932 1060 W32Time - ok
21:54:43.0948 1060 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:54:43.0963 1060 WacomPen - ok
21:54:44.0010 1060 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:54:44.0057 1060 WANARP - ok
21:54:44.0073 1060 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:54:44.0073 1060 Wanarpv6 - ok
21:54:44.0135 1060 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:54:44.0307 1060 WatAdminSvc - ok
21:54:44.0385 1060 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:54:44.0494 1060 wbengine - ok
21:54:44.0541 1060 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:54:44.0556 1060 WbioSrvc - ok
21:54:44.0603 1060 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:54:44.0619 1060 wcncsvc - ok
21:54:44.0634 1060 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:54:44.0634 1060 WcsPlugInService - ok
21:54:44.0697 1060 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:54:44.0712 1060 Wd - ok
21:54:44.0743 1060 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:54:44.0759 1060 Wdf01000 - ok
21:54:44.0790 1060 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:54:44.0790 1060 WdiServiceHost - ok
21:54:44.0806 1060 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:54:44.0806 1060 WdiSystemHost - ok
21:54:44.0837 1060 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:54:44.0884 1060 WebClient - ok
21:54:44.0899 1060 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:54:44.0915 1060 Wecsvc - ok
21:54:44.0915 1060 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:54:44.0915 1060 wercplsupport - ok
21:54:44.0946 1060 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:54:44.0946 1060 WerSvc - ok
21:54:44.0977 1060 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:54:44.0977 1060 WfpLwf - ok
21:54:45.0024 1060 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
21:54:45.0087 1060 WimFltr - ok
21:54:45.0118 1060 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:54:45.0118 1060 WIMMount - ok
21:54:45.0149 1060 WinDefend - ok
21:54:45.0165 1060 WinHttpAutoProxySvc - ok
21:54:45.0227 1060 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:54:45.0227 1060 Winmgmt - ok
21:54:45.0321 1060 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:54:45.0430 1060 WinRM - ok
21:54:45.0508 1060 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:54:45.0539 1060 WinUsb - ok
21:54:45.0586 1060 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:54:45.0633 1060 Wlansvc - ok
21:54:45.0804 1060 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:54:45.0851 1060 wlidsvc - ok
21:54:45.0898 1060 [ 13B0A570E1AE451C92DA550085D72CF3 ] wltrysvc C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
21:54:45.0898 1060 wltrysvc - ok
21:54:45.0929 1060 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:54:45.0945 1060 WmiAcpi - ok
21:54:45.0976 1060 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:54:45.0991 1060 wmiApSrv - ok
21:54:46.0038 1060 WMPNetworkSvc - ok
21:54:46.0054 1060 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:54:46.0069 1060 WPCSvc - ok
21:54:46.0116 1060 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:54:46.0116 1060 WPDBusEnum - ok
21:54:46.0132 1060 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:54:46.0132 1060 ws2ifsl - ok
21:54:46.0163 1060 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
21:54:46.0163 1060 wscsvc - ok
21:54:46.0179 1060 WSearch - ok
21:54:46.0288 1060 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:54:46.0366 1060 wuauserv - ok
21:54:46.0381 1060 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:54:46.0428 1060 WudfPf - ok
21:54:46.0475 1060 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:54:46.0475 1060 WUDFRd - ok
21:54:46.0522 1060 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:54:46.0522 1060 wudfsvc - ok
21:54:46.0537 1060 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:54:46.0553 1060 WwanSvc - ok
21:54:46.0600 1060 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
21:54:46.0600 1060 yukonw7 - ok
21:54:46.0631 1060 ================ Scan global ===============================
21:54:46.0693 1060 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:54:46.0740 1060 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:54:46.0771 1060 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:54:46.0787 1060 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:54:46.0834 1060 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:54:46.0834 1060 [Global] - ok
21:54:46.0834 1060 ================ Scan MBR ==================================
21:54:46.0849 1060 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
21:54:46.0849 1060 Suspicious mbr (Forged): \Device\Harddisk0\DR0
21:54:46.0896 1060 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
21:54:46.0896 1060 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
21:54:46.0896 1060 ================ Scan VBR ==================================
21:54:46.0896 1060 [ CE1660B4A78827026EAB557BE1BFE095 ] \Device\Harddisk0\DR0\Partition1
21:54:46.0912 1060 \Device\Harddisk0\DR0\Partition1 - ok
21:54:46.0927 1060 [ B7918E8220530DF59279D9336222D500 ] \Device\Harddisk0\DR0\Partition2
21:54:46.0927 1060 \Device\Harddisk0\DR0\Partition2 - ok
21:54:46.0927 1060 ============================================================
21:54:46.0927 1060 Scan finished
21:54:46.0927 1060 ============================================================
21:54:46.0943 1920 Detected object count: 1
21:54:46.0943 1920 Actual detected object count: 1
21:55:24.0258 1920 \Device\Harddisk0\DR0\# - copied to quarantine
21:55:24.0258 1920 \Device\Harddisk0\DR0 - copied to quarantine
21:55:24.0321 1920 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
21:55:24.0367 1920 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
21:55:24.0399 1920 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
21:55:24.0461 1920 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
21:55:24.0523 1920 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:55:24.0586 1920 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:55:24.0617 1920 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
21:55:24.0633 1920 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
21:55:24.0633 1920 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
21:55:24.0695 1920 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:55:24.0742 1920 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:55:24.0773 1920 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
21:55:24.0789 1920 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
21:55:24.0804 1920 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
21:55:24.0835 1920 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
21:55:24.0835 1920 \Device\Harddisk0\DR0 - ok
21:55:24.0851 1920 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
21:55:45.0084 5644 Deinitialize success

TDSKILLER SECOND SCAN LOG:
21:58:03.0283 2216 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
21:58:05.0296 2216 ============================================================
21:58:05.0296 2216 Current date / time: 2012/08/28 21:58:05.0296
21:58:05.0296 2216 SystemInfo:
21:58:05.0296 2216
21:58:05.0296 2216 OS Version: 6.1.7601 ServicePack: 1.0
21:58:05.0296 2216 Product type: Workstation
21:58:05.0296 2216 ComputerName: MOORE-PC
21:58:05.0296 2216 UserName: Moore
21:58:05.0296 2216 Windows directory: C:\Windows
21:58:05.0296 2216 System windows directory: C:\Windows
21:58:05.0296 2216 Running under WOW64
21:58:05.0296 2216 Processor architecture: Intel x64
21:58:05.0296 2216 Number of processors: 2
21:58:05.0296 2216 Page size: 0x1000
21:58:05.0296 2216 Boot type: Normal boot
21:58:05.0296 2216 ============================================================
21:58:08.0650 2216 BG loaded
21:58:13.0236 2216 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:58:13.0283 2216 ============================================================
21:58:13.0283 2216 \Device\Harddisk0\DR0:
21:58:13.0330 2216 MBR partitions:
21:58:13.0330 2216 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
21:58:13.0330 2216 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
21:58:13.0330 2216 ============================================================
21:58:13.0767 2216 C: <-> \Device\Harddisk0\DR0\Partition2
21:58:13.0767 2216 ============================================================
21:58:13.0767 2216 Initialize success
21:58:13.0767 2216 ============================================================
21:59:20.0565 5840 ============================================================
21:59:20.0565 5840 Scan started
21:59:20.0565 5840 Mode: Manual;
21:59:20.0565 5840 ============================================================
21:59:21.0345 5840 ================ Scan system memory ========================
21:59:21.0345 5840 System memory - ok
21:59:21.0345 5840 ================ Scan services =============================
21:59:21.0438 5840 [ 7D9D615201A483D6FA99491C2E655A5A ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
21:59:21.0438 5840 !SASCORE - ok
21:59:21.0610 5840 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:59:21.0626 5840 1394ohci - ok
21:59:21.0704 5840 [ 426E0E8127BAC7D5DDEE8251F104E053 ] AbsoluteNotifier C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
21:59:21.0704 5840 AbsoluteNotifier - ok
21:59:21.0750 5840 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:59:21.0766 5840 ACPI - ok
21:59:21.0813 5840 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:59:21.0813 5840 AcpiPmi - ok
21:59:21.0875 5840 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:59:21.0891 5840 adp94xx - ok
21:59:21.0938 5840 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:59:21.0938 5840 adpahci - ok
21:59:22.0000 5840 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:59:22.0000 5840 adpu320 - ok
21:59:22.0047 5840 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:59:22.0047 5840 AeLookupSvc - ok
21:59:22.0094 5840 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:59:22.0094 5840 AFD - ok
21:59:22.0140 5840 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:59:22.0140 5840 agp440 - ok
21:59:22.0172 5840 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:59:22.0172 5840 ALG - ok
21:59:22.0218 5840 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:59:22.0234 5840 aliide - ok
21:59:22.0250 5840 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:59:22.0265 5840 amdide - ok
21:59:22.0328 5840 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:59:22.0328 5840 AmdK8 - ok
21:59:22.0343 5840 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:59:22.0343 5840 AmdPPM - ok
21:59:22.0390 5840 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:59:22.0406 5840 amdsata - ok
21:59:22.0437 5840 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:59:22.0437 5840 amdsbs - ok
21:59:22.0468 5840 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:59:22.0468 5840 amdxata - ok
21:59:22.0515 5840 [ 1412E9A88FE1F7E35CE6058A2EF03664 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
21:59:22.0515 5840 ApfiltrService - ok
21:59:22.0577 5840 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:59:22.0593 5840 AppID - ok
21:59:22.0624 5840 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:59:22.0624 5840 AppIDSvc - ok
21:59:22.0671 5840 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:59:22.0686 5840 Appinfo - ok
21:59:22.0733 5840 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:59:22.0749 5840 arc - ok
21:59:22.0749 5840 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:59:22.0764 5840 arcsas - ok
21:59:22.0796 5840 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:59:22.0796 5840 AsyncMac - ok
21:59:22.0827 5840 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:59:22.0827 5840 atapi - ok
21:59:22.0905 5840 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:59:22.0905 5840 AudioEndpointBuilder - ok
21:59:22.0952 5840 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:59:22.0952 5840 AudioSrv - ok
21:59:22.0998 5840 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:59:22.0998 5840 AxInstSV - ok
21:59:23.0061 5840 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:59:23.0076 5840 b06bdrv - ok
21:59:23.0123 5840 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:59:23.0139 5840 b57nd60a - ok
21:59:23.0232 5840 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
21:59:23.0232 5840 BBSvc - ok
21:59:23.0310 5840 [ E001DD475A7C27EBE5A0DB45C11BAD71 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
21:59:23.0310 5840 BCM42RLY - ok
21:59:23.0404 5840 [ 37394D3553E220FB732C21E217E1BD8B ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
21:59:23.0435 5840 BCM43XX - ok
21:59:23.0498 5840 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:59:23.0513 5840 BDESVC - ok
21:59:23.0544 5840 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:59:23.0544 5840 Beep - ok
21:59:23.0622 5840 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:59:23.0622 5840 BFE - ok
21:59:23.0700 5840 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
21:59:23.0700 5840 BITS - ok
21:59:23.0747 5840 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:59:23.0747 5840 blbdrive - ok
21:59:23.0794 5840 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:59:23.0794 5840 bowser - ok
21:59:23.0841 5840 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:59:23.0841 5840 BrFiltLo - ok
21:59:23.0872 5840 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:59:23.0872 5840 BrFiltUp - ok
21:59:23.0919 5840 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:59:23.0919 5840 BridgeMP - ok
21:59:23.0950 5840 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:59:23.0950 5840 Browser - ok
21:59:23.0981 5840 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:59:23.0997 5840 Brserid - ok
21:59:24.0028 5840 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:59:24.0028 5840 BrSerWdm - ok
21:59:24.0059 5840 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:59:24.0059 5840 BrUsbMdm - ok
21:59:24.0075 5840 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:59:24.0075 5840 BrUsbSer - ok
21:59:24.0090 5840 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:59:24.0090 5840 BTHMODEM - ok
21:59:24.0137 5840 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:59:24.0137 5840 bthserv - ok
21:59:24.0168 5840 catchme - ok
21:59:24.0215 5840 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:59:24.0215 5840 cdfs - ok
21:59:24.0309 5840 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
21:59:24.0309 5840 cdrom - ok
21:59:24.0356 5840 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:59:24.0356 5840 CertPropSvc - ok
21:59:24.0402 5840 [ 676535B3156FECF7133CF80B4D2F6CF7 ] cfwids C:\Windows\system32\drivers\cfwids.sys
21:59:24.0418 5840 cfwids - ok
21:59:24.0449 5840 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:59:24.0449 5840 circlass - ok
21:59:24.0480 5840 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:59:24.0496 5840 CLFS - ok
21:59:24.0558 5840 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:59:24.0574 5840 clr_optimization_v2.0.50727_32 - ok
21:59:24.0605 5840 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:59:24.0621 5840 clr_optimization_v2.0.50727_64 - ok
21:59:24.0668 5840 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:59:24.0714 5840 clr_optimization_v4.0.30319_32 - ok
21:59:24.0746 5840 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:59:24.0746 5840 clr_optimization_v4.0.30319_64 - ok
21:59:24.0777 5840 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:59:24.0777 5840 CmBatt - ok
21:59:24.0808 5840 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:59:24.0808 5840 cmdide - ok
21:59:24.0855 5840 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:59:24.0870 5840 CNG - ok
21:59:24.0917 5840 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:59:24.0917 5840 Compbatt - ok
21:59:24.0948 5840 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:59:24.0964 5840 CompositeBus - ok
21:59:24.0980 5840 COMSysApp - ok
21:59:25.0011 5840 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:59:25.0011 5840 crcdisk - ok
21:59:25.0058 5840 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:59:25.0058 5840 CryptSvc - ok
21:59:25.0104 5840 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
21:59:25.0104 5840 CtClsFlt - ok
21:59:25.0167 5840 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:59:25.0182 5840 DcomLaunch - ok
21:59:25.0276 5840 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:59:25.0276 5840 defragsvc - ok
21:59:25.0338 5840 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:59:25.0338 5840 DfsC - ok
21:59:25.0401 5840 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:59:25.0401 5840 Dhcp - ok
21:59:25.0416 5840 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:59:25.0416 5840 discache - ok
21:59:25.0463 5840 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:59:25.0479 5840 Disk - ok
21:59:25.0510 5840 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:59:25.0510 5840 Dnscache - ok
21:59:25.0588 5840 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
21:59:25.0588 5840 DockLoginService - ok
21:59:25.0635 5840 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:59:25.0635 5840 dot3svc - ok
21:59:25.0666 5840 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:59:25.0682 5840 DPS - ok
21:59:25.0713 5840 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:59:25.0713 5840 drmkaud - ok
21:59:25.0760 5840 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:59:25.0760 5840 DXGKrnl - ok
21:59:25.0807 5840 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:59:25.0807 5840 EapHost - ok
21:59:25.0916 5840 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:59:26.0025 5840 ebdrv - ok
21:59:26.0056 5840 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:59:26.0056 5840 EFS - ok
21:59:26.0134 5840 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:59:26.0150 5840 ehRecvr - ok
21:59:26.0212 5840 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:59:26.0212 5840 ehSched - ok
21:59:26.0259 5840 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:59:26.0275 5840 elxstor - ok
21:59:26.0321 5840 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:59:26.0321 5840 ErrDev - ok
21:59:26.0368 5840 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:59:26.0368 5840 EventSystem - ok
21:59:26.0399 5840 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:59:26.0399 5840 exfat - ok
21:59:26.0415 5840 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:59:26.0415 5840 fastfat - ok
21:59:26.0462 5840 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:59:26.0477 5840 Fax - ok
21:59:26.0509 5840 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:59:26.0509 5840 fdc - ok
21:59:26.0555 5840 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:59:26.0555 5840 fdPHost - ok
21:59:26.0571 5840 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:59:26.0571 5840 FDResPub - ok
21:59:26.0587 5840 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:59:26.0587 5840 FileInfo - ok
21:59:26.0602 5840 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:59:26.0602 5840 Filetrace - ok
21:59:26.0633 5840 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:59:26.0633 5840 flpydisk - ok
21:59:26.0696 5840 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:59:26.0696 5840 FltMgr - ok
21:59:26.0774 5840 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:59:26.0774 5840 FontCache - ok
21:59:26.0852 5840 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:59:26.0852 5840 FontCache3.0.0.0 - ok
21:59:26.0867 5840 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:59:26.0883 5840 FsDepends - ok
21:59:26.0914 5840 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:59:26.0914 5840 Fs_Rec - ok
21:59:27.0117 5840 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:59:27.0117 5840 fvevol - ok
21:59:27.0164 5840 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:59:27.0164 5840 gagp30kx - ok
21:59:27.0382 5840 [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
21:59:27.0382 5840 GameConsoleService - ok
21:59:27.0445 5840 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
21:59:27.0445 5840 GoToAssist - ok
21:59:27.0507 5840 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:59:27.0523 5840 gpsvc - ok
21:59:27.0632 5840 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:59:27.0632 5840 gupdate - ok
21:59:27.0663 5840 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:59:27.0663 5840 gupdatem - ok
21:59:27.0757 5840 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:59:27.0772 5840 gusvc - ok
21:59:27.0803 5840 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:59:27.0803 5840 hcw85cir - ok
21:59:27.0850 5840 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:59:27.0850 5840 HDAudBus - ok
21:59:27.0881 5840 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:59:27.0881 5840 HidBatt - ok
21:59:27.0897 5840 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:59:27.0897 5840 HidBth - ok
21:59:27.0928 5840 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:59:27.0928 5840 HidIr - ok
21:59:27.0944 5840 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
21:59:27.0959 5840 hidserv - ok
21:59:28.0037 5840 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
21:59:28.0037 5840 HidUsb - ok
21:59:28.0069 5840 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:59:28.0069 5840 hkmsvc - ok
21:59:28.0100 5840 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:59:28.0100 5840 HomeGroupListener - ok
21:59:28.0147 5840 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:59:28.0147 5840 HomeGroupProvider - ok
21:59:28.0178 5840 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:59:28.0178 5840 HpSAMD - ok
21:59:28.0240 5840 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:59:28.0240 5840 HTTP - ok
21:59:28.0303 5840 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:59:28.0303 5840 hwpolicy - ok
21:59:28.0349 5840 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:59:28.0365 5840 i8042prt - ok
21:59:28.0427 5840 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:59:28.0427 5840 IAANTMON - ok
21:59:28.0490 5840 [ 4F6FB2CDBDEEFC47E7D2066E78254580 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:59:28.0505 5840 iaStor - ok
21:59:28.0537 5840 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:59:28.0552 5840 iaStorV - ok
21:59:28.0646 5840 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:59:28.0677 5840 idsvc - ok
21:59:28.0895 5840 [ BABD5F9B2BCC82CE556A0BAF1AE208A7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:59:28.0942 5840 igfx - ok
21:59:28.0989 5840 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:59:28.0989 5840 iirsp - ok
21:59:29.0036 5840 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:59:29.0036 5840 IKEEXT - ok
21:59:29.0083 5840 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:59:29.0083 5840 intelide - ok
21:59:29.0114 5840 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:59:29.0129 5840 intelppm - ok
21:59:29.0161 5840 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:59:29.0161 5840 IPBusEnum - ok
21:59:29.0207 5840 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:59:29.0207 5840 IpFilterDriver - ok
21:59:29.0301 5840 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:59:29.0317 5840 iphlpsvc - ok
21:59:29.0363 5840 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:59:29.0363 5840 IPMIDRV - ok
21:59:29.0395 5840 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:59:29.0410 5840 IPNAT - ok
21:59:29.0441 5840 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:59:29.0441 5840 IRENUM - ok
21:59:29.0457 5840 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:59:29.0457 5840 isapnp - ok
21:59:29.0488 5840 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:59:29.0488 5840 iScsiPrt - ok
21:59:29.0504 5840 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:59:29.0519 5840 kbdclass - ok
21:59:29.0551 5840 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:59:29.0551 5840 kbdhid - ok
21:59:29.0582 5840 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:59:29.0582 5840 KeyIso - ok
21:59:29.0629 5840 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:59:29.0629 5840 KSecDD - ok
21:59:29.0660 5840 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:59:29.0675 5840 KSecPkg - ok
21:59:29.0691 5840 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:59:29.0691 5840 ksthunk - ok
21:59:29.0738 5840 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:59:29.0738 5840 KtmRm - ok
21:59:29.0816 5840 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:59:29.0816 5840 LanmanServer - ok
21:59:29.0863 5840 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:59:29.0878 5840 LanmanWorkstation - ok
21:59:29.0909 5840 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:59:29.0909 5840 lltdio - ok
21:59:29.0956 5840 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:59:29.0956 5840 lltdsvc - ok
21:59:29.0987 5840 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:59:29.0987 5840 lmhosts - ok
21:59:30.0019 5840 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:59:30.0034 5840 LSI_FC - ok
21:59:30.0065 5840 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:59:30.0081 5840 LSI_SAS - ok
21:59:30.0112 5840 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:59:30.0112 5840 LSI_SAS2 - ok
21:59:30.0128 5840 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:59:30.0128 5840 LSI_SCSI - ok
21:59:30.0159 5840 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:59:30.0159 5840 luafv - ok
21:59:30.0221 5840 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:59:30.0237 5840 MBAMProtector - ok
21:59:30.0331 5840 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:59:30.0331 5840 MBAMService - ok
21:59:30.0424 5840 [ 458A013DF72EAAB91877FA03533E2C8B ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:59:30.0424 5840 McMPFSvc - ok
21:59:30.0455 5840 [ 458A013DF72EAAB91877FA03533E2C8B ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:59:30.0455 5840 mcmscsvc - ok
21:59:30.0455 5840 [ 458A013DF72EAAB91877FA03533E2C8B ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:59:30.0471 5840 McNaiAnn - ok
21:59:30.0502 5840 [ 458A013DF72EAAB91877FA03533E2C8B ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:59:30.0518 5840 McNASvc - ok
21:59:30.0596 5840 [ 3809B77EB1734CD5FB317425F188ABC1 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
21:59:30.0611 5840 McODS - ok
21:59:30.0658 5840 [ 458A013DF72EAAB91877FA03533E2C8B ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:59:30.0658 5840 McProxy - ok
21:59:30.0736 5840 [ 87CC32F90123313A3FEBE6A71FC62DAD ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
21:59:30.0736 5840 McShield - ok
21:59:30.0783 5840 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:59:30.0783 5840 Mcx2Svc - ok
21:59:30.0814 5840 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:59:30.0814 5840 megasas - ok
21:59:30.0861 5840 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:59:30.0877 5840 MegaSR - ok
21:59:30.0923 5840 [ 31338E489314AE2A29534FBAA7AD2F1B ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
21:59:30.0939 5840 mfeapfk - ok
21:59:30.0955 5840 [ 5822E70233218BCF22A65FCEA74D012D ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
21:59:30.0970 5840 mfeavfk - ok
21:59:30.0986 5840 mfeavfk01 - ok
21:59:31.0017 5840 [ DD7B52227DA36F2718306C98E474B51B ] mfebopk C:\Windows\system32\drivers\mfebopk.sys
21:59:31.0017 5840 mfebopk - ok
21:59:31.0064 5840 [ AD2B622B46B78F212EB82330073B79E0 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
21:59:31.0064 5840 mfefire - ok
21:59:31.0095 5840 [ 5A24E7C834576313D8C5EAF0825DA844 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
21:59:31.0111 5840 mfefirek - ok
21:59:31.0157 5840 [ A2607740BB18D631DA01E01DCB81843B ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
21:59:31.0173 5840 mfehidk - ok
21:59:31.0220 5840 [ 50C3A9D7465D385061C0601DEEFB5A8E ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
21:59:31.0235 5840 mfenlfk - ok
21:59:31.0313 5840 [ EDF5EE799A0B3ED6DCE8BB16A51F3D1F ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
21:59:31.0313 5840 mferkdet - ok
21:59:31.0360 5840 [ 624D717B11E5004F68442B5740F17F21 ] mferkdk C:\Windows\system32\drivers\mferkdk.sys
21:59:31.0360 5840 mferkdk - ok
21:59:31.0407 5840 [ 0CD9DE7B96735F33F078C4EA044E8B34 ] mfesmfk C:\Windows\system32\drivers\mfesmfk.sys
21:59:31.0407 5840 mfesmfk - ok
21:59:31.0438 5840 [ 39E1DFB1700294E6C829465BD39E58B2 ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
21:59:31.0454 5840 mfevtp - ok
21:59:31.0485 5840 [ 9182FAF9ADDD5EA6308D155CEB502C6F ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
21:59:31.0485 5840 mfewfpk - ok
21:59:31.0532 5840 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:59:31.0532 5840 MMCSS - ok
21:59:31.0563 5840 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:59:31.0594 5840 Modem - ok
21:59:31.0719 5840 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:59:31.0719 5840 monitor - ok
21:59:31.0766 5840 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
21:59:31.0766 5840 mouclass - ok
21:59:31.0797 5840 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:59:31.0813 5840 mouhid - ok
21:59:31.0844 5840 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:59:31.0844 5840 mountmgr - ok
21:59:31.0859 5840 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:59:31.0875 5840 mpio - ok
21:59:31.0906 5840 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:59:31.0906 5840 mpsdrv - ok
21:59:31.0969 5840 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:59:31.0969 5840 MpsSvc - ok
21:59:32.0031 5840 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:59:32.0047 5840 MRxDAV - ok
21:59:32.0078 5840 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:59:32.0078 5840 mrxsmb - ok
21:59:32.0125 5840 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:59:32.0125 5840 mrxsmb10 - ok
21:59:32.0140 5840 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:59:32.0140 5840 mrxsmb20 - ok
21:59:32.0203 5840 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:59:32.0203 5840 msahci - ok
21:59:32.0234 5840 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:59:32.0234 5840 msdsm - ok
21:59:32.0296 5840 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:59:32.0296 5840 MSDTC - ok
21:59:32.0343 5840 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:59:32.0343 5840 Msfs - ok
21:59:32.0359 5840 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:59:32.0359 5840 mshidkmdf - ok
21:59:32.0405 5840 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:59:32.0405 5840 msisadrv - ok
21:59:32.0452 5840 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:59:32.0452 5840 MSiSCSI - ok
21:59:32.0468 5840 msiserver - ok
21:59:32.0546 5840 [ 458A013DF72EAAB91877FA03533E2C8B ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:59:32.0546 5840 MSK80Service - ok
21:59:32.0561 5840 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:59:32.0577 5840 MSKSSRV - ok
21:59:32.0593 5840 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:59:32.0593 5840 MSPCLOCK - ok
21:59:32.0608 5840 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:59:32.0608 5840 MSPQM - ok
21:59:32.0639 5840 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:59:32.0655 5840 MsRPC - ok
21:59:32.0702 5840 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:59:32.0702 5840 mssmbios - ok
21:59:32.0717 5840 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:59:32.0717 5840 MSTEE - ok
21:59:32.0733 5840 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:59:32.0733 5840 MTConfig - ok
21:59:32.0780 5840 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:59:32.0780 5840 Mup - ok
21:59:32.0827 5840 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:59:32.0842 5840 napagent - ok
21:59:32.0873 5840 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:59:32.0873 5840 NativeWifiP - ok
21:59:32.0936 5840 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
21:59:32.0967 5840 NDIS - ok
21:59:32.0998 5840 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:59:32.0998 5840 NdisCap - ok
21:59:33.0029 5840 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:59:33.0029 5840 NdisTapi - ok
21:59:33.0076 5840 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:59:33.0076 5840 Ndisuio - ok
21:59:33.0123 5840 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:59:33.0123 5840 NdisWan - ok
21:59:33.0154 5840 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:59:33.0170 5840 NDProxy - ok
21:59:33.0185 5840 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:59:33.0185 5840 NetBIOS - ok
21:59:33.0279 5840 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:59:33.0279 5840 NetBT - ok
21:59:33.0310 5840 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:59:33.0310 5840 Netlogon - ok
21:59:33.0341 5840 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:59:33.0341 5840 Netman - ok
21:59:33.0373 5840 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:59:33.0373 5840 netprofm - ok
21:59:33.0404 5840 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:59:33.0404 5840 NetTcpPortSharing - ok
21:59:33.0419 5840 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:59:33.0419 5840 nfrd960 - ok
21:59:33.0482 5840 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:59:33.0482 5840 NlaSvc - ok
21:59:33.0513 5840 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:59:33.0513 5840 Npfs - ok
21:59:33.0529 5840 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:59:33.0529 5840 nsi - ok
21:59:33.0544 5840 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:59:33.0544 5840 nsiproxy - ok
21:59:33.0622 5840 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:59:33.0669 5840 Ntfs - ok
21:59:33.0716 5840 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:59:33.0716 5840 Null - ok
21:59:33.0747 5840 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:59:33.0747 5840 nvraid - ok
21:59:33.0778 5840 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:59:33.0778 5840 nvstor - ok
21:59:33.0809 5840 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:59:33.0825 5840 nv_agp - ok
21:59:33.0934 5840 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:59:33.0965 5840 odserv - ok
21:59:34.0012 5840 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:59:34.0012 5840 ohci1394 - ok
21:59:34.0043 5840 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:59:34.0059 5840 ose - ok
21:59:34.0090 5840 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:59:34.0090 5840 p2pimsvc - ok
21:59:34.0153 5840 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:59:34.0168 5840 p2psvc - ok
21:59:34.0231 5840 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:59:34.0231 5840 Parport - ok
21:59:34.0324 5840 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:59:34.0324 5840 partmgr - ok
21:59:34.0340 5840 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:59:34.0355 5840 PcaSvc - ok
21:59:34.0371 5840 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:59:34.0387 5840 pci - ok
21:59:34.0418 5840 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:59:34.0418 5840 pciide - ok
21:59:34.0433 5840 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:59:34.0433 5840 pcmcia - ok
21:59:34.0496 5840 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:59:34.0496 5840 pcw - ok
21:59:34.0527 5840 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:59:34.0543 5840 PEAUTH - ok
21:59:34.0636 5840 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:59:34.0636 5840 PerfHost - ok
21:59:34.0730 5840 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:59:34.0777 5840 pla - ok
21:59:34.0855 5840 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:59:34.0855 5840 PlugPlay - ok
21:59:34.0870 5840 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:59:34.0870 5840 PNRPAutoReg - ok
21:59:34.0886 5840 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:59:34.0886 5840 PNRPsvc - ok
21:59:34.0917 5840 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:59:34.0917 5840 PolicyAgent - ok
21:59:34.0948 5840 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:59:34.0948 5840 Power - ok
21:59:34.0995 5840 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:59:34.0995 5840 PptpMiniport - ok
21:59:35.0042 5840 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:59:35.0042 5840 Processor - ok
21:59:35.0089 5840 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:59:35.0089 5840 ProfSvc - ok
21:59:35.0104 5840 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:59:35.0104 5840 ProtectedStorage - ok
21:59:35.0167 5840 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:59:35.0167 5840 Psched - ok
21:59:35.0198 5840 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
21:59:35.0198 5840 PxHlpa64 - ok
21:59:35.0291 5840 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:59:35.0354 5840 ql2300 - ok
21:59:35.0416 5840 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:59:35.0416 5840 ql40xx - ok
21:59:35.0463 5840 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:59:35.0463 5840 QWAVE - ok
21:59:35.0510 5840 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:59:35.0510 5840 QWAVEdrv - ok
21:59:35.0557 5840 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:59:35.0557 5840 RasAcd - ok
21:59:35.0603 5840 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:59:35.0619 5840 RasAgileVpn - ok
21:59:35.0635 5840 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:59:35.0635 5840 RasAuto - ok
21:59:35.0666 5840 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:59:35.0666 5840 Rasl2tp - ok
21:59:35.0713 5840 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:59:35.0713 5840 RasMan - ok
21:59:35.0728 5840 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:59:35.0728 5840 RasPppoe - ok
21:59:35.0744 5840 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:59:35.0744 5840 RasSstp - ok
21:59:35.0791 5840 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:59:35.0791 5840 rdbss - ok
21:59:35.0806 5840 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:59:35.0806 5840 rdpbus - ok
21:59:35.0822 5840 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:59:35.0822 5840 RDPCDD - ok
21:59:35.0853 5840 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:59:35.0853 5840 RDPENCDD - ok
21:59:35.0869 5840 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:59:35.0869 5840 RDPREFMP - ok
21:59:35.0900 5840 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:59:35.0915 5840 RDPWD - ok
21:59:35.0962 5840 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:59:35.0962 5840 rdyboost - ok
21:59:36.0025 5840 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:59:36.0025 5840 RemoteAccess - ok
21:59:36.0087 5840 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:59:36.0103 5840 RemoteRegistry - ok
21:59:36.0118 5840 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:59:36.0134 5840 RpcEptMapper - ok
21:59:36.0196 5840 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:59:36.0196 5840 RpcLocator - ok
21:59:36.0227 5840 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:59:36.0227 5840 RpcSs - ok
21:59:36.0305 5840 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:59:36.0321 5840 rspndr - ok
21:59:36.0352 5840 [ 4A25DC970C58104602ED274DACAFD784 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
21:59:36.0352 5840 RSUSBSTOR - ok
21:59:36.0399 5840 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:59:36.0399 5840 SamSs - ok
21:59:36.0461 5840 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
21:59:36.0461 5840 SASDIFSV - ok
21:59:36.0493 5840 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
21:59:36.0493 5840 SASKUTIL - ok
21:59:36.0539 5840 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:59:36.0539 5840 sbp2port - ok
21:59:36.0664 5840 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
21:59:36.0680 5840 SBSDWSCService - ok
21:59:36.0727 5840 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:59:36.0742 5840 SCardSvr - ok
21:59:36.0805 5840 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:59:36.0805 5840 scfilter - ok
21:59:36.0883 5840 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:59:36.0898 5840 Schedule - ok
21:59:36.0929 5840 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:59:36.0929 5840 SCPolicySvc - ok
21:59:36.0976 5840 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:59:36.0976 5840 SDRSVC - ok
21:59:37.0070 5840 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
21:59:37.0070 5840 SeaPort - ok
21:59:37.0101 5840 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:59:37.0101 5840 secdrv - ok
21:59:37.0148 5840 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:59:37.0148 5840 seclogon - ok
21:59:37.0179 5840 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
21:59:37.0195 5840 SENS - ok
21:59:37.0226 5840 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:59:37.0226 5840 SensrSvc - ok
21:59:37.0288 5840 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:59:37.0288 5840 Serenum - ok
21:59:37.0335 5840 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:59:37.0335 5840 Serial - ok
21:59:37.0366 5840 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:59:37.0382 5840 sermouse - ok
21:59:37.0460 5840 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:59:37.0460 5840 SessionEnv - ok
21:59:37.0538 5840 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:59:37.0538 5840 sffdisk - ok
21:59:37.0553 5840 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:59:37.0553 5840 sffp_mmc - ok
21:59:37.0569 5840 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:59:37.0569 5840 sffp_sd - ok
21:59:37.0600 5840 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:59:37.0600 5840 sfloppy - ok
21:59:37.0678 5840 [ 7F475425582163602EF1589C0071E521 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
21:59:37.0678 5840 SftService - ok
21:59:37.0709 5840 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:59:37.0709 5840 SharedAccess - ok
21:59:37.0756 5840 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:59:37.0756 5840 ShellHWDetection - ok
21:59:37.0787 5840 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:59:37.0787 5840 SiSRaid2 - ok
21:59:37.0803 5840 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:59:37.0819 5840 SiSRaid4 - ok
21:59:37.0850 5840 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:59:37.0850 5840 Smb - ok
21:59:37.0897 5840 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:59:37.0897 5840 SNMPTRAP - ok
21:59:37.0912 5840 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:59:37.0912 5840 spldr - ok
21:59:37.0959 5840 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:59:37.0975 5840 Spooler - ok
21:59:38.0099 5840 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:59:38.0115 5840 sppsvc - ok
21:59:38.0146 5840 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:59:38.0146 5840 sppuinotify - ok
21:59:38.0209 5840 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
21:59:38.0209 5840 sprtsvc_DellSupportCenter - ok
21:59:38.0302 5840 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:59:38.0302 5840 srv - ok
21:59:38.0333 5840 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:59:38.0333 5840 srv2 - ok
21:59:38.0349 5840 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:59:38.0349 5840 srvnet - ok
21:59:38.0380 5840 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:59:38.0380 5840 SSDPSRV - ok
21:59:38.0396 5840 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:59:38.0396 5840 SstpSvc - ok
21:59:38.0521 5840 [ 444109453A2B87E6C16BCDA5953E81A9 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
21:59:38.0521 5840 STacSV - ok
21:59:38.0552 5840 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:59:38.0552 5840 stexstor - ok
21:59:38.0583 5840 [ 02E784FA49032F84964DB90A3ED81890 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
21:59:38.0583 5840 STHDA - ok
21:59:38.0630 5840 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:59:38.0645 5840 stisvc - ok
21:59:38.0677 5840 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:59:38.0677 5840 swenum - ok
21:59:38.0723 5840 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:59:38.0739 5840 swprv - ok
21:59:38.0817 5840 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:59:38.0848 5840 SysMain - ok
21:59:38.0879 5840 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:59:38.0879 5840 TabletInputService - ok
21:59:38.0926 5840 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:59:38.0942 5840 TapiSrv - ok
21:59:38.0957 5840 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:59:38.0957 5840 TBS - ok
21:59:39.0035 5840 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:59:39.0098 5840 Tcpip - ok
21:59:39.0176 5840 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:59:39.0191 5840 TCPIP6 - ok
21:59:39.0238 5840 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:59:39.0238 5840 tcpipreg - ok
21:59:39.0301 5840 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:59:39.0301 5840 TDPIPE - ok
21:59:39.0347 5840 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:59:39.0347 5840 TDTCP - ok
21:59:39.0394 5840 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:59:39.0394 5840 tdx - ok
21:59:39.0441 5840 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:59:39.0441 5840 TermDD - ok
21:59:39.0488 5840 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:59:39.0503 5840 TermService - ok
21:59:39.0535 5840 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:59:39.0535 5840 Themes - ok
21:59:39.0566 5840 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:59:39.0566 5840 THREADORDER - ok
21:59:39.0613 5840 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:59:39.0613 5840 TrkWks - ok
21:59:39.0675 5840 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:59:39.0691 5840 TrustedInstaller - ok
21:59:39.0722 5840 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:59:39.0737 5840 tssecsrv - ok
21:59:39.0784 5840 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:59:39.0784 5840 TsUsbFlt - ok
21:59:39.0847 5840 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:59:39.0847 5840 tunnel - ok
21:59:39.0862 5840 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:59:39.0878 5840 uagp35 - ok
21:59:39.0909 5840 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:59:39.0925 5840 udfs - ok
21:59:39.0956 5840 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:59:39.0956 5840 UI0Detect - ok
21:59:40.0003 5840 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:59:40.0003 5840 uliagpkx - ok
21:59:40.0065 5840 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:59:40.0065 5840 umbus - ok
21:59:40.0096 5840 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:59:40.0096 5840 UmPass - ok
21:59:40.0127 5840 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:59:40.0127 5840 upnphost - ok
21:59:40.0159 5840 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:59:40.0159 5840 usbccgp - ok
21:59:40.0205 5840 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:59:40.0205 5840 usbcir - ok
21:59:40.0221 5840 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:59:40.0221 5840 usbehci - ok
21:59:40.0283 5840 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:59:40.0283 5840 usbhub - ok
21:59:40.0299 5840 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:59:40.0299 5840 usbohci - ok
21:59:40.0330 5840 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:59:40.0330 5840 usbprint - ok
21:59:40.0377 5840 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:59:40.0377 5840 USBSTOR - ok
21:59:40.0393 5840 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:59:40.0408 5840 usbuhci - ok
21:59:40.0424 5840 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
21:59:40.0424 5840 usbvideo - ok
21:59:40.0455 5840 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:59:40.0455 5840 UxSms - ok
21:59:40.0471 5840 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:59:40.0486 5840 VaultSvc - ok
21:59:40.0517 5840 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:59:40.0517 5840 vdrvroot - ok
21:59:40.0564 5840 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:59:40.0580 5840 vds - ok
21:59:40.0627 5840 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:59:40.0627 5840 vga - ok
21:59:40.0642 5840 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:59:40.0642 5840 VgaSave - ok
21:59:40.0689 5840 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:59:40.0689 5840 vhdmp - ok
21:59:40.0720 5840 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:59:40.0736 5840 viaide - ok
21:59:40.0751 5840 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:59:40.0751 5840 volmgr - ok
21:59:40.0798 5840 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:59:40.0814 5840 volmgrx - ok
21:59:40.0845 5840 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:59:40.0861 5840 volsnap - ok
21:59:40.0876 5840 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:59:40.0892 5840 vsmraid - ok
21:59:40.0954 5840 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:59:41.0001 5840 VSS - ok
21:59:41.0032 5840 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:59:41.0032 5840 vwifibus - ok
21:59:41.0063 5840 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:59:41.0063 5840 vwififlt - ok
21:59:41.0095 5840 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:59:41.0095 5840 vwifimp - ok
21:59:41.0126 5840 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:59:41.0126 5840 W32Time - ok
21:59:41.0157 5840 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:59:41.0173 5840 WacomPen - ok
21:59:41.0219 5840 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:59:41.0219 5840 WANARP - ok
21:59:41.0235 5840 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:59:41.0251 5840 Wanarpv6 - ok
21:59:41.0360 5840 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:59:41.0391 5840 WatAdminSvc - ok
21:59:41.0469 5840 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:59:41.0563 5840 wbengine - ok
21:59:41.0625 5840 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:59:41.0625 5840 WbioSrvc - ok
21:59:41.0703 5840 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:59:41.0719 5840 wcncsvc - ok
21:59:41.0734 5840 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:59:41.0734 5840 WcsPlugInService - ok
21:59:41.0765 5840 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:59:41.0765 5840 Wd - ok
21:59:41.0797 5840 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:59:41.0812 5840 Wdf01000 - ok
21:59:41.0828 5840 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:59:41.0828 5840 WdiServiceHost - ok
21:59:41.0843 5840 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:59:41.0843 5840 WdiSystemHost - ok
21:59:41.0875 5840 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:59:41.0875 5840 WebClient - ok
21:59:41.0890 5840 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:59:41.0906 5840 Wecsvc - ok
21:59:41.0921 5840 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:59:41.0921 5840 wercplsupport - ok
21:59:41.0953 5840 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:59:41.0968 5840 WerSvc - ok
21:59:41.0984 5840 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:59:41.0984 5840 WfpLwf - ok
21:59:42.0031 5840 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
21:59:42.0031 5840 WimFltr - ok
21:59:42.0077 5840 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:59:42.0077 5840 WIMMount - ok
21:59:42.0093 5840 WinDefend - ok
21:59:42.0109 5840 WinHttpAutoProxySvc - ok
21:59:42.0171 5840 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:59:42.0171 5840 Winmgmt - ok
21:59:42.0265 5840 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:59:42.0327 5840 WinRM - ok
21:59:42.0405 5840 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:59:42.0405 5840 WinUsb - ok
21:59:42.0452 5840 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:59:42.0467 5840 Wlansvc - ok
21:59:42.0608 5840 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:59:42.0639 5840 wlidsvc - ok
21:59:42.0670 5840 [ 13B0A570E1AE451C92DA550085D72CF3 ] wltrysvc C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
21:59:42.0670 5840 wltrysvc - ok
21:59:42.0717 5840 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:59:42.0717 5840 WmiAcpi - ok
21:59:42.0764 5840 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:59:42.0764 5840 wmiApSrv - ok
21:59:42.0795 5840 WMPNetworkSvc - ok
21:59:42.0826 5840 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:59:42.0826 5840 WPCSvc - ok
21:59:42.0873 5840 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:59:42.0873 5840 WPDBusEnum - ok
21:59:42.0904 5840 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:59:42.0904 5840 ws2ifsl - ok
21:59:42.0935 5840 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
21:59:42.0935 5840 wscsvc - ok
21:59:42.0935 5840 WSearch - ok
21:59:43.0045 5840 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:59:43.0076 5840 wuauserv - ok
21:59:43.0091 5840 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:59:43.0107 5840 WudfPf - ok
21:59:43.0138 5840 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:59:43.0154 5840 WUDFRd - ok
21:59:43.0201 5840 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:59:43.0201 5840 wudfsvc - ok
21:59:43.0216 5840 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:59:43.0232 5840 WwanSvc - ok
21:59:43.0310 5840 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
21:59:43.0325 5840 yukonw7 - ok
21:59:43.0341 5840 ================ Scan global ===============================
21:59:43.0388 5840 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:59:43.0450 5840 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:59:43.0513 5840 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:59:43.0575 5840 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:59:43.0606 5840 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:59:43.0606 5840 [Global] - ok
21:59:43.0606 5840 ================ Scan MBR ==================================
21:59:43.0622 5840 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
21:59:43.0887 5840 \Device\Harddisk0\DR0 - ok
21:59:43.0887 5840 ================ Scan VBR ==================================
21:59:43.0887 5840 [ CE1660B4A78827026EAB557BE1BFE095 ] \Device\Harddisk0\DR0\Partition1
21:59:43.0903 5840 \Device\Harddisk0\DR0\Partition1 - ok
21:59:43.0918 5840 [ B7918E8220530DF59279D9336222D500 ] \Device\Harddisk0\DR0\Partition2
21:59:43.0918 5840 \Device\Harddisk0\DR0\Partition2 - ok
21:59:43.0918 5840 ============================================================
21:59:43.0918 5840 Scan finished
21:59:43.0918 5840 ============================================================
21:59:43.0934 5832 Detected object count: 0
21:59:43.0934 5832 Actual detected object count: 0

At 22:04:57 (after the second time TDSSKILLER ran) Malwarebytes detected a TrojanAgent c:\windows\svchost.exe; Quarantined

aswMBR:
aswMBR ran 3 times. The first time, the system blue-screened after about 3 minutes. Message referred to a driver IRQL_ ... So I rebooted and ran aswMBR a second time. The system appreared to hang up, so I cancelled it. (Captured first log file at that point.) Then ran aswMBR a third time, it ran to successful completion. (Captured second log file.) Both log files follow.

aswMBR FIRST LOG (FROM SECOND TIME aswMBR ran):
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-28 22:23:05
-----------------------------
22:23:05.365 OS Version: Windows x64 6.1.7601 Service Pack 1
22:23:05.365 Number of processors: 2 586 0x170A
22:23:05.365 ComputerName: MOORE-PC UserName: Moore
22:23:06.582 Initialize success
22:23:31.604 AVAST engine defs: 12082803
22:23:38.451 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:23:38.451 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
22:23:38.498 Disk 0 MBR read successfully
22:23:38.498 Disk 0 MBR scan
22:23:38.513 Disk 0 Windows VISTA default MBR code
22:23:38.513 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
22:23:38.545 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
22:23:38.623 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920
22:23:38.654 Disk 0 scanning C:\Windows\system32\drivers
22:23:52.039 Service scanning
22:24:17.763 Modules scanning
22:24:17.763 Disk 0 trace - called modules:
22:24:17.841 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:24:18.356 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004574060]
22:24:18.356 3 CLASSPNP.SYS[fffff88001d8943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004131050]
22:24:19.947 AVAST engine scan C:\Windows
22:25:15.234 AVAST engine scan C:\Windows\system32
22:30:54.175 AVAST engine scan C:\Windows\system32\drivers
22:31:08.590 AVAST engine scan C:\Users\Moore

aswMBR THIRD SCAN:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-28 22:47:12
-----------------------------
22:47:12.303 OS Version: Windows x64 6.1.7601 Service Pack 1
22:47:12.303 Number of processors: 2 586 0x170A
22:47:12.303 ComputerName: MOORE-PC UserName: Moore
22:47:13.738 Initialize success
22:47:25.079 AVAST engine defs: 12082803
22:47:35.141 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:47:35.157 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
22:47:35.172 Disk 0 MBR read successfully
22:47:35.172 Disk 0 MBR scan
22:47:35.188 Disk 0 Windows VISTA default MBR code
22:47:35.203 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
22:47:35.219 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
22:47:35.235 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920
22:47:35.281 Disk 0 scanning C:\Windows\system32\drivers
22:47:52.020 Service scanning
22:48:16.232 Modules scanning
22:48:16.232 Disk 0 trace - called modules:
22:48:16.294 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:48:16.824 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004574060]
22:48:16.824 3 CLASSPNP.SYS[fffff88001d8943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004131050]
22:48:18.119 AVAST engine scan C:\Windows
22:48:23.891 AVAST engine scan C:\Windows\system32
22:51:32.402 AVAST engine scan C:\Windows\system32\drivers
22:51:47.908 AVAST engine scan C:\Users\Moore
23:35:45.717 AVAST engine scan C:\ProgramData
23:48:09.058 Scan finished successfully

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:12 PM

Posted 29 August 2012 - 08:09 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 RobertBobM

RobertBobM
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 29 August 2012 - 11:34 AM

I copied the script file. Stopped Spybot, Malwarebytes, and SuperAntiVirus. McAfee's Anti-virus and Anti-Spyware would not shut down so I removed it for now so it won't interfere with ComboFix.
When I ran ComboFix it ran thru stage 50, then displayed message "System File is infected, Attempting to restore" c:\windows\SysWow64\Drivers\atapi.sys
After several minutes ComboFix displayed message "A readily available replacement was not found", then ComboFix's window closed and system rebooted automatically
When the system came back up, ComboFix was running, displayed message "Preparing Log Report"
After a few minutes, ComboFix displayed its log report in notepad. I can see it on the screen, but cannot save it or copy it. Some of the keyboard keys work, for example I can page up/page down. The mouse moves, but the FILE etc drop-downs at the top of the screen don't work. Can't copy the contents of the report. Also, the internet connection icon at the lower right corner of screen is frozen. The screen is still up (I can read it). Prnt Srn button isnt responding either. The START button is non-responsive as well, so won't be able to do a clean shut-down.

#15 RobertBobM

RobertBobM
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 29 August 2012 - 11:59 AM

Sorry, I forgot I could resort to Alt/F to open the FILE drop-down, etc.
Saved it to thumb-drive and copied it to this desktop ok.. Log File Follows:

ComboFix 12-08-25.04 - Moore 08/29/2012 9:58.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2745 [GMT -5:00]
Running from: c:\users\Moore\Downloads\ComboFix.exe
Command switches used :: c:\users\Moore\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\Drivers\atapi.sys . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-29 )))))))))))))))))))))))))))))))
.
.
2012-08-29 15:26 . 2012-08-29 15:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-29 15:26 . 2012-08-29 15:26 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-08-29 02:55 . 2012-08-29 02:55 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-25 21:14 . 2012-08-25 21:14 -------- d-----w- c:\users\Moore\AppData\Roaming\SUPERAntiSpyware.com
2012-08-25 21:14 . 2012-08-25 21:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-25 21:14 . 2012-08-25 21:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-22 02:33 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-22 02:33 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-22 02:33 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-22 02:33 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-21 02:29 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-19 22:45 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-19 22:45 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-19 22:45 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-19 22:45 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-19 22:45 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-19 20:19 . 2012-08-19 20:19 -------- d-----w- c:\users\Moore\AppData\Roaming\Malwarebytes
2012-08-19 20:19 . 2012-08-19 20:19 -------- d-----w- c:\programdata\Malwarebytes
2012-08-19 20:19 . 2012-08-21 03:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-19 17:31 . 2012-08-19 22:03 -------- d-----w- c:\users\Administrator.Moore-PC
2012-08-19 16:34 . 2012-08-27 20:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-19 16:34 . 2012-08-21 13:38 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-08-19 13:11 . 2012-08-19 13:11 -------- d-----w- c:\users\Moore\AppData\Roaming\Macrovision
2012-08-18 01:34 . 2012-08-18 01:34 -------- d-----w- c:\windows\system32\Macromed
2012-08-18 00:29 . 2012-08-18 00:29 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-16 00:13 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-16 00:13 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-16 00:12 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-21 03:59 . 2009-12-13 12:47 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-06-09 05:43 . 2012-07-11 12:24 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-07 01:59 . 2012-06-07 01:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 12:24 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 12:24 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 12:24 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 12:24 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 12:24 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 12:24 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 12:37 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 12:37 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 12:37 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 12:37 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 12:37 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 12:37 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 12:37 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-21 12:37 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-21 12:37 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 12:24 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 12:24 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 12:24 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 12:24 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 12:24 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 12:24 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 12:24 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 12:24 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 12:24 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-27_21.56.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-04 08:14 . 2012-08-29 15:28 49950 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-29 15:28 41856 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-11 02:35 . 2012-08-29 15:28 16052 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-668228319-2619682206-3320056601-1001_UserData.bin
+ 2009-12-10 23:28 . 2012-08-29 12:25 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-10 23:28 . 2012-08-27 21:56 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-10 23:28 . 2012-08-29 12:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-10 23:28 . 2012-08-27 21:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-27 21:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-29 12:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-08-29 02:49 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-07-11 13:30 . 2012-08-27 22:09 3724 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-07-11 13:30 . 2012-08-25 23:40 3724 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-08-27 21:56 . 2012-08-27 21:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-29 15:26 . 2012-08-29 15:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-29 15:26 . 2012-08-29 15:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-27 21:56 . 2012-08-27 21:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-08-27 21:57 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-29 14:49 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-29 14:49 704512 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-27 21:57 704512 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-11 00:07 . 2012-08-29 00:24 252512 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-08-27 21:02 624200 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-27 23:02 624200 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-27 23:02 106544 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-27 21:02 106544 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-08-29 15:26 275836 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-27 21:55 275836 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-08-27 21:57 2703360 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-29 14:49 2703360 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-07 15:32 . 2012-08-29 15:26 3848658 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-668228319-2619682206-3320056601-1001-8192.dat
- 2012-03-01 18:13 . 2012-08-27 21:55 2095454 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-668228319-2619682206-3320056601-1001-12288.dat
+ 2012-03-01 18:13 . 2012-08-29 15:26 2095454 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-668228319-2619682206-3320056601-1001-12288.dat
+ 2012-08-18 21:02 . 2012-08-29 02:55 5339916 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2012-08-18 21:02 . 2012-08-27 21:55 5339916 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-19 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 19550344]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-09-11 1779952]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Absolute Notifier"="c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2010-10-08 86184]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2012-03-08 4280184]
.
c:\users\Moore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-11 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-11 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-14 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-08 10408]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-09-17 656624]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-11 02:38]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-11 02:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.nativewaters.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-06976628.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-08-29 10:32:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-29 15:32
ComboFix2.txt 2012-08-27 22:04
ComboFix3.txt 2012-08-25 23:34
.
Pre-Run: 251,546,419,200 bytes free
Post-Run: 251,499,261,952 bytes free
.
- - End Of File - - 0456F81EE62948B7A6A217AB4C723273




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users