Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with File Recovery-Can't run TDSSKiller


  • This topic is locked This topic is locked
20 replies to this topic

#1 mrprice

mrprice

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 10 September 2012 - 11:27 PM

I was able to run Antimalwarebytes but it only detected and removed two files. I then tried to run TDSSKiller but I can't get it to run even in safe mode no matter what I rename it as. Thanks in advance for any help you can give me.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Jenna at 22:56:53 on 2012-09-10
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2540 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.google.com/ig?rls=ig&hl=en&source=iglk
uDefault_Page_URL = g.msn.com/USCON/1
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IWantThis: {50fc0ec5-bea7-4d57-909d-6380a5ad5697} - C:\Program Files (x86)\IWantThis\IWantThis.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120630014144.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
uRun: [Facebook Update] "C:\Users\Jenna\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [2Q0yaOUpech7NP] C:\ProgramData\2Q0yaOUpech7NP.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [tJeOfxpyoLkuKU.exe] C:\ProgramData\tJeOfxpyoLkuKU.exe
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 10.217.145.80
TCP: Interfaces\{009741DE-3AC5-4FAB-804B-581677FC414B} : DhcpNameServer = 10.217.145.80
TCP: Interfaces\{2D65DE48-B441-4BB3-AA10-AABB28F8ECA5} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{2D65DE48-B441-4BB3-AA10-AABB28F8ECA5}\2375942554036343 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{2D65DE48-B441-4BB3-AA10-AABB28F8ECA5}\2375942554036383 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{2D65DE48-B441-4BB3-AA10-AABB28F8ECA5}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IWantThis: {50FC0EC5-BEA7-4d57-909D-6380A5AD5697} - C:\Program Files (x86)\IWantThis\IWantThis.dll
BHO-X64: IWantThis - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120630014144.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [tJeOfxpyoLkuKU.exe] C:\ProgramData\tJeOfxpyoLkuKU.exe
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-9-16 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-9-16 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-1-16 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-1-16 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2011-1-16 162192]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-9-16 249936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-16 250056]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-1-16 98208]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-9-16 249936]
S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-1-16 705856]
S4 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-1-16 2533400]
.
=============== Created Last 30 ================
.
2012-09-10 03:19:21 270848 ----a-w- C:\ProgramData\123.exe
2012-09-10 03:06:31 373248 ----a-w- C:\ProgramData\123 (2).exe
2012-08-16 23:20:58 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-16 22:57:20 552448 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-08-16 00:58:11 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-16 00:58:10 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-16 00:58:06 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-16 00:58:06 67584 ----a-w- C:\Windows\splwow64.exe
2012-08-16 00:58:06 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-16 00:58:06 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-16 00:57:59 58880 ----a-w- C:\Windows\System32\browcli.dll
2012-08-16 00:57:59 41472 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-16 00:57:59 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-16 00:57:57 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-08-16 00:57:56 956416 ----a-w- C:\Windows\System32\localspl.dll
.
==================== Find3M ====================
.
2012-08-20 02:02:28 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 23:13:21.38 ===============

Attached Files


Edited by mrprice, 10 September 2012 - 11:28 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:40 PM

Posted 10 September 2012 - 11:55 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.



--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 mrprice

mrprice
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 11 September 2012 - 07:26 AM

Hi Gringo,

Thanks for your assistance! RougeKiller ran without any issues and here is what the scan report produced:

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Jenna [Admin rights]
Mode : Scan -- Date : 09/11/2012 07:15:36

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 33 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : 2Q0yaOUpech7NP (C:\ProgramData\2Q0yaOUpech7NP.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1560078477-2472552420-2716455373-1000[...]\Run : 2Q0yaOUpech7NP (C:\ProgramData\2Q0yaOUpech7NP.exe) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : tJeOfxpyoLkuKU.exe (C:\ProgramData\tJeOfxpyoLkuKU.exe) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] 6bbb4b1d53db29164185b5940ebb30ed
[BSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30928845 | Size: 461823 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] ba94695639da83fd89510a5e98edf9c2
[BSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30928845 | Size: 461823 Mo
3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 976744448 | Size: 10 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] ba94695639da83fd89510a5e98edf9c2
[BSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30928845 | Size: 461823 Mo
3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 976744448 | Size: 10 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:40 PM

Posted 11 September 2012 - 07:41 AM

Greetings

I need you to make a bootable usb and to make a screenshot for me - follow the instructions below to do this

How to create a bootable Puppy USB Drive

  • Download and save a copy of the latest Puppy ISO file
  • Download and save a copy of Unetbootin for Windows.
  • Insert an empty formatted USB drive into a USB port on the computer that's being used to create the bootable USB.
  • Launch Unetbootin ....
  • Ensure that Disk Image is selected.
  • Using the browse button ... browse to and select the Puppy ISO file.
  • Ensure that Type: is set to USB Drive and that the Drive: letter corresponds to the USB drive.
  • Click OK
Unetbootin will now copy the Puppy files to the USB and make it a bootable device.

Next

You need to change the boot order of the computer to boot from a USB drive ....

  • Read HERE for instructions how to do this.

Now boot into Puppylinux

when you get to the desktop Click on each of the drive items found in the bottom left corner to mount them (when mounted they will have a red cross next to them)

Next - Launch GParted which is found at Menu > System > GParted partition manager,
Click to select All Drives then click Okay
I need you to take a screenshot of the window that opens up - to do this follow these instructions

To take a screenshot in Puppy ....

With the GParted window open ...

  • Click menu > Graphic > mtPaint-snapshot screen capture
  • A small window will open ....

    • Click Capture Now
    • Click OK
  • The mtPaint program will open ....
    • Click File > Save
    • Double click on ../
    • Double click on mnt/
    • Double click on sdb1/
    • Set File Format to JPEG
    • Enter screenshot1 into the text box
    • Click OK

This will save a file screenshot1.jpeg into the USB drive, paste or attach this to your next post

Next

  • Click menu > shutdown > power off computer
  • If prompted to save the session click on No

Puppy will now close down.

remove the usb and save it - we will use it again - boot back into windows and send me the screen capture

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 mrprice

mrprice
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 11 September 2012 - 04:58 PM

Everything went fine. Screenshot is attached.

Attached Files



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:40 PM

Posted 11 September 2012 - 08:07 PM

Hello mrprice

I want you to boot back into GParted and right click on the partition sda1 and select "manage flags" and then select "boot"

exit out of gparted saving as you go and boot back into windows



If the computer does not boot then go back into GParted and try SDA2 and if it still does not boot then try SDA3



report back here when then computer boots correctely



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 mrprice

mrprice
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 11 September 2012 - 08:31 PM

Okay,

Booting into SDA1 took me to Dell's System Diagonstics.
Booting into SDA2 appears to boot Windows 7 properly.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:40 PM

Posted 11 September 2012 - 08:54 PM

Hello Mr.Price


very good!! Now we need to boot into GParted once more and this time I want you to right click on the hidden partition (SDA4) and select delete

exit out of GParted and boot back into windows and report back here


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 mrprice

mrprice
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 11 September 2012 - 09:13 PM

Thanks Gringo!

SDA4 was deleted successfully and I booted back in to Windows.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:40 PM

Posted 11 September 2012 - 09:20 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 mrprice

mrprice
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 11 September 2012 - 10:16 PM

Ran Combofix without any issues. Log is attached.

I finally have items showing back in my start menu and things seem to be running okay.

Attached Files



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:40 PM

Posted 11 September 2012 - 10:26 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 mrprice

mrprice
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 11 September 2012 - 11:08 PM

Thanks Gringo! TDSSKiller ran without issues and produced the following:
22:44:12.0211 1544 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
22:44:14.0223 1544 ============================================================
22:44:14.0223 1544 Current date / time: 2012/09/11 22:44:14.0223
22:44:14.0223 1544 SystemInfo:
22:44:14.0223 1544
22:44:14.0223 1544 OS Version: 6.1.7600 ServicePack: 0.0
22:44:14.0223 1544 Product type: Workstation
22:44:14.0223 1544 ComputerName: JENNA-PC
22:44:14.0223 1544 UserName: Jenna
22:44:14.0223 1544 Windows directory: C:\Windows
22:44:14.0223 1544 System windows directory: C:\Windows
22:44:14.0223 1544 Running under WOW64
22:44:14.0223 1544 Processor architecture: Intel x64
22:44:14.0223 1544 Number of processors: 4
22:44:14.0223 1544 Page size: 0x1000
22:44:14.0223 1544 Boot type: Normal boot
22:44:14.0223 1544 ============================================================
22:44:14.0894 1544 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:44:14.0894 1544 ============================================================
22:44:14.0894 1544 \Device\Harddisk0\DR0:
22:44:14.0894 1544 MBR partitions:
22:44:14.0894 1544 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x32F8E
22:44:14.0894 1544 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x1D4C000
22:44:14.0894 1544 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1D7EFCD, BlocksNum 0x385FF863
22:44:14.0894 1544 ============================================================
22:44:14.0941 1544 C: <-> \Device\Harddisk0\DR0\Partition3
22:44:14.0941 1544 V: <-> \Device\Harddisk0\DR0\Partition1
22:44:14.0941 1544 ============================================================
22:44:14.0941 1544 Initialize success
22:44:14.0941 1544 ============================================================
22:44:21.0758 3036 ============================================================
22:44:21.0758 3036 Scan started
22:44:21.0758 3036 Mode: Manual;
22:44:21.0758 3036 ============================================================
22:44:22.0211 3036 ================ Scan system memory ========================
22:44:22.0211 3036 System memory - ok
22:44:22.0226 3036 ================ Scan services =============================
22:44:22.0351 3036 [ 7D9D615201A483D6FA99491C2E655A5A ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
22:44:22.0351 3036 !SASCORE - ok
22:44:22.0538 3036 [ 969C91060CBB5D17CB8440B5F78B4C51 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
22:44:22.0538 3036 1394ohci - ok
22:44:22.0569 3036 [ 794FF35015209B9D44F1360C42C9776D ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
22:44:22.0585 3036 ACPI - ok
22:44:22.0616 3036 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
22:44:22.0616 3036 AcpiPmi - ok
22:44:22.0757 3036 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:44:22.0757 3036 AdobeFlashPlayerUpdateSvc - ok
22:44:22.0835 3036 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:44:22.0850 3036 adp94xx - ok
22:44:22.0866 3036 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:44:22.0881 3036 adpahci - ok
22:44:22.0897 3036 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:44:22.0897 3036 adpu320 - ok
22:44:22.0928 3036 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:44:22.0944 3036 AeLookupSvc - ok
22:44:23.0006 3036 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
22:44:23.0022 3036 AERTFilters - ok
22:44:23.0069 3036 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
22:44:23.0069 3036 AFD - ok
22:44:23.0100 3036 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
22:44:23.0100 3036 agp440 - ok
22:44:23.0131 3036 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:44:23.0131 3036 ALG - ok
22:44:23.0178 3036 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
22:44:23.0178 3036 aliide - ok
22:44:23.0193 3036 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
22:44:23.0193 3036 amdide - ok
22:44:23.0209 3036 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:44:23.0225 3036 AmdK8 - ok
22:44:23.0240 3036 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:44:23.0240 3036 AmdPPM - ok
22:44:23.0287 3036 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:44:23.0287 3036 amdsata - ok
22:44:23.0303 3036 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:44:23.0318 3036 amdsbs - ok
22:44:23.0334 3036 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:44:23.0334 3036 amdxata - ok
22:44:23.0365 3036 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
22:44:23.0365 3036 AppID - ok
22:44:23.0396 3036 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:44:23.0396 3036 AppIDSvc - ok
22:44:23.0412 3036 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
22:44:23.0412 3036 Appinfo - ok
22:44:23.0521 3036 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:44:23.0521 3036 Apple Mobile Device - ok
22:44:23.0583 3036 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:44:23.0599 3036 arc - ok
22:44:23.0630 3036 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:44:23.0630 3036 arcsas - ok
22:44:23.0661 3036 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:44:23.0661 3036 AsyncMac - ok
22:44:23.0708 3036 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
22:44:23.0708 3036 atapi - ok
22:44:23.0755 3036 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:44:23.0771 3036 AudioEndpointBuilder - ok
22:44:23.0786 3036 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:44:23.0802 3036 AudioSrv - ok
22:44:23.0833 3036 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:44:23.0833 3036 AxInstSV - ok
22:44:23.0880 3036 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:44:23.0895 3036 b06bdrv - ok
22:44:23.0927 3036 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:44:23.0942 3036 b57nd60a - ok
22:44:24.0067 3036 [ 8B5D16D20774FC3727F44E161BE2C0AC ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
22:44:24.0161 3036 BCM43XX - ok
22:44:24.0192 3036 [ D224B2E6BB543F1D8F1177D57FEC2950 ] BcmVWL C:\Windows\system32\DRIVERS\bcmvwl64.sys
22:44:24.0192 3036 BcmVWL - ok
22:44:24.0223 3036 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:44:24.0223 3036 BDESVC - ok
22:44:24.0254 3036 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:44:24.0254 3036 Beep - ok
22:44:24.0301 3036 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
22:44:24.0348 3036 BFE - ok
22:44:24.0395 3036 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
22:44:24.0410 3036 BITS - ok
22:44:24.0426 3036 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:44:24.0441 3036 blbdrive - ok
22:44:24.0504 3036 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
22:44:24.0504 3036 Bonjour Service - ok
22:44:24.0551 3036 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:44:24.0551 3036 bowser - ok
22:44:24.0597 3036 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:44:24.0597 3036 BrFiltLo - ok
22:44:24.0613 3036 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:44:24.0613 3036 BrFiltUp - ok
22:44:24.0675 3036 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:44:24.0675 3036 BridgeMP - ok
22:44:24.0722 3036 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
22:44:24.0722 3036 Browser - ok
22:44:24.0753 3036 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:44:24.0769 3036 Brserid - ok
22:44:24.0785 3036 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:44:24.0785 3036 BrSerWdm - ok
22:44:24.0816 3036 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:44:24.0816 3036 BrUsbMdm - ok
22:44:24.0816 3036 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:44:24.0816 3036 BrUsbSer - ok
22:44:24.0878 3036 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
22:44:24.0878 3036 BthEnum - ok
22:44:24.0909 3036 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:44:24.0909 3036 BTHMODEM - ok
22:44:24.0941 3036 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
22:44:24.0941 3036 BthPan - ok
22:44:24.0972 3036 [ D59773C7FDD3D795D6FE402EEEA8D71E ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
22:44:24.0987 3036 BTHPORT - ok
22:44:25.0034 3036 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:44:25.0034 3036 bthserv - ok
22:44:25.0050 3036 [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
22:44:25.0065 3036 BTHUSB - ok
22:44:25.0081 3036 [ D3466F77C2C49C6E393BA5FBA963A33E ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
22:44:25.0081 3036 btusbflt - ok
22:44:25.0128 3036 [ AF838D8029AE7C27470862D63FA54D24 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
22:44:25.0128 3036 btwaudio - ok
22:44:25.0175 3036 [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
22:44:25.0175 3036 btwavdt - ok
22:44:25.0253 3036 [ 10FFB5FA51D5713D872B41A59DFC2213 ] btwdins c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
22:44:25.0284 3036 btwdins - ok
22:44:25.0331 3036 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
22:44:25.0331 3036 btwl2cap - ok
22:44:25.0362 3036 [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
22:44:25.0362 3036 btwrchid - ok
22:44:25.0377 3036 catchme - ok
22:44:25.0424 3036 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:44:25.0424 3036 cdfs - ok
22:44:25.0487 3036 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:44:25.0502 3036 cdrom - ok
22:44:25.0533 3036 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
22:44:25.0533 3036 CertPropSvc - ok
22:44:25.0565 3036 [ 274CE03459896006F7A5069266E0469E ] cfwids C:\Windows\system32\drivers\cfwids.sys
22:44:25.0565 3036 cfwids - ok
22:44:25.0580 3036 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:44:25.0580 3036 circlass - ok
22:44:25.0611 3036 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:44:25.0611 3036 CLFS - ok
22:44:25.0721 3036 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:44:25.0721 3036 clr_optimization_v2.0.50727_32 - ok
22:44:25.0767 3036 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:44:25.0767 3036 clr_optimization_v2.0.50727_64 - ok
22:44:25.0861 3036 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:44:25.0861 3036 clr_optimization_v4.0.30319_32 - ok
22:44:25.0908 3036 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:44:25.0908 3036 clr_optimization_v4.0.30319_64 - ok
22:44:25.0939 3036 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:44:25.0939 3036 CmBatt - ok
22:44:25.0970 3036 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
22:44:25.0970 3036 cmdide - ok
22:44:26.0033 3036 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
22:44:26.0048 3036 CNG - ok
22:44:26.0079 3036 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:44:26.0079 3036 Compbatt - ok
22:44:26.0095 3036 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:44:26.0095 3036 CompositeBus - ok
22:44:26.0111 3036 COMSysApp - ok
22:44:26.0126 3036 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:44:26.0126 3036 crcdisk - ok
22:44:26.0173 3036 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:44:26.0189 3036 CryptSvc - ok
22:44:26.0235 3036 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
22:44:26.0235 3036 CtClsFlt - ok
22:44:26.0298 3036 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:44:26.0298 3036 DcomLaunch - ok
22:44:26.0329 3036 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:44:26.0345 3036 defragsvc - ok
22:44:26.0376 3036 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:44:26.0391 3036 DfsC - ok
22:44:26.0407 3036 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
22:44:26.0423 3036 Dhcp - ok
22:44:26.0454 3036 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:44:26.0454 3036 discache - ok
22:44:26.0485 3036 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:44:26.0501 3036 Disk - ok
22:44:26.0547 3036 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:44:26.0547 3036 Dnscache - ok
22:44:26.0610 3036 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
22:44:26.0610 3036 DockLoginService - ok
22:44:26.0657 3036 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
22:44:26.0657 3036 dot3svc - ok
22:44:26.0688 3036 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
22:44:26.0703 3036 DPS - ok
22:44:26.0719 3036 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:44:26.0735 3036 drmkaud - ok
22:44:26.0781 3036 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:44:26.0813 3036 DXGKrnl - ok
22:44:26.0859 3036 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:44:26.0859 3036 EapHost - ok
22:44:26.0953 3036 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:44:27.0062 3036 ebdrv - ok
22:44:27.0093 3036 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
22:44:27.0093 3036 EFS - ok
22:44:27.0156 3036 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:44:27.0171 3036 ehRecvr - ok
22:44:27.0218 3036 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:44:27.0218 3036 ehSched - ok
22:44:27.0265 3036 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:44:27.0265 3036 elxstor - ok
22:44:27.0312 3036 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
22:44:27.0312 3036 ErrDev - ok
22:44:27.0359 3036 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:44:27.0359 3036 EventSystem - ok
22:44:27.0405 3036 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:44:27.0405 3036 exfat - ok
22:44:27.0421 3036 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:44:27.0437 3036 fastfat - ok
22:44:27.0483 3036 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
22:44:27.0499 3036 Fax - ok
22:44:27.0515 3036 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:44:27.0515 3036 fdc - ok
22:44:27.0546 3036 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:44:27.0561 3036 fdPHost - ok
22:44:27.0561 3036 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:44:27.0577 3036 FDResPub - ok
22:44:27.0608 3036 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:44:27.0608 3036 FileInfo - ok
22:44:27.0624 3036 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:44:27.0624 3036 Filetrace - ok
22:44:27.0655 3036 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:44:27.0655 3036 flpydisk - ok
22:44:27.0671 3036 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:44:27.0686 3036 FltMgr - ok
22:44:27.0733 3036 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
22:44:27.0749 3036 FontCache - ok
22:44:27.0795 3036 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:44:27.0795 3036 FontCache3.0.0.0 - ok
22:44:27.0827 3036 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:44:27.0827 3036 FsDepends - ok
22:44:27.0873 3036 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:44:27.0889 3036 Fs_Rec - ok
22:44:27.0920 3036 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:44:27.0920 3036 fvevol - ok
22:44:27.0967 3036 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:44:27.0967 3036 gagp30kx - ok
22:44:28.0029 3036 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
22:44:28.0045 3036 GamesAppService - ok
22:44:28.0092 3036 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:44:28.0170 3036 GEARAspiWDM - ok
22:44:28.0232 3036 [ 8F6AE606EB0CC884EE12C41948424422 ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe
22:44:28.0295 3036 GoToAssist - ok
22:44:28.0357 3036 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
22:44:28.0388 3036 gpsvc - ok
22:44:28.0435 3036 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:44:28.0435 3036 hcw85cir - ok
22:44:28.0451 3036 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:44:28.0466 3036 HDAudBus - ok
22:44:28.0513 3036 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
22:44:28.0513 3036 HECIx64 - ok
22:44:28.0544 3036 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:44:28.0544 3036 HidBatt - ok
22:44:28.0560 3036 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:44:28.0560 3036 HidBth - ok
22:44:28.0591 3036 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:44:28.0591 3036 HidIr - ok
22:44:28.0638 3036 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
22:44:28.0638 3036 hidserv - ok
22:44:28.0669 3036 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:44:28.0669 3036 HidUsb - ok
22:44:28.0700 3036 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:44:28.0716 3036 hkmsvc - ok
22:44:28.0747 3036 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:44:28.0747 3036 HomeGroupListener - ok
22:44:28.0778 3036 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:44:28.0794 3036 HomeGroupProvider - ok
22:44:28.0825 3036 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
22:44:28.0825 3036 HpSAMD - ok
22:44:28.0872 3036 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:44:28.0872 3036 HTTP - ok
22:44:28.0887 3036 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:44:28.0887 3036 hwpolicy - ok
22:44:28.0934 3036 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:44:28.0950 3036 i8042prt - ok
22:44:28.0981 3036 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
22:44:28.0997 3036 iaStor - ok
22:44:29.0043 3036 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:44:29.0059 3036 iaStorV - ok
22:44:29.0121 3036 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:44:29.0153 3036 idsvc - ok
22:44:29.0402 3036 [ 31569A2E836C12014148BF7342716946 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
22:44:29.0730 3036 igfx - ok
22:44:29.0792 3036 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:44:29.0792 3036 iirsp - ok
22:44:29.0855 3036 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
22:44:29.0870 3036 IKEEXT - ok
22:44:29.0901 3036 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
22:44:29.0901 3036 Impcd - ok
22:44:29.0979 3036 [ 6E4CCB3AFF07E2B9F2A937385C84B573 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:44:30.0182 3036 IntcAzAudAddService - ok
22:44:30.0198 3036 [ 03C74719D48056A1078F3A51CEB76BAA ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
22:44:30.0198 3036 IntcDAud - ok
22:44:30.0245 3036 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
22:44:30.0245 3036 intelide - ok
22:44:30.0291 3036 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:44:30.0291 3036 intelppm - ok
22:44:30.0323 3036 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:44:30.0338 3036 IPBusEnum - ok
22:44:30.0354 3036 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:44:30.0354 3036 IpFilterDriver - ok
22:44:30.0401 3036 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:44:30.0416 3036 iphlpsvc - ok
22:44:30.0432 3036 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:44:30.0432 3036 IPMIDRV - ok
22:44:30.0463 3036 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:44:30.0463 3036 IPNAT - ok
22:44:30.0525 3036 [ D38469601B72D2DA4F847FC642174E21 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:44:30.0541 3036 iPod Service - ok
22:44:30.0572 3036 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:44:30.0572 3036 IRENUM - ok
22:44:30.0603 3036 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
22:44:30.0603 3036 isapnp - ok
22:44:30.0635 3036 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:44:30.0635 3036 iScsiPrt - ok
22:44:30.0666 3036 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:44:30.0666 3036 kbdclass - ok
22:44:30.0697 3036 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:44:30.0697 3036 kbdhid - ok
22:44:30.0728 3036 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
22:44:30.0728 3036 KeyIso - ok
22:44:30.0759 3036 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:44:30.0759 3036 KSecDD - ok
22:44:30.0791 3036 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:44:30.0791 3036 KSecPkg - ok
22:44:30.0806 3036 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:44:30.0806 3036 ksthunk - ok
22:44:30.0837 3036 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:44:30.0853 3036 KtmRm - ok
22:44:30.0884 3036 [ 39918DB0EFCF045A1CE6FABBF339F975 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
22:44:30.0884 3036 L1C - ok
22:44:30.0947 3036 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:44:30.0947 3036 LanmanServer - ok
22:44:30.0978 3036 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:44:30.0978 3036 LanmanWorkstation - ok
22:44:31.0025 3036 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:44:31.0025 3036 lltdio - ok
22:44:31.0056 3036 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:44:31.0056 3036 lltdsvc - ok
22:44:31.0087 3036 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:44:31.0103 3036 lmhosts - ok
22:44:31.0165 3036 [ 23D990150D56B670A62B21B9ABDD45EE ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
22:44:31.0165 3036 LMS - ok
22:44:31.0196 3036 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:44:31.0196 3036 LSI_FC - ok
22:44:31.0227 3036 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:44:31.0243 3036 LSI_SAS - ok
22:44:31.0259 3036 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:44:31.0259 3036 LSI_SAS2 - ok
22:44:31.0274 3036 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:44:31.0274 3036 LSI_SCSI - ok
22:44:31.0305 3036 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:44:31.0305 3036 luafv - ok
22:44:31.0399 3036 [ ACB01BF1A905356AB7F978C7FE852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:44:31.0415 3036 McMPFSvc - ok
22:44:31.0430 3036 [ ACB01BF1A905356AB7F978C7FE852209 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
22:44:31.0446 3036 mcmscsvc - ok
22:44:31.0461 3036 [ ACB01BF1A905356AB7F978C7FE852209 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
22:44:31.0477 3036 McNaiAnn - ok
22:44:31.0477 3036 [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
22:44:31.0493 3036 McNASvc - ok
22:44:31.0602 3036 [ 44D0DA102FA7A1BE22FD7499E80DCF9B ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe
22:44:31.0617 3036 McODS - ok
22:44:31.0633 3036 [ ACB01BF1A905356AB7F978C7FE852209 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
22:44:31.0633 3036 McOobeSv - ok
22:44:31.0664 3036 [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
22:44:31.0664 3036 McProxy - ok
22:44:31.0742 3036 [ E998E3B12101288D716558466CBF6AE1 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
22:44:31.0742 3036 McShield - ok
22:44:31.0789 3036 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:44:31.0805 3036 Mcx2Svc - ok
22:44:31.0836 3036 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:44:31.0836 3036 megasas - ok
22:44:31.0867 3036 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:44:31.0867 3036 MegaSR - ok
22:44:31.0914 3036 [ 01884CB7655C8908B43FF5E364FE6FD2 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
22:44:31.0914 3036 mfeapfk - ok
22:44:31.0961 3036 [ DAB9A9CDFB04E4D68924492AA043019D ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
22:44:31.0961 3036 mfeavfk - ok
22:44:32.0007 3036 mfeavfk01 - ok
22:44:32.0054 3036 [ B26782C3D6045B4464017D7926877560 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
22:44:32.0117 3036 mfefire - ok
22:44:32.0179 3036 [ CE9A3680675C0907ADE16404CA967B49 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
22:44:32.0179 3036 mfefirek - ok
22:44:32.0241 3036 [ 60CF67458DD29CD17E77F2327B1A9A54 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
22:44:32.0257 3036 mfehidk - ok
22:44:32.0273 3036 [ A8129CFB919347F8533C934B365E9202 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
22:44:32.0273 3036 mfenlfk - ok
22:44:32.0288 3036 [ 5041FA2BD2B3A2693B015771BFBF6DCA ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
22:44:32.0288 3036 mferkdet - ok
22:44:32.0319 3036 [ 723A5EB6CEF7F408C3D0F15A82A6BFF8 ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
22:44:32.0335 3036 mfevtp - ok
22:44:32.0366 3036 [ 919C56DB14A0E1E2AB6DA5D2821DC26E ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
22:44:32.0366 3036 mfewfpk - ok
22:44:32.0397 3036 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:44:32.0397 3036 MMCSS - ok
22:44:32.0429 3036 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:44:32.0429 3036 Modem - ok
22:44:32.0460 3036 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:44:32.0460 3036 monitor - ok
22:44:32.0491 3036 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:44:32.0507 3036 mouclass - ok
22:44:32.0538 3036 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:44:32.0538 3036 mouhid - ok
22:44:32.0553 3036 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:44:32.0553 3036 mountmgr - ok
22:44:32.0616 3036 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:44:32.0616 3036 MozillaMaintenance - ok
22:44:32.0647 3036 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
22:44:32.0647 3036 mpio - ok
22:44:32.0663 3036 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:44:32.0678 3036 mpsdrv - ok
22:44:32.0756 3036 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:44:32.0803 3036 MpsSvc - ok
22:44:32.0834 3036 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:44:32.0834 3036 MRxDAV - ok
22:44:32.0865 3036 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:44:32.0865 3036 mrxsmb - ok
22:44:32.0912 3036 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:44:32.0912 3036 mrxsmb10 - ok
22:44:32.0943 3036 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:44:32.0943 3036 mrxsmb20 - ok
22:44:32.0959 3036 [ BCCF16D5FB1109162380E3E28DC9E4E5 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
22:44:32.0959 3036 msahci - ok
22:44:32.0990 3036 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
22:44:33.0006 3036 msdsm - ok
22:44:33.0021 3036 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:44:33.0037 3036 MSDTC - ok
22:44:33.0053 3036 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:44:33.0053 3036 Msfs - ok
22:44:33.0084 3036 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:44:33.0084 3036 mshidkmdf - ok
22:44:33.0099 3036 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
22:44:33.0099 3036 msisadrv - ok
22:44:33.0131 3036 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:44:33.0131 3036 MSiSCSI - ok
22:44:33.0146 3036 msiserver - ok
22:44:33.0177 3036 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:44:33.0177 3036 MSKSSRV - ok
22:44:33.0193 3036 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:44:33.0193 3036 MSPCLOCK - ok
22:44:33.0209 3036 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:44:33.0224 3036 MSPQM - ok
22:44:33.0240 3036 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:44:33.0240 3036 MsRPC - ok
22:44:33.0271 3036 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:44:33.0271 3036 mssmbios - ok
22:44:33.0287 3036 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:44:33.0287 3036 MSTEE - ok
22:44:33.0302 3036 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:44:33.0302 3036 MTConfig - ok
22:44:33.0318 3036 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:44:33.0333 3036 Mup - ok
22:44:33.0365 3036 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
22:44:33.0396 3036 napagent - ok
22:44:33.0443 3036 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:44:33.0443 3036 NativeWifiP - ok
22:44:33.0489 3036 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
22:44:33.0505 3036 NDIS - ok
22:44:33.0536 3036 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:44:33.0536 3036 NdisCap - ok
22:44:33.0567 3036 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:44:33.0567 3036 NdisTapi - ok
22:44:33.0583 3036 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:44:33.0583 3036 Ndisuio - ok
22:44:33.0599 3036 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:44:33.0599 3036 NdisWan - ok
22:44:33.0614 3036 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:44:33.0614 3036 NDProxy - ok
22:44:33.0630 3036 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:44:33.0630 3036 NetBIOS - ok
22:44:33.0661 3036 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:44:33.0661 3036 NetBT - ok
22:44:33.0677 3036 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
22:44:33.0677 3036 Netlogon - ok
22:44:33.0708 3036 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:44:33.0708 3036 Netman - ok
22:44:33.0739 3036 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:44:33.0770 3036 netprofm - ok
22:44:33.0786 3036 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:44:33.0786 3036 NetTcpPortSharing - ok
22:44:33.0848 3036 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:44:33.0848 3036 nfrd960 - ok
22:44:33.0879 3036 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:44:33.0895 3036 NlaSvc - ok
22:44:33.0911 3036 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:44:33.0911 3036 Npfs - ok
22:44:33.0926 3036 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:44:33.0926 3036 nsi - ok
22:44:33.0942 3036 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:44:33.0942 3036 nsiproxy - ok
22:44:34.0004 3036 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:44:34.0020 3036 Ntfs - ok
22:44:34.0051 3036 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:44:34.0051 3036 Null - ok
22:44:34.0098 3036 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:44:34.0113 3036 nvraid - ok
22:44:34.0129 3036 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:44:34.0129 3036 nvstor - ok
22:44:34.0160 3036 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
22:44:34.0176 3036 nv_agp - ok
22:44:34.0191 3036 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:44:34.0191 3036 ohci1394 - ok
22:44:34.0223 3036 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:44:34.0223 3036 ose - ok
22:44:34.0410 3036 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:44:34.0535 3036 osppsvc - ok
22:44:34.0581 3036 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:44:34.0597 3036 p2pimsvc - ok
22:44:34.0628 3036 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:44:34.0644 3036 p2psvc - ok
22:44:34.0675 3036 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:44:34.0675 3036 Parport - ok
22:44:34.0706 3036 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:44:34.0706 3036 partmgr - ok
22:44:34.0737 3036 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:44:34.0737 3036 PcaSvc - ok
22:44:34.0769 3036 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
22:44:34.0769 3036 pci - ok
22:44:34.0800 3036 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
22:44:34.0800 3036 pciide - ok
22:44:34.0847 3036 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:44:34.0847 3036 pcmcia - ok
22:44:34.0878 3036 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:44:34.0878 3036 pcw - ok
22:44:34.0909 3036 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:44:34.0925 3036 PEAUTH - ok
22:44:35.0003 3036 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:44:35.0018 3036 PerfHost - ok
22:44:35.0065 3036 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
22:44:35.0112 3036 pla - ok
22:44:35.0174 3036 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:44:35.0174 3036 PlugPlay - ok
22:44:35.0205 3036 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:44:35.0205 3036 PNRPAutoReg - ok
22:44:35.0221 3036 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:44:35.0221 3036 PNRPsvc - ok
22:44:35.0268 3036 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:44:35.0283 3036 PolicyAgent - ok
22:44:35.0315 3036 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:44:35.0315 3036 Power - ok
22:44:35.0346 3036 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:44:35.0346 3036 PptpMiniport - ok
22:44:35.0377 3036 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:44:35.0393 3036 Processor - ok
22:44:35.0439 3036 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
22:44:35.0439 3036 ProfSvc - ok
22:44:35.0455 3036 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:44:35.0455 3036 ProtectedStorage - ok
22:44:35.0486 3036 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:44:35.0486 3036 Psched - ok
22:44:35.0517 3036 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
22:44:35.0517 3036 PxHlpa64 - ok
22:44:35.0580 3036 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:44:35.0627 3036 ql2300 - ok
22:44:35.0658 3036 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:44:35.0658 3036 ql40xx - ok
22:44:35.0689 3036 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:44:35.0705 3036 QWAVE - ok
22:44:35.0720 3036 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:44:35.0720 3036 QWAVEdrv - ok
22:44:35.0736 3036 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:44:35.0736 3036 RasAcd - ok
22:44:35.0783 3036 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:44:35.0798 3036 RasAgileVpn - ok
22:44:35.0814 3036 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:44:35.0814 3036 RasAuto - ok
22:44:35.0829 3036 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:44:35.0829 3036 Rasl2tp - ok
22:44:35.0861 3036 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
22:44:35.0861 3036 RasMan - ok
22:44:35.0892 3036 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:44:35.0892 3036 RasPppoe - ok
22:44:35.0907 3036 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:44:35.0923 3036 RasSstp - ok
22:44:35.0939 3036 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:44:35.0954 3036 rdbss - ok
22:44:35.0970 3036 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:44:35.0970 3036 rdpbus - ok
22:44:36.0001 3036 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:44:36.0017 3036 RDPCDD - ok
22:44:36.0017 3036 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:44:36.0017 3036 RDPENCDD - ok
22:44:36.0048 3036 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:44:36.0048 3036 RDPREFMP - ok
22:44:36.0079 3036 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:44:36.0095 3036 RDPWD - ok
22:44:36.0126 3036 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:44:36.0126 3036 rdyboost - ok
22:44:36.0157 3036 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:44:36.0157 3036 RemoteAccess - ok
22:44:36.0188 3036 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:44:36.0188 3036 RemoteRegistry - ok
22:44:36.0219 3036 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
22:44:36.0235 3036 RFCOMM - ok
22:44:36.0251 3036 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:44:36.0251 3036 RpcEptMapper - ok
22:44:36.0282 3036 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:44:36.0282 3036 RpcLocator - ok
22:44:36.0313 3036 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
22:44:36.0329 3036 RpcSs - ok
22:44:36.0344 3036 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:44:36.0360 3036 rspndr - ok
22:44:36.0391 3036 [ 22D6B47D004A6568C500680BE2972854 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
22:44:36.0391 3036 RSUSBSTOR - ok
22:44:36.0407 3036 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
22:44:36.0407 3036 SamSs - ok
22:44:36.0453 3036 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
22:44:36.0453 3036 SASDIFSV - ok
22:44:36.0485 3036 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
22:44:36.0485 3036 SASKUTIL - ok
22:44:36.0516 3036 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
22:44:36.0516 3036 sbp2port - ok
22:44:36.0563 3036 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:44:36.0578 3036 SCardSvr - ok
22:44:36.0594 3036 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:44:36.0594 3036 scfilter - ok
22:44:36.0656 3036 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
22:44:36.0672 3036 Schedule - ok
22:44:36.0687 3036 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:44:36.0687 3036 SCPolicySvc - ok
22:44:36.0719 3036 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:44:36.0719 3036 SDRSVC - ok
22:44:36.0812 3036 [ 331E7BDE228914574FC9AE6CD520DAFA ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
22:44:36.0812 3036 SeaPort - ok
22:44:36.0843 3036 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:44:36.0859 3036 secdrv - ok
22:44:36.0875 3036 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
22:44:36.0875 3036 seclogon - ok
22:44:36.0890 3036 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
22:44:36.0890 3036 SENS - ok
22:44:36.0921 3036 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:44:36.0921 3036 SensrSvc - ok
22:44:36.0937 3036 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:44:36.0937 3036 Serenum - ok
22:44:36.0953 3036 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:44:36.0968 3036 Serial - ok
22:44:36.0999 3036 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:44:36.0999 3036 sermouse - ok
22:44:37.0046 3036 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
22:44:37.0046 3036 SessionEnv - ok
22:44:37.0077 3036 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
22:44:37.0077 3036 sffdisk - ok
22:44:37.0077 3036 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:44:37.0093 3036 sffp_mmc - ok
22:44:37.0093 3036 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
22:44:37.0093 3036 sffp_sd - ok
22:44:37.0109 3036 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:44:37.0109 3036 sfloppy - ok
22:44:37.0187 3036 [ 38F88F0DF46C4D42125EF721ABD7F6B9 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
22:44:37.0187 3036 SftService - ok
22:44:37.0218 3036 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:44:37.0218 3036 SharedAccess - ok
22:44:37.0249 3036 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:44:37.0265 3036 ShellHWDetection - ok
22:44:37.0311 3036 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:44:37.0311 3036 SiSRaid2 - ok
22:44:37.0343 3036 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:44:37.0343 3036 SiSRaid4 - ok
22:44:37.0374 3036 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:44:37.0389 3036 Smb - ok
22:44:37.0436 3036 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:44:37.0452 3036 SNMPTRAP - ok
22:44:37.0467 3036 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:44:37.0467 3036 spldr - ok
22:44:37.0499 3036 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
22:44:37.0514 3036 Spooler - ok
22:44:37.0623 3036 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
22:44:37.0639 3036 sppsvc - ok
22:44:37.0655 3036 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:44:37.0655 3036 sppuinotify - ok
22:44:37.0701 3036 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
22:44:37.0717 3036 sprtsvc_DellSupportCenter - ok
22:44:37.0748 3036 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:44:37.0764 3036 srv - ok
22:44:37.0779 3036 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:44:37.0795 3036 srv2 - ok
22:44:37.0826 3036 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:44:37.0826 3036 srvnet - ok
22:44:37.0857 3036 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:44:37.0873 3036 SSDPSRV - ok
22:44:37.0889 3036 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:44:37.0889 3036 SstpSvc - ok
22:44:37.0920 3036 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:44:37.0935 3036 stexstor - ok
22:44:37.0967 3036 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
22:44:37.0982 3036 stisvc - ok
22:44:37.0998 3036 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:44:38.0013 3036 swenum - ok
22:44:38.0029 3036 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:44:38.0060 3036 swprv - ok
22:44:38.0091 3036 [ C25866BDF0E818E02BB8E76845D26E54 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:44:38.0091 3036 SynTP - ok
22:44:38.0154 3036 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
22:44:38.0169 3036 SysMain - ok
22:44:38.0201 3036 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:44:38.0216 3036 TabletInputService - ok
22:44:38.0232 3036 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
22:44:38.0247 3036 TapiSrv - ok
22:44:38.0263 3036 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:44:38.0263 3036 TBS - ok
22:44:38.0341 3036 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:44:38.0357 3036 Tcpip - ok
22:44:38.0435 3036 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:44:38.0435 3036 TCPIP6 - ok
22:44:38.0466 3036 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:44:38.0466 3036 tcpipreg - ok
22:44:38.0481 3036 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:44:38.0481 3036 TDPIPE - ok
22:44:38.0513 3036 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:44:38.0513 3036 TDTCP - ok
22:44:38.0528 3036 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:44:38.0528 3036 tdx - ok
22:44:38.0559 3036 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:44:38.0559 3036 TermDD - ok
22:44:38.0606 3036 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
22:44:38.0622 3036 TermService - ok
22:44:38.0637 3036 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:44:38.0637 3036 Themes - ok
22:44:38.0669 3036 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:44:38.0669 3036 THREADORDER - ok
22:44:38.0684 3036 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:44:38.0700 3036 TrkWks - ok
22:44:38.0731 3036 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:44:38.0731 3036 TrustedInstaller - ok
22:44:38.0762 3036 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:44:38.0762 3036 tssecsrv - ok
22:44:38.0778 3036 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:44:38.0778 3036 tunnel - ok
22:44:38.0793 3036 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:44:38.0809 3036 uagp35 - ok
22:44:38.0840 3036 [ 31BA4A33AFAB6A69EA092B18017F737F ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:44:38.0840 3036 udfs - ok
22:44:38.0887 3036 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:44:38.0887 3036 UI0Detect - ok
22:44:38.0918 3036 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
22:44:38.0918 3036 uliagpkx - ok
22:44:38.0934 3036 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:44:38.0934 3036 umbus - ok
22:44:38.0949 3036 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:44:38.0949 3036 UmPass - ok
22:44:39.0059 3036 [ CBDEE152D73200EE49031A26310B9D3E ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
22:44:39.0074 3036 UNS - ok
22:44:39.0105 3036 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:44:39.0121 3036 upnphost - ok
22:44:39.0168 3036 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:44:39.0168 3036 USBAAPL64 - ok
22:44:39.0215 3036 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:44:39.0230 3036 usbaudio - ok
22:44:39.0261 3036 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:44:39.0261 3036 usbccgp - ok
22:44:39.0293 3036 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
22:44:39.0293 3036 usbcir - ok
22:44:39.0308 3036 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:44:39.0308 3036 usbehci - ok
22:44:39.0355 3036 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:44:39.0371 3036 usbhub - ok
22:44:39.0402 3036 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:44:39.0402 3036 usbohci - ok
22:44:39.0449 3036 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:44:39.0449 3036 usbprint - ok
22:44:39.0511 3036 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:44:39.0511 3036 usbscan - ok
22:44:39.0542 3036 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:44:39.0542 3036 USBSTOR - ok
22:44:39.0573 3036 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:44:39.0589 3036 usbuhci - ok
22:44:39.0636 3036 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
22:44:39.0636 3036 usbvideo - ok
22:44:39.0651 3036 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:44:39.0667 3036 UxSms - ok
22:44:39.0667 3036 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
22:44:39.0667 3036 VaultSvc - ok
22:44:39.0698 3036 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
22:44:39.0698 3036 vdrvroot - ok
22:44:39.0745 3036 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
22:44:39.0761 3036 vds - ok
22:44:39.0792 3036 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:44:39.0792 3036 vga - ok
22:44:39.0839 3036 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:44:39.0839 3036 VgaSave - ok
22:44:39.0854 3036 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
22:44:39.0870 3036 vhdmp - ok
22:44:39.0885 3036 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
22:44:39.0901 3036 viaide - ok
22:44:39.0932 3036 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
22:44:39.0932 3036 volmgr - ok
22:44:39.0948 3036 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:44:39.0963 3036 volmgrx - ok
22:44:39.0979 3036 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
22:44:39.0979 3036 volsnap - ok
22:44:40.0026 3036 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:44:40.0026 3036 vsmraid - ok
22:44:40.0088 3036 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
22:44:40.0151 3036 VSS - ok
22:44:40.0166 3036 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:44:40.0166 3036 vwifibus - ok
22:44:40.0197 3036 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:44:40.0197 3036 vwififlt - ok
22:44:40.0213 3036 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:44:40.0244 3036 W32Time - ok
22:44:40.0260 3036 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:44:40.0275 3036 WacomPen - ok
22:44:40.0307 3036 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:44:40.0307 3036 WANARP - ok
22:44:40.0322 3036 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:44:40.0322 3036 Wanarpv6 - ok
22:44:40.0385 3036 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:44:40.0431 3036 WatAdminSvc - ok
22:44:40.0494 3036 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
22:44:40.0572 3036 wbengine - ok
22:44:40.0603 3036 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:44:40.0619 3036 WbioSrvc - ok
22:44:40.0650 3036 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:44:40.0650 3036 wcncsvc - ok
22:44:40.0681 3036 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:44:40.0681 3036 WcsPlugInService - ok
22:44:40.0712 3036 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:44:40.0712 3036 Wd - ok
22:44:40.0743 3036 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:44:40.0759 3036 Wdf01000 - ok
22:44:40.0775 3036 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:44:40.0775 3036 WdiServiceHost - ok
22:44:40.0790 3036 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:44:40.0790 3036 WdiSystemHost - ok
22:44:40.0821 3036 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
22:44:40.0837 3036 WebClient - ok
22:44:40.0868 3036 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:44:40.0868 3036 Wecsvc - ok
22:44:40.0915 3036 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:44:40.0915 3036 wercplsupport - ok
22:44:40.0946 3036 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:44:40.0962 3036 WerSvc - ok
22:44:40.0977 3036 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:44:40.0977 3036 WfpLwf - ok
22:44:41.0024 3036 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
22:44:41.0024 3036 WimFltr - ok
22:44:41.0040 3036 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:44:41.0055 3036 WIMMount - ok
22:44:41.0087 3036 WinDefend - ok
22:44:41.0087 3036 WinHttpAutoProxySvc - ok
22:44:41.0149 3036 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:44:41.0165 3036 Winmgmt - ok
22:44:41.0227 3036 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
22:44:41.0305 3036 WinRM - ok
22:44:41.0367 3036 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:44:41.0383 3036 Wlansvc - ok
22:44:41.0430 3036 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:44:41.0430 3036 WmiAcpi - ok
22:44:41.0477 3036 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:44:41.0477 3036 wmiApSrv - ok
22:44:41.0508 3036 WMPNetworkSvc - ok
22:44:41.0555 3036 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:44:41.0555 3036 WPCSvc - ok
22:44:41.0570 3036 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:44:41.0586 3036 WPDBusEnum - ok
22:44:41.0617 3036 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:44:41.0617 3036 ws2ifsl - ok
22:44:41.0664 3036 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
22:44:41.0726 3036 wscsvc - ok
22:44:41.0726 3036 WSearch - ok
22:44:41.0820 3036 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:44:41.0898 3036 wuauserv - ok
22:44:41.0929 3036 [ C63907207B837A5C05CF6D1606AA0008 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:44:41.0945 3036 WudfPf - ok
22:44:41.0991 3036 [ D885A873D733020F8B9B9FF4B1666158 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:44:41.0991 3036 WUDFRd - ok
22:44:42.0007 3036 [ 27B9BEE5AAC00139E3A3AF5D6227A0DC ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:44:42.0007 3036 wudfsvc - ok
22:44:42.0038 3036 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:44:42.0054 3036 WwanSvc - ok
22:44:42.0069 3036 ================ Scan global ===============================
22:44:42.0085 3036 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:44:42.0116 3036 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
22:44:42.0179 3036 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
22:44:42.0210 3036 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:44:42.0241 3036 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:44:42.0257 3036 [Global] - ok
22:44:42.0257 3036 ================ Scan MBR ==================================
22:44:42.0272 3036 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:44:42.0615 3036 \Device\Harddisk0\DR0 - ok
22:44:42.0615 3036 ================ Scan VBR ==================================
22:44:42.0631 3036 [ 2B873D0DE21BA43AE0EBC4FA5EE38C42 ] \Device\Harddisk0\DR0\Partition1
22:44:42.0631 3036 \Device\Harddisk0\DR0\Partition1 - ok
22:44:42.0631 3036 [ 2E63C568CB96F1F47EFBA39290AEE5C2 ] \Device\Harddisk0\DR0\Partition2
22:44:42.0631 3036 \Device\Harddisk0\DR0\Partition2 - ok
22:44:42.0693 3036 [ BD9852B549FA49D189F41182308BB6E1 ] \Device\Harddisk0\DR0\Partition3
22:44:42.0693 3036 \Device\Harddisk0\DR0\Partition3 - ok
22:44:42.0693 3036 ============================================================
22:44:42.0693 3036 Scan finished
22:44:42.0693 3036 ============================================================
22:44:42.0709 1200 Detected object count: 0
22:44:42.0709 1200 Actual detected object count: 0

aswMBR also ran without any issues and it produced the following:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-11 22:48:39
-----------------------------
22:48:39.127 OS Version: Windows x64 6.1.7600
22:48:39.127 Number of processors: 4 586 0x2505
22:48:39.127 ComputerName: JENNA-PC UserName: Jenna
22:48:40.282 Initialize success
22:49:51.718 AVAST engine defs: 12091101
22:50:40.874 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:50:40.889 Disk 0 Vendor: ST950032 D005 Size: 476940MB BusType: 3
22:50:40.905 Disk 0 MBR read successfully
22:50:40.920 Disk 0 MBR scan
22:50:40.920 Disk 0 Windows VISTA default MBR code
22:50:40.936 Disk 0 Partition 1 00 06 FAT16 Dell 8.0 101 MB offset 63
22:50:40.952 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 208845
22:50:40.967 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461823 MB offset 30928845
22:50:40.998 Disk 0 scanning C:\Windows\system32\drivers
22:50:54.945 Service scanning
22:51:21.434 Modules scanning
22:51:21.449 Disk 0 trace - called modules:
22:51:21.465 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:51:21.465 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c52790]
22:51:21.481 3 CLASSPNP.SYS[fffff88001b5843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004985050]
22:51:22.853 AVAST engine scan C:\Windows
22:51:29.468 AVAST engine scan C:\Windows\system32
22:57:10.547 AVAST engine scan C:\Windows\system32\drivers
22:57:27.036 AVAST engine scan C:\Users\Jenna
23:03:00.534 AVAST engine scan C:\ProgramData
23:06:10.090 Scan finished successfully
23:07:01.305 Disk 0 MBR has been saved successfully to "C:\Users\Jenna\Desktop\MBR.dat"
23:07:01.446 The log file has been saved successfully to "C:\Users\Jenna\Desktop\aswMBR.txt"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:40 PM

Posted 11 September 2012 - 11:13 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.1.2
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Coupon Printer for Windows
IWantThis
Java™ 6 Update 22
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 mrprice

mrprice
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 12 September 2012 - 12:00 AM

Phew! I saw your note about the P2P items but I can't tell which programs those might be. Could you give me some guidance on which ones need to be removed or was that taken care of with the programs that were uninstalled in the above step? All scans ran without any issues and the computer seems to be running very well.

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.12.01

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Jenna :: JENNA-PC [administrator]

9/11/2012 11:45:23 PM
mbam-log-2012-09-11 (23-45-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198902
Time elapsed: 3 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Jenna\AppData\Local\Temp\~nsu.tmp\Au_.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:55:53 PM, on 9/11/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Trojan Remover\Trjscan.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Users\Jenna\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120630014144.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Jenna\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jenna\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11471 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users