PDA

View Full Version : Video playing in background but no windows open



bflat
2012-12-17, 04:03
Videos have begun playing in the background of my computer, but I have no widnows open. They will continue to play even with Internet Explorer closed completely and all applications ended in task Manager.
Below is the DDS log and the aswMBR log and attach.txt is zipped and attached. Thank you in advance for your help:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16448
Run by Brent at 19:40:13 on 2012-12-16
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.7861.4875 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d29e7c5b1ea33de7\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d29e7c5b1ea33de7\AESTSr64.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\MediaMall\MediaMallServer.exe
C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Program Files (x86)\NCH Software\Reflect\reflect.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\vssvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\Brent\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uProxyOverride = 127.0.0.1:9421;*.local;<local>
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
mURLSearchHooks: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\tbNCH.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {472F6BB8-3D5A-BC24-4155-3192C7AC8CF6} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Playtopus Games: {8EBA1B69-99D8-4135-BD43-729BA79D5CC4} - C:\Users\Brent\AppData\Local\Playtopus\Playtopus.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\tbNCH.dll
BHO: IE Developer Toolbar BHO: {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: NCH Toolbar: {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - C:\Program Files (x86)\NCH\tbNCH.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\tbNCH.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: IE Developer Toolbar: {A202B231-EF71-4A08-BDB9-4CE5AE8BDE0A} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SMSTray] C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe
mRun: [PowerDVD12DMREngine] "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe"
mRun: [PowerDVD12Agent] "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
StartupFolder: C:\Users\Brent\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Brent\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Brent\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{140C9231-7291-403D-8759-076071683FE4} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{140C9231-7291-403D-8759-076071683FE4}\2375942554130343 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{140C9231-7291-403D-8759-076071683FE4}\24271646 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{140C9231-7291-403D-8759-076071683FE4}\242756E6472E08993702960586F6E656 : DHCPNameServer = 172.26.38.1 172.26.38.2
TCP: Interfaces\{140C9231-7291-403D-8759-076071683FE4}\242756E647723702960586F6E656 : DHCPNameServer = 172.26.38.1 172.26.38.2
TCP: Interfaces\{140C9231-7291-403D-8759-076071683FE4}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1 10.0.0.2
TCP: Interfaces\{140C9231-7291-403D-8759-076071683FE4}\A7F6F6D6 : DHCPNameServer = 10.0.0.2
TCP: Interfaces\{140C9231-7291-403D-8759-076071683FE4}\C696E6B6379737 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{D1EF63B9-BCEF-4A64-B020-BB1F4913FB09} : DHCPNameServer = 172.26.38.1 172.26.38.2
TCP: Interfaces\{F0A1CA93-6B3A-41D2-8529-5B7D6C6FB0C4} : DHCPNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files (x86)\Libronix DLS\System\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files (x86)\Libronix DLS\System\ResProt.dll
Notify: GoToAssist - <no file>
Notify: igfxcui - <no file>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - <orphaned>
x64-Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Brent\AppData\Roaming\Mozilla\Firefox\Profiles\f7cr15ka.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - NCH Customized Web Search
FF - component: C:\Users\Brent\AppData\Roaming\Mozilla\Firefox\Profiles\f7cr15ka.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\components\FFExternalAlert.dll
FF - component: C:\Users\Brent\AppData\Roaming\Mozilla\Firefox\Profiles\f7cr15ka.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\components\RadioWMPCore.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Brent\Desktop\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-2 55280]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2009-12-2 173984]
R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2012/09/28 17:50:16];C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2012-7-5 147704]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d29e7c5b1ea33de7\AESTSr64.exe [2010-2-1 89600]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-9-28 90640]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-9-28 78352]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-9-28 295440]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 MediaMall Server;MediaMall Server;C:\Program Files (x86)\MediaMall\MediaMallServer.exe [2011-3-16 4077424]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-3-10 86016]
R2 ntk_PowerDVD12;ntk_PowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2012-9-28 83704]
R2 ReflectService;Reflect Customer Database;C:\Program Files (x86)\NCH Software\Reflect\reflect.exe [2010-7-2 815108]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-3-14 1153368]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-3-2 658656]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Acceler.sys [2010-2-1 23912]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-3-2 172704]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-2-1 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-1 151040]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-1 233984]
R3 O2MDGRDR;O2MDGRDR;C:\Windows\System32\drivers\o2mdgx64.sys [2010-2-1 74016]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-2-1 239616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2009-12-2 40832]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-8-2 22528]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2011-3-27 31800]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-19 1255736]
.
=============== File Associations ===============
.
.txt: <filetype is not registered>
.js: <filetype is not registered>
.
=============== Created Last 30 ================
.
2012-12-17 00:22:33 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F171B3A5-3E81-4CC4-8770-084EB600735E}\mpengine.dll
2012-12-08 21:59:30 -------- d-----w- C:\Users\Brent\AppData\Local\Playtopus
2012-12-08 21:58:55 -------- d-----w- C:\Program Files (x86)\Yahoo!
2012-11-21 01:15:53 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-11-21 01:15:03 -------- d-----w- C:\Program Files\iPod
2012-11-21 01:15:02 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-21 01:15:02 -------- d-----w- C:\Program Files\iTunes
2012-11-21 01:15:02 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M ====================
.
.
============= FINISH: 19:41:03.70 ===============


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-16 19:45:40
-----------------------------
19:45:40.863 OS Version: Windows x64 6.1.7600
19:45:40.864 Number of processors: 4 586 0x2502
19:45:40.864 ComputerName: BRENT-PC UserName: Brent
19:45:42.406 Initialize success
19:45:52.073 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:45:52.077 Disk 0 Vendor: TOSHIBA_MK3256GSY LH010D Size: 305245MB BusType: 11
19:45:52.095 Disk 0 MBR read successfully
19:45:52.099 Disk 0 MBR scan
19:45:52.102 Disk 0 Windows VISTA default MBR code
19:45:52.107 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
19:45:52.118 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
19:45:52.137 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920
19:45:52.157 Disk 0 scanning C:\Windows\system32\drivers
19:45:59.044 Service scanning
19:46:18.829 Modules scanning
19:46:18.842 Disk 0 trace - called modules:
19:46:18.851
19:46:18.858 Scan finished successfully
19:46:37.380 Disk 0 MBR has been saved successfully to "C:\Users\Brent\Desktop\MBR.dat"
19:46:37.385 The log file has been saved successfully to "C:\Users\Brent\Desktop\aswMBR.txt"

ken545
2012-12-20, 02:04
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , Right Click and select RUN AS ADMINISTATOR





Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

bflat
2012-12-20, 05:26
ComboFix log below:



ComboFix 12-12-19.02 - Brent 12/19/2012 21:13:16.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.7861.5861 [GMT -6:00]
Running from: c:\users\Brent\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Brent\AppData\Local\Playtopus\PlAYtopus.dll
c:\users\Brent\AppData\Roaming\Adobe\plugs
c:\users\Brent\AppData\Roaming\Adobe\plugs\mmc152.exe
c:\users\Brent\AppData\Roaming\Adobe\plugs\mmc230.exe
c:\users\Brent\AppData\Roaming\Adobe\plugs\mmc2438498.txt
c:\users\Brent\AppData\Roaming\Adobe\plugs\mmc2472787.txt
c:\users\Brent\AppData\Roaming\Adobe\plugs\mmc51.exe
c:\users\Brent\AppData\Roaming\Adobe\plugs\mmc66.exe
c:\users\Brent\AppData\Roaming\Adobe\shed
c:\users\Brent\AppData\Roaming\Adobe\shed\thr1.chm
c:\users\Brent\AppData\Roaming\Help\ceptr.tll
c:\users\Brent\AppData\Roaming\Help\comm.tll
c:\users\Brent\AppData\Roaming\Help\coredb\storage
c:\users\Brent\AppData\Roaming\Identities\{23E8E1F3-4B70-4269-85E4-8F8779A2DF21}\Validator.exe
c:\users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
c:\users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\System Restore.lnk
c:\users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
c:\users\Brent\g2mdlhlpx.exe
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-20 to 2012-12-20 )))))))))))))))))))))))))))))))
.
.
2012-12-20 03:18 . 2012-12-20 03:18 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-20 03:18 . 2012-12-20 03:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-20 03:10 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{218961D4-1DA9-4C48-AF5C-FC049EC5B1A6}\mpengine.dll
2012-12-17 01:38 . 2012-12-17 01:38 -------- d-----w- c:\program files (x86)\ERUNT
2012-12-08 21:59 . 2012-12-20 03:18 -------- d-----w- c:\users\Brent\AppData\Local\Playtopus
2012-12-08 21:59 . 2012-12-08 21:59 -------- d-----w- c:\program files (x86)\7-Zip
2012-12-08 21:59 . 2012-12-08 22:02 -------- d-----w- c:\programdata\Yahoo!
2012-12-08 21:58 . 2012-12-08 22:02 -------- d-----w- c:\program files (x86)\Yahoo!
2012-11-21 01:15 . 2012-08-21 19:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-11-21 01:15 . 2012-11-21 01:15 -------- d-----w- c:\program files\iPod
2012-11-21 01:15 . 2012-11-21 01:15 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-21 01:15 . 2012-11-21 01:15 -------- d-----w- c:\program files\iTunes
2012-11-21 01:15 . 2012-11-21 01:15 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-08 17:24 . 2010-03-17 17:40 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-24 18:14 . 2011-10-24 23:12 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-09-24 18:14 . 2011-03-26 23:45 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
2010-06-14 00:10 2734688 ----a-w- c:\program files (x86)\NCH\tbNCH.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c2db4fe6-8409-45ce-8010-189a7b5cce86}"= "c:\program files (x86)\NCH\tbNCH.dll" [2010-06-14 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"SMSTray"="c:\program files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
"PowerDVD12DMREngine"="c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" [2012-07-26 505872]
"PowerDVD12Agent"="c:\program files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" [2012-07-26 374560]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2010-02-11 165184]
.
c:\users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Brent\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-17 29428448]
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"wave2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MediaMall Server;MediaMall Server;c:\program files (x86)\MediaMall\MediaMallServer.exe [2011-03-16 4077424]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-10 86016]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-19 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2012/09/28 17:50];c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2012-07-05 17:07 147704]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d29e7c5b1ea33de7\AESTSr64.exe [2009-03-02 89600]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-07-26 90640]
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-07-26 78352]
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-07-26 295440]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2012-06-20 83704]
S2 ReflectService;Reflect Customer Database;c:\program files (x86)\NCH Software\Reflect\reflect.exe [2010-07-02 815108]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-03-04 658656]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-09-17 23912]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-12 151040]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-09-25 233984]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 40832]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2009-11-03 74016]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-23 00:31]
.
2012-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-23 00:31]
.
2012-12-20 c:\windows\Tasks\Playtopus Updater.job
- c:\users\Brent\AppData\Local\PLAYTO~1\Updater.dll [2012-12-08 21:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-12-14 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local;<local>
TCP: DhcpNameServer = 192.168.1.254
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\Brent\AppData\Roaming\Mozilla\Firefox\Profiles\f7cr15ka.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - NCH Customized Web Search
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{472F6BB8-3D5A-BC24-4155-3192C7AC8CF6} - (no file)
BHO-{8EBA1B69-99D8-4135-BD43-729BA79D5CC4} - c:\users\Brent\AppData\Local\Playtopus\Playtopus.dll
Toolbar-Locked - (no file)
WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{73526619-C24F-470B-9BED-53D455FBB5C6}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-19 21:21:29
ComboFix-quarantined-files.txt 2012-12-20 03:21
ComboFix2.txt 2011-10-09 22:04
.
Pre-Run: 171,919,327,232 bytes free
Post-Run: 171,967,016,960 bytes free
.
- - End Of File - - 25394272C1435E8D7DB653BAE98228B2

ken545
2012-12-20, 10:46
Good Morning,

Are the videos add related ?

Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)







Please download DeFogger (http://www.jpshortstuff.247fixes.com/Defogger.exe) to your desktop.

Double click DeFogger to run the tool.

The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.





Next:

Download the GMER Rootkit Scanner (http://www.gmer.net/gmer.zip). Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double click GMER.exe.
http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg (http://www.geekstogo.com/misc/guide_icons/GMER_instructions.jpg)
Click the image to enlarge it

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.



To re-enable your Emulation drivers, double click DeFogger to run the tool.

The application window will appear
Click the Re-enable button to re-enable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

bflat
2012-12-24, 02:53
Hello,
It's hard to tell what the videos are because I can't see them, just hear them playing. But they seem to be commercials and parts of recorded programs.

I ran the programs you requested. The last program (GMER rootkit scanner) ran successfully, but no content was generated for the "ark.txt" log. I saved the report but it was a blank document.

Below are the other logs you requested. Two posts due to the length of the reports generated.


17:35:06.0073 5860 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:35:06.0432 5860 ============================================================
17:35:06.0432 5860 Current date / time: 2012/12/23 17:35:06.0432
17:35:06.0432 5860 SystemInfo:
17:35:06.0432 5860
17:35:06.0432 5860 OS Version: 6.1.7600 ServicePack: 0.0
17:35:06.0432 5860 Product type: Workstation
17:35:06.0432 5860 ComputerName: BRENT-PC
17:35:06.0432 5860 UserName: Brent
17:35:06.0432 5860 Windows directory: C:\Windows
17:35:06.0432 5860 System windows directory: C:\Windows
17:35:06.0432 5860 Running under WOW64
17:35:06.0432 5860 Processor architecture: Intel x64
17:35:06.0432 5860 Number of processors: 4
17:35:06.0432 5860 Page size: 0x1000
17:35:06.0432 5860 Boot type: Normal boot
17:35:06.0432 5860 ============================================================
17:35:08.0756 5860 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:35:08.0756 5860 ============================================================
17:35:08.0756 5860 \Device\Harddisk0\DR0:
17:35:08.0756 5860 MBR partitions:
17:35:08.0756 5860 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
17:35:08.0756 5860 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
17:35:08.0756 5860 ============================================================
17:35:08.0772 5860 C: <-> \Device\Harddisk0\DR0\Partition2
17:35:08.0772 5860 ============================================================
17:35:08.0772 5860 Initialize success
17:35:08.0772 5860 ============================================================
17:35:15.0449 2304 ============================================================
17:35:15.0449 2304 Scan started
17:35:15.0449 2304 Mode: Manual;
17:35:15.0449 2304 ============================================================
17:35:15.0917 2304 ================ Scan system memory ========================
17:35:15.0917 2304 System memory - ok
17:35:15.0917 2304 ================ Scan services =============================
17:35:16.0104 2304 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
17:35:16.0135 2304 1394ohci - ok
17:35:16.0166 2304 [ C49C56B35BFC6CDA8D1FDCAD2885568F ] Acceler C:\Windows\system32\DRIVERS\Acceler.sys
17:35:16.0166 2304 Acceler - ok
17:35:16.0197 2304 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
17:35:16.0197 2304 ACPI - ok
17:35:16.0213 2304 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
17:35:16.0229 2304 AcpiPmi - ok
17:35:16.0291 2304 [ D44BCAF639E4E45307C2BC80715273D5 ] adfs C:\Windows\system32\drivers\adfs.sys
17:35:16.0291 2304 adfs - ok
17:35:16.0447 2304 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:35:16.0447 2304 AdobeARMservice - ok
17:35:16.0494 2304 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:35:16.0509 2304 adp94xx - ok
17:35:16.0541 2304 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:35:16.0541 2304 adpahci - ok
17:35:16.0587 2304 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:35:16.0603 2304 adpu320 - ok
17:35:16.0650 2304 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:35:16.0650 2304 AeLookupSvc - ok
17:35:16.0790 2304 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d29e7c5b1ea33de7\AESTSr64.exe
17:35:16.0853 2304 AESTFilters - ok
17:35:16.0931 2304 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
17:35:16.0962 2304 AFD - ok
17:35:16.0993 2304 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
17:35:17.0024 2304 agp440 - ok
17:35:17.0211 2304 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
17:35:17.0211 2304 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
17:35:17.0211 2304 Akamai ( HiddenFile.Multi.Generic ) - warning
17:35:17.0211 2304 Akamai - detected HiddenFile.Multi.Generic (1)
17:35:17.0258 2304 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:35:17.0289 2304 ALG - ok
17:35:17.0336 2304 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
17:35:17.0336 2304 aliide - ok
17:35:17.0367 2304 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
17:35:17.0367 2304 amdide - ok
17:35:17.0383 2304 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:35:17.0399 2304 AmdK8 - ok
17:35:17.0430 2304 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:35:17.0430 2304 AmdPPM - ok
17:35:17.0477 2304 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:35:17.0477 2304 amdsata - ok
17:35:17.0508 2304 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:35:17.0508 2304 amdsbs - ok
17:35:17.0523 2304 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:35:17.0523 2304 amdxata - ok
17:35:17.0555 2304 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
17:35:17.0570 2304 AppID - ok
17:35:17.0586 2304 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:35:17.0601 2304 AppIDSvc - ok
17:35:17.0617 2304 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
17:35:17.0633 2304 Appinfo - ok
17:35:17.0726 2304 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:35:17.0726 2304 Apple Mobile Device - ok
17:35:17.0789 2304 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:35:17.0789 2304 arc - ok
17:35:17.0804 2304 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:35:17.0804 2304 arcsas - ok
17:35:17.0945 2304 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:35:17.0945 2304 aspnet_state - ok
17:35:17.0960 2304 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:35:17.0976 2304 AsyncMac - ok
17:35:18.0007 2304 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
17:35:18.0007 2304 atapi - ok
17:35:18.0069 2304 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:35:18.0101 2304 AudioEndpointBuilder - ok
17:35:18.0116 2304 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:35:18.0116 2304 AudioSrv - ok
17:35:18.0147 2304 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:35:18.0163 2304 AxInstSV - ok
17:35:18.0225 2304 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:35:18.0241 2304 b06bdrv - ok
17:35:18.0288 2304 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:35:18.0303 2304 b57nd60a - ok
17:35:18.0350 2304 [ E001DD475A7C27EBE5A0DB45C11BAD71 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
17:35:18.0350 2304 BCM42RLY - ok
17:35:18.0444 2304 [ 37394D3553E220FB732C21E217E1BD8B ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
17:35:18.0459 2304 BCM43XX - ok
17:35:18.0506 2304 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:35:18.0553 2304 BDESVC - ok
17:35:18.0615 2304 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:35:18.0631 2304 Beep - ok
17:35:18.0678 2304 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
17:35:18.0725 2304 BFE - ok
17:35:18.0771 2304 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
17:35:18.0818 2304 BITS - ok
17:35:18.0834 2304 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:35:18.0849 2304 blbdrive - ok
17:35:18.0943 2304 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:35:18.0959 2304 Bonjour Service - ok
17:35:19.0005 2304 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:35:19.0021 2304 bowser - ok
17:35:19.0052 2304 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:35:19.0068 2304 BrFiltLo - ok
17:35:19.0083 2304 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:35:19.0099 2304 BrFiltUp - ok
17:35:19.0146 2304 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:35:19.0161 2304 BridgeMP - ok
17:35:19.0208 2304 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
17:35:19.0239 2304 Browser - ok
17:35:19.0271 2304 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\system32\DRIVERS\BrSerId.sys
17:35:19.0271 2304 Brserid - ok
17:35:19.0286 2304 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:35:19.0302 2304 BrSerWdm - ok
17:35:19.0317 2304 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:35:19.0333 2304 BrUsbMdm - ok
17:35:19.0333 2304 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\DRIVERS\BrUsbSer.sys
17:35:19.0349 2304 BrUsbSer - ok
17:35:19.0364 2304 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:35:19.0380 2304 BTHMODEM - ok
17:35:19.0411 2304 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:35:19.0442 2304 bthserv - ok
17:35:19.0442 2304 catchme - ok
17:35:19.0473 2304 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:35:19.0473 2304 cdfs - ok
17:35:19.0505 2304 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:35:19.0520 2304 cdrom - ok
17:35:19.0536 2304 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
17:35:19.0567 2304 CertPropSvc - ok
17:35:19.0583 2304 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:35:19.0598 2304 circlass - ok
17:35:19.0614 2304 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:35:19.0629 2304 CLFS - ok
17:35:19.0817 2304 [ EC6B664082E04D9007513C7090110B0E ] CLHNServiceForPowerDVD12 C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
17:35:19.0817 2304 CLHNServiceForPowerDVD12 - ok
17:35:19.0895 2304 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:35:19.0910 2304 clr_optimization_v2.0.50727_32 - ok
17:35:19.0957 2304 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:35:19.0957 2304 clr_optimization_v2.0.50727_64 - ok
17:35:20.0051 2304 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:35:20.0051 2304 clr_optimization_v4.0.30319_32 - ok
17:35:20.0066 2304 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:35:20.0066 2304 clr_optimization_v4.0.30319_64 - ok
17:35:20.0097 2304 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:35:20.0113 2304 CmBatt - ok
17:35:20.0144 2304 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
17:35:20.0144 2304 cmdide - ok
17:35:20.0207 2304 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
17:35:20.0222 2304 CNG - ok
17:35:20.0238 2304 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:35:20.0238 2304 Compbatt - ok
17:35:20.0253 2304 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
17:35:20.0269 2304 CompositeBus - ok
17:35:20.0285 2304 COMSysApp - ok
17:35:20.0300 2304 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:35:20.0300 2304 crcdisk - ok
17:35:20.0363 2304 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:35:20.0394 2304 CryptSvc - ok
17:35:20.0456 2304 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
17:35:20.0472 2304 CtClsFlt - ok
17:35:20.0534 2304 [ 9519CB1BEF593A29EB8C8BE0E7E9D7CF ] CyberLink PowerDVD 12 Media Server Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
17:35:20.0534 2304 CyberLink PowerDVD 12 Media Server Monitor Service - ok
17:35:20.0581 2304 [ 8570A9460AAD8C1A0E53CC6D71BF51D0 ] CyberLink PowerDVD 12 Media Server Service C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
17:35:20.0581 2304 CyberLink PowerDVD 12 Media Server Service - ok
17:35:20.0628 2304 [ 1CA90212A99DB6975C344826D11055C9 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
17:35:20.0628 2304 dc3d - ok
17:35:20.0675 2304 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:35:20.0690 2304 DcomLaunch - ok
17:35:20.0721 2304 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:35:20.0768 2304 defragsvc - ok
17:35:20.0815 2304 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:35:20.0831 2304 DfsC - ok
17:35:20.0846 2304 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
17:35:20.0877 2304 Dhcp - ok
17:35:20.0924 2304 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:35:20.0940 2304 discache - ok
17:35:21.0002 2304 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:35:21.0002 2304 Disk - ok
17:35:21.0049 2304 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:35:21.0049 2304 Dnscache - ok
17:35:21.0127 2304 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
17:35:21.0127 2304 DockLoginService - ok
17:35:21.0158 2304 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
17:35:21.0205 2304 dot3svc - ok
17:35:21.0221 2304 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
17:35:21.0221 2304 DPS - ok
17:35:21.0267 2304 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:35:21.0283 2304 drmkaud - ok
17:35:21.0330 2304 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:35:21.0345 2304 DXGKrnl - ok
17:35:21.0392 2304 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:35:21.0423 2304 EapHost - ok
17:35:21.0517 2304 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:35:21.0564 2304 ebdrv - ok
17:35:21.0611 2304 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
17:35:21.0642 2304 EFS - ok
17:35:21.0735 2304 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:35:21.0782 2304 ehRecvr - ok
17:35:21.0829 2304 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:35:21.0860 2304 ehSched - ok
17:35:21.0891 2304 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:35:21.0907 2304 elxstor - ok
17:35:21.0923 2304 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
17:35:21.0938 2304 ErrDev - ok
17:35:21.0985 2304 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:35:22.0032 2304 EventSystem - ok
17:35:22.0063 2304 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:35:22.0079 2304 exfat - ok
17:35:22.0110 2304 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:35:22.0125 2304 fastfat - ok
17:35:22.0157 2304 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
17:35:22.0235 2304 Fax - ok
17:35:22.0266 2304 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:35:22.0281 2304 fdc - ok
17:35:22.0297 2304 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:35:22.0313 2304 fdPHost - ok
17:35:22.0328 2304 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:35:22.0344 2304 FDResPub - ok
17:35:22.0359 2304 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:35:22.0359 2304 FileInfo - ok
17:35:22.0375 2304 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:35:22.0391 2304 Filetrace - ok
17:35:22.0469 2304 [ D60EF46DC0E757FE5EB579DB95B88954 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:35:22.0484 2304 FLEXnet Licensing Service - ok
17:35:22.0500 2304 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:35:22.0515 2304 flpydisk - ok
17:35:22.0547 2304 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:35:22.0547 2304 FltMgr - ok
17:35:22.0640 2304 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
17:35:22.0687 2304 FontCache - ok
17:35:22.0765 2304 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:35:22.0765 2304 FontCache3.0.0.0 - ok
17:35:22.0796 2304 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:35:22.0796 2304 FsDepends - ok
17:35:22.0827 2304 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:35:22.0827 2304 Fs_Rec - ok
17:35:22.0890 2304 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:35:22.0890 2304 fvevol - ok
17:35:22.0937 2304 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:35:22.0937 2304 gagp30kx - ok
17:35:22.0983 2304 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:35:22.0983 2304 GEARAspiWDM - ok
17:35:23.0030 2304 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
17:35:23.0030 2304 GoToAssist - ok
17:35:23.0093 2304 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
17:35:23.0139 2304 gpsvc - ok
17:35:23.0186 2304 [ 2ED7FF3E1ADA4092632393781518B3A7 ] grmnusb C:\Windows\system32\drivers\grmnusb.sys
17:35:23.0186 2304 grmnusb - ok
17:35:23.0280 2304 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:35:23.0295 2304 gupdate - ok
17:35:23.0327 2304 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:35:23.0342 2304 gupdatem - ok
17:35:23.0420 2304 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:35:23.0420 2304 gusvc - ok
17:35:23.0451 2304 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:35:23.0467 2304 hcw85cir - ok
17:35:23.0498 2304 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:35:23.0514 2304 HDAudBus - ok
17:35:23.0561 2304 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
17:35:23.0561 2304 HECIx64 - ok
17:35:23.0576 2304 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:35:23.0592 2304 HidBatt - ok
17:35:23.0592 2304 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:35:23.0607 2304 HidBth - ok
17:35:23.0639 2304 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:35:23.0654 2304 HidIr - ok
17:35:23.0685 2304 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
17:35:23.0717 2304 hidserv - ok
17:35:23.0748 2304 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:35:23.0763 2304 HidUsb - ok
17:35:23.0810 2304 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:35:23.0841 2304 hkmsvc - ok
17:35:23.0857 2304 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:35:23.0873 2304 HomeGroupListener - ok
17:35:23.0919 2304 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:35:23.0951 2304 HomeGroupProvider - ok
17:35:23.0982 2304 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
17:35:23.0982 2304 HpSAMD - ok
17:35:24.0029 2304 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:35:24.0060 2304 HTTP - ok
17:35:24.0075 2304 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:35:24.0075 2304 hwpolicy - ok
17:35:24.0138 2304 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:35:24.0169 2304 i8042prt - ok
17:35:24.0200 2304 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:35:24.0200 2304 iaStorV - ok
17:35:24.0263 2304 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:35:24.0278 2304 idsvc - ok
17:35:24.0497 2304 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
17:35:24.0731 2304 igfx - ok
17:35:24.0777 2304 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:35:24.0777 2304 iirsp - ok
17:35:24.0824 2304 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
17:35:24.0871 2304 IKEEXT - ok
17:35:24.0918 2304 [ 4FF8A2082D78255D2EB169F986BCC981 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
17:35:24.0949 2304 Impcd - ok
17:35:24.0996 2304 [ 49072EDBC5C2F964917D1B585C90ED0A ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
17:35:25.0027 2304 IntcDAud - ok
17:35:25.0058 2304 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
17:35:25.0058 2304 intelide - ok
17:35:25.0089 2304 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:35:25.0105 2304 intelppm - ok
17:35:25.0121 2304 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:35:25.0136 2304 IPBusEnum - ok
17:35:25.0167 2304 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:35:25.0167 2304 IpFilterDriver - ok
17:35:25.0199 2304 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:35:25.0261 2304 iphlpsvc - ok
17:35:25.0277 2304 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:35:25.0277 2304 IPMIDRV - ok
17:35:25.0308 2304 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:35:25.0355 2304 IPNAT - ok
17:35:25.0417 2304 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:35:25.0433 2304 iPod Service - ok
17:35:25.0464 2304 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:35:25.0464 2304 IRENUM - ok
17:35:25.0479 2304 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
17:35:25.0495 2304 isapnp - ok
17:35:25.0511 2304 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:35:25.0511 2304 iScsiPrt - ok
17:35:25.0542 2304 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:35:25.0542 2304 kbdclass - ok
17:35:25.0557 2304 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:35:25.0573 2304 kbdhid - ok
17:35:25.0604 2304 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
17:35:25.0604 2304 KeyIso - ok
17:35:25.0635 2304 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:35:25.0635 2304 KSecDD - ok
17:35:25.0651 2304 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:35:25.0651 2304 KSecPkg - ok
17:35:25.0682 2304 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:35:25.0698 2304 ksthunk - ok
17:35:25.0745 2304 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:35:25.0776 2304 KtmRm - ok
17:35:25.0823 2304 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:35:25.0869 2304 LanmanServer - ok
17:35:25.0901 2304 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:35:25.0932 2304 LanmanWorkstation - ok
17:35:25.0963 2304 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:35:25.0979 2304 lltdio - ok
17:35:26.0025 2304 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:35:26.0041 2304 lltdsvc - ok
17:35:26.0057 2304 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:35:26.0072 2304 lmhosts - ok
17:35:26.0103 2304 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:35:26.0103 2304 LSI_FC - ok
17:35:26.0135 2304 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:35:26.0135 2304 LSI_SAS - ok
17:35:26.0150 2304 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:35:26.0150 2304 LSI_SAS2 - ok
17:35:26.0181 2304 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:35:26.0181 2304 LSI_SCSI - ok
17:35:26.0197 2304 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:35:26.0213 2304 luafv - ok
17:35:26.0322 2304 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
17:35:26.0322 2304 McComponentHostService - ok
17:35:26.0369 2304 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:35:26.0400 2304 Mcx2Svc - ok
17:35:26.0556 2304 [ B98C68EA98EBD13EF1105ABC54E15B20 ] MediaMall Server C:\Program Files (x86)\MediaMall\MediaMallServer.exe
17:35:26.0634 2304 MediaMall Server - ok
17:35:26.0665 2304 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:35:26.0665 2304 megasas - ok
17:35:26.0696 2304 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:35:26.0712 2304 MegaSR - ok
17:35:26.0837 2304 [ 0AF89452A8CE3928168F4E5B2208C68B ] mi-raysat_3dsmax2011_32 C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
17:35:26.0883 2304 mi-raysat_3dsmax2011_32 - ok
17:35:26.0961 2304 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
17:35:26.0961 2304 Microsoft Office Groove Audit Service - ok
17:35:27.0008 2304 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:35:27.0008 2304 MMCSS - ok
17:35:27.0024 2304 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:35:27.0039 2304 Modem - ok
17:35:27.0071 2304 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:35:27.0086 2304 monitor - ok
17:35:27.0102 2304 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:35:27.0102 2304 mouclass - ok
17:35:27.0149 2304 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:35:27.0164 2304 mouhid - ok
17:35:27.0180 2304 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:35:27.0180 2304 mountmgr - ok
17:35:27.0227 2304 [ C4D8C3031C7CD5884CA856B15307E997 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
17:35:27.0242 2304 MpFilter - ok
17:35:27.0258 2304 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
17:35:27.0258 2304 mpio - ok
17:35:27.0273 2304 [ A768F58C55D3F303E686A7646348AEC3 ] MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys
17:35:27.0273 2304 MpNWMon - ok
17:35:27.0289 2304 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:35:27.0305 2304 mpsdrv - ok
17:35:27.0336 2304 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:35:27.0351 2304 MpsSvc - ok
17:35:27.0351 2304 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:35:27.0367 2304 MRxDAV - ok
17:35:27.0414 2304 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:35:27.0429 2304 mrxsmb - ok
17:35:27.0476 2304 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:35:27.0492 2304 mrxsmb10 - ok
17:35:27.0507 2304 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:35:27.0523 2304 mrxsmb20 - ok
17:35:27.0570 2304 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
17:35:27.0570 2304 msahci - ok
17:35:27.0601 2304 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
17:35:27.0601 2304 msdsm - ok
17:35:27.0617 2304 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:35:27.0663 2304 MSDTC - ok
17:35:27.0679 2304 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:35:27.0679 2304 Msfs - ok
17:35:27.0695 2304 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:35:27.0710 2304 mshidkmdf - ok
17:35:27.0710 2304 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
17:35:27.0726 2304 msisadrv - ok
17:35:27.0757 2304 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:35:27.0788 2304 MSiSCSI - ok
17:35:27.0788 2304 msiserver - ok
17:35:27.0819 2304 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV

bflat
2012-12-24, 02:54
C:\Windows\system32\drivers\MSKSSRV.sys
17:35:27.0835 2304 MSKSSRV - ok
17:35:27.0882 2304 [ 2275C89D8B702C1EF05D6966139C3865 ] MsMpSvc c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
17:35:27.0897 2304 MsMpSvc - ok
17:35:27.0897 2304 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:35:27.0913 2304 MSPCLOCK - ok
17:35:27.0929 2304 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:35:27.0944 2304 MSPQM - ok
17:35:27.0960 2304 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:35:27.0960 2304 MsRPC - ok
17:35:27.0975 2304 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:35:27.0975 2304 mssmbios - ok
17:35:27.0991 2304 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:35:28.0007 2304 MSTEE - ok
17:35:28.0053 2304 [ C83829C280F0207677B7AAA151EF9C4D ] msvad_simple C:\Windows\system32\drivers\povrtdev.sys
17:35:28.0053 2304 msvad_simple - ok
17:35:28.0085 2304 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:35:28.0100 2304 MTConfig - ok
17:35:28.0116 2304 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:35:28.0131 2304 Mup - ok
17:35:28.0178 2304 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
17:35:28.0178 2304 napagent - ok
17:35:28.0209 2304 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:35:28.0241 2304 NativeWifiP - ok
17:35:28.0272 2304 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
17:35:28.0287 2304 NDIS - ok
17:35:28.0303 2304 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:35:28.0319 2304 NdisCap - ok
17:35:28.0350 2304 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:35:28.0365 2304 NdisTapi - ok
17:35:28.0381 2304 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:35:28.0397 2304 Ndisuio - ok
17:35:28.0412 2304 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:35:28.0428 2304 NdisWan - ok
17:35:28.0428 2304 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:35:28.0443 2304 NDProxy - ok
17:35:28.0506 2304 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
17:35:28.0521 2304 Netaapl - ok
17:35:28.0537 2304 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:35:28.0553 2304 NetBIOS - ok
17:35:28.0599 2304 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:35:28.0615 2304 NetBT - ok
17:35:28.0646 2304 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
17:35:28.0646 2304 Netlogon - ok
17:35:28.0693 2304 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:35:28.0709 2304 Netman - ok
17:35:28.0755 2304 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:35:28.0755 2304 NetMsmqActivator - ok
17:35:28.0771 2304 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:35:28.0771 2304 NetPipeActivator - ok
17:35:28.0802 2304 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:35:28.0802 2304 netprofm - ok
17:35:28.0818 2304 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:35:28.0818 2304 NetTcpActivator - ok
17:35:28.0818 2304 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:35:28.0818 2304 NetTcpPortSharing - ok
17:35:28.0849 2304 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:35:28.0849 2304 nfrd960 - ok
17:35:28.0865 2304 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:35:28.0896 2304 NlaSvc - ok
17:35:28.0911 2304 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:35:28.0927 2304 Npfs - ok
17:35:28.0958 2304 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:35:28.0989 2304 nsi - ok
17:35:29.0005 2304 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:35:29.0021 2304 nsiproxy - ok
17:35:29.0083 2304 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:35:29.0099 2304 Ntfs - ok
17:35:29.0223 2304 [ A773AA47341A1FD16C6A9BA3C11D7DAA ] ntk_PowerDVD12 C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys
17:35:29.0223 2304 ntk_PowerDVD12 - ok
17:35:29.0255 2304 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:35:29.0270 2304 Null - ok
17:35:29.0317 2304 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:35:29.0317 2304 nvraid - ok
17:35:29.0333 2304 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:35:29.0348 2304 nvstor - ok
17:35:29.0379 2304 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
17:35:29.0379 2304 nv_agp - ok
17:35:29.0426 2304 [ D955D5DE998DB2476BF0892BE3A96C26 ] O2FLASH C:\Windows\system32\DRIVERS\o2flash.exe
17:35:29.0473 2304 O2FLASH - ok
17:35:29.0489 2304 [ A3C51527DFD788880C2ECE6E9FB68355 ] O2MDGRDR C:\Windows\system32\DRIVERS\o2mdgx64.sys
17:35:29.0489 2304 O2MDGRDR - ok
17:35:29.0582 2304 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:35:29.0582 2304 odserv - ok
17:35:29.0613 2304 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
17:35:29.0629 2304 ohci1394 - ok
17:35:29.0676 2304 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:35:29.0691 2304 ose - ok
17:35:29.0738 2304 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:35:29.0769 2304 p2pimsvc - ok
17:35:29.0801 2304 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:35:29.0816 2304 p2psvc - ok
17:35:29.0863 2304 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:35:29.0879 2304 Parport - ok
17:35:29.0910 2304 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:35:29.0925 2304 partmgr - ok
17:35:29.0941 2304 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:35:29.0972 2304 PcaSvc - ok
17:35:30.0019 2304 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
17:35:30.0019 2304 pci - ok
17:35:30.0035 2304 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
17:35:30.0035 2304 pciide - ok
17:35:30.0066 2304 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:35:30.0066 2304 pcmcia - ok
17:35:30.0081 2304 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:35:30.0081 2304 pcw - ok
17:35:30.0113 2304 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:35:30.0128 2304 PEAUTH - ok
17:35:30.0237 2304 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:35:30.0253 2304 PerfHost - ok
17:35:30.0315 2304 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
17:35:30.0378 2304 pla - ok
17:35:30.0425 2304 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:35:30.0456 2304 PlugPlay - ok
17:35:30.0471 2304 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:35:30.0503 2304 PNRPAutoReg - ok
17:35:30.0518 2304 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:35:30.0518 2304 PNRPsvc - ok
17:35:30.0581 2304 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
17:35:30.0581 2304 Point64 - ok
17:35:30.0627 2304 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:35:30.0659 2304 PolicyAgent - ok
17:35:30.0705 2304 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:35:30.0737 2304 Power - ok
17:35:30.0799 2304 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:35:30.0815 2304 PptpMiniport - ok
17:35:30.0830 2304 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:35:30.0846 2304 Processor - ok
17:35:30.0893 2304 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
17:35:30.0924 2304 ProfSvc - ok
17:35:30.0939 2304 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:35:30.0939 2304 ProtectedStorage - ok
17:35:30.0971 2304 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:35:30.0986 2304 Psched - ok
17:35:31.0033 2304 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
17:35:31.0049 2304 PxHlpa64 - ok
17:35:31.0095 2304 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:35:31.0127 2304 ql2300 - ok
17:35:31.0142 2304 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:35:31.0142 2304 ql40xx - ok
17:35:31.0189 2304 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:35:31.0220 2304 QWAVE - ok
17:35:31.0236 2304 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:35:31.0251 2304 QWAVEdrv - ok
17:35:31.0267 2304 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:35:31.0267 2304 RasAcd - ok
17:35:31.0329 2304 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:35:31.0345 2304 RasAgileVpn - ok
17:35:31.0361 2304 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:35:31.0392 2304 RasAuto - ok
17:35:31.0407 2304 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:35:31.0407 2304 Rasl2tp - ok
17:35:31.0439 2304 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
17:35:31.0485 2304 RasMan - ok
17:35:31.0501 2304 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:35:31.0501 2304 RasPppoe - ok
17:35:31.0517 2304 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:35:31.0532 2304 RasSstp - ok
17:35:31.0579 2304 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:35:31.0610 2304 rdbss - ok
17:35:31.0626 2304 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:35:31.0641 2304 rdpbus - ok
17:35:31.0673 2304 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:35:31.0673 2304 RDPCDD - ok
17:35:31.0688 2304 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:35:31.0704 2304 RDPENCDD - ok
17:35:31.0704 2304 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:35:31.0719 2304 RDPREFMP - ok
17:35:31.0766 2304 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:35:31.0782 2304 RDPWD - ok
17:35:31.0797 2304 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:35:31.0797 2304 rdyboost - ok
17:35:31.0891 2304 [ 1A21A00CE437766B0E55F74D3C87BE17 ] ReflectService C:\Program Files (x86)\NCH Software\Reflect\reflect.exe
17:35:32.0265 2304 ReflectService - ok
17:35:32.0328 2304 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:35:32.0359 2304 RemoteAccess - ok
17:35:32.0406 2304 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:35:32.0437 2304 RemoteRegistry - ok
17:35:32.0484 2304 [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
17:35:32.0499 2304 Revoflt - ok
17:35:32.0515 2304 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:35:32.0546 2304 RpcEptMapper - ok
17:35:32.0577 2304 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:35:32.0593 2304 RpcLocator - ok
17:35:32.0624 2304 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
17:35:32.0624 2304 RpcSs - ok
17:35:32.0671 2304 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:35:32.0687 2304 rspndr - ok
17:35:32.0733 2304 [ 3B01789EE4EAEE97F5EB46B711387D5E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
17:35:32.0749 2304 RTL8167 - ok
17:35:32.0780 2304 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
17:35:32.0780 2304 SamSs - ok
17:35:32.0796 2304 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
17:35:32.0796 2304 sbp2port - ok
17:35:32.0905 2304 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
17:35:32.0921 2304 SBSDWSCService - ok
17:35:32.0952 2304 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:35:32.0999 2304 SCardSvr - ok
17:35:33.0014 2304 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:35:33.0014 2304 scfilter - ok
17:35:33.0077 2304 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
17:35:33.0139 2304 Schedule - ok
17:35:33.0186 2304 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:35:33.0186 2304 SCPolicySvc - ok
17:35:33.0233 2304 [ 4E54822ED2350EB1F31F95F0FD674EF3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
17:35:33.0248 2304 sdbus - ok
17:35:33.0264 2304 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:35:33.0311 2304 SDRSVC - ok
17:35:33.0357 2304 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:35:33.0373 2304 secdrv - ok
17:35:33.0373 2304 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
17:35:33.0404 2304 seclogon - ok
17:35:33.0404 2304 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
17:35:33.0420 2304 SENS - ok
17:35:33.0435 2304 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:35:33.0451 2304 SensrSvc - ok
17:35:33.0467 2304 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:35:33.0467 2304 Serenum - ok
17:35:33.0513 2304 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:35:33.0529 2304 Serial - ok
17:35:33.0560 2304 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:35:33.0576 2304 sermouse - ok
17:35:33.0623 2304 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
17:35:33.0669 2304 SessionEnv - ok
17:35:33.0685 2304 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
17:35:33.0685 2304 sffdisk - ok
17:35:33.0716 2304 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:35:33.0716 2304 sffp_mmc - ok
17:35:33.0732 2304 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
17:35:33.0747 2304 sffp_sd - ok
17:35:33.0747 2304 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:35:33.0747 2304 sfloppy - ok
17:35:33.0841 2304 [ 21D48D7C9BDEF13AF16FDCBC5719FC3B ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
17:35:33.0935 2304 SftService - ok
17:35:33.0981 2304 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:35:34.0028 2304 SharedAccess - ok
17:35:34.0044 2304 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:35:34.0059 2304 ShellHWDetection - ok
17:35:34.0091 2304 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:35:34.0091 2304 SiSRaid2 - ok
17:35:34.0122 2304 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:35:34.0122 2304 SiSRaid4 - ok
17:35:34.0137 2304 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:35:34.0169 2304 Smb - ok
17:35:34.0184 2304 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:35:34.0215 2304 SNMPTRAP - ok
17:35:34.0231 2304 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:35:34.0231 2304 spldr - ok
17:35:34.0278 2304 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
17:35:34.0325 2304 Spooler - ok
17:35:34.0418 2304 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
17:35:34.0621 2304 sppsvc - ok
17:35:34.0637 2304 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:35:34.0668 2304 sppuinotify - ok
17:35:34.0730 2304 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
17:35:34.0730 2304 sprtsvc_DellSupportCenter - ok
17:35:34.0777 2304 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:35:34.0808 2304 srv - ok
17:35:34.0824 2304 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:35:34.0839 2304 srv2 - ok
17:35:34.0855 2304 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:35:34.0871 2304 srvnet - ok
17:35:34.0917 2304 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:35:34.0949 2304 SSDPSRV - ok
17:35:34.0964 2304 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:35:34.0980 2304 SstpSvc - ok
17:35:35.0120 2304 [ 7AA12DB4BB2CB414C3525E1C02DA911F ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d29e7c5b1ea33de7\STacSV64.exe
17:35:35.0183 2304 STacSV - ok
17:35:35.0214 2304 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:35:35.0214 2304 stexstor - ok
17:35:35.0261 2304 [ 2D7C3CA0FDB0F438671C89FA1804674F ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
17:35:35.0292 2304 STHDA - ok
17:35:35.0339 2304 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
17:35:35.0385 2304 stisvc - ok
17:35:35.0401 2304 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:35:35.0401 2304 swenum - ok
17:35:35.0417 2304 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:35:35.0463 2304 swprv - ok
17:35:35.0495 2304 [ 8A3FBCB3D6D4710730D27DA4392A4863 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
17:35:35.0510 2304 SynTP - ok
17:35:35.0588 2304 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
17:35:35.0666 2304 SysMain - ok
17:35:35.0682 2304 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:35:35.0713 2304 TabletInputService - ok
17:35:35.0729 2304 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
17:35:35.0744 2304 TapiSrv - ok
17:35:35.0760 2304 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:35:35.0791 2304 TBS - ok
17:35:35.0869 2304 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:35:35.0900 2304 Tcpip - ok
17:35:35.0931 2304 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:35:35.0931 2304 TCPIP6 - ok
17:35:35.0978 2304 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:35:35.0994 2304 tcpipreg - ok
17:35:36.0025 2304 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:35:36.0025 2304 TDPIPE - ok
17:35:36.0056 2304 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:35:36.0072 2304 TDTCP - ok
17:35:36.0103 2304 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:35:36.0119 2304 tdx - ok
17:35:36.0134 2304 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:35:36.0134 2304 TermDD - ok
17:35:36.0197 2304 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
17:35:36.0259 2304 TermService - ok
17:35:36.0275 2304 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:35:36.0290 2304 Themes - ok
17:35:36.0321 2304 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:35:36.0321 2304 THREADORDER - ok
17:35:36.0353 2304 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:35:36.0384 2304 TrkWks - ok
17:35:36.0462 2304 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:35:36.0493 2304 TrustedInstaller - ok
17:35:36.0509 2304 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:35:36.0524 2304 tssecsrv - ok
17:35:36.0571 2304 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:35:36.0602 2304 tunnel - ok
17:35:36.0618 2304 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:35:36.0618 2304 uagp35 - ok
17:35:36.0633 2304 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:35:36.0665 2304 udfs - ok
17:35:36.0680 2304 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:35:36.0711 2304 UI0Detect - ok
17:35:36.0727 2304 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
17:35:36.0727 2304 uliagpkx - ok
17:35:36.0758 2304 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:35:36.0774 2304 umbus - ok
17:35:36.0789 2304 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:35:36.0789 2304 UmPass - ok
17:35:36.0836 2304 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:35:36.0867 2304 upnphost - ok
17:35:36.0899 2304 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:35:36.0914 2304 USBAAPL64 - ok
17:35:36.0961 2304 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:35:36.0977 2304 usbccgp - ok
17:35:36.0992 2304 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
17:35:37.0008 2304 usbcir - ok
17:35:37.0023 2304 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\drivers\usbehci.sys
17:35:37.0023 2304 usbehci - ok
17:35:37.0039 2304 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:35:37.0086 2304 usbhub - ok
17:35:37.0117 2304 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:35:37.0133 2304 usbohci - ok
17:35:37.0179 2304 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:35:37.0195 2304 usbprint - ok
17:35:37.0226 2304 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:35:37.0257 2304 usbscan - ok
17:35:37.0289 2304 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:35:37.0304 2304 USBSTOR - ok
17:35:37.0320 2304 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:35:37.0335 2304 usbuhci - ok
17:35:37.0382 2304 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
17:35:37.0413 2304 usbvideo - ok
17:35:37.0445 2304 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:35:37.0476 2304 UxSms - ok
17:35:37.0491 2304 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
17:35:37.0491 2304 VaultSvc - ok
17:35:37.0507 2304 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
17:35:37.0507 2304 vdrvroot - ok
17:35:37.0538 2304 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
17:35:37.0569 2304 vds - ok
17:35:37.0585 2304 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:35:37.0601 2304 vga - ok
17:35:37.0616 2304 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:35:37.0632 2304 VgaSave - ok
17:35:37.0647 2304 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
17:35:37.0647 2304 vhdmp - ok
17:35:37.0663 2304 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
17:35:37.0663 2304 viaide - ok
17:35:37.0679 2304 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
17:35:37.0679 2304 volmgr - ok
17:35:37.0710 2304 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:35:37.0725 2304 volmgrx - ok
17:35:37.0741 2304 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
17:35:37.0741 2304 volsnap - ok
17:35:37.0757 2304 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:35:37.0772 2304 vsmraid - ok
17:35:37.0803 2304 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
17:35:37.0866 2304 VSS - ok
17:35:37.0881 2304 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:35:37.0913 2304 vwifibus - ok
17:35:37.0928 2304 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:35:37.0944 2304 vwififlt - ok
17:35:37.0991 2304 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:35:38.0022 2304 W32Time - ok
17:35:38.0037 2304 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:35:38.0037 2304 WacomPen - ok
17:35:38.0069 2304 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:35:38.0084 2304 WANARP - ok
17:35:38.0100 2304 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:35:38.0100 2304 Wanarpv6 - ok
17:35:38.0162 2304 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:35:38.0178 2304 WatAdminSvc - ok
17:35:38.0225 2304 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
17:35:38.0318 2304 wbengine - ok
17:35:38.0349 2304 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:35:38.0365 2304 WbioSrvc - ok
17:35:38.0412 2304 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:35:38.0443 2304 wcncsvc - ok
17:35:38.0459 2304 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:35:38.0474 2304 WcsPlugInService - ok
17:35:38.0521 2304 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:35:38.0521 2304 Wd - ok
17:35:38.0552 2304 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:35:38.0568 2304 Wdf01000 - ok
17:35:38.0583 2304 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:35:38.0599 2304 WdiServiceHost - ok
17:35:38.0599 2304 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:35:38.0615 2304 WdiSystemHost - ok
17:35:38.0646 2304 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
17:35:38.0677 2304 WebClient - ok
17:35:38.0724 2304 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:35:38.0755 2304 Wecsvc - ok
17:35:38.0771 2304 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:35:38.0786 2304 wercplsupport - ok
17:35:38.0817 2304 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:35:38.0833 2304 WerSvc - ok
17:35:38.0849 2304 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:35:38.0864 2304 WfpLwf - ok
17:35:38.0911 2304 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
17:35:38.0911 2304 WimFltr - ok
17:35:38.0927 2304 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:35:38.0927 2304 WIMMount - ok
17:35:38.0958 2304 WinDefend - ok
17:35:38.0958 2304 WinHttpAutoProxySvc - ok
17:35:39.0036 2304 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:35:39.0083 2304 Winmgmt - ok
17:35:39.0129 2304 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
17:35:39.0207 2304 WinRM - ok
17:35:39.0254 2304 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:35:39.0270 2304 WinUsb - ok
17:35:39.0317 2304 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:35:39.0332 2304 Wlansvc - ok
17:35:39.0410 2304 [ 13B0A570E1AE451C92DA550085D72CF3 ] wltrysvc C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
17:35:39.0441 2304 wltrysvc - ok
17:35:39.0441 2304 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:35:39.0457 2304 WmiAcpi - ok
17:35:39.0473 2304 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:35:39.0488 2304 wmiApSrv - ok
17:35:39.0519 2304 WMPNetworkSvc - ok
17:35:39.0519 2304 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:35:39.0535 2304 WPCSvc - ok
17:35:39.0551 2304 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:35:39.0566 2304 WPDBusEnum - ok
17:35:39.0597 2304 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:35:39.0613 2304 ws2ifsl - ok
17:35:39.0660 2304 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
17:35:39.0691 2304 wscsvc - ok
17:35:39.0691 2304 WSearch - ok
17:35:39.0785 2304 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:35:39.0816 2304 wuauserv - ok
17:35:39.0831 2304 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:35:39.0847 2304 WudfPf - ok
17:35:39.0878 2304 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:35:39.0894 2304 WUDFRd - ok
17:35:39.0925 2304 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:35:39.0941 2304 wudfsvc - ok
17:35:39.0972 2304 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:35:39.0987 2304 WwanSvc - ok
17:35:40.0190 2304 [ 6F610F00DC6B4489811EDCBC76D3EBA6 ] {73526619-C24F-470B-9BED-53D455FBB5C6} C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl
17:35:40.0190 2304 {73526619-C24F-470B-9BED-53D455FBB5C6} - ok
17:35:40.0206 2304 ================ Scan global ===============================
17:35:40.0237 2304 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:35:40.0299 2304 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
17:35:40.0346 2304 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
17:35:40.0377 2304 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:35:40.0440 2304 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:35:40.0455 2304 [Global] - ok
17:35:40.0455 2304 ================ Scan MBR ==================================
17:35:40.0471 2304 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
17:35:40.0752 2304 \Device\Harddisk0\DR0 - ok
17:35:40.0752 2304 ================ Scan VBR ==================================
17:35:40.0752 2304 [ 0AD6A635F28FCA44FE35DA09D299FBE0 ] \Device\Harddisk0\DR0\Partition1
17:35:40.0752 2304 \Device\Harddisk0\DR0\Partition1 - ok
17:35:40.0767 2304 [ 9B3FD1742E036D9023B28A5D19B0344F ] \Device\Harddisk0\DR0\Partition2
17:35:40.0783 2304 \Device\Harddisk0\DR0\Partition2 - ok
17:35:40.0783 2304 ============================================================
17:35:40.0783 2304 Scan finished
17:35:40.0783 2304 ============================================================
17:35:40.0799 6060 Detected object count: 1
17:35:40.0799 6060 Actual detected object count: 1
17:36:27.0131 6060 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
17:36:27.0131 6060 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
17:37:43.0399 4588 Deinitialize success


Defogger Log:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:39 on 23/12/2012 (Brent)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

ken545
2012-12-24, 03:14
Hi,

Go here (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and download AdwCleaner to your desktop


Double click on AdwCleaner.exe to run the tool.
Click on Delete
A logfile will automatically open after the scan has finished.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


http://i24.photobucket.com/albums/c30/ken545/AdwareCleaner.jpg




Then lets try this other rootkit scanner


Scan With RootKitUnHooker


Please choose one link and download Rootkit Unhooker and save it to your desktop.
Link 1 (http://www.kernelmode.info/ARKs/RKUnhookerLE.EXE)
Link 2 (http://www.kernelmode.info/ARKs/RKUnhookerLE.zip)
Link 3 (http://www.kernelmode.info/ARKs/RkU3.8.388.590.rar)

Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers and Stealth
Uncheck the rest. then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished and then click File > Save Report.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in your next reply.


Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


Then run OTL again and let me see a new log please

ken545
2012-12-24, 11:00
Good Morning,

I believe what you may have is an infected Master Boot Record, go ahead and bypass Rootkit Unhooker for now but do run AdwCleaner as you have some bogus toolbars you dont need.


Download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.
Be sure to disable your security programs
Double click on the file to run it
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.

bflat
2012-12-26, 02:14
Hello,
Below are the results of the AdwCleaner and MBR Check:

# AdwCleaner v2.103 - Logfile created 12/25/2012 at 18:01:00
# Updated 25/12/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Brent - BRENT-PC
# Boot Mode : Normal
# Running from : C:\Users\Brent\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Brent\AppData\Roaming\Mozilla\Firefox\Profiles\f7cr15ka.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Brent\Desktop\Uninstall.exe
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\NCH
Folder Deleted : C:\Users\Brent\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Brent\AppData\LocalLow\NCH

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\NCH
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100685.FCTB000100685Pos
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100685.FCTB000100685Pos.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100685.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100685.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100685.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100685.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2117678
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{887E10B8-6173-48ED-83DA-4BCB4781DB6D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe_5aab5a491a3a52ae624fd639f6aaa95
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe_674de92534e78ca5194a049722987cc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe_6e02d32c7e5a9d9fc86bc91618cafda
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe_9107cc52ed6a148a98fad4f22b15a79
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe_9f42804f89f9a287eff5269cd426478
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe_b3449bacc3f59b3b46b353ca9840034
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Key Deleted : HKLM\Software\NCH
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{887E10B8-6173-48ED-83DA-4BCB4781DB6D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NCH Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16448

[OK] Registry is clean.

-\\ Mozilla Firefox v7.0.1 (en-US)

File : C:\Users\Brent\AppData\Roaming\Mozilla\Firefox\Profiles\f7cr15ka.default\prefs.js

Deleted : user_pref("browser.search.defaultthis.engineName", "NCH Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&Sea[...]
Deleted : user_pref("browser.search.selectedEngine", "NCH Customized Web Search");
Deleted : user_pref("extensions.veohsearchrecs.SupportedSites", "<?xml version=\"1.0\" ?>\r\n<results revision[...]
Deleted : user_pref("extensions.veohsearchrecs.VeohVersion", "1.5.2");
Deleted : user_pref("extensions.veohsearchrecs.id", "ad3118988-b826-c67c-867b-b8b04272ac3");
Deleted : user_pref("extensions.veohsearchrecs.lastsitedate", "4");

*************************

AdwCleaner[R1].txt - [5220 octets] - [25/12/2012 18:00:08]
AdwCleaner[S1].txt - [5103 octets] - [25/12/2012 18:01:00]

########## EOF - C:\AdwCleaner[S1].txt - [5163 octets] ##########




MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Studio 1749
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 199):
0x02C5B000 \SystemRoot\system32\ntoskrnl.exe
0x02C12000 \SystemRoot\system32\hal.dll
0x00BBA000 \SystemRoot\system32\kdcom.dll
0x00C87000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CCB000 \SystemRoot\system32\PSHED.dll
0x00CDF000 \SystemRoot\system32\CLFS.SYS
0x00D3D000 \SystemRoot\system32\CI.dll
0x00EAB000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F4F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F5E000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FB5000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FBE000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00FC8000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E00000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E0D000 \SystemRoot\System32\drivers\partmgr.sys
0x00E22000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E2B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E37000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E4C000 \SystemRoot\System32\drivers\volmgrx.sys
0x00C00000 \SystemRoot\System32\drivers\mountmgr.sys
0x00C1A000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00C23000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00C4D000 \SystemRoot\system32\DRIVERS\msahci.sys
0x00C58000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00C68000 \SystemRoot\system32\drivers\amdxata.sys
0x01050000 \SystemRoot\system32\drivers\fltmgr.sys
0x0109C000 \SystemRoot\system32\drivers\fileinfo.sys
0x010B0000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01209000 \SystemRoot\System32\Drivers\Ntfs.sys
0x010BC000 \SystemRoot\System32\Drivers\msrpc.sys
0x013AB000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0111A000 \SystemRoot\System32\Drivers\cng.sys
0x013C5000 \SystemRoot\System32\drivers\pcw.sys
0x013D6000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0145F000 \SystemRoot\system32\drivers\ndis.sys
0x01551000 \SystemRoot\system32\drivers\NETIO.SYS
0x015B1000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01400000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0144C000 \SystemRoot\System32\Drivers\spldr.sys
0x0118C000 \SystemRoot\System32\drivers\rdyboost.sys
0x015DC000 \SystemRoot\System32\Drivers\mup.sys
0x015EE000 \SystemRoot\System32\drivers\hwpolicy.sys
0x011C6000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x013E0000 \SystemRoot\system32\DRIVERS\disk.sys
0x01000000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x028F2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0291C000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x02949000 \SystemRoot\System32\Drivers\Null.SYS
0x02952000 \SystemRoot\System32\Drivers\Beep.SYS
0x02959000 \SystemRoot\System32\drivers\vga.sys
0x02967000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0298C000 \SystemRoot\System32\drivers\watchdog.sys
0x0299C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x029A5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x029AE000 \SystemRoot\system32\drivers\rdprefmp.sys
0x029B7000 \SystemRoot\System32\Drivers\Msfs.SYS
0x029C2000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03A02000 \SystemRoot\System32\drivers\tcpip.sys
0x02800000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0284A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02868000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03C86000 \SystemRoot\system32\drivers\afd.sys
0x03D0F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03D54000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x03D5F000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03D68000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03D8E000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03DA4000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03DB3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03DCE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03C00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03C51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03C5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03C68000 \SystemRoot\System32\drivers\discache.sys
0x03DE2000 \SystemRoot\System32\Drivers\dfsc.sys
0x02875000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02886000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03C77000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04474000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x04E93000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04F87000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04FCD000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x04FDE000 \SystemRoot\system32\drivers\usbehci.sys
0x04400000 \SystemRoot\system32\drivers\USBPORT.SYS
0x028AC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03E22000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x040CA000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x040D7000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x04115000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x04135000 \SystemRoot\system32\DRIVERS\o2mdgx64.sys
0x04146000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x04175000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x041B4000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x041B9000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x041D7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x05419000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x05468000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0546A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x05479000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x05480000 \SystemRoot\system32\DRIVERS\Impcd.sys
0x054A5000 \SystemRoot\system32\DRIVERS\Acceler.sys
0x054B1000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x054C7000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x054D7000 \SystemRoot\system32\drivers\povrtdev.sys
0x054E2000 \SystemRoot\system32\drivers\portcls.sys
0x0551F000 \SystemRoot\system32\drivers\drmk.sys
0x05541000 \SystemRoot\system32\drivers\ks.sys
0x05584000 \SystemRoot\system32\drivers\ksthunk.sys
0x0558A000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x055A0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x055C4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x055D0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03E00000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x028D0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x041E6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05400000 \SystemRoot\system32\DRIVERS\swenum.sys
0x05402000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05802000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0585C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05871000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x058F0000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x000D0000 \SystemRoot\System32\win32k.sys
0x0592E000 \SystemRoot\System32\drivers\Dxapi.sys
0x0593A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05957000 \SystemRoot\System32\Drivers\usbvideo.sys
0x05985000 \SystemRoot\system32\DRIVERS\CtClsFlt.sys
0x059B0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004C0000 \SystemRoot\System32\TSDDD.dll
0x006A0000 \SystemRoot\System32\cdd.dll
0x008D0000 \SystemRoot\System32\ATMFD.DLL
0x059BE000 \SystemRoot\system32\drivers\luafv.sys
0x029D3000 \SystemRoot\system32\drivers\WudfPf.sys
0x059E1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0227E000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x022D1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x022E4000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x022FC000 \SystemRoot\system32\drivers\HTTP.sys
0x023C4000 \SystemRoot\system32\DRIVERS\bowser.sys
0x023E2000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02200000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0222D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x034E1000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03504000 \SystemRoot\System32\Drivers\adfs.SYS
0x0351C000 \SystemRoot\system32\DRIVERS\udfs.sys
0x03570000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x03580000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0358E000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0359A000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x035A5000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x035B8000 \??\C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys
0x03400000 \SystemRoot\system32\drivers\peauth.sys
0x034A6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x034B1000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x035DC000 \SystemRoot\System32\drivers\tcpipreg.sys
0x060A9000 \??\C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl
0x060D4000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0613B000 \SystemRoot\System32\DRIVERS\srv.sys
0x061D0000 \SystemRoot\system32\drivers\BCM42RLY.sys
0x06000000 \SystemRoot\System32\Drivers\fastfat.SYS
0x774C0000 \Windows\System32\ntdll.dll
0x47C80000 \Windows\System32\smss.exe
0xFF7E0000 \Windows\System32\apisetschema.dll
0xFF480000 \Windows\System32\autochk.exe
0x77690000 \Windows\System32\normaliz.dll
0xFF6F0000 \Windows\System32\advapi32.dll
0x77680000 \Windows\System32\psapi.dll
0xFF670000 \Windows\System32\shlwapi.dll
0x773A0000 \Windows\System32\kernel32.dll
0xFF5F0000 \Windows\System32\difxapi.dll
0xFF5D0000 \Windows\System32\imagehlp.dll
0xFF3C0000 \Windows\System32\ole32.dll
0xFE630000 \Windows\System32\shell32.dll
0xFE550000 \Windows\System32\oleaut32.dll
0xFE500000 \Windows\System32\Wldap32.dll
0xFE460000 \Windows\System32\msvcrt.dll
0xFE410000 \Windows\System32\ws2_32.dll
0xFE3A0000 \Windows\System32\gdi32.dll
0xFE300000 \Windows\System32\clbcatq.dll
0xFE230000 \Windows\System32\usp10.dll
0xFE050000 \Windows\System32\setupapi.dll
0xFE030000 \Windows\System32\sechost.dll
0xFE000000 \Windows\System32\imm32.dll
0x77190000 \Windows\System32\iertutil.dll
0xFDEF0000 \Windows\System32\msctf.dll
0x77040000 \Windows\System32\urlmon.dll
0xFDE50000 \Windows\System32\comdlg32.dll
0xFDE40000 \Windows\System32\lpk.dll
0xFDD10000 \Windows\System32\rpcrt4.dll
0xFDD00000 \Windows\System32\nsi.dll
0x76EE0000 \Windows\System32\wininet.dll
0x76DE0000 \Windows\System32\user32.dll
0xFDB90000 \Windows\System32\crypt32.dll
0xFDB50000 \Windows\System32\wintrust.dll
0xFDB30000 \Windows\System32\devobj.dll
0xFDA90000 \Windows\System32\comctl32.dll
0xFDA50000 \Windows\System32\cfgmgr32.dll
0xFD9E0000 \Windows\System32\KernelBase.dll
0xFD9D0000 \Windows\System32\msasn1.dll
0x74FB0000 \Windows\SysWOW64\normaliz.dll

Processes (total 84):
0 System Idle Process
4 System
288 C:\Windows\System32\smss.exe
388 csrss.exe
448 C:\Windows\System32\wininit.exe
472 csrss.exe
508 C:\Windows\System32\services.exe
532 C:\Windows\System32\lsass.exe
540 C:\Windows\System32\lsm.exe
640 C:\Windows\System32\svchost.exe
720 C:\Windows\System32\svchost.exe
780 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
832 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\svchost.exe
916 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d29e7c5b1ea33de7\stacsv64.exe
420 C:\Windows\System32\audiodg.exe
656 C:\Windows\System32\svchost.exe
408 C:\Program Files\Dell\DellDock\DockLogin.exe
1080 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\winlogon.exe
1216 C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
1224 C:\Windows\System32\wlanext.exe
1232 C:\Windows\System32\conhost.exe
1260 C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
1400 C:\Windows\System32\spoolsv.exe
1448 C:\Windows\System32\svchost.exe
1568 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1936 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d29e7c5b1ea33de7\AESTSr64.exe
1972 C:\Windows\SysWOW64\svchost.exe
1992 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2024 C:\Program Files\Bonjour\mDNSResponder.exe
1036 C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
384 C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
1480 C:\Windows\System32\svchost.exe
1860 C:\Program Files (x86)\MediaMall\MediaMallServer.exe
2104 C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
2144 C:\Windows\System32\drivers\o2flash.exe
2200 C:\Program Files (x86)\NCH Software\Reflect\reflect.exe
2240 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
2396 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2916 WmiPrvSE.exe
3120 WmiPrvSE.exe
3292 C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
3496 C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
2716 C:\Program Files\Windows Media Player\wmpnetwk.exe
748 C:\Windows\System32\SearchIndexer.exe
3892 C:\Windows\System32\taskhost.exe
480 C:\Windows\System32\dwm.exe
3212 C:\Windows\explorer.exe
4004 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
2296 C:\Windows\System32\vds.exe
2840 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2908 C:\Program Files\IDT\WDM\sttray64.exe
632 C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
972 C:\Windows\System32\igfxtray.exe
3236 C:\Windows\System32\hkcmd.exe
636 C:\Windows\System32\igfxpers.exe
2768 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
2208 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
2412 C:\Users\Brent\AppData\Roaming\Dropbox\bin\Dropbox.exe
2036 C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
2944 C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
3076 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3928 C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe
3356 C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
4000 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4100 C:\Program Files (x86)\iTunes\iTunesHelper.exe
4272 C:\Windows\System32\notepad.exe
4404 C:\Program Files\iPod\bin\iPodService.exe
1600 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4820 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3372 C:\Windows\System32\wuauclt.exe
4416 C:\Windows\System32\svchost.exe
4788 C:\Windows\System32\svchost.exe
5804 C:\Windows\servicing\TrustedInstaller.exe
5764 WmiPrvSE.exe
5708 WmiPrvSE.exe
6080 C:\Program Files (x86)\Internet Explorer\iexplore.exe
5840 C:\Windows\System32\SearchProtocolHost.exe
4448 C:\Windows\System32\SearchFilterHost.exe
2460 C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZR2SBP0\MBRCheck.exe
712 C:\Windows\System32\conhost.exe
4292 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK3256GSY, Rev: LH010D

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

ken545
2012-12-26, 02:24
Great, still have problems with the background adds through the speakers ?

Run OTL and post a new log please

ken545
2012-12-28, 21:48
Still with me ?

ken545
2012-12-29, 22:10
Due to inactivity, this thread will now be closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.