Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Trojon: Zeroaccess.hi


(!)

Glidds's Avatar
Glidds Glidds is offline
Member with 7 posts.
THREAD STARTER
 
Join Date: Jan 2013
07-Jan-2013, 10:43 PM #1
Exclamation Trojon: Zeroaccess.hi
Hello there

My computer has mcafee installed and it keeps coming up with trojan detected. It says it's called zeroaccess.hi and is quarantined from C:\windows\assembly\GAC_64|desktop.ini

It says it cannot remove it while it is in use and that i should restart my computer so mcafee can fix it.

I press restart now and it restarts but just logs in as usual and the same trojan detected message pops up after a minute or 2

I'm assuming it wants to launch a scan during startup but the virus is stopping it somehow.

Ive scanned in safe mode but mcafee still doesnt fix it

is there a fix tool for this or a better program to use? I've tried a few things but nothing seems to work.



It's a DELL XPS8500 desktop
Windows 7 home premium, SP1 64bit


If you want a hijack this log I will post one.
Any help would be greatly appreciated

Cheers

Pete
Glidds's Avatar
Glidds Glidds is offline
Member with 7 posts.
THREAD STARTER
 
Join Date: Jan 2013
08-Jan-2013, 01:04 AM #2
Here are the requested logs. Sorry didnt read the post for newbies.

HJTHIS:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:27:57 PM, on 8/01/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Internode\mum.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Users\davey\Desktop\HijackThis.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/USCON/19
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=Snapd...q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=Snapd...q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=Snapd...q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=Snapd...q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: smartdownloader Class - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - C:\Program Files (x86)\SockshareDownloader\smarterdownloader.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
O4 - HKLM\..\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
O4 - HKLM\..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKCU\..\Run: [InternodeUsage] C:\PROGRA~2\INTERN~2\mum.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files (x86)\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.samsungsetup.com
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: CyberLink Product - 2012/06/12 18:30:49 (CLKMSVC10_9EC60124) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
--
End of file - 16234 bytes

DDS:



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:27:57 PM, on 8/01/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Internode\mum.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Users\davey\Desktop\HijackThis.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/USCON/19
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=Snapd...q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=Snapd...q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=Snapd...q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=Snapd...q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: smartdownloader Class - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - C:\Program Files (x86)\SockshareDownloader\smarterdownloader.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
O4 - HKLM\..\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
O4 - HKLM\..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKCU\..\Run: [InternodeUsage] C:\PROGRA~2\INTERN~2\mum.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files (x86)\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.samsungsetup.com
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: CyberLink Product - 2012/06/12 18:30:49 (CLKMSVC10_9EC60124) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
--
End of file - 16234 bytes


ATTACH:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:27:57 PM, on 8/01/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Internode\mum.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Users\davey\Desktop\HijackThis.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/USCON/19
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=Snapd...q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=Snapd...q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=Snapd...q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=Snapd...q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: smartdownloader Class - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - C:\Program Files (x86)\SockshareDownloader\smarterdownloader.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
O4 - HKLM\..\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
O4 - HKLM\..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKCU\..\Run: [InternodeUsage] C:\PROGRA~2\INTERN~2\mum.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files (x86)\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.samsungsetup.com
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: CyberLink Product - 2012/06/12 18:30:49 (CLKMSVC10_9EC60124) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
--
End of file - 16234 bytes


GMER:



GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-08 15:31:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Intel___ rev.1.0. 1863.01GB
Running: 6sichqe2.exe; Driver: C:\Users\davey\AppData\Local\Temp\kwldapow.sys

---- User code sections - GMER 2.0 ----
.reloc C:\Windows\system32\services.exe [884] section is executable [0x4A8, 0xA0000020] 0000000100052000
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077001401 2 bytes [00, 77]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1392] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077001419 2 bytes [00, 77]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077001431 2 bytes [00, 77]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007700144a 2 bytes [00, 77]
.text ... * 9
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1392] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000770014dd 2 bytes [00, 77]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000770014f5 2 bytes [00, 77]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1392] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007700150d 2 bytes [00, 77]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077001525 2 bytes [00, 77]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007700153d 2 bytes [00, 77]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1392] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077001555 2 bytes [00, 77]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007700156d 2 bytes [00, 77]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077001585 2 bytes [00, 77]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1392] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007700159d 2 bytes [00, 77]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000770015b5 2 bytes [00, 77]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000770015cd 2 bytes [00, 77]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000770016b2 2 bytes [00, 77]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000770016bd 2 bytes [00, 77]
.text C:\Program Files (x86)\Internode\mum.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077001401 2 bytes [00, 77]
.text C:\Program Files (x86)\Internode\mum.exe[2644] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077001419 2 bytes [00, 77]
.text C:\Program Files (x86)\Internode\mum.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077001431 2 bytes [00, 77]
.text C:\Program Files (x86)\Internode\mum.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007700144a 2 bytes [00, 77]
.text ... * 9
.text C:\Program Files (x86)\Internode\mum.exe[2644] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000770014dd 2 bytes [00, 77]
.text C:\Program Files (x86)\Internode\mum.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000770014f5 2 bytes [00, 77]
.text C:\Program Files (x86)\Internode\mum.exe[2644] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007700150d 2 bytes [00, 77]
.text C:\Program Files (x86)\Internode\mum.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077001525 2 bytes [00, 77]
.text C:\Program Files (x86)\Internode\mum.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007700153d 2 bytes [00, 77]
.text C:\Program Files (x86)\Internode\mum.exe[2644] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077001555 2 bytes [00, 77]
.text C:\Program Files (x86)\Internode\mum.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007700156d 2 bytes [00, 77]
.text C:\Program Files (x86)\Internode\mum.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077001585 2 bytes [00, 77]
.text C:\Program Files (x86)\Internode\mum.exe[2644] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007700159d 2 bytes [00, 77]
.text C:\Program Files (x86)\Internode\mum.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000770015b5 2 bytes [00, 77]
.text C:\Program Files (x86)\Internode\mum.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000770015cd 2 bytes [00, 77]
.text C:\Program Files (x86)\Internode\mum.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000770016b2 2 bytes [00, 77]
.text C:\Program Files (x86)\Internode\mum.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000770016bd 2 bytes [00, 77]
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077001401 2 bytes [00, 77]
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2908] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077001419 2 bytes [00, 77]
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077001431 2 bytes [00, 77]
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007700144a 2 bytes [00, 77]
.text ... * 9
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2908] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000770014dd 2 bytes [00, 77]
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000770014f5 2 bytes [00, 77]
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2908] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007700150d 2 bytes [00, 77]
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077001525 2 bytes [00, 77]
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007700153d 2 bytes [00, 77]
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2908] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077001555 2 bytes [00, 77]
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007700156d 2 bytes [00, 77]
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077001585 2 bytes [00, 77]
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2908] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007700159d 2 bytes [00, 77]
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000770015b5 2 bytes [00, 77]
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000770015cd 2 bytes [00, 77]
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000770016b2 2 bytes [00, 77]
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000770016bd 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3460] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077001401 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3460] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077001419 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077001431 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007700144a 2 bytes [00, 77]
.text ... * 9
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3460] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000770014dd 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3460] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000770014f5 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3460] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007700150d 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3460] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077001525 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3460] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007700153d 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3460] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077001555 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3460] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007700156d 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3460] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077001585 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3460] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007700159d 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3460] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000770015b5 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3460] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000770015cd 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3460] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000770016b2 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3460] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000770016bd 2 bytes [00, 77]
.text C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077001401 2 bytes [00, 77]
.text C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe[4672] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077001419 2 bytes [00, 77]
.text C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077001431 2 bytes [00, 77]
.text C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007700144a 2 bytes [00, 77]
.text ... * 9
.text C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe[4672] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000770014dd 2 bytes [00, 77]
.text C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000770014f5 2 bytes [00, 77]
.text C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe[4672] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007700150d 2 bytes [00, 77]
.text C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077001525 2 bytes [00, 77]
.text C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007700153d 2 bytes [00, 77]
.text C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe[4672] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077001555 2 bytes [00, 77]
.text C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007700156d 2 bytes [00, 77]
.text C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077001585 2 bytes [00, 77]
.text C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe[4672] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007700159d 2 bytes [00, 77]
.text C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000770015b5 2 bytes [00, 77]
.text C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000770015cd 2 bytes [00, 77]
.text C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000770016b2 2 bytes [00, 77]
.text C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000770016bd 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2244] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077001401 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2244] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077001419 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077001431 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007700144a 2 bytes [00, 77]
.text ... * 9
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2244] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000770014dd 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2244] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000770014f5 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2244] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007700150d 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2244] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077001525 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2244] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007700153d 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2244] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077001555 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2244] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007700156d 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2244] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077001585 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2244] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007700159d 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2244] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000770015b5 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2244] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000770015cd 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2244] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000770016b2 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2244] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000770016bd 2 bytes [00, 77]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[5752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077001401 2 bytes [00, 77]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[5752] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077001419 2 bytes [00, 77]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[5752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077001431 2 bytes [00, 77]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[5752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007700144a 2 bytes [00, 77]
.text ... * 9
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[5752] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000770014dd 2 bytes [00, 77]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[5752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000770014f5 2 bytes [00, 77]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[5752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007700150d 2 bytes [00, 77]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[5752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077001525 2 bytes [00, 77]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[5752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007700153d 2 bytes [00, 77]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[5752] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077001555 2 bytes [00, 77]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[5752] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007700156d 2 bytes [00, 77]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[5752] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077001585 2 bytes [00, 77]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[5752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007700159d 2 bytes [00, 77]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[5752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000770015b5 2 bytes [00, 77]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[5752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000770015cd 2 bytes [00, 77]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[5752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000770016b2 2 bytes [00, 77]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[5752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000770016bd 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077001401 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077001419 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077001431 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007700144a 2 bytes [00, 77]
.text ... * 9
.text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000770014dd 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000770014f5 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007700150d 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077001525 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007700153d 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077001555 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007700156d 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077001585 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007700159d 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000770015b5 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000770015cd 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000770016b2 2 bytes [00, 77]
.text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000770016bd 2 bytes [00, 77]
---- Threads - GMER 2.0 ----
Thread C:\Windows\system32\services.exe [884:932] 00000000001a1e58
Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3408:3436] 000007fef751cc10
Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3408:3456] 000007fef73db564
Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3408:3792] 000007fef73db564
Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3408:3920] 000007fef73db564
Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3408:4172] 000007fef73db564
Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3408:4232] 000007fef73db564
Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3408:4236] 000007fef74ef718
Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3408:4240] 000007fef73db564
Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3408:4256] 000007fef73db564
Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3408:4276] 000007fef73db564
Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3408:4280] 000007fef73d143c
Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3408:4872] 000007fef7a16050
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4396:5228] 000007fefb732a7c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4396:7096] 00000000661d6c88
---- Processes - GMER 2.0 ----
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [824] 000007fefdc30000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [712] 000007fefdc30000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [1036] 000007fefdc30000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1120] 000007fefdc30000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1312] 000007fefdc30000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1588] 000007fefdc30000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [2428] 000007fefdc30000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Internode\mum.exe [2644] 00000000747d0000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [3340] 000007fefdc30000
Library ? (*** suspicious ***) @ c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3408] 000007fef87c0000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [4024] 000007fefdc30000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [4380] 000007fefdc30000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4396] 0000000074480000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe [4672] 00000000747d0000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [4320] 000007fefdc30000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE [2244] 00000000747d0000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe [6080] 00000000747d0000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [3656] 00000000747d0000
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb911b1e0
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb911b1e0 (not active ControlSet)
---- EOF - GMER 2.0 ----
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,391 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
08-Jan-2013, 05:54 AM #3
step 1

Run tdss killer from http://support.kaspersky.com/viruses...?qid=208280684

let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot

post back with its log

By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
Logs have names like: UtilityName.Version_Date_Time_log.txt.
E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
Glidds's Avatar
Glidds Glidds is offline
Member with 7 posts.
THREAD STARTER
 
Join Date: Jan 2013
08-Jan-2013, 08:18 AM #4
Yeah I tried that already but it didnt seem to do anything.

Here is the log:

22:45:06.0240 6756 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:45:06.0240 6756 ============================================================
22:45:06.0240 6756 Current date / time: 2013/01/08 22:45:06.0240
22:45:06.0240 6756 SystemInfo:
22:45:06.0240 6756
22:45:06.0240 6756 OS Version: 6.1.7601 ServicePack: 1.0
22:45:06.0240 6756 Product type: Workstation
22:45:06.0240 6756 ComputerName: DAVEYS
22:45:06.0240 6756 UserName: davey
22:45:06.0240 6756 Windows directory: C:\Windows
22:45:06.0240 6756 System windows directory: C:\Windows
22:45:06.0240 6756 Running under WOW64
22:45:06.0240 6756 Processor architecture: Intel x64
22:45:06.0240 6756 Number of processors: 8
22:45:06.0240 6756 Page size: 0x1000
22:45:06.0240 6756 Boot type: Normal boot
22:45:06.0240 6756 ============================================================
22:45:08.0408 6756 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C0EE0E00 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:45:08.0408 6756 ============================================================
22:45:08.0408 6756 \Device\Harddisk0\DR0:
22:45:08.0408 6756 MBR partitions:
22:45:08.0408 6756 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1880000
22:45:08.0408 6756 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1894000, BlocksNum 0xE7572000
22:45:08.0408 6756 ============================================================
22:45:08.0424 6756 C: <-> \Device\Harddisk0\DR0\Partition2
22:45:08.0424 6756 ============================================================
22:45:08.0424 6756 Initialize success
22:45:08.0424 6756 ============================================================
22:45:10.0530 2992 ============================================================
22:45:10.0530 2992 Scan started
22:45:10.0530 2992 Mode: Manual;
22:45:10.0530 2992 ============================================================
22:45:10.0670 2992 ================ Scan system memory ========================
22:45:10.0670 2992 System memory - ok
22:45:10.0670 2992 ================ Scan services =============================
22:45:10.0670 2992 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
22:45:10.0670 2992 !SASCORE - ok
22:45:10.0717 2992 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:45:10.0717 2992 1394ohci - ok
22:45:10.0733 2992 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:45:10.0733 2992 ACPI - ok
22:45:10.0748 2992 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:45:10.0748 2992 AcpiPmi - ok
22:45:10.0748 2992 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:45:10.0748 2992 AdobeARMservice - ok
22:45:10.0764 2992 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:45:10.0780 2992 AdobeFlashPlayerUpdateSvc - ok
22:45:10.0780 2992 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:45:10.0780 2992 adp94xx - ok
22:45:10.0795 2992 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:45:10.0795 2992 adpahci - ok
22:45:10.0795 2992 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:45:10.0811 2992 adpu320 - ok
22:45:10.0811 2992 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:45:10.0811 2992 AeLookupSvc - ok
22:45:10.0811 2992 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
22:45:10.0811 2992 AERTFilters - ok
22:45:10.0826 2992 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:45:10.0826 2992 AFD - ok
22:45:10.0826 2992 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:45:10.0842 2992 agp440 - ok
22:45:10.0842 2992 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:45:10.0842 2992 ALG - ok
22:45:10.0858 2992 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:45:10.0858 2992 aliide - ok
22:45:10.0873 2992 [ 2437C0697BA89FC5FCF2ADE491BDC2B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:45:10.0873 2992 AMD External Events Utility - ok
22:45:10.0873 2992 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:45:10.0873 2992 amdide - ok
22:45:10.0873 2992 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:45:10.0889 2992 AmdK8 - ok
22:45:10.0967 2992 [ 184F11D8B76FACFE16390C4C47D32B5D ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:45:11.0014 2992 amdkmdag - ok
22:45:11.0014 2992 [ 54BC6F0E471033D8B22FB5E5BEA343EE ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
22:45:11.0029 2992 amdkmdap - ok
22:45:11.0029 2992 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
22:45:11.0029 2992 AmdPPM - ok
22:45:11.0029 2992 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:45:11.0029 2992 amdsata - ok
22:45:11.0045 2992 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
22:45:11.0045 2992 amdsbs - ok
22:45:11.0045 2992 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:45:11.0045 2992 amdxata - ok
22:45:11.0060 2992 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:45:11.0060 2992 AppID - ok
22:45:11.0060 2992 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:45:11.0060 2992 AppIDSvc - ok
22:45:11.0060 2992 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:45:11.0060 2992 Appinfo - ok
22:45:11.0076 2992 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
22:45:11.0076 2992 arc - ok
22:45:11.0076 2992 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:45:11.0076 2992 arcsas - ok
22:45:11.0092 2992 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:45:11.0092 2992 aspnet_state - ok
22:45:11.0092 2992 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:45:11.0107 2992 AsyncMac - ok
22:45:11.0107 2992 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:45:11.0107 2992 atapi - ok
22:45:11.0107 2992 [ D0B119D6F52BDCA8D204F79D27690209 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
22:45:11.0107 2992 AthBTPort - ok
22:45:11.0123 2992 [ D24159FA178DCCE3B41226640D5E9C8D ] AtherosSvc C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
22:45:11.0123 2992 AtherosSvc - ok
22:45:11.0138 2992 [ 3D68A1EEF77307142636AF5127990BCB ] athr C:\Windows\system32\DRIVERS\athrx.sys
22:45:11.0154 2992 athr - ok
22:45:11.0170 2992 [ 2B3B05C0A7768BF033217EB8F33F9C35 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
22:45:11.0170 2992 AtiHDAudioService - ok
22:45:11.0170 2992 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:45:11.0170 2992 AudioEndpointBuilder - ok
22:45:11.0185 2992 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:45:11.0185 2992 AudioSrv - ok
22:45:11.0185 2992 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:45:11.0201 2992 AxInstSV - ok
22:45:11.0201 2992 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
22:45:11.0216 2992 b06bdrv - ok
22:45:11.0216 2992 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:45:11.0216 2992 b57nd60a - ok
22:45:11.0232 2992 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:45:11.0232 2992 BDESVC - ok
22:45:11.0232 2992 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:45:11.0232 2992 Beep - ok
22:45:11.0248 2992 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:45:11.0248 2992 BFE - ok
22:45:11.0248 2992 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
22:45:11.0263 2992 BITS - ok
22:45:11.0263 2992 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:45:11.0263 2992 blbdrive - ok
22:45:11.0263 2992 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:45:11.0279 2992 bowser - ok
22:45:11.0279 2992 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
22:45:11.0279 2992 BrFiltLo - ok
22:45:11.0279 2992 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
22:45:11.0279 2992 BrFiltUp - ok
22:45:11.0279 2992 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:45:11.0294 2992 BridgeMP - ok
22:45:11.0294 2992 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:45:11.0294 2992 Browser - ok
22:45:11.0294 2992 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:45:11.0310 2992 Brserid - ok
22:45:11.0310 2992 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:45:11.0310 2992 BrSerWdm - ok
22:45:11.0310 2992 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:45:11.0310 2992 BrUsbMdm - ok
22:45:11.0310 2992 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:45:11.0326 2992 BrUsbSer - ok
22:45:11.0326 2992 [ 50D912C86B924C397DEAE7C813E25B78 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
22:45:11.0326 2992 BTATH_A2DP - ok
22:45:11.0341 2992 [ 486362291E8C2AABC3698FCB0052D042 ] btath_avdt C:\Windows\system32\drivers\btath_avdt.sys
22:45:11.0341 2992 btath_avdt - ok
22:45:11.0341 2992 [ E6B734A37ADE36FE1A77035F4E484C8C ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
22:45:11.0341 2992 BTATH_BUS - ok
22:45:11.0341 2992 [ FB3833E63FF602B69C2FF085846DCF43 ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
22:45:11.0357 2992 BTATH_HCRP - ok
22:45:11.0357 2992 [ 371A11C1333BA526263A987A93ACDE3D ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
22:45:11.0357 2992 BTATH_LWFLT - ok
22:45:11.0357 2992 [ ABCD3C16CA850A7594CEB9AD5D966810 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
22:45:11.0372 2992 BTATH_RCP - ok
22:45:11.0372 2992 [ E2BC720E66DA3E51E41D47C12FE353F1 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
22:45:11.0388 2992 BtFilter - ok
22:45:11.0388 2992 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
22:45:11.0388 2992 BthEnum - ok
22:45:11.0388 2992 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:45:11.0404 2992 BTHMODEM - ok
22:45:11.0404 2992 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
22:45:11.0404 2992 BthPan - ok
22:45:11.0404 2992 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
22:45:11.0419 2992 BTHPORT - ok
22:45:11.0419 2992 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:45:11.0419 2992 bthserv - ok
22:45:11.0419 2992 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
22:45:11.0419 2992 BTHUSB - ok
22:45:11.0435 2992 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:45:11.0435 2992 cdfs - ok
22:45:11.0435 2992 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:45:11.0435 2992 cdrom - ok
22:45:11.0450 2992 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:45:11.0450 2992 CertPropSvc - ok
22:45:11.0450 2992 [ DF8D07059E7237E0BE9C1421EF5F9482 ] cfwids C:\Windows\system32\drivers\cfwids.sys
22:45:11.0450 2992 cfwids - ok
22:45:11.0450 2992 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
22:45:11.0466 2992 circlass - ok
22:45:11.0466 2992 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:45:11.0466 2992 CLFS - ok
22:45:11.0482 2992 [ BB86F147B2A7152E4B4D71A2F0A87D41 ] CLKMSVC10_9EC60124 C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
22:45:12.0262 2992 CLKMSVC10_9EC60124 - ok
22:45:12.0277 2992 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:45:12.0277 2992 clr_optimization_v2.0.50727_32 - ok
22:45:12.0293 2992 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:45:12.0293 2992 clr_optimization_v2.0.50727_64 - ok
22:45:12.0308 2992 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:45:12.0324 2992 clr_optimization_v4.0.30319_32 - ok
22:45:12.0324 2992 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:45:12.0340 2992 clr_optimization_v4.0.30319_64 - ok
22:45:12.0340 2992 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
22:45:12.0340 2992 CmBatt - ok
22:45:12.0340 2992 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:45:12.0355 2992 cmdide - ok
22:45:12.0355 2992 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:45:12.0355 2992 CNG - ok
22:45:12.0371 2992 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
22:45:12.0371 2992 Compbatt - ok
22:45:12.0371 2992 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:45:12.0371 2992 CompositeBus - ok
22:45:12.0371 2992 COMSysApp - ok
22:45:12.0386 2992 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:45:12.0386 2992 crcdisk - ok
22:45:12.0386 2992 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:45:12.0386 2992 CryptSvc - ok
22:45:12.0402 2992 [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
22:45:12.0402 2992 dc3d - ok
22:45:12.0402 2992 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:45:12.0402 2992 DcomLaunch - ok
22:45:12.0418 2992 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:45:12.0418 2992 defragsvc - ok
22:45:12.0418 2992 [ 3A42B00C88E3E68080DAB6B27BB35B6E ] DellDigitalDelivery C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
22:45:12.0433 2992 DellDigitalDelivery - ok
22:45:12.0433 2992 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:45:12.0433 2992 DfsC - ok
22:45:12.0449 2992 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:45:12.0449 2992 Dhcp - ok
22:45:12.0449 2992 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:45:12.0449 2992 discache - ok
22:45:12.0449 2992 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
22:45:12.0464 2992 Disk - ok
22:45:12.0464 2992 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:45:12.0464 2992 Dnscache - ok
22:45:12.0464 2992 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:45:12.0480 2992 dot3svc - ok
22:45:12.0480 2992 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:45:12.0480 2992 DPS - ok
22:45:12.0480 2992 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:45:12.0480 2992 drmkaud - ok
22:45:12.0496 2992 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:45:12.0496 2992 DXGKrnl - ok
22:45:12.0511 2992 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:45:12.0511 2992 EapHost - ok
22:45:12.0542 2992 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
22:45:12.0574 2992 ebdrv - ok
22:45:12.0574 2992 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:45:12.0574 2992 EFS - ok
22:45:12.0589 2992 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:45:12.0605 2992 ehRecvr - ok
22:45:12.0605 2992 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:45:12.0605 2992 ehSched - ok
22:45:12.0620 2992 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:45:12.0620 2992 elxstor - ok
22:45:12.0620 2992 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:45:12.0636 2992 ErrDev - ok
22:45:12.0636 2992 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:45:12.0636 2992 EventSystem - ok
22:45:12.0636 2992 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:45:12.0652 2992 exfat - ok
22:45:12.0652 2992 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:45:12.0652 2992 fastfat - ok
22:45:12.0667 2992 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:45:12.0667 2992 Fax - ok
22:45:12.0667 2992 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
22:45:12.0667 2992 fdc - ok
22:45:12.0667 2992 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:45:12.0667 2992 fdPHost - ok
22:45:12.0683 2992 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:45:12.0683 2992 FDResPub - ok
22:45:12.0683 2992 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:45:12.0683 2992 FileInfo - ok
22:45:12.0683 2992 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:45:12.0698 2992 Filetrace - ok
22:45:12.0698 2992 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
22:45:12.0698 2992 flpydisk - ok
22:45:12.0698 2992 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:45:12.0714 2992 FltMgr - ok
22:45:12.0714 2992 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
22:45:12.0730 2992 FontCache - ok
22:45:12.0730 2992 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:45:12.0730 2992 FontCache3.0.0.0 - ok
22:45:12.0745 2992 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:45:12.0745 2992 FsDepends - ok
22:45:12.0745 2992 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:45:12.0745 2992 Fs_Rec - ok
22:45:12.0745 2992 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:45:12.0761 2992 fvevol - ok
22:45:12.0761 2992 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:45:12.0761 2992 gagp30kx - ok
22:45:12.0776 2992 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:45:12.0776 2992 gpsvc - ok
22:45:12.0776 2992 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:45:12.0792 2992 gupdate - ok
22:45:12.0792 2992 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:45:12.0792 2992 gupdatem - ok
22:45:12.0792 2992 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:45:12.0792 2992 gusvc - ok
22:45:12.0808 2992 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:45:12.0808 2992 hcw85cir - ok
22:45:12.0808 2992 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:45:12.0823 2992 HdAudAddService - ok
22:45:12.0823 2992 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:45:12.0823 2992 HDAudBus - ok
22:45:12.0823 2992 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
22:45:12.0839 2992 HidBatt - ok
22:45:12.0839 2992 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:45:12.0839 2992 HidBth - ok
22:45:12.0839 2992 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
22:45:12.0839 2992 HidIr - ok
22:45:12.0854 2992 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
22:45:12.0854 2992 hidserv - ok
22:45:12.0854 2992 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:45:12.0854 2992 HidUsb - ok
22:45:12.0854 2992 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys
22:45:12.0870 2992 HipShieldK - ok
22:45:12.0870 2992 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:45:12.0870 2992 hkmsvc - ok
22:45:12.0870 2992 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:45:12.0886 2992 HomeGroupListener - ok
22:45:12.0886 2992 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:45:12.0886 2992 HomeGroupProvider - ok
22:45:12.0886 2992 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:45:12.0886 2992 HpSAMD - ok
22:45:12.0901 2992 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:45:12.0901 2992 HTTP - ok
22:45:12.0917 2992 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:45:12.0917 2992 hwpolicy - ok
22:45:12.0917 2992 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:45:12.0917 2992 i8042prt - ok
22:45:12.0932 2992 [ D1753C06EE17E29352B065EACF3F10D0 ] iaStor C:\Windows\system32\drivers\iaStor.sys
22:45:12.0932 2992 iaStor - ok
22:45:12.0932 2992 [ 545462D0DBE24AF379BA869B7C185CCD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
22:45:12.0932 2992 IAStorDataMgrSvc - ok
22:45:12.0948 2992 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:45:12.0948 2992 iaStorV - ok
22:45:12.0964 2992 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:45:12.0979 2992 idsvc - ok
22:45:12.0979 2992 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:45:12.0979 2992 iirsp - ok
22:45:12.0995 2992 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:45:12.0995 2992 IKEEXT - ok
22:45:13.0042 2992 [ 40FB2F6CEB3FC935EC18D656D2758CD4 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:45:13.0057 2992 IntcAzAudAddService - ok
22:45:13.0057 2992 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
22:45:13.0073 2992 IntcDAud - ok
22:45:13.0073 2992 [ 7C76466F4E0F76CE259C6005D161E9E8 ] Intel(R) Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe
22:45:13.0073 2992 Intel(R) Capability Licensing Service Interface - ok
22:45:13.0088 2992 [ 6DAE35DE5DD135BF5EE4FD7BF5CDC203 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
22:45:13.0088 2992 Intel(R) ME Service - ok
22:45:13.0088 2992 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:45:13.0088 2992 intelide - ok
22:45:13.0088 2992 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:45:13.0104 2992 intelppm - ok
22:45:13.0104 2992 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:45:13.0104 2992 IPBusEnum - ok
22:45:13.0104 2992 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:45:13.0104 2992 IpFilterDriver - ok
22:45:13.0120 2992 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:45:13.0120 2992 IPMIDRV - ok
22:45:13.0120 2992 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:45:13.0120 2992 IPNAT - ok
22:45:13.0120 2992 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:45:13.0135 2992 IRENUM - ok
22:45:13.0135 2992 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:45:13.0135 2992 isapnp - ok
22:45:13.0135 2992 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:45:13.0151 2992 iScsiPrt - ok
22:45:13.0151 2992 [ 6BCEF45131C8B8E1C558BE540B190B3C ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
22:45:13.0151 2992 iusb3hcs - ok
22:45:13.0151 2992 [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
22:45:13.0166 2992 iusb3hub - ok
22:45:13.0166 2992 [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
22:45:13.0182 2992 iusb3xhc - ok
22:45:13.0182 2992 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:45:13.0182 2992 kbdclass - ok
22:45:13.0198 2992 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:45:13.0198 2992 kbdhid - ok
22:45:13.0198 2992 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:45:13.0198 2992 KeyIso - ok
22:45:13.0198 2992 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:45:13.0198 2992 KSecDD - ok
22:45:13.0213 2992 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:45:13.0213 2992 KSecPkg - ok
22:45:13.0213 2992 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:45:13.0213 2992 ksthunk - ok
22:45:13.0229 2992 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:45:13.0229 2992 KtmRm - ok
22:45:13.0229 2992 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:45:13.0244 2992 LanmanServer - ok
22:45:13.0244 2992 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:45:13.0244 2992 LanmanWorkstation - ok
22:45:13.0260 2992 [ 61323B88EFE90F6B144A3611B3ED1D7D ] Lavasoft Ad-Aware Service C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
22:45:13.0260 2992 Lavasoft Ad-Aware Service - ok
22:45:13.0276 2992 [ 9A7FA6371F68335FD3C3D6488BC5A9F8 ] Lavasoft Kernexplorer C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
22:45:13.0276 2992 Lavasoft Kernexplorer - ok
22:45:13.0276 2992 [ C8B3131857931AE76798A741CC52B021 ] Lbd C:\Windows\system32\DRIVERS\Lbd.sys
22:45:13.0276 2992 Lbd - ok
22:45:13.0276 2992 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:45:13.0276 2992 lltdio - ok
22:45:13.0291 2992 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:45:13.0291 2992 lltdsvc - ok
22:45:13.0291 2992 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:45:13.0291 2992 lmhosts - ok
22:45:13.0307 2992 [ 5C08357C65F658E29B5DDC2EF18D575C ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:45:13.0307 2992 LMS - ok
22:45:13.0307 2992 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:45:13.0322 2992 LSI_FC - ok
22:45:13.0322 2992 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:45:13.0322 2992 LSI_SAS - ok
22:45:13.0322 2992 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
22:45:13.0338 2992 LSI_SAS2 - ok
22:45:13.0338 2992 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:45:13.0338 2992 LSI_SCSI - ok
22:45:13.0338 2992 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:45:13.0354 2992 luafv - ok
22:45:13.0354 2992 [ 9504F1DDA1B67FB8D526FD4F8CC882F3 ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe
22:45:13.0369 2992 McAWFwk - ok
22:45:13.0369 2992 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:45:13.0369 2992 McMPFSvc - ok
22:45:13.0369 2992 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
22:45:13.0369 2992 mcmscsvc - ok
22:45:13.0369 2992 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
22:45:13.0369 2992 McNaiAnn - ok
22:45:13.0385 2992 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
22:45:13.0385 2992 McNASvc - ok
22:45:13.0385 2992 [ 1814532DB0404C5FB65AA3EB051B2BE5 ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe
22:45:13.0400 2992 McODS - ok
22:45:13.0400 2992 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
22:45:13.0400 2992 McOobeSv - ok
22:45:13.0400 2992 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
22:45:13.0400 2992 McProxy - ok
22:45:13.0400 2992 [ 9BBCECBE3FE5AF5958A770DC512D0473 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
22:45:13.0416 2992 McShield - ok
22:45:13.0416 2992 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:45:13.0416 2992 Mcx2Svc - ok
22:45:13.0416 2992 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
22:45:13.0416 2992 megasas - ok
22:45:13.0432 2992 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
22:45:13.0432 2992 MegaSR - ok
22:45:13.0432 2992 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
22:45:13.0447 2992 MEIx64 - ok
22:45:13.0447 2992 [ A979A70A89A5118434C5B3CF7649ECEF ] MemeoBackgroundService C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
22:45:13.0447 2992 MemeoBackgroundService - ok
22:45:13.0447 2992 [ 2D53234C24B0103FDE0BE06782AA6F80 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
22:45:13.0447 2992 mfeapfk - ok
22:45:13.0463 2992 [ C0EAF4F2367C44157E1DE4817238FEC2 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
22:45:13.0463 2992 mfeavfk - ok
22:45:13.0463 2992 mfeavfk01 - ok
22:45:13.0463 2992 [ 05248F2E6E1AFA6972D058C36199DEB7 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
22:45:13.0463 2992 mfefire - ok
22:45:13.0478 2992 [ 6856931F9F5B757E9D09369CC35096B9 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
22:45:13.0478 2992 mfefirek - ok
22:45:13.0494 2992 [ 62E4C929A4DB48616B1B90143B48C948 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
22:45:13.0510 2992 mfehidk - ok
22:45:13.0510 2992 [ B5B96149BE124092F577DE54EC7D4D65 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
22:45:13.0510 2992 mferkdet - ok
22:45:13.0510 2992 [ DC5483CAD90D95D65B618E35C66E28DF ] mfevtp C:\Windows\system32\mfevtps.exe
22:45:13.0525 2992 mfevtp - ok
22:45:13.0525 2992 [ E18162EA85F1531964F8222CC9E25E26 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
22:45:13.0525 2992 mfewfpk - ok
22:45:13.0541 2992 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:45:13.0541 2992 MMCSS - ok
22:45:13.0541 2992 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:45:13.0541 2992 Modem - ok
22:45:13.0541 2992 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:45:13.0541 2992 monitor - ok
22:45:13.0556 2992 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:45:13.0556 2992 mouclass - ok
22:45:13.0556 2992 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:45:13.0556 2992 mouhid - ok
22:45:13.0556 2992 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:45:13.0572 2992 mountmgr - ok
22:45:13.0572 2992 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:45:13.0588 2992 mpio - ok
22:45:13.0588 2992 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:45:13.0588 2992 mpsdrv - ok
22:45:13.0588 2992 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:45:13.0603 2992 MRxDAV - ok
22:45:13.0603 2992 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:45:13.0603 2992 mrxsmb - ok
22:45:13.0619 2992 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:45:13.0619 2992 mrxsmb10 - ok
22:45:13.0619 2992 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:45:13.0619 2992 mrxsmb20 - ok
22:45:13.0634 2992 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:45:13.0650 2992 msahci - ok
22:45:13.0650 2992 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:45:13.0666 2992 msdsm - ok
22:45:13.0666 2992 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:45:13.0666 2992 MSDTC - ok
22:45:13.0666 2992 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:45:13.0681 2992 Msfs - ok
22:45:13.0681 2992 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:45:13.0681 2992 mshidkmdf - ok
22:45:13.0681 2992 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:45:13.0681 2992 msisadrv - ok
22:45:13.0681 2992 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:45:13.0697 2992 MSiSCSI - ok
22:45:13.0697 2992 msiserver - ok
22:45:13.0697 2992 [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:45:13.0697 2992 MSK80Service - ok
22:45:13.0697 2992 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:45:13.0712 2992 MSKSSRV - ok
22:45:13.0712 2992 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:45:13.0712 2992 MSPCLOCK - ok
22:45:13.0712 2992 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:45:13.0712 2992 MSPQM - ok
22:45:13.0728 2992 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:45:13.0728 2992 MsRPC - ok
22:45:13.0728 2992 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:45:13.0728 2992 mssmbios - ok
22:45:13.0744 2992 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:45:13.0744 2992 MSTEE - ok
22:45:13.0744 2992 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
22:45:13.0744 2992 MTConfig - ok
22:45:13.0744 2992 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:45:13.0759 2992 Mup - ok
22:45:13.0759 2992 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:45:13.0775 2992 napagent - ok
22:45:13.0775 2992 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:45:13.0775 2992 NativeWifiP - ok
22:45:13.0790 2992 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:45:13.0806 2992 NDIS - ok
22:45:13.0806 2992 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:45:13.0806 2992 NdisCap - ok
22:45:13.0822 2992 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:45:13.0822 2992 NdisTapi - ok
22:45:13.0822 2992 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:45:13.0822 2992 Ndisuio - ok
22:45:13.0822 2992 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:45:13.0837 2992 NdisWan - ok
22:45:13.0837 2992 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:45:13.0837 2992 NDProxy - ok
22:45:13.0837 2992 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:45:13.0837 2992 NetBIOS - ok
22:45:13.0853 2992 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:45:13.0853 2992 NetBT - ok
22:45:13.0853 2992 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:45:13.0853 2992 Netlogon - ok
22:45:13.0868 2992 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:45:13.0868 2992 Netman - ok
22:45:13.0868 2992 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:45:13.0868 2992 NetMsmqActivator - ok
22:45:13.0868 2992 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:45:13.0884 2992 NetPipeActivator - ok
22:45:13.0884 2992 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:45:13.0884 2992 netprofm - ok
22:45:13.0884 2992 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:45:13.0884 2992 NetTcpActivator - ok
22:45:13.0884 2992 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:45:13.0884 2992 NetTcpPortSharing - ok
22:45:13.0900 2992 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:45:13.0900 2992 nfrd960 - ok
22:45:13.0900 2992 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:45:13.0900 2992 NlaSvc - ok
22:45:13.0931 2992 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
22:45:13.0946 2992 NOBU - ok
22:45:13.0946 2992 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:45:13.0946 2992 Npfs - ok
22:45:13.0946 2992 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:45:13.0946 2992 nsi - ok
22:45:13.0962 2992 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:45:13.0962 2992 nsiproxy - ok
22:45:13.0978 2992 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:45:13.0993 2992 Ntfs - ok
22:45:13.0993 2992 [ A2F750E416D1C628BDCDC2075AC33BC6 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
22:45:14.0009 2992 NuidFltr - ok
22:45:14.0009 2992 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:45:14.0009 2992 Null - ok
22:45:14.0009 2992 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:45:14.0009 2992 nvraid - ok
22:45:14.0024 2992 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:45:14.0024 2992 nvstor - ok
22:45:14.0024 2992 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:45:14.0040 2992 nv_agp - ok
22:45:14.0040 2992 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:45:14.0040 2992 ohci1394 - ok
22:45:14.0040 2992 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:45:14.0056 2992 ose - ok
22:45:14.0102 2992 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:45:14.0196 2992 osppsvc - ok
22:45:14.0196 2992 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:45:14.0212 2992 p2pimsvc - ok
22:45:14.0212 2992 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:45:14.0212 2992 p2psvc - ok
22:45:14.0227 2992 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
22:45:14.0227 2992 Parport - ok
22:45:14.0227 2992 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:45:14.0227 2992 partmgr - ok
22:45:14.0243 2992 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:45:14.0243 2992 PcaSvc - ok
22:45:14.0243 2992 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:45:14.0243 2992 pci - ok
22:45:14.0243 2992 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:45:14.0243 2992 pciide - ok
22:45:14.0258 2992 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:45:14.0258 2992 pcmcia - ok
22:45:14.0258 2992 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:45:14.0274 2992 pcw - ok
22:45:14.0274 2992 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:45:14.0274 2992 PEAUTH - ok
22:45:14.0305 2992 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:45:14.0305 2992 PerfHost - ok
22:45:14.0336 2992 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:45:14.0352 2992 pla - ok
22:45:14.0352 2992 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:45:14.0352 2992 PlugPlay - ok
22:45:14.0368 2992 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:45:14.0368 2992 PNRPAutoReg - ok
22:45:14.0368 2992 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:45:14.0368 2992 PNRPsvc - ok
22:45:14.0368 2992 [ 32D374C60778253B81FA76C2FE19E155 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
22:45:14.0383 2992 Point64 - ok
22:45:14.0383 2992 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:45:14.0383 2992 PolicyAgent - ok
22:45:14.0399 2992 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
22:45:14.0399 2992 Power - ok
22:45:14.0399 2992 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:45:14.0399 2992 PptpMiniport - ok
22:45:14.0399 2992 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
22:45:14.0414 2992 Processor - ok
22:45:14.0414 2992 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:45:14.0414 2992 ProfSvc - ok
22:45:14.0414 2992 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:45:14.0414 2992 ProtectedStorage - ok
22:45:14.0414 2992 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:45:14.0430 2992 Psched - ok
22:45:14.0446 2992 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:45:14.0461 2992 ql2300 - ok
22:45:14.0461 2992 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:45:14.0461 2992 ql40xx - ok
22:45:14.0477 2992 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:45:14.0477 2992 QWAVE - ok
22:45:14.0477 2992 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:45:14.0477 2992 QWAVEdrv - ok
22:45:14.0492 2992 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:45:14.0492 2992 RasAcd - ok
22:45:14.0492 2992 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:45:14.0492 2992 RasAgileVpn - ok
22:45:14.0492 2992 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:45:14.0508 2992 RasAuto - ok
22:45:14.0508 2992 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:45:14.0508 2992 Rasl2tp - ok
22:45:14.0524 2992 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:45:14.0524 2992 RasMan - ok
22:45:14.0524 2992 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:45:14.0524 2992 RasPppoe - ok
22:45:14.0539 2992 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:45:14.0539 2992 RasSstp - ok
22:45:14.0539 2992 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:45:14.0539 2992 rdbss - ok
22:45:14.0555 2992 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
22:45:14.0555 2992 rdpbus - ok
22:45:14.0555 2992 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:45:14.0555 2992 RDPCDD - ok
22:45:14.0555 2992 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:45:14.0570 2992 RDPENCDD - ok
22:45:14.0570 2992 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:45:14.0570 2992 RDPREFMP - ok
22:45:14.0570 2992 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:45:14.0586 2992 RDPWD - ok
22:45:14.0586 2992 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:45:14.0586 2992 rdyboost - ok
22:45:14.0602 2992 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:45:14.0602 2992 RemoteAccess - ok
22:45:14.0602 2992 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:45:14.0602 2992 RemoteRegistry - ok
22:45:14.0617 2992 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
22:45:14.0617 2992 RFCOMM - ok
22:45:14.0617 2992 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:45:14.0617 2992 RpcEptMapper - ok
22:45:14.0617 2992 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:45:14.0633 2992 RpcLocator - ok
22:45:14.0633 2992 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:45:14.0633 2992 RpcSs - ok
22:45:14.0633 2992 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:45:14.0648 2992 rspndr - ok
22:45:14.0648 2992 [ 6CF9DB101A75360E98659F823852E540 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:45:14.0664 2992 RTL8167 - ok
22:45:14.0664 2992 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:45:14.0664 2992 SamSs - ok
22:45:14.0664 2992 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
22:45:14.0664 2992 SASDIFSV - ok
22:45:14.0664 2992 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
22:45:14.0680 2992 SASKUTIL - ok
22:45:14.0680 2992 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:45:14.0680 2992 sbp2port - ok
22:45:14.0695 2992 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:45:14.0711 2992 SCardSvr - ok
22:45:14.0726 2992 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:45:14.0726 2992 scfilter - ok
22:45:14.0742 2992 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:45:14.0742 2992 Schedule - ok
22:45:14.0758 2992 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:45:14.0758 2992 SCPolicySvc - ok
22:45:14.0758 2992 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:45:14.0758 2992 SDRSVC - ok
22:45:14.0758 2992 [ 16B44D246835EAC156F8DAF0AA4F530C ] SeagateDashboardService C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
22:45:14.0758 2992 SeagateDashboardService - ok
22:45:14.0758 2992 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:45:14.0773 2992 secdrv - ok
22:45:14.0773 2992 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:45:14.0773 2992 seclogon - ok
22:45:14.0773 2992 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:45:14.0773 2992 SENS - ok
22:45:14.0773 2992 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:45:14.0789 2992 SensrSvc - ok
22:45:14.0789 2992 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
22:45:14.0789 2992 Serenum - ok
22:45:14.0789 2992 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
22:45:14.0789 2992 Serial - ok
22:45:14.0804 2992 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:45:14.0804 2992 sermouse - ok
22:45:14.0804 2992 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:45:14.0820 2992 SessionEnv - ok
22:45:14.0820 2992 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:45:14.0820 2992 sffdisk - ok
22:45:14.0820 2992 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:45:14.0820 2992 sffp_mmc - ok
22:45:14.0820 2992 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:45:14.0836 2992 sffp_sd - ok
22:45:14.0836 2992 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:45:14.0836 2992 sfloppy - ok
22:45:14.0851 2992 [ 4215C271D6E6898C3F4DABAB4F387DC9 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
22:45:14.0867 2992 SftService - ok
22:45:14.0867 2992 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:45:14.0867 2992 ShellHWDetection - ok
22:45:14.0882 2992 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
22:45:14.0882 2992 SiSRaid2 - ok
22:45:14.0882 2992 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:45:14.0882 2992 SiSRaid4 - ok
22:45:14.0914 2992 [ 183F04C6742902F33039913A96F5B574 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
22:45:14.0929 2992 Skype C2C Service - ok
22:45:14.0929 2992 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:45:14.0929 2992 SkypeUpdate - ok
22:45:14.0945 2992 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:45:14.0945 2992 Smb - ok
22:45:14.0945 2992 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:45:14.0945 2992 SNMPTRAP - ok
22:45:14.0960 2992 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:45:14.0960 2992 spldr - ok
22:45:14.0960 2992 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:45:14.0960 2992 Spooler - ok
22:45:15.0007 2992 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:45:15.0023 2992 sppsvc - ok
22:45:15.0038 2992 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:45:15.0038 2992 sppuinotify - ok
22:45:15.0038 2992 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:45:15.0054 2992 srv - ok
22:45:15.0054 2992 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:45:15.0070 2992 srv2 - ok
22:45:15.0070 2992 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:45:15.0070 2992 srvnet - ok
22:45:15.0070 2992 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:45:15.0070 2992 SSDPSRV - ok
22:45:15.0085 2992 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:45:15.0085 2992 SstpSvc - ok
22:45:15.0085 2992 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
22:45:15.0085 2992 stexstor - ok
22:45:15.0101 2992 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:45:15.0101 2992 stisvc - ok
22:45:15.0101 2992 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:45:15.0101 2992 swenum - ok
22:45:15.0116 2992 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:45:15.0116 2992 swprv - ok
22:45:15.0148 2992 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:45:15.0148 2992 SysMain - ok
22:45:15.0148 2992 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:45:15.0148 2992 TabletInputService - ok
22:45:15.0163 2992 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:45:15.0163 2992 TapiSrv - ok
22:45:15.0163 2992 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:45:15.0179 2992 TBS - ok
22:45:15.0194 2992 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:45:15.0210 2992 Tcpip - ok
22:45:15.0241 2992 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:45:15.0241 2992 TCPIP6 - ok
22:45:15.0241 2992 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:45:15.0241 2992 tcpipreg - ok
22:45:15.0257 2992 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:45:15.0257 2992 TDPIPE - ok
22:45:15.0257 2992 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:45:15.0257 2992 TDTCP - ok
22:45:15.0257 2992 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:45:15.0272 2992 tdx - ok
22:45:15.0272 2992 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:45:15.0272 2992 TermDD - ok
22:45:15.0288 2992 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:45:15.0288 2992 TermService - ok
22:45:15.0288 2992 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:45:15.0304 2992 Themes - ok
22:45:15.0304 2992 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:45:15.0304 2992 THREADORDER - ok
22:45:15.0304 2992 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:45:15.0304 2992 TrkWks - ok
22:45:15.0304 2992 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:45:15.0319 2992 TrustedInstaller - ok
22:45:15.0319 2992 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:45:15.0319 2992 tssecsrv - ok
22:45:15.0319 2992 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:45:15.0335 2992 TsUsbFlt - ok
22:45:15.0335 2992 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
22:45:15.0335 2992 TsUsbGD - ok
22:45:15.0335 2992 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:45:15.0350 2992 tunnel - ok
22:45:15.0350 2992 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:45:15.0350 2992 uagp35 - ok
22:45:15.0350 2992 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:45:15.0366 2992 udfs - ok
22:45:15.0366 2992 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:45:15.0366 2992 UI0Detect - ok
22:45:15.0382 2992 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:45:15.0382 2992 uliagpkx - ok
22:45:15.0382 2992 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:45:15.0382 2992 umbus - ok
22:45:15.0397 2992 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
22:45:15.0397 2992 UmPass - ok
22:45:15.0413 2992 [ 0DFC9713D117B349E41A2A477448107A ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:45:15.0428 2992 UNS - ok
22:45:15.0428 2992 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:45:15.0428 2992 upnphost - ok
22:45:15.0444 2992 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:45:15.0444 2992 usbaudio - ok
22:45:15.0444 2992 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:45:15.0444 2992 usbccgp - ok
22:45:15.0460 2992 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:45:15.0460 2992 usbcir - ok
22:45:15.0460 2992 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:45:15.0460 2992 usbehci - ok
22:45:15.0475 2992 [ 8B892002D7B79312821169A14317AB86 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:45:15.0475 2992 usbhub - ok
22:45:15.0475 2992 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:45:15.0475 2992 usbohci - ok
22:45:15.0491 2992 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:45:15.0491 2992 usbprint - ok
22:45:15.0491 2992 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:45:15.0491 2992 USBSTOR - ok
22:45:15.0491 2992 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:45:15.0506 2992 usbuhci - ok
22:45:15.0506 2992 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
22:45:15.0506 2992 usbvideo - ok
22:45:15.0506 2992 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:45:15.0522 2992 UxSms - ok
22:45:15.0522 2992 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:45:15.0522 2992 VaultSvc - ok
22:45:15.0522 2992 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:45:15.0522 2992 vdrvroot - ok
22:45:15.0538 2992 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:45:15.0538 2992 vds - ok
22:45:15.0538 2992 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:45:15.0553 2992 vga - ok
22:45:15.0553 2992 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:45:15.0553 2992 VgaSave - ok
22:45:15.0553 2992 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:45:15.0569 2992 vhdmp - ok
22:45:15.0569 2992 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:45:15.0569 2992 viaide - ok
22:45:15.0569 2992 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:45:15.0584 2992 volmgr - ok
22:45:15.0584 2992 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:45:15.0584 2992 volmgrx - ok
22:45:15.0600 2992 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:45:15.0600 2992 volsnap - ok
22:45:15.0600 2992 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:45:15.0616 2992 vsmraid - ok
22:45:15.0647 2992 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:45:15.0662 2992 VSS - ok
22:45:15.0662 2992 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:45:15.0662 2992 vwifibus - ok
22:45:15.0678 2992 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:45:15.0678 2992 vwififlt - ok
22:45:15.0678 2992 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:45:15.0678 2992 vwifimp - ok
22:45:15.0694 2992 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:45:15.0694 2992 W32Time - ok
22:45:15.0694 2992 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:45:15.0709 2992 WacomPen - ok
22:45:15.0709 2992 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:45:15.0709 2992 WANARP - ok
22:45:15.0709 2992 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:45:15.0709 2992 Wanarpv6 - ok
22:45:15.0740 2992 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:45:15.0756 2992 WatAdminSvc - ok
22:45:15.0772 2992 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:45:15.0787 2992 wbengine - ok
22:45:15.0787 2992 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:45:15.0787 2992 WbioSrvc - ok
22:45:15.0803 2992 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:45:15.0803 2992 wcncsvc - ok
22:45:15.0818 2992 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:45:15.0818 2992 WcsPlugInService - ok
22:45:15.0818 2992 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
22:45:15.0818 2992 Wd - ok
22:45:15.0834 2992 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:45:15.0834 2992 Wdf01000 - ok
22:45:15.0850 2992 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:45:15.0850 2992 WdiServiceHost - ok
22:45:15.0850 2992 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:45:15.0850 2992 WdiSystemHost - ok
22:45:15.0865 2992 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:45:15.0865 2992 WebClient - ok
22:45:15.0865 2992 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:45:15.0881 2992 Wecsvc - ok
22:45:15.0881 2992 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:45:15.0896 2992 wercplsupport - ok
22:45:15.0896 2992 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:45:15.0896 2992 WerSvc - ok
22:45:15.0896 2992 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:45:15.0896 2992 WfpLwf - ok
22:45:15.0912 2992 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
22:45:15.0912 2992 WimFltr - ok
22:45:15.0912 2992 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:45:15.0928 2992 WIMMount - ok
22:45:15.0928 2992 WinDefend - ok
22:45:15.0928 2992 WinHttpAutoProxySvc - ok
22:45:15.0943 2992 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:45:15.0943 2992 Winmgmt - ok
22:45:15.0959 2992 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:45:15.0990 2992 WinRM - ok
22:45:15.0990 2992 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:45:16.0006 2992 WinUsb - ok
22:45:16.0021 2992 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:45:16.0021 2992 Wlansvc - ok
22:45:16.0021 2992 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:45:16.0037 2992 wlcrasvc - ok
22:45:16.0084 2992 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:45:16.0084 2992 wlidsvc - ok
22:45:16.0099 2992 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:45:16.0099 2992 WmiAcpi - ok
22:45:16.0099 2992 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:45:16.0115 2992 wmiApSrv - ok
22:45:16.0115 2992 WMPNetworkSvc - ok
22:45:16.0115 2992 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:45:16.0130 2992 WPCSvc - ok
22:45:16.0130 2992 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:45:16.0130 2992 WPDBusEnum - ok
22:45:16.0130 2992 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:45:16.0130 2992 ws2ifsl - ok
22:45:16.0146 2992 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
22:45:16.0146 2992 wscsvc - ok
22:45:16.0146 2992 WSearch - ok
22:45:16.0208 2992 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:45:16.0224 2992 wuauserv - ok
22:45:16.0224 2992 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:45:16.0224 2992 WudfPf - ok
22:45:16.0240 2992 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:45:16.0240 2992 WUDFRd - ok
22:45:16.0240 2992 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:45:16.0240 2992 wudfsvc - ok
22:45:16.0240 2992 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:45:16.0255 2992 WwanSvc - ok
22:45:16.0255 2992 [ D83C2FF7EA53E66B8EA7901D710494EA ] ZAtheros Bt&Wlan Coex Agent C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
22:45:16.0255 2992 ZAtheros Bt&Wlan Coex Agent - ok
22:45:16.0255 2992 [ A3E1CEB2AFA02268DDD6522BA24B8F0E ] ZAtheros Wlan Agent C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
22:45:16.0255 2992 ZAtheros Wlan Agent - ok
22:45:16.0271 2992 ================ Scan global ===============================
22:45:16.0271 2992 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:45:16.0271 2992 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
22:45:16.0271 2992 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
22:45:16.0286 2992 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:45:16.0286 2992 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
22:45:16.0286 2992 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
22:45:16.0286 2992 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
22:45:16.0286 2992 ================ Scan MBR ==================================
22:45:16.0286 2992 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:45:16.0396 2992 \Device\Harddisk0\DR0 - ok
22:45:16.0396 2992 ================ Scan VBR ==================================
22:45:16.0396 2992 [ AC95876AA08A3C05E8E2EA8DD5DDE729 ] \Device\Harddisk0\DR0\Partition1
22:45:16.0411 2992 \Device\Harddisk0\DR0\Partition1 - ok
22:45:16.0411 2992 [ 665A8EDDE37705192D42C74464CF4103 ] \Device\Harddisk0\DR0\Partition2
22:45:16.0411 2992 \Device\Harddisk0\DR0\Partition2 - ok
22:45:16.0411 2992 ============================================================
22:45:16.0411 2992 Scan finished
22:45:16.0411 2992 ============================================================
22:45:16.0411 5548 Detected object count: 1
22:45:16.0411 5548 Actual detected object count: 1
22:45:31.0512 5548 C:\Windows\system32\services.exe - copied to quarantine
22:45:31.0684 5548 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
22:45:31.0684 5548 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
22:45:31.0730 5548 C:\Windows\installer\{efa0dc25-f880-ccb6-fc7f-6e3ffcb7133f}\@ - copied to quarantine
22:45:31.0730 5548 C:\Windows\installer\{efa0dc25-f880-ccb6-fc7f-6e3ffcb7133f}\L\00000004.@ - copied to quarantine
22:45:36.0800 5548 Backup copy not found, trying to cure infected file..
22:45:36.0800 5548 C:\Windows\system32\services.exe - Cure failed (FFFFFFFF)
22:45:36.0800 5548 C:\Windows\system32\services.exe - processing error
22:45:36.0800 5548 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,391 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
08-Jan-2013, 08:22 AM #5
that has dealt with part of it but not all

Next step

Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Hereto your Desktop.

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on renamed combofix.exe & follow the prompts.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...
Glidds's Avatar
Glidds Glidds is offline
Member with 7 posts.
THREAD STARTER
 
Join Date: Jan 2013
08-Jan-2013, 08:40 AM #6
ComboFix 13-01-06.01 - davey 08/01/2013 23:02:06.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.12251.10055 [GMT 10.5:30]
Running from: c:\users\davey\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\RPSETUP.EXE.LOG
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\ser vices.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-08 to 2013-01-08 )))))))))))))))))))))))))))))))
.
.
2013-01-08 02:01 . 2013-01-08 02:01 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2013-01-07 23:43 . 2013-01-07 23:43 -------- dc----w- c:\windows\system32\DRVSTORE
2013-01-07 23:43 . 2013-01-07 23:43 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2013-01-07 23:43 . 2013-01-07 23:43 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2013-01-07 23:39 . 2013-01-07 23:39 -------- d-----w- c:\users\davey\AppData\Local\Sunbelt Software
2013-01-07 23:35 . 2013-01-07 23:35 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2013-01-07 23:35 . 2013-01-07 23:43 -------- d-----w- c:\programdata\Lavasoft
2013-01-07 23:35 . 2013-01-07 23:35 -------- d-----w- c:\program files (x86)\Lavasoft
2013-01-07 23:02 . 2013-01-07 23:02 -------- d-----w- c:\users\davey\AppData\Roaming\SUPERAntiSpyware.com
2013-01-07 23:02 . 2013-01-07 23:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-01-07 23:02 . 2013-01-07 23:02 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-01-07 11:15 . 2013-01-08 12:15 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-05 01:03 . 2013-01-05 01:03 -------- d-----w- c:\users\davey\AppData\Local\Dell Edoc Viewer
2013-01-02 08:23 . 2013-01-02 08:23 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2013-01-02 08:15 . 2013-01-02 08:15 224256 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
2013-01-02 03:57 . 2013-01-02 03:57 -------- d-----w- c:\program files (x86)\SockshareDownloader
2013-01-02 03:57 . 2013-01-02 03:57 -------- d-----w- c:\users\davey\AppData\Local\PutLockerDownloader
2012-12-27 02:21 . 2012-12-27 02:21 -------- d-----w- c:\program files\Vuze
2012-12-22 05:34 . 2012-12-23 04:02 -------- d-----w- c:\users\davey\AppData\Local\Torch
2012-12-21 16:30 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 16:30 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 16:30 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 16:30 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 02:23 . 2012-12-25 04:46 -------- d-----w- c:\users\davey\AppData\Roaming\BitComet
2012-12-21 02:23 . 2012-12-25 15:20 -------- d-----w- c:\program files (x86)\BitComet
2012-12-18 04:58 . 2013-01-07 23:07 -------- d-----w- c:\program files (x86)\Yontoo
2012-12-18 04:58 . 2012-12-19 21:28 -------- d-----w- c:\programdata\Tarma Installer
2012-12-18 01:20 . 2013-01-02 21:54 -------- d-----w- C:\Downloads
2012-12-18 01:19 . 2012-12-18 01:19 -------- d-----w- c:\users\davey\AppData\Roaming\BitSpirit
2012-12-18 01:19 . 2013-01-02 20:58 -------- d-----w- c:\program files (x86)\BitSpirit
2012-12-18 01:15 . 2012-12-19 21:28 -------- d-----w- c:\users\davey\AppData\Roaming\Systweak
2012-12-18 01:15 . 2012-12-10 01:31 19896 ----a-w- c:\windows\system32\roboot64.exe
2012-12-12 20:01 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 20:00 . 2012-10-04 17:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 22:25 . 2012-06-21 23:09 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-11 22:29 . 2012-06-12 10:08 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-11 22:29 . 2012-06-12 10:08 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-08 20:10 . 2011-03-13 03:20 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-11-08 20:07 . 2011-03-13 03:20 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-11-08 20:07 . 2012-06-12 10:36 177680 ----a-w- c:\windows\system32\mfevtps.exe
2012-11-08 20:06 . 2012-06-12 10:36 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-11-08 20:06 . 2011-03-13 03:20 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-11-08 20:05 . 2011-03-13 03:20 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-11-08 20:04 . 2011-03-13 03:20 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-11-08 20:04 . 2011-03-13 03:20 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-11-08 20:03 . 2011-03-13 03:20 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-10-16 08:38 . 2012-11-27 20:13 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 20:13 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 20:13 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}]
2012-11-15 17:30 244328 ----a-w- c:\program files (x86)\SockshareDownloader\smarterdownloader.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\0MediaIconsOerlay]
@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
2013-01-02 08:15 224256 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InternodeUsage"="c:\progra~2\INTERN~2\mum.exe" [2011-02-19 1361408]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-19 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-01-07 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-16 291608]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-01-19 343168]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2011-11-29 75048]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-25 1117528]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-05-12 136416]
"Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2011-05-13 144608]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\users\davey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavaso ft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscs vc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/06/12 18:30;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-11-29 248304]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-08-02 173568]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-01-21 363800]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-05-27 52320]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-11-08 106112]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-26 46176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-20 1255736]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-26 16152]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2013-01-07 69376]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-08 339776]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-01-21 235520]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [2011-12-29 106144]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-01-10 627936]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-01-21 128280]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2013-01-07 1737728]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-05-12 25824]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-08 218320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-08 177680]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2012-02-16 1695040]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-12-29 158880]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [2011-12-26 76960]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-12-29 36000]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-06 95248]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-12-29 338592]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-12-29 110752]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-12-29 30368]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-12-29 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-12-29 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-12-29 280992]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-12-29 548000]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-08 69672]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-26 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-26 787736]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2013-01-07 17152]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-08 515528]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-11-24 648808]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
*Deregistered* - CLKMDRV10_9EC60124
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 22:29]
.
2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-19 03:42]
.
2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-19 03:42]
.
2013-01-08 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 05:41]
.
2013-01-07 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 05:41]
.
2013-01-07 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3d42cf59-3a54-461f-a0fc-b20e1925a07b.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2013-01-07 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 4b7e642a-6708-451b-8e3e-5007f88eac0d.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-23 6457960]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-16 1156712]
"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-12-29 1014432]
"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-12-29 800416]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-26 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-26 2004584]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.au/
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AU&userid=0b4d8d5f-164b-45a4-a362-f06e3ab99c72&searchtype=ds&q={searchTerms}
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: samsungsetup.com\www
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-BitComet - c:\program files (x86)\BitComet\BitComet.exe
Wow6432Node-HKLM-Run-DivXMediaServer - c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
Toolbar-Locked - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_ 5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00, 79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00, \
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\06\02\13\04\05\13?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AWSC.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AWSC.exe
.
**************************************************************************
.
Completion time: 2013-01-08 23:09:24 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-08 12:39
.
Pre-Run: 1,835,909,353,472 bytes free
Post-Run: 1,835,689,930,752 bytes free
.
- - End Of File - - D4AE9428488B2A1A67D605236E0D7789
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,391 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
08-Jan-2013, 01:23 PM #7
that has cleared the zero access rootkit, now to get rid of the junk

Please download AdwCleaner to your desktop.
  • Double click the adwcleaner.exe to run the tool.
  • Click Search.
  • When the scan finished, a notepad window will be opened.
  • Please post the contents here in your topic.
  • The logfile will also be saved in C:\AdwCleaner[R1].txt.
Glidds's Avatar
Glidds Glidds is offline
Member with 7 posts.
THREAD STARTER
 
Join Date: Jan 2013
08-Jan-2013, 01:58 PM #8
# AdwCleaner v2.105 - Logfile created 01/09/2013 at 04:26:50
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : davey - DAVEYS
# Boot Mode : Normal
# Running from : C:\Users\davey\Desktop\AdwCleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Found : C:\Program Files (x86)\Yontoo
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\davey\AppData\Local\Conduit
Folder Found : C:\Users\davey\AppData\LocalLow\Conduit
Folder Found : C:\Users\davey\AppData\LocalLow\PriceGong
Folder Found : C:\Users\davey\AppData\Roaming\OpenCandy
***** [Registry] *****
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\StartSearch
Key Found : HKCU\Software\SweetIM
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\Software\SweetIM
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipk lodoedlc
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF 117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKU\S-1-5-21-1151796397-1584683153-3556608829-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AU&userid=0b4d8d5f-164b-45a4-a362-f06e3ab99c72&searchtype=ds&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AU&userid=0b4d8d5f-164b-45a4-a362-f06e3ab99c72&searchtype=ds&q={searchTerms}
-\\ Google Chrome v23.0.1271.97
File : C:\Users\davey\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [4422 octets] - [09/01/2013 04:26:50]
########## EOF - C:\AdwCleaner[R1].txt - [4482 octets] ##########
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,391 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
08-Jan-2013, 02:11 PM #9
Please run AdwCleaner again, This time press delete, It will clear the problems & then offer to reboot, please let it reboot & then post the log it makes.
The logfile will also be saved in C:\AdwCleaner[S1].txt

then tell us if you are having any problems still
Glidds's Avatar
Glidds Glidds is offline
Member with 7 posts.
THREAD STARTER
 
Join Date: Jan 2013
08-Jan-2013, 04:12 PM #10
# AdwCleaner v2.105 - Logfile created 01/09/2013 at 06:38:17
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : davey - DAVEYS
# Boot Mode : Normal
# Running from : C:\Users\davey\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\davey\AppData\Local\Conduit
Folder Deleted : C:\Users\davey\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\davey\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\davey\AppData\Roaming\OpenCandy
***** [Registry] *****
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\SweetIM
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipk lodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF 117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AU&userid=0b4d8d5f-164b-45a4-a362-f06e3ab99c72&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AU&userid=0b4d8d5f-164b-45a4-a362-f06e3ab99c72&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
-\\ Google Chrome v23.0.1271.97
File : C:\Users\davey\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [4543 octets] - [09/01/2013 04:26:50]
AdwCleaner[S1].txt - [4495 octets] - [09/01/2013 06:38:17]
########## EOF - C:\AdwCleaner[S1].txt - [4555 octets] ##########


the warning about the trojan has stopped appearing with mcafee so it has definatly done something.

Cheers for your help bud. I guess programmers are alright after all :P
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,391 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
09-Jan-2013, 04:57 AM #11
*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click START then RUN
* Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.


This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

and scan here http://secunia.com/vulnerability_scanning/personal for out of date & vulnerable common applications on your computer and update whatever it suggests. Download & use the PSI version ( not the OSI, in your browser java version) as I no longer recommend having Java installed on the computer at all, unless it is absolutely necessary, because of the too high risk of malware infiltration

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
Glidds's Avatar
Glidds Glidds is offline
Member with 7 posts.
THREAD STARTER
 
Join Date: Jan 2013
09-Jan-2013, 05:43 AM #12
Thank heaps mate, it's a friends copmputer so I will have to setup some scheduled scans etc. No doubt it will be on my workbench again in a few months haha. Viruses are usually easy for me but this one had me stumped

You've been a great help mate, much appreciated.

thankyou!
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,391 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
09-Jan-2013, 06:13 AM #13
the best thing you can do for him/her is set him/her up with a standard user account & make sure he only uses that on a day to day basis & elevates to the admin account when he needs to install anything
That will protect against 99% of future problems
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑