Inactive [A] Svchost.exe trojan

Status
Not open for further replies.
D

Dawn Barrientos

Posts: 7   +0
I have two trojans that I can not get rid of.

here is the malwarebyte log:


[FONT=Calibri]Malwarebytes Anti-Malware 1.65.0.1400[/FONT]

[FONT=Calibri]www.malwarebytes.org[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Database version: v2012.10.17.08[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Windows 7 Service Pack 1 x64 NTFS[/FONT]

[FONT=Calibri]Internet Explorer 9.0.8112.16421[/FONT]

[FONT=Calibri]Dawn Barrientos :: FAMILYROOM2 [administrator][/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]10/21/2012 2:00:27 PM[/FONT]

[FONT=Calibri]mbam-log-2012-10-21 (14-00-27).txt[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Scan type: Quick scan[/FONT]

[FONT=Calibri]Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM[/FONT]

[FONT=Calibri]Scan options disabled: P2P[/FONT]

[FONT=Calibri]Objects scanned: 206083[/FONT]

[FONT=Calibri]Time elapsed: 6 minute(s), 10 second(s)[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Memory Processes Detected: 0[/FONT]

[FONT=Calibri](No malicious items detected)[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Memory Modules Detected: 0[/FONT]

[FONT=Calibri](No malicious items detected)[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Registry Keys Detected: 1[/FONT]

[FONT=Calibri]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> No action taken.[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Registry Values Detected: 0[/FONT]

[FONT=Calibri](No malicious items detected)[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Registry Data Items Detected: 0[/FONT]

[FONT=Calibri](No malicious items detected)[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Folders Detected: 0[/FONT]

[FONT=Calibri](No malicious items detected)[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Files Detected: 2[/FONT]

[FONT=Calibri]C:\Users\Dawn Barrientos\AppData\Local\Temp\0.5076059889112969 (Trojan.Happili) -> Quarantined and deleted successfully.[/FONT]

[FONT=Calibri]C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri](end)[/FONT]
 
There was no GMER Log
here is the first DDS log:

[FONT=Calibri]DDS (Ver_2012-10-19.01) - NTFS_AMD64 [/FONT]

[FONT=Calibri]Internet Explorer: 9.0.8112.16421[/FONT]

[FONT=Calibri]Run by Dawn Barrientos at 18:28:52 on 2012-10-21[/FONT]

[FONT=Calibri]Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4506 [GMT -5:00][/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]AV: Emsisoft Anti-Malware *Disabled/Outdated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}[/FONT]

[FONT=Calibri]AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}[/FONT]

[FONT=Calibri]AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}[/FONT]

[FONT=Calibri]SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}[/FONT]

[FONT=Calibri]SP: Emsisoft Anti-Malware *Disabled/Outdated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}[/FONT]

[FONT=Calibri]SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}[/FONT]

[FONT=Calibri]SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}[/FONT]

[FONT=Calibri]FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}[/FONT]

[FONT=Calibri]FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]============== Running Processes ===============[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]C:\Windows\system32\wininit.exe[/FONT]

[FONT=Calibri]C:\Windows\system32\lsm.exe[/FONT]

[FONT=Calibri]C:\Windows\system32\svchost.exe -k DcomLaunch[/FONT]

[FONT=Calibri]C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[/FONT]

[FONT=Calibri]C:\Windows\system32\svchost.exe -k RPCSS[/FONT]

[FONT=Calibri]C:\Windows\system32\atiesrxx.exe[/FONT]

[FONT=Calibri]C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted[/FONT]

[FONT=Calibri]C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted[/FONT]

[FONT=Calibri]C:\Windows\system32\svchost.exe -k netsvcs[/FONT]

[FONT=Calibri]C:\Windows\system32\svchost.exe -k LocalService[/FONT]

[FONT=Calibri]C:\Windows\system32\atieclxx.exe[/FONT]

[FONT=Calibri]C:\Windows\system32\svchost.exe -k NetworkService[/FONT]

[FONT=Calibri]C:\Windows\System32\spoolsv.exe[/FONT]

[FONT=Calibri]C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork[/FONT]

[FONT=Calibri]C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[/FONT]

[FONT=Calibri]C:\Program Files\Bonjour\mDNSResponder.exe[/FONT]

[FONT=Calibri]C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[/FONT]

[FONT=Calibri]c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe[/FONT]

[FONT=Calibri]C:\Windows\system32\mfevtps.exe[/FONT]

[FONT=Calibri]C:\Program Files\Microsoft LifeCam\MSCamS64.exe[/FONT]

[FONT=Calibri]C:\Windows\system32\rundll32.exe[/FONT]

[FONT=Calibri]C:\Windows\system32\rundll32.exe[/FONT]

[FONT=Calibri]C:\Windows\SysWOW64\rundll32.exe[/FONT]

[FONT=Calibri]C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.0.0.125\ccSvcHst.exe[/FONT]

[FONT=Calibri]C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[/FONT]

[FONT=Calibri]C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[/FONT]

[FONT=Calibri]C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[/FONT]

[FONT=Calibri]C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe[/FONT]

[FONT=Calibri]C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[/FONT]

[FONT=Calibri]C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[/FONT]

[FONT=Calibri]C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[/FONT]

[FONT=Calibri]C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[/FONT]

[FONT=Calibri]C:\Windows\system32\WUDFHost.exe[/FONT]

[FONT=Calibri]C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted[/FONT]

[FONT=Calibri]C:\Windows\system32\taskhost.exe[/FONT]

[FONT=Calibri]C:\Windows\system32\taskeng.exe[/FONT]

[FONT=Calibri]C:\Windows\system32\Dwm.exe[/FONT]

[FONT=Calibri]C:\Windows\Explorer.EXE[/FONT]

[FONT=Calibri]C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[/FONT]

[FONT=Calibri]C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[/FONT]

[FONT=Calibri]C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[/FONT]

[FONT=Calibri]C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[/FONT]

[FONT=Calibri]C:\Windows\System32\rundll32.exe[/FONT]

[FONT=Calibri]C:\Windows\SysWOW64\rundll32.exe[/FONT]

[FONT=Calibri]C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[/FONT]

[FONT=Calibri]C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe[/FONT]

[FONT=Calibri]C:\Program Files (x86)\iTunes\iTunesHelper.exe[/FONT]

[FONT=Calibri]C:\Program Files\McAfee.com\Agent\mcagent.exe[/FONT]

[FONT=Calibri]c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[/FONT]

[FONT=Calibri]C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation[/FONT]

[FONT=Calibri]C:\Program Files\iPod\bin\iPodService.exe[/FONT]

[FONT=Calibri]C:\Windows\system32\SearchIndexer.exe[/FONT]

[FONT=Calibri]C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[/FONT]

[FONT=Calibri]C:\Program Files\Windows Media Player\wmpnetwk.exe[/FONT]

[FONT=Calibri]C:\Program Files (x86)\Internet Explorer\iexplore.exe[/FONT]

[FONT=Calibri]C:\Program Files (x86)\Internet Explorer\iexplore.exe[/FONT]

[FONT=Calibri]C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[/FONT]

[FONT=Calibri]C:\Program Files (x86)\Nero\Update\NASvc.exe[/FONT]

[FONT=Calibri]C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[/FONT]

[FONT=Calibri]C:\Windows\system32\wuauclt.exe[/FONT]

[FONT=Calibri]C:\Program Files\Common Files\McAfee\Core\mchost.exe[/FONT]

[FONT=Calibri]C:\Program Files (x86)\Internet Explorer\iexplore.exe[/FONT]

[FONT=Calibri]C:\Windows\system32\SearchProtocolHost.exe[/FONT]

[FONT=Calibri]C:\Windows\system32\SearchFilterHost.exe[/FONT]

[FONT=Calibri]C:\Windows\system32\conhost.exe[/FONT]

[FONT=Calibri]C:\Windows\system32\wbem\wmiprvse.exe[/FONT]

[FONT=Calibri]C:\Windows\System32\cscript.exe[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]============== Pseudo HJT Report ===============[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]uStart Page = hxxp://www.ask.com/?l=dis&o=2159&gct=hp[/FONT]

[FONT=Calibri]uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll[/FONT]

[FONT=Calibri]BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll[/FONT]

[FONT=Calibri]BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.0.0.125\CoIEPlg.dll[/FONT]

[FONT=Calibri]BHO: {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - <orphaned>[/FONT]

[FONT=Calibri]BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.0.0.125\IPS\IPSBHO.dll[/FONT]

[FONT=Calibri]BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll[/FONT]

[FONT=Calibri]BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll[/FONT]

[FONT=Calibri]BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll[/FONT]

[FONT=Calibri]BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll[/FONT]

[FONT=Calibri]TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.0.0.125\CoIEPlg.dll[/FONT]

[FONT=Calibri]TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll[/FONT]

[FONT=Calibri]EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll[/FONT]

[FONT=Calibri]uRun: [Facebook Update] "C:\Users\Dawn Barrientos\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver[/FONT]

[FONT=Calibri]uRun: [APN] rundll32.exe "C:\Users\Dawn Barrientos\AppData\Local\Apple\APN\rsdbkta.dll",fltInfoW[/FONT]

[FONT=Calibri]mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun[/FONT]

[FONT=Calibri]mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"[/FONT]

[FONT=Calibri]mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"[/FONT]

[FONT=Calibri]mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900[/FONT]

[FONT=Calibri]mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup[/FONT]

[FONT=Calibri]mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"[/FONT]

[FONT=Calibri]mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey[/FONT]

[FONT=Calibri]mPolicies-Explorer: NoActiveDesktop = dword:1[/FONT]

[FONT=Calibri]mPolicies-System: ConsentPromptBehaviorAdmin = dword:5[/FONT]

[FONT=Calibri]mPolicies-System: ConsentPromptBehaviorUser = dword:3[/FONT]

[FONT=Calibri]mPolicies-System: EnableUIADesktopToggle = dword:0[/FONT]

[FONT=Calibri]IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000[/FONT]

[FONT=Calibri]IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll[/FONT]

[FONT=Calibri]IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll[/FONT]

[FONT=Calibri]IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll[/FONT]

[FONT=Calibri]IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}[/FONT]

[FONT=Calibri]DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab[/FONT]

[FONT=Calibri]TCP: NameServer = 192.168.1.1[/FONT]

[FONT=Calibri]TCP: Interfaces\{BBE108C0-5B9E-40F4-88A9-995CB0FA1784} : DHCPNameServer = 192.168.1.1[/FONT]

[FONT=Calibri]TCP: Interfaces\{C649B165-49C4-4FF1-B8E2-F2E2B2AA0C03} : DHCPNameServer = 192.168.1.1[/FONT]

[FONT=Calibri]Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll[/FONT]

[FONT=Calibri]Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll[/FONT]

[FONT=Calibri]Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll[/FONT]

[FONT=Calibri]Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll[/FONT]

[FONT=Calibri]Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll[/FONT]

[FONT=Calibri]Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll[/FONT]

[FONT=Calibri]Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll[/FONT]

[FONT=Calibri]SSODL: WebCheck - <orphaned>[/FONT]

[FONT=Calibri]LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp[/FONT]

[FONT=Calibri]x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll[/FONT]

[FONT=Calibri]x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll[/FONT]

[FONT=Calibri]x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll[/FONT]

[FONT=Calibri]x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll[/FONT]

[FONT=Calibri]x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s[/FONT]

[FONT=Calibri]x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab[/FONT]

[FONT=Calibri]x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab[/FONT]

[FONT=Calibri]x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab[/FONT]

[FONT=Calibri]x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll[/FONT]

[FONT=Calibri]x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>[/FONT]

[FONT=Calibri]x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll[/FONT]

[FONT=Calibri]x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll[/FONT]

[FONT=Calibri]x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>[/FONT]

[FONT=Calibri]x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>[/FONT]

[FONT=Calibri]x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>[/FONT]

[FONT=Calibri]x64-SSODL: WebCheck - <orphaned>[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]============= SERVICES / DRIVERS ===============[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-6-22 752672][/FONT]

[FONT=Calibri]R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-6-22 335784][/FONT]

[FONT=Calibri]R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-11-10 55856][/FONT]

[FONT=Calibri]R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0500000.07D\SymDS64.sys [2012-3-1 450608][/FONT]

[FONT=Calibri]R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0500000.07D\SymEFA64.sys [2012-3-1 802864][/FONT]

[FONT=Calibri]R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2012-5-3 23208][/FONT]

[FONT=Calibri]R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2012-5-3 41728][/FONT]

[FONT=Calibri]R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2012-5-3 14720][/FONT]

[FONT=Calibri]R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSviA64.sys [2012-3-1 476792][/FONT]

[FONT=Calibri]R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0500000.07D\Ironx64.sys [2012-3-1 171128][/FONT]

[FONT=Calibri]R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\0500000.07D\symnets.sys [2012-3-1 382072][/FONT]

[FONT=Calibri]R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904][/FONT]

[FONT=Calibri]R2 a2AntiMalware;Emsisoft Anti-Malware 6.5 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-5-3 3065120][/FONT]

[FONT=Calibri]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-11-10 202752][/FONT]

[FONT=Calibri]R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-10-9 173568][/FONT]

[FONT=Calibri]R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376][/FONT]

[FONT=Calibri]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [2012-9-23 103440][/FONT]

[FONT=Calibri]R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-3 201304][/FONT]

[FONT=Calibri]R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-3 201304][/FONT]

[FONT=Calibri]R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-9-23 237920][/FONT]

[FONT=Calibri]R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-9-23 218320][/FONT]

[FONT=Calibri]R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-9-23 177144][/FONT]

[FONT=Calibri]R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.0.0.125\ccSvcHst.exe [2012-3-1 130000][/FONT]

[FONT=Calibri]R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400][/FONT]

[FONT=Calibri]R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000][/FONT]

[FONT=Calibri]R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-11-10 1692480][/FONT]

[FONT=Calibri]R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2012-5-3 63880][/FONT]

[FONT=Calibri]R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-11-10 320040][/FONT]

[FONT=Calibri]R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-9-23 300392][/FONT]

[FONT=Calibri]R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-9-23 513456][/FONT]

[FONT=Calibri]R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720][/FONT]

[FONT=Calibri]R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr28ux.sys [2009-9-15 1061888][/FONT]

[FONT=Calibri]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920][/FONT]

[FONT=Calibri]S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [2012-3-1 953904][/FONT]

[FONT=Calibri]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384][/FONT]

[FONT=Calibri]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576][/FONT]

[FONT=Calibri]S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-11 136176][/FONT]

[FONT=Calibri]S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-3 201304][/FONT]

[FONT=Calibri]S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632][/FONT]

[FONT=Calibri]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944][/FONT]

[FONT=Calibri]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-12 250808][/FONT]

[FONT=Calibri]S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-9-23 69672][/FONT]

[FONT=Calibri]S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800][/FONT]

[FONT=Calibri]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072][/FONT]

[FONT=Calibri]S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-11 136176][/FONT]

[FONT=Calibri]S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-9-25 196440][/FONT]

[FONT=Calibri]S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-9-23 106112][/FONT]

[FONT=Calibri]S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-8-17 25584][/FONT]

[FONT=Calibri]S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656][/FONT]

[FONT=Calibri]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392][/FONT]

[FONT=Calibri]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232][/FONT]

[FONT=Calibri]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736][/FONT]

[FONT=Calibri]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-1 1255736][/FONT]

[FONT=Calibri]S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-13 23040][/FONT]

[FONT=Calibri]S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088][/FONT]

[FONT=Calibri]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184][/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]=============== Created Last 30 ================[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]2012-10-19 15:15:17 -------- d-----w- C:\rei[/FONT]

[FONT=Calibri]2012-10-19 15:15:17 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69[/FONT]

[FONT=Calibri]2012-10-19 15:15:03 -------- d-----w- C:\Program Files (x86)\BabylonToolbar[/FONT]

[FONT=Calibri]2012-10-19 15:14:54 -------- d-----w- C:\Program Files\Reimage[/FONT]

[FONT=Calibri]2012-10-15 00:13:06 -------- d-----w- C:\Users\Dawn Barrientos\AppData\Local\{0BB45123-9394-4D5B-90DF-84A244A7E36A}[/FONT]

[FONT=Calibri]2012-10-14 01:51:53 -------- d-----w- C:\Users\Dawn Barrientos\AppData\Local\{710BD934-5BAD-427D-ACB7-B6F5551255B0}[/FONT]

[FONT=Calibri]2012-10-10 23:52:27 5632 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\6EAB.tmp[/FONT]

[FONT=Calibri]2012-10-10 23:52:27 5632 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\6EAA.tmp[/FONT]

[FONT=Calibri]2012-10-10 10:24:03 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys[/FONT]

[FONT=Calibri]2012-10-10 10:22:50 715776 ----a-w- C:\Windows\System32\kerberos.dll[/FONT]

[FONT=Calibri]2012-10-10 10:22:50 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll[/FONT]

[FONT=Calibri]2012-10-10 10:22:42 184320 ----a-w- C:\Windows\System32\cryptsvc.dll[/FONT]

[FONT=Calibri]2012-10-10 10:22:42 1464320 ----a-w- C:\Windows\System32\crypt32.dll[/FONT]

[FONT=Calibri]2012-10-10 10:22:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll[/FONT]

[FONT=Calibri]2012-10-10 10:22:42 140288 ----a-w- C:\Windows\System32\cryptnet.dll[/FONT]

[FONT=Calibri]2012-10-10 10:22:42 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll[/FONT]

[FONT=Calibri]2012-10-10 10:22:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll[/FONT]

[FONT=Calibri]2012-10-07 23:49:30 -------- d-----w- C:\Users\Dawn Barrientos\AppData\Roaming\WildTangent[/FONT]

[FONT=Calibri]2012-09-26 03:28:54 196440 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys[/FONT]

[FONT=Calibri]2012-09-25 23:00:08 -------- d-----w- C:\Users\Dawn Barrientos\AppData\Local\APN[/FONT]

[FONT=Calibri]2012-09-25 20:46:35 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe[/FONT]

[FONT=Calibri]2012-09-24 00:28:16 -------- d-----w- C:\Program Files (x86)\McAfee.com[/FONT]

[FONT=Calibri]2012-09-24 00:28:08 10288 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys[/FONT]

[FONT=Calibri]2012-09-24 00:28:05 69672 ----a-w- C:\Windows\System32\drivers\cfwids.sys[/FONT]

[FONT=Calibri]2012-09-24 00:28:05 513456 ----a-w- C:\Windows\System32\drivers\mfefirek.sys[/FONT]

[FONT=Calibri]2012-09-24 00:28:05 300392 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys[/FONT]

[FONT=Calibri]2012-09-24 00:28:05 106112 ----a-w- C:\Windows\System32\drivers\mferkdet.sys[/FONT]

[FONT=Calibri]2012-09-24 00:27:58 -------- d-----w- C:\Program Files\Common Files\McAfee[/FONT]

[FONT=Calibri]2012-09-24 00:27:47 -------- d-----w- C:\Program Files\McAfee.com[/FONT]

[FONT=Calibri]2012-09-24 00:27:47 -------- d-----w- C:\Program Files\McAfee[/FONT]

[FONT=Calibri]2012-09-24 00:21:52 177144 ----a-w- C:\Windows\System32\mfevtps.exe[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]==================== Find3M ====================[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]2012-10-08 22:54:06 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl[/FONT]

[FONT=Calibri]2012-10-08 22:54:06 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe[/FONT]

[FONT=Calibri]2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll[/FONT]

[FONT=Calibri]2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll[/FONT]

[FONT=Calibri]2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll[/FONT]

[FONT=Calibri]2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll[/FONT]

[FONT=Calibri]2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll[/FONT]

[FONT=Calibri]2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll[/FONT]

[FONT=Calibri]2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl[/FONT]

[FONT=Calibri]2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe[/FONT]

[FONT=Calibri]2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll[/FONT]

[FONT=Calibri]2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb[/FONT]

[FONT=Calibri]2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll[/FONT]

[FONT=Calibri]2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll[/FONT]

[FONT=Calibri]2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl[/FONT]

[FONT=Calibri]2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe[/FONT]

[FONT=Calibri]2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll[/FONT]

[FONT=Calibri]2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb[/FONT]

[FONT=Calibri]2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys[/FONT]

[FONT=Calibri]2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys[/FONT]

[FONT=Calibri]2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys[/FONT]

[FONT=Calibri]2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS[/FONT]

[FONT=Calibri]2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll[/FONT]

[FONT=Calibri]2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll[/FONT]

[FONT=Calibri]2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll[/FONT]

[FONT=Calibri]2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll[/FONT]

[FONT=Calibri]2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll[/FONT]

[FONT=Calibri]2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll[/FONT]

[FONT=Calibri]2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe[/FONT]

[FONT=Calibri]2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll[/FONT]

[FONT=Calibri]2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll[/FONT]

[FONT=Calibri]2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe[/FONT]

[FONT=Calibri]2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll[/FONT]

[FONT=Calibri]2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll[/FONT]

[FONT=Calibri]2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe[/FONT]

[FONT=Calibri]2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe[/FONT]

[FONT=Calibri]2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll[/FONT]

[FONT=Calibri]2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll[/FONT]

[FONT=Calibri]2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll[/FONT]

[FONT=Calibri]2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll[/FONT]

[FONT=Calibri]2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll[/FONT]

[FONT=Calibri]2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]============= FINISH: 18:29:19.25 ===============[/FONT]
 
Here is the next DDS log:


[FONT=Calibri] [/FONT]

[FONT=Calibri]UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.[/FONT]

[FONT=Calibri]IF REQUESTED, ZIP IT UP & ATTACH IT[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]DDS (Ver_2012-10-19.01)[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]Microsoft Windows 7 Home Premium [/FONT]

[FONT=Calibri]Boot Device: \Device\HarddiskVolume2[/FONT]

[FONT=Calibri]Install Date: 11/29/2011 10:59:20 PM[/FONT]

[FONT=Calibri]System Uptime: 10/21/2012 2:35:13 PM (4 hours ago)[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]Motherboard: Dell Inc. | | 04GJJT[/FONT]

[FONT=Calibri]Processor: AMD Athlon(tm) II X4 645 Processor | CPU 1 | 3100/200mhz[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]==== Disk Partitions =========================[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]C: is FIXED (NTFS) - 917 GiB total, 770.455 GiB free.[/FONT]

[FONT=Calibri]D: is CDROM (UDF)[/FONT]

[FONT=Calibri]E: is Removable[/FONT]

[FONT=Calibri]F: is Removable[/FONT]

[FONT=Calibri]G: is Removable[/FONT]

[FONT=Calibri]H: is Removable[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]==== Disabled Device Manager Items =============[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}[/FONT]

[FONT=Calibri]Description: BHDrvx64[/FONT]

[FONT=Calibri]Device ID: ROOT\LEGACY_BHDRVX64\0000[/FONT]

[FONT=Calibri]Manufacturer: [/FONT]

[FONT=Calibri]Name: BHDrvx64[/FONT]

[FONT=Calibri]PNP Device ID: ROOT\LEGACY_BHDRVX64\0000[/FONT]

[FONT=Calibri]Service: BHDrvx64[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}[/FONT]

[FONT=Calibri]Description: McAfee Inc. mfeapfk[/FONT]

[FONT=Calibri]Device ID: ROOT\LEGACY_MFEAPFK\0000[/FONT]

[FONT=Calibri]Manufacturer: [/FONT]

[FONT=Calibri]Name: McAfee Inc. mfeapfk[/FONT]

[FONT=Calibri]PNP Device ID: ROOT\LEGACY_MFEAPFK\0000[/FONT]

[FONT=Calibri]Service: mfeapfk[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]==== System Restore Points ===================[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]RP169: 10/17/2012 3:00:18 AM - Windows Update[/FONT]

[FONT=Calibri]RP170: 10/18/2012 3:00:36 AM - Windows Update[/FONT]

[FONT=Calibri]RP171: 10/19/2012 3:00:11 AM - Windows Update[/FONT]

[FONT=Calibri]RP172: 10/19/2012 9:16:07 PM - Windows Update[/FONT]

[FONT=Calibri]RP173: 10/20/2012 3:00:13 AM - Windows Update[/FONT]

[FONT=Calibri]RP174: 10/21/2012 3:00:15 AM - Windows Update[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]==== Installed Programs ======================[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri] Update for Microsoft Office 2007 (KB2508958)[/FONT]

[FONT=Calibri]Accidental Damage Services Agreement[/FONT]

[FONT=Calibri]Adobe AIR[/FONT]

[FONT=Calibri]Adobe Flash Player 11 ActiveX[/FONT]

[FONT=Calibri]Adobe Reader X MUI[/FONT]

[FONT=Calibri]Adobe Shockwave Player 11.6[/FONT]

[FONT=Calibri]Amazon Unbox Video[/FONT]

[FONT=Calibri]Apple Application Support[/FONT]

[FONT=Calibri]Apple Mobile Device Support[/FONT]

[FONT=Calibri]Apple Software Update[/FONT]

[FONT=Calibri]ATI Catalyst Control Center[/FONT]

[FONT=Calibri]Bejeweled 2 Deluxe[/FONT]

[FONT=Calibri]Blackhawk Striker 2[/FONT]

[FONT=Calibri]Blio[/FONT]

[FONT=Calibri]Bonjour[/FONT]

[FONT=Calibri]Bounce Symphony[/FONT]

[FONT=Calibri]Build-a-lot 2[/FONT]

[FONT=Calibri]Cake Mania[/FONT]

[FONT=Calibri]Canon MP495 series MP Drivers[/FONT]

[FONT=Calibri]Catalyst Control Center - Branding[/FONT]

[FONT=Calibri]Catalyst Control Center Core Implementation[/FONT]

[FONT=Calibri]Catalyst Control Center Graphics Full Existing[/FONT]

[FONT=Calibri]Catalyst Control Center Graphics Full New[/FONT]

[FONT=Calibri]Catalyst Control Center Graphics Light[/FONT]

[FONT=Calibri]Catalyst Control Center Graphics Previews Common[/FONT]

[FONT=Calibri]Catalyst Control Center Graphics Previews Vista[/FONT]

[FONT=Calibri]Catalyst Control Center InstallProxy[/FONT]

[FONT=Calibri]Catalyst Control Center Localization All[/FONT]

[FONT=Calibri]ccc-core-static[/FONT]

[FONT=Calibri]ccc-utility64[/FONT]

[FONT=Calibri]CCC Help Chinese Standard[/FONT]

[FONT=Calibri]CCC Help Chinese Traditional[/FONT]

[FONT=Calibri]CCC Help Czech[/FONT]

[FONT=Calibri]CCC Help Danish[/FONT]

[FONT=Calibri]CCC Help Dutch[/FONT]

[FONT=Calibri]CCC Help English[/FONT]

[FONT=Calibri]CCC Help Finnish[/FONT]

[FONT=Calibri]CCC Help French[/FONT]

[FONT=Calibri]CCC Help German[/FONT]

[FONT=Calibri]CCC Help Greek[/FONT]

[FONT=Calibri]CCC Help Hungarian[/FONT]

[FONT=Calibri]CCC Help Italian[/FONT]

[FONT=Calibri]CCC Help Japanese[/FONT]

[FONT=Calibri]CCC Help Korean[/FONT]

[FONT=Calibri]CCC Help Norwegian[/FONT]

[FONT=Calibri]CCC Help Polish[/FONT]

[FONT=Calibri]CCC Help Portuguese[/FONT]

[FONT=Calibri]CCC Help Russian[/FONT]

[FONT=Calibri]CCC Help Spanish[/FONT]

[FONT=Calibri]CCC Help Swedish[/FONT]

[FONT=Calibri]CCC Help Thai[/FONT]

[FONT=Calibri]CCC Help Turkish[/FONT]

[FONT=Calibri]CCleaner[/FONT]

[FONT=Calibri]Chuzzle Deluxe[/FONT]

[FONT=Calibri]Comcast Desktop Software (v1.2.1)[/FONT]

[FONT=Calibri]Consumer In-Home Service Agreement[/FONT]

[FONT=Calibri]Cozi[/FONT]

[FONT=Calibri]D3DX10[/FONT]

[FONT=Calibri]Dell DataSafe Local Backup[/FONT]

[FONT=Calibri]Dell DataSafe Local Backup - Support Software[/FONT]

[FONT=Calibri]Dell DataSafe Online[/FONT]

[FONT=Calibri]Dell Digital Delivery[/FONT]

[FONT=Calibri]Dell Edoc Viewer[/FONT]

[FONT=Calibri]Dell Getting Started Guide[/FONT]

[FONT=Calibri]Dell MusicStage[/FONT]

[FONT=Calibri]Dell PhotoStage[/FONT]

[FONT=Calibri]Dell Stage[/FONT]

[FONT=Calibri]Dell Support Center[/FONT]

[FONT=Calibri]Dell VideoStage [/FONT]

[FONT=Calibri]Diner Dash 2 Restaurant Rescue[/FONT]

[FONT=Calibri]DirectX 9 Runtime[/FONT]

[FONT=Calibri]Dora's World Adventure[/FONT]

[FONT=Calibri]eBay[/FONT]

[FONT=Calibri]Emsisoft Anti-Malware[/FONT]

[FONT=Calibri]Escape Whisper Valley (TM)[/FONT]

[FONT=Calibri]Facebook Video Calling 1.2.0.159[/FONT]

[FONT=Calibri]Family Tree Maker 2011[/FONT]

[FONT=Calibri]Farm Frenzy[/FONT]

[FONT=Calibri]FATE[/FONT]

[FONT=Calibri]Final Drive Fury[/FONT]

[FONT=Calibri]Final Drive Nitro[/FONT]

[FONT=Calibri]Firebird SQL Server - MAGIX Edition[/FONT]

[FONT=Calibri]Google Chrome[/FONT]

[FONT=Calibri]Google Update Helper[/FONT]

[FONT=Calibri]High-Definition Video Playback[/FONT]

[FONT=Calibri]iTunes[/FONT]

[FONT=Calibri]Java Auto Updater[/FONT]

[FONT=Calibri]Java(TM) 6 Update 27[/FONT]

[FONT=Calibri]Java(TM) 6 Update 27 (64-bit)[/FONT]

[FONT=Calibri]Jewel Quest[/FONT]

[FONT=Calibri]Jewel Quest Solitaire 2[/FONT]

[FONT=Calibri]Junk Mail filter update[/FONT]

[FONT=Calibri]Luxor[/FONT]

[FONT=Calibri]magicJack[/FONT]

[FONT=Calibri]MAGIX 3D Maker (embedded MSI)[/FONT]

[FONT=Calibri]MAGIX PhotoStory on CD & DVD 9 deluxe Download Version[/FONT]

[FONT=Calibri]MAGIX Screenshare[/FONT]

[FONT=Calibri]MAGIX Speed 2 (MSI)[/FONT]

[FONT=Calibri]MAGIX Xtreme Photo Designer 6[/FONT]

[FONT=Calibri]Malwarebytes Anti-Malware version 1.62.0.1300[/FONT]

[FONT=Calibri]McAfee SecurityCenter[/FONT]

[FONT=Calibri]Mesh Runtime[/FONT]

[FONT=Calibri]Microsoft .NET Framework 4 Client Profile[/FONT]

[FONT=Calibri]Microsoft .NET Framework 4 Extended[/FONT]

[FONT=Calibri]Microsoft Application Error Reporting[/FONT]

[FONT=Calibri]Microsoft Corporation[/FONT]

[FONT=Calibri]Microsoft LifeCam[/FONT]

[FONT=Calibri]Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]

[FONT=Calibri]Microsoft Office Excel MUI (English) 2007[/FONT]

[FONT=Calibri]Microsoft Office File Validation Add-In[/FONT]

[FONT=Calibri]Microsoft Office Home and Student 2007[/FONT]

[FONT=Calibri]Microsoft Office Office 64-bit Components 2007[/FONT]

[FONT=Calibri]Microsoft Office OneNote MUI (English) 2007[/FONT]

[FONT=Calibri]Microsoft Office PowerPoint MUI (English) 2007[/FONT]

[FONT=Calibri]Microsoft Office Proof (English) 2007[/FONT]

[FONT=Calibri]Microsoft Office Proof (French) 2007[/FONT]

[FONT=Calibri]Microsoft Office Proof (Spanish) 2007[/FONT]

[FONT=Calibri]Microsoft Office Proofing (English) 2007[/FONT]

[FONT=Calibri]Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)[/FONT]

[FONT=Calibri]Microsoft Office Shared 64-bit MUI (English) 2007[/FONT]

[FONT=Calibri]Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007[/FONT]

[FONT=Calibri]Microsoft Office Shared MUI (English) 2007[/FONT]

[FONT=Calibri]Microsoft Office Shared Setup Metadata MUI (English) 2007[/FONT]

[FONT=Calibri]Microsoft Office Word MUI (English) 2007[/FONT]

[FONT=Calibri]Microsoft Primary Interoperability Assemblies 2005[/FONT]

[FONT=Calibri]Microsoft Silverlight[/FONT]

[FONT=Calibri]Microsoft SQL Server 2005 Compact Edition [ENU][/FONT]

[FONT=Calibri]Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053[/FONT]

[FONT=Calibri]Microsoft Visual C++ 2005 Redistributable[/FONT]

[FONT=Calibri]Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022[/FONT]

[FONT=Calibri]Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729[/FONT]

[FONT=Calibri]Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17[/FONT]

[FONT=Calibri]Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148[/FONT]

[FONT=Calibri]Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161[/FONT]

[FONT=Calibri]Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319[/FONT]

[FONT=Calibri]Microsoft WSE 3.0 Runtime[/FONT]

[FONT=Calibri]MSVCRT[/FONT]

[FONT=Calibri]MSVCRT_amd64[/FONT]

[FONT=Calibri]MSXML 4.0 SP2 (KB954430)[/FONT]

[FONT=Calibri]MSXML 4.0 SP2 (KB973688)[/FONT]

[FONT=Calibri]Namco All-Stars PAC-MAN[/FONT]

[FONT=Calibri]Nero 10 Movie ThemePack Basic[/FONT]

[FONT=Calibri]Nero Control Center 10[/FONT]

[FONT=Calibri]Nero ControlCenter 10 Help (CHM)[/FONT]

[FONT=Calibri]Nero Core Components 10[/FONT]

[FONT=Calibri]Nero Update[/FONT]

[FONT=Calibri]Norton Security Suite[/FONT]

[FONT=Calibri]Penguins![/FONT]

[FONT=Calibri]PhotoShowExpress[/FONT]

[FONT=Calibri]Plants vs. Zombies - Game of the Year[/FONT]

[FONT=Calibri]PlayReady PC Runtime x86[/FONT]

[FONT=Calibri]Poker Superstars III[/FONT]

[FONT=Calibri]Polar Bowler[/FONT]

[FONT=Calibri]Polar Golfer[/FONT]

[FONT=Calibri]QualxServ Service Agreement[/FONT]

[FONT=Calibri]RBVirtualFolder64Inst[/FONT]

[FONT=Calibri]Realtek High Definition Audio Driver[/FONT]

[FONT=Calibri]Roxio Activation Module[/FONT]

[FONT=Calibri]Roxio BackOnTrack[/FONT]

[FONT=Calibri]Roxio Burn[/FONT]

[FONT=Calibri]Roxio Creator Starter[/FONT]

[FONT=Calibri]Roxio Express Labeler 3[/FONT]

[FONT=Calibri]Roxio File Backup[/FONT]

[FONT=Calibri]Samantha Swift[/FONT]

[FONT=Calibri]Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)[/FONT]

[FONT=Calibri]Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)[/FONT]

[FONT=Calibri]Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)[/FONT]

[FONT=Calibri]Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)[/FONT]

[FONT=Calibri]Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)[/FONT]

[FONT=Calibri]Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)[/FONT]

[FONT=Calibri]Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)[/FONT]

[FONT=Calibri]Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)[/FONT]

[FONT=Calibri]Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)[/FONT]

[FONT=Calibri]Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)[/FONT]

[FONT=Calibri]Security Update for Microsoft .NET Framework 4 Extended (KB2487367)[/FONT]

[FONT=Calibri]Security Update for Microsoft .NET Framework 4 Extended (KB2656351)[/FONT]

[FONT=Calibri]Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition [/FONT]

[FONT=Calibri]Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition [/FONT]

[FONT=Calibri]Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition [/FONT]

[FONT=Calibri]Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition [/FONT]

[FONT=Calibri]Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition[/FONT]

[FONT=Calibri]Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition[/FONT]

[FONT=Calibri]Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition [/FONT]

[FONT=Calibri]Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition[/FONT]

[FONT=Calibri]Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition [/FONT]

[FONT=Calibri]Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition[/FONT]

[FONT=Calibri]Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition [/FONT]

[FONT=Calibri]Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition [/FONT]

[FONT=Calibri]Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition [/FONT]

[FONT=Calibri]Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition [/FONT]

[FONT=Calibri]Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition[/FONT]

[FONT=Calibri]Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition[/FONT]

[FONT=Calibri]Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition [/FONT]

[FONT=Calibri]Shared C Run-time for x64[/FONT]

[FONT=Calibri]Skins[/FONT]

[FONT=Calibri]Skype Toolbars[/FONT]

[FONT=Calibri]Skype™ 5.10[/FONT]

[FONT=Calibri]Sonic CinePlayer Decoder Pack[/FONT]

[FONT=Calibri]SyncUP[/FONT]

[FONT=Calibri]TrustedID[/FONT]

[FONT=Calibri]TrustedID IDMonitor Identity Protection[/FONT]

[FONT=Calibri]Unity Web Player[/FONT]

[FONT=Calibri]Update for 2007 Microsoft Office System (KB967642)[/FONT]

[FONT=Calibri]Update for Microsoft .NET Framework 4 Client Profile (KB2468871)[/FONT]

[FONT=Calibri]Update for Microsoft .NET Framework 4 Client Profile (KB2533523)[/FONT]

[FONT=Calibri]Update for Microsoft .NET Framework 4 Client Profile (KB2600217)[/FONT]

[FONT=Calibri]Update for Microsoft .NET Framework 4 Extended (KB2468871)[/FONT]

[FONT=Calibri]Update for Microsoft .NET Framework 4 Extended (KB2533523)[/FONT]

[FONT=Calibri]Update for Microsoft .NET Framework 4 Extended (KB2600217)[/FONT]

[FONT=Calibri]Update for Microsoft Office 2007 Help for Common Features (KB963673)[/FONT]

[FONT=Calibri]Update for Microsoft Office Excel 2007 Help (KB963678)[/FONT]

[FONT=Calibri]Update for Microsoft Office OneNote 2007 Help (KB963670)[/FONT]

[FONT=Calibri]Update for Microsoft Office Powerpoint 2007 Help (KB963669)[/FONT]

[FONT=Calibri]Update for Microsoft Office Script Editor Help (KB963671)[/FONT]

[FONT=Calibri]Update for Microsoft Office Word 2007 Help (KB963665)[/FONT]

[FONT=Calibri]Update Installer for WildTangent Games App[/FONT]

[FONT=Calibri]Virtual Villagers 4 - The Tree of Life[/FONT]

[FONT=Calibri]Wedding Dash - Ready, Aim, Love![/FONT]

[FONT=Calibri]WildTangent Games[/FONT]

[FONT=Calibri]WildTangent Games App (Dell Games)[/FONT]

[FONT=Calibri]Windows Live Communications Platform[/FONT]

[FONT=Calibri]Windows Live Essentials[/FONT]

[FONT=Calibri]Windows Live ID Sign-in Assistant[/FONT]

[FONT=Calibri]Windows Live Installer[/FONT]

[FONT=Calibri]Windows Live Language Selector[/FONT]

[FONT=Calibri]Windows Live Mail[/FONT]

[FONT=Calibri]Windows Live Mesh[/FONT]

[FONT=Calibri]Windows Live Mesh ActiveX Control for Remote Connections[/FONT]

[FONT=Calibri]Windows Live Messenger[/FONT]

[FONT=Calibri]Windows Live MIME IFilter[/FONT]

[FONT=Calibri]Windows Live Movie Maker[/FONT]

[FONT=Calibri]Windows Live Photo Common[/FONT]

[FONT=Calibri]Windows Live Photo Gallery[/FONT]

[FONT=Calibri]Windows Live PIMT Platform[/FONT]

[FONT=Calibri]Windows Live Remote Client[/FONT]

[FONT=Calibri]Windows Live Remote Client Resources[/FONT]

[FONT=Calibri]Windows Live Remote Service[/FONT]

[FONT=Calibri]Windows Live Remote Service Resources[/FONT]

[FONT=Calibri]Windows Live SOXE[/FONT]

[FONT=Calibri]Windows Live SOXE Definitions[/FONT]

[FONT=Calibri]Windows Live UX Platform[/FONT]

[FONT=Calibri]Windows Live UX Platform Language Pack[/FONT]

[FONT=Calibri]Windows Live Writer[/FONT]

[FONT=Calibri]Windows Live Writer Resources[/FONT]

[FONT=Calibri]Windows Media Encoder 9 Series[/FONT]

[FONT=Calibri]Wizard101[/FONT]

[FONT=Calibri]Zinio Reader 4[/FONT]

[FONT=Calibri]Zuma Deluxe[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]==== Event Viewer Messages From Past Week ========[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]40512916 BHDrvx64 mfeapfk SRTSP[/FONT]

[FONT=Calibri]10/21/2012 4:16:19 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..[/FONT]

[FONT=Calibri]10/21/2012 4:16:19 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The service has returned a service-specific error code.[/FONT]

[FONT=Calibri]10/21/2012 4:15:53 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891[/FONT]

[FONT=Calibri]10/21/2012 4:15:53 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891[/FONT]

[FONT=Calibri]10/21/2012 3:01:39 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2724197).[/FONT]

[FONT=Calibri]10/21/2012 2:25:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.[/FONT]

[FONT=Calibri]10/21/2012 2:22:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 mfeapfk SRTSP[/FONT]

[FONT=Calibri]10/21/2012 2:21:57 PM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.[/FONT]

[FONT=Calibri]10/21/2012 2:21:57 PM, Error: SRTSP [4] - Error loading virus definitions.[/FONT]

[FONT=Calibri]10/21/2012 2:20:21 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer DAWN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C649B165-49C4-4FF1-B8E2-F2E2B2AA0C03}. The master browser is stopping or an election is being forced.[/FONT]

[FONT=Calibri]10/19/2012 9:10:40 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800034cc405, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101912-36707-01.[/FONT]

[FONT=Calibri]10/19/2012 10:28:56 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The service has not been started.[/FONT]

[FONT=Calibri]10/19/2012 10:26:39 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: [/FONT]

[FONT=Calibri]10/19/2012 10:26:00 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800034ea915, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101912-57111-01.[/FONT]

[FONT=Calibri]10/19/2012 10:20:09 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000022, 0x0000000000000002, 0x0000000000000000, 0xfffff8000351bc27). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101912-49811-01.[/FONT]

[FONT=Calibri]10/19/2012 10:13:30 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.[/FONT]

[FONT=Calibri]10/19/2012 10:12:30 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.[/FONT]

[FONT=Calibri]10/19/2012 10:12:12 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.[/FONT]

[FONT=Calibri]10/17/2012 6:40:54 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.[/FONT]

[FONT=Calibri]10/17/2012 10:55:14 AM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.[/FONT]

[FONT=Calibri]10/14/2012 7:15:26 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer CHARLESSTEPH-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C649B165-49C4-4FF1-B8E2-F2E2B2AA0C03}. The master browser is stopping or an election is being forced.[/FONT]

[FONT=Calibri]10/14/2012 2:37:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800034697ef, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101412-34429-01.[/FONT]

[FONT=Calibri]10/14/2012 11:24:08 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]==== End Of File ===========================[/FONT]
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

You're running three AV programs, [FONT=Calibri]Emsisoft Anti-Malware, Norton and McAfee.[/FONT]
You must uninstall TWO of them.
If McAfee is one of them use this tool: http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html
If Norton is another one use this tool: http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

Next....


Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
21:24:25.0581 5912 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
21:24:25.0891 5912 ============================================================
21:24:25.0891 5912 Current date / time: 2012/10/22 21:24:25.0891
21:24:25.0891 5912 SystemInfo:
21:24:25.0891 5912
21:24:25.0891 5912 OS Version: 6.1.7601 ServicePack: 1.0
21:24:25.0891 5912 Product type: Workstation
21:24:25.0891 5912 ComputerName: FAMILYROOM2
21:24:25.0891 5912 UserName: Dawn Barrientos
21:24:25.0891 5912 Windows directory: C:\Windows
21:24:25.0891 5912 System windows directory: C:\Windows
21:24:25.0891 5912 Running under WOW64
21:24:25.0891 5912 Processor architecture: Intel x64
21:24:25.0891 5912 Number of processors: 4
21:24:25.0891 5912 Page size: 0x1000
21:24:25.0891 5912 Boot type: Normal boot
21:24:25.0891 5912 ============================================================
21:24:27.0251 5912 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:24:27.0271 5912 ============================================================
21:24:27.0271 5912 \Device\Harddisk0\DR0:
21:24:27.0271 5912 MBR partitions:
21:24:27.0271 5912 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D9F000
21:24:27.0271 5912 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1DB3000, BlocksNum 0x72953000
21:24:27.0271 5912 ============================================================
21:24:27.0311 5912 C: <-> \Device\Harddisk0\DR0\Partition2
21:24:27.0311 5912 ============================================================
21:24:27.0311 5912 Initialize success
21:24:27.0311 5912 ============================================================
21:24:28.0531 1152 ============================================================
21:24:28.0531 1152 Scan started
21:24:28.0531 1152 Mode: Manual;
21:24:28.0531 1152 ============================================================
21:24:29.0529 1152 ================ Scan system memory ========================
21:24:29.0529 1152 System memory - ok
21:24:29.0529 1152 ================ Scan services =============================
21:24:29.0670 1152 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:24:29.0732 1152 1394ohci - ok
21:24:29.0763 1152 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:24:29.0763 1152 ACPI - ok
21:24:29.0795 1152 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:24:29.0857 1152 AcpiPmi - ok
21:24:29.0982 1152 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:24:29.0982 1152 AdobeFlashPlayerUpdateSvc - ok
21:24:30.0029 1152 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:24:30.0060 1152 adp94xx - ok
21:24:30.0075 1152 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:24:30.0075 1152 adpahci - ok
21:24:30.0091 1152 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:24:30.0107 1152 adpu320 - ok
21:24:30.0231 1152 [ 96A0FF09E226B023DC6ACA253AACEE2E ] ADVService C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
21:24:30.0309 1152 ADVService - ok
21:24:30.0325 1152 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:24:30.0325 1152 AeLookupSvc - ok
21:24:30.0372 1152 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:24:30.0419 1152 AFD - ok
21:24:30.0434 1152 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:24:30.0434 1152 agp440 - ok
21:24:30.0465 1152 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:24:30.0465 1152 ALG - ok
21:24:30.0497 1152 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:24:30.0512 1152 aliide - ok
21:24:30.0543 1152 [ E2934A5F82E010D8783544536384B035 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:24:30.0606 1152 AMD External Events Utility - ok
21:24:30.0621 1152 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:24:30.0621 1152 amdide - ok
21:24:30.0637 1152 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:24:30.0637 1152 AmdK8 - ok
21:24:30.0668 1152 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:24:30.0668 1152 AmdPPM - ok
21:24:30.0684 1152 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:24:30.0731 1152 amdsata - ok
21:24:30.0762 1152 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:24:30.0762 1152 amdsbs - ok
21:24:30.0777 1152 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:24:30.0840 1152 amdxata - ok
21:24:30.0855 1152 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:24:30.0902 1152 AppID - ok
21:24:30.0918 1152 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:24:30.0918 1152 AppIDSvc - ok
21:24:30.0933 1152 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:24:30.0965 1152 Appinfo - ok
21:24:31.0058 1152 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:24:31.0105 1152 Apple Mobile Device - ok
21:24:31.0152 1152 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
21:24:31.0152 1152 arc - ok
21:24:31.0167 1152 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:24:31.0183 1152 arcsas - ok
21:24:31.0261 1152 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:24:31.0308 1152 aspnet_state - ok
21:24:31.0323 1152 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:24:31.0339 1152 AsyncMac - ok
21:24:31.0339 1152 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:24:31.0339 1152 atapi - ok
21:24:31.0370 1152 [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
21:24:31.0448 1152 AtiHdmiService - ok
21:24:31.0838 1152 [ ADF81052D94BCD3FF7DB2FE59E3ED6F4 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:24:31.0901 1152 atikmdag - ok
21:24:31.0947 1152 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\drivers\AtiPcie.sys
21:24:32.0010 1152 AtiPcie - ok
21:24:32.0072 1152 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:24:32.0135 1152 AudioEndpointBuilder - ok
21:24:32.0150 1152 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:24:32.0150 1152 AudioSrv - ok
21:24:32.0197 1152 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:24:32.0244 1152 AxInstSV - ok
21:24:32.0275 1152 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
21:24:32.0291 1152 b06bdrv - ok
21:24:32.0353 1152 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:24:32.0369 1152 b57nd60a - ok
21:24:32.0415 1152 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:24:32.0415 1152 BDESVC - ok
21:24:32.0462 1152 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:24:32.0462 1152 Beep - ok
21:24:32.0509 1152 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:24:32.0540 1152 BFE - ok
21:24:32.0618 1152 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:24:32.0696 1152 BITS - ok
21:24:32.0727 1152 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:24:32.0743 1152 blbdrive - ok
21:24:32.0930 1152 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:24:33.0008 1152 Bonjour Service - ok
21:24:33.0039 1152 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:24:33.0071 1152 bowser - ok
21:24:33.0102 1152 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
21:24:33.0102 1152 BrFiltLo - ok
21:24:33.0133 1152 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
21:24:33.0149 1152 BrFiltUp - ok
21:24:33.0180 1152 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:24:33.0180 1152 BridgeMP - ok
21:24:33.0227 1152 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:24:33.0289 1152 Browser - ok
21:24:33.0320 1152 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:24:33.0336 1152 Brserid - ok
21:24:33.0367 1152 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:24:33.0367 1152 BrSerWdm - ok
21:24:33.0398 1152 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:24:33.0398 1152 BrUsbMdm - ok
21:24:33.0414 1152 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:24:33.0429 1152 BrUsbSer - ok
21:24:33.0445 1152 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:24:33.0445 1152 BTHMODEM - ok
21:24:33.0476 1152 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:24:33.0476 1152 bthserv - ok
21:24:33.0539 1152 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:24:33.0539 1152 cdfs - ok
21:24:33.0570 1152 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:24:33.0617 1152 cdrom - ok
21:24:33.0663 1152 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:24:33.0710 1152 CertPropSvc - ok
21:24:33.0741 1152 [ 45B5A89DC41577282E5BF41B1165EA71 ] cfwids C:\Windows\system32\drivers\cfwids.sys
21:24:33.0773 1152 cfwids - ok
21:24:33.0788 1152 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
21:24:33.0788 1152 circlass - ok
21:24:33.0819 1152 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:24:33.0819 1152 CLFS - ok
21:24:33.0882 1152 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:24:33.0882 1152 clr_optimization_v2.0.50727_32 - ok
21:24:34.0007 1152 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:24:34.0022 1152 clr_optimization_v2.0.50727_64 - ok
21:24:34.0069 1152 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:24:34.0147 1152 clr_optimization_v4.0.30319_32 - ok
21:24:34.0163 1152 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:24:34.0209 1152 clr_optimization_v4.0.30319_64 - ok
21:24:34.0256 1152 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
21:24:34.0272 1152 CmBatt - ok
21:24:34.0303 1152 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:24:34.0303 1152 cmdide - ok
21:24:34.0350 1152 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:24:34.0381 1152 CNG - ok
21:24:34.0397 1152 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
21:24:34.0412 1152 Compbatt - ok
21:24:34.0428 1152 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
21:24:34.0506 1152 CompositeBus - ok
21:24:34.0521 1152 COMSysApp - ok
21:24:34.0553 1152 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:24:34.0553 1152 crcdisk - ok
21:24:34.0615 1152 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:24:34.0662 1152 CryptSvc - ok
21:24:34.0709 1152 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:24:34.0724 1152 DcomLaunch - ok
21:24:34.0755 1152 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:24:34.0771 1152 defragsvc - ok
21:24:34.0865 1152 [ 3A42B00C88E3E68080DAB6B27BB35B6E ] DellDigitalDelivery C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
21:24:34.0927 1152 DellDigitalDelivery - ok
21:24:34.0943 1152 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:24:34.0989 1152 DfsC - ok
21:24:35.0021 1152 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:24:35.0052 1152 Dhcp - ok
21:24:35.0083 1152 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:24:35.0083 1152 discache - ok
21:24:35.0114 1152 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
21:24:35.0130 1152 Disk - ok
21:24:35.0145 1152 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:24:35.0208 1152 Dnscache - ok
21:24:35.0239 1152 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:24:35.0270 1152 dot3svc - ok
21:24:35.0301 1152 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:24:35.0333 1152 DPS - ok
21:24:35.0364 1152 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:24:35.0379 1152 drmkaud - ok
21:24:35.0426 1152 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:24:35.0473 1152 DXGKrnl - ok
21:24:35.0520 1152 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:24:35.0520 1152 EapHost - ok
21:24:35.0972 1152 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
21:24:36.0003 1152 ebdrv - ok
21:24:36.0019 1152 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:24:36.0097 1152 EFS - ok
21:24:36.0206 1152 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:24:36.0269 1152 ehRecvr - ok
21:24:36.0284 1152 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:24:36.0300 1152 ehSched - ok
21:24:36.0378 1152 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:24:36.0393 1152 elxstor - ok
21:24:36.0456 1152 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:24:36.0456 1152 ErrDev - ok
21:24:36.0565 1152 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:24:36.0565 1152 EventSystem - ok
21:24:36.0643 1152 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:24:36.0659 1152 exfat - ok
21:24:36.0721 1152 Fabs - ok
21:24:36.0737 1152 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:24:36.0752 1152 fastfat - ok
21:24:36.0783 1152 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:24:36.0846 1152 Fax - ok
21:24:36.0861 1152 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
21:24:36.0861 1152 fdc - ok
21:24:36.0908 1152 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:24:36.0924 1152 fdPHost - ok
21:24:36.0939 1152 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:24:36.0939 1152 FDResPub - ok
21:24:36.0971 1152 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:24:36.0971 1152 FileInfo - ok
21:24:37.0002 1152 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:24:37.0002 1152 Filetrace - ok
21:24:37.0111 1152 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
21:24:37.0205 1152 FirebirdServerMAGIXInstance - ok
21:24:37.0205 1152 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
21:24:37.0220 1152 flpydisk - ok
21:24:37.0251 1152 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:24:37.0283 1152 FltMgr - ok
21:24:37.0439 1152 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:24:37.0501 1152 FontCache - ok
21:24:37.0610 1152 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:24:37.0688 1152 FontCache3.0.0.0 - ok
21:24:37.0704 1152 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:24:37.0704 1152 FsDepends - ok
21:24:37.0735 1152 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:24:37.0797 1152 Fs_Rec - ok
21:24:37.0813 1152 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:24:37.0860 1152 fvevol - ok
21:24:37.0875 1152 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:24:37.0891 1152 gagp30kx - ok
21:24:38.0063 1152 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
21:24:38.0125 1152 GamesAppService - ok
21:24:38.0172 1152 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:24:38.0219 1152 GEARAspiWDM - ok
21:24:38.0250 1152 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:24:38.0265 1152 gpsvc - ok
21:24:38.0406 1152 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:24:38.0421 1152 gupdate - ok
21:24:38.0468 1152 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:24:38.0468 1152 gupdatem - ok
21:24:38.0484 1152 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:24:38.0484 1152 hcw85cir - ok
21:24:38.0515 1152 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:24:38.0515 1152 HDAudBus - ok
21:24:38.0546 1152 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
21:24:38.0546 1152 HidBatt - ok
21:24:38.0562 1152 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:24:38.0562 1152 HidBth - ok
21:24:38.0593 1152 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
21:24:38.0593 1152 HidIr - ok
21:24:38.0624 1152 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
21:24:38.0624 1152 hidserv - ok
21:24:38.0655 1152 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:24:38.0702 1152 HidUsb - ok
21:24:38.0780 1152 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys
21:24:38.0843 1152 HipShieldK - ok
21:24:38.0874 1152 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:24:38.0921 1152 hkmsvc - ok
21:24:38.0936 1152 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:24:38.0983 1152 HomeGroupListener - ok
21:24:39.0045 1152 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:24:39.0092 1152 HomeGroupProvider - ok
21:24:39.0123 1152 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:24:39.0186 1152 HpSAMD - ok
21:24:39.0217 1152 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:24:39.0264 1152 HTTP - ok
21:24:39.0311 1152 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:24:39.0373 1152 hwpolicy - ok
21:24:39.0404 1152 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:24:39.0404 1152 i8042prt - ok
21:24:39.0482 1152 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:24:39.0545 1152 iaStorV - ok
21:24:39.0685 1152 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:24:39.0747 1152 idsvc - ok
21:24:39.0763 1152 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:24:39.0779 1152 iirsp - ok
21:24:39.0872 1152 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:24:39.0935 1152 IKEEXT - ok
21:24:40.0028 1152 [ 9526F32B8A76F8DC25A1587400E30084 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:24:40.0075 1152 IntcAzAudAddService - ok
21:24:40.0131 1152 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:24:40.0131 1152 intelide - ok
21:24:40.0211 1152 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
21:24:40.0231 1152 intelppm - ok
21:24:40.0251 1152 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:24:40.0261 1152 IPBusEnum - ok
21:24:40.0281 1152 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:24:40.0321 1152 IpFilterDriver - ok
21:24:40.0341 1152 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:24:40.0391 1152 IPMIDRV - ok
21:24:40.0411 1152 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:24:40.0411 1152 IPNAT - ok
21:24:40.0561 1152 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:24:40.0621 1152 iPod Service - ok
21:24:40.0641 1152 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:24:40.0641 1152 IRENUM - ok
21:24:40.0671 1152 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:24:40.0671 1152 isapnp - ok
21:24:40.0711 1152 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:24:40.0771 1152 iScsiPrt - ok
21:24:40.0801 1152 [ D85F3F18E44F7447B5F1BA5C85BAEB7C ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
21:24:40.0841 1152 k57nd60a - ok
21:24:40.0871 1152 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:24:40.0881 1152 kbdclass - ok
21:24:40.0901 1152 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:24:40.0951 1152 kbdhid - ok
21:24:40.0961 1152 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:24:40.0961 1152 KeyIso - ok
21:24:40.0981 1152 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:24:41.0021 1152 KSecDD - ok
21:24:41.0051 1152 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:24:41.0101 1152 KSecPkg - ok
21:24:41.0101 1152 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:24:41.0111 1152 ksthunk - ok
21:24:41.0171 1152 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:24:41.0191 1152 KtmRm - ok
21:24:41.0261 1152 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:24:41.0301 1152 LanmanServer - ok
21:24:41.0341 1152 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:24:41.0371 1152 LanmanWorkstation - ok
21:24:41.0391 1152 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:24:41.0401 1152 lltdio - ok
21:24:41.0461 1152 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:24:41.0471 1152 lltdsvc - ok
21:24:41.0491 1152 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:24:41.0501 1152 lmhosts - ok
21:24:41.0521 1152 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:24:41.0531 1152 LSI_FC - ok
21:24:41.0551 1152 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:24:41.0561 1152 LSI_SAS - ok
21:24:41.0581 1152 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:24:41.0581 1152 LSI_SAS2 - ok
21:24:41.0601 1152 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:24:41.0601 1152 LSI_SCSI - ok
21:24:41.0641 1152 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:24:41.0641 1152 luafv - ok
21:24:41.0711 1152 [ BE8C524313DB75FA26FB2B0C0AAFF88E ] McAfee SiteAdvisor Service c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
21:24:41.0771 1152 McAfee SiteAdvisor Service - ok
21:24:41.0921 1152 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:24:41.0981 1152 McMPFSvc - ok
21:24:41.0981 1152 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:24:41.0981 1152 mcmscsvc - ok
21:24:41.0991 1152 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:24:41.0991 1152 McNaiAnn - ok
21:24:42.0001 1152 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:24:42.0001 1152 McNASvc - ok
21:24:42.0111 1152 [ BE7C8C3F8FE52D8F7826E14CF11DE949 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
21:24:42.0121 1152 McODS - ok
21:24:42.0141 1152 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:24:42.0141 1152 McProxy - ok
21:24:42.0187 1152 [ 4DEC9B5BEDAA97B1FF6A3923E1C4F58A ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
21:24:42.0250 1152 McShield - ok
21:24:42.0281 1152 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:24:42.0343 1152 Mcx2Svc - ok
21:24:42.0359 1152 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
21:24:42.0359 1152 megasas - ok
21:24:42.0453 1152 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:24:42.0468 1152 MegaSR - ok
21:24:42.0531 1152 [ B574522827D94126C03975FD53F0B26B ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
21:24:42.0577 1152 mfeapfk - ok
21:24:42.0609 1152 [ B393753ECE9A9E2307CB1984ACF3DA9D ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
21:24:42.0655 1152 mfeavfk - ok
21:24:42.0671 1152 mfeavfk01 - ok
21:24:42.0687 1152 [ 97C398750C8E80A48EB63999546F796E ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
21:24:42.0733 1152 mfefire - ok
21:24:42.0749 1152 [ C52A1ABF03DD219375EA0F6A8BE941C3 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
21:24:42.0796 1152 mfefirek - ok
21:24:42.0843 1152 [ 7092A6C6158FC4F5AA39EBEB9D5AF03D ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
21:24:42.0936 1152 mfehidk - ok
21:24:42.0952 1152 [ D2A941C82A0A9227CD6F47AD40A40F69 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
21:24:42.0999 1152 mferkdet - ok
21:24:43.0045 1152 [ 04D48692EFF181DA46DD8EA8BE9FFB2B ] mfevtp C:\Windows\system32\mfevtps.exe
21:24:43.0092 1152 mfevtp - ok
21:24:43.0108 1152 [ 1631E2DA6C4B47D97ECA94842836592E ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
21:24:43.0155 1152 mfewfpk - ok
21:24:43.0186 1152 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:24:43.0186 1152 MMCSS - ok
21:24:43.0201 1152 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:24:43.0217 1152 Modem - ok
21:24:43.0248 1152 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:24:43.0248 1152 monitor - ok
21:24:43.0264 1152 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:24:43.0279 1152 mouclass - ok
21:24:43.0295 1152 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:24:43.0311 1152 mouhid - ok
21:24:43.0342 1152 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:24:43.0389 1152 mountmgr - ok
21:24:43.0404 1152 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:24:43.0451 1152 mpio - ok
21:24:43.0482 1152 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:24:43.0498 1152 mpsdrv - ok
21:24:43.0591 1152 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:24:43.0654 1152 MpsSvc - ok
21:24:43.0670 1152 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:24:43.0732 1152 MRxDAV - ok
21:24:43.0779 1152 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:24:43.0841 1152 mrxsmb - ok
21:24:43.0872 1152 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:24:43.0919 1152 mrxsmb10 - ok
21:24:43.0935 1152 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:24:43.0966 1152 mrxsmb20 - ok
21:24:43.0997 1152 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:24:44.0075 1152 msahci - ok
21:24:44.0122 1152 [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
21:24:44.0184 1152 MSCamSvc - ok
21:24:44.0216 1152 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:24:44.0262 1152 msdsm - ok
21:24:44.0294 1152 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:24:44.0309 1152 MSDTC - ok
21:24:44.0340 1152 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:24:44.0356 1152 Msfs - ok
21:24:44.0387 1152 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:24:44.0403 1152 mshidkmdf - ok
21:24:44.0418 1152 [ 55218F924E55FD2786ED40EDF4ED79C3 ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
21:24:44.0481 1152 MSHUSBVideo - ok
21:24:44.0496 1152 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:24:44.0496 1152 msisadrv - ok
21:24:44.0543 1152 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:24:44.0559 1152 MSiSCSI - ok
21:24:44.0559 1152 msiserver - ok
21:24:44.0606 1152 [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:24:44.0606 1152 MSK80Service - ok
21:24:44.0637 1152 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:24:44.0652 1152 MSKSSRV - ok
21:24:44.0684 1152 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:24:44.0684 1152 MSPCLOCK - ok
21:24:44.0699 1152 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:24:44.0699 1152 MSPQM - ok
21:24:44.0730 1152 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:24:44.0777 1152 MsRPC - ok
21:24:44.0793 1152 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:24:44.0793 1152 mssmbios - ok
21:24:44.0808 1152 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:24:44.0808 1152 MSTEE - ok
21:24:44.0824 1152 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
21:24:44.0840 1152 MTConfig - ok
21:24:44.0840 1152 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:24:44.0840 1152 Mup - ok
21:24:44.0871 1152 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:24:44.0902 1152 napagent - ok
21:24:44.0949 1152 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:24:44.0964 1152 NativeWifiP - ok
21:24:45.0074 1152 [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
21:24:45.0167 1152 NAUpdate - ok
21:24:45.0214 1152 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:24:45.0230 1152 NDIS - ok
21:24:45.0261 1152 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:24:45.0261 1152 NdisCap - ok
21:24:45.0292 1152 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi
 
C:\Windows\system32\DRIVERS\ndistapi.sys
21:24:45.0292 1152 NdisTapi - ok
21:24:45.0308 1152 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:24:45.0354 1152 Ndisuio - ok
21:24:45.0370 1152 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:24:45.0417 1152 NdisWan - ok
21:24:45.0432 1152 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:24:45.0479 1152 NDProxy - ok
21:24:45.0495 1152 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:24:45.0495 1152 NetBIOS - ok
21:24:45.0510 1152 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:24:45.0557 1152 NetBT - ok
21:24:45.0573 1152 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:24:45.0573 1152 Netlogon - ok
21:24:45.0635 1152 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:24:45.0635 1152 Netman - ok
21:24:45.0698 1152 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:24:45.0760 1152 NetMsmqActivator - ok
21:24:45.0760 1152 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:24:45.0760 1152 NetPipeActivator - ok
21:24:45.0800 1152 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:24:45.0800 1152 netprofm - ok
21:24:45.0850 1152 [ EED1FBDE98CF5F6D5C0C5B27AB1F68EC ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
21:24:45.0900 1152 netr28ux - ok
21:24:45.0910 1152 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:24:45.0910 1152 NetTcpActivator - ok
21:24:45.0910 1152 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:24:45.0910 1152 NetTcpPortSharing - ok
21:24:45.0940 1152 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:24:45.0940 1152 nfrd960 - ok
21:24:45.0980 1152 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:24:46.0020 1152 NlaSvc - ok
21:24:46.0280 1152 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
21:24:46.0340 1152 NOBU - ok
21:24:46.0390 1152 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:24:46.0390 1152 Npfs - ok
21:24:46.0420 1152 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:24:46.0430 1152 nsi - ok
21:24:46.0450 1152 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:24:46.0460 1152 nsiproxy - ok
21:24:46.0530 1152 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:24:46.0590 1152 Ntfs - ok
21:24:46.0610 1152 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:24:46.0610 1152 Null - ok
21:24:46.0650 1152 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:24:46.0690 1152 nvraid - ok
21:24:46.0720 1152 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:24:46.0770 1152 nvstor - ok
21:24:46.0780 1152 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:24:46.0790 1152 nv_agp - ok
21:24:46.0950 1152 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:24:47.0020 1152 odserv - ok
21:24:47.0030 1152 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:24:47.0040 1152 ohci1394 - ok
21:24:47.0110 1152 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:24:47.0170 1152 ose - ok
21:24:47.0250 1152 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:24:47.0250 1152 p2pimsvc - ok
21:24:47.0270 1152 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:24:47.0280 1152 p2psvc - ok
21:24:47.0290 1152 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
21:24:47.0300 1152 Parport - ok
21:24:47.0330 1152 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:24:47.0380 1152 partmgr - ok
21:24:47.0470 1152 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:24:47.0480 1152 PcaSvc - ok
21:24:47.0590 1152 [ 4B5F5774FF1C577B9515FDD2B5C535C5 ] PCDSRVC{1E208CE0-FB7451FF-06020200}_0 c:\program files\dell support center\pcdsrvc_x64.pkms
21:24:47.0670 1152 PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - ok
21:24:47.0700 1152 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:24:47.0760 1152 pci - ok
21:24:47.0790 1152 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:24:47.0790 1152 pciide - ok
21:24:47.0870 1152 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:24:47.0880 1152 pcmcia - ok
21:24:47.0910 1152 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:24:47.0920 1152 pcw - ok
21:24:48.0040 1152 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:24:48.0070 1152 PEAUTH - ok
21:24:48.0520 1152 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:24:48.0520 1152 PerfHost - ok
21:24:48.0700 1152 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:24:48.0750 1152 pla - ok
21:24:48.0820 1152 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:24:48.0860 1152 PlugPlay - ok
21:24:48.0880 1152 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:24:48.0880 1152 PNRPAutoReg - ok
21:24:48.0970 1152 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:24:48.0970 1152 PNRPsvc - ok
21:24:49.0030 1152 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:24:49.0070 1152 PolicyAgent - ok
21:24:49.0080 1152 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:24:49.0080 1152 Power - ok
21:24:49.0130 1152 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:24:49.0200 1152 PptpMiniport - ok
21:24:49.0220 1152 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
21:24:49.0220 1152 Processor - ok
21:24:49.0260 1152 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:24:49.0310 1152 ProfSvc - ok
21:24:49.0320 1152 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:24:49.0320 1152 ProtectedStorage - ok
21:24:49.0340 1152 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:24:49.0340 1152 Psched - ok
21:24:49.0391 1152 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
21:24:49.0469 1152 PxHlpa64 - ok
21:24:49.0750 1152 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:24:49.0781 1152 ql2300 - ok
21:24:49.0797 1152 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:24:49.0812 1152 ql40xx - ok
21:24:49.0844 1152 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:24:49.0859 1152 QWAVE - ok
21:24:49.0875 1152 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:24:49.0890 1152 QWAVEdrv - ok
21:24:49.0906 1152 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:24:49.0906 1152 RasAcd - ok
21:24:49.0984 1152 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:24:49.0984 1152 RasAgileVpn - ok
21:24:50.0015 1152 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:24:50.0046 1152 RasAuto - ok
21:24:50.0062 1152 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:24:50.0124 1152 Rasl2tp - ok
21:24:50.0140 1152 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:24:50.0171 1152 RasMan - ok
21:24:50.0187 1152 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:24:50.0187 1152 RasPppoe - ok
21:24:50.0234 1152 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:24:50.0249 1152 RasSstp - ok
21:24:50.0265 1152 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:24:50.0312 1152 rdbss - ok
21:24:50.0327 1152 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
21:24:50.0343 1152 rdpbus - ok
21:24:50.0358 1152 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:24:50.0358 1152 RDPCDD - ok
21:24:50.0358 1152 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:24:50.0374 1152 RDPENCDD - ok
21:24:50.0390 1152 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:24:50.0390 1152 RDPREFMP - ok
21:24:50.0405 1152 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:24:50.0452 1152 RDPWD - ok
21:24:50.0483 1152 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:24:50.0577 1152 rdyboost - ok
21:24:50.0592 1152 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:24:50.0592 1152 RemoteAccess - ok
21:24:50.0639 1152 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:24:50.0655 1152 RemoteRegistry - ok
21:24:50.0904 1152 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
21:24:50.0982 1152 RoxMediaDB12OEM - ok
21:24:51.0014 1152 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
21:24:51.0060 1152 RoxWatch12 - ok
21:24:51.0123 1152 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:24:51.0138 1152 RpcEptMapper - ok
21:24:51.0170 1152 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:24:51.0185 1152 RpcLocator - ok
21:24:51.0294 1152 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:24:51.0294 1152 RpcSs - ok
21:24:51.0357 1152 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:24:51.0357 1152 rspndr - ok
21:24:51.0372 1152 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:24:51.0372 1152 SamSs - ok
21:24:51.0388 1152 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:24:51.0435 1152 sbp2port - ok
21:24:51.0450 1152 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:24:51.0450 1152 SCardSvr - ok
21:24:51.0466 1152 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:24:51.0513 1152 scfilter - ok
21:24:51.0638 1152 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:24:51.0684 1152 Schedule - ok
21:24:51.0762 1152 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:24:51.0762 1152 SCPolicySvc - ok
21:24:51.0794 1152 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:24:51.0856 1152 SDRSVC - ok
21:24:51.0856 1152 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:24:51.0872 1152 secdrv - ok
21:24:51.0872 1152 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:24:51.0903 1152 seclogon - ok
21:24:51.0918 1152 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:24:51.0918 1152 SENS - ok
21:24:51.0950 1152 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:24:51.0950 1152 SensrSvc - ok
21:24:51.0965 1152 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
21:24:51.0965 1152 Serenum - ok
21:24:52.0012 1152 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
21:24:52.0028 1152 Serial - ok
21:24:52.0043 1152 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:24:52.0043 1152 sermouse - ok
21:24:52.0074 1152 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:24:52.0106 1152 SessionEnv - ok
21:24:52.0121 1152 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:24:52.0137 1152 sffdisk - ok
21:24:52.0168 1152 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:24:52.0168 1152 sffp_mmc - ok
21:24:52.0184 1152 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:24:52.0215 1152 sffp_sd - ok
21:24:52.0230 1152 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:24:52.0246 1152 sfloppy - ok
21:24:52.0324 1152 [ 1968E6EBBEECF61D5F7D8603467E2AD0 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
21:24:52.0386 1152 SftService - ok
21:24:52.0402 1152 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:24:52.0433 1152 ShellHWDetection - ok
21:24:52.0464 1152 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
21:24:52.0464 1152 SiSRaid2 - ok
21:24:52.0480 1152 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:24:52.0480 1152 SiSRaid4 - ok
21:24:52.0589 1152 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:24:57.0222 1152 SkypeUpdate - ok
21:24:57.0254 1152 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:24:57.0254 1152 Smb - ok
21:24:57.0300 1152 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:24:57.0316 1152 SNMPTRAP - ok
21:24:57.0394 1152 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:24:57.0410 1152 spldr - ok
21:24:57.0441 1152 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:24:57.0519 1152 Spooler - ok
21:24:57.0628 1152 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:24:57.0690 1152 sppsvc - ok
21:24:57.0706 1152 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:24:57.0706 1152 sppuinotify - ok
21:24:57.0784 1152 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:24:57.0846 1152 srv - ok
21:24:57.0878 1152 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:24:57.0924 1152 srv2 - ok
21:24:57.0940 1152 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:24:57.0987 1152 srvnet - ok
21:24:58.0018 1152 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:24:58.0034 1152 SSDPSRV - ok
21:24:58.0065 1152 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:24:58.0065 1152 SstpSvc - ok
21:24:58.0127 1152 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
21:24:58.0127 1152 stexstor - ok
21:24:58.0190 1152 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:24:58.0252 1152 stisvc - ok
21:24:58.0330 1152 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
21:24:58.0408 1152 stllssvr - ok
21:24:58.0424 1152 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:24:58.0424 1152 swenum - ok
21:24:58.0455 1152 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:24:58.0455 1152 swprv - ok
21:24:58.0486 1152 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:24:58.0533 1152 SysMain - ok
21:24:58.0580 1152 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:24:58.0611 1152 TabletInputService - ok
21:24:58.0611 1152 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:24:58.0658 1152 TapiSrv - ok
21:24:58.0658 1152 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:24:58.0673 1152 TBS - ok
21:24:58.0798 1152 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:24:58.0860 1152 Tcpip - ok
21:24:58.0923 1152 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:24:58.0923 1152 TCPIP6 - ok
21:24:58.0938 1152 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:24:58.0985 1152 tcpipreg - ok
21:24:59.0048 1152 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:24:59.0048 1152 TDPIPE - ok
21:24:59.0110 1152 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:24:59.0188 1152 TDTCP - ok
21:24:59.0204 1152 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:24:59.0266 1152 tdx - ok
21:24:59.0297 1152 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:24:59.0360 1152 TermDD - ok
21:24:59.0453 1152 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:24:59.0500 1152 TermService - ok
21:24:59.0516 1152 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:24:59.0516 1152 Themes - ok
21:24:59.0547 1152 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:24:59.0547 1152 THREADORDER - ok
21:24:59.0562 1152 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:24:59.0578 1152 TrkWks - ok
21:24:59.0672 1152 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:24:59.0734 1152 TrustedInstaller - ok
21:24:59.0781 1152 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:24:59.0859 1152 tssecsrv - ok
21:24:59.0874 1152 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:24:59.0921 1152 TsUsbFlt - ok
21:24:59.0952 1152 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
21:24:59.0999 1152 TsUsbGD - ok
21:25:00.0015 1152 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:25:00.0077 1152 tunnel - ok
21:25:00.0108 1152 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:25:00.0108 1152 uagp35 - ok
21:25:00.0155 1152 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:25:00.0218 1152 udfs - ok
21:25:00.0249 1152 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:25:00.0264 1152 UI0Detect - ok
21:25:00.0296 1152 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:25:00.0296 1152 uliagpkx - ok
21:25:00.0342 1152 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:25:00.0405 1152 umbus - ok
21:25:00.0483 1152 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
21:25:00.0483 1152 UmPass - ok
21:25:00.0530 1152 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:25:00.0545 1152 upnphost - ok
21:25:00.0561 1152 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:25:00.0608 1152 USBAAPL64 - ok
21:25:00.0639 1152 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:25:00.0686 1152 usbaudio - ok
21:25:00.0732 1152 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:25:00.0779 1152 usbccgp - ok
21:25:00.0810 1152 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:25:00.0810 1152 usbcir - ok
21:25:00.0888 1152 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:25:00.0966 1152 usbehci - ok
21:25:01.0029 1152 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:25:01.0107 1152 usbhub - ok
21:25:01.0122 1152 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:25:01.0169 1152 usbohci - ok
21:25:01.0185 1152 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
21:25:01.0185 1152 usbprint - ok
21:25:01.0247 1152 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:25:01.0294 1152 USBSTOR - ok
21:25:01.0325 1152 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:25:01.0388 1152 usbuhci - ok
21:25:01.0403 1152 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:25:01.0450 1152 usbvideo - ok
21:25:01.0497 1152 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:25:01.0512 1152 UxSms - ok
21:25:01.0528 1152 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:25:01.0528 1152 VaultSvc - ok
21:25:01.0559 1152 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:25:01.0559 1152 vdrvroot - ok
21:25:01.0590 1152 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:25:01.0653 1152 vds - ok
21:25:01.0715 1152 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:25:01.0715 1152 vga - ok
21:25:01.0746 1152 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:25:01.0746 1152 VgaSave - ok
21:25:01.0809 1152 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:25:01.0887 1152 vhdmp - ok
21:25:01.0902 1152 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:25:01.0902 1152 viaide - ok
21:25:01.0934 1152 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:25:01.0980 1152 volmgr - ok
21:25:01.0996 1152 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:25:02.0074 1152 volmgrx - ok
21:25:02.0090 1152 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:25:02.0168 1152 volsnap - ok
21:25:02.0183 1152 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:25:02.0199 1152 vsmraid - ok
21:25:02.0370 1152 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:25:02.0417 1152 VSS - ok
21:25:02.0480 1152 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:25:02.0495 1152 vwifibus - ok
21:25:02.0526 1152 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:25:02.0542 1152 vwififlt - ok
21:25:02.0589 1152 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:25:02.0604 1152 vwifimp - ok
21:25:02.0667 1152 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:25:02.0667 1152 W32Time - ok
21:25:02.0682 1152 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:25:02.0698 1152 WacomPen - ok
21:25:02.0729 1152 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:25:02.0792 1152 WANARP - ok
21:25:02.0792 1152 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:25:02.0792 1152 Wanarpv6 - ok
21:25:02.0901 1152 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:25:02.0948 1152 WatAdminSvc - ok
21:25:03.0104 1152 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:25:03.0166 1152 wbengine - ok
21:25:03.0166 1152 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:25:03.0182 1152 WbioSrvc - ok
21:25:03.0197 1152 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:25:03.0197 1152 wcncsvc - ok
21:25:03.0228 1152 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:25:03.0228 1152 WcsPlugInService - ok
21:25:03.0260 1152 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
21:25:03.0275 1152 Wd - ok
21:25:03.0338 1152 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:25:03.0338 1152 Wdf01000 - ok
21:25:03.0369 1152 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:25:03.0369 1152 WdiServiceHost - ok
21:25:03.0384 1152 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:25:03.0400 1152 WdiSystemHost - ok
21:25:03.0416 1152 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:25:03.0447 1152 WebClient - ok
21:25:03.0462 1152 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:25:03.0462 1152 Wecsvc - ok
21:25:03.0478 1152 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:25:03.0494 1152 wercplsupport - ok
21:25:03.0494 1152 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:25:03.0509 1152 WerSvc - ok
21:25:03.0540 1152 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:25:03.0540 1152 WfpLwf - ok
21:25:03.0587 1152 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
21:25:03.0665 1152 WimFltr - ok
21:25:03.0681 1152 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:25:03.0681 1152 WIMMount - ok
21:25:03.0681 1152 WinHttpAutoProxySvc - ok
21:25:03.0790 1152 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:25:03.0806 1152 Winmgmt - ok
21:25:03.0962 1152 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:25:03.0993 1152 WinRM - ok
21:25:04.0040 1152 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:25:04.0133 1152 WinUsb - ok
21:25:04.0196 1152 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:25:04.0227 1152 Wlansvc - ok
21:25:04.0289 1152 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:25:04.0352 1152 wlcrasvc - ok
21:25:04.0476 1152 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:25:04.0523 1152 wlidsvc - ok
21:25:04.0539 1152 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:25:04.0539 1152 WmiAcpi - ok
21:25:04.0586 1152 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:25:04.0586 1152 wmiApSrv - ok
21:25:04.0601 1152 WMPNetworkSvc - ok
21:25:04.0617 1152 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:25:04.0632 1152 WPCSvc - ok
21:25:04.0632 1152 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:25:04.0679 1152 WPDBusEnum - ok
21:25:04.0710 1152 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:25:04.0710 1152 ws2ifsl - ok
21:25:04.0757 1152 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
21:25:04.0773 1152 WSDPrintDevice - ok
21:25:04.0788 1152 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
21:25:04.0788 1152 WSDScan - ok
21:25:04.0788 1152 WSearch - ok
21:25:04.0866 1152 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:25:04.0913 1152 wuauserv - ok
21:25:04.0944 1152 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:25:05.0007 1152 WudfPf - ok
21:25:05.0038 1152 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:25:05.0069 1152 wudfsvc - ok
21:25:05.0085 1152 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:25:05.0085 1152 WwanSvc - ok
21:25:05.0116 1152 ================ Scan global ===============================
21:25:05.0147 1152 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:25:05.0194 1152 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:25:05.0210 1152 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:25:05.0225 1152 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:25:05.0288 1152 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:25:05.0288 1152 [Global] - ok
21:25:05.0288 1152 ================ Scan MBR ==================================
21:25:05.0303 1152 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:25:06.0536 1152 \Device\Harddisk0\DR0 - ok
21:25:06.0536 1152 ================ Scan VBR ==================================
21:25:06.0536 1152 [ 2429A2C78D5A970BF85C2BA002CF9C81 ] \Device\Harddisk0\DR0\Partition1
21:25:06.0536 1152 \Device\Harddisk0\DR0\Partition1 - ok
21:25:06.0582 1152 [ 36F7F8E07FE5F3BC5FB91C5619DD77C6 ] \Device\Harddisk0\DR0\Partition2
21:25:06.0582 1152 \Device\Harddisk0\DR0\Partition2 - ok
21:25:06.0582 1152 ============================================================
21:25:06.0582 1152 Scan finished
21:25:06.0582 1152 ============================================================
21:25:06.0598 5592 Detected object count: 0
21:25:06.0598 5592 Actual detected object count: 0
 
Re-run MBAM one more time and post new log.

Next...

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
[FONT=Calibri]Malwarebytes Anti-Malware 1.65.0.1400[/FONT]

[FONT=Calibri]www.malwarebytes.org[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Database version: v2012.10.17.08[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Windows 7 Service Pack 1 x64 NTFS[/FONT]

[FONT=Calibri]Internet Explorer 9.0.8112.16421[/FONT]

[FONT=Calibri]Dawn Barrientos :: FAMILYROOM2 [administrator][/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]10/22/2012 11:27:35 PM[/FONT]

[FONT=Calibri]mbam-log-2012-10-22 (23-27-35).txt[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Scan type: Quick scan[/FONT]

[FONT=Calibri]Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM[/FONT]

[FONT=Calibri]Scan options disabled: P2P[/FONT]

[FONT=Calibri]Objects scanned: 204255[/FONT]

[FONT=Calibri]Time elapsed: 4 minute(s), 45 second(s)[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Memory Processes Detected: 0[/FONT]

[FONT=Calibri](No malicious items detected)[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Memory Modules Detected: 0[/FONT]

[FONT=Calibri](No malicious items detected)[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Registry Keys Detected: 1[/FONT]

[FONT=Calibri]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> No action taken.[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Registry Values Detected: 0[/FONT]

[FONT=Calibri](No malicious items detected)[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Registry Data Items Detected: 0[/FONT]

[FONT=Calibri](No malicious items detected)[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Folders Detected: 0[/FONT]

[FONT=Calibri](No malicious items detected)[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Files Detected: 0[/FONT]

[FONT=Calibri](No malicious items detected)[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri](end)[/FONT]

[FONT=Calibri]RogueKiller V8.1.1 [10/01/2012] by Tigzy[/FONT]

[FONT=Calibri]mail: tigzyRK<at>gmail<dot>com[/FONT]

[FONT=Calibri]Feedback: https://www.techspot.com/downloads/5562-roguekiller.html[/FONT]

[FONT=Calibri]Website: http://tigzy.geekstogo.com/roguekiller.php[/FONT]

[FONT=Calibri]Blog: http://tigzyrk.blogspot.com[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version[/FONT]

[FONT=Calibri]Started in : Normal mode[/FONT]

[FONT=Calibri]User : Dawn Barrientos [Admin rights][/FONT]

[FONT=Calibri]Mode : Scan -- Date : 10/22/2012 23:40:31[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]¤¤¤ Bad processes : 4 ¤¤¤[/FONT]

[FONT=Calibri][SUSP PATH][DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Dawn Barrientos\AppData\Local\Apple\APN\rsdbkta.dll -> KILLED [TermProc][/FONT]

[FONT=Calibri][RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc][/FONT]

[FONT=Calibri][RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc][/FONT]

[FONT=Calibri][RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc][/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]¤¤¤ Registry Entries : 12 ¤¤¤[/FONT]

[FONT=Calibri][RUN][SUSP PATH] HKCU\[...]\Run : APN (rundll32.exe "C:\Users\Dawn Barrientos\AppData\Local\Apple\APN\rsdbkta.dll",fltInfoW) -> FOUND[/FONT]

[FONT=Calibri][RUN][SUSP PATH] HKUS\S-1-5-21-788865697-3205942769-3514527554-1001[...]\Run : APN (rundll32.exe "C:\Users\Dawn Barrientos\AppData\Local\Apple\APN\rsdbkta.dll",fltInfoW) -> FOUND[/FONT]

[FONT=Calibri][TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND[/FONT]

[FONT=Calibri][TASK][ROGUE ST] 4785 : wscript.exe C:\Users\DAWNBA~1\AppData\Local\Temp\launchie.vbs //B -> FOUND[/FONT]

[FONT=Calibri][TASK][SUSP PATH] winupd : C:\Users\DAWNBA~1\AppData\Local\Temp:winupd.exe -> FOUND[/FONT]

[FONT=Calibri][HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND[/FONT]

[FONT=Calibri][HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[/FONT]

[FONT=Calibri][HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND[/FONT]

[FONT=Calibri][HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND[/FONT]

[FONT=Calibri][HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[/FONT]

[FONT=Calibri][HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[/FONT]

[FONT=Calibri][FILEASSO] HKLM\[...]\command : (C:\Program Files (x86)\Internet Explorer\iexplore.exe) -> FOUND[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]¤¤¤ Particular Files / Folders: ¤¤¤[/FONT]

[FONT=Calibri][ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-788865697-3205942769-3514527554-1001\$7ca8975b26d4caab17fbc64d6538852e\U --> FOUND[/FONT]

[FONT=Calibri][ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-788865697-3205942769-3514527554-1001\$7ca8975b26d4caab17fbc64d6538852e\L --> FOUND[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]¤¤¤ Driver : [NOT LOADED] ¤¤¤[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]¤¤¤ Infection : ZeroAccess ¤¤¤[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]¤¤¤ HOSTS File: ¤¤¤[/FONT]

[FONT=Calibri]--> C:\Windows\system32\drivers\etc\hosts[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]¤¤¤ MBR Check: ¤¤¤[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]+++++ PhysicalDrive0: ST31000524AS ATA Device +++++[/FONT]

[FONT=Calibri]--- User ---[/FONT]

[FONT=Calibri][MBR] 38188122449a5d7ccb4f014e9760dbd8[/FONT]

[FONT=Calibri][BSP] 0d5557623343827e718ad65654a1033c : Windows Vista MBR Code[/FONT]

[FONT=Calibri]Partition table:[/FONT]

[FONT=Calibri]0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo[/FONT]

[FONT=Calibri]1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15166 Mo[/FONT]

[FONT=Calibri]2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31141888 | Size: 938662 Mo[/FONT]

[FONT=Calibri]User = LL1 ... OK![/FONT]

[FONT=Calibri]User = LL2 ... OK![/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++[/FONT]

[FONT=Calibri]Error reading User MBR![/FONT]

[FONT=Calibri]User = LL1 ... OK![/FONT]

[FONT=Calibri]Error reading LL2 MBR![/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++[/FONT]

[FONT=Calibri]Error reading User MBR![/FONT]

[FONT=Calibri]User = LL1 ... OK![/FONT]

[FONT=Calibri]Error reading LL2 MBR![/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]+++++ PhysicalDrive3: Generic- SM/xD Picture USB Device +++++[/FONT]

[FONT=Calibri]Error reading User MBR![/FONT]

[FONT=Calibri]User = LL1 ... OK![/FONT]

[FONT=Calibri]Error reading LL2 MBR![/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++[/FONT]

[FONT=Calibri]Error reading User MBR![/FONT]

[FONT=Calibri]User = LL1 ... OK![/FONT]

[FONT=Calibri]Error reading LL2 MBR![/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Finished : << RKreport[1].txt >>[/FONT]

[FONT=Calibri]RKreport[1].txt[/FONT]

[FONT=Calibri]RogueKiller V8.1.1 [10/01/2012] by Tigzy[/FONT]

[FONT=Calibri]mail: tigzyRK<at>gmail<dot>com[/FONT]

[FONT=Calibri]Feedback: https://www.techspot.com/downloads/5562-roguekiller.html[/FONT]

[FONT=Calibri]Website: http://tigzy.geekstogo.com/roguekiller.php[/FONT]

[FONT=Calibri]Blog: http://tigzyrk.blogspot.com[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version[/FONT]

[FONT=Calibri]Started in : Normal mode[/FONT]

[FONT=Calibri]User : Dawn Barrientos [Admin rights][/FONT]

[FONT=Calibri]Mode : Scan -- Date : 10/22/2012 23:42:45[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]¤¤¤ Bad processes : 4 ¤¤¤[/FONT]

[FONT=Calibri][SUSP PATH][DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Dawn Barrientos\AppData\Local\Apple\APN\rsdbkta.dll -> KILLED [TermProc][/FONT]

[FONT=Calibri][RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc][/FONT]

[FONT=Calibri][RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc][/FONT]

[FONT=Calibri][RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc][/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]¤¤¤ Registry Entries : 12 ¤¤¤[/FONT]

[FONT=Calibri][RUN][SUSP PATH] HKCU\[...]\Run : APN (rundll32.exe "C:\Users\Dawn Barrientos\AppData\Local\Apple\APN\rsdbkta.dll",fltInfoW) -> FOUND[/FONT]

[FONT=Calibri][RUN][SUSP PATH] HKUS\S-1-5-21-788865697-3205942769-3514527554-1001[...]\Run : APN (rundll32.exe "C:\Users\Dawn Barrientos\AppData\Local\Apple\APN\rsdbkta.dll",fltInfoW) -> FOUND[/FONT]

[FONT=Calibri][TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND[/FONT]

[FONT=Calibri][TASK][ROGUE ST] 4785 : wscript.exe C:\Users\DAWNBA~1\AppData\Local\Temp\launchie.vbs //B -> FOUND[/FONT]

[FONT=Calibri][TASK][SUSP PATH] winupd : C:\Users\DAWNBA~1\AppData\Local\Temp:winupd.exe -> FOUND[/FONT]

[FONT=Calibri][HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND[/FONT]

[FONT=Calibri][HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[/FONT]

[FONT=Calibri][HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND[/FONT]

[FONT=Calibri][HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND[/FONT]

[FONT=Calibri][HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[/FONT]

[FONT=Calibri][HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[/FONT]

[FONT=Calibri][FILEASSO] HKLM\[...]\command : (C:\Program Files (x86)\Internet Explorer\iexplore.exe) -> FOUND[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]¤¤¤ Particular Files / Folders: ¤¤¤[/FONT]

[FONT=Calibri][ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-788865697-3205942769-3514527554-1001\$7ca8975b26d4caab17fbc64d6538852e\U --> FOUND[/FONT]

[FONT=Calibri][ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-788865697-3205942769-3514527554-1001\$7ca8975b26d4caab17fbc64d6538852e\L --> FOUND[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]¤¤¤ Driver : [NOT LOADED] ¤¤¤[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]¤¤¤ Infection : ZeroAccess ¤¤¤[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]¤¤¤ HOSTS File: ¤¤¤[/FONT]

[FONT=Calibri]--> C:\Windows\system32\drivers\etc\hosts[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]¤¤¤ MBR Check: ¤¤¤[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]+++++ PhysicalDrive0: ST31000524AS ATA Device +++++[/FONT]

[FONT=Calibri]--- User ---[/FONT]

[FONT=Calibri][MBR] 38188122449a5d7ccb4f014e9760dbd8[/FONT]

[FONT=Calibri][BSP] 0d5557623343827e718ad65654a1033c : Windows Vista MBR Code[/FONT]

[FONT=Calibri]Partition table:[/FONT]

[FONT=Calibri]0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo[/FONT]

[FONT=Calibri]1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15166 Mo[/FONT]

[FONT=Calibri]2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31141888 | Size: 938662 Mo[/FONT]

[FONT=Calibri]User = LL1 ... OK![/FONT]

[FONT=Calibri]User = LL2 ... OK![/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++[/FONT]

[FONT=Calibri]Error reading User MBR![/FONT]

[FONT=Calibri]User = LL1 ... OK![/FONT]

[FONT=Calibri]Error reading LL2 MBR![/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++[/FONT]

[FONT=Calibri]Error reading User MBR![/FONT]

[FONT=Calibri]User = LL1 ... OK![/FONT]

[FONT=Calibri]Error reading LL2 MBR![/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]+++++ PhysicalDrive3: Generic- SM/xD Picture USB Device +++++[/FONT]

[FONT=Calibri]Error reading User MBR![/FONT]

[FONT=Calibri]User = LL1 ... OK![/FONT]

[FONT=Calibri]Error reading LL2 MBR![/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++[/FONT]

[FONT=Calibri]Error reading User MBR![/FONT]

[FONT=Calibri]User = LL1 ... OK![/FONT]

[FONT=Calibri]Error reading LL2 MBR![/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Finished : << RKreport[2].txt >>[/FONT]

[FONT=Calibri]RKreport[1].txt ; RKreport[2].txt[/FONT]
 
[FONT=Calibri]RogueKiller V8.1.1 [10/01/2012] by Tigzy[/FONT]

[FONT=Calibri]mail: tigzyRK<at>gmail<dot>com[/FONT]

[FONT=Calibri]Feedback: https://www.techspot.com/downloads/5562-roguekiller.html[/FONT]

[FONT=Calibri]Website: http://tigzy.geekstogo.com/roguekiller.php[/FONT]

[FONT=Calibri]Blog: http://tigzyrk.blogspot.com[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version[/FONT]

[FONT=Calibri]Started in : Normal mode[/FONT]

[FONT=Calibri]User : Dawn Barrientos [Admin rights][/FONT]

[FONT=Calibri]Mode : Remove -- Date : 10/22/2012 23:44:32[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]¤¤¤ Bad processes : 7 ¤¤¤[/FONT]

[FONT=Calibri][SUSP PATH][DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Dawn Barrientos\AppData\Local\Apple\APN\rsdbkta.dll -> KILLED [TermProc][/FONT]

[FONT=Calibri][RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc][/FONT]

[FONT=Calibri][RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc][/FONT]

[FONT=Calibri][RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc][/FONT]

[FONT=Calibri][RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc][/FONT]

[FONT=Calibri][RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc][/FONT]

[FONT=Calibri][RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc][/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]¤¤¤ Registry Entries : 9 ¤¤¤[/FONT]

[FONT=Calibri][RUN][SUSP PATH] HKCU\[...]\Run : APN (rundll32.exe "C:\Users\Dawn Barrientos\AppData\Local\Apple\APN\rsdbkta.dll",fltInfoW) -> DELETED[/FONT]

[FONT=Calibri][TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> DELETED[/FONT]

[FONT=Calibri][TASK][ROGUE ST] 4785 : wscript.exe C:\Users\DAWNBA~1\AppData\Local\Temp\launchie.vbs //B -> DELETED[/FONT]

[FONT=Calibri][TASK][SUSP PATH] winupd : C:\Users\DAWNBA~1\AppData\Local\Temp:winupd.exe -> DELETED[/FONT]

[FONT=Calibri][HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED[/FONT]

[FONT=Calibri][HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED[/FONT]

[FONT=Calibri][HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)[/FONT]

[FONT=Calibri][HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)[/FONT]

[FONT=Calibri][FILEASSO] HKLM\[...]\command : (C:\Program Files (x86)\Internet Explorer\iexplore.exe) -> REPLACED ("C:\Program Files (x86)\Internet Explorer\iexplore.exe")[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]¤¤¤ Particular Files / Folders: ¤¤¤[/FONT]

[FONT=Calibri][ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-788865697-3205942769-3514527554-1001\$7ca8975b26d4caab17fbc64d6538852e\U --> REMOVED[/FONT]

[FONT=Calibri][ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-788865697-3205942769-3514527554-1001\$7ca8975b26d4caab17fbc64d6538852e\L --> REMOVED[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]¤¤¤ Driver : [NOT LOADED] ¤¤¤[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]¤¤¤ Infection : ZeroAccess ¤¤¤[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]¤¤¤ HOSTS File: ¤¤¤[/FONT]

[FONT=Calibri]--> C:\Windows\system32\drivers\etc\hosts[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]¤¤¤ MBR Check: ¤¤¤[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]+++++ PhysicalDrive0: ST31000524AS ATA Device +++++[/FONT]

[FONT=Calibri]--- User ---[/FONT]

[FONT=Calibri][MBR] 38188122449a5d7ccb4f014e9760dbd8[/FONT]

[FONT=Calibri][BSP] 0d5557623343827e718ad65654a1033c : Windows Vista MBR Code[/FONT]

[FONT=Calibri]Partition table:[/FONT]

[FONT=Calibri]0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo[/FONT]

[FONT=Calibri]1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15166 Mo[/FONT]

[FONT=Calibri]2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31141888 | Size: 938662 Mo[/FONT]

[FONT=Calibri]User = LL1 ... OK![/FONT]

[FONT=Calibri]User = LL2 ... OK![/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++[/FONT]

[FONT=Calibri]Error reading User MBR![/FONT]

[FONT=Calibri]User = LL1 ... OK![/FONT]

[FONT=Calibri]Error reading LL2 MBR![/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++[/FONT]

[FONT=Calibri]Error reading User MBR![/FONT]

[FONT=Calibri]User = LL1 ... OK![/FONT]

[FONT=Calibri]Error reading LL2 MBR![/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]+++++ PhysicalDrive3: Generic- SM/xD Picture USB Device +++++[/FONT]

[FONT=Calibri]Error reading User MBR![/FONT]

[FONT=Calibri]User = LL1 ... OK![/FONT]

[FONT=Calibri]Error reading LL2 MBR![/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++[/FONT]

[FONT=Calibri]Error reading User MBR![/FONT]

[FONT=Calibri]User = LL1 ... OK![/FONT]

[FONT=Calibri]Error reading LL2 MBR![/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Finished : << RKreport[3].txt >>[/FONT]

[FONT=Calibri]RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software[/FONT]

[FONT=Calibri]Run date: 2012-10-22 23:50:54[/FONT]

[FONT=Calibri]-----------------------------[/FONT]

[FONT=Calibri]23:50:54.116 OS Version: Windows x64 6.1.7601 Service Pack 1[/FONT]

[FONT=Calibri]23:50:54.116 Number of processors: 4 586 0x503[/FONT]

[FONT=Calibri]23:50:54.116 ComputerName: FAMILYROOM2 UserName: [/FONT]

[FONT=Calibri]23:50:59.109 Initialize success[/FONT]

[FONT=Calibri]23:51:45.866 AVAST engine defs: 12102201[/FONT]

[FONT=Calibri]23:51:57.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0[/FONT]

[FONT=Calibri]23:51:57.358 Disk 0 Vendor: ST31000524AS JC47 Size: 953869MB BusType: 11[/FONT]

[FONT=Calibri]23:51:57.374 Disk 0 MBR read successfully[/FONT]

[FONT=Calibri]23:51:57.389 Disk 0 MBR scan[/FONT]

[FONT=Calibri]23:51:57.389 Disk 0 Windows VISTA default MBR code[/FONT]

[FONT=Calibri]23:51:57.405 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63[/FONT]

[FONT=Calibri]23:51:57.405 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15166 MB offset 81920[/FONT]

[FONT=Calibri]23:51:57.436 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 938662 MB offset 31141888[/FONT]

[FONT=Calibri]23:51:57.592 Disk 0 scanning C:\Windows\system32\drivers[/FONT]

[FONT=Calibri]23:52:09.214 Service scanning[/FONT]

[FONT=Calibri]23:52:28.683 Modules scanning[/FONT]

[FONT=Calibri]23:52:28.699 Disk 0 trace - called modules:[/FONT]

[FONT=Calibri]23:52:28.714 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys [/FONT]

[FONT=Calibri]23:52:28.730 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005fc7060][/FONT]

[FONT=Calibri]23:52:28.730 3 CLASSPNP.SYS[fffff8800197b43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005ef4680][/FONT]

[FONT=Calibri]23:52:30.290 AVAST engine scan C:\Windows[/FONT]

[FONT=Calibri]23:52:32.521 AVAST engine scan C:\Windows\system32[/FONT]

[FONT=Calibri]23:57:07.045 AVAST engine scan C:\Windows\system32\drivers[/FONT]

[FONT=Calibri]23:57:20.913 AVAST engine scan C:\Users\Dawn Barrientos[/FONT]

[FONT=Calibri]23:57:21.693 File: C:\Users\Dawn Barrientos\AppData\Local\Apple\APN\rsdbkta.dll **INFECTED** Win32:Trojan-gen[/FONT]

[FONT=Calibri]23:58:36.182 Disk 0 MBR has been saved successfully to "C:\Users\Dawn Barrientos\Desktop\MBR.dat"[/FONT]

[FONT=Calibri]23:58:36.182 The log file has been saved successfully to "C:\Users\Dawn Barrientos\Desktop\aswMBR.txt"[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] [/FONT]
 
I apologize.
It looks like email notification missed me.

Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

=================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni

Latest posts

Back