Jump to content

thanatos65

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you again MrC that fixed it and my daughter has her pictures and documents back. Perfect!!
  2. I recently was help by the wonderful MrC to remove a nasty trojan svchost.exe problem, and the computer is now nice and clean and running smooth. My daughter went back to work on her computer and discovered that all her photos, documents, and videos are missing. I am hoping that they are just hidden as I have heard reports of this on the internet. Can someone help me to find these files. Thank you
  3. Absolutely wonderful. I would not have gotten rid of this problem without his patient and very detailed help. Thank you so much Mr. C

  4. It is great!!! No more slowdowns, no more blue screen crashes. Thank you so much for everything. So what do I need to uninstall now?
  5. Scan completed, nothing found. Log file attached. Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.25.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 kaelynn :: PSYCH [administrator] 3/31/2012 2:04:46 PM mbam-log-2012-03-31 (14-04-46).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 193960 Time elapsed: 22 minute(s), 18 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  6. Ok, combofix was run. On the reboot McAfee reenabled itself and blocked some part of combofix from running. I said that combofix was a trusted program. At that time Internet Explorer wouldn't run. I rebooted and IE is now running. Here is the log from when I ran combofix. Thank you again MrC ComboFix 12-03-31.02 - kaelynn 03/31/2012 7:51.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1787.755 [GMT -7:00] Running from: c:\users\kaelynn\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\kaelynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check c:\users\kaelynn\Documents\~WRL0005.tmp c:\users\kaelynn\Documents\~WRL1454.tmp c:\users\kaelynn\Documents\~WRL2980.tmp c:\users\kaelynn\Documents\~WRL2991.tmp c:\windows\SysWow64\config\systemprofile\Librarys\wgesdwx . . ((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-31 ))))))))))))))))))))))))))))))) . . 2012-03-31 15:04 . 2012-03-31 15:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-31 10:01 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-31 10:01 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-31 10:01 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-31 05:37 . 2012-03-31 05:37 -------- d-----w- C:\TDSSKiller_Quarantine 2012-03-28 06:21 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-03-28 06:21 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-03-28 06:20 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-03-28 06:20 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-28 06:20 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-28 06:20 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-28 02:45 . 2012-03-28 02:45 -------- d-----w- C:\35b90b9ae621dcb593efe88bb930 2012-03-28 02:39 . 2012-03-28 02:39 -------- d-----w- c:\program files (x86)\GUMDBAB.tmp 2012-03-28 02:39 . 2012-03-28 02:39 3993600 ----a-w- c:\program files (x86)\GUTDBBB.tmp 2012-03-26 02:07 . 2012-03-26 02:07 -------- d-----w- C:\Sun 2012-03-25 16:17 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-03-25 15:42 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-25 15:42 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-25 05:43 . 2011-12-10 22:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-25 05:41 . 2012-03-25 05:41 29808 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-03-25 02:54 . 2012-03-25 02:54 -------- d-----w- c:\users\kaelynn\AppData\Roaming\Malwarebytes 2012-03-25 02:54 . 2012-03-25 02:54 -------- d-----w- c:\programdata\Malwarebytes 2012-03-25 02:53 . 2012-03-25 05:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-03-24 21:54 . 2012-03-31 15:03 -------- d-----w- c:\windows\SysWow64\config\systemprofile\Librarys 2012-03-24 17:41 . 2012-03-24 17:41 5120 ---ha-w- c:\programdata\Microsoft\Windows\DRM\3E8.tmp 2012-03-24 17:41 . 2012-03-24 17:41 5120 ---ha-w- c:\programdata\Microsoft\Windows\DRM\3E7.tmp 2012-03-17 04:08 . 2012-03-17 04:08 -------- d-----w- C:\15917585ff42290acc083d07979c 2012-03-17 01:16 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-28 02:53 . 2010-10-20 08:36 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-01-04 10:44 . 2012-02-17 03:07 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-01-04 08:58 . 2012-02-17 03:07 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-05 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 421160] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296] "WTClient"="WTClient.exe" [2009-10-05 32768] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-23 1675160] . c:\users\kaelynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech . Product Registration.lnk - c:\program files\Logitech\Logitech WebCam Software\eReg.exe [2009-10-14 517384] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-05 136176] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992] R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-05 136176] R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x] R3 LVUVC64;QuickCam for Notebooks Deluxe(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x] R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-01-28 225216] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x] S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680] S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x] S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2012-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-05 18:43] . 2012-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-05 18:43] . 2012-03-28 c:\windows\Tasks\HPCeeScheduleForkaelynn.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . 2012-03-03 c:\windows\Tasks\HPCeeScheduleForPSYCH$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter] @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}" [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter] @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}" [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter] @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}" [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter] @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}" [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter] @="{855156F0-2A0F-11DE-8C30-0800200C9A66}" [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-09-22 6489704] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192] "McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 436384] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe c:\windows\SysWOW64\rundll32.exe c:\windows\System32\Drivers\WTSRV.EXE c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe . ************************************************************************** . Completion time: 2012-03-31 08:16:10 - machine was rebooted ComboFix-quarantined-files.txt 2012-03-31 15:16 . Pre-Run: 159,346,946,048 bytes free Post-Run: 160,156,790,784 bytes free . - - End Of File - - 74603AF6D481A6DE919823F0017D1EC5
  7. Mr. C, After I ran TDSSKiller I scanned with MalwareBytes and it found and removed the svchost.exe file in the Windows directory. Sorry for not waiting for your next instructions, I got excited to see a light at the end of this tunnel. Also sometime last night the computer installed a Windows update and rebooted, I heard it in the middle of the night and saw the message that it did that. Should I still download and run combofix? Thank you so much for your help so far and patience.
  8. OK, program run, computer seems to be more responsive. Here is the report: 22:26:53.0363 4688 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18 22:26:55.0407 4688 ============================================================ 22:26:55.0407 4688 Current date / time: 2012/03/30 22:26:55.0407 22:26:55.0407 4688 SystemInfo: 22:26:55.0407 4688 22:26:55.0407 4688 OS Version: 6.1.7601 ServicePack: 1.0 22:26:55.0407 4688 Product type: Workstation 22:26:55.0407 4688 ComputerName: PSYCH 22:26:55.0407 4688 UserName: kaelynn 22:26:55.0407 4688 Windows directory: C:\Windows 22:26:55.0407 4688 System windows directory: C:\Windows 22:26:55.0407 4688 Running under WOW64 22:26:55.0407 4688 Processor architecture: Intel x64 22:26:55.0407 4688 Number of processors: 2 22:26:55.0407 4688 Page size: 0x1000 22:26:55.0407 4688 Boot type: Normal boot 22:26:55.0407 4688 ============================================================ 22:27:05.0406 4688 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 22:27:05.0500 4688 \Device\Harddisk0\DR0: 22:27:05.0640 4688 MBR used 22:27:05.0640 4688 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800 22:27:05.0640 4688 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1AAD9000 22:27:05.0640 4688 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1AB3D000, BlocksNum 0x2654800 22:27:05.0640 4688 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970 22:27:06.0405 4688 Initialize success 22:27:06.0405 4688 ============================================================ 22:27:40.0772 5984 ============================================================ 22:27:40.0772 5984 Scan started 22:27:40.0772 5984 Mode: Manual; SigCheck; TDLFS; 22:27:40.0772 5984 ============================================================ 22:27:45.0498 5984 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 22:27:46.0013 5984 1394ohci - ok 22:27:46.0216 5984 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 22:27:46.0278 5984 ACPI - ok 22:27:46.0388 5984 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 22:27:46.0700 5984 AcpiPmi - ok 22:27:46.0746 5984 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 22:27:46.0809 5984 adp94xx - ok 22:27:46.0965 5984 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 22:27:46.0996 5984 adpahci - ok 22:27:47.0121 5984 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 22:27:47.0152 5984 adpu320 - ok 22:27:47.0214 5984 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 22:27:47.0682 5984 AeLookupSvc - ok 22:27:47.0854 5984 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe 22:27:48.0010 5984 AERTFilters - ok 22:27:48.0260 5984 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 22:27:48.0416 5984 AFD - ok 22:27:48.0572 5984 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 22:27:48.0618 5984 agp440 - ok 22:27:48.0681 5984 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 22:27:48.0837 5984 ALG - ok 22:27:48.0962 5984 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 22:27:49.0008 5984 aliide - ok 22:27:49.0133 5984 AMD External Events Utility (09fcd2c758f1ad3df931ab9d944fe348) C:\Windows\system32\atiesrxx.exe 22:27:49.0664 5984 AMD External Events Utility - ok 22:27:49.0898 5984 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 22:27:49.0913 5984 amdide - ok 22:27:49.0976 5984 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 22:27:50.0085 5984 AmdK8 - ok 22:27:50.0366 5984 amdkmdag (2e76d0a912ab09ca5586ab23e466a25f) C:\Windows\system32\DRIVERS\atikmdag.sys 22:27:51.0114 5984 amdkmdag - ok 22:27:51.0255 5984 amdkmdap (dd3c0c1b62da0736482501c4bcdcd1f8) C:\Windows\system32\DRIVERS\atikmpag.sys 22:27:51.0504 5984 amdkmdap - ok 22:27:51.0582 5984 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 22:27:51.0629 5984 AmdPPM - ok 22:27:51.0692 5984 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 22:27:51.0848 5984 amdsata - ok 22:27:51.0879 5984 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 22:27:51.0910 5984 amdsbs - ok 22:27:51.0988 5984 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 22:27:51.0988 5984 amdxata - ok 22:27:52.0035 5984 amd_sata (08e8a4172c57abd7693a6915cf1e7a99) C:\Windows\system32\DRIVERS\amd_sata.sys 22:27:52.0113 5984 amd_sata - ok 22:27:52.0128 5984 amd_xata (9866af4e4ad7f16e810b6c0b8473f9cd) C:\Windows\system32\DRIVERS\amd_xata.sys 22:27:52.0144 5984 amd_xata - ok 22:27:52.0222 5984 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 22:27:52.0596 5984 AppID - ok 22:27:52.0674 5984 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 22:27:52.0877 5984 AppIDSvc - ok 22:27:52.0955 5984 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 22:27:53.0298 5984 Appinfo - ok 22:27:53.0439 5984 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 22:27:53.0454 5984 Apple Mobile Device - ok 22:27:53.0548 5984 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 22:27:53.0610 5984 arc - ok 22:27:53.0642 5984 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 22:27:53.0704 5984 arcsas - ok 22:27:53.0782 5984 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 22:27:54.0000 5984 AsyncMac - ok 22:27:54.0063 5984 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 22:27:54.0094 5984 atapi - ok 22:27:54.0671 5984 athr (40734f3a5eec4c4ac6a1faf10b293714) C:\Windows\system32\DRIVERS\athrx.sys 22:27:55.0108 5984 athr - ok 22:27:55.0233 5984 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys 22:27:55.0326 5984 AtiHdmiService - ok 22:27:55.0389 5984 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys 22:27:55.0404 5984 AtiPcie - ok 22:27:55.0529 5984 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 22:27:55.0685 5984 AudioEndpointBuilder - ok 22:27:55.0701 5984 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 22:27:55.0748 5984 AudioSrv - ok 22:27:55.0826 5984 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 22:27:56.0153 5984 AxInstSV - ok 22:27:56.0262 5984 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 22:27:56.0465 5984 b06bdrv - ok 22:27:56.0996 5984 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 22:27:57.0136 5984 b57nd60a - ok 22:27:57.0479 5984 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 22:27:57.0729 5984 BDESVC - ok 22:27:57.0963 5984 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 22:27:58.0103 5984 Beep - ok 22:27:58.0618 5984 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 22:27:58.0790 5984 BFE - ok 22:27:58.0899 5984 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 22:27:59.0055 5984 BITS - ok 22:27:59.0117 5984 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 22:27:59.0180 5984 blbdrive - ok 22:27:59.0398 5984 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe 22:27:59.0414 5984 Bonjour Service - ok 22:27:59.0538 5984 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 22:27:59.0601 5984 bowser - ok 22:27:59.0710 5984 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 22:27:59.0835 5984 BrFiltLo - ok 22:27:59.0850 5984 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 22:28:00.0100 5984 BrFiltUp - ok 22:28:00.0147 5984 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 22:28:00.0365 5984 Browser - ok 22:28:00.0443 5984 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 22:28:00.0521 5984 Brserid - ok 22:28:00.0568 5984 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 22:28:00.0615 5984 BrSerWdm - ok 22:28:00.0662 5984 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 22:28:00.0708 5984 BrUsbMdm - ok 22:28:00.0755 5984 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 22:28:00.0833 5984 BrUsbSer - ok 22:28:00.0989 5984 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 22:28:01.0036 5984 BTHMODEM - ok 22:28:01.0083 5984 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 22:28:01.0192 5984 bthserv - ok 22:28:01.0239 5984 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 22:28:01.0332 5984 cdfs - ok 22:28:01.0442 5984 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 22:28:01.0566 5984 cdrom - ok 22:28:01.0785 5984 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 22:28:01.0988 5984 CertPropSvc - ok 22:28:02.0144 5984 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys 22:28:02.0222 5984 cfwids - ok 22:28:02.0284 5984 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 22:28:02.0331 5984 circlass - ok 22:28:02.0378 5984 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 22:28:02.0409 5984 CLFS - ok 22:28:02.0471 5984 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:28:02.0502 5984 clr_optimization_v2.0.50727_32 - ok 22:28:02.0534 5984 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 22:28:02.0565 5984 clr_optimization_v2.0.50727_64 - ok 22:28:02.0877 5984 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 22:28:02.0955 5984 clr_optimization_v4.0.30319_32 - ok 22:28:03.0048 5984 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 22:28:03.0064 5984 clr_optimization_v4.0.30319_64 - ok 22:28:03.0173 5984 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys 22:28:03.0251 5984 clwvd - ok 22:28:03.0314 5984 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 22:28:03.0392 5984 CmBatt - ok 22:28:03.0438 5984 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 22:28:03.0454 5984 cmdide - ok 22:28:03.0501 5984 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 22:28:03.0579 5984 CNG - ok 22:28:03.0657 5984 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 22:28:03.0688 5984 Compbatt - ok 22:28:03.0766 5984 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 22:28:03.0891 5984 CompositeBus - ok 22:28:04.0203 5984 COMSysApp - ok 22:28:04.0296 5984 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 22:28:04.0359 5984 crcdisk - ok 22:28:04.0858 5984 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 22:28:05.0154 5984 CryptSvc - ok 22:28:05.0373 5984 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 22:28:05.0654 5984 cvhsvc - ok 22:28:06.0231 5984 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 22:28:06.0761 5984 DcomLaunch - ok 22:28:07.0182 5984 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 22:28:07.0292 5984 defragsvc - ok 22:28:07.0822 5984 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 22:28:07.0947 5984 DfsC - ok 22:28:08.0415 5984 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 22:28:08.0664 5984 Dhcp - ok 22:28:09.0616 5984 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 22:28:09.0944 5984 discache - ok 22:28:10.0661 5984 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 22:28:10.0692 5984 Disk - ok 22:28:11.0223 5984 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 22:28:11.0675 5984 Dnscache - ok 22:28:12.0252 5984 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 22:28:12.0689 5984 dot3svc - ok 22:28:13.0298 5984 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 22:28:13.0953 5984 DPS - ok 22:28:14.0702 5984 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 22:28:15.0076 5984 drmkaud - ok 22:28:15.0794 5984 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 22:28:15.0965 5984 DXGKrnl - ok 22:28:16.0168 5984 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 22:28:16.0293 5984 EapHost - ok 22:28:17.0073 5984 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 22:28:17.0712 5984 ebdrv - ok 22:28:18.0539 5984 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 22:28:19.0194 5984 EFS - ok 22:28:19.0538 5984 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 22:28:19.0818 5984 ehRecvr - ok 22:28:19.0974 5984 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 22:28:20.0037 5984 ehSched - ok 22:28:20.0427 5984 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 22:28:20.0754 5984 elxstor - ok 22:28:21.0503 5984 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe 22:28:21.0862 5984 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning 22:28:21.0862 5984 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1) 22:28:22.0174 5984 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 22:28:22.0346 5984 ErrDev - ok 22:28:23.0609 5984 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 22:28:23.0828 5984 EventSystem - ok 22:28:24.0420 5984 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 22:28:24.0608 5984 exfat - ok 22:28:25.0731 5984 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 22:28:25.0918 5984 fastfat - ok 22:28:26.0745 5984 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 22:28:27.0228 5984 Fax - ok 22:28:27.0696 5984 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 22:28:27.0759 5984 fdc - ok 22:28:28.0055 5984 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 22:28:28.0180 5984 fdPHost - ok 22:28:28.0289 5984 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 22:28:28.0476 5984 FDResPub - ok 22:28:28.0960 5984 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 22:28:29.0038 5984 FileInfo - ok 22:28:29.0163 5984 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 22:28:29.0475 5984 Filetrace - ok 22:28:30.0005 5984 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 22:28:30.0068 5984 flpydisk - ok 22:28:30.0239 5984 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 22:28:30.0302 5984 FltMgr - ok 22:28:30.0692 5984 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 22:28:31.0160 5984 FontCache - ok 22:28:31.0284 5984 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 22:28:31.0394 5984 FontCache3.0.0.0 - ok 22:28:31.0503 5984 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 22:28:31.0518 5984 FsDepends - ok 22:28:31.0550 5984 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 22:28:31.0612 5984 Fs_Rec - ok 22:28:31.0752 5984 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 22:28:31.0768 5984 fvevol - ok 22:28:31.0846 5984 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 22:28:31.0877 5984 gagp30kx - ok 22:28:31.0971 5984 GameConsoleService (d154305de6090e6e84e525f84bb08a06) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe 22:28:32.0127 5984 GameConsoleService - ok 22:28:32.0252 5984 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 22:28:32.0330 5984 GEARAspiWDM - ok 22:28:32.0439 5984 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 22:28:32.0720 5984 gpsvc - ok 22:28:33.0078 5984 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 22:28:33.0141 5984 gupdate - ok 22:28:33.0188 5984 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 22:28:33.0203 5984 gupdatem - ok 22:28:33.0281 5984 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 22:28:33.0297 5984 gusvc - ok 22:28:33.0593 5984 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 22:28:33.0812 5984 hcw85cir - ok 22:28:34.0404 5984 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 22:28:34.0857 5984 HdAudAddService - ok 22:28:35.0262 5984 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 22:28:35.0465 5984 HDAudBus - ok 22:28:35.0543 5984 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 22:28:35.0606 5984 HidBatt - ok 22:28:35.0715 5984 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 22:28:35.0777 5984 HidBth - ok 22:28:35.0824 5984 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 22:28:35.0886 5984 HidIr - ok 22:28:35.0933 5984 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 22:28:36.0027 5984 hidserv - ok 22:28:36.0089 5984 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 22:28:36.0198 5984 HidUsb - ok 22:28:36.0308 5984 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 22:28:36.0479 5984 hkmsvc - ok 22:28:36.0573 5984 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 22:28:36.0744 5984 HomeGroupListener - ok 22:28:37.0041 5984 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 22:28:37.0072 5984 HomeGroupProvider - ok 22:28:37.0353 5984 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 22:28:37.0384 5984 HP Support Assistant Service - ok 22:28:37.0602 5984 HP Wireless Assistant Service (c930128c8f8ff03d8f8c42b570920d56) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe 22:28:37.0712 5984 HP Wireless Assistant Service - ok 22:28:37.0774 5984 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe 22:28:37.0946 5984 HPClientSvc - ok 22:28:38.0164 5984 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 22:28:38.0195 5984 HPDrvMntSvc.exe - ok 22:28:38.0382 5984 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 22:28:38.0460 5984 hpqwmiex - ok 22:28:38.0835 5984 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 22:28:39.0116 5984 HpSAMD - ok 22:28:39.0552 5984 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe 22:28:39.0615 5984 HPWMISVC - ok 22:28:39.0833 5984 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 22:28:39.0958 5984 HTTP - ok 22:28:40.0208 5984 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 22:28:40.0223 5984 hwpolicy - ok 22:28:40.0317 5984 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 22:28:40.0364 5984 i8042prt - ok 22:28:40.0644 5984 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 22:28:40.0769 5984 iaStorV - ok 22:28:40.0894 5984 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 22:28:41.0128 5984 idsvc - ok 22:28:41.0955 5984 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys 22:28:42.0236 5984 igfx - ok 22:28:42.0423 5984 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 22:28:42.0454 5984 iirsp - ok 22:28:42.0563 5984 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 22:28:42.0782 5984 IKEEXT - ok 22:28:42.0922 5984 IntcAzAudAddService (d311e2dd59a34079d89c249b2a4d9fdb) C:\Windows\system32\drivers\RTKVHD64.sys 22:28:43.0109 5984 IntcAzAudAddService - ok 22:28:43.0156 5984 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 22:28:43.0172 5984 intelide - ok 22:28:43.0328 5984 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 22:28:43.0406 5984 intelppm - ok 22:28:43.0484 5984 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 22:28:43.0577 5984 IPBusEnum - ok 22:28:43.0671 5984 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:28:43.0858 5984 IpFilterDriver - ok 22:28:43.0998 5984 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 22:28:44.0279 5984 iphlpsvc - ok 22:28:44.0513 5984 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 22:28:44.0919 5984 IPMIDRV - ok 22:28:45.0059 5984 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 22:28:45.0231 5984 IPNAT - ok 22:28:45.0839 5984 iPod Service (d38469601b72d2da4f847fc642174e21) C:\Program Files\iPod\bin\iPodService.exe 22:28:45.0870 5984 iPod Service - ok 22:28:46.0214 5984 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 22:28:46.0416 5984 IRENUM - ok 22:28:46.0744 5984 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 22:28:46.0806 5984 isapnp - ok 22:28:46.0900 5984 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 22:28:47.0072 5984 iScsiPrt - ok 22:28:47.0181 5984 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 22:28:47.0212 5984 kbdclass - ok 22:28:47.0508 5984 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 22:28:47.0727 5984 kbdhid - ok 22:28:47.0898 5984 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 22:28:47.0930 5984 KeyIso - ok 22:28:48.0008 5984 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 22:28:48.0039 5984 KSecDD - ok 22:28:48.0242 5984 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 22:28:48.0273 5984 KSecPkg - ok 22:28:49.0022 5984 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 22:28:49.0131 5984 ksthunk - ok 22:28:49.0302 5984 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 22:28:49.0536 5984 KtmRm - ok 22:28:49.0880 5984 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 22:28:50.0582 5984 LanmanServer - ok 22:28:50.0769 5984 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 22:28:51.0034 5984 LanmanWorkstation - ok 22:28:51.0486 5984 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 22:28:51.0596 5984 lltdio - ok 22:28:51.0705 5984 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 22:28:51.0954 5984 lltdsvc - ok 22:28:52.0095 5984 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 22:28:52.0407 5984 lmhosts - ok 22:28:52.0516 5984 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 22:28:52.0547 5984 LSI_FC - ok 22:28:52.0875 5984 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 22:28:52.0937 5984 LSI_SAS - ok 22:28:53.0249 5984 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 22:28:53.0296 5984 LSI_SAS2 - ok 22:28:53.0514 5984 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 22:28:53.0546 5984 LSI_SCSI - ok 22:28:53.0655 5984 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 22:28:53.0936 5984 luafv - ok 22:28:54.0513 5984 lvpopf64 (b2085e335f2b57077b0cbadb6f1245cd) C:\Windows\system32\DRIVERS\lvpopf64.sys 22:28:54.0653 5984 lvpopf64 - ok 22:28:54.0778 5984 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys 22:28:54.0809 5984 LVPr2M64 - ok 22:28:54.0856 5984 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys 22:28:54.0903 5984 LVPr2Mon - ok 22:28:55.0059 5984 LVPrcS64 (a35679e56e78091e1042a2d7adbf2958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe 22:28:55.0137 5984 LVPrcS64 - ok 22:28:55.0324 5984 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys 22:28:55.0464 5984 LVRS64 - ok 22:28:57.0368 5984 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys 22:28:58.0116 5984 LVUVC64 - ok 22:28:58.0600 5984 MarvinBus (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys 22:28:58.0974 5984 MarvinBus - ok 22:28:59.0645 5984 mbamchameleon (51914228d4b9610fba24f249c0fdd871) C:\Windows\system32\drivers\mbamchameleon.sys 22:28:59.0895 5984 mbamchameleon - ok 22:29:00.0238 5984 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 22:29:00.0332 5984 McAfee SiteAdvisor Service - ok 22:29:01.0034 5984 McAWFwk (f48571922079bbab289c57bafefe88f3) c:\PROGRA~1\mcafee\msc\mcawfwk.exe 22:29:01.0361 5984 McAWFwk - ok 22:29:02.0048 5984 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 22:29:02.0094 5984 McMPFSvc - ok 22:29:03.0140 5984 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 22:29:03.0374 5984 mcmscsvc - ok 22:29:03.0514 5984 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 22:29:03.0608 5984 McNaiAnn - ok 22:29:03.0686 5984 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 22:29:03.0717 5984 McNASvc - ok 22:29:04.0107 5984 McODS (07b89e7de2f7971cf7eef0262207c4de) C:\Program Files\McAfee\VirusScan\mcods.exe 22:29:04.0278 5984 McODS - ok 22:29:04.0637 5984 McOobeSv (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 22:29:04.0684 5984 McOobeSv - ok 22:29:04.0871 5984 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 22:29:04.0934 5984 McProxy - ok 22:29:05.0386 5984 McPvDrv (a0c364079e7ae6c3127bee8e196f00e5) C:\Windows\system32\drivers\McPvDrv.sys 22:29:05.0433 5984 McPvDrv - ok 22:29:05.0714 5984 McShield (325b166bf78d8a8ad93e44ca7a6fc332) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe 22:29:05.0948 5984 McShield - ok 22:29:06.0182 5984 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 22:29:06.0275 5984 Mcx2Svc - ok 22:29:06.0696 5984 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 22:29:06.0790 5984 megasas - ok 22:29:07.0274 5984 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 22:29:07.0320 5984 MegaSR - ok 22:29:08.0038 5984 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys 22:29:08.0241 5984 mfeapfk - ok 22:29:09.0395 5984 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys 22:29:09.0567 5984 mfeavfk - ok 22:29:10.0035 5984 mfeavfk01 - ok 22:29:10.0440 5984 mfefire (7d8fdc43972d059907e09ee4022f77e8) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe 22:29:10.0518 5984 mfefire - ok 22:29:11.0642 5984 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys 22:29:11.0907 5984 mfefirek - ok 22:29:12.0999 5984 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys 22:29:13.0046 5984 mfehidk - ok 22:29:13.0311 5984 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys 22:29:13.0592 5984 mfenlfk - ok 22:29:14.0060 5984 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys 22:29:14.0247 5984 mferkdet - ok 22:29:15.0354 5984 mfevtp (8a78905057308b084eaa29a9fe1b4f58) C:\Windows\system32\mfevtps.exe 22:29:15.0588 5984 mfevtp - ok 22:29:15.0978 5984 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys 22:29:16.0010 5984 mfewfpk - ok 22:29:16.0275 5984 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 22:29:16.0368 5984 MMCSS - ok 22:29:16.0680 5984 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 22:29:16.0821 5984 Modem - ok 22:29:17.0024 5984 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 22:29:17.0133 5984 monitor - ok 22:29:17.0476 5984 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 22:29:17.0570 5984 mouclass - ok 22:29:17.0960 5984 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 22:29:18.0022 5984 mouhid - ok 22:29:18.0100 5984 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 22:29:18.0147 5984 mountmgr - ok 22:29:18.0256 5984 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 22:29:18.0381 5984 mpio - ok 22:29:18.0474 5984 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 22:29:18.0537 5984 mpsdrv - ok 22:29:18.0677 5984 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 22:29:18.0771 5984 MpsSvc - ok 22:29:18.0833 5984 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 22:29:19.0020 5984 MRxDAV - ok 22:29:19.0098 5984 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 22:29:19.0192 5984 mrxsmb - ok 22:29:19.0239 5984 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:29:19.0286 5984 mrxsmb10 - ok 22:29:19.0442 5984 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:29:19.0473 5984 mrxsmb20 - ok 22:29:19.0676 5984 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 22:29:19.0691 5984 msahci - ok 22:29:19.0785 5984 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 22:29:19.0910 5984 msdsm - ok 22:29:19.0956 5984 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 22:29:20.0034 5984 MSDTC - ok 22:29:20.0128 5984 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 22:29:20.0237 5984 Msfs - ok 22:29:20.0284 5984 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 22:29:20.0409 5984 mshidkmdf - ok 22:29:20.0580 5984 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 22:29:20.0861 5984 msisadrv - ok 22:29:20.0924 5984 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 22:29:21.0080 5984 MSiSCSI - ok 22:29:21.0111 5984 msiserver - ok 22:29:21.0236 5984 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 22:29:21.0267 5984 MSK80Service - ok 22:29:21.0392 5984 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 22:29:21.0470 5984 MSKSSRV - ok 22:29:21.0501 5984 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 22:29:21.0579 5984 MSPCLOCK - ok 22:29:21.0594 5984 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 22:29:21.0657 5984 MSPQM - ok 22:29:21.0719 5984 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 22:29:21.0750 5984 MsRPC - ok 22:29:21.0797 5984 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 22:29:21.0813 5984 mssmbios - ok 22:29:21.0906 5984 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 22:29:21.0969 5984 MSTEE - ok 22:29:22.0016 5984 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 22:29:22.0062 5984 MTConfig - ok 22:29:22.0094 5984 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 22:29:22.0109 5984 Mup - ok 22:29:22.0156 5984 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 22:29:22.0234 5984 napagent - ok 22:29:22.0484 5984 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 22:29:22.0546 5984 NativeWifiP - ok 22:29:22.0718 5984 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 22:29:22.0764 5984 NDIS - ok 22:29:23.0170 5984 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 22:29:23.0326 5984 NdisCap - ok 22:29:23.0466 5984 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 22:29:23.0544 5984 NdisTapi - ok 22:29:23.0732 5984 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 22:29:23.0888 5984 Ndisuio - ok 22:29:23.0981 5984 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 22:29:24.0184 5984 NdisWan - ok 22:29:24.0402 5984 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 22:29:24.0792 5984 NDProxy - ok 22:29:24.0964 5984 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 22:29:25.0073 5984 NetBIOS - ok 22:29:25.0120 5984 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 22:29:25.0245 5984 NetBT - ok 22:29:25.0401 5984 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 22:29:25.0463 5984 Netlogon - ok 22:29:25.0510 5984 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 22:29:25.0604 5984 Netman - ok 22:29:25.0682 5984 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 22:29:25.0822 5984 netprofm - ok 22:29:26.0352 5984 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 22:29:26.0446 5984 NetTcpPortSharing - ok 22:29:26.0898 5984 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys 22:29:27.0179 5984 netw5v64 - ok 22:29:27.0242 5984 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 22:29:27.0257 5984 nfrd960 - ok 22:29:27.0351 5984 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 22:29:27.0554 5984 NlaSvc - ok 22:29:27.0694 5984 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe 22:29:27.0788 5984 NOBU - ok 22:29:27.0928 5984 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 22:29:28.0006 5984 Npfs - ok 22:29:28.0069 5984 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 22:29:28.0147 5984 nsi - ok 22:29:28.0178 5984 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 22:29:28.0303 5984 nsiproxy - ok 22:29:28.0521 5984 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 22:29:28.0661 5984 Ntfs - ok 22:29:28.0739 5984 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 22:29:28.0895 5984 Null - ok 22:29:28.0942 5984 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 22:29:29.0161 5984 nvraid - ok 22:29:29.0223 5984 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 22:29:29.0363 5984 nvstor - ok 22:29:29.0410 5984 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 22:29:29.0441 5984 nv_agp - ok 22:29:29.0488 5984 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 22:29:29.0566 5984 ohci1394 - ok 22:29:29.0660 5984 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 22:29:29.0800 5984 ose - ok 22:29:30.0206 5984 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 22:29:30.0643 5984 osppsvc - ok 22:29:30.0736 5984 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 22:29:30.0830 5984 p2pimsvc - ok 22:29:30.0877 5984 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 22:29:30.0923 5984 p2psvc - ok 22:29:30.0986 5984 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 22:29:31.0033 5984 Parport - ok 22:29:31.0095 5984 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 22:29:31.0157 5984 partmgr - ok 22:29:31.0313 5984 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 22:29:31.0485 5984 PcaSvc - ok 22:29:31.0579 5984 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 22:29:31.0657 5984 pci - ok 22:29:31.0781 5984 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 22:29:31.0813 5984 pciide - ok 22:29:31.0844 5984 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 22:29:31.0953 5984 pcmcia - ok 22:29:32.0031 5984 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 22:29:32.0062 5984 pcw - ok 22:29:32.0171 5984 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 22:29:32.0468 5984 PEAUTH - ok 22:29:32.0624 5984 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 22:29:32.0671 5984 PerfHost - ok 22:29:32.0780 5984 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 22:29:33.0357 5984 pla - ok 22:29:33.0856 5984 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 22:29:34.0106 5984 PlugPlay - ok 22:29:34.0262 5984 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 22:29:34.0387 5984 PNRPAutoReg - ok 22:29:34.0511 5984 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 22:29:34.0558 5984 PNRPsvc - ok 22:29:34.0589 5984 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 22:29:34.0777 5984 PolicyAgent - ok 22:29:34.0870 5984 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 22:29:34.0948 5984 Power - ok 22:29:35.0073 5984 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 22:29:35.0323 5984 PptpMiniport - ok 22:29:35.0572 5984 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 22:29:35.0619 5984 Processor - ok 22:29:35.0666 5984 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 22:29:35.0884 5984 ProfSvc - ok 22:29:35.0978 5984 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 22:29:36.0025 5984 ProtectedStorage - ok 22:29:36.0524 5984 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 22:29:36.0851 5984 Psched - ok 22:29:37.0163 5984 PTSimBus (225d3660f926fe761bc8ce10c512aa02) C:\Windows\system32\DRIVERS\PTSimBus.sys 22:29:37.0647 5984 PTSimBus - ok 22:29:37.0943 5984 PTSimHid (bd2194786abaf4860f41118c0c103e7b) C:\Windows\system32\DRIVERS\PTSimHid.sys 22:29:38.0521 5984 PTSimHid - ok 22:29:39.0160 5984 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 22:29:39.0316 5984 ql2300 - ok 22:29:39.0425 5984 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 22:29:39.0457 5984 ql40xx - ok 22:29:39.0488 5984 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 22:29:39.0550 5984 QWAVE - ok 22:29:39.0597 5984 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 22:29:39.0675 5984 QWAVEdrv - ok 22:29:39.0815 5984 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 22:29:39.0893 5984 RasAcd - ok 22:29:40.0003 5984 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 22:29:40.0299 5984 RasAgileVpn - ok 22:29:40.0595 5984 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 22:29:40.0689 5984 RasAuto - ok 22:29:40.0970 5984 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 22:29:41.0765 5984 Rasl2tp - ok 22:29:42.0124 5984 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 22:29:42.0717 5984 RasMan - ok 22:29:42.0873 5984 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 22:29:43.0029 5984 RasPppoe - ok 22:29:43.0107 5984 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 22:29:43.0310 5984 RasSstp - ok 22:29:43.0513 5984 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 22:29:43.0637 5984 rdbss - ok 22:29:43.0684 5984 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 22:29:43.0731 5984 rdpbus - ok 22:29:43.0887 5984 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 22:29:43.0965 5984 RDPCDD - ok 22:29:44.0012 5984 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 22:29:44.0090 5984 RDPENCDD - ok 22:29:44.0121 5984 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 22:29:44.0215 5984 RDPREFMP - ok 22:29:44.0277 5984 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 22:29:44.0495 5984 RDPWD - ok 22:29:44.0776 5984 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 22:29:44.0932 5984 rdyboost - ok 22:29:45.0041 5984 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 22:29:45.0151 5984 RemoteAccess - ok 22:29:45.0182 5984 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 22:29:45.0260 5984 RemoteRegistry - ok 22:29:45.0369 5984 RoxioNow Service (c1568e17039b2ec2b73a4f880ddd51e5) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe 22:29:45.0385 5984 RoxioNow Service - ok 22:29:45.0400 5984 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 22:29:45.0478 5984 RpcEptMapper - ok 22:29:45.0541 5984 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 22:29:45.0603 5984 RpcLocator - ok 22:29:45.0712 5984 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 22:29:45.0837 5984 RpcSs - ok 22:29:45.0915 5984 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 22:29:45.0962 5984 rspndr - ok 22:29:46.0009 5984 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys 22:29:46.0165 5984 RSUSBSTOR - ok 22:29:46.0227 5984 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys 22:29:46.0399 5984 RTL8167 - ok 22:29:46.0648 5984 RtVOsdService (4ea7e5df0cb237156176fa0349e6e87f) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe 22:29:46.0789 5984 RtVOsdService ( UnsignedFile.Multi.Generic ) - warning 22:29:46.0789 5984 RtVOsdService - detected UnsignedFile.Multi.Generic (1) 22:29:46.0867 5984 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 22:29:46.0898 5984 SamSs - ok 22:29:47.0007 5984 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 22:29:47.0147 5984 sbp2port - ok 22:29:47.0225 5984 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 22:29:47.0366 5984 SCardSvr - ok 22:29:47.0459 5984 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 22:29:47.0771 5984 scfilter - ok 22:29:47.0990 5984 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 22:29:48.0208 5984 Schedule - ok 22:29:48.0255 5984 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 22:29:48.0458 5984 SCPolicySvc - ok 22:29:48.0723 5984 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys 22:29:48.0957 5984 sdbus - ok 22:29:49.0347 5984 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 22:29:49.0565 5984 SDRSVC - ok 22:29:49.0690 5984 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 22:29:49.0924 5984 secdrv - ok 22:29:49.0987 5984 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 22:29:50.0423 5984 seclogon - ok 22:29:51.0578 5984 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 22:29:51.0718 5984 SENS - ok 22:29:51.0843 5984 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 22:29:51.0999 5984 SensrSvc - ok 22:29:52.0061 5984 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 22:29:52.0139 5984 Serenum - ok 22:29:52.0202 5984 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 22:29:52.0249 5984 Serial - ok 22:29:52.0358 5984 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 22:29:52.0561 5984 sermouse - ok 22:29:52.0701 5984 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 22:29:52.0919 5984 SessionEnv - ok 22:29:53.0465 5984 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 22:29:53.0902 5984 sffdisk - ok 22:29:54.0043 5984 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 22:29:54.0074 5984 sffp_mmc - ok 22:29:54.0105 5984 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 22:29:54.0277 5984 sffp_sd - ok 22:29:54.0386 5984 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 22:29:54.0417 5984 sfloppy - ok 22:29:54.0511 5984 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys 22:29:54.0667 5984 Sftfs - ok 22:29:54.0994 5984 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 22:29:55.0166 5984 sftlist - ok 22:29:55.0400 5984 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys 22:29:55.0603 5984 Sftplay - ok 22:29:56.0008 5984 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys 22:29:56.0024 5984 Sftredir - ok 22:29:56.0039 5984 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys 22:29:56.0180 5984 Sftvol - ok 22:29:56.0273 5984 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 22:29:56.0476 5984 sftvsa - ok 22:29:56.0882 5984 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 22:29:57.0053 5984 SharedAccess - ok 22:29:57.0709 5984 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 22:29:57.0943 5984 ShellHWDetection - ok 22:29:58.0255 5984 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 22:29:58.0270 5984 SiSRaid2 - ok 22:29:58.0660 5984 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 22:29:58.0925 5984 SiSRaid4 - ok 22:29:59.0191 5984 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 22:29:59.0300 5984 Smb - ok 22:29:59.0378 5984 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 22:29:59.0471 5984 SNMPTRAP - ok 22:29:59.0518 5984 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 22:29:59.0534 5984 spldr - ok 22:29:59.0581 5984 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 22:29:59.0737 5984 Spooler - ok 22:29:59.0955 5984 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 22:30:00.0251 5984 sppsvc - ok 22:30:00.0470 5984 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 22:30:00.0579 5984 sppuinotify - ok 22:30:00.0657 5984 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 22:30:00.0813 5984 srv - ok 22:30:01.0063 5984 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 22:30:01.0156 5984 srv2 - ok 22:30:01.0359 5984 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS 22:30:01.0609 5984 SrvHsfHDA - ok 22:30:01.0671 5984 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS 22:30:01.0827 5984 SrvHsfV92 - ok 22:30:01.0921 5984 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 22:30:01.0967 5984 SrvHsfWinac - ok 22:30:02.0061 5984 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 22:30:02.0170 5984 srvnet - ok 22:30:02.0248 5984 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 22:30:02.0326 5984 SSDPSRV - ok 22:30:02.0451 5984 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 22:30:02.0545 5984 SstpSvc - ok 22:30:02.0825 5984 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 22:30:02.0841 5984 stexstor - ok 22:30:03.0075 5984 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 22:30:03.0387 5984 stisvc - ok 22:30:03.0652 5984 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 22:30:03.0683 5984 swenum - ok 22:30:03.0761 5984 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 22:30:03.0933 5984 swprv - ok 22:30:05.0072 5984 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys 22:30:05.0477 5984 SynTP - ok 22:30:06.0164 5984 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 22:30:06.0445 5984 SysMain - ok 22:30:06.0538 5984 Tablet2k - ok 22:30:06.0585 5984 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 22:30:06.0866 5984 TabletInputService - ok 22:30:06.0991 5984 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 22:30:07.0193 5984 TapiSrv - ok 22:30:07.0381 5984 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 22:30:07.0443 5984 TBS - ok 22:30:08.0441 5984 TClass2k (530a7f0966493dd437e4342f12ccd63b) C:\Windows\system32\DRIVERS\TClass2k.sys 22:30:08.0629 5984 TClass2k - ok 22:30:09.0065 5984 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 22:30:09.0175 5984 Tcpip - ok 22:30:09.0721 5984 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 22:30:09.0783 5984 TCPIP6 - ok 22:30:09.0861 5984 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 22:30:10.0095 5984 tcpipreg - ok 22:30:10.0719 5984 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 22:30:11.0062 5984 TDPIPE - ok 22:30:11.0296 5984 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 22:30:11.0452 5984 TDTCP - ok 22:30:11.0499 5984 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 22:30:11.0749 5984 tdx - ok 22:30:11.0827 5984 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 22:30:11.0983 5984 TermDD - ok 22:30:12.0076 5984 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 22:30:12.0295 5984 TermService - ok 22:30:12.0388 5984 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 22:30:12.0451 5984 Themes - ok 22:30:12.0513 5984 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 22:30:12.0575 5984 THREADORDER - ok 22:30:12.0607 5984 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 22:30:12.0763 5984 TrkWks - ok 22:30:12.0965 5984 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 22:30:13.0043 5984 TrustedInstaller - ok 22:30:13.0168 5984 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 22:30:13.0324 5984 tssecsrv - ok 22:30:13.0387 5984 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 22:30:13.0574 5984 TsUsbFlt - ok 22:30:13.0667 5984 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 22:30:13.0839 5984 tunnel - ok 22:30:13.0886 5984 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 22:30:13.0901 5984 uagp35 - ok 22:30:13.0964 5984 UCTblHid (01662b4865fdb282677b11cf416757ce) C:\Windows\system32\DRIVERS\UCTblHid.sys 22:30:14.0151 5984 UCTblHid - ok 22:30:14.0198 5984 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 22:30:14.0525 5984 udfs - ok 22:30:14.0728 5984 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 22:30:14.0853 5984 UI0Detect - ok 22:30:14.0931 5984 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 22:30:14.0962 5984 uliagpkx - ok 22:30:15.0009 5984 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 22:30:15.0337 5984 umbus - ok 22:30:15.0961 5984 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 22:30:16.0085 5984 UmPass - ok 22:30:16.0429 5984 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 22:30:16.0631 5984 upnphost - ok 22:30:17.0115 5984 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys 22:30:17.0349 5984 USBAAPL64 - ok 22:30:17.0786 5984 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 22:30:17.0911 5984 usbaudio - ok 22:30:18.0285 5984 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 22:30:18.0581 5984 usbccgp - ok 22:30:19.0018 5984 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 22:30:19.0190 5984 usbcir - ok 22:30:19.0517 5984 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 22:30:19.0736 5984 usbehci - ok 22:30:20.0017 5984 usbfilter (dc2b306861f42eeeb92ef525f4119f08) C:\Windows\system32\DRIVERS\usbfilter.sys 22:30:20.0110 5984 usbfilter - ok 22:30:20.0266 5984 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 22:30:20.0438 5984 usbhub - ok 22:30:20.0703 5984 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys 22:30:21.0031 5984 usbohci - ok 22:30:21.0171 5984 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 22:30:21.0296 5984 usbprint - ok 22:30:21.0889 5984 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 22:30:22.0154 5984 usbscan - ok 22:30:22.0450 5984 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:30:22.0856 5984 USBSTOR - ok 22:30:23.0230 5984 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 22:30:23.0589 5984 usbuhci - ok 22:30:23.0963 5984 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 22:30:24.0307 5984 usbvideo - ok 22:30:24.0431 5984 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 22:30:24.0556 5984 UxSms - ok 22:30:24.0759 5984 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 22:30:24.0931 5984 VaultSvc - ok 22:30:25.0243 5984 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 22:30:25.0258 5984 vdrvroot - ok 22:30:25.0367 5984 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 22:30:25.0695 5984 vds - ok 22:30:26.0101 5984 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 22:30:26.0210 5984 vga - ok 22:30:26.0319 5984 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 22:30:26.0428 5984 VgaSave - ok 22:30:26.0475 5984 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 22:30:26.0569 5984 vhdmp - ok 22:30:26.0615 5984 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 22:30:26.0662 5984 viaide - ok 22:30:26.0756 5984 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 22:30:26.0771 5984 volmgr - ok 22:30:27.0021 5984 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 22:30:27.0208 5984 volmgrx - ok 22:30:27.0661 5984 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 22:30:27.0707 5984 volsnap - ok 22:30:28.0441 5984 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 22:30:28.0472 5984 vsmraid - ok 22:30:28.0612 5984 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 22:30:28.0893 5984 VSS - ok 22:30:29.0361 5984 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 22:30:29.0611 5984 vwifibus - ok 22:30:29.0751 5984 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 22:30:29.0891 5984 vwififlt - ok 22:30:30.0016 5984 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 22:30:30.0219 5984 W32Time - ok 22:30:30.0952 5984 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 22:30:31.0093 5984 WacomPen - ok 22:30:31.0857 5984 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 22:30:32.0731 5984 WANARP - ok 22:30:33.0121 5984 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 22:30:33.0698 5984 Wanarpv6 - ok 22:30:35.0164 5984 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 22:30:35.0710 5984 WatAdminSvc - ok 22:30:36.0116 5984 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 22:30:36.0428 5984 wbengine - ok 22:30:36.0553 5984 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 22:30:36.0584 5984 WbioSrvc - ok 22:30:36.0802 5984 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 22:30:37.0021 5984 wcncsvc - ok 22:30:37.0067 5984 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 22:30:37.0520 5984 WcsPlugInService - ok 22:30:37.0723 5984 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 22:30:37.0754 5984 Wd - ok 22:30:37.0832 5984 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 22:30:37.0879 5984 Wdf01000 - ok 22:30:38.0035 5984 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 22:30:38.0128 5984 WdiServiceHost - ok 22:30:38.0144 5984 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 22:30:38.0175 5984 WdiSystemHost - ok 22:30:38.0237 5984 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 22:30:38.0425 5984 WebClient - ok 22:30:38.0752 5984 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 22:30:38.0924 5984 Wecsvc - ok 22:30:39.0376 5984 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 22:30:39.0719 5984 wercplsupport - ok 22:30:39.0829 5984 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 22:30:39.0969 5984 WerSvc - ok 22:30:40.0156 5984 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 22:30:40.0359 5984 WfpLwf - ok 22:30:41.0311 5984 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 22:30:41.0326 5984 WIMMount - ok 22:30:41.0357 5984 WinDefend - ok 22:30:41.0435 5984 WinHttpAutoProxySvc - ok 22:30:41.0498 5984 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 22:30:41.0685 5984 Winmgmt - ok 22:30:41.0872 5984 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 22:30:42.0153 5984 WinRM - ok 22:30:42.0621 5984 WinTabService (3682b6fd90cd43abb137ace79d1a0180) C:\Windows\System32\Drivers\WTSRV.EXE 22:30:43.0120 5984 WinTabService ( UnsignedFile.Multi.Generic ) - warning 22:30:43.0120 5984 WinTabService - detected UnsignedFile.Multi.Generic (1) 22:30:43.0183 5984 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 22:30:43.0385 5984 WinUsb - ok 22:30:43.0495 5984 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 22:30:43.0604 5984 Wlansvc - ok 22:30:43.0775 5984 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 22:30:43.0994 5984 wlidsvc - ok 22:30:44.0165 5984 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 22:30:44.0212 5984 WmiAcpi - ok 22:30:44.0306 5984 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 22:30:44.0509 5984 wmiApSrv - ok 22:30:44.0571 5984 WMPNetworkSvc - ok 22:30:44.0649 5984 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 22:30:44.0852 5984 WPCSvc - ok 22:30:44.0945 5984 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 22:30:45.0179 5984 WPDBusEnum - ok 22:30:45.0304 5984 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 22:30:45.0398 5984 ws2ifsl - ok 22:30:45.0569 5984 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 22:30:45.0632 5984 wscsvc - ok 22:30:45.0710 5984 WSearch - ok 22:30:45.0866 5984 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 22:30:46.0256 5984 wuauserv - ok 22:30:46.0973 5984 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 22:30:47.0457 5984 WudfPf - ok 22:30:47.0613 5984 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 22:30:47.0909 5984 WUDFRd - ok 22:30:47.0987 5984 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 22:30:48.0206 5984 wudfsvc - ok 22:30:48.0409 5984 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 22:30:48.0549 5984 WwanSvc - ok 22:30:48.0955 5984 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys 22:30:49.0079 5984 yukonw7 - ok 22:30:49.0173 5984 MBR (0x1B8) (e3e91e98346c8b0475259c238728e9e3) \Device\Harddisk0\DR0 22:30:49.0204 5984 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected 22:30:49.0204 5984 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0) 22:30:49.0922 5984 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 22:30:49.0922 5984 \Device\Harddisk0\DR0 - detected TDSS File System (1) 22:30:49.0953 5984 Boot (0x1200) (3db359f7d7db08368e8b32c2d8479256) \Device\Harddisk0\DR0\Partition0 22:30:49.0953 5984 \Device\Harddisk0\DR0\Partition0 - ok 22:30:50.0047 5984 Boot (0x1200) (809bdf6a107d65f64975eada5709b3e0) \Device\Harddisk0\DR0\Partition1 22:30:50.0047 5984 \Device\Harddisk0\DR0\Partition1 - ok 22:30:50.0156 5984 Boot (0x1200) (4411b69a9e59d5c0ee4645ee36dfc879) \Device\Harddisk0\DR0\Partition2 22:30:50.0156 5984 \Device\Harddisk0\DR0\Partition2 - ok 22:30:50.0218 5984 Boot (0x1200) (7d161bc7a71ee6a823fb6de71910596f) \Device\Harddisk0\DR0\Partition3 22:30:50.0249 5984 \Device\Harddisk0\DR0\Partition3 - ok 22:30:50.0265 5984 ============================================================ 22:30:50.0265 5984 Scan finished 22:30:50.0265 5984 ============================================================ 22:30:50.0296 6748 Detected object count: 5 22:30:50.0296 6748 Actual detected object count: 5 22:37:49.0147 6748 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user 22:37:49.0147 6748 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:37:49.0147 6748 RtVOsdService ( UnsignedFile.Multi.Generic ) - skipped by user 22:37:49.0147 6748 RtVOsdService ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:37:49.0147 6748 WinTabService ( UnsignedFile.Multi.Generic ) - skipped by user 22:37:49.0147 6748 WinTabService ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:37:50.0224 6748 \Device\Harddisk0\DR0\# - copied to quarantine 22:37:50.0239 6748 \Device\Harddisk0\DR0 - copied to quarantine 22:37:52.0439 6748 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 22:39:26.0694 6748 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine 22:39:29.0814 6748 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 22:39:31.0421 6748 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 22:39:35.0493 6748 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 22:39:36.0475 6748 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine 22:39:36.0491 6748 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 22:39:36.0507 6748 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 22:39:36.0553 6748 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 22:39:36.0756 6748 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 22:39:37.0053 6748 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine 22:39:37.0084 6748 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 22:39:37.0630 6748 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot 22:39:37.0770 6748 \Device\Harddisk0\DR0 - ok 22:39:46.0054 6748 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 22:39:46.0054 6748 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 22:39:46.0054 6748 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 22:41:05.0676 7024 Deinitialize success
  9. Thank you Mr.C Here is the report from RogueKiller: RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: kaelynn [Admin rights] Mode: Scan -- Date: 03/29/2012 18:26:11 ¤¤¤ Bad processes: 1 ¤¤¤ [sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 3 ¤¤¤ [bLACKLIST DLL] HKLM\[...]\Wow6432Node\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD25 00BEKT-60PVMT0 SATA Disk Device +++++ --- User --- [MBR] 94f3f960ac6e8172bc7abebb3305d3d1 [bSP] bd4fd0c41927a58dcdacb2a5a2dc702b : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 218546 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 447991808 | Size: 19625 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 488183808 | Size: 103 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt If you don't mind, a quick question McAfee is SiteAdvisor ( or whatever it is called) is blocking my downloads of the programs that are being recommended to fix this mess. Is there a way to turn it off for now? If not I'll just keep downloading them on my tablet and copying them over. Thanks again.
  10. Hello, I am hoping you can help me. My daughters computer has the svchost trojan and malware bytes cannot remove it. It is causing google results redirects and other problems. I have run dds and have included the results here. One question, why did McAfee let it on this computer, and why doesn't it detect it? . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 Run by kaelynn at 23:50:17 on 2012-03-27 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1787.325 [GMT -7:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe C:\Windows\system32\mfevtps.exe C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\Explorer.EXE C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\Drivers\WTSRV.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE -netsvcs C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files\McAfee\MAT\McPvTray.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\System32\spool\drivers\x64\3\E_IATIGYA.EXE C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Windows\SysWOW64\WTClient.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe C:\Program Files\Realtek\RtVOsd\RtVOsd.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\DllHost.exe c:\PROGRA~2\mcafee\SITEAD~1\saui.exe C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe C:\Windows\System32\dinotify.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files\Common Files\McAfee\Core\mchost.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120103172319.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [Artisan 720(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGYA.EXE /FU "C:\Windows\TEMP\E_S817F.tmp" /EF "HKCU" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [WTClient] WTClient.exe mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript StartupFolder: C:\Users\kaelynn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{D3C7AE77-97DB-4AB0-9A8D-64487E71A77B} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{D3C7AE77-97DB-4AB0-9A8D-64487E71A77B}\672756E696 : DhcpNameServer = 192.168.1.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120103172319.dll BHO-X64: scriptproxy - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun-x64: [WTClient] WTClient.exe mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?] R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?] R0 McPvDrv;McPvDrv Driver;C:\Windows\system32\drivers\McPvDrv.sys --> C:\Windows\system32\drivers\McPvDrv.sys [?] R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?] R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?] R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?] R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?] S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?] S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?] S3 LVUVC64;QuickCam for Notebooks Deluxe(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?] S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] . =============== Created Last 30 ================ . 2012-03-28 05:08:47 20480 ------w- C:\Windows\svchost.exe 2012-03-28 02:45:03 -------- d-----w- C:\35b90b9ae621dcb593efe88bb930 2012-03-28 02:39:19 3993600 ----a-w- C:\Program Files (x86)\GUTDBBB.tmp 2012-03-28 02:39:19 -------- d-----w- C:\Program Files (x86)\GUMDBAB.tmp 2012-03-26 02:07:41 -------- d-----w- C:\Sun 2012-03-25 16:17:13 3145728 ----a-w- C:\Windows\System32\win32k.sys 2012-03-25 15:42:15 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-03-25 15:42:14 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-03-25 05:43:59 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-25 05:41:59 29808 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2012-03-25 02:54:38 -------- d-----w- C:\Users\kaelynn\AppData\Roaming\Malwarebytes 2012-03-25 02:54:00 -------- d-----w- C:\ProgramData\Malwarebytes 2012-03-25 02:53:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-03-24 17:41:23 5120 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\3E8.tmp 2012-03-24 17:41:23 5120 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\3E7.tmp 2012-03-17 04:08:48 -------- d-----w- C:\15917585ff42290acc083d07979c 2012-03-17 01:16:13 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-03-05 06:03:29 -------- d--h--w- C:\Users\kaelynn\AppData\Local\{F4E5D84E-2580-40E3-820B-F7B3FA2D451D} . ==================== Find3M ==================== . 2012-03-28 02:53:24 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll 2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll 2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl 2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl . ============= FINISH: 23:53:32.92 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 6/14/2011 11:21:30 AM System Uptime: 3/27/2012 10:29:59 PM (1 hours ago) . Motherboard: Hewlett-Packard | | 1444 Processor: AMD Athlon II P360 Dual-Core Processor | Socket S1G4 | 782/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 213 GiB total, 150.575 GiB free. D: is FIXED (NTFS) - 19 GiB total, 2.782 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP72: 3/8/2012 5:25:17 PM - Windows Update RP74: 3/16/2012 9:07:47 PM - Windows Update RP75: 3/18/2012 3:17:05 PM - Windows Update RP76: 3/24/2012 8:53:48 PM - Restore Operation RP77: 3/25/2012 8:42:58 AM - Windows Update RP78: 3/26/2012 6:16:32 PM - Windows Update RP79: 3/27/2012 7:36:35 PM - Windows Update . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader 9.4.5 MUI Adobe Shockwave Player 11.5 Agatha Christie - Peril at End House Apple Application Support Apple Software Update Atheros Driver Installation Program Bejeweled 2 Deluxe Blackhawk Striker 2 Blasterball 3 Blio Bounce Symphony Build-a-lot 2 Cake Mania Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Chuzzle Deluxe Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Compaq Setup Manager CyberLink DVD Suite CyberLink MediaShow CyberLink PowerDVD 9 CyberLink YouCam D3DX10 Diner Dash 2 Restaurant Rescue Dora's World Adventure Energy Star Digital Logo Epson Event Manager Epson Print CD EPSON Scan EpsonNet Print EpsonNet Setup 3.3 Escape Rosecliff Island ESU for Microsoft Windows 7 Farm Frenzy FATE Final Drive Nitro Google Toolbar for Internet Explorer Google Update Helper Heroes of Hellas 2 - Olympia Hewlett-Packard ACLM.NET v1.1.2.0 HP CloudDrive HP Customer Experience Enhancements HP Deskjet 1050 J410 series Help HP Documentation HP Game Console HP Games HP MovieStore HP Photo Creations HP Power Manager HP Quick Launch HP Setup HP Software Framework HP Support Assistant Java Auto Updater Java 6 Update 31 Jewel Quest Solitaire 2 Junk Mail filter update LabelPrint Malwarebytes Anti-Malware version 1.60.1.1000 Manga Studio Debut 3.0 McAfee Total Protection Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft WSE 3.0 Runtime MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyScript Notes for U Mystery P.I. - The London Caper Norton Online Backup Penguins! PhotoNow! PictureMover Pinnacle Instant DVD Recorder Pinnacle Studio 12 Plants vs. Zombies PlayReady PC Runtime x86 Poker Superstars III Polar Bowler Polar Golfer Power2Go PowerDirector QuickTime Realtek Ethernet Controller Driver For Windows 7 Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Recovery Manager RoxioNow Player Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Serif DrawPlus X4 Skype Click to Call Skype™ 5.5 SureThing Express Labeler Times Reader Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Virtual Families Virtual Villagers 4 - The Tree of Life Wheel of Fortune 2 Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 3/27/2012 11:47:45 PM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 2 time(s). 3/27/2012 11:47:45 PM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/27/2012 11:47:45 PM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/27/2012 11:47:45 PM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/27/2012 11:47:45 PM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/27/2012 11:47:45 PM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/27/2012 11:47:45 PM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/27/2012 11:35:36 PM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/27/2012 11:35:36 PM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/27/2012 11:35:36 PM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/27/2012 11:35:36 PM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/27/2012 11:35:36 PM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/27/2012 11:35:35 PM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s). 3/27/2012 11:35:35 PM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/27/2012 10:30:33 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035cda9a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032712-22276-01. 3/27/2012 10:13:09 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x000000007fefa7d0, 0x0000000000000002, 0x0000000000000001, 0xfffff800032b9ab5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032712-54413-01. 3/27/2012 10:07:58 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003579a9a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032712-78998-01. 3/26/2012 7:28:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RtVOsdService service. 3/26/2012 6:19:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee VirusScan Announcer service, but this action failed with the following error: An instance of the service is already running. 3/26/2012 6:19:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Services service, but this action failed with the following error: An instance of the service is already running. 3/26/2012 6:19:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Personal Firewall Service service, but this action failed with the following error: An instance of the service is already running. 3/26/2012 6:17:10 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2639308). 3/25/2012 9:37:40 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x0000000000000020, 0xfffffa8001570c50, 0xfffffa8001570cb0, 0x0000000004060004). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032512-33009-01. 3/25/2012 7:34:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 3/25/2012 6:42:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003266f6b, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032512-29203-01. 3/25/2012 11:52:01 AM, Error: Service Control Manager [7034] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 3 time(s). 3/25/2012 11:52:01 AM, Error: Service Control Manager [7034] - The McAfee Services service terminated unexpectedly. It has done this 3 time(s). 3/25/2012 11:52:01 AM, Error: Service Control Manager [7034] - The McAfee Proxy Service service terminated unexpectedly. It has done this 3 time(s). 3/25/2012 11:52:01 AM, Error: Service Control Manager [7034] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 3 time(s). 3/25/2012 11:52:01 AM, Error: Service Control Manager [7034] - The McAfee Network Agent service terminated unexpectedly. It has done this 3 time(s). 3/25/2012 11:52:01 AM, Error: Service Control Manager [7034] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 3 time(s). 3/24/2012 7:55:51 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 3/24/2012 7:46:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} 3/24/2012 7:43:13 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 3/24/2012 7:42:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 3/24/2012 7:42:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 3/24/2012 7:42:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 3/24/2012 7:42:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 3/24/2012 7:42:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 3/24/2012 7:42:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 3/24/2012 7:42:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf 3/24/2012 7:42:21 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start. 3/24/2012 7:42:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800032bf045). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032412-45287-01. 3/24/2012 7:42:20 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start. 3/24/2012 7:42:20 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start. 3/24/2012 7:42:20 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start. 3/24/2012 7:42:20 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start. 3/24/2012 7:42:19 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 3/24/2012 7:42:19 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 3/24/2012 7:42:19 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 3/24/2012 7:42:19 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 3/24/2012 7:42:19 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 3/24/2012 7:42:19 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 3/24/2012 7:42:19 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 3/24/2012 7:42:19 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning. 3/24/2012 7:42:19 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start. 3/24/2012 7:42:19 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 3/24/2012 7:42:19 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 3/24/2012 7:42:19 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 3/24/2012 7:00:46 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff8000330c045). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032412-33477-01. 3/24/2012 11:24:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80003301ab5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032412-37487-01. 3/24/2012 10:36:45 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 3/24/2012 10:36:14 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143. 3/24/2012 10:36:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service. 3/24/2012 10:33:52 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied.. 3/24/2012 1:21:09 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035be7da, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032412-21075-01. 3/22/2012 3:39:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. . ==== End Of File =========================== Thank you
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.