studiotozzi

Greetings MrC: Those two directories you mention were created by me on 6/4 or 6/5. My computer appears to be performing. I'm not getting the randome musical insect. When I google something and click on the results it takes me to the website I expect to go to. That is a relief! The only odd thing that I have noticed is that when I mute the sound or increase or decrease the volume, I no longer get the display that shows me the level. Perhaps it is a display setting somewhere? I know it's trivial but it is something that is behaving differently and I haven't used the computer much yet so I'm not sure if it is an indication of something bigger. Ran Malwarebytes and it didn't find anything!! Woo Hoo! here's the log. Continued gratitude for your help. Wendy Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.22.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Wendy T. King :: XPS17_KING [administrator] Protection: Enabled 6/21/2012 8:41:24 PM mbam-log-2012-06-21 (20-41-24).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 230435 Time elapsed: 2 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

Mr. Charlie: I downloaded and ran ComboFix. I didn't have to interact with the program beyond executing it. here's the log. Continued thanks! Wendy ComboFix 12-06-21.02 - Wendy T. King 06/21/2012 12:06:29.1.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8086.5775 [GMT -7:00] Running from: c:\users\Wendy T. King\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming c:\users\Wendy T. King\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DD3BADED-A0F3-4A7F-972E-CC588271EB54}.xps c:\users\Wendy T. King\g2mdlhlpx.exe . . ((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 ))))))))))))))))))))))))))))))) . . 2012-06-21 19:16 . 2012-06-21 19:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-21 19:16 . 2012-06-21 19:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-06-21 17:34 . 2012-06-21 17:56 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-21 16:26 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 16:26 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 16:26 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 16:26 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 16:26 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 16:26 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 16:26 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 16:25 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 16:25 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-19 04:14 . 2012-06-19 04:14 -------- d-----w- c:\users\Wendy T. King\AppData\Roaming\Malwarebytes 2012-06-19 04:14 . 2012-06-19 04:14 -------- d-----w- c:\programdata\Malwarebytes 2012-06-19 04:14 . 2012-06-19 04:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-19 04:14 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-14 22:49 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-05 04:41 . 2012-06-05 04:41 -------- d-----w- C:\zHOUSEHOLD 2012-06-05 01:01 . 2012-06-05 01:06 -------- d-----w- C:\zWORKFIELD 2012-05-30 20:17 . 2012-05-30 20:17 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin 2012-05-30 19:58 . 2012-05-30 19:58 -------- d-----w- c:\program files (x86)\Citrix . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-15 05:59 . 2012-04-06 15:21 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-15 05:59 . 2011-08-13 13:25 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-04 22:49 . 2012-05-04 22:49 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-03-30 11:35 . 2012-05-10 22:01 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-05 241789] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984] "NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2011-07-08 75064] "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528] "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336] "PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472] "BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-10-29 75048] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-23 1675160] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544] "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-08-21 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\users\Wendy T. King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296] R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/08/13 09:15;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-29 236016] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 257224] R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-08-13 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-08-13 79360] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x] R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-06-16 340240] R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [x] R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-08-13 79360] R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x] R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2010-01-11 155648] S2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\Logitech\SolarApp\L4301_Solar.exe [2010-10-26 403536] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-07-22 690472] S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-22 2009704] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-22 378472] S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-17 2358656] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x] S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x] S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x] S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - CLKMDRV10_9EC60124 *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 05:59] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTMasterOnOffMonitor"="CTMWatch.dll StartCTMasterOnOffWatch" [X] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-04-22 312936] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-12 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-12 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-12 418840] "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200] "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-06-16 1935120] "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-25 4479648] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568] "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816] "Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://nytimes.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90, 43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1, 79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce, 9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f, aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04 "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83 "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84, f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:45,dd,f0,45,f9,4d,cd,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,f7,df,d2,89,26,51,48,b1,75,46,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,f7,df,d2,89,26,51,48,b1,75,46,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-06-21 12:34:43 ComboFix-quarantined-files.txt 2012-06-21 19:34 . Pre-Run: 179,016,212,480 bytes free Post-Run: 181,376,331,776 bytes free . - - End Of File - - 9ED498AAC64DBC65C5B513BD0970FD6D

Mr. Charlie: I ran roguekiller first and deleted the HKCU and HKUS files. Then I created a new restore point. Then I ran TDSSKiller and selected Cure for a TDSS file and Delete for a malicious file. The 2 logs are below. Thanks Again!! Wendy RogueKiller Log RogueKiller V7.5.4 [06/07/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Wendy T. King [Admin rights] Mode: Remove -- Date: 06/21/2012 09:53:51 ¤¤¤ Bad processes: 1 ¤¤¤ [sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 7 ¤¤¤ [bLACKLIST DLL] HKCU\[...]\Run : Apps (rundll32.exe "C:\Users\Wendy T. King\AppData\Local\Deployment\Apps\jdnvtd.dll",CreateInstance) -> DELETED [PREVRUN] HKLM\[...]\Run : CTMasterOnOffMonitor (Rundll32.exe CTMWatch.dll StartCTMasterOnOffWatch) -> NOT SELECTED [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NOT SELECTED [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> NOT SELECTED [HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> NOT SELECTED ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9500420AS +++++ --- User --- [MBR] 9d490dd7e6adfb6a473e12293cc8b6b4 [bSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 456835 Mo User != LL1 ... KO! --- LL1 --- [MBR] dfabe36aaf4649e11ff4fd841ce39f1b [bSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code Partition table: 1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 456835 Mo User != LL2 ... KO! --- LL2 --- [MBR] dfabe36aaf4649e11ff4fd841ce39f1b [bSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code Partition table: 1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 456835 Mo Finished : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt then TDSSKiller log: 10:28:31.0361 4444 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32 10:28:32.0163 4444 ============================================================ 10:28:32.0163 4444 Current date / time: 2012/06/21 10:28:32.0163 10:28:32.0163 4444 SystemInfo: 10:28:32.0163 4444 10:28:32.0163 4444 OS Version: 6.1.7601 ServicePack: 1.0 10:28:32.0163 4444 Product type: Workstation 10:28:32.0163 4444 ComputerName: XPS17_KING 10:28:32.0163 4444 UserName: Wendy T. King 10:28:32.0163 4444 Windows directory: C:\Windows 10:28:32.0163 4444 System windows directory: C:\Windows 10:28:32.0163 4444 Running under WOW64 10:28:32.0163 4444 Processor architecture: Intel x64 10:28:32.0163 4444 Number of processors: 8 10:28:32.0163 4444 Page size: 0x1000 10:28:32.0163 4444 Boot type: Normal boot 10:28:32.0163 4444 ============================================================ 10:28:32.0662 4444 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 10:28:32.0678 4444 ============================================================ 10:28:32.0678 4444 \Device\Harddisk0\DR0: 10:28:32.0678 4444 MBR partitions: 10:28:32.0678 4444 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000 10:28:32.0678 4444 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x37C41830 10:28:32.0678 4444 ============================================================ 10:28:32.0709 4444 C: <-> \Device\Harddisk0\DR0\Partition1 10:28:32.0709 4444 ============================================================ 10:28:32.0709 4444 Initialize success 10:28:32.0709 4444 ============================================================ 10:29:19.0447 4688 ============================================================ 10:29:19.0447 4688 Scan started 10:29:19.0447 4688 Mode: Manual; SigCheck; TDLFS; 10:29:19.0447 4688 ============================================================ 10:29:20.0008 4688 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 10:29:20.0149 4688 1394ohci - ok 10:29:20.0196 4688 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys 10:29:20.0242 4688 Acceler - ok 10:29:20.0305 4688 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 10:29:20.0398 4688 ACPI - ok 10:29:20.0445 4688 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 10:29:20.0570 4688 AcpiPmi - ok 10:29:20.0788 4688 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 10:29:20.0820 4688 AdobeFlashPlayerUpdateSvc - ok 10:29:20.0898 4688 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 10:29:20.0944 4688 adp94xx - ok 10:29:20.0976 4688 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 10:29:21.0054 4688 adpahci - ok 10:29:21.0069 4688 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 10:29:21.0085 4688 adpu320 - ok 10:29:21.0116 4688 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 10:29:21.0225 4688 AeLookupSvc - ok 10:29:21.0272 4688 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe 10:29:21.0303 4688 AERTFilters - ok 10:29:21.0381 4688 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 10:29:21.0428 4688 AFD - ok 10:29:21.0475 4688 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 10:29:21.0506 4688 agp440 - ok 10:29:21.0522 4688 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 10:29:21.0568 4688 ALG - ok 10:29:21.0600 4688 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 10:29:21.0631 4688 aliide - ok 10:29:21.0646 4688 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 10:29:21.0646 4688 amdide - ok 10:29:21.0678 4688 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 10:29:21.0693 4688 AmdK8 - ok 10:29:21.0693 4688 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys 10:29:21.0709 4688 AmdPPM - ok 10:29:21.0724 4688 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 10:29:21.0771 4688 amdsata - ok 10:29:21.0802 4688 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 10:29:21.0818 4688 amdsbs - ok 10:29:21.0834 4688 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 10:29:21.0880 4688 amdxata - ok 10:29:21.0912 4688 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 10:29:22.0005 4688 AppID - ok 10:29:22.0021 4688 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 10:29:22.0068 4688 AppIDSvc - ok 10:29:22.0083 4688 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 10:29:22.0114 4688 Appinfo - ok 10:29:22.0208 4688 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 10:29:22.0239 4688 Apple Mobile Device - ok 10:29:22.0286 4688 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll 10:29:22.0380 4688 AppMgmt - ok 10:29:22.0411 4688 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 10:29:22.0442 4688 arc - ok 10:29:22.0458 4688 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 10:29:22.0489 4688 arcsas - ok 10:29:22.0582 4688 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 10:29:22.0614 4688 aspnet_state - ok 10:29:22.0629 4688 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 10:29:22.0707 4688 AsyncMac - ok 10:29:22.0738 4688 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 10:29:22.0770 4688 atapi - ok 10:29:22.0848 4688 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 10:29:22.0910 4688 AudioEndpointBuilder - ok 10:29:22.0910 4688 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 10:29:22.0957 4688 AudioSrv - ok 10:29:22.0972 4688 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 10:29:23.0066 4688 AxInstSV - ok 10:29:23.0113 4688 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 10:29:23.0206 4688 b06bdrv - ok 10:29:23.0238 4688 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 10:29:23.0300 4688 b57nd60a - ok 10:29:23.0316 4688 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 10:29:23.0409 4688 BDESVC - ok 10:29:23.0425 4688 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 10:29:23.0503 4688 Beep - ok 10:29:23.0596 4688 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 10:29:23.0674 4688 BFE - ok 10:29:23.0737 4688 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 10:29:23.0799 4688 BITS - ok 10:29:23.0846 4688 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 10:29:23.0893 4688 blbdrive - ok 10:29:24.0033 4688 Bluetooth Device Monitor (c440483a5ce0e0ab03a79a33ace35d91) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe 10:29:24.0064 4688 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - warning 10:29:24.0064 4688 Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic (1) 10:29:24.0127 4688 Bluetooth Media Service (c8ab8ca3557cce041ac4c88e76afbad0) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe 10:29:24.0142 4688 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - warning 10:29:24.0142 4688 Bluetooth Media Service - detected UnsignedFile.Multi.Generic (1) 10:29:24.0236 4688 Bluetooth OBEX Service (df83fb0eb35c91339f1c84c6cf426100) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe 10:29:24.0283 4688 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - warning 10:29:24.0283 4688 Bluetooth OBEX Service - detected UnsignedFile.Multi.Generic (1) 10:29:24.0376 4688 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 10:29:24.0408 4688 Bonjour Service - ok 10:29:24.0532 4688 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 10:29:24.0626 4688 bowser - ok 10:29:24.0657 4688 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 10:29:24.0720 4688 BrFiltLo - ok 10:29:24.0720 4688 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 10:29:24.0735 4688 BrFiltUp - ok 10:29:24.0782 4688 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 10:29:24.0844 4688 Browser - ok 10:29:24.0876 4688 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 10:29:24.0938 4688 Brserid - ok 10:29:24.0969 4688 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 10:29:25.0000 4688 BrSerWdm - ok 10:29:25.0000 4688 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 10:29:25.0032 4688 BrUsbMdm - ok 10:29:25.0032 4688 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 10:29:25.0063 4688 BrUsbSer - ok 10:29:25.0078 4688 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 10:29:25.0156 4688 BthEnum - ok 10:29:25.0172 4688 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 10:29:25.0188 4688 BTHMODEM - ok 10:29:25.0234 4688 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 10:29:25.0281 4688 BthPan - ok 10:29:25.0328 4688 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys 10:29:25.0422 4688 BTHPORT - ok 10:29:25.0468 4688 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 10:29:25.0546 4688 bthserv - ok 10:29:25.0562 4688 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys 10:29:25.0624 4688 BTHUSB - ok 10:29:25.0671 4688 btmaux (ba554bfcbf21201d310738a42c9c19e1) C:\Windows\system32\DRIVERS\btmaux.sys 10:29:25.0734 4688 btmaux - ok 10:29:25.0780 4688 btmhsf (0010a54571f525a97eed8c091e96eaa9) C:\Windows\system32\DRIVERS\btmhsf.sys 10:29:25.0905 4688 btmhsf - ok 10:29:25.0936 4688 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 10:29:26.0077 4688 cdfs - ok 10:29:26.0124 4688 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 10:29:26.0217 4688 cdrom - ok 10:29:26.0264 4688 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 10:29:26.0326 4688 CertPropSvc - ok 10:29:26.0373 4688 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys 10:29:26.0436 4688 cfwids - ok 10:29:26.0451 4688 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 10:29:26.0498 4688 circlass - ok 10:29:26.0529 4688 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 10:29:26.0576 4688 CLFS - ok 10:29:26.0685 4688 CLKMSVC10_9EC60124 (730bf325e4cc1e3935b81943ac6da216) c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe 10:29:26.0701 4688 CLKMSVC10_9EC60124 - ok 10:29:26.0779 4688 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 10:29:26.0810 4688 clr_optimization_v2.0.50727_32 - ok 10:29:26.0888 4688 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 10:29:26.0904 4688 clr_optimization_v2.0.50727_64 - ok 10:29:26.0982 4688 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 10:29:26.0997 4688 clr_optimization_v4.0.30319_32 - ok 10:29:27.0028 4688 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 10:29:27.0060 4688 clr_optimization_v4.0.30319_64 - ok 10:29:27.0122 4688 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 10:29:27.0153 4688 CmBatt - ok 10:29:27.0169 4688 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 10:29:27.0200 4688 cmdide - ok 10:29:27.0262 4688 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 10:29:27.0356 4688 CNG - ok 10:29:27.0372 4688 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 10:29:27.0372 4688 Compbatt - ok 10:29:27.0403 4688 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys 10:29:27.0465 4688 CompositeBus - ok 10:29:27.0481 4688 COMSysApp - ok 10:29:27.0512 4688 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 10:29:27.0543 4688 crcdisk - ok 10:29:27.0606 4688 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe 10:29:27.0621 4688 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning 10:29:27.0621 4688 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1) 10:29:27.0652 4688 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe 10:29:27.0668 4688 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning 10:29:27.0668 4688 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1) 10:29:27.0746 4688 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 10:29:27.0840 4688 CryptSvc - ok 10:29:27.0933 4688 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys 10:29:28.0058 4688 CSC - ok 10:29:28.0105 4688 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll 10:29:28.0152 4688 CscService - ok 10:29:28.0245 4688 CTAudSvcService (07ba6d17e66879018b30b6c3f976ebed) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe 10:29:28.0276 4688 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning 10:29:28.0276 4688 CTAudSvcService - detected UnsignedFile.Multi.Generic (1) 10:29:28.0354 4688 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\Windows\system32\DRIVERS\CtClsFlt.sys 10:29:28.0448 4688 CtClsFlt - ok 10:29:28.0526 4688 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 10:29:28.0604 4688 DcomLaunch - ok 10:29:28.0635 4688 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 10:29:28.0744 4688 defragsvc - ok 10:29:28.0776 4688 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 10:29:28.0838 4688 DfsC - ok 10:29:28.0900 4688 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 10:29:28.0963 4688 Dhcp - ok 10:29:28.0978 4688 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 10:29:29.0025 4688 discache - ok 10:29:29.0072 4688 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 10:29:29.0072 4688 Disk - ok 10:29:29.0119 4688 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys 10:29:29.0197 4688 dmvsc - ok 10:29:29.0228 4688 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 10:29:29.0322 4688 Dnscache - ok 10:29:29.0446 4688 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe 10:29:29.0540 4688 DockLoginService ( UnsignedFile.Multi.Generic ) - warning 10:29:29.0556 4688 DockLoginService - detected UnsignedFile.Multi.Generic (1) 10:29:29.0587 4688 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 10:29:29.0680 4688 dot3svc - ok 10:29:29.0696 4688 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 10:29:29.0758 4688 DPS - ok 10:29:29.0790 4688 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 10:29:29.0836 4688 drmkaud - ok 10:29:29.0914 4688 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 10:29:29.0992 4688 DXGKrnl - ok 10:29:30.0024 4688 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 10:29:30.0086 4688 EapHost - ok 10:29:30.0273 4688 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 10:29:30.0367 4688 ebdrv - ok 10:29:30.0492 4688 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 10:29:30.0570 4688 EFS - ok 10:29:30.0632 4688 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 10:29:30.0694 4688 ehRecvr - ok 10:29:30.0726 4688 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 10:29:30.0741 4688 ehSched - ok 10:29:30.0835 4688 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 10:29:30.0866 4688 elxstor - ok 10:29:30.0882 4688 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 10:29:30.0897 4688 ErrDev - ok 10:29:30.0991 4688 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 10:29:31.0069 4688 EventSystem - ok 10:29:31.0240 4688 EvtEng (ed8fbadbbaf7420adeae2d5d81f0d4a1) C:\Program Files\Intel\WiFi\bin\EvtEng.exe 10:29:31.0272 4688 EvtEng - ok 10:29:31.0412 4688 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 10:29:31.0506 4688 exfat - ok 10:29:31.0521 4688 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 10:29:31.0630 4688 fastfat - ok 10:29:31.0708 4688 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 10:29:31.0786 4688 Fax - ok 10:29:31.0818 4688 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 10:29:31.0864 4688 fdc - ok 10:29:31.0911 4688 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 10:29:31.0974 4688 fdPHost - ok 10:29:31.0989 4688 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 10:29:32.0052 4688 FDResPub - ok 10:29:32.0083 4688 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 10:29:32.0083 4688 FileInfo - ok 10:29:32.0098 4688 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 10:29:32.0145 4688 Filetrace - ok 10:29:32.0161 4688 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 10:29:32.0176 4688 flpydisk - ok 10:29:32.0208 4688 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 10:29:32.0270 4688 FltMgr - ok 10:29:32.0364 4688 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 10:29:32.0488 4688 FontCache - ok 10:29:32.0566 4688 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 10:29:32.0598 4688 FontCache3.0.0.0 - ok 10:29:32.0629 4688 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 10:29:32.0629 4688 FsDepends - ok 10:29:32.0676 4688 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 10:29:32.0754 4688 Fs_Rec - ok 10:29:32.0785 4688 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 10:29:32.0816 4688 fvevol - ok 10:29:32.0847 4688 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 10:29:32.0863 4688 gagp30kx - ok 10:29:32.0894 4688 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 10:29:32.0956 4688 GEARAspiWDM - ok 10:29:33.0034 4688 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 10:29:33.0081 4688 gpsvc - ok 10:29:33.0112 4688 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 10:29:33.0128 4688 hcw85cir - ok 10:29:33.0175 4688 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys 10:29:33.0284 4688 HDAudBus - ok 10:29:33.0300 4688 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 10:29:33.0315 4688 HidBatt - ok 10:29:33.0331 4688 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 10:29:33.0346 4688 HidBth - ok 10:29:33.0378 4688 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 10:29:33.0440 4688 HidIr - ok 10:29:33.0456 4688 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 10:29:33.0549 4688 hidserv - ok 10:29:33.0580 4688 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 10:29:33.0658 4688 HidUsb - ok 10:29:33.0674 4688 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 10:29:33.0752 4688 hkmsvc - ok 10:29:33.0799 4688 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 10:29:33.0846 4688 HomeGroupListener - ok 10:29:33.0877 4688 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 10:29:33.0924 4688 HomeGroupProvider - ok 10:29:33.0955 4688 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 10:29:34.0017 4688 HpSAMD - ok 10:29:34.0064 4688 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 10:29:34.0111 4688 HTTP - ok 10:29:34.0111 4688 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 10:29:34.0126 4688 hwpolicy - ok 10:29:34.0142 4688 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 10:29:34.0158 4688 i8042prt - ok 10:29:34.0220 4688 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys 10:29:34.0236 4688 iaStor - ok 10:29:34.0282 4688 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 10:29:34.0407 4688 iaStorV - ok 10:29:34.0438 4688 iBtFltCoex (50b8ab6013ef9970ac85fdba0f622300) C:\Windows\system32\DRIVERS\iBtFltCoex.sys 10:29:34.0501 4688 iBtFltCoex - ok 10:29:34.0641 4688 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 10:29:34.0672 4688 idsvc - ok 10:29:35.0187 4688 igfx (66dc0ce2d1867b8178eaa0e11930dbd7) C:\Windows\system32\DRIVERS\igdkmd64.sys 10:29:35.0530 4688 igfx - ok 10:29:35.0640 4688 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 10:29:35.0671 4688 iirsp - ok 10:29:35.0764 4688 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 10:29:35.0842 4688 IKEEXT - ok 10:29:35.0952 4688 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys 10:29:36.0061 4688 Impcd - ok 10:29:36.0342 4688 IntcAzAudAddService (8fed6428fde53d7f4c105095f22524be) C:\Windows\system32\drivers\RTKVHD64.sys 10:29:36.0420 4688 IntcAzAudAddService - ok 10:29:36.0560 4688 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys 10:29:36.0638 4688 IntcDAud - ok 10:29:36.0654 4688 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 10:29:36.0685 4688 intelide - ok 10:29:36.0732 4688 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 10:29:36.0778 4688 intelppm - ok 10:29:36.0825 4688 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 10:29:36.0903 4688 IPBusEnum - ok 10:29:36.0919 4688 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 10:29:36.0997 4688 IpFilterDriver - ok 10:29:37.0090 4688 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 10:29:37.0137 4688 iphlpsvc - ok 10:29:37.0153 4688 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 10:29:37.0200 4688 IPMIDRV - ok 10:29:37.0215 4688 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 10:29:37.0262 4688 IPNAT - ok 10:29:37.0387 4688 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe 10:29:37.0402 4688 iPod Service - ok 10:29:37.0434 4688 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 10:29:37.0449 4688 IRENUM - ok 10:29:37.0449 4688 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 10:29:37.0465 4688 isapnp - ok 10:29:37.0496 4688 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 10:29:37.0543 4688 iScsiPrt - ok 10:29:37.0574 4688 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 10:29:37.0574 4688 kbdclass - ok 10:29:37.0605 4688 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 10:29:37.0652 4688 kbdhid - ok 10:29:37.0699 4688 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:29:37.0730 4688 KeyIso - ok 10:29:37.0746 4688 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 10:29:37.0808 4688 KSecDD - ok 10:29:37.0824 4688 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 10:29:37.0902 4688 KSecPkg - ok 10:29:37.0917 4688 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 10:29:37.0995 4688 ksthunk - ok 10:29:38.0042 4688 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 10:29:38.0120 4688 KtmRm - ok 10:29:38.0245 4688 L4301_Solar (caeaa16039485b2d3bb069c1107442a5) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe 10:29:38.0276 4688 L4301_Solar - ok 10:29:38.0323 4688 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 10:29:38.0385 4688 LanmanServer - ok 10:29:38.0401 4688 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 10:29:38.0463 4688 LanmanWorkstation - ok 10:29:38.0510 4688 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 10:29:38.0572 4688 lltdio - ok 10:29:38.0619 4688 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 10:29:38.0744 4688 lltdsvc - ok 10:29:38.0760 4688 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 10:29:38.0806 4688 lmhosts - ok 10:29:38.0900 4688 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 10:29:38.0978 4688 LMS - ok 10:29:39.0025 4688 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 10:29:39.0056 4688 LSI_FC - ok 10:29:39.0072 4688 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 10:29:39.0087 4688 LSI_SAS - ok 10:29:39.0118 4688 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 10:29:39.0150 4688 LSI_SAS2 - ok 10:29:39.0165 4688 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 10:29:39.0181 4688 LSI_SCSI - ok 10:29:39.0212 4688 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 10:29:39.0306 4688 luafv - ok 10:29:39.0368 4688 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 10:29:39.0430 4688 MBAMProtector - ok 10:29:39.0540 4688 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 10:29:39.0571 4688 MBAMService - ok 10:29:39.0664 4688 McAWFwk (9504f1dda1b67fb8d526fd4f8cc882f3) c:\PROGRA~1\mcafee\msc\mcawfwk.exe 10:29:39.0696 4688 McAWFwk - ok 10:29:39.0774 4688 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 10:29:39.0805 4688 McMPFSvc - ok 10:29:39.0820 4688 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe 10:29:39.0852 4688 mcmscsvc - ok 10:29:39.0867 4688 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe 10:29:39.0898 4688 McNaiAnn - ok 10:29:39.0898 4688 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe 10:29:39.0914 4688 McNASvc - ok 10:29:39.0976 4688 McODS (c6232488cdbf063ce077fc7f8f8c248c) C:\Program Files\mcafee\VirusScan\mcods.exe 10:29:39.0992 4688 McODS - ok 10:29:39.0992 4688 McOobeSv (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe 10:29:40.0008 4688 McOobeSv - ok 10:29:40.0008 4688 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe 10:29:40.0023 4688 McProxy - ok 10:29:40.0148 4688 McShield (325b166bf78d8a8ad93e44ca7a6fc332) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe 10:29:40.0179 4688 McShield - ok 10:29:40.0273 4688 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 10:29:40.0335 4688 Mcx2Svc - ok 10:29:40.0382 4688 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 10:29:40.0413 4688 megasas - ok 10:29:40.0444 4688 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 10:29:40.0491 4688 MegaSR - ok 10:29:40.0522 4688 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys 10:29:40.0600 4688 MEIx64 - ok 10:29:40.0647 4688 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys 10:29:40.0710 4688 mfeapfk - ok 10:29:40.0741 4688 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys 10:29:40.0819 4688 mfeavfk - ok 10:29:40.0850 4688 mfeavfk01 - ok 10:29:40.0912 4688 mfefire (7d8fdc43972d059907e09ee4022f77e8) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe 10:29:40.0944 4688 mfefire - ok 10:29:40.0975 4688 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys 10:29:41.0068 4688 mfefirek - ok 10:29:41.0115 4688 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys 10:29:41.0193 4688 mfehidk - ok 10:29:41.0224 4688 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys 10:29:41.0271 4688 mfenlfk - ok 10:29:41.0302 4688 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys 10:29:41.0380 4688 mferkdet - ok 10:29:41.0427 4688 mfevtp (8a78905057308b084eaa29a9fe1b4f58) C:\Windows\system32\mfevtps.exe 10:29:41.0458 4688 mfevtp - ok 10:29:41.0474 4688 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys 10:29:41.0552 4688 mfewfpk - ok 10:29:41.0568 4688 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 10:29:41.0661 4688 MMCSS - ok 10:29:41.0692 4688 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 10:29:41.0770 4688 Modem - ok 10:29:41.0802 4688 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 10:29:41.0848 4688 monitor - ok 10:29:41.0880 4688 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 10:29:41.0911 4688 mouclass - ok 10:29:41.0926 4688 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 10:29:41.0989 4688 mouhid - ok 10:29:42.0020 4688 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 10:29:42.0051 4688 mountmgr - ok 10:29:42.0082 4688 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 10:29:42.0129 4688 mpio - ok 10:29:42.0160 4688 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 10:29:42.0238 4688 mpsdrv - ok 10:29:42.0301 4688 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 10:29:42.0379 4688 MpsSvc - ok 10:29:42.0410 4688 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 10:29:42.0488 4688 MRxDAV - ok 10:29:42.0519 4688 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 10:29:42.0597 4688 mrxsmb - ok 10:29:42.0644 4688 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 10:29:42.0753 4688 mrxsmb10 - ok 10:29:42.0769 4688 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 10:29:42.0831 4688 mrxsmb20 - ok 10:29:42.0847 4688 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 10:29:42.0909 4688 msahci - ok 10:29:42.0940 4688 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 10:29:43.0018 4688 msdsm - ok 10:29:43.0050 4688 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 10:29:43.0065 4688 MSDTC - ok 10:29:43.0081 4688 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 10:29:43.0128 4688 Msfs - ok 10:29:43.0143 4688 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 10:29:43.0237 4688 mshidkmdf - ok 10:29:43.0237 4688 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 10:29:43.0252 4688 msisadrv - ok 10:29:43.0284 4688 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 10:29:43.0330 4688 MSiSCSI - ok 10:29:43.0330 4688 msiserver - ok 10:29:43.0424 4688 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 10:29:43.0455 4688 MSK80Service - ok 10:29:43.0486 4688 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 10:29:43.0564 4688 MSKSSRV - ok 10:29:43.0580 4688 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 10:29:43.0658 4688 MSPCLOCK - ok 10:29:43.0674 4688 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 10:29:43.0752 4688 MSPQM - ok 10:29:43.0798 4688 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 10:29:43.0876 4688 MsRPC - ok 10:29:43.0892 4688 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 10:29:43.0892 4688 mssmbios - ok 10:29:43.0908 4688 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 10:29:43.0954 4688 MSTEE - ok 10:29:44.0017 4688 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 10:29:44.0032 4688 MTConfig - ok 10:29:44.0048 4688 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 10:29:44.0064 4688 Mup - ok 10:29:44.0126 4688 MyWiFiDHCPDNS (f02a154fde5da779e971352256e64cff) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe 10:29:44.0157 4688 MyWiFiDHCPDNS - ok 10:29:44.0220 4688 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 10:29:44.0313 4688 napagent - ok 10:29:44.0376 4688 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 10:29:44.0454 4688 NativeWifiP - ok 10:29:44.0563 4688 NAUpdate (7f79da9e719d0774bdbc3622abd3afd9) C:\Program Files (x86)\Nero\Update\NASvc.exe 10:29:44.0594 4688 NAUpdate - ok 10:29:44.0672 4688 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys 10:29:44.0703 4688 NDIS - ok 10:29:44.0719 4688 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 10:29:44.0766 4688 NdisCap - ok 10:29:44.0797 4688 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 10:29:44.0859 4688 NdisTapi - ok 10:29:44.0875 4688 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 10:29:44.0953 4688 Ndisuio - ok 10:29:44.0984 4688 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 10:29:45.0093 4688 NdisWan - ok 10:29:45.0109 4688 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 10:29:45.0171 4688 NDProxy - ok 10:29:45.0187 4688 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 10:29:45.0265 4688 NetBIOS - ok 10:29:45.0296 4688 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 10:29:45.0343 4688 NetBT - ok 10:29:45.0390 4688 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:29:45.0421 4688 Netlogon - ok 10:29:45.0468 4688 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 10:29:45.0577 4688 Netman - ok 10:29:45.0670 4688 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 10:29:45.0748 4688 NetMsmqActivator - ok 10:29:45.0764 4688 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 10:29:45.0780 4688 NetPipeActivator - ok 10:29:45.0811 4688 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 10:29:45.0920 4688 netprofm - ok 10:29:45.0920 4688 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 10:29:45.0936 4688 NetTcpActivator - ok 10:29:45.0936 4688 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 10:29:45.0951 4688 NetTcpPortSharing - ok 10:29:46.0014 4688 netvsc (73ce12b8bdd747b0063cb0a7ef44cea7) C:\Windows\system32\DRIVERS\netvsc60.sys 10:29:46.0076 4688 netvsc - ok 10:29:46.0700 4688 NETwNs64 (c3fc3eee5a0ce77a02b27cfdfaf0c758) C:\Windows\system32\DRIVERS\NETwNs64.sys 10:29:47.0028 4688 NETwNs64 - ok 10:29:47.0168 4688 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 10:29:47.0199 4688 nfrd960 - ok 10:29:47.0277 4688 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 10:29:47.0324 4688 NlaSvc - ok 10:29:47.0511 4688 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe 10:29:47.0558 4688 NOBU - ok 10:29:47.0636 4688 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 10:29:47.0761 4688 Npfs - ok 10:29:47.0776 4688 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 10:29:47.0823 4688 nsi - ok 10:29:47.0839 4688 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 10:29:47.0901 4688 nsiproxy - ok 10:29:48.0010 4688 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 10:29:48.0135 4688 Ntfs - ok 10:29:48.0198 4688 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 10:29:48.0276 4688 Null - ok 10:29:48.0307 4688 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys 10:29:48.0400 4688 nusb3hub - ok 10:29:48.0416 4688 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys 10:29:48.0510 4688 nusb3xhc - ok 10:29:49.0056 4688 nvlddmkm (573b0941a37aebee96085d56a103f57b) C:\Windows\system32\DRIVERS\nvlddmkm.sys 10:29:49.0243 4688 nvlddmkm - ok 10:29:49.0321 4688 nvpciflt (43af7ebeac2ab623468e32caddcb61a4) C:\Windows\system32\DRIVERS\nvpciflt.sys 10:29:49.0399 4688 nvpciflt - ok 10:29:49.0446 4688 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 10:29:49.0524 4688 nvraid - ok 10:29:49.0539 4688 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 10:29:49.0617 4688 nvstor - ok 10:29:49.0664 4688 NvStUSB (92d06926c5da2a2e62e8fb5104f44d92) C:\Windows\system32\drivers\nvstusb.sys 10:29:49.0742 4688 NvStUSB - ok 10:29:49.0804 4688 NVSvc (c500760572c6059918fb0c960967695b) C:\Windows\system32\nvvsvc.exe 10:29:49.0836 4688 NVSvc - ok 10:29:50.0007 4688 nvUpdatusService (f28169a7adf7b41809cf92d369e744f0) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 10:29:50.0038 4688 nvUpdatusService - ok 10:29:50.0148 4688 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 10:29:50.0194 4688 nv_agp - ok 10:29:50.0210 4688 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 10:29:50.0226 4688 ohci1394 - ok 10:29:50.0272 4688 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 10:29:50.0319 4688 ose - ok 10:29:50.0584 4688 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 10:29:50.0740 4688 osppsvc - ok 10:29:50.0912 4688 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 10:29:50.0943 4688 p2pimsvc - ok 10:29:50.0990 4688 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 10:29:51.0052 4688 p2psvc - ok 10:29:51.0084 4688 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 10:29:51.0099 4688 Parport - ok 10:29:51.0146 4688 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 10:29:51.0208 4688 partmgr - ok 10:29:51.0224 4688 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 10:29:51.0255 4688 PcaSvc - ok 10:29:51.0286 4688 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 10:29:51.0318 4688 pci - ok 10:29:51.0333 4688 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 10:29:51.0349 4688 pciide - ok 10:29:51.0380 4688 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 10:29:51.0411 4688 pcmcia - ok 10:29:51.0427 4688 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 10:29:51.0442 4688 pcw - ok 10:29:51.0474 4688 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 10:29:51.0614 4688 PEAUTH - ok 10:29:51.0708 4688 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll 10:29:51.0817 4688 PeerDistSvc - ok 10:29:51.0879 4688 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 10:29:51.0926 4688 PerfHost - ok 10:29:52.0051 4688 pfc - ok 10:29:52.0129 4688 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 10:29:52.0254 4688 pla - ok 10:29:52.0347 4688 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 10:29:52.0456 4688 PlugPlay - ok 10:29:52.0519 4688 Pml Driver HPZ12 (f485770eec8959684cc4c4786b63c06c) C:\Windows\system32\HPZipm12.dll 10:29:52.0597 4688 Pml Driver HPZ12 - ok 10:29:52.0612 4688 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 10:29:52.0628 4688 PNRPAutoReg - ok 10:29:52.0644 4688 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 10:29:52.0659 4688 PNRPsvc - ok 10:29:52.0737 4688 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 10:29:52.0846 4688 PolicyAgent - ok 10:29:52.0862 4688 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 10:29:52.0971 4688 Power - ok 10:29:53.0018 4688 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 10:29:53.0112 4688 PptpMiniport - ok 10:29:53.0127 4688 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 10:29:53.0143 4688 Processor - ok 10:29:53.0190 4688 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 10:29:53.0283 4688 ProfSvc - ok 10:29:53.0314 4688 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:29:53.0346 4688 ProtectedStorage - ok 10:29:53.0392 4688 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 10:29:53.0455 4688 Psched - ok 10:29:53.0486 4688 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys 10:29:53.0533 4688 PxHlpa64 - ok 10:29:53.0564 4688 qicflt (0928bd20273625622722fe1de5bbde57) C:\Windows\system32\DRIVERS\qicflt.sys 10:29:53.0626 4688 qicflt - ok 10:29:53.0736 4688 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 10:29:53.0814 4688 ql2300 - ok 10:29:53.0923 4688 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 10:29:53.0970 4688 ql40xx - ok 10:29:54.0016 4688 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 10:29:54.0063 4688 QWAVE - ok 10:29:54.0094 4688 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 10:29:54.0126 4688 QWAVEdrv - ok 10:29:54.0126 4688 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 10:29:54.0204 4688 RasAcd - ok 10:29:54.0235 4688 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 10:29:54.0297 4688 RasAgileVpn - ok 10:29:54.0328 4688 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 10:29:54.0438 4688 RasAuto - ok 10:29:54.0469 4688 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 10:29:54.0531 4688 Rasl2tp - ok 10:29:54.0594 4688 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 10:29:54.0718 4688 RasMan - ok 10:29:54.0734 4688 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 10:29:54.0828 4688 RasPppoe - ok 10:29:54.0859 4688 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 10:29:54.0937 4688 RasSstp - ok 10:29:54.0984 4688 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 10:29:55.0093 4688 rdbss - ok 10:29:55.0093 4688 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 10:29:55.0108 4688 rdpbus - ok 10:29:55.0140 4688 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 10:29:55.0218 4688 RDPCDD - ok 10:29:55.0249 4688 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys 10:29:55.0327 4688 RDPDR - ok 10:29:55.0342 4688 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 10:29:55.0420 4688 RDPENCDD - ok 10:29:55.0436 4688 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 10:29:55.0483 4688 RDPREFMP - ok 10:29:55.0530 4688 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 10:29:55.0623 4688 RDPWD - ok 10:29:55.0670 4688 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 10:29:55.0764 4688 rdyboost - ok 10:29:55.0873 4688 RegSrvc (3a1ef2f8d0808bece6a2fef3ea3987a5) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 10:29:55.0888 4688 RegSrvc - ok 10:29:55.0920 4688 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 10:29:55.0998 4688 RemoteAccess - ok 10:29:56.0029 4688 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 10:29:56.0076 4688 RemoteRegistry - ok 10:29:56.0122 4688 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 10:29:56.0185 4688 RFCOMM - ok 10:29:56.0325 4688 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe 10:29:56.0372 4688 RoxMediaDB12OEM - ok 10:29:56.0419 4688 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe 10:29:56.0466 4688 RoxWatch12 - ok 10:29:56.0528 4688 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 10:29:56.0606 4688 RpcEptMapper - ok 10:29:56.0653 4688 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 10:29:56.0684 4688 RpcLocator - ok 10:29:56.0715 4688 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 10:29:56.0778 4688 RpcSs - ok 10:29:56.0809 4688 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 10:29:56.0887 4688 rspndr - ok 10:29:56.0934 4688 RTL8167 (a73ed14670220307874ad6bc2f279349) C:\Windows\system32\DRIVERS\Rt64win7.sys 10:29:57.0012 4688 RTL8167 - ok 10:29:57.0027 4688 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys 10:29:57.0090 4688 s3cap - ok 10:29:57.0121 4688 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:29:57.0152 4688 SamSs - ok 10:29:57.0168 4688 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 10:29:57.0246 4688 sbp2port - ok 10:29:57.0261 4688 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 10:29:57.0355 4688 SCardSvr - ok 10:29:57.0355 4688 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 10:29:57.0433 4688 scfilter - ok 10:29:57.0526 4688 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 10:29:57.0667 4688 Schedule - ok 10:29:57.0714 4688 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 10:29:57.0776 4688 SCPolicySvc - ok 10:29:57.0807 4688 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 10:29:57.0901 4688 SDRSVC - ok 10:29:57.0963 4688 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 10:29:58.0041 4688 secdrv - ok 10:29:58.0057 4688 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 10:29:58.0119 4688 seclogon - ok 10:29:58.0150 4688 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 10:29:58.0182 4688 SENS - ok 10:29:58.0197 4688 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 10:29:58.0228 4688 SensrSvc - ok 10:29:58.0260 4688 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys 10:29:58.0291 4688 Serenum - ok 10:29:58.0306 4688 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys 10:29:58.0338 4688 Serial - ok 10:29:58.0353 4688 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 10:29:58.0369 4688 sermouse - ok 10:29:58.0384 4688 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 10:29:58.0478 4688 SessionEnv - ok 10:29:58.0478 4688 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 10:29:58.0494 4688 sffdisk - ok 10:29:58.0494 4688 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 10:29:58.0509 4688 sffp_mmc - ok 10:29:58.0509 4688 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 10:29:58.0556 4688 sffp_sd - ok 10:29:58.0556 4688 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 10:29:58.0572 4688 sfloppy - ok 10:29:58.0743 4688 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE 10:29:58.0759 4688 SftService - ok 10:29:58.0868 4688 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 10:29:58.0977 4688 SharedAccess - ok 10:29:59.0024 4688 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 10:29:59.0086 4688 ShellHWDetection - ok 10:29:59.0149 4688 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 10:29:59.0149 4688 SiSRaid2 - ok 10:29:59.0164 4688 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 10:29:59.0180 4688 SiSRaid4 - ok 10:29:59.0196 4688 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 10:29:59.0289 4688 Smb - ok 10:29:59.0320 4688 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 10:29:59.0352 4688 SNMPTRAP - ok 10:29:59.0414 4688 Sound Blaster X-Fi MB Licensing Service (9b24dca429f819db314f30ee4c6c80fd) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe 10:29:59.0430 4688 Sound Blaster X-Fi MB Licensing Service ( UnsignedFile.Multi.Generic ) - warning 10:29:59.0430 4688 Sound Blaster X-Fi MB Licensing Service - detected UnsignedFile.Multi.Generic (1) 10:29:59.0461 4688 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 10:29:59.0492 4688 spldr - ok 10:29:59.0523 4688 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 10:29:59.0570 4688 Spooler - ok 10:29:59.0757 4688 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 10:29:59.0835 4688 sppsvc - ok 10:29:59.0929 4688 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 10:30:00.0007 4688 sppuinotify - ok 10:30:00.0178 4688 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 10:30:00.0303 4688 srv - ok 10:30:00.0350 4688 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 10:30:00.0428 4688 srv2 - ok 10:30:00.0475 4688 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 10:30:00.0553 4688 srvnet - ok 10:30:00.0584 4688 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 10:30:00.0678 4688 SSDPSRV - ok 10:30:00.0693 4688 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 10:30:00.0740 4688 SstpSvc - ok 10:30:00.0771 4688 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys 10:30:00.0834 4688 stdcfltn - ok 10:30:00.0912 4688 Stereo Service (0683504bbb3ffc0a73d9d217b63dd0e0) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 10:30:00.0943 4688 Stereo Service - ok 10:30:00.0958 4688 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 10:30:00.0990 4688 stexstor - ok 10:30:01.0036 4688 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 10:30:01.0099 4688 stisvc - ok 10:30:01.0146 4688 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe 10:30:01.0161 4688 stllssvr - ok 10:30:01.0177 4688 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll 10:30:01.0255 4688 StorSvc - ok 10:30:01.0286 4688 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys 10:30:01.0364 4688 storvsc - ok 10:30:01.0395 4688 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 10:30:01.0395 4688 swenum - ok 10:30:01.0442 4688 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 10:30:01.0551 4688 swprv - ok 10:30:01.0567 4688 SynthVid (4cdd7df58730d23ba9cb5829a6e2ecea) C:\Windows\system32\DRIVERS\VMBusVideoM.sys 10:30:01.0629 4688 SynthVid - ok 10:30:01.0723 4688 SynTP (5e3b232a614339399acc71fa3aaaaa6b) C:\Windows\system32\DRIVERS\SynTP.sys 10:30:01.0785 4688 SynTP - ok 10:30:01.0941 4688 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 10:30:02.0019 4688 SysMain - ok 10:30:02.0082 4688 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 10:30:02.0113 4688 TabletInputService - ok 10:30:02.0144 4688 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 10:30:02.0238 4688 TapiSrv - ok 10:30:02.0253 4688 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 10:30:02.0300 4688 TBS - ok 10:30:02.0456 4688 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 10:30:02.0503 4688 Tcpip - ok 10:30:02.0659 4688 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 10:30:02.0690 4688 TCPIP6 - ok 10:30:02.0784 4688 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 10:30:02.0877 4688 tcpipreg - ok 10:30:02.0877 4688 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 10:30:02.0940 4688 TDPIPE - ok 10:30:02.0971 4688 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 10:30:03.0064 4688 TDTCP - ok 10:30:03.0096 4688 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 10:30:03.0158 4688 tdx - ok 10:30:03.0345 4688 TeamViewer6 (b357451a6958e2b7b506fb1d08271be6) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe 10:30:03.0392 4688 TeamViewer6 - ok 10:30:03.0532 4688 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys 10:30:03.0579 4688 TermDD - ok 10:30:03.0642 4688 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 10:30:03.0766 4688 TermService - ok 10:30:03.0782 4688 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 10:30:03.0844 4688 Themes - ok 10:30:03.0860 4688 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 10:30:03.0922 4688 THREADORDER - ok 10:30:03.0938 4688 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 10:30:04.0000 4688 TrkWks - ok 10:30:04.0032 4688 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 10:30:04.0063 4688 TrustedInstaller - ok 10:30:04.0078 4688 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 10:30:04.0156 4688 tssecsrv - ok 10:30:04.0188 4688 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 10:30:04.0266 4688 TsUsbFlt - ok 10:30:04.0297 4688 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 10:30:04.0328 4688 TsUsbGD - ok 10:30:04.0375 4688 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 10:30:04.0453 4688 tunnel - ok 10:30:04.0484 4688 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys 10:30:04.0515 4688 TurboB - ok 10:30:04.0593 4688 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe 10:30:04.0671 4688 TurboBoost - ok 10:30:04.0687 4688 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 10:30:04.0718 4688 uagp35 - ok 10:30:04.0765 4688 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 10:30:04.0905 4688 udfs - ok 10:30:04.0921 4688 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 10:30:04.0936 4688 UI0Detect - ok 10:30:04.0952 4688 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 10:30:04.0968 4688 uliagpkx - ok 10:30:04.0999 4688 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 10:30:05.0061 4688 umbus - ok 10:30:05.0077 4688 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 10:30:05.0092 4688 UmPass - ok 10:30:05.0139 4688 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll 10:30:05.0202 4688 UmRdpService - ok 10:30:05.0389 4688 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 10:30:05.0436 4688 UNS - ok 10:30:05.0592 4688 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 10:30:05.0716 4688 upnphost - ok 10:30:05.0794 4688 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys 10:30:05.0857 4688 USBAAPL64 - ok 10:30:05.0888 4688 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys 10:30:05.0966 4688 usbccgp - ok 10:30:06.0013 4688 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 10:30:06.0060 4688 usbcir - ok 10:30:06.0075 4688 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 10:30:06.0122 4688 usbehci - ok 10:30:06.0184 4688 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 10:30:06.0262 4688 usbhub - ok 10:30:06.0278 4688 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 10:30:06.0325 4688 usbohci - ok 10:30:06.0356 4688 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 10:30:06.0418 4688 usbprint - ok 10:30:06.0434 4688 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 10:30:06.0528 4688 USBSTOR - ok 10:30:06.0559 4688 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 10:30:06.0637 4688 usbuhci - ok 10:30:06.0668 4688 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys 10:30:06.0715 4688 usbvideo - ok 10:30:06.0762 4688 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 10:30:06.0808 4688 UxSms - ok 10:30:06.0840 4688 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:30:06.0871 4688 VaultSvc - ok 10:30:06.0902 4688 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 10:30:06.0933 4688 vdrvroot - ok 10:30:06.0980 4688 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 10:30:07.0074 4688 vds - ok 10:30:07.0089 4688 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 10:30:07.0120 4688 vga - ok 10:30:07.0152 4688 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 10:30:07.0230 4688 VgaSave - ok 10:30:07.0245 4688 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 10:30:07.0323 4688 vhdmp - ok 10:30:07.0339 4688 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 10:30:07.0339 4688 viaide - ok 10:30:07.0370 4688 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys 10:30:07.0432 4688 VMBusHID - ok 10:30:07.0464 4688 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 10:30:07.0542 4688 volmgr - ok 10:30:07.0573 4688 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 10:30:07.0620 4688 volmgrx - ok 10:30:07.0651 4688 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 10:30:07.0729 4688 volsnap - ok 10:30:07.0776 4688 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 10:30:07.0822 4688 vsmraid - ok 10:30:07.0932 4688 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 10:30:07.0994 4688 VSS - ok 10:30:08.0088 4688 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 10:30:08.0103 4688 vwifibus - ok 10:30:08.0212 4688 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 10:30:08.0275 4688 vwififlt - ok 10:30:08.0306 4688 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 10:30:08.0353 4688 vwifimp - ok 10:30:08.0415 4688 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 10:30:08.0509 4688 W32Time - ok 10:30:08.0540 4688 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 10:30:08.0571 4688 WacomPen - ok 10:30:08.0587 4688 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 10:30:08.0680 4688 WANARP - ok 10:30:08.0680 4688 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 10:30:08.0712 4688 Wanarpv6 - ok 10:30:08.0821 4688 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 10:30:08.0868 4688 WatAdminSvc - ok 10:30:08.0946 4688 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 10:30:08.0977 4688 wbengine - ok 10:30:09.0086 4688 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 10:30:09.0117 4688 WbioSrvc - ok 10:30:09.0148 4688 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 10:30:09.0195 4688 wcncsvc - ok 10:30:09.0211 4688 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 10:30:09.0226 4688 WcsPlugInService - ok 10:30:09.0273 4688 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 10:30:09.0304 4688 Wd - ok 10:30:09.0351 4688 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 10:30:09.0398 4688 Wdf01000 - ok 10:30:09.0414 4688 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 10:30:09.0523 4688 WdiServiceHost - ok 10:30:09.0523 4688 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 10:30:09.0554 4688 WdiSystemHost - ok 10:30:09.0570 4688 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 10:30:09.0632 4688 WebClient - ok 10:30:09.0663 4688 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 10:30:09.0757 4688 Wecsvc - ok 10:30:09.0772 4688 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 10:30:09.0819 4688 wercplsupport - ok 10:30:09.0850 4688 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 10:30:09.0928 4688 WerSvc - ok 10:30:09.0975 4688 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 10:30:10.0053 4688 WfpLwf - ok 10:30:10.0100 4688 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys 10:30:10.0162 4688 WimFltr - ok 10:30:10.0162 4688 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 10:30:10.0178 4688 WIMMount - ok 10:30:10.0209 4688 WinDefend - ok 10:30:10.0209 4688 WinHttpAutoProxySvc - ok 10:30:10.0287 4688 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 10:30:10.0396 4688 Winmgmt - ok 10:30:10.0521 4688 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 10:30:10.0724 4688 WinRM - ok 10:30:10.0911 4688 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 10:30:10.0958 4688 WinUsb - ok 10:30:11.0052 4688 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 10:30:11.0098 4688 Wlansvc - ok 10:30:11.0176 4688 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 10:30:11.0254 4688 wlcrasvc - ok 10:30:11.0395 4688 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 10:30:11.0426 4688 wlidsvc - ok 10:30:11.0504 4688 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 10:30:11.0551 4688 WmiAcpi - ok 10:30:11.0629 4688 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 10:30:11.0660 4688 wmiApSrv - ok 10:30:11.0676 4688 WMPNetworkSvc - ok 10:30:11.0707 4688 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 10:30:11.0769 4688 WPCSvc - ok 10:30:11.0800 4688 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 10:30:11.0863 4688 WPDBusEnum - ok 10:30:11.0878 4688 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 10:30:11.0925 4688 ws2ifsl - ok 10:30:11.0941 4688 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 10:30:11.0972 4688 wscsvc - ok 10:30:12.0019 4688 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys 10:30:12.0034 4688 WSDPrintDevice - ok 10:30:12.0034 4688 WSearch - ok 10:30:12.0206 4688 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 10:30:12.0237 4688 wuauserv - ok 10:30:12.0362 4688 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 10:30:12.0471 4688 WudfPf - ok 10:30:12.0518 4688 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 10:30:12.0627 4688 WUDFRd - ok 10:30:12.0658 4688 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 10:30:12.0752 4688 wudfsvc - ok 10:30:12.0783 4688 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 10:30:12.0846 4688 WwanSvc - ok 10:30:12.0924 4688 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 10:30:12.0955 4688 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected 10:30:12.0955 4688 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0) 10:30:13.0064 4688 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 10:30:13.0064 4688 \Device\Harddisk0\DR0 - detected TDSS File System (1) 10:30:13.0111 4688 Boot (0x1200) (cddaa73dceadb55777b08a8cabf9e365) \Device\Harddisk0\DR0\Partition0 10:30:13.0111 4688 \Device\Harddisk0\DR0\Partition0 - ok 10:30:13.0126 4688 Boot (0x1200) (935d9df834fa10b64d14e1f5bc549fdb) \Device\Harddisk0\DR0\Partition1 10:30:13.0126 4688 \Device\Harddisk0\DR0\Partition1 - ok 10:30:13.0126 4688 ============================================================ 10:30:13.0126 4688 Scan finished 10:30:13.0126 4688 ============================================================ 10:30:13.0142 6032 Detected object count: 10 10:30:13.0142 6032 Actual detected object count: 10 10:34:24.0066 6032 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - skipped by user 10:34:24.0066 6032 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:34:24.0066 6032 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - skipped by user 10:34:24.0066 6032 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:34:24.0066 6032 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - skipped by user 10:34:24.0066 6032 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:34:24.0066 6032 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 10:34:24.0066 6032 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:34:24.0066 6032 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 10:34:24.0066 6032 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:34:24.0066 6032 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user 10:34:24.0066 6032 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:34:24.0066 6032 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user 10:34:24.0066 6032 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:34:24.0066 6032 Sound Blaster X-Fi MB Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 10:34:24.0066 6032 Sound Blaster X-Fi MB Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:34:24.0674 6032 \Device\Harddisk0\DR0\# - copied to quarantine 10:34:24.0690 6032 \Device\Harddisk0\DR0 - copied to quarantine 10:34:24.0846 6032 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 10:34:25.0002 6032 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 10:34:25.0064 6032 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 10:34:25.0189 6032 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 10:34:25.0298 6032 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 10:34:30.0462 6032 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 10:34:30.0540 6032 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 10:34:30.0602 6032 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 10:34:30.0618 6032 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 10:34:30.0633 6032 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 10:34:30.0680 6032 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 10:34:30.0758 6032 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 10:34:30.0774 6032 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 10:34:30.0774 6032 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine 10:34:30.0805 6032 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot 10:34:30.0867 6032 \Device\Harddisk0\DR0 - ok 10:34:30.0883 6032 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 10:34:30.0914 6032 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 10:34:31.0023 6032 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 10:34:31.0070 6032 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 10:34:31.0117 6032 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 10:34:31.0164 6032 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 10:34:36.0031 6032 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 10:34:36.0109 6032 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 10:34:36.0203 6032 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 10:34:36.0203 6032 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 10:34:36.0203 6032 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 10:34:36.0281 6032 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 10:34:36.0374 6032 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 10:34:36.0374 6032 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 10:34:36.0390 6032 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine 10:34:36.0390 6032 \Device\Harddisk0\DR0\TDLFS - deleted 10:34:36.0390 6032 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete 10:35:56.0071 5764 Deinitialize success

Mr. Charlie: Thank you ever so much for your amazingly fast reply. Here is the report from Rogue Killer followed by the DDS and Attach file transcripts which I ran again after the Rogue Killer scan. I didn't do anything else with Rogue Killer. I didn't delete anything even though it encouraged me to. I really appreciate your help and assurance that I'm doing the right thing! Wendy RogueKiller V7.5.4 [06/07/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Wendy T. King [Admin rights] Mode: Scan -- Date: 06/20/2012 14:35:41 ¤¤¤ Bad processes: 1 ¤¤¤ [sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 7 ¤¤¤ [bLACKLIST DLL] HKCU\[...]\Run : Apps (rundll32.exe "C:\Users\Wendy T. King\AppData\Local\Deployment\Apps\jdnvtd.dll",CreateInstance) -> FOUND [bLACKLIST DLL] HKUS\S-1-5-21-3792395675-2708013395-2015148367-1001[...]\Run : Apps (rundll32.exe "C:\Users\Wendy T. King\AppData\Local\Deployment\Apps\jdnvtd.dll",CreateInstance) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9500420AS +++++ --- User --- [MBR] 9d490dd7e6adfb6a473e12293cc8b6b4 [bSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 456835 Mo User != LL1 ... KO! --- LL1 --- [MBR] dfabe36aaf4649e11ff4fd841ce39f1b [bSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code Partition table: 1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 456835 Mo User != LL2 ... KO! --- LL2 --- [MBR] dfabe36aaf4649e11ff4fd841ce39f1b [bSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code Partition table: 1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 456835 Mo Finished : << RKreport[1].txt >> RKreport[1].txt Here is the DDS: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Wendy T. King at 14:39:10 on 2012-06-20 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8086.5726 [GMT -7:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Program Files\Logitech\SolarApp\L4301_Solar.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\mfevtps.exe C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k swprv C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\rundll32.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Windows\system32\AMBSpiE.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe C:\Program Files (x86)\Cyberlink\Shared files\brs.exe C:\Program Files\mcafee.com\agent\mcagent.exe C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files (x86)\internet explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe C:\Program Files (x86)\internet explorer\iexplore.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\internet explorer\iexplore.exe C:\Windows\servicing\TrustedInstaller.exe C:\Users\Wendy T. King\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\431G1WZ1\RogueKiller.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://nytimes.com/ uDefault_Page_URL = hxxp://www.dell.com uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120102194807.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [Apps] rundll32.exe "C:\Users\Wendy T. King\AppData\Local\Deployment\Apps\jdnvtd.dll",CreateInstance mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r mRun: [updReg] C:\Windows\UpdReg.EXE mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe mRun: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" mRun: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" mRun: [bDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\Users\WENDYT~1.KIN\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP31-13320/webex/ieatgpc1.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{25EA6CBC-87DF-435B-AF6B-A89FBD288329} : DhcpNameServer = 192.168.0.5 192.168.0.4 192.168.0.3 TCP: Interfaces\{3AA05E63-30AC-42DB-A9D5-A0E8C230FE3B} : DhcpNameServer = 192.168.10.1 TCP: Interfaces\{BA6BFF49-DDE4-4CCD-9024-7850AC7854EF} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{BA6BFF49-DDE4-4CCD-9024-7850AC7854EF}\05F4C4635383 : DhcpNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{BA6BFF49-DDE4-4CCD-9024-7850AC7854EF}\34F61436479667561405 : DhcpNameServer = 192.168.0.5 192.168.0.4 192.168.0.3 TCP: Interfaces\{BA6BFF49-DDE4-4CCD-9024-7850AC7854EF}\351435 : DhcpNameServer = 192.168.10.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120102194807.dll BHO-X64: scriptproxy - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r mRun-x64: [updReg] C:\Windows\UpdReg.EXE mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe mRun-x64: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" mRun-x64: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" mRun-x64: [bDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?] R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?] R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-8-13 98208] R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-1-24 901184] R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-1-24 991296] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2010-1-11 155648] R2 L4301_Solar;Logitech Solar Keyboard Service;C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [2010-10-26 403536] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-18 654408] R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936] R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-8-13 199272] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-8-13 208536] R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-7-22 690472] R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-13 2009704] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-8-13 1692480] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-4-21 378472] R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-8-25 2358656] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-13 2656280] R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?] R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-1-24 1298496] R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?] R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?] R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?] R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/08/13 09:15:57;C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-29 236016] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 257224] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-8-13 79360] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-8-13 79360] S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?] S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?] S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-8-13 224704] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-6-16 340240] S3 netvsc;netvsc;C:\Windows\system32\DRIVERS\netvsc60.sys --> C:\Windows\system32\DRIVERS\netvsc60.sys [?] S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\system32\drivers\nvstusb.sys --> C:\Windows\system32\drivers\nvstusb.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-8-13 79360] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 SynthVid;SynthVid;C:\Windows\system32\DRIVERS\VMBusVideoM.sys --> C:\Windows\system32\DRIVERS\VMBusVideoM.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?] S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-06-20 21:25:35 20480 ----a-w- C:\Windows\svchost.exe 2012-06-19 04:14:15 -------- d-----w- C:\Users\Wendy T. King\AppData\Roaming\Malwarebytes 2012-06-19 04:14:04 -------- d-----w- C:\ProgramData\Malwarebytes 2012-06-19 04:14:02 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-19 04:14:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-14 22:49:49 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-05 04:41:12 -------- d-----w- C:\zHOUSEHOLD 2012-06-05 01:01:24 -------- d-----w- C:\zWORKFIELD 2012-05-30 20:17:46 163048 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin 2012-05-30 19:58:07 -------- d-----w- C:\Program Files (x86)\Citrix 2012-05-30 19:57:55 60304 ----a-w- C:\Users\Wendy T. King\g2mdlhlpx.exe . ==================== Find3M ==================== . 2012-06-15 05:59:13 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-15 05:59:13 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-05-04 22:49:13 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ============= FINISH: 14:41:02.34 =============== Here is Attach: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 8/19/2011 1:30:02 PM System Uptime: 6/20/2012 2:24:15 PM (0 hours ago) . Motherboard: Dell Inc. | | 0K4H3G Processor: Intel® Core i7-2630QM CPU @ 2.00GHz | CPU | 2001/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 446 GiB total, 168.993 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft Virtual WiFi Miniport Adapter Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&2509E9E7&0&02 Manufacturer: Microsoft Name: Microsoft Virtual WiFi Miniport Adapter #2 PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&2509E9E7&0&02 Service: vwifimp . ==== System Restore Points =================== . RP87: 5/22/2012 11:34:41 AM - Scheduled Checkpoint RP88: 5/30/2012 3:07:14 PM - Scheduled Checkpoint RP89: 6/5/2012 8:47:32 AM - Windows Update RP90: 6/13/2012 7:01:28 AM - Scheduled Checkpoint RP91: 6/14/2012 10:34:34 PM - Windows Update RP92: 6/20/2012 2:46:11 AM - Restore Operation . ==== Installed Programs ====================== . AccelerometerP11 Adobe Acrobat X Standard - English, Français, Deutsch Adobe AIR Adobe Audition 1.5 Adobe Flash Player 11 ActiveX Adobe Reader X MUI Advanced Audio FX Engine Apple Application Support Apple Software Update Blio Camtasia Studio 7 Consumer In-Home Service Agreement Cozi CyberLink PowerDVD 9.6 D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Dock Dell Getting Started Guide Dell MusicStage Dell PhotoStage Dell Stage Dell VideoStage Dell Webcam Central DirectX 9 Runtime eBay FileMaker Pro 11 Advanced GoToMeeting 5.1.0.880 High-Definition Video Playback Intel PROSet Wireless Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Internet Explorer Java Auto Updater Java 6 Update 29 Junk Mail filter update Malwarebytes Anti-Malware version 1.61.0.1400 McAfee SecurityCenter Mesh Runtime Messenger Companion Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 10 Movie ThemePack Basic Nero Control Center 10 Nero ControlCenter 10 Help (CHM) Nero Core Components 10 Nero Update NVIDIA Stereoscopic 3D Driver PhotoShowExpress PlayReady PC Runtime x86 QuickTime Realtek High Definition Audio Driver Roxio Activation Module Roxio BackOnTrack Roxio Burn Roxio Creator Starter Roxio Express Labeler 3 Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition Skype Toolbars Skype™ 4.2 Sonic CinePlayer Decoder Pack Sound Blaster X-Fi MB SyncUP TeamViewer 6 TrustedID Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition WB eScreeners WebEx Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Yahoo! Detect Zinio Reader 4 . ==== Event Viewer Messages From Past Week ======== . 6/20/2012 2:49:22 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. 6/20/2012 2:31:30 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user XPS17_King\Wendy T. King SID (S-1-5-21-3792395675-2708013395-2015148367-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 6/20/2012 2:26:17 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 6/20/2012 2:25:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. 6/20/2012 2:24:27 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 6/19/2012 12:45:28 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 6/19/2012 1:47:41 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107. 6/19/2012 1:47:41 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. 6/18/2012 5:18:17 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{25EA6CBC-87DF-435B-AF6B-A89FBD288329} because another computer on the network has the same name. The server could not start. 6/17/2012 6:12:33 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={2040562B-6175-47FE-A9D8-69E7DB2CE3AB}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. 6/17/2012 6:11:12 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={7D755CF2-EF77-434D-BEC0-DC90AEB30AC1}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. 6/17/2012 6:09:37 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={6AEFF951-E2B6-4167-A337-57E743617EA5}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. 6/17/2012 6:07:00 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={EC887FC9-82A3-41AC-873A-EF7CAAE8BCEE}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. 6/17/2012 12:59:36 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user XPS17_King\Wendy T. King SID (S-1-5-21-3792395675-2708013395-2015148367-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 6/17/2012 12:59:36 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user XPS17_King\Wendy T. King SID (S-1-5-21-3792395675-2708013395-2015148367-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 6/13/2012 6:05:57 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={7B5859C2-C72D-4654-8963-7DB2374C9F39}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. 4/4/2013 11:01:17 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 4/1/2013 4:48:30 PM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by -35247546 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.21:123) is working properly. . ==== End Of File ===========================

Greetings: I have the virus that plays music randomly. Also, when I google search and click on the results, the link takes me to places I have no intention of going. That was my first hint that I had a virus and then the music started playing. Malwarebytes detects the trojan and indicates that it has been removed but it returns after reboot. It's a saucy critter. I see that I am not the only person with this problem. I have the 2 logs ready to send to you but I'm a little hesitant to post all that information. Can you assure me that posting that information will not compromise my computer or software licenses? Do you feel that the information on this site is mined in any way? Forgive me for being overly cautious. Probably not uncommon for people who have a virus. Thank you for your assistance and guidance. I really appreciate being able to post here for help. Wendy