Jump to content

dmar2012

Members
  • Posts

    7
  • Joined

  • Last visited

Posts posted by dmar2012

  1. OK, ran the online scanner. Looks like it found some more suspicious items (including some already quarantined by TDSSKiller it appears).

    The log noted in your message contained only the following:

    ESETSmartInstaller@High as CAB hook log:

    OnlineScanner64.ocx - registred OK

    OnlineScanner.ocx - registred OK

    I also saved the summary of what was quarantined when the scan completed. Here is that text:

    C:\ProgramData\Microsoft\Windows\DRM\F336.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined

    C:\ProgramData\Microsoft\Windows\DRM\F337.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined

    C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\mbr0000\tdlfs0000\tsk0000.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined

    C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined

    C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined

    C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.NH trojan cleaned by deleting - quarantined

    C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined

    C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined

    C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined

    C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\zasubsys0000\file0000\tsk0000.dta Win64/Patched.B.Gen trojan deleted - quarantined

    C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\zasubsys0000\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan deleted - quarantined

    C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\zasubsys0000\zafs0000\tsk0001.dta Win64/Sirefef.AD trojan deleted - quarantined

    C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\zasubsys0000\zafs0000\tsk0006.dta Win64/Agent.BA trojan cleaned by deleting - quarantined

    C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\zasubsys0000\zafs0000\tsk0007.dta Win64/Conedex.B trojan cleaned by deleting - quarantined

    C:\TDSSKiller_Quarantine\19.08.2012_18.12.20\zasubsys0000\zafs0000\tsk0008.dta Win64/Sirefef.AP trojan cleaned by deleting - quarantined

    C:\TDSSKiller_Quarantine\20.08.2012_13.21.02\tdlfs0000\tsk0000.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined

    C:\TDSSKiller_Quarantine\20.08.2012_13.21.02\tdlfs0000\tsk0001.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined

    C:\TDSSKiller_Quarantine\20.08.2012_13.21.02\tdlfs0000\tsk0002.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined

    C:\TDSSKiller_Quarantine\20.08.2012_13.21.02\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.NH trojan cleaned by deleting - quarantined

    C:\TDSSKiller_Quarantine\20.08.2012_13.21.02\tdlfs0000\tsk0004.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined

    C:\TDSSKiller_Quarantine\20.08.2012_13.21.02\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined

    C:\TDSSKiller_Quarantine\20.08.2012_13.21.02\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined

    C:\Users\kmwordsmith\AppData\LocalLow\CouponAlert_2pEI\Installr\Cache\00BB4B36.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined

    C:\WINDOWS\System32\config\systemprofile\AppData\Local\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\n Win64/Sirefef.W trojan cleaned by deleting - quarantined

    Thank you!

  2. OK, Step 1 completed no problem. I had a little problem with Step 2 (running ComboFix). I disabled McAfee real-time scanning and firewall, but at one point towards the end of the ComboFix running it put up a dialog saying that McAfee was still running. I went back and checked and McAfee Security Center dialog indicated that real-time and firewall were both off. In any case I clicked OK for ComboFix to proceed. It put up another dialog warning me that McAfee was still running and this dialog had only a "Continue" button. I clicked Continue, ComboFix finished and then after a reboot McAfee did definitely restart and the scanner tried to quarantine one of the ComboBox processes - I clicked "Allow" to let ComboBox run. ComboBox did finish and the log is pasted below. I had to reboot to get rid of the "illegal operation attempted on registry key..." error when trying to open anything, but after the reboot everything opens fine.

    So not totally sure where things stand now as a result of the McAfee snag, but in any case here is the log:

    ComboFix 12-08-20.02 - kmwordsmith 08/20/2012 14:45:21.1.2 - x64

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2631 [GMT -4:00]

    Running from: c:\users\kmwordsmith\Desktop\ComboFix.exe

    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    * Created a new restore point

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\program files (x86)\CouponAlert_2pEI

    c:\windows\security\Database\tmp.edb

    .

    .

    ((((((((((((((((((((((((( Files Created from 2012-07-20 to 2012-08-20 )))))))))))))))))))))))))))))))

    .

    .

    2012-08-20 18:56 . 2012-08-20 18:56 -------- d-----w- c:\users\Default\AppData\Local\temp

    2012-08-19 22:15 . 2012-08-20 17:22 -------- d-----w- C:\TDSSKiller_Quarantine

    2012-08-16 03:14 . 2012-08-16 03:14 -------- d-----w- c:\users\kmwordsmith\AppData\Roaming\Malwarebytes

    2012-08-16 03:14 . 2012-08-16 03:14 -------- d-----w- c:\programdata\Malwarebytes

    2012-08-16 03:14 . 2012-08-16 03:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

    2012-08-16 03:14 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-08-16 02:56 . 2012-08-17 02:05 -------- d-----w- c:\program files (x86)\PC Tools

    2012-08-16 02:47 . 2012-08-17 02:05 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

    2012-08-16 02:47 . 2012-06-22 19:35 251560 ----a-w- c:\windows\system32\drivers\PCTSD64.sys

    2012-08-16 02:47 . 2012-08-17 02:03 -------- d-----w- c:\programdata\PC Tools

    2012-08-16 02:47 . 2012-08-16 02:47 -------- d-----w- c:\users\kmwordsmith\AppData\Roaming\TestApp

    2012-07-24 19:47 . 2012-07-24 19:47 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-08-19 22:16 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe

    2012-08-15 13:46 . 2012-04-17 12:03 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

    2012-08-15 13:46 . 2011-06-14 11:13 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2012-07-24 14:33 . 2012-07-24 14:33 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\F337.tmp

    2012-07-24 14:33 . 2012-07-24 14:33 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\F336.tmp

    2012-07-12 03:59 . 2011-01-06 11:38 59701280 ----a-w- c:\windows\system32\MRT.exe

    2012-06-12 03:08 . 2012-07-12 04:02 3148800 ----a-w- c:\windows\system32\win32k.sys

    2012-06-09 05:43 . 2012-07-11 11:25 14172672 ----a-w- c:\windows\system32\shell32.dll

    2012-06-06 06:06 . 2012-07-11 11:25 2004480 ----a-w- c:\windows\system32\msxml6.dll

    2012-06-06 06:06 . 2012-07-11 11:25 1881600 ----a-w- c:\windows\system32\msxml3.dll

    2012-06-06 06:02 . 2012-07-11 11:25 1133568 ----a-w- c:\windows\system32\cdosys.dll

    2012-06-06 05:05 . 2012-07-11 11:25 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

    2012-06-06 05:05 . 2012-07-11 11:25 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

    2012-06-06 05:03 . 2012-07-11 11:25 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

    2012-06-02 22:19 . 2012-06-25 10:16 38424 ----a-w- c:\windows\system32\wups.dll

    2012-06-02 22:19 . 2012-06-25 10:16 2428952 ----a-w- c:\windows\system32\wuaueng.dll

    2012-06-02 22:19 . 2012-06-25 10:16 57880 ----a-w- c:\windows\system32\wuauclt.exe

    2012-06-02 22:19 . 2012-06-25 10:16 44056 ----a-w- c:\windows\system32\wups2.dll

    2012-06-02 22:19 . 2012-06-25 10:16 701976 ----a-w- c:\windows\system32\wuapi.dll

    2012-06-02 22:15 . 2012-06-25 10:16 2622464 ----a-w- c:\windows\system32\wucltux.dll

    2012-06-02 22:15 . 2012-06-25 10:16 99840 ----a-w- c:\windows\system32\wudriver.dll

    2012-06-02 19:19 . 2012-06-25 10:16 186752 ----a-w- c:\windows\system32\wuwebv.dll

    2012-06-02 19:15 . 2012-06-25 10:16 36864 ----a-w- c:\windows\system32\wuapp.exe

    2012-06-02 12:49 . 2012-07-12 03:58 17807360 ----a-w- c:\windows\system32\mshtml.dll

    2012-06-02 12:17 . 2012-07-12 03:58 10924032 ----a-w- c:\windows\system32\ieframe.dll

    2012-06-02 12:12 . 2012-07-12 03:58 2311680 ----a-w- c:\windows\system32\jscript9.dll

    2012-06-02 12:05 . 2012-07-12 03:58 1346048 ----a-w- c:\windows\system32\urlmon.dll

    2012-06-02 12:05 . 2012-07-12 03:58 1392128 ----a-w- c:\windows\system32\wininet.dll

    2012-06-02 12:04 . 2012-07-12 03:58 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

    2012-06-02 12:04 . 2012-07-12 03:58 237056 ----a-w- c:\windows\system32\url.dll

    2012-06-02 12:03 . 2012-07-12 03:58 85504 ----a-w- c:\windows\system32\jsproxy.dll

    2012-06-02 12:01 . 2012-07-12 03:58 173056 ----a-w- c:\windows\system32\ieUnatt.exe

    2012-06-02 12:00 . 2012-07-12 03:58 818688 ----a-w- c:\windows\system32\jscript.dll

    2012-06-02 11:59 . 2012-07-12 03:58 2144768 ----a-w- c:\windows\system32\iertutil.dll

    2012-06-02 11:57 . 2012-07-12 03:58 96768 ----a-w- c:\windows\system32\mshtmled.dll

    2012-06-02 11:57 . 2012-07-12 03:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb

    2012-06-02 11:54 . 2012-07-12 03:58 248320 ----a-w- c:\windows\system32\ieui.dll

    2012-06-02 08:33 . 2012-07-12 03:58 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll

    2012-06-02 08:25 . 2012-07-12 03:58 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

    2012-06-02 08:25 . 2012-07-12 03:58 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

    2012-06-02 08:20 . 2012-07-12 03:58 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

    2012-06-02 08:16 . 2012-07-12 03:58 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

    2012-06-02 05:50 . 2012-07-11 11:25 458704 ----a-w- c:\windows\system32\drivers\cng.sys

    2012-06-02 05:48 . 2012-07-11 11:25 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

    2012-06-02 05:48 . 2012-07-11 11:25 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

    2012-06-02 05:45 . 2012-07-11 11:25 340992 ----a-w- c:\windows\system32\schannel.dll

    2012-06-02 05:44 . 2012-07-11 11:25 307200 ----a-w- c:\windows\system32\ncrypt.dll

    2012-06-02 04:40 . 2012-07-11 11:25 22016 ----a-w- c:\windows\SysWow64\secur32.dll

    2012-06-02 04:40 . 2012-07-11 11:25 225280 ----a-w- c:\windows\SysWow64\schannel.dll

    2012-06-02 04:39 . 2012-07-11 11:25 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

    2012-06-02 04:34 . 2012-07-11 11:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Screenpresso"="c:\users\kmwordsmith\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe" [2012-07-09 7884680]

    "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]

    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

    "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]

    "BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]

    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-07-01 1484856]

    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]

    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

    "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-04 559616]

    .

    c:\users\kmwordsmith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

    Dropbox.lnk - c:\users\kmwordsmith\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]

    PDFCreator.lnk - c:\program files (x86)\PDFCreator\PDFCreator.exe [2009-12-5 2641920]

    .

    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

    "mixer"=wdmaud.drv

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

    @=""

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

    @=""

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

    @="Driver"

    .

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-01 136176]

    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]

    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-01 136176]

    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]

    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-06-01 93840]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-18 51712]

    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-20 1255736]

    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-06-01 75288]

    S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-06-01 279752]

    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

    S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

    S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]

    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]

    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-06-01 244840]

    S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-06-01 148520]

    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-06-01 62416]

    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-04-12 52632]

    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-06-01 440688]

    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432]

    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]

    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-05-20 393728]

    .

    .

    --- Other Services/Drivers In Memory ---

    .

    *Deregistered* - mfeavfk01

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2012-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 13:46]

    .

    2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-01 16:35]

    .

    2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-01 16:35]

    .

    2012-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2178287959-2484263321-3651141593-1001Core.job

    - c:\users\kmwordsmith\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-27 12:12]

    .

    2012-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2178287959-2484263321-3651141593-1001UA.job

    - c:\users\kmwordsmith\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-27 12:12]

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]

    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]

    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]

    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]

    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]

    "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]

    "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]

    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

    "LoadAppInit_DLLs"=0x0

    .

    ------- Supplementary Scan -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    uStart Page = hxxp://www.bing.com/

    mLocal Page = c:\windows\SysWOW64\blank.htm

    uInternet Settings,ProxyOverride = *.local

    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000

    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

    TCP: DhcpNameServer = 192.168.254.254

    .

    - - - - ORPHANS REMOVED - - - -

    .

    URLSearchHooks-{37153479-1976-43c3-a1ee-557513977b64} - (no file)

    Toolbar-Locked - (no file)

    Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe

    SafeBoot-63553684.sys

    Toolbar-Locked - (no file)

    .

    .

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.11"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker4"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

    c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

    c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

    c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

    .

    **************************************************************************

    .

    Completion time: 2012-08-20 15:06:17 - machine was rebooted

    ComboFix-quarantined-files.txt 2012-08-20 19:06

    .

    Pre-Run: 177,837,002,752 bytes free

    Post-Run: 178,088,529,920 bytes free

    .

    - - End Of File - - B3D6F848FEB15C8FBE2722C19DF48E47

  3. And here is the DDS log. Thanks again.

    ****** DDS **********

    .

    DDS (Ver_2011-08-26.01) - NTFSAMD64

    Internet Explorer: 9.0.8112.16421

    Run by kmwordsmith at 18:40:01 on 2012-08-19

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2655 [GMT -4:00]

    .

    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Program Files\Dell\DellDock\DockLogin.exe

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

    C:\Windows\system32\WLANExt.exe

    C:\Windows\system32\conhost.exe

    C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe

    C:\Windows\System32\spoolsv.exe

    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    C:\Windows\system32\taskhost.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

    C:\Program Files\DellTPad\Apoint.exe

    C:\Program Files\IDT\WDM\sttray64.exe

    C:\WINDOWS\System32\igfxtray.exe

    C:\WINDOWS\System32\hkcmd.exe

    C:\WINDOWS\System32\igfxpers.exe

    C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

    C:\Program Files\Dell\QuickSet\quickset.exe

    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

    C:\Program Files\Microsoft IntelliPoint\ipoint.exe

    C:\Users\kmwordsmith\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe

    C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

    C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

    C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

    C:\Program Files\DellTPad\ApMsgFwd.exe

    C:\Program Files\DellTPad\Apntex.exe

    C:\Windows\system32\conhost.exe

    C:\Program Files\DellTPad\HidFind.exe

    C:\Windows\system32\igfxsrvc.exe

    C:\Program Files\McAfee.com\Agent\mcagent.exe

    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    C:\Program Files (x86)\iTunes\iTunesHelper.exe

    C:\Program Files (x86)\PDFCreator\PDFCreator.exe

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

    C:\Windows\system32\conhost.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\Dell\DellDock\DellDock.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Users\kmwordsmith\AppData\Roaming\Dropbox\bin\Dropbox.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\Program Files (x86)\Internet Explorer\iexplore.exe

    C:\Program Files (x86)\Internet Explorer\iexplore.exe

    C:\Program Files (x86)\Internet Explorer\IELowutil.exe

    C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE

    C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE

    C:\Windows\splwow64.exe

    C:\Windows\sysWow64\SearchProtocolHost.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\SysWOW64\cmd.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\SysWOW64\cscript.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uSearch Page =

    uStart Page = hxxp://www.bing.com/

    uSearch Bar =

    uInternet Settings,ProxyOverride = *.local

    uURLSearchHooks: H - No File

    mWinlogon: Userinit=userinit.exe,

    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

    BHO: CDelHotkeys Object: {78875f5c-a685-4405-8dc5-d48dc65452b0} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100907182941.dll

    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

    TB: Delicious Toolbar: {61d1c847-df80-423a-8c6d-dc03b97e6ebe} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

    EB: Delicious Sidebar: {9d19c405-ba93-461b-871f-97992cc45972} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

    uRun: [screenpresso] "C:\Users\kmwordsmith\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe" -startup

    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

    uRun: [Google Update] "C:\Users\kmwordsmith\AppData\Local\Google\Update\GoogleUpdate.exe" /c

    mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

    mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

    mRun: [blackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background

    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

    mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

    StartupFolder: C:\Users\KMWORD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

    StartupFolder: C:\Users\KMWORD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\kmwordsmith\AppData\Roaming\Dropbox\bin\Dropbox.exe

    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe

    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PDFCRE~1.LNK - C:\Program Files (x86)\PDFCreator\PDFCreator.exe

    mPolicies-explorer: NoActiveDesktop = 1 (0x1)

    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000

    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    IE: {2C887991-08F0-11DC-A9B2-0012F0B227DD} - {B8D8B1D0-83AF-451B-8CD9-8F1BF4ED8FEA} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

    IE: {2C887992-08F0-11DC-A9B2-0012F0B227DD} - {9D19C405-BA93-461b-871F-97992CC45972} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

    IE: {2C887993-08F0-11DC-A9B2-0012F0B227DD} - {4D3D441F-9543-4941-B664-2EDCF9FC1B56} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL

    LSP: mswsock.dll

    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://logicalimages.webex.com/client/T27LB/webex/ieatgpc1.cab

    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    TCP: DhcpNameServer = 192.168.254.254

    TCP: Interfaces\{5543631B-9160-4BE9-925D-36734AE345F2} : DhcpNameServer = 192.168.254.254

    TCP: Interfaces\{7F302492-41B6-4FBD-8780-5795A2FDC3EF} : DhcpNameServer = 192.168.254.254

    BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    BHO-X64: AcroIEHelperStub - No File

    BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

    BHO-X64: McAfee Phishing Filter - No File

    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

    BHO-X64: CDelHotkeys Object: {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100907182941.dll

    BHO-X64: scriptproxy - No File

    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

    BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

    TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

    TB-X64: Delicious Toolbar: {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

    EB-X64: {9D19C405-BA93-461B-871F-97992CC45972} - No File

    mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

    mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

    mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

    mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

    mRun-x64: [blackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background

    mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

    mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

    mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

    .

    ============= SERVICES / DRIVERS ===============

    .

    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

    R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

    R2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

    R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-15 655944]

    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-7 355440]

    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-7 355440]

    R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-9-7 199032]

    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-9-7 244840]

    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-9-7 148520]

    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-11-28 1692480]

    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-1 136176]

    S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-7 355440]

    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-17 250056]

    S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-1 136176]

    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]

    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

    .

    =============== Created Last 30 ================

    .

    2012-08-19 22:15:19 -------- d-----w- C:\TDSSKiller_Quarantine

    2012-08-16 03:14:57 -------- d-----w- C:\Users\kmwordsmith\AppData\Roaming\Malwarebytes

    2012-08-16 03:14:50 -------- d-----w- C:\ProgramData\Malwarebytes

    2012-08-16 03:14:46 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

    2012-08-16 03:14:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

    2012-08-16 02:56:29 -------- d-----w- C:\Program Files (x86)\PC Tools

    2012-08-16 02:47:50 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys

    2012-08-16 02:47:50 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

    2012-08-16 02:47:20 -------- d-----w- C:\ProgramData\PC Tools

    2012-08-16 02:47:19 -------- d-----w- C:\Users\kmwordsmith\AppData\Roaming\TestApp

    2012-07-24 19:47:01 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

    2012-07-24 14:33:50 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\F337.tmp

    2012-07-24 14:33:50 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\F336.tmp

    .

    ==================== Find3M ====================

    .

    2012-08-19 22:16:23 328704 ----a-w- C:\Windows\System32\services.exe

    2012-08-15 13:46:15 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

    2012-08-15 13:46:15 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

    2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys

    2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

    2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

    2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

    2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

    2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

    2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

    2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

    2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

    2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

    2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

    2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

    2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

    2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

    .

    ============= FINISH: 18:41:03.70 ===============

  4. Hi Maniac,

    Thanks very much for your assistance and quick reply. I have followed your instructions and am pasting the requested logs below. Everything went smoothly and the MBAM scan did not find anything suspicious after the TDSSKiller ran, so hopefully that is a good sign.

    NOTE I got an error "post too long" when I tried to submit with all 3 requested logs in this post. So 2 (TDSSKiller and MBAM) are below - I will post the DDS report in a separate post.

    ***** TDSSKiller.2.8.6.0_19.08.2012_18.12.19_log.txt *******

    18:12:19.0658 5028 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05

    18:12:20.0017 5028 ============================================================

    18:12:20.0017 5028 Current date / time: 2012/08/19 18:12:20.0017

    18:12:20.0017 5028 SystemInfo:

    18:12:20.0017 5028

    18:12:20.0017 5028 OS Version: 6.1.7601 ServicePack: 1.0

    18:12:20.0017 5028 Product type: Workstation

    18:12:20.0017 5028 ComputerName: ROHAN

    18:12:20.0017 5028 UserName: kmwordsmith

    18:12:20.0017 5028 Windows directory: C:\Windows

    18:12:20.0017 5028 System windows directory: C:\Windows

    18:12:20.0017 5028 Running under WOW64

    18:12:20.0017 5028 Processor architecture: Intel x64

    18:12:20.0017 5028 Number of processors: 2

    18:12:20.0017 5028 Page size: 0x1000

    18:12:20.0017 5028 Boot type: Normal boot

    18:12:20.0017 5028 ============================================================

    18:12:20.0453 5028 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

    18:12:20.0453 5028 Drive \Device\Harddisk1\DR1 - Size: 0x2F7B000000 (189.92 Gb), SectorSize: 0x200, Cylinders: 0x60D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

    18:12:27.0817 5028 ============================================================

    18:12:27.0817 5028 \Device\Harddisk0\DR0:

    18:12:27.0817 5028 MBR partitions:

    18:12:27.0817 5028 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000

    18:12:27.0817 5028 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170

    18:12:27.0817 5028 \Device\Harddisk1\DR1:

    18:12:27.0817 5028 MBR partitions:

    18:12:27.0817 5028 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17BD13D8

    18:12:27.0817 5028 ============================================================

    18:12:27.0879 5028 C: <-> \Device\Harddisk0\DR0\Partition2

    18:12:27.0957 5028 E: <-> \Device\Harddisk1\DR1\Partition1

    18:12:27.0957 5028 ============================================================

    18:12:27.0957 5028 Initialize success

    18:12:27.0957 5028 ============================================================

    18:13:03.0088 5636 ============================================================

    18:13:03.0088 5636 Scan started

    18:13:03.0088 5636 Mode: Manual; SigCheck; TDLFS;

    18:13:03.0088 5636 ============================================================

    18:13:03.0509 5636 ================ Scan services =============================

    18:13:03.0697 5636 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

    18:13:03.0915 5636 1394ohci - ok

    18:13:03.0977 5636 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

    18:13:04.0009 5636 ACPI - ok

    18:13:04.0087 5636 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

    18:13:04.0243 5636 AcpiPmi - ok

    18:13:04.0414 5636 [ 62b7936f9036dd6ed36e6a7efa805dc0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    18:13:04.0430 5636 AdobeARMservice - ok

    18:13:04.0570 5636 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    18:13:04.0601 5636 AdobeFlashPlayerUpdateSvc - ok

    18:13:04.0664 5636 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

    18:13:04.0726 5636 adp94xx - ok

    18:13:04.0773 5636 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

    18:13:04.0820 5636 adpahci - ok

    18:13:04.0851 5636 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

    18:13:04.0867 5636 adpu320 - ok

    18:13:04.0898 5636 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

    18:13:05.0069 5636 AeLookupSvc - ok

    18:13:05.0147 5636 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys

    18:13:05.0350 5636 AFD - ok

    18:13:05.0397 5636 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

    18:13:05.0444 5636 agp440 - ok

    18:13:05.0491 5636 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe

    18:13:05.0584 5636 ALG - ok

    18:13:05.0631 5636 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys

    18:13:05.0678 5636 aliide - ok

    18:13:05.0709 5636 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys

    18:13:05.0740 5636 amdide - ok

    18:13:05.0771 5636 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

    18:13:05.0849 5636 AmdK8 - ok

    18:13:05.0865 5636 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

    18:13:05.0912 5636 AmdPPM - ok

    18:13:05.0974 5636 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

    18:13:06.0037 5636 amdsata - ok

    18:13:06.0068 5636 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

    18:13:06.0115 5636 amdsbs - ok

    18:13:06.0130 5636 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

    18:13:06.0146 5636 amdxata - ok

    18:13:06.0193 5636 [ 1412e9a88fe1f7e35ce6058a2ef03664 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys

    18:13:06.0271 5636 ApfiltrService - ok

    18:13:06.0317 5636 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys

    18:13:06.0458 5636 AppID - ok

    18:13:06.0473 5636 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

    18:13:06.0567 5636 AppIDSvc - ok

    18:13:06.0614 5636 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll

    18:13:06.0692 5636 Appinfo - ok

    18:13:06.0785 5636 [ 7ef47644b74ebe721cc32211d3c35e76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    18:13:06.0817 5636 Apple Mobile Device - ok

    18:13:06.0848 5636 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys

    18:13:06.0879 5636 arc - ok

    18:13:06.0895 5636 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

    18:13:06.0926 5636 arcsas - ok

    18:13:06.0941 5636 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

    18:13:07.0019 5636 AsyncMac - ok

    18:13:07.0082 5636 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys

    18:13:07.0113 5636 atapi - ok

    18:13:07.0191 5636 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

    18:13:07.0378 5636 AudioEndpointBuilder - ok

    18:13:07.0394 5636 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

    18:13:07.0456 5636 AudioSrv - ok

    18:13:07.0487 5636 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll

    18:13:07.0643 5636 AxInstSV - ok

    18:13:07.0690 5636 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

    18:13:07.0784 5636 b06bdrv - ok

    18:13:07.0815 5636 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

    18:13:07.0909 5636 b57nd60a - ok

    18:13:07.0987 5636 [ 01a24b415926bb5f772dbe12459d97de ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

    18:13:08.0033 5636 BBSvc - ok

    18:13:08.0080 5636 [ 785de7abda13309d6065305542829e76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

    18:13:08.0111 5636 BBUpdate - ok

    18:13:08.0143 5636 [ e001dd475a7c27ebe5a0db45c11bad71 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys

    18:13:08.0205 5636 BCM42RLY - ok

    18:13:08.0314 5636 [ 37394d3553e220fb732c21e217e1bd8b ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys

    18:13:08.0455 5636 BCM43XX - ok

    18:13:08.0501 5636 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll

    18:13:08.0564 5636 BDESVC - ok

    18:13:08.0595 5636 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

    18:13:08.0673 5636 Beep - ok

    18:13:08.0720 5636 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

    18:13:08.0767 5636 blbdrive - ok

    18:13:08.0845 5636 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

    18:13:08.0876 5636 Bonjour Service - ok

    18:13:08.0923 5636 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

    18:13:08.0969 5636 bowser - ok

    18:13:09.0001 5636 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

    18:13:09.0094 5636 BrFiltLo - ok

    18:13:09.0094 5636 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

    18:13:09.0125 5636 BrFiltUp - ok

    18:13:09.0188 5636 [ 8ef0d5c41ec907751b8429162b1239ed ] Browser C:\Windows\System32\browser.dll

    18:13:09.0281 5636 Browser - ok

    18:13:09.0328 5636 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys

    18:13:09.0422 5636 Brserid - ok

    18:13:09.0437 5636 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

    18:13:09.0484 5636 BrSerWdm - ok

    18:13:09.0500 5636 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

    18:13:09.0562 5636 BrUsbMdm - ok

    18:13:09.0578 5636 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

    18:13:09.0625 5636 BrUsbSer - ok

    18:13:09.0656 5636 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

    18:13:09.0703 5636 BTHMODEM - ok

    18:13:09.0749 5636 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll

    18:13:09.0812 5636 bthserv - ok

    18:13:09.0843 5636 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

    18:13:09.0905 5636 cdfs - ok

    18:13:09.0968 5636 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys

    18:13:10.0061 5636 cdrom - ok

    18:13:10.0108 5636 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll

    18:13:10.0202 5636 CertPropSvc - ok

    18:13:10.0249 5636 [ 3b8a124d87ee9d229d1f07f518da9a4c ] cfwids C:\Windows\system32\drivers\cfwids.sys

    18:13:10.0358 5636 cfwids - ok

    18:13:10.0405 5636 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys

    18:13:10.0467 5636 circlass - ok

    18:13:10.0498 5636 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys

    18:13:10.0545 5636 CLFS - ok

    18:13:10.0592 5636 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

    18:13:10.0623 5636 clr_optimization_v2.0.50727_32 - ok

    18:13:10.0670 5636 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

    18:13:10.0701 5636 clr_optimization_v2.0.50727_64 - ok

    18:13:10.0795 5636 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    18:13:10.0826 5636 clr_optimization_v4.0.30319_32 - ok

    18:13:10.0888 5636 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

    18:13:10.0919 5636 clr_optimization_v4.0.30319_64 - ok

    18:13:10.0951 5636 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

    18:13:10.0982 5636 CmBatt - ok

    18:13:11.0029 5636 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys

    18:13:11.0060 5636 cmdide - ok

    18:13:11.0107 5636 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys

    18:13:11.0153 5636 CNG - ok

    18:13:11.0169 5636 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

    18:13:11.0185 5636 Compbatt - ok

    18:13:11.0247 5636 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

    18:13:11.0341 5636 CompositeBus - ok

    18:13:11.0450 5636 COMSysApp - ok

    18:13:11.0481 5636 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

    18:13:11.0512 5636 crcdisk - ok

    18:13:11.0543 5636 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll

    18:13:11.0653 5636 CryptSvc - ok

    18:13:11.0684 5636 [ ed5cf92396a62f4c15110dcdb5e854d9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys

    18:13:11.0809 5636 CtClsFlt - ok

    18:13:11.0856 5636 [ 7f61fbe259c18666d8ddf862f13a5eb0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys

    18:13:11.0934 5636 dc3d - ok

    18:13:11.0965 5636 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll

    18:13:12.0058 5636 DcomLaunch - ok

    18:13:12.0121 5636 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll

    18:13:12.0230 5636 defragsvc - ok

    18:13:12.0277 5636 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

    18:13:12.0339 5636 DfsC - ok

    18:13:12.0370 5636 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll

    18:13:12.0480 5636 Dhcp - ok

    18:13:12.0511 5636 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys

    18:13:12.0589 5636 discache - ok

    18:13:12.0636 5636 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys

    18:13:12.0651 5636 Disk - ok

    18:13:12.0698 5636 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

    18:13:12.0776 5636 Dnscache - ok

    18:13:12.0854 5636 [ 0840abbbdf438691ee65a20040635cbe ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe

    18:13:12.0901 5636 DockLoginService ( UnsignedFile.Multi.Generic ) - warning

    18:13:12.0901 5636 DockLoginService - detected UnsignedFile.Multi.Generic (1)

    18:13:12.0932 5636 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll

    18:13:13.0072 5636 dot3svc - ok

    18:13:13.0104 5636 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll

    18:13:13.0182 5636 DPS - ok

    18:13:13.0213 5636 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

    18:13:13.0244 5636 drmkaud - ok

    18:13:13.0306 5636 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

    18:13:13.0431 5636 DXGKrnl - ok

    18:13:13.0509 5636 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll

    18:13:13.0572 5636 EapHost - ok

    18:13:13.0681 5636 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

    18:13:13.0852 5636 ebdrv - ok

    18:13:13.0899 5636 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe

    18:13:13.0977 5636 EFS - ok

    18:13:14.0040 5636 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

    18:13:14.0164 5636 ehRecvr - ok

    18:13:14.0180 5636 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe

    18:13:14.0258 5636 ehSched - ok

    18:13:14.0305 5636 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

    18:13:14.0367 5636 elxstor - ok

    18:13:14.0414 5636 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys

    18:13:14.0461 5636 ErrDev - ok

    18:13:14.0508 5636 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll

    18:13:14.0554 5636 EventSystem - ok

    18:13:14.0570 5636 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys

    18:13:14.0632 5636 exfat - ok

    18:13:14.0664 5636 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys

    18:13:14.0710 5636 fastfat - ok

    18:13:14.0773 5636 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe

    18:13:14.0835 5636 Fax - ok

    18:13:14.0866 5636 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys

    18:13:14.0913 5636 fdc - ok

    18:13:14.0944 5636 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll

    18:13:15.0007 5636 fdPHost - ok

    18:13:15.0022 5636 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

    18:13:15.0100 5636 FDResPub - ok

    18:13:15.0132 5636 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

    18:13:15.0163 5636 FileInfo - ok

    18:13:15.0163 5636 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

    18:13:15.0256 5636 Filetrace - ok

    18:13:15.0303 5636 [ 227846995afeefa70d328bf5334a86a5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    18:13:15.0350 5636 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning

    18:13:15.0350 5636 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)

    18:13:15.0381 5636 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

    18:13:15.0412 5636 flpydisk - ok

    18:13:15.0444 5636 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

    18:13:15.0490 5636 FltMgr - ok

    18:13:15.0615 5636 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll

    18:13:15.0724 5636 FontCache - ok

    18:13:15.0802 5636 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

    18:13:15.0834 5636 FontCache3.0.0.0 - ok

    18:13:15.0849 5636 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

    18:13:15.0880 5636 FsDepends - ok

    18:13:15.0912 5636 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

    18:13:15.0974 5636 Fs_Rec - ok

    18:13:16.0036 5636 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

    18:13:16.0068 5636 fvevol - ok

    18:13:16.0114 5636 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

    18:13:16.0146 5636 gagp30kx - ok

    18:13:16.0177 5636 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

    18:13:16.0255 5636 GEARAspiWDM - ok

    18:13:16.0364 5636 [ d3316f6e3c011435f36e3d6e49b3196c ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe

    18:13:16.0395 5636 GoToAssist - ok

    18:13:16.0442 5636 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll

    18:13:16.0536 5636 gpsvc - ok

    18:13:16.0692 5636 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    18:13:16.0707 5636 gupdate - ok

    18:13:16.0738 5636 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    18:13:16.0754 5636 gupdatem - ok

    18:13:16.0801 5636 [ cc839e8d766cc31a7710c9f38cf3e375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

    18:13:16.0832 5636 gusvc - ok

    18:13:16.0863 5636 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

    18:13:16.0941 5636 hcw85cir - ok

    18:13:16.0988 5636 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

    18:13:17.0050 5636 HDAudBus - ok

    18:13:17.0050 5636 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

    18:13:17.0082 5636 HidBatt - ok

    18:13:17.0097 5636 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

    18:13:17.0128 5636 HidBth - ok

    18:13:17.0144 5636 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

    18:13:17.0191 5636 HidIr - ok

    18:13:17.0222 5636 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\system32\hidserv.dll

    18:13:17.0331 5636 hidserv - ok

    18:13:17.0362 5636 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys

    18:13:17.0440 5636 HidUsb - ok

    18:13:17.0487 5636 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll

    18:13:17.0565 5636 hkmsvc - ok

    18:13:17.0643 5636 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll

    18:13:17.0721 5636 HomeGroupListener - ok

    18:13:17.0752 5636 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

    18:13:17.0815 5636 HomeGroupProvider - ok

    18:13:17.0862 5636 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

    18:13:17.0908 5636 HpSAMD - ok

    18:13:17.0986 5636 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

    18:13:18.0142 5636 HTTP - ok

    18:13:18.0189 5636 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

    18:13:18.0205 5636 hwpolicy - ok

    18:13:18.0252 5636 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

    18:13:18.0267 5636 i8042prt - ok

    18:13:18.0345 5636 [ 7548066df68a8a1a56b043359f915f37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

    18:13:18.0376 5636 IAANTMON - ok

    18:13:18.0439 5636 [ 1d004cb1da6323b1f55caef7f94b61d9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

    18:13:18.0470 5636 iaStor - ok

    18:13:18.0517 5636 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

    18:13:18.0595 5636 iaStorV - ok

    18:13:18.0657 5636 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

    18:13:18.0720 5636 idsvc - ok

    18:13:18.0907 5636 [ babd5f9b2bcc82ce556a0baf1ae208a7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

    18:13:19.0281 5636 igfx - ok

    18:13:19.0328 5636 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

    18:13:19.0359 5636 iirsp - ok

    18:13:19.0453 5636 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll

    18:13:19.0562 5636 IKEEXT - ok

    18:13:19.0687 5636 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys

    18:13:19.0718 5636 intelide - ok

    18:13:19.0749 5636 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

    18:13:19.0796 5636 intelppm - ok

    18:13:19.0827 5636 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll

    18:13:19.0890 5636 IPBusEnum - ok

    18:13:19.0936 5636 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

    18:13:20.0061 5636 IpFilterDriver - ok

    18:13:20.0092 5636 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

    18:13:20.0202 5636 IPMIDRV - ok

    18:13:20.0248 5636 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

    18:13:20.0326 5636 IPNAT - ok

    18:13:20.0420 5636 [ 50d6ccc6ff5561f9f56946b3e6164fb8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

    18:13:20.0451 5636 iPod Service - ok

    18:13:20.0482 5636 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

    18:13:20.0560 5636 IRENUM - ok

    18:13:20.0592 5636 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

    18:13:20.0623 5636 isapnp - ok

    18:13:20.0670 5636 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

    18:13:20.0732 5636 iScsiPrt - ok

    18:13:20.0779 5636 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys

    18:13:20.0826 5636 kbdclass - ok

    18:13:20.0872 5636 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

    18:13:20.0966 5636 kbdhid - ok

    18:13:20.0982 5636 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe

    18:13:20.0997 5636 KeyIso - ok

    18:13:21.0028 5636 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

    18:13:21.0044 5636 KSecDD - ok

    18:13:21.0091 5636 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

    18:13:21.0106 5636 KSecPkg - ok

    18:13:21.0122 5636 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

    18:13:21.0184 5636 ksthunk - ok

    18:13:21.0262 5636 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll

    18:13:21.0372 5636 KtmRm - ok

    18:13:21.0418 5636 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\system32\srvsvc.dll

    18:13:21.0496 5636 LanmanServer - ok

    18:13:21.0528 5636 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

    18:13:21.0606 5636 LanmanWorkstation - ok

    18:13:21.0762 5636 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

    18:13:21.0840 5636 lltdio - ok

    18:13:21.0871 5636 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll

    18:13:21.0964 5636 lltdsvc - ok

    18:13:21.0980 5636 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll

    18:13:22.0042 5636 lmhosts - ok

    18:13:22.0074 5636 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

    18:13:22.0089 5636 LSI_FC - ok

    18:13:22.0120 5636 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

    18:13:22.0136 5636 LSI_SAS - ok

    18:13:22.0167 5636 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

    18:13:22.0198 5636 LSI_SAS2 - ok

    18:13:22.0214 5636 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

    18:13:22.0245 5636 LSI_SCSI - ok

    18:13:22.0276 5636 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys

    18:13:22.0354 5636 luafv - ok

    18:13:22.0386 5636 [ dc8490812a3b72811ae534f423b4c206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

    18:13:22.0417 5636 MBAMProtector - ok

    18:13:22.0479 5636 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

    18:13:22.0526 5636 MBAMService - ok

    18:13:22.0620 5636 [ fd3ad5e1ecdaa94a89d6697f5c5465d6 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe

    18:13:22.0651 5636 McComponentHostService - ok

    18:13:22.0744 5636 [ 458a013df72eaab91877fa03533e2c8b ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

    18:13:22.0776 5636 McMPFSvc - ok

    18:13:22.0791 5636 [ 458a013df72eaab91877fa03533e2c8b ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

    18:13:22.0822 5636 mcmscsvc - ok

    18:13:22.0822 5636 [ 458a013df72eaab91877fa03533e2c8b ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

    18:13:22.0854 5636 McNaiAnn - ok

    18:13:22.0869 5636 [ 458a013df72eaab91877fa03533e2c8b ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

    18:13:22.0885 5636 McNASvc - ok

    18:13:22.0916 5636 [ 3809b77eb1734cd5fb317425f188abc1 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe

    18:13:22.0947 5636 McODS - ok

    18:13:22.0963 5636 [ 458a013df72eaab91877fa03533e2c8b ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

    18:13:22.0994 5636 McProxy - ok

    18:13:23.0056 5636 [ be7802cfab44b613ac1a20aec1d45b87 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

    18:13:23.0088 5636 McShield - ok

    18:13:23.0119 5636 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

    18:13:23.0197 5636 Mcx2Svc - ok

    18:13:23.0275 5636 [ 11f714f85530a2bd134074dc30e99fca ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    18:13:23.0306 5636 MDM - ok

    18:13:23.0322 5636 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

    18:13:23.0368 5636 megasas - ok

    18:13:23.0384 5636 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

    18:13:23.0415 5636 MegaSR - ok

    18:13:23.0446 5636 [ 0d8a2ccd9fb7a18114ffa13bb681f362 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys

    18:13:23.0462 5636 mfeapfk - ok

    18:13:23.0493 5636 [ 58e891f01db2b41ef1a1296fe63ed74c ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys

    18:13:23.0571 5636 mfeavfk - ok

    18:13:23.0602 5636 mfeavfk01 - ok

    18:13:23.0634 5636 [ 656ef23f7d0738dac975036d6bdde036 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

    18:13:23.0665 5636 mfefire - ok

    18:13:23.0712 5636 [ 74c4bf6c59a8a900c25ee892d3771f73 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys

    18:13:23.0805 5636 mfefirek - ok

    18:13:23.0868 5636 [ bcd060ddc1ea7d2f84e75d17c8e2c88c ] mfehidk C:\Windows\system32\drivers\mfehidk.sys

    18:13:23.0899 5636 mfehidk - ok

    18:13:23.0946 5636 [ 27f5b2b6261d018cbce0f2250d812be5 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys

    18:13:24.0024 5636 mfenlfk - ok

    18:13:24.0055 5636 [ 537d31cf8d41222be5bfa56a5ec35ceb ] mferkdet C:\Windows\system32\drivers\mferkdet.sys

    18:13:24.0102 5636 mferkdet - ok

    18:13:24.0133 5636 [ 5f9f24654ac493970d678ec7b1e3df93 ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

    18:13:24.0164 5636 mfevtp - ok

    18:13:24.0195 5636 [ 5c07cb165074c6114616d8473cdd0938 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys

    18:13:24.0258 5636 mfewfpk - ok

    18:13:24.0289 5636 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll

    18:13:24.0336 5636 MMCSS - ok

    18:13:24.0351 5636 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys

    18:13:24.0414 5636 Modem - ok

    18:13:24.0445 5636 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys

    18:13:24.0492 5636 monitor - ok

    18:13:24.0538 5636 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\drivers\mouclass.sys

    18:13:24.0570 5636 mouclass - ok

    18:13:24.0601 5636 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

    18:13:24.0616 5636 mouhid - ok

    18:13:24.0648 5636 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

    18:13:24.0679 5636 mountmgr - ok

    18:13:24.0710 5636 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys

    18:13:24.0772 5636 mpio - ok

    18:13:24.0788 5636 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

    18:13:24.0850 5636 mpsdrv - ok

    18:13:24.0882 5636 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

    18:13:24.0975 5636 MRxDAV - ok

    18:13:25.0006 5636 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

    18:13:25.0084 5636 mrxsmb - ok

    18:13:25.0131 5636 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

    18:13:25.0162 5636 mrxsmb10 - ok

    18:13:25.0194 5636 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

    18:13:25.0209 5636 mrxsmb20 - ok

    18:13:25.0240 5636 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys

    18:13:25.0334 5636 msahci - ok

    18:13:25.0381 5636 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

    18:13:25.0443 5636 msdsm - ok

    18:13:25.0459 5636 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe

    18:13:25.0506 5636 MSDTC - ok

    18:13:25.0537 5636 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

    18:13:25.0599 5636 Msfs - ok

    18:13:25.0615 5636 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

    18:13:25.0693 5636 mshidkmdf - ok

    18:13:25.0724 5636 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

    18:13:25.0740 5636 msisadrv - ok

    18:13:25.0786 5636 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

    18:13:25.0864 5636 MSiSCSI - ok

    18:13:25.0864 5636 msiserver - ok

    18:13:25.0911 5636 [ 458a013df72eaab91877fa03533e2c8b ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

    18:13:25.0942 5636 MSK80Service - ok

    18:13:25.0958 5636 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

    18:13:26.0036 5636 MSKSSRV - ok

    18:13:26.0052 5636 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

    18:13:26.0098 5636 MSPCLOCK - ok

    18:13:26.0114 5636 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

    18:13:26.0192 5636 MSPQM - ok

    18:13:26.0223 5636 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

    18:13:26.0254 5636 MsRPC - ok

    18:13:26.0301 5636 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

    18:13:26.0332 5636 mssmbios - ok

    18:13:26.0332 5636 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

    18:13:26.0410 5636 MSTEE - ok

    18:13:26.0426 5636 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

    18:13:26.0457 5636 MTConfig - ok

    18:13:26.0488 5636 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys

    18:13:26.0504 5636 Mup - ok

    18:13:26.0551 5636 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll

    18:13:26.0644 5636 napagent - ok

    18:13:26.0676 5636 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

    18:13:26.0738 5636 NativeWifiP - ok

    18:13:26.0800 5636 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys

    18:13:26.0878 5636 NDIS - ok

    18:13:26.0894 5636 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

    18:13:26.0956 5636 NdisCap - ok

    18:13:26.0988 5636 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

    18:13:27.0050 5636 NdisTapi - ok

    18:13:27.0081 5636 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

    18:13:27.0175 5636 Ndisuio - ok

    18:13:27.0206 5636 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

    18:13:27.0346 5636 NdisWan - ok

    18:13:27.0378 5636 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

    18:13:27.0518 5636 NDProxy - ok

    18:13:27.0549 5636 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

    18:13:27.0627 5636 NetBIOS - ok

    18:13:27.0658 5636 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

    18:13:27.0736 5636 NetBT - ok

    18:13:27.0752 5636 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe

    18:13:27.0783 5636 Netlogon - ok

    18:13:27.0814 5636 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll

    18:13:27.0877 5636 Netman - ok

    18:13:27.0908 5636 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll

    18:13:28.0002 5636 netprofm - ok

    18:13:28.0033 5636 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

    18:13:28.0048 5636 NetTcpPortSharing - ok

    18:13:28.0095 5636 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

    18:13:28.0126 5636 nfrd960 - ok

    18:13:28.0158 5636 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

    18:13:28.0251 5636 NlaSvc - ok

    18:13:28.0298 5636 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

    18:13:28.0345 5636 Npfs - ok

    18:13:28.0345 5636 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll

    18:13:28.0392 5636 nsi - ok

    18:13:28.0407 5636 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

    18:13:28.0470 5636 nsiproxy - ok

    18:13:28.0548 5636 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

    18:13:28.0641 5636 Ntfs - ok

    18:13:28.0672 5636 [ 317020d31f1696334679b9d0416eb62e ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys

    18:13:28.0735 5636 NuidFltr - ok

    18:13:28.0750 5636 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys

    18:13:28.0797 5636 Null - ok

    18:13:28.0844 5636 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys

    18:13:28.0953 5636 nvraid - ok

    18:13:28.0984 5636 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys

    18:13:29.0062 5636 nvstor - ok

    18:13:29.0109 5636 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

    18:13:29.0156 5636 nv_agp - ok

    18:13:29.0187 5636 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

    18:13:29.0250 5636 ohci1394 - ok

    18:13:29.0281 5636 [ 7a56cf3e3f12e8af599963b16f50fb6a ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

    18:13:29.0312 5636 ose - ok

    18:13:29.0343 5636 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

    18:13:29.0406 5636 p2pimsvc - ok

    18:13:29.0437 5636 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll

    18:13:29.0484 5636 p2psvc - ok

    18:13:29.0499 5636 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

    18:13:29.0530 5636 Parport - ok

    18:13:29.0562 5636 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys

    18:13:29.0593 5636 partmgr - ok

    18:13:29.0608 5636 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

    18:13:29.0671 5636 PcaSvc - ok

    18:13:29.0702 5636 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys

    18:13:29.0718 5636 pci - ok

    18:13:29.0749 5636 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys

    18:13:29.0780 5636 pciide - ok

    18:13:29.0796 5636 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

    18:13:29.0827 5636 pcmcia - ok

    18:13:29.0842 5636 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys

    18:13:29.0858 5636 pcw - ok

    18:13:29.0905 5636 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys

    18:13:29.0998 5636 PEAUTH - ok

    18:13:30.0092 5636 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe

    18:13:30.0139 5636 PerfHost - ok

    18:13:30.0217 5636 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll

    18:13:30.0388 5636 pla - ok

    18:13:30.0435 5636 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

    18:13:30.0529 5636 PlugPlay - ok

    18:13:30.0544 5636 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

    18:13:30.0591 5636 PNRPAutoReg - ok

    18:13:30.0622 5636 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

    18:13:30.0638 5636 PNRPsvc - ok

    18:13:30.0685 5636 [ 33328fa8a580885ab0065be6db266e9f ] Point64 C:\Windows\system32\DRIVERS\point64.sys

    18:13:30.0763 5636 Point64 - ok

    18:13:30.0825 5636 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

    18:13:30.0872 5636 PolicyAgent - ok

    18:13:30.0903 5636 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll

    18:13:30.0966 5636 Power - ok

    18:13:31.0012 5636 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

    18:13:31.0153 5636 PptpMiniport - ok

    18:13:31.0184 5636 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys

    18:13:31.0231 5636 Processor - ok

    18:13:31.0278 5636 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll

    18:13:31.0356 5636 ProfSvc - ok

    18:13:31.0371 5636 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe

    18:13:31.0387 5636 ProtectedStorage - ok

    18:13:31.0434 5636 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys

    18:13:31.0558 5636 Psched - ok

    18:13:31.0574 5636 [ 4712cc14e720ecccc0aa16949d18aaf1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

    18:13:31.0590 5636 PxHlpa64 - ok

    18:13:31.0652 5636 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

    18:13:31.0761 5636 ql2300 - ok

    18:13:31.0792 5636 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

    18:13:31.0824 5636 ql40xx - ok

    18:13:31.0839 5636 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll

    18:13:31.0886 5636 QWAVE - ok

    18:13:31.0902 5636 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

    18:13:31.0948 5636 QWAVEdrv - ok

    18:13:31.0964 5636 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

    18:13:32.0026 5636 RasAcd - ok

    18:13:32.0058 5636 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

    18:13:32.0104 5636 RasAgileVpn - ok

    18:13:32.0136 5636 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll

    18:13:32.0182 5636 RasAuto - ok

    18:13:32.0229 5636 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

    18:13:32.0323 5636 Rasl2tp - ok

    18:13:32.0370 5636 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll

    18:13:32.0463 5636 RasMan - ok

    18:13:32.0479 5636 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

    18:13:32.0557 5636 RasPppoe - ok

    18:13:32.0588 5636 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

    18:13:32.0682 5636 RasSstp - ok

    18:13:32.0713 5636 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

    18:13:32.0775 5636 rdbss - ok

    18:13:32.0806 5636 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

    18:13:32.0853 5636 rdpbus - ok

    18:13:32.0884 5636 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

    18:13:32.0947 5636 RDPCDD - ok

    18:13:32.0962 5636 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

    18:13:33.0040 5636 RDPENCDD - ok

    18:13:33.0056 5636 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

    18:13:33.0103 5636 RDPREFMP - ok

    18:13:33.0150 5636 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

    18:13:33.0228 5636 RDPWD - ok

    18:13:33.0274 5636 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

    18:13:33.0306 5636 rdyboost - ok

    18:13:33.0337 5636 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll

    18:13:33.0430 5636 RemoteAccess - ok

    18:13:33.0462 5636 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

    18:13:33.0524 5636 RemoteRegistry - ok

    18:13:33.0571 5636 [ 5790bca445cc40df8b38c2c48608aac2 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys

    18:13:33.0680 5636 RimUsb - ok

    18:13:33.0742 5636 [ c903d49655b4aae46673f0aaa6be0f58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

    18:13:33.0836 5636 RimVSerPort - ok

    18:13:33.0883 5636 [ 388d3dd1a6457280f3badba9f3acd6b1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys

    18:13:33.0945 5636 ROOTMODEM - ok

    18:13:33.0976 5636 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

    18:13:34.0054 5636 RpcEptMapper - ok

    18:13:34.0086 5636 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe

    18:13:34.0148 5636 RpcLocator - ok

    18:13:34.0195 5636 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll

    18:13:34.0242 5636 RpcSs - ok

    18:13:34.0273 5636 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

    18:13:34.0366 5636 rspndr - ok

    18:13:34.0413 5636 [ 4a25dc970c58104602ed274dacafd784 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys

    18:13:34.0476 5636 RSUSBSTOR - ok

    18:13:34.0491 5636 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe

    18:13:34.0522 5636 SamSs - ok

    18:13:34.0554 5636 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

    18:13:34.0632 5636 sbp2port - ok

    18:13:34.0663 5636 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll

    18:13:34.0772 5636 SCardSvr - ok

    18:13:34.0803 5636 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

    18:13:34.0944 5636 scfilter - ok

    18:13:34.0990 5636 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll

    18:13:35.0100 5636 Schedule - ok

    18:13:35.0131 5636 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll

    18:13:35.0193 5636 SCPolicySvc - ok

    18:13:35.0224 5636 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

    18:13:35.0318 5636 SDRSVC - ok

    18:13:35.0349 5636 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

    18:13:35.0396 5636 secdrv - ok

    18:13:35.0427 5636 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll

    18:13:35.0474 5636 seclogon - ok

    18:13:35.0505 5636 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\System32\sens.dll

    18:13:35.0568 5636 SENS - ok

    18:13:35.0583 5636 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

    18:13:35.0630 5636 SensrSvc - ok

    18:13:35.0661 5636 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

    18:13:35.0692 5636 Serenum - ok

    18:13:35.0724 5636 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

    18:13:35.0755 5636 Serial - ok

    18:13:35.0786 5636 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

    18:13:35.0833 5636 sermouse - ok

    18:13:35.0880 5636 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll

    18:13:35.0989 5636 SessionEnv - ok

    18:13:36.0020 5636 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

    18:13:36.0067 5636 sffdisk - ok

    18:13:36.0114 5636 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

    18:13:36.0160 5636 sffp_mmc - ok

    18:13:36.0192 5636 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

    18:13:36.0316 5636 sffp_sd - ok

    18:13:36.0348 5636 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

    18:13:36.0410 5636 sfloppy - ok

    18:13:36.0519 5636 [ 74ec60e20516aaa573be74f31175270f ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

    18:13:36.0566 5636 SftService - ok

    18:13:36.0613 5636 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll

    18:13:36.0753 5636 ShellHWDetection - ok

    18:13:36.0769 5636 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

    18:13:36.0800 5636 SiSRaid2 - ok

    18:13:36.0816 5636 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

    18:13:36.0831 5636 SiSRaid4 - ok

    18:13:36.0894 5636 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

    18:13:36.0956 5636 Smb - ok

    18:13:36.0987 5636 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe

    18:13:37.0034 5636 SNMPTRAP - ok

    18:13:37.0050 5636 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys

    18:13:37.0081 5636 spldr - ok

    18:13:37.0112 5636 [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler C:\Windows\System32\spoolsv.exe

    18:13:37.0174 5636 Spooler - ok

    18:13:37.0299 5636 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe

    18:13:37.0393 5636 sppsvc - ok

    18:13:37.0408 5636 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

    18:13:37.0471 5636 sppuinotify - ok

    18:13:37.0518 5636 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys

    18:13:37.0580 5636 srv - ok

    18:13:37.0611 5636 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

    18:13:37.0642 5636 srv2 - ok

    18:13:37.0658 5636 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

    18:13:37.0689 5636 srvnet - ok

    18:13:37.0720 5636 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

    18:13:37.0767 5636 SSDPSRV - ok

    18:13:37.0783 5636 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll

    18:13:37.0845 5636 SstpSvc - ok

    18:13:37.0954 5636 [ 444109453a2b87e6c16bcda5953e81a9 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe

    18:13:38.0017 5636 STacSV - ok

    18:13:38.0048 5636 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

    18:13:38.0095 5636 stexstor - ok

    18:13:38.0110 5636 [ 02e784fa49032f84964db90a3ed81890 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys

    18:13:38.0204 5636 STHDA - ok

    18:13:38.0266 5636 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll

    18:13:38.0360 5636 stisvc - ok

    18:13:38.0407 5636 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys

    18:13:38.0438 5636 swenum - ok

    18:13:38.0485 5636 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll

    18:13:38.0547 5636 swprv - ok

    18:13:38.0625 5636 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll

    18:13:38.0734 5636 SysMain - ok

    18:13:38.0781 5636 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

    18:13:38.0890 5636 TabletInputService - ok

    18:13:38.0937 5636 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

    18:13:39.0046 5636 TapiSrv - ok

    18:13:39.0078 5636 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll

    18:13:39.0124 5636 TBS - ok

    18:13:39.0218 5636 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

    18:13:39.0312 5636 Tcpip - ok

    18:13:39.0374 5636 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

    18:13:39.0421 5636 TCPIP6 - ok

    18:13:39.0468 5636 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

    18:13:39.0546 5636 tcpipreg - ok

    18:13:39.0577 5636 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

    18:13:39.0655 5636 TDPIPE - ok

    18:13:39.0686 5636 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

    18:13:39.0733 5636 TDTCP - ok

    18:13:39.0764 5636 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

    18:13:39.0826 5636 tdx - ok

    18:13:39.0858 5636 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys

    18:13:39.0889 5636 TermDD - ok

    18:13:39.0920 5636 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll

    18:13:39.0998 5636 TermService - ok

    18:13:40.0029 5636 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll

    18:13:40.0060 5636 Themes - ok

    18:13:40.0092 5636 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll

    18:13:40.0154 5636 THREADORDER - ok

    18:13:40.0170 5636 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll

    18:13:40.0216 5636 TrkWks - ok

    18:13:40.0279 5636 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

    18:13:40.0341 5636 TrustedInstaller - ok

    18:13:40.0404 5636 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

    18:13:40.0482 5636 tssecsrv - ok

    18:13:40.0528 5636 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

    18:13:40.0622 5636 TsUsbFlt - ok

    18:13:40.0669 5636 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

    18:13:40.0731 5636 tunnel - ok

    18:13:40.0747 5636 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

    18:13:40.0778 5636 uagp35 - ok

    18:13:40.0825 5636 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

    18:13:40.0872 5636 udfs - ok

    18:13:40.0903 5636 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

    18:13:40.0934 5636 UI0Detect - ok

    18:13:40.0996 5636 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

    18:13:41.0028 5636 uliagpkx - ok

    18:13:41.0059 5636 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\drivers\umbus.sys

    18:13:41.0090 5636 umbus - ok

    18:13:41.0121 5636 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

    18:13:41.0152 5636 UmPass - ok

    18:13:41.0184 5636 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll

    18:13:41.0262 5636 upnphost - ok

    18:13:41.0308 5636 [ 54d4b48d443e7228bf64cf7cdc3118ac ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

    18:13:41.0324 5636 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning

    18:13:41.0324 5636 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)

    18:13:41.0355 5636 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

    18:13:41.0433 5636 usbccgp - ok

    18:13:41.0464 5636 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

    18:13:41.0496 5636 usbcir - ok

    18:13:41.0527 5636 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

    18:13:41.0574 5636 usbehci - ok

    18:13:41.0636 5636 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

    18:13:41.0683 5636 usbhub - ok

    18:13:41.0714 5636 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

    18:13:41.0745 5636 usbohci - ok

    18:13:41.0776 5636 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

    18:13:41.0823 5636 usbprint - ok

    18:13:41.0870 5636 [ aaa2513c8aed8b54b189fd0c6b1634c0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

    18:13:41.0932 5636 usbscan - ok

    18:13:41.0964 5636 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS

    18:13:42.0042 5636 USBSTOR - ok

    18:13:42.0073 5636 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

    18:13:42.0120 5636 usbuhci - ok

    18:13:42.0166 5636 [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

    18:13:42.0213 5636 usbvideo - ok

    18:13:42.0229 5636 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll

    18:13:42.0307 5636 UxSms - ok

    18:13:42.0322 5636 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe

    18:13:42.0338 5636 VaultSvc - ok

    18:13:42.0385 5636 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

    18:13:42.0416 5636 vdrvroot - ok

    18:13:42.0478 5636 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe

    18:13:42.0588 5636 vds - ok

    18:13:42.0619 5636 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

    18:13:42.0650 5636 vga - ok

    18:13:42.0666 5636 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys

    18:13:42.0712 5636 VgaSave - ok

    18:13:42.0744 5636 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

    18:13:42.0775 5636 vhdmp - ok

    18:13:42.0822 5636 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys

    18:13:42.0853 5636 viaide - ok

    18:13:42.0900 5636 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

    18:13:42.0915 5636 volmgr - ok

    18:13:42.0962 5636 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

    18:13:42.0993 5636 volmgrx - ok

    18:13:43.0071 5636 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

    18:13:43.0087 5636 volsnap - ok

    18:13:43.0134 5636 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

    18:13:43.0149 5636 vsmraid - ok

    18:13:43.0227 5636 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe

    18:13:43.0305 5636 VSS - ok

    18:13:43.0321 5636 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

    18:13:43.0368 5636 vwifibus - ok

    18:13:43.0399 5636 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

    18:13:43.0461 5636 vwififlt - ok

    18:13:43.0492 5636 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll

    18:13:43.0555 5636 W32Time - ok

    18:13:43.0586 5636 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

    18:13:43.0617 5636 WacomPen - ok

    18:13:43.0680 5636 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

    18:13:43.0726 5636 WANARP - ok

    18:13:43.0758 5636 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

    18:13:43.0820 5636 Wanarpv6 - ok

    18:13:43.0882 5636 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

    18:13:44.0038 5636 WatAdminSvc - ok

    18:13:44.0132 5636 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe

    18:13:44.0304 5636 wbengine - ok

    18:13:44.0350 5636 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

    18:13:44.0382 5636 WbioSrvc - ok

    18:13:44.0428 5636 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll

    18:13:44.0491 5636 wcncsvc - ok

    18:13:44.0506 5636 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

    18:13:44.0569 5636 WcsPlugInService - ok

    18:13:44.0600 5636 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys

    18:13:44.0616 5636 Wd - ok

    18:13:44.0647 5636 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

    18:13:44.0694 5636 Wdf01000 - ok

    18:13:44.0725 5636 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll

    18:13:44.0818 5636 WdiServiceHost - ok

    18:13:44.0834 5636 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll

    18:13:44.0850 5636 WdiSystemHost - ok

    18:13:44.0896 5636 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll

    18:13:44.0990 5636 WebClient - ok

    18:13:45.0021 5636 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll

    18:13:45.0115 5636 Wecsvc - ok

    18:13:45.0130 5636 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

    18:13:45.0193 5636 wercplsupport - ok

    18:13:45.0224 5636 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll

    18:13:45.0302 5636 WerSvc - ok

    18:13:45.0349 5636 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

    18:13:45.0396 5636 WfpLwf - ok

    18:13:45.0458 5636 [ b14ef15bd757fa488f9c970eee9c0d35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys

    18:13:45.0474 5636 WimFltr - ok

    18:13:45.0505 5636 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys

    18:13:45.0520 5636 WIMMount - ok

    18:13:45.0552 5636 WinHttpAutoProxySvc - ok

    18:13:45.0630 5636 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

    18:13:45.0692 5636 Winmgmt - ok

    18:13:45.0801 5636 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll

    18:13:46.0066 5636 WinRM - ok

    18:13:46.0160 5636 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll

    18:13:46.0238 5636 Wlansvc - ok

    18:13:46.0332 5636 [ 13b0a570e1ae451c92da550085d72cf3 ] wltrysvc C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

    18:13:46.0347 5636 wltrysvc ( UnsignedFile.Multi.Generic ) - warning

    18:13:46.0347 5636 wltrysvc - detected UnsignedFile.Multi.Generic (1)

    18:13:46.0394 5636 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

    18:13:46.0425 5636 WmiAcpi - ok

    18:13:46.0488 5636 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

    18:13:46.0550 5636 wmiApSrv - ok

    18:13:46.0581 5636 WMPNetworkSvc - ok

    18:13:46.0612 5636 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll

    18:13:46.0675 5636 WPCSvc - ok

    18:13:46.0722 5636 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

    18:13:46.0768 5636 WPDBusEnum - ok

    18:13:46.0800 5636 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

    18:13:46.0847 5636 ws2ifsl - ok

    18:13:46.0847 5636 WSearch - ok

    18:13:46.0910 5636 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

    18:13:46.0988 5636 WudfPf - ok

    18:13:47.0019 5636 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

    18:13:47.0066 5636 WUDFRd - ok

    18:13:47.0097 5636 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

    18:13:47.0175 5636 wudfsvc - ok

    18:13:47.0222 5636 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll

    18:13:47.0284 5636 WwanSvc - ok

    18:13:47.0331 5636 [ 79d9ce9614c955dd31aa2556b4014662 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys

    18:13:47.0440 5636 yukonw7 - ok

    18:13:47.0456 5636 ================ Scan global ===============================

    18:13:47.0487 5636 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll

    18:13:47.0518 5636 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll

    18:13:47.0549 5636 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll

    18:13:47.0581 5636 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll

    18:13:47.0627 5636 (014a9cb92514e27c0107614df764bc06) C:\Windows\system32\services.exe

    18:13:47.0627 5636 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected

    18:13:47.0627 5636 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0)

    18:13:47.0627 5636 ================ Scan MBR ==================================

    18:13:47.0659 5636 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

    18:13:47.0659 5636 Suspicious mbr (Forged): \Device\Harddisk0\DR0

    18:13:47.0721 5636 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

    18:13:47.0721 5636 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

    18:13:47.0783 5636 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

    18:13:47.0783 5636 \Device\Harddisk0\DR0 - detected TDSS File System (1)

    18:13:47.0799 5636 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1

    18:13:47.0939 5636 \Device\Harddisk1\DR1 - ok

    18:13:47.0939 5636 ================ Scan VBR ==================================

    18:13:47.0939 5636 Boot (0x1200) (ce1660b4a78827026eab557be1bfe095) \Device\Harddisk0\DR0\Partition1

    18:13:47.0939 5636 \Device\Harddisk0\DR0\Partition1 - ok

    18:13:47.0986 5636 Boot (0x1200) (4eb64c46782b52d213573077d5291b6d) \Device\Harddisk0\DR0\Partition2

    18:13:47.0986 5636 \Device\Harddisk0\DR0\Partition2 - ok

    18:13:47.0986 5636 Boot (0x1200) (32d87aba66365c6c4e0b4978295782b2) \Device\Harddisk1\DR1\Partition1

    18:13:47.0986 5636 \Device\Harddisk1\DR1\Partition1 - ok

    18:13:47.0986 5636 ============================================================

    18:13:47.0986 5636 Scan finished

    18:13:47.0986 5636 ============================================================

    18:13:48.0017 4412 Detected object count: 7

    18:13:48.0017 4412 Actual detected object count: 7

    18:15:19.0106 4412 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user

    18:15:19.0106 4412 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip

    18:15:19.0106 4412 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

    18:15:19.0106 4412 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

    18:15:19.0106 4412 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user

    18:15:19.0106 4412 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

    18:15:19.0106 4412 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user

    18:15:19.0106 4412 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

    18:15:19.0215 4412 C:\Windows\system32\services.exe - copied to quarantine

    18:15:20.0089 4412 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine

    18:15:20.0167 4412 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine

    18:15:20.0182 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\@ - copied to quarantine

    18:15:20.0198 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\L\00000004.@ - copied to quarantine

    18:15:20.0198 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\L\201d3dde - copied to quarantine

    18:15:20.0198 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\00000004.@ - copied to quarantine

    18:15:20.0214 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\00000008.@ - copied to quarantine

    18:15:20.0214 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\000000cb.@ - copied to quarantine

    18:15:20.0214 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\80000000.@ - copied to quarantine

    18:15:20.0214 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\80000032.@ - copied to quarantine

    18:15:20.0214 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\80000064.@ - copied to quarantine

    18:15:40.0433 4412 Backup copy found, using it..

    18:15:40.0511 4412 C:\Windows\assembly\GAC_32\desktop.ini - will be deleted on reboot

    18:15:40.0511 4412 C:\Windows\assembly\GAC_64\desktop.ini - will be deleted on reboot

    18:15:40.0527 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\@ - will be deleted on reboot

    18:15:40.0527 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\00000004.@ - will be deleted on reboot

    18:15:40.0527 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\00000008.@ - will be deleted on reboot

    18:15:40.0527 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\000000cb.@ - will be deleted on reboot

    18:15:40.0527 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\80000000.@ - will be deleted on reboot

    18:15:40.0527 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\80000032.@ - will be deleted on reboot

    18:15:40.0527 4412 C:\Windows\installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\80000064.@ - will be deleted on reboot

    18:15:40.0542 4412 C:\Windows\system32\services.exe - will be cured on reboot

    18:15:40.0542 4412 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Cure

    18:15:41.0385 4412 \Device\Harddisk0\DR0\# - copied to quarantine

    18:15:41.0385 4412 \Device\Harddisk0\DR0 - copied to quarantine

    18:15:41.0463 4412 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

    18:15:41.0478 4412 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

    18:15:41.0478 4412 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

    18:15:41.0525 4412 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

    18:15:41.0541 4412 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

    18:15:41.0541 4412 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

    18:15:41.0541 4412 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

    18:15:41.0556 4412 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

    18:15:41.0556 4412 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

    18:15:41.0556 4412 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

    18:15:41.0572 4412 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

    18:15:41.0572 4412 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

    18:15:41.0572 4412 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

    18:15:41.0603 4412 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

    18:15:41.0603 4412 \Device\Harddisk0\DR0 - ok

    18:15:41.0728 4412 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

    18:15:41.0728 4412 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

    18:15:41.0728 4412 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

    18:15:49.0076 6112 Deinitialize success

    ****** MBAM ******************************************************

    Malwarebytes Anti-Malware (PRO) 1.62.0.1300

    www.malwarebytes.org

    Database version: v2012.08.19.07

    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 9.0.8112.16421

    kmwordsmith :: ROHAN [administrator]

    Protection: Enabled

    8/19/2012 6:29:31 PM

    mbam-log-2012-08-19 (18-29-31).txt

    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 198385

    Time elapsed: 6 minute(s), 14 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 0

    (No malicious items detected)

    (end)

  5. I have a computer infected with a browser/search redirect virus. A Malwarebytes scan detects it but appears unable to fully remove the infection. Every time on reboot the infection tries to reinstall itself, but Malwarebytes detects and asks to quarantine it (which I do). Upon rerunning the quick scan the same files are found, and the process repeats.... I can now browse the Internet normally, but based on the reboot/reappear pattern, the infection is not completely removed.

    I've seen other similar posts on this forum, but it seems from reading them that the best course of action is to post a new thread with the log files pasted in, so that is what I am doing here.

    Thanks in advance for anyone who can help with this.

    I've already downloaded and run DDS. Here are the requested logs (MBAM / DDS / Attach):

    ***** MBAM log *****

    Malwarebytes Anti-Malware (PRO) 1.62.0.1300

    www.malwarebytes.org

    Database version: v2012.08.18.06

    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 9.0.8112.16421

    kmwordsmith :: ROHAN [administrator]

    Protection: Enabled

    8/19/2012 2:40:02 PM

    mbam-log-2012-08-19 (14-40-02).txt

    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 198250

    Time elapsed: 6 minute(s), 24 second(s)

    Memory Processes Detected: 1

    C:\WINDOWS\svchost.exe (Trojan.Agent) -> 4644 -> Delete on reboot.

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 3

    C:\WINDOWS\Installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

    C:\WINDOWS\Installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

    C:\WINDOWS\svchost.exe (Trojan.Agent) -> Delete on reboot.

    (end)

    ****** DDS.txt ********************************************************************************

    .

    DDS (Ver_2011-08-26.01) - NTFSAMD64

    Internet Explorer: 9.0.8112.16421

    Run by kmwordsmith at 15:28:36 on 2012-08-19

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2499 [GMT -4:00]

    .

    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Program Files\Dell\DellDock\DockLogin.exe

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

    C:\Windows\system32\WLANExt.exe

    C:\Windows\system32\Dwm.exe

    C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\Explorer.EXE

    C:\Windows\System32\spoolsv.exe

    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    C:\Windows\system32\taskhost.exe

    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

    C:\Program Files\DellTPad\Apoint.exe

    C:\Program Files\IDT\WDM\sttray64.exe

    C:\WINDOWS\System32\igfxtray.exe

    C:\WINDOWS\System32\hkcmd.exe

    C:\WINDOWS\System32\igfxpers.exe

    C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

    C:\Program Files\Dell\QuickSet\quickset.exe

    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

    C:\Program Files\Microsoft IntelliPoint\ipoint.exe

    C:\Users\kmwordsmith\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe

    C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

    C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe

    C:\Windows\system32\igfxsrvc.exe

    C:\Program Files (x86)\PDFCreator\PDFCreator.exe

    C:\Program Files\Dell\DellDock\DellDock.exe

    C:\Users\kmwordsmith\AppData\Roaming\Dropbox\bin\Dropbox.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

    C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

    C:\Program Files\McAfee.com\Agent\mcagent.exe

    C:\Windows\system32\conhost.exe

    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    C:\Program Files (x86)\iTunes\iTunesHelper.exe

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

    C:\Program Files\DellTPad\ApMsgFwd.exe

    C:\Program Files\DellTPad\HidFind.exe

    C:\Program Files\DellTPad\Apntex.exe

    C:\Windows\system32\conhost.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    -netsvcs

    C:\Windows\system32\conhost.exe

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\Windows\System32\svchost.exe -k WerSvcGroup

    C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE

    C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE

    C:\Windows\splwow64.exe

    C:\Windows\SysWOW64\NOTEPAD.EXE

    C:\Program Files (x86)\Internet Explorer\IELowutil.exe

    C:\Program Files\Common Files\McAfee\Core\mchost.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Program Files (x86)\Internet Explorer\iexplore.exe

    C:\Program Files (x86)\Internet Explorer\iexplore.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\SysWOW64\cmd.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\SysWOW64\cscript.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://www.bing.com/

    uInternet Settings,ProxyOverride = *.local

    uURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll

    mURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll

    mWinlogon: Userinit=userinit.exe,

    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

    BHO: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll

    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

    BHO: ShopAtHome.com Toolbar: {66516a07-f617-488a-90cf-4e690cfb3c5f} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll

    BHO: CDelHotkeys Object: {78875f5c-a685-4405-8dc5-d48dc65452b0} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100907182941.dll

    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

    TB: Delicious Toolbar: {61d1c847-df80-423a-8c6d-dc03b97e6ebe} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

    TB: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll

    TB: ShopAtHome.com Toolbar: {311b58dc-a4dc-4b04-b1b5-60299ad3d803} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll

    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

    EB: Delicious Sidebar: {9d19c405-ba93-461b-871f-97992cc45972} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

    uRun: [screenpresso] "C:\Users\kmwordsmith\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe" -startup

    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

    uRun: [Google Update] "C:\Users\kmwordsmith\AppData\Local\Google\Update\GoogleUpdate.exe" /c

    mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

    mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

    mRun: [blackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background

    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

    mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

    mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

    StartupFolder: C:\Users\KMWORD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

    StartupFolder: C:\Users\KMWORD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\kmwordsmith\AppData\Roaming\Dropbox\bin\Dropbox.exe

    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe

    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PDFCRE~1.LNK - C:\Program Files (x86)\PDFCreator\PDFCreator.exe

    mPolicies-explorer: NoActiveDesktop = 1 (0x1)

    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000

    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    IE: {2C887991-08F0-11DC-A9B2-0012F0B227DD} - {B8D8B1D0-83AF-451B-8CD9-8F1BF4ED8FEA} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

    IE: {2C887992-08F0-11DC-A9B2-0012F0B227DD} - {9D19C405-BA93-461b-871F-97992CC45972} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

    IE: {2C887993-08F0-11DC-A9B2-0012F0B227DD} - {4D3D441F-9543-4941-B664-2EDCF9FC1B56} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL

    LSP: mswsock.dll

    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://logicalimages.webex.com/client/T27LB/webex/ieatgpc1.cab

    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    TCP: DhcpNameServer = 192.168.254.254

    TCP: Interfaces\{5543631B-9160-4BE9-925D-36734AE345F2} : DhcpNameServer = 192.168.254.254

    TCP: Interfaces\{7F302492-41B6-4FBD-8780-5795A2FDC3EF} : DhcpNameServer = 192.168.254.254

    BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    BHO-X64: AcroIEHelperStub - No File

    BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

    BHO-X64: McAfee Phishing Filter - No File

    BHO-X64: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll

    BHO-X64: Coupons.com - No File

    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

    BHO-X64: ShopAtHome.com Toolbar: {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll

    BHO-X64: ShopAtHome.com Toolbar - No File

    BHO-X64: CDelHotkeys Object: {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100907182941.dll

    BHO-X64: scriptproxy - No File

    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

    BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

    TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

    TB-X64: Delicious Toolbar: {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

    TB-X64: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll

    TB-X64: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll

    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

    EB-X64: {9D19C405-BA93-461B-871F-97992CC45972} - No File

    mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

    mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

    mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

    mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

    mRun-x64: [blackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background

    mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

    mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

    mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

    mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

    .

    ============= SERVICES / DRIVERS ===============

    .

    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

    R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

    R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-15 655944]

    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-7 355440]

    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-7 355440]

    R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-9-7 199032]

    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-9-7 244840]

    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-9-7 148520]

    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-11-28 1692480]

    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

    S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-1 136176]

    S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-7 355440]

    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-17 250056]

    S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-1 136176]

    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]

    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

    .

    =============== Created Last 30 ================

    .

    2012-08-19 18:37:44 20480 ------w- C:\Windows\svchost.exe

    2012-08-16 03:14:57 -------- d-----w- C:\Users\kmwordsmith\AppData\Roaming\Malwarebytes

    2012-08-16 03:14:50 -------- d-----w- C:\ProgramData\Malwarebytes

    2012-08-16 03:14:46 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

    2012-08-16 03:14:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

    2012-08-16 02:56:29 -------- d-----w- C:\Program Files (x86)\PC Tools

    2012-08-16 02:47:50 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys

    2012-08-16 02:47:50 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

    2012-08-16 02:47:20 -------- d-----w- C:\ProgramData\PC Tools

    2012-08-16 02:47:19 -------- d-----w- C:\Users\kmwordsmith\AppData\Roaming\TestApp

    2012-07-24 19:47:01 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

    2012-07-24 14:33:50 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\F337.tmp

    2012-07-24 14:33:50 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\F336.tmp

    .

    ==================== Find3M ====================

    .

    2012-08-15 13:46:15 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

    2012-08-15 13:46:15 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

    2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys

    2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

    2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

    2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

    2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

    2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

    2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

    2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

    2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

    2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

    2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

    2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

    2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

    2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

    .

    ============= FINISH: 15:29:33.35 ===============

    ********** Attach.txt **********************************************************

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2011-08-26.01)

    .

    Microsoft Windows 7 Home Premium

    Boot Device: \Device\HarddiskVolume2

    Install Date: 12/4/2009 7:12:02 PM

    System Uptime: 8/19/2012 2:36:21 PM (1 hours ago)

    .

    Motherboard: Dell Inc. | | 0G848F

    Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz | Microprocessor | 1197/200mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 218 GiB total, 164.079 GiB free.

    D: is CDROM ()

    E: is FIXED (NTFS) - 190 GiB total, 105.716 GiB free.

    .

    ==== Disabled Device Manager Items =============

    .

    ==== System Restore Points ===================

    .

    RP186: 7/9/2012 11:11:13 AM - Scheduled Checkpoint

    RP187: 7/11/2012 11:56:50 PM - Windows Update

    RP188: 7/19/2012 12:53:10 PM - Scheduled Checkpoint

    RP189: 7/27/2012 8:20:17 AM - Scheduled Checkpoint

    RP190: 8/3/2012 8:41:58 AM - Scheduled Checkpoint

    RP191: 8/10/2012 10:44:01 AM - Scheduled Checkpoint

    RP192: 8/17/2012 11:19:58 AM - Scheduled Checkpoint

    .

    ==== Installed Programs ======================

    .

    Adobe Acrobat Connect Add-in

    Adobe AIR

    Adobe Anchor Service CS3

    Adobe Asset Services CS3

    Adobe Bridge CS3

    Adobe Bridge Start Meeting

    Adobe Camera Raw 4.0

    Adobe CMaps

    Adobe Contribute CS3

    Adobe Default Language CS3

    Adobe ExtendScript Toolkit 2

    Adobe Flash Player 11 ActiveX

    Adobe Help Viewer CS3

    Adobe PDF Library Files

    Adobe Reader X (10.1.3)

    Adobe Setup

    Adobe Type Support

    Adobe Update Manager CS3

    Adobe Version Cue CS3 Client

    Advanced Audio FX Engine

    Apple Application Support

    Apple Software Update

    Bing Bar

    BlackBerry Desktop Software 5.0.1

    BlackBerry® Media Sync

    Cisco EAP-FAST Module

    Cisco LEAP Module

    Cisco PEAP Module

    Compatibility Pack for the 2007 Office system

    Coupon Printer for Windows

    Coupons.com Toolbar

    Delicious Add-on for Internet Explorer

    Dell DataSafe Local Backup

    Dell DataSafe Local Backup - Support Software

    Dell Getting Started Guide

    Dell Webcam Central

    Dropbox

    Facebook Plug-In

    FileZilla Client 3.3.0.1

    Google Chrome

    Google Toolbar for Internet Explorer

    Google Update Helper

    GoToAssist 8.0.0.514

    Java Auto Updater

    Java 6 Update 29

    Junk Mail filter update

    Live! Cam Avatar Creator

    Malwarebytes Anti-Malware version 1.62.0.1300

    McAfee Security Scan Plus

    McAfee SecurityCenter

    Microsoft Choice Guard

    Microsoft Office File Validation Add-In

    Microsoft Office Small Business Edition 2003

    Microsoft Silverlight

    Microsoft SQL Server 2005 Compact Edition [ENU]

    Microsoft Sync Framework Runtime Native v1.0 (x86)

    Microsoft Sync Framework Services Native v1.0 (x86)

    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2005 Redistributable - KB2467175

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

    MSVCRT

    Notepad++

    PDFCreator

    PowerDVD DX

    QualXServ Service Agreement

    QuickTime

    Roxio Burn

    Roxio Update Manager

    Screenpresso

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

    ShopAtHome.com Toolbar

    Spelling Dictionaries Support For Adobe Reader 9

    Spotify

    TweetDeck

    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

    WebEx

    Windows Live Call

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live Mail

    Windows Live Messenger

    Windows Live Movie Maker

    Windows Live Photo Gallery

    Windows Live Sign-in Assistant

    Windows Live Sync

    Windows Live Upload Tool

    Windows Live Writer

    Yahoo! Detect

    .

    ==== Event Viewer Messages From Past Week ========

    .

    8/19/2012 2:39:26 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

    8/19/2012 2:37:33 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

    8/19/2012 2:37:33 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

    8/19/2012 2:36:59 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

    8/19/2012 10:50:19 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.

    8/19/2012 10:49:49 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

    8/19/2012 10:49:19 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

    8/19/2012 1:51:43 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff800030fd4aa, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081912-23119-01.

    8/19/2012 1:49:17 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800030be405). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081912-22464-01.

    8/18/2012 1:38:38 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Rohan\kmwordsmith SID (S-1-5-21-2178287959-2484263321-3651141593-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

    8/18/2012 1:38:38 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Rohan\kmwordsmith SID (S-1-5-21-2178287959-2484263321-3651141593-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

    8/16/2012 9:13:46 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

    8/16/2012 12:55:40 PM, Error: PCTCore [280] -

    8/16/2012 1:19:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.

    8/16/2012 1:18:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

    8/14/2012 1:28:11 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.101 with the system having network hardware address A4-5C-27-6F-B8-12. Network operations on this system may be disrupted as a result.

    .

    ==== End Of File ===========================

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.