svchost trojan cannot be removed after system fix infection

thanatos65 · March 28, 2012

Hello, I am hoping you can help me. My daughters computer has the svchost trojan and malware bytes cannot remove it. It is causing google results redirects and other problems. I have run dds and have included the results here. One question, why did McAfee let it on this computer, and why doesn't it detect it?

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by kaelynn at 23:50:17 on 2012-03-27

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1787.325 [GMT -7:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Windows\system32\rundll32.exe

C:\Windows\Explorer.EXE

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\Drivers\WTSRV.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

-netsvcs

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\McAfee\MAT\McPvTray.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\System32\spool\drivers\x64\3\E_IATIGYA.EXE

C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Windows\SysWOW64\WTClient.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe

C:\Program Files\Realtek\RtVOsd\RtVOsd.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\DllHost.exe

c:\PROGRA~2\mcafee\SITEAD~1\saui.exe

C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe

C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe

C:\Windows\System32\dinotify.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\Common Files\McAfee\Core\mchost.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120103172319.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [Artisan 720(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGYA.EXE /FU "C:\Windows\TEMP\E_S817F.tmp" /EF "HKCU"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [WTClient] WTClient.exe

mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

StartupFolder: C:\Users\kaelynn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{D3C7AE77-97DB-4AB0-9A8D-64487E71A77B} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{D3C7AE77-97DB-4AB0-9A8D-64487E71A77B}\672756E696 : DhcpNameServer = 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120103172319.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun-x64: [WTClient] WTClient.exe

mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]

R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]

R0 McPvDrv;McPvDrv Driver;C:\Windows\system32\drivers\McPvDrv.sys --> C:\Windows\system32\drivers\McPvDrv.sys [?]

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]

R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

S3 LVUVC64;QuickCam for Notebooks Deluxe(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

.

=============== Created Last 30 ================

.

2012-03-28 05:08:47 20480 ------w- C:\Windows\svchost.exe

2012-03-28 02:45:03 -------- d-----w- C:\35b90b9ae621dcb593efe88bb930

2012-03-28 02:39:19 3993600 ----a-w- C:\Program Files (x86)\GUTDBBB.tmp

2012-03-28 02:39:19 -------- d-----w- C:\Program Files (x86)\GUMDBAB.tmp

2012-03-26 02:07:41 -------- d-----w- C:\Sun

2012-03-25 16:17:13 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-03-25 15:42:15 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-25 15:42:14 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-03-25 05:43:59 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-25 05:41:59 29808 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2012-03-25 02:54:38 -------- d-----w- C:\Users\kaelynn\AppData\Roaming\Malwarebytes

2012-03-25 02:54:00 -------- d-----w- C:\ProgramData\Malwarebytes

2012-03-25 02:53:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-03-24 17:41:23 5120 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\3E8.tmp

2012-03-24 17:41:23 5120 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\3E7.tmp

2012-03-17 04:08:48 -------- d-----w- C:\15917585ff42290acc083d07979c

2012-03-17 01:16:13 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-03-05 06:03:29 -------- d--h--w- C:\Users\kaelynn\AppData\Local\{F4E5D84E-2580-40E3-820B-F7B3FA2D451D}

.

==================== Find3M ====================

.

2012-03-28 02:53:24 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl

2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

.

============= FINISH: 23:53:32.92 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 6/14/2011 11:21:30 AM

System Uptime: 3/27/2012 10:29:59 PM (1 hours ago)

.

Motherboard: Hewlett-Packard | | 1444

Processor: AMD Athlon II P360 Dual-Core Processor | Socket S1G4 | 782/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 213 GiB total, 150.575 GiB free.

D: is FIXED (NTFS) - 19 GiB total, 2.782 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP72: 3/8/2012 5:25:17 PM - Windows Update

RP74: 3/16/2012 9:07:47 PM - Windows Update

RP75: 3/18/2012 3:17:05 PM - Windows Update

RP76: 3/24/2012 8:53:48 PM - Restore Operation

RP77: 3/25/2012 8:42:58 AM - Windows Update

RP78: 3/26/2012 6:16:32 PM - Windows Update

RP79: 3/27/2012 7:36:35 PM - Windows Update

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader 9.4.5 MUI

Adobe Shockwave Player 11.5

Agatha Christie - Peril at End House

Apple Application Support

Apple Software Update

Atheros Driver Installation Program

Bejeweled 2 Deluxe

Blackhawk Striker 2

Blasterball 3

Blio

Bounce Symphony

Build-a-lot 2

Cake Mania

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Chuzzle Deluxe

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Compaq Setup Manager

CyberLink DVD Suite

CyberLink MediaShow

CyberLink PowerDVD 9

CyberLink YouCam

D3DX10

Diner Dash 2 Restaurant Rescue

Dora's World Adventure

Energy Star Digital Logo

Epson Event Manager

Epson Print CD

EPSON Scan

EpsonNet Print

EpsonNet Setup 3.3

Escape Rosecliff Island

ESU for Microsoft Windows 7

Farm Frenzy

FATE

Final Drive Nitro

Google Toolbar for Internet Explorer

Google Update Helper

Heroes of Hellas 2 - Olympia

Hewlett-Packard ACLM.NET v1.1.2.0

HP CloudDrive

HP Customer Experience Enhancements

HP Deskjet 1050 J410 series Help

HP Documentation

HP Game Console

HP Games

HP MovieStore

HP Photo Creations

HP Power Manager

HP Quick Launch

HP Setup

HP Software Framework

HP Support Assistant

Java Auto Updater

Java 6 Update 31

Jewel Quest Solitaire 2

Junk Mail filter update

LabelPrint

Malwarebytes Anti-Malware version 1.60.1.1000

Manga Studio Debut 3.0

McAfee Total Protection

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft WSE 3.0 Runtime

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyScript Notes for U

Mystery P.I. - The London Caper

Norton Online Backup

Penguins!

PhotoNow!

PictureMover

Pinnacle Instant DVD Recorder

Pinnacle Studio 12

Plants vs. Zombies

PlayReady PC Runtime x86

Poker Superstars III

Polar Bowler

Polar Golfer

Power2Go

PowerDirector

QuickTime

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Recovery Manager

RoxioNow Player

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Serif DrawPlus X4

Skype Click to Call

Skype™ 5.5

SureThing Express Labeler

Times Reader

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Virtual Families

Virtual Villagers 4 - The Tree of Life

Wheel of Fortune 2

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

3/27/2012 11:47:45 PM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 2 time(s).

3/27/2012 11:47:45 PM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/27/2012 11:47:45 PM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/27/2012 11:47:45 PM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/27/2012 11:47:45 PM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/27/2012 11:47:45 PM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/27/2012 11:47:45 PM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/27/2012 11:35:36 PM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/27/2012 11:35:36 PM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/27/2012 11:35:36 PM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/27/2012 11:35:36 PM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/27/2012 11:35:36 PM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/27/2012 11:35:35 PM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).

3/27/2012 11:35:35 PM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/27/2012 10:30:33 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035cda9a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032712-22276-01.

3/27/2012 10:13:09 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x000000007fefa7d0, 0x0000000000000002, 0x0000000000000001, 0xfffff800032b9ab5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032712-54413-01.

3/27/2012 10:07:58 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003579a9a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032712-78998-01.

3/26/2012 7:28:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RtVOsdService service.

3/26/2012 6:19:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee VirusScan Announcer service, but this action failed with the following error: An instance of the service is already running.

3/26/2012 6:19:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Services service, but this action failed with the following error: An instance of the service is already running.

3/26/2012 6:19:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Personal Firewall Service service, but this action failed with the following error: An instance of the service is already running.

3/26/2012 6:17:10 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2639308).

3/25/2012 9:37:40 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x0000000000000020, 0xfffffa8001570c50, 0xfffffa8001570cb0, 0x0000000004060004). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032512-33009-01.

3/25/2012 7:34:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

3/25/2012 6:42:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003266f6b, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032512-29203-01.

3/25/2012 11:52:01 AM, Error: Service Control Manager [7034] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 3 time(s).

3/25/2012 11:52:01 AM, Error: Service Control Manager [7034] - The McAfee Services service terminated unexpectedly. It has done this 3 time(s).

3/25/2012 11:52:01 AM, Error: Service Control Manager [7034] - The McAfee Proxy Service service terminated unexpectedly. It has done this 3 time(s).

3/25/2012 11:52:01 AM, Error: Service Control Manager [7034] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 3 time(s).

3/25/2012 11:52:01 AM, Error: Service Control Manager [7034] - The McAfee Network Agent service terminated unexpectedly. It has done this 3 time(s).

3/25/2012 11:52:01 AM, Error: Service Control Manager [7034] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 3 time(s).

3/24/2012 7:55:51 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

3/24/2012 7:46:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

3/24/2012 7:43:13 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

3/24/2012 7:42:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

3/24/2012 7:42:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

3/24/2012 7:42:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

3/24/2012 7:42:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

3/24/2012 7:42:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

3/24/2012 7:42:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

3/24/2012 7:42:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

3/24/2012 7:42:21 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

3/24/2012 7:42:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800032bf045). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032412-45287-01.

3/24/2012 7:42:20 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

3/24/2012 7:42:20 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

3/24/2012 7:42:20 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

3/24/2012 7:42:20 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

3/24/2012 7:42:19 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/24/2012 7:42:19 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

3/24/2012 7:42:19 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

3/24/2012 7:42:19 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

3/24/2012 7:42:19 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

3/24/2012 7:42:19 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

3/24/2012 7:42:19 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/24/2012 7:42:19 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.

3/24/2012 7:42:19 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.

3/24/2012 7:42:19 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/24/2012 7:42:19 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

3/24/2012 7:42:19 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

3/24/2012 7:00:46 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff8000330c045). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032412-33477-01.

3/24/2012 11:24:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80003301ab5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032412-37487-01.

3/24/2012 10:36:45 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

3/24/2012 10:36:14 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

3/24/2012 10:36:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

3/24/2012 10:33:52 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..

3/24/2012 1:21:09 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035be7da, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032412-21075-01.

3/22/2012 3:39:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

.

==== End Of File ===========================

Thank you

MrCharlie · March 29, 2012

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

thanatos65 · March 30, 2012

Thank you Mr.C Here is the report from RogueKiller:

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: kaelynn [Admin rights]

Mode: Scan -- Date: 03/29/2012 18:26:11

¤¤¤ Bad processes: 1 ¤¤¤

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 3 ¤¤¤

[bLACKLIST DLL] HKLM\[...]\Wow6432Node\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD25 00BEKT-60PVMT0 SATA Disk Device +++++

--- User ---

[MBR] 94f3f960ac6e8172bc7abebb3305d3d1

[bSP] bd4fd0c41927a58dcdacb2a5a2dc702b : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 218546 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 447991808 | Size: 19625 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 488183808 | Size: 103 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

If you don't mind, a quick question McAfee is SiteAdvisor ( or whatever it is called) is blocking my downloads of the programs that are being recommended to fix this mess. Is there a way to turn it off for now? If not I'll just keep downloading them on my tablet and copying them over.

Thanks again.

MrCharlie · March 30, 2012

Check this link:

http://www.ehow.com/...iteadvisor.html

I also found this:

Internet Explorer Users:

Launch Internet Explorer, click the "Tools" menu located on the top and then click "Manage Add-ons" to launch the browser add-ons management window.

Click the "Enable or Disable Add-ons" option in the management window. Scroll down, click "McAfee SiteAdvisor BHO," and "McAfee SiteAdvisor Toolbar" (one at a time) and then click "Disable." Internet Explorer disables the browser plug-in.

Close and restart your Web browser for the changes to take effect.

Firefox Users:

Launch Firefox, click the "Tools" menu on the top of your browser and then click "Add-ons" to launch the add-on management window.

Select the "Extensions" tab. You should see a list of the add-ons in your web browser. Scroll down, click "McAfee SiteAdvisor" and then click "Disable." Firefox disables the browser plug-in.

Close and relaunch your Web browser for the changes to take effect.

----------------------------------------------

Next.....

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

thanatos65 · March 31, 2012

OK, program run, computer seems to be more responsive. Here is the report:

22:26:53.0363 4688 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18

22:26:55.0407 4688 ============================================================

22:26:55.0407 4688 Current date / time: 2012/03/30 22:26:55.0407

22:26:55.0407 4688 SystemInfo:

22:26:55.0407 4688

22:26:55.0407 4688 OS Version: 6.1.7601 ServicePack: 1.0

22:26:55.0407 4688 Product type: Workstation

22:26:55.0407 4688 ComputerName: PSYCH

22:26:55.0407 4688 UserName: kaelynn

22:26:55.0407 4688 Windows directory: C:\Windows

22:26:55.0407 4688 System windows directory: C:\Windows

22:26:55.0407 4688 Running under WOW64

22:26:55.0407 4688 Processor architecture: Intel x64

22:26:55.0407 4688 Number of processors: 2

22:26:55.0407 4688 Page size: 0x1000

22:26:55.0407 4688 Boot type: Normal boot

22:26:55.0407 4688 ============================================================

22:27:05.0406 4688 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

22:27:05.0500 4688 \Device\Harddisk0\DR0:

22:27:05.0640 4688 MBR used

22:27:05.0640 4688 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

22:27:05.0640 4688 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1AAD9000

22:27:05.0640 4688 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1AB3D000, BlocksNum 0x2654800

22:27:05.0640 4688 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970

22:27:06.0405 4688 Initialize success

22:27:06.0405 4688 ============================================================

22:27:40.0772 5984 ============================================================

22:27:40.0772 5984 Scan started

22:27:40.0772 5984 Mode: Manual; SigCheck; TDLFS;

22:27:40.0772 5984 ============================================================

22:27:45.0498 5984 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

22:27:46.0013 5984 1394ohci - ok

22:27:46.0216 5984 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

22:27:46.0278 5984 ACPI - ok

22:27:46.0388 5984 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

22:27:46.0700 5984 AcpiPmi - ok

22:27:46.0746 5984 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

22:27:46.0809 5984 adp94xx - ok

22:27:46.0965 5984 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

22:27:46.0996 5984 adpahci - ok

22:27:47.0121 5984 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

22:27:47.0152 5984 adpu320 - ok

22:27:47.0214 5984 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

22:27:47.0682 5984 AeLookupSvc - ok

22:27:47.0854 5984 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

22:27:48.0010 5984 AERTFilters - ok

22:27:48.0260 5984 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

22:27:48.0416 5984 AFD - ok

22:27:48.0572 5984 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

22:27:48.0618 5984 agp440 - ok

22:27:48.0681 5984 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

22:27:48.0837 5984 ALG - ok

22:27:48.0962 5984 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

22:27:49.0008 5984 aliide - ok

22:27:49.0133 5984 AMD External Events Utility (09fcd2c758f1ad3df931ab9d944fe348) C:\Windows\system32\atiesrxx.exe

22:27:49.0664 5984 AMD External Events Utility - ok

22:27:49.0898 5984 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

22:27:49.0913 5984 amdide - ok

22:27:49.0976 5984 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

22:27:50.0085 5984 AmdK8 - ok

22:27:50.0366 5984 amdkmdag (2e76d0a912ab09ca5586ab23e466a25f) C:\Windows\system32\DRIVERS\atikmdag.sys

22:27:51.0114 5984 amdkmdag - ok

22:27:51.0255 5984 amdkmdap (dd3c0c1b62da0736482501c4bcdcd1f8) C:\Windows\system32\DRIVERS\atikmpag.sys

22:27:51.0504 5984 amdkmdap - ok

22:27:51.0582 5984 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

22:27:51.0629 5984 AmdPPM - ok

22:27:51.0692 5984 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

22:27:51.0848 5984 amdsata - ok

22:27:51.0879 5984 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

22:27:51.0910 5984 amdsbs - ok

22:27:51.0988 5984 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

22:27:51.0988 5984 amdxata - ok

22:27:52.0035 5984 amd_sata (08e8a4172c57abd7693a6915cf1e7a99) C:\Windows\system32\DRIVERS\amd_sata.sys

22:27:52.0113 5984 amd_sata - ok

22:27:52.0128 5984 amd_xata (9866af4e4ad7f16e810b6c0b8473f9cd) C:\Windows\system32\DRIVERS\amd_xata.sys

22:27:52.0144 5984 amd_xata - ok

22:27:52.0222 5984 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

22:27:52.0596 5984 AppID - ok

22:27:52.0674 5984 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

22:27:52.0877 5984 AppIDSvc - ok

22:27:52.0955 5984 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

22:27:53.0298 5984 Appinfo - ok

22:27:53.0439 5984 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

22:27:53.0454 5984 Apple Mobile Device - ok

22:27:53.0548 5984 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

22:27:53.0610 5984 arc - ok

22:27:53.0642 5984 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

22:27:53.0704 5984 arcsas - ok

22:27:53.0782 5984 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

22:27:54.0000 5984 AsyncMac - ok

22:27:54.0063 5984 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

22:27:54.0094 5984 atapi - ok

22:27:54.0671 5984 athr (40734f3a5eec4c4ac6a1faf10b293714) C:\Windows\system32\DRIVERS\athrx.sys

22:27:55.0108 5984 athr - ok

22:27:55.0233 5984 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys

22:27:55.0326 5984 AtiHdmiService - ok

22:27:55.0389 5984 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys

22:27:55.0404 5984 AtiPcie - ok

22:27:55.0529 5984 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

22:27:55.0685 5984 AudioEndpointBuilder - ok

22:27:55.0701 5984 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

22:27:55.0748 5984 AudioSrv - ok

22:27:55.0826 5984 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

22:27:56.0153 5984 AxInstSV - ok

22:27:56.0262 5984 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

22:27:56.0465 5984 b06bdrv - ok

22:27:56.0996 5984 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

22:27:57.0136 5984 b57nd60a - ok

22:27:57.0479 5984 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

22:27:57.0729 5984 BDESVC - ok

22:27:57.0963 5984 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

22:27:58.0103 5984 Beep - ok

22:27:58.0618 5984 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

22:27:58.0790 5984 BFE - ok

22:27:58.0899 5984 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

22:27:59.0055 5984 BITS - ok

22:27:59.0117 5984 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

22:27:59.0180 5984 blbdrive - ok

22:27:59.0398 5984 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

22:27:59.0414 5984 Bonjour Service - ok

22:27:59.0538 5984 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

22:27:59.0601 5984 bowser - ok

22:27:59.0710 5984 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

22:27:59.0835 5984 BrFiltLo - ok

22:27:59.0850 5984 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

22:28:00.0100 5984 BrFiltUp - ok

22:28:00.0147 5984 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

22:28:00.0365 5984 Browser - ok

22:28:00.0443 5984 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

22:28:00.0521 5984 Brserid - ok

22:28:00.0568 5984 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

22:28:00.0615 5984 BrSerWdm - ok

22:28:00.0662 5984 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

22:28:00.0708 5984 BrUsbMdm - ok

22:28:00.0755 5984 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

22:28:00.0833 5984 BrUsbSer - ok

22:28:00.0989 5984 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

22:28:01.0036 5984 BTHMODEM - ok

22:28:01.0083 5984 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

22:28:01.0192 5984 bthserv - ok

22:28:01.0239 5984 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

22:28:01.0332 5984 cdfs - ok

22:28:01.0442 5984 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

22:28:01.0566 5984 cdrom - ok

22:28:01.0785 5984 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

22:28:01.0988 5984 CertPropSvc - ok

22:28:02.0144 5984 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys

22:28:02.0222 5984 cfwids - ok

22:28:02.0284 5984 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

22:28:02.0331 5984 circlass - ok

22:28:02.0378 5984 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

22:28:02.0409 5984 CLFS - ok

22:28:02.0471 5984 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:28:02.0502 5984 clr_optimization_v2.0.50727_32 - ok

22:28:02.0534 5984 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

22:28:02.0565 5984 clr_optimization_v2.0.50727_64 - ok

22:28:02.0877 5984 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

22:28:02.0955 5984 clr_optimization_v4.0.30319_32 - ok

22:28:03.0048 5984 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

22:28:03.0064 5984 clr_optimization_v4.0.30319_64 - ok

22:28:03.0173 5984 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys

22:28:03.0251 5984 clwvd - ok

22:28:03.0314 5984 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

22:28:03.0392 5984 CmBatt - ok

22:28:03.0438 5984 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

22:28:03.0454 5984 cmdide - ok

22:28:03.0501 5984 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

22:28:03.0579 5984 CNG - ok

22:28:03.0657 5984 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

22:28:03.0688 5984 Compbatt - ok

22:28:03.0766 5984 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

22:28:03.0891 5984 CompositeBus - ok

22:28:04.0203 5984 COMSysApp - ok

22:28:04.0296 5984 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

22:28:04.0359 5984 crcdisk - ok

22:28:04.0858 5984 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

22:28:05.0154 5984 CryptSvc - ok

22:28:05.0373 5984 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

22:28:05.0654 5984 cvhsvc - ok

22:28:06.0231 5984 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

22:28:06.0761 5984 DcomLaunch - ok

22:28:07.0182 5984 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

22:28:07.0292 5984 defragsvc - ok

22:28:07.0822 5984 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

22:28:07.0947 5984 DfsC - ok

22:28:08.0415 5984 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

22:28:08.0664 5984 Dhcp - ok

22:28:09.0616 5984 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

22:28:09.0944 5984 discache - ok

22:28:10.0661 5984 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

22:28:10.0692 5984 Disk - ok

22:28:11.0223 5984 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

22:28:11.0675 5984 Dnscache - ok

22:28:12.0252 5984 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

22:28:12.0689 5984 dot3svc - ok

22:28:13.0298 5984 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

22:28:13.0953 5984 DPS - ok

22:28:14.0702 5984 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

22:28:15.0076 5984 drmkaud - ok

22:28:15.0794 5984 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

22:28:15.0965 5984 DXGKrnl - ok

22:28:16.0168 5984 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

22:28:16.0293 5984 EapHost - ok

22:28:17.0073 5984 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

22:28:17.0712 5984 ebdrv - ok

22:28:18.0539 5984 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

22:28:19.0194 5984 EFS - ok

22:28:19.0538 5984 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

22:28:19.0818 5984 ehRecvr - ok

22:28:19.0974 5984 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

22:28:20.0037 5984 ehSched - ok

22:28:20.0427 5984 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

22:28:20.0754 5984 elxstor - ok

22:28:21.0503 5984 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

22:28:21.0862 5984 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning

22:28:21.0862 5984 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)

22:28:22.0174 5984 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

22:28:22.0346 5984 ErrDev - ok

22:28:23.0609 5984 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

22:28:23.0828 5984 EventSystem - ok

22:28:24.0420 5984 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

22:28:24.0608 5984 exfat - ok

22:28:25.0731 5984 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

22:28:25.0918 5984 fastfat - ok

22:28:26.0745 5984 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

22:28:27.0228 5984 Fax - ok

22:28:27.0696 5984 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

22:28:27.0759 5984 fdc - ok

22:28:28.0055 5984 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

22:28:28.0180 5984 fdPHost - ok

22:28:28.0289 5984 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

22:28:28.0476 5984 FDResPub - ok

22:28:28.0960 5984 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

22:28:29.0038 5984 FileInfo - ok

22:28:29.0163 5984 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

22:28:29.0475 5984 Filetrace - ok

22:28:30.0005 5984 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

22:28:30.0068 5984 flpydisk - ok

22:28:30.0239 5984 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

22:28:30.0302 5984 FltMgr - ok

22:28:30.0692 5984 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

22:28:31.0160 5984 FontCache - ok

22:28:31.0284 5984 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

22:28:31.0394 5984 FontCache3.0.0.0 - ok

22:28:31.0503 5984 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

22:28:31.0518 5984 FsDepends - ok

22:28:31.0550 5984 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

22:28:31.0612 5984 Fs_Rec - ok

22:28:31.0752 5984 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

22:28:31.0768 5984 fvevol - ok

22:28:31.0846 5984 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

22:28:31.0877 5984 gagp30kx - ok

22:28:31.0971 5984 GameConsoleService (d154305de6090e6e84e525f84bb08a06) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

22:28:32.0127 5984 GameConsoleService - ok

22:28:32.0252 5984 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

22:28:32.0330 5984 GEARAspiWDM - ok

22:28:32.0439 5984 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

22:28:32.0720 5984 gpsvc - ok

22:28:33.0078 5984 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

22:28:33.0141 5984 gupdate - ok

22:28:33.0188 5984 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

22:28:33.0203 5984 gupdatem - ok

22:28:33.0281 5984 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

22:28:33.0297 5984 gusvc - ok

22:28:33.0593 5984 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

22:28:33.0812 5984 hcw85cir - ok

22:28:34.0404 5984 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

22:28:34.0857 5984 HdAudAddService - ok

22:28:35.0262 5984 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

22:28:35.0465 5984 HDAudBus - ok

22:28:35.0543 5984 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

22:28:35.0606 5984 HidBatt - ok

22:28:35.0715 5984 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

22:28:35.0777 5984 HidBth - ok

22:28:35.0824 5984 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

22:28:35.0886 5984 HidIr - ok

22:28:35.0933 5984 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

22:28:36.0027 5984 hidserv - ok

22:28:36.0089 5984 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

22:28:36.0198 5984 HidUsb - ok

22:28:36.0308 5984 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

22:28:36.0479 5984 hkmsvc - ok

22:28:36.0573 5984 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

22:28:36.0744 5984 HomeGroupListener - ok

22:28:37.0041 5984 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

22:28:37.0072 5984 HomeGroupProvider - ok

22:28:37.0353 5984 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

22:28:37.0384 5984 HP Support Assistant Service - ok

22:28:37.0602 5984 HP Wireless Assistant Service (c930128c8f8ff03d8f8c42b570920d56) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

22:28:37.0712 5984 HP Wireless Assistant Service - ok

22:28:37.0774 5984 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

22:28:37.0946 5984 HPClientSvc - ok

22:28:38.0164 5984 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

22:28:38.0195 5984 HPDrvMntSvc.exe - ok

22:28:38.0382 5984 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

22:28:38.0460 5984 hpqwmiex - ok

22:28:38.0835 5984 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

22:28:39.0116 5984 HpSAMD - ok

22:28:39.0552 5984 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

22:28:39.0615 5984 HPWMISVC - ok

22:28:39.0833 5984 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

22:28:39.0958 5984 HTTP - ok

22:28:40.0208 5984 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

22:28:40.0223 5984 hwpolicy - ok

22:28:40.0317 5984 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

22:28:40.0364 5984 i8042prt - ok

22:28:40.0644 5984 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

22:28:40.0769 5984 iaStorV - ok

22:28:40.0894 5984 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

22:28:41.0128 5984 idsvc - ok

22:28:41.0955 5984 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys

22:28:42.0236 5984 igfx - ok

22:28:42.0423 5984 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

22:28:42.0454 5984 iirsp - ok

22:28:42.0563 5984 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

22:28:42.0782 5984 IKEEXT - ok

22:28:42.0922 5984 IntcAzAudAddService (d311e2dd59a34079d89c249b2a4d9fdb) C:\Windows\system32\drivers\RTKVHD64.sys

22:28:43.0109 5984 IntcAzAudAddService - ok

22:28:43.0156 5984 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

22:28:43.0172 5984 intelide - ok

22:28:43.0328 5984 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

22:28:43.0406 5984 intelppm - ok

22:28:43.0484 5984 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

22:28:43.0577 5984 IPBusEnum - ok

22:28:43.0671 5984 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:28:43.0858 5984 IpFilterDriver - ok

22:28:43.0998 5984 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

22:28:44.0279 5984 iphlpsvc - ok

22:28:44.0513 5984 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

22:28:44.0919 5984 IPMIDRV - ok

22:28:45.0059 5984 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

22:28:45.0231 5984 IPNAT - ok

22:28:45.0839 5984 iPod Service (d38469601b72d2da4f847fc642174e21) C:\Program Files\iPod\bin\iPodService.exe

22:28:45.0870 5984 iPod Service - ok

22:28:46.0214 5984 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

22:28:46.0416 5984 IRENUM - ok

22:28:46.0744 5984 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

22:28:46.0806 5984 isapnp - ok

22:28:46.0900 5984 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

22:28:47.0072 5984 iScsiPrt - ok

22:28:47.0181 5984 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

22:28:47.0212 5984 kbdclass - ok

22:28:47.0508 5984 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

22:28:47.0727 5984 kbdhid - ok

22:28:47.0898 5984 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

22:28:47.0930 5984 KeyIso - ok

22:28:48.0008 5984 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

22:28:48.0039 5984 KSecDD - ok

22:28:48.0242 5984 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

22:28:48.0273 5984 KSecPkg - ok

22:28:49.0022 5984 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

22:28:49.0131 5984 ksthunk - ok

22:28:49.0302 5984 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

22:28:49.0536 5984 KtmRm - ok

22:28:49.0880 5984 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

22:28:50.0582 5984 LanmanServer - ok

22:28:50.0769 5984 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

22:28:51.0034 5984 LanmanWorkstation - ok

22:28:51.0486 5984 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

22:28:51.0596 5984 lltdio - ok

22:28:51.0705 5984 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

22:28:51.0954 5984 lltdsvc - ok

22:28:52.0095 5984 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

22:28:52.0407 5984 lmhosts - ok

22:28:52.0516 5984 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

22:28:52.0547 5984 LSI_FC - ok

22:28:52.0875 5984 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

22:28:52.0937 5984 LSI_SAS - ok

22:28:53.0249 5984 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

22:28:53.0296 5984 LSI_SAS2 - ok

22:28:53.0514 5984 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

22:28:53.0546 5984 LSI_SCSI - ok

22:28:53.0655 5984 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

22:28:53.0936 5984 luafv - ok

22:28:54.0513 5984 lvpopf64 (b2085e335f2b57077b0cbadb6f1245cd) C:\Windows\system32\DRIVERS\lvpopf64.sys

22:28:54.0653 5984 lvpopf64 - ok

22:28:54.0778 5984 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys

22:28:54.0809 5984 LVPr2M64 - ok

22:28:54.0856 5984 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys

22:28:54.0903 5984 LVPr2Mon - ok

22:28:55.0059 5984 LVPrcS64 (a35679e56e78091e1042a2d7adbf2958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

22:28:55.0137 5984 LVPrcS64 - ok

22:28:55.0324 5984 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys

22:28:55.0464 5984 LVRS64 - ok

22:28:57.0368 5984 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys

22:28:58.0116 5984 LVUVC64 - ok

22:28:58.0600 5984 MarvinBus (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys

22:28:58.0974 5984 MarvinBus - ok

22:28:59.0645 5984 mbamchameleon (51914228d4b9610fba24f249c0fdd871) C:\Windows\system32\drivers\mbamchameleon.sys

22:28:59.0895 5984 mbamchameleon - ok

22:29:00.0238 5984 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

22:29:00.0332 5984 McAfee SiteAdvisor Service - ok

22:29:01.0034 5984 McAWFwk (f48571922079bbab289c57bafefe88f3) c:\PROGRA~1\mcafee\msc\mcawfwk.exe

22:29:01.0361 5984 McAWFwk - ok

22:29:02.0048 5984 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

22:29:02.0094 5984 McMPFSvc - ok

22:29:03.0140 5984 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

22:29:03.0374 5984 mcmscsvc - ok

22:29:03.0514 5984 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

22:29:03.0608 5984 McNaiAnn - ok

22:29:03.0686 5984 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

22:29:03.0717 5984 McNASvc - ok

22:29:04.0107 5984 McODS (07b89e7de2f7971cf7eef0262207c4de) C:\Program Files\McAfee\VirusScan\mcods.exe

22:29:04.0278 5984 McODS - ok

22:29:04.0637 5984 McOobeSv (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

22:29:04.0684 5984 McOobeSv - ok

22:29:04.0871 5984 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

22:29:04.0934 5984 McProxy - ok

22:29:05.0386 5984 McPvDrv (a0c364079e7ae6c3127bee8e196f00e5) C:\Windows\system32\drivers\McPvDrv.sys

22:29:05.0433 5984 McPvDrv - ok

22:29:05.0714 5984 McShield (325b166bf78d8a8ad93e44ca7a6fc332) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

22:29:05.0948 5984 McShield - ok

22:29:06.0182 5984 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

22:29:06.0275 5984 Mcx2Svc - ok

22:29:06.0696 5984 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

22:29:06.0790 5984 megasas - ok

22:29:07.0274 5984 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

22:29:07.0320 5984 MegaSR - ok

22:29:08.0038 5984 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys

22:29:08.0241 5984 mfeapfk - ok

22:29:09.0395 5984 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys

22:29:09.0567 5984 mfeavfk - ok

22:29:10.0035 5984 mfeavfk01 - ok

22:29:10.0440 5984 mfefire (7d8fdc43972d059907e09ee4022f77e8) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

22:29:10.0518 5984 mfefire - ok

22:29:11.0642 5984 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys

22:29:11.0907 5984 mfefirek - ok

22:29:12.0999 5984 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys

22:29:13.0046 5984 mfehidk - ok

22:29:13.0311 5984 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys

22:29:13.0592 5984 mfenlfk - ok

22:29:14.0060 5984 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys

22:29:14.0247 5984 mferkdet - ok

22:29:15.0354 5984 mfevtp (8a78905057308b084eaa29a9fe1b4f58) C:\Windows\system32\mfevtps.exe

22:29:15.0588 5984 mfevtp - ok

22:29:15.0978 5984 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys

22:29:16.0010 5984 mfewfpk - ok

22:29:16.0275 5984 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

22:29:16.0368 5984 MMCSS - ok

22:29:16.0680 5984 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

22:29:16.0821 5984 Modem - ok

22:29:17.0024 5984 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

22:29:17.0133 5984 monitor - ok

22:29:17.0476 5984 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

22:29:17.0570 5984 mouclass - ok

22:29:17.0960 5984 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

22:29:18.0022 5984 mouhid - ok

22:29:18.0100 5984 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

22:29:18.0147 5984 mountmgr - ok

22:29:18.0256 5984 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

22:29:18.0381 5984 mpio - ok

22:29:18.0474 5984 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

22:29:18.0537 5984 mpsdrv - ok

22:29:18.0677 5984 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

22:29:18.0771 5984 MpsSvc - ok

22:29:18.0833 5984 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

22:29:19.0020 5984 MRxDAV - ok

22:29:19.0098 5984 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

22:29:19.0192 5984 mrxsmb - ok

22:29:19.0239 5984 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:29:19.0286 5984 mrxsmb10 - ok

22:29:19.0442 5984 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:29:19.0473 5984 mrxsmb20 - ok

22:29:19.0676 5984 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

22:29:19.0691 5984 msahci - ok

22:29:19.0785 5984 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

22:29:19.0910 5984 msdsm - ok

22:29:19.0956 5984 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

22:29:20.0034 5984 MSDTC - ok

22:29:20.0128 5984 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

22:29:20.0237 5984 Msfs - ok

22:29:20.0284 5984 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

22:29:20.0409 5984 mshidkmdf - ok

22:29:20.0580 5984 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

22:29:20.0861 5984 msisadrv - ok

22:29:20.0924 5984 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

22:29:21.0080 5984 MSiSCSI - ok

22:29:21.0111 5984 msiserver - ok

22:29:21.0236 5984 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

22:29:21.0267 5984 MSK80Service - ok

22:29:21.0392 5984 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

22:29:21.0470 5984 MSKSSRV - ok

22:29:21.0501 5984 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

22:29:21.0579 5984 MSPCLOCK - ok

22:29:21.0594 5984 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

22:29:21.0657 5984 MSPQM - ok

22:29:21.0719 5984 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

22:29:21.0750 5984 MsRPC - ok

22:29:21.0797 5984 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

22:29:21.0813 5984 mssmbios - ok

22:29:21.0906 5984 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

22:29:21.0969 5984 MSTEE - ok

22:29:22.0016 5984 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

22:29:22.0062 5984 MTConfig - ok

22:29:22.0094 5984 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

22:29:22.0109 5984 Mup - ok

22:29:22.0156 5984 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

22:29:22.0234 5984 napagent - ok

22:29:22.0484 5984 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

22:29:22.0546 5984 NativeWifiP - ok

22:29:22.0718 5984 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

22:29:22.0764 5984 NDIS - ok

22:29:23.0170 5984 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

22:29:23.0326 5984 NdisCap - ok

22:29:23.0466 5984 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

22:29:23.0544 5984 NdisTapi - ok

22:29:23.0732 5984 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

22:29:23.0888 5984 Ndisuio - ok

22:29:23.0981 5984 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

22:29:24.0184 5984 NdisWan - ok

22:29:24.0402 5984 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

22:29:24.0792 5984 NDProxy - ok

22:29:24.0964 5984 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

22:29:25.0073 5984 NetBIOS - ok

22:29:25.0120 5984 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

22:29:25.0245 5984 NetBT - ok

22:29:25.0401 5984 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

22:29:25.0463 5984 Netlogon - ok

22:29:25.0510 5984 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

22:29:25.0604 5984 Netman - ok

22:29:25.0682 5984 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

22:29:25.0822 5984 netprofm - ok

22:29:26.0352 5984 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

22:29:26.0446 5984 NetTcpPortSharing - ok

22:29:26.0898 5984 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

22:29:27.0179 5984 netw5v64 - ok

22:29:27.0242 5984 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

22:29:27.0257 5984 nfrd960 - ok

22:29:27.0351 5984 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

22:29:27.0554 5984 NlaSvc - ok

22:29:27.0694 5984 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

22:29:27.0788 5984 NOBU - ok

22:29:27.0928 5984 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

22:29:28.0006 5984 Npfs - ok

22:29:28.0069 5984 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

22:29:28.0147 5984 nsi - ok

22:29:28.0178 5984 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

22:29:28.0303 5984 nsiproxy - ok

22:29:28.0521 5984 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

22:29:28.0661 5984 Ntfs - ok

22:29:28.0739 5984 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

22:29:28.0895 5984 Null - ok

22:29:28.0942 5984 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

22:29:29.0161 5984 nvraid - ok

22:29:29.0223 5984 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

22:29:29.0363 5984 nvstor - ok

22:29:29.0410 5984 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

22:29:29.0441 5984 nv_agp - ok

22:29:29.0488 5984 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

22:29:29.0566 5984 ohci1394 - ok

22:29:29.0660 5984 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

22:29:29.0800 5984 ose - ok

22:29:30.0206 5984 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

22:29:30.0643 5984 osppsvc - ok

22:29:30.0736 5984 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

22:29:30.0830 5984 p2pimsvc - ok

22:29:30.0877 5984 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

22:29:30.0923 5984 p2psvc - ok

22:29:30.0986 5984 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

22:29:31.0033 5984 Parport - ok

22:29:31.0095 5984 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

22:29:31.0157 5984 partmgr - ok

22:29:31.0313 5984 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

22:29:31.0485 5984 PcaSvc - ok

22:29:31.0579 5984 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

22:29:31.0657 5984 pci - ok

22:29:31.0781 5984 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

22:29:31.0813 5984 pciide - ok

22:29:31.0844 5984 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

22:29:31.0953 5984 pcmcia - ok

22:29:32.0031 5984 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

22:29:32.0062 5984 pcw - ok

22:29:32.0171 5984 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

22:29:32.0468 5984 PEAUTH - ok

22:29:32.0624 5984 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

22:29:32.0671 5984 PerfHost - ok

22:29:32.0780 5984 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

22:29:33.0357 5984 pla - ok

22:29:33.0856 5984 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

22:29:34.0106 5984 PlugPlay - ok

22:29:34.0262 5984 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

22:29:34.0387 5984 PNRPAutoReg - ok

22:29:34.0511 5984 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

22:29:34.0558 5984 PNRPsvc - ok

22:29:34.0589 5984 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

22:29:34.0777 5984 PolicyAgent - ok

22:29:34.0870 5984 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

22:29:34.0948 5984 Power - ok

22:29:35.0073 5984 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

22:29:35.0323 5984 PptpMiniport - ok

22:29:35.0572 5984 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

22:29:35.0619 5984 Processor - ok

22:29:35.0666 5984 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

22:29:35.0884 5984 ProfSvc - ok

22:29:35.0978 5984 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

22:29:36.0025 5984 ProtectedStorage - ok

22:29:36.0524 5984 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

22:29:36.0851 5984 Psched - ok

22:29:37.0163 5984 PTSimBus (225d3660f926fe761bc8ce10c512aa02) C:\Windows\system32\DRIVERS\PTSimBus.sys

22:29:37.0647 5984 PTSimBus - ok

22:29:37.0943 5984 PTSimHid (bd2194786abaf4860f41118c0c103e7b) C:\Windows\system32\DRIVERS\PTSimHid.sys

22:29:38.0521 5984 PTSimHid - ok

22:29:39.0160 5984 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

22:29:39.0316 5984 ql2300 - ok

22:29:39.0425 5984 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

22:29:39.0457 5984 ql40xx - ok

22:29:39.0488 5984 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

22:29:39.0550 5984 QWAVE - ok

22:29:39.0597 5984 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

22:29:39.0675 5984 QWAVEdrv - ok

22:29:39.0815 5984 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

22:29:39.0893 5984 RasAcd - ok

22:29:40.0003 5984 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

22:29:40.0299 5984 RasAgileVpn - ok

22:29:40.0595 5984 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

22:29:40.0689 5984 RasAuto - ok

22:29:40.0970 5984 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

22:29:41.0765 5984 Rasl2tp - ok

22:29:42.0124 5984 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

22:29:42.0717 5984 RasMan - ok

22:29:42.0873 5984 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

22:29:43.0029 5984 RasPppoe - ok

22:29:43.0107 5984 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

22:29:43.0310 5984 RasSstp - ok

22:29:43.0513 5984 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

22:29:43.0637 5984 rdbss - ok

22:29:43.0684 5984 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

22:29:43.0731 5984 rdpbus - ok

22:29:43.0887 5984 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

22:29:43.0965 5984 RDPCDD - ok

22:29:44.0012 5984 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

22:29:44.0090 5984 RDPENCDD - ok

22:29:44.0121 5984 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

22:29:44.0215 5984 RDPREFMP - ok

22:29:44.0277 5984 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

22:29:44.0495 5984 RDPWD - ok

22:29:44.0776 5984 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

22:29:44.0932 5984 rdyboost - ok

22:29:45.0041 5984 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

22:29:45.0151 5984 RemoteAccess - ok

22:29:45.0182 5984 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

22:29:45.0260 5984 RemoteRegistry - ok

22:29:45.0369 5984 RoxioNow Service (c1568e17039b2ec2b73a4f880ddd51e5) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

22:29:45.0385 5984 RoxioNow Service - ok

22:29:45.0400 5984 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

22:29:45.0478 5984 RpcEptMapper - ok

22:29:45.0541 5984 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

22:29:45.0603 5984 RpcLocator - ok

22:29:45.0712 5984 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

22:29:45.0837 5984 RpcSs - ok

22:29:45.0915 5984 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

22:29:45.0962 5984 rspndr - ok

22:29:46.0009 5984 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys

22:29:46.0165 5984 RSUSBSTOR - ok

22:29:46.0227 5984 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys

22:29:46.0399 5984 RTL8167 - ok

22:29:46.0648 5984 RtVOsdService (4ea7e5df0cb237156176fa0349e6e87f) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe

22:29:46.0789 5984 RtVOsdService ( UnsignedFile.Multi.Generic ) - warning

22:29:46.0789 5984 RtVOsdService - detected UnsignedFile.Multi.Generic (1)

22:29:46.0867 5984 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

22:29:46.0898 5984 SamSs - ok

22:29:47.0007 5984 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

22:29:47.0147 5984 sbp2port - ok

22:29:47.0225 5984 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

22:29:47.0366 5984 SCardSvr - ok

22:29:47.0459 5984 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

22:29:47.0771 5984 scfilter - ok

22:29:47.0990 5984 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

22:29:48.0208 5984 Schedule - ok

22:29:48.0255 5984 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

22:29:48.0458 5984 SCPolicySvc - ok

22:29:48.0723 5984 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys

22:29:48.0957 5984 sdbus - ok

22:29:49.0347 5984 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

22:29:49.0565 5984 SDRSVC - ok

22:29:49.0690 5984 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

22:29:49.0924 5984 secdrv - ok

22:29:49.0987 5984 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

22:29:50.0423 5984 seclogon - ok

22:29:51.0578 5984 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

22:29:51.0718 5984 SENS - ok

22:29:51.0843 5984 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

22:29:51.0999 5984 SensrSvc - ok

22:29:52.0061 5984 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

22:29:52.0139 5984 Serenum - ok

22:29:52.0202 5984 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

22:29:52.0249 5984 Serial - ok

22:29:52.0358 5984 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

22:29:52.0561 5984 sermouse - ok

22:29:52.0701 5984 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

22:29:52.0919 5984 SessionEnv - ok

22:29:53.0465 5984 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

22:29:53.0902 5984 sffdisk - ok

22:29:54.0043 5984 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

22:29:54.0074 5984 sffp_mmc - ok

22:29:54.0105 5984 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

22:29:54.0277 5984 sffp_sd - ok

22:29:54.0386 5984 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

22:29:54.0417 5984 sfloppy - ok

22:29:54.0511 5984 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

22:29:54.0667 5984 Sftfs - ok

22:29:54.0994 5984 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

22:29:55.0166 5984 sftlist - ok

22:29:55.0400 5984 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

22:29:55.0603 5984 Sftplay - ok

22:29:56.0008 5984 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

22:29:56.0024 5984 Sftredir - ok

22:29:56.0039 5984 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

22:29:56.0180 5984 Sftvol - ok

22:29:56.0273 5984 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

22:29:56.0476 5984 sftvsa - ok

22:29:56.0882 5984 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

22:29:57.0053 5984 SharedAccess - ok

22:29:57.0709 5984 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

22:29:57.0943 5984 ShellHWDetection - ok

22:29:58.0255 5984 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

22:29:58.0270 5984 SiSRaid2 - ok

22:29:58.0660 5984 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

22:29:58.0925 5984 SiSRaid4 - ok

22:29:59.0191 5984 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

22:29:59.0300 5984 Smb - ok

22:29:59.0378 5984 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

22:29:59.0471 5984 SNMPTRAP - ok

22:29:59.0518 5984 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

22:29:59.0534 5984 spldr - ok

22:29:59.0581 5984 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

22:29:59.0737 5984 Spooler - ok

22:29:59.0955 5984 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

22:30:00.0251 5984 sppsvc - ok

22:30:00.0470 5984 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

22:30:00.0579 5984 sppuinotify - ok

22:30:00.0657 5984 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

22:30:00.0813 5984 srv - ok

22:30:01.0063 5984 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

22:30:01.0156 5984 srv2 - ok

22:30:01.0359 5984 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

22:30:01.0609 5984 SrvHsfHDA - ok

22:30:01.0671 5984 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

22:30:01.0827 5984 SrvHsfV92 - ok

22:30:01.0921 5984 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

22:30:01.0967 5984 SrvHsfWinac - ok

22:30:02.0061 5984 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

22:30:02.0170 5984 srvnet - ok

22:30:02.0248 5984 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

22:30:02.0326 5984 SSDPSRV - ok

22:30:02.0451 5984 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

22:30:02.0545 5984 SstpSvc - ok

22:30:02.0825 5984 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

22:30:02.0841 5984 stexstor - ok

22:30:03.0075 5984 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

22:30:03.0387 5984 stisvc - ok

22:30:03.0652 5984 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

22:30:03.0683 5984 swenum - ok

22:30:03.0761 5984 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

22:30:03.0933 5984 swprv - ok

22:30:05.0072 5984 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys

22:30:05.0477 5984 SynTP - ok

22:30:06.0164 5984 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

22:30:06.0445 5984 SysMain - ok

22:30:06.0538 5984 Tablet2k - ok

22:30:06.0585 5984 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

22:30:06.0866 5984 TabletInputService - ok

22:30:06.0991 5984 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

22:30:07.0193 5984 TapiSrv - ok

22:30:07.0381 5984 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

22:30:07.0443 5984 TBS - ok

22:30:08.0441 5984 TClass2k (530a7f0966493dd437e4342f12ccd63b) C:\Windows\system32\DRIVERS\TClass2k.sys

22:30:08.0629 5984 TClass2k - ok

22:30:09.0065 5984 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

22:30:09.0175 5984 Tcpip - ok

22:30:09.0721 5984 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

22:30:09.0783 5984 TCPIP6 - ok

22:30:09.0861 5984 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

22:30:10.0095 5984 tcpipreg - ok

22:30:10.0719 5984 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

22:30:11.0062 5984 TDPIPE - ok

22:30:11.0296 5984 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

22:30:11.0452 5984 TDTCP - ok

22:30:11.0499 5984 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

22:30:11.0749 5984 tdx - ok

22:30:11.0827 5984 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

22:30:11.0983 5984 TermDD - ok

22:30:12.0076 5984 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

22:30:12.0295 5984 TermService - ok

22:30:12.0388 5984 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

22:30:12.0451 5984 Themes - ok

22:30:12.0513 5984 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

22:30:12.0575 5984 THREADORDER - ok

22:30:12.0607 5984 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

22:30:12.0763 5984 TrkWks - ok

22:30:12.0965 5984 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

22:30:13.0043 5984 TrustedInstaller - ok

22:30:13.0168 5984 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

22:30:13.0324 5984 tssecsrv - ok

22:30:13.0387 5984 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

22:30:13.0574 5984 TsUsbFlt - ok

22:30:13.0667 5984 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

22:30:13.0839 5984 tunnel - ok

22:30:13.0886 5984 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

22:30:13.0901 5984 uagp35 - ok

22:30:13.0964 5984 UCTblHid (01662b4865fdb282677b11cf416757ce) C:\Windows\system32\DRIVERS\UCTblHid.sys

22:30:14.0151 5984 UCTblHid - ok

22:30:14.0198 5984 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

22:30:14.0525 5984 udfs - ok

22:30:14.0728 5984 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

22:30:14.0853 5984 UI0Detect - ok

22:30:14.0931 5984 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

22:30:14.0962 5984 uliagpkx - ok

22:30:15.0009 5984 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

22:30:15.0337 5984 umbus - ok

22:30:15.0961 5984 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

22:30:16.0085 5984 UmPass - ok

22:30:16.0429 5984 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

22:30:16.0631 5984 upnphost - ok

22:30:17.0115 5984 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

22:30:17.0349 5984 USBAAPL64 - ok

22:30:17.0786 5984 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

22:30:17.0911 5984 usbaudio - ok

22:30:18.0285 5984 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

22:30:18.0581 5984 usbccgp - ok

22:30:19.0018 5984 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

22:30:19.0190 5984 usbcir - ok

22:30:19.0517 5984 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

22:30:19.0736 5984 usbehci - ok

22:30:20.0017 5984 usbfilter (dc2b306861f42eeeb92ef525f4119f08) C:\Windows\system32\DRIVERS\usbfilter.sys

22:30:20.0110 5984 usbfilter - ok

22:30:20.0266 5984 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

22:30:20.0438 5984 usbhub - ok

22:30:20.0703 5984 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

22:30:21.0031 5984 usbohci - ok

22:30:21.0171 5984 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

22:30:21.0296 5984 usbprint - ok

22:30:21.0889 5984 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

22:30:22.0154 5984 usbscan - ok

22:30:22.0450 5984 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:30:22.0856 5984 USBSTOR - ok

22:30:23.0230 5984 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

22:30:23.0589 5984 usbuhci - ok

22:30:23.0963 5984 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

22:30:24.0307 5984 usbvideo - ok

22:30:24.0431 5984 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

22:30:24.0556 5984 UxSms - ok

22:30:24.0759 5984 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

22:30:24.0931 5984 VaultSvc - ok

22:30:25.0243 5984 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

22:30:25.0258 5984 vdrvroot - ok

22:30:25.0367 5984 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

22:30:25.0695 5984 vds - ok

22:30:26.0101 5984 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

22:30:26.0210 5984 vga - ok

22:30:26.0319 5984 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

22:30:26.0428 5984 VgaSave - ok

22:30:26.0475 5984 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

22:30:26.0569 5984 vhdmp - ok

22:30:26.0615 5984 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

22:30:26.0662 5984 viaide - ok

22:30:26.0756 5984 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

22:30:26.0771 5984 volmgr - ok

22:30:27.0021 5984 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

22:30:27.0208 5984 volmgrx - ok

22:30:27.0661 5984 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

22:30:27.0707 5984 volsnap - ok

22:30:28.0441 5984 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

22:30:28.0472 5984 vsmraid - ok

22:30:28.0612 5984 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

22:30:28.0893 5984 VSS - ok

22:30:29.0361 5984 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

22:30:29.0611 5984 vwifibus - ok

22:30:29.0751 5984 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

22:30:29.0891 5984 vwififlt - ok

22:30:30.0016 5984 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

22:30:30.0219 5984 W32Time - ok

22:30:30.0952 5984 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

22:30:31.0093 5984 WacomPen - ok

22:30:31.0857 5984 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

22:30:32.0731 5984 WANARP - ok

22:30:33.0121 5984 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

22:30:33.0698 5984 Wanarpv6 - ok

22:30:35.0164 5984 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

22:30:35.0710 5984 WatAdminSvc - ok

22:30:36.0116 5984 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

22:30:36.0428 5984 wbengine - ok

22:30:36.0553 5984 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

22:30:36.0584 5984 WbioSrvc - ok

22:30:36.0802 5984 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

22:30:37.0021 5984 wcncsvc - ok

22:30:37.0067 5984 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

22:30:37.0520 5984 WcsPlugInService - ok

22:30:37.0723 5984 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

22:30:37.0754 5984 Wd - ok

22:30:37.0832 5984 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

22:30:37.0879 5984 Wdf01000 - ok

22:30:38.0035 5984 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

22:30:38.0128 5984 WdiServiceHost - ok

22:30:38.0144 5984 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

22:30:38.0175 5984 WdiSystemHost - ok

22:30:38.0237 5984 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

22:30:38.0425 5984 WebClient - ok

22:30:38.0752 5984 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

22:30:38.0924 5984 Wecsvc - ok

22:30:39.0376 5984 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

22:30:39.0719 5984 wercplsupport - ok

22:30:39.0829 5984 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

22:30:39.0969 5984 WerSvc - ok

22:30:40.0156 5984 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

22:30:40.0359 5984 WfpLwf - ok

22:30:41.0311 5984 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

22:30:41.0326 5984 WIMMount - ok

22:30:41.0357 5984 WinDefend - ok

22:30:41.0435 5984 WinHttpAutoProxySvc - ok

22:30:41.0498 5984 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

22:30:41.0685 5984 Winmgmt - ok

22:30:41.0872 5984 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

22:30:42.0153 5984 WinRM - ok

22:30:42.0621 5984 WinTabService (3682b6fd90cd43abb137ace79d1a0180) C:\Windows\System32\Drivers\WTSRV.EXE

22:30:43.0120 5984 WinTabService ( UnsignedFile.Multi.Generic ) - warning

22:30:43.0120 5984 WinTabService - detected UnsignedFile.Multi.Generic (1)

22:30:43.0183 5984 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

22:30:43.0385 5984 WinUsb - ok

22:30:43.0495 5984 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

22:30:43.0604 5984 Wlansvc - ok

22:30:43.0775 5984 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

22:30:43.0994 5984 wlidsvc - ok

22:30:44.0165 5984 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

22:30:44.0212 5984 WmiAcpi - ok

22:30:44.0306 5984 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

22:30:44.0509 5984 wmiApSrv - ok

22:30:44.0571 5984 WMPNetworkSvc - ok

22:30:44.0649 5984 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

22:30:44.0852 5984 WPCSvc - ok

22:30:44.0945 5984 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

22:30:45.0179 5984 WPDBusEnum - ok

22:30:45.0304 5984 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

22:30:45.0398 5984 ws2ifsl - ok

22:30:45.0569 5984 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

22:30:45.0632 5984 wscsvc - ok

22:30:45.0710 5984 WSearch - ok

22:30:45.0866 5984 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

22:30:46.0256 5984 wuauserv - ok

22:30:46.0973 5984 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

22:30:47.0457 5984 WudfPf - ok

22:30:47.0613 5984 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

22:30:47.0909 5984 WUDFRd - ok

22:30:47.0987 5984 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

22:30:48.0206 5984 wudfsvc - ok

22:30:48.0409 5984 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

22:30:48.0549 5984 WwanSvc - ok

22:30:48.0955 5984 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

22:30:49.0079 5984 yukonw7 - ok

22:30:49.0173 5984 MBR (0x1B8) (e3e91e98346c8b0475259c238728e9e3) \Device\Harddisk0\DR0

22:30:49.0204 5984 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

22:30:49.0204 5984 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

22:30:49.0922 5984 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

22:30:49.0922 5984 \Device\Harddisk0\DR0 - detected TDSS File System (1)

22:30:49.0953 5984 Boot (0x1200) (3db359f7d7db08368e8b32c2d8479256) \Device\Harddisk0\DR0\Partition0

22:30:49.0953 5984 \Device\Harddisk0\DR0\Partition0 - ok

22:30:50.0047 5984 Boot (0x1200) (809bdf6a107d65f64975eada5709b3e0) \Device\Harddisk0\DR0\Partition1

22:30:50.0047 5984 \Device\Harddisk0\DR0\Partition1 - ok

22:30:50.0156 5984 Boot (0x1200) (4411b69a9e59d5c0ee4645ee36dfc879) \Device\Harddisk0\DR0\Partition2

22:30:50.0156 5984 \Device\Harddisk0\DR0\Partition2 - ok

22:30:50.0218 5984 Boot (0x1200) (7d161bc7a71ee6a823fb6de71910596f) \Device\Harddisk0\DR0\Partition3

22:30:50.0249 5984 \Device\Harddisk0\DR0\Partition3 - ok

22:30:50.0265 5984 ============================================================

22:30:50.0265 5984 Scan finished

22:30:50.0265 5984 ============================================================

22:30:50.0296 6748 Detected object count: 5

22:30:50.0296 6748 Actual detected object count: 5

22:37:49.0147 6748 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user

22:37:49.0147 6748 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:37:49.0147 6748 RtVOsdService ( UnsignedFile.Multi.Generic ) - skipped by user

22:37:49.0147 6748 RtVOsdService ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:37:49.0147 6748 WinTabService ( UnsignedFile.Multi.Generic ) - skipped by user

22:37:49.0147 6748 WinTabService ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:37:50.0224 6748 \Device\Harddisk0\DR0\# - copied to quarantine

22:37:50.0239 6748 \Device\Harddisk0\DR0 - copied to quarantine

22:37:52.0439 6748 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

22:39:26.0694 6748 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

22:39:29.0814 6748 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

22:39:31.0421 6748 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

22:39:35.0493 6748 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

22:39:36.0475 6748 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

22:39:36.0491 6748 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

22:39:36.0507 6748 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

22:39:36.0553 6748 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

22:39:36.0756 6748 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

22:39:37.0053 6748 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

22:39:37.0084 6748 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

22:39:37.0630 6748 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

22:39:37.0770 6748 \Device\Harddisk0\DR0 - ok

22:39:46.0054 6748 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

22:39:46.0054 6748 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

22:39:46.0054 6748 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

22:41:05.0676 7024 Deinitialize success

MrCharlie · March 31, 2012

OK, TDSSKiller found the rootkit.

Next.......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

thanatos65 · March 31, 2012

Mr. C,

After I ran TDSSKiller I scanned with MalwareBytes and it found and removed the svchost.exe file in the Windows directory. Sorry for not waiting for your next instructions, I got excited to see a light at the end of this tunnel. Also sometime last night the computer installed a Windows update and rebooted, I heard it in the middle of the night and saw the message that it did that. Should I still download and run combofix?

Thank you so much for your help so far and patience.

MrCharlie · March 31, 2012

I certainly would suggest you do.

Remember that the absence of symptoms doesn't indicate that the system is clean.

MrC

thanatos65 · March 31, 2012

Ok, combofix was run. On the reboot McAfee reenabled itself and blocked some part of combofix from running. I said that combofix was a trusted program. At that time Internet Explorer wouldn't run. I rebooted and IE is now running. Here is the log from when I ran combofix.

Thank you again MrC

ComboFix 12-03-31.02 - kaelynn 03/31/2012 7:51.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1787.755 [GMT -7:00]

Running from: c:\users\kaelynn\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\kaelynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check

c:\users\kaelynn\Documents\~WRL0005.tmp

c:\users\kaelynn\Documents\~WRL1454.tmp

c:\users\kaelynn\Documents\~WRL2980.tmp

c:\users\kaelynn\Documents\~WRL2991.tmp

c:\windows\SysWow64\config\systemprofile\Librarys\wgesdwx

.

((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-31 )))))))))))))))))))))))))))))))

.

2012-03-31 15:04 . 2012-03-31 15:04 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-31 10:01 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-31 10:01 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-31 10:01 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-31 05:37 . 2012-03-31 05:37 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-28 06:21 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-28 06:21 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-28 06:20 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-28 06:20 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-28 06:20 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-28 06:20 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-28 02:45 . 2012-03-28 02:45 -------- d-----w- C:\35b90b9ae621dcb593efe88bb930

2012-03-28 02:39 . 2012-03-28 02:39 -------- d-----w- c:\program files (x86)\GUMDBAB.tmp

2012-03-28 02:39 . 2012-03-28 02:39 3993600 ----a-w- c:\program files (x86)\GUTDBBB.tmp

2012-03-26 02:07 . 2012-03-26 02:07 -------- d-----w- C:\Sun

2012-03-25 16:17 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-25 15:42 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-25 15:42 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-25 05:43 . 2011-12-10 22:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-25 05:41 . 2012-03-25 05:41 29808 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-03-25 02:54 . 2012-03-25 02:54 -------- d-----w- c:\users\kaelynn\AppData\Roaming\Malwarebytes

2012-03-25 02:54 . 2012-03-25 02:54 -------- d-----w- c:\programdata\Malwarebytes

2012-03-25 02:53 . 2012-03-25 05:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-24 21:54 . 2012-03-31 15:03 -------- d-----w- c:\windows\SysWow64\config\systemprofile\Librarys

2012-03-24 17:41 . 2012-03-24 17:41 5120 ---ha-w- c:\programdata\Microsoft\Windows\DRM\3E8.tmp

2012-03-24 17:41 . 2012-03-24 17:41 5120 ---ha-w- c:\programdata\Microsoft\Windows\DRM\3E7.tmp

2012-03-17 04:08 . 2012-03-17 04:08 -------- d-----w- C:\15917585ff42290acc083d07979c

2012-03-17 01:16 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-28 02:53 . 2010-10-20 08:36 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-01-04 10:44 . 2012-02-17 03:07 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-01-04 08:58 . 2012-02-17 03:07 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-05 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]

"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 421160]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]

"WTClient"="WTClient.exe" [2009-10-05 32768]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-23 1675160]

.

c:\users\kaelynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech . Product Registration.lnk - c:\program files\Logitech\Logitech WebCam Software\eReg.exe [2009-10-14 517384]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-05 136176]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]

R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-05 136176]

R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

R3 LVUVC64;QuickCam for Notebooks Deluxe(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]

R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-01-28 225216]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]

S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]

S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-05 18:43]

.

2012-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-05 18:43]

.

2012-03-28 c:\windows\Tasks\HPCeeScheduleForkaelynn.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

2012-03-03 c:\windows\Tasks\HPCeeScheduleForPSYCH$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]

@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"

[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]