Therese1 Posted August 11, 2012 ID:583668 Share Posted August 11, 2012 About a week ago my computer got infected by the rootkit.0access virus, scanning with Malwarebytes detected it and (after a couple of tries) it removed it so now a scan with Malwarebytes detects no malicious files but there are still almost constant popups saying it's blocked access to a potentially malicious websiteAlso running a scan with McAfee still detects 2 files are infected with ZeroAccess:C:\Windows\assembly\GAC_64\Desktop.iniC:\Windows\assembly\GAC_32\Desktop.iniAny help is appreciated, here are the logs.DDS (Ver_2011-08-26.01) - NTFSAMD64Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1Run by Therese at 16:29:57 on 2012-08-11Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.8174.6483 [GMT 12:00].AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\atieclxx.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\system32\conhost.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\mfevtps.exeC:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exeC:\Windows\SysWOW64\NLSSRV32.EXEC:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEC:\Windows\system32\WUDFHost.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exeC:\Program Files (x86)\Dell\Stage Remote\StageRemote.exeC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exeC:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exec:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Users\Therese\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exeC:\Program Files\mcafee.com\agent\mcagent.exeC:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exeC:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEC:\Users\Therese\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exeC:\Users\Therese\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler64.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\system32\DllHost.exeC:\ProgramData\Macrovision\FLEXnet Connect\11\agent.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.co.nz/uInternet Settings,ProxyOverride = *.localmWinlogon: Userinit=userinit.exe,BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120625165952.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dlluRun: [Google Update] "C:\Users\Therese\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [AdobeBridge]uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silentmRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exemRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /rmRun: [updReg] C:\Windows\UpdReg.EXEmRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exemRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [<NO NAME>]mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeymRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startupmRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exemRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbyloginmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttrayStartupFolder: C:\Users\Therese\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Therese\AppData\Roaming\Dropbox\bin\Dropbox.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exemPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllLSP: mswsock.dllTCP: DhcpNameServer = 192.168.0.1TCP: Interfaces\{41BD0B10-4281-409E-ACF8-68B003E2AFC1} : DhcpNameServer = 192.168.0.1Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dllBHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120625165952.dllBHO-X64: scriptproxy - No FileBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dllmRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun-x64: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exemRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /rmRun-x64: [updReg] C:\Windows\UpdReg.EXEmRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exemRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun-x64: [(Default)]mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeymRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startupmRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exemRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbyloginmRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Therese\AppData\Roaming\Mozilla\Firefox\Profiles\mvsz5q1i.default\FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dllFF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npdf.dllFF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitroie.dllFF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dllFF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\Therese\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dll.============= SERVICES / DRIVERS ===============.R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-1-19 199272]R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-1-19 210584]R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]R2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2012-6-3 216072]R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-6-3 69640]R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000]R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-1-19 1692480]R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-1-19 13592]S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-7 655944]S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-30 253088]S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-1-19 224704]S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-16 227232]S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-12 129976]S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-4-11 25072]S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2012-08-07 05:56:46 -------- d-----w- C:\Program Files\CCleaner2012-08-07 05:41:16 -------- d-----w- C:\Users\Therese\AppData\Roaming\Malwarebytes2012-08-07 05:41:02 -------- d-----w- C:\ProgramData\Malwarebytes2012-08-07 05:40:58 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-08-07 05:40:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2012-08-07 05:27:33 16200 ----a-w- C:\Windows\stinger.sys2012-08-07 05:26:59 -------- d-----w- C:\Program Files (x86)\stinger2012-08-07 02:28:33 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll2012-08-07 02:28:31 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A3A94243-FC9B-45C9-A2D6-85020D17DC93}\mpengine.dll2012-08-02 11:28:42 -------- d-----w- C:\ProgramData\OrganicCoffee2012-07-19 13:11:31 -------- d-----w- C:\Users\Therese\AppData\Local\MaFarm2012-07-19 13:10:54 -------- d-----w- C:\Program Files (x86)\Microsoft XNA2012-07-19 13:09:10 49152 ----a-r- C:\Users\Therese\AppData\Roaming\Microsoft\Installer\{DA5E6A2D-DEAA-4152-A43A-FDBDE29AA724}\DAMN_NFO_Viewer.exe_DA5E6A2DDEAA4152A43AFDBDE29AA724.exe2012-07-19 13:09:10 49152 ----a-r- C:\Users\Therese\AppData\Roaming\Microsoft\Installer\{DA5E6A2D-DEAA-4152-A43A-FDBDE29AA724}\ARPPRODUCTICON.exe2012-07-19 13:09:08 -------- d-----w- C:\Program Files (x86)\DAMN NFO Viewer2012-07-19 11:03:44 -------- d-----w- C:\Users\Therese\AppData\Roaming\FarmFables2012-07-19 11:03:18 -------- d-----w- C:\Windows\Farm Fables2012-07-19 11:03:18 -------- d-----w- C:\Program Files (x86)\Farm Fables2012-07-12 13:55:01 3148800 ----a-w- C:\Windows\System32\win32k.sys2012-07-12 10:36:00 -------- d-----w- C:\Program Files (x86)\Dream Builder BETA.==================== Find3M ====================.2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll2012-06-03 09:25:46 69640 ----a-w- C:\Windows\SysWow64\NLSSRV32.EXE2012-06-03 09:25:08 29704 ----a-w- C:\Windows\System32\nitrolocalmon2.dll2012-06-03 09:25:08 17928 ----a-w- C:\Windows\System32\nitrolocalui2.dll2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll2012-06-02 03:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll2012-06-02 03:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe.============= FINISH: 16:31:52.49 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume2Install Date: 24/01/2012 8:17:34 p.m.System Uptime: 11/08/2012 4:28:51 p.m. (0 hours ago).Motherboard: Dell Inc. | | 0Y2MRGProcessor: Intel® Core™ i7-2600 CPU @ 3.40GHz | CPU 1 | 3401/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 1850 GiB total, 1416.863 GiB free.D: is CDROM (UDF)E: is RemovableF: is RemovableG: is RemovableH: is RemovableI: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP123: 27/07/2012 5:32:28 p.m. - Scheduled CheckpointRP124: 3/08/2012 6:42:19 p.m. - Scheduled CheckpointRP125: 5/08/2012 1:50:10 a.m. - Restore OperationRP127: 7/08/2012 2:30:15 p.m. - Windows Defender Checkpoint.==== Installed Programs ======================.Adobe AIRAdobe Community HelpAdobe Dreamweaver CS5Adobe Flash Player 10 ActiveXAdobe Flash Professional CS5Adobe Illustrator CS5Adobe Media PlayerAdobe Photoshop CS5Adobe Reader X (10.1.2) MUIAiseesoft DVD RipperApple Application SupportApple Software UpdateAVS Update Manager 1.0AVS Video Converter 8AVS4YOU Software Navigator 1.4Catalyst Control CenterCatalyst Control Center - BrandingCatalyst Control Center InstallProxyCatalyst Control Center Localization AllCC MagicCCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishD3DX10DAEMON Tools LiteDAMN NFO Viewer 2.10.0031 RC3Dell DataSafe Local BackupDell DataSafe Local Backup - Support SoftwareDell DataSafe OnlineDell Getting Started GuideDell MusicStageDell PhotoStageDell StageDell Stage RemoteDell VideoStageDirectX 9 RuntimeDrawn 2 Dark Flight Collector's Edition [updated]DropboxFamily FarmFarm FablesFileZilla Client 3.5.3Fix-It-Up Eighties Meet Kates Parents 1.00Gemini LostGoogle AdWords EditorGoogle ChromeGoToAssist 8.0.0.514High-Definition Video PlaybackIntel® Control CenterIntel® Rapid Storage TechnologyJava Auto UpdaterJava™ 7 Update 4JavaFX 2.1.0Jos Dream - Organic CoffeeJunk Mail filter updateLovely KitchenMalwarebytes Anti-Malware version 1.62.0.1300McAfee Security Scan PlusMcAfee SecurityCenterMesh RuntimeMicrosoft Office 2010Microsoft Office Click-to-Run 2010Microsoft Office Starter 2010 - EnglishMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Microsoft WSE 3.0 RuntimeMicrosoft XNA Framework Redistributable 3.1Microsoft_VC80_ATL_x86Microsoft_VC80_CRT_x86Microsoft_VC80_MFC_x86Microsoft_VC80_MFCLOC_x86Microsoft_VC90_ATL_x86Microsoft_VC90_CRT_x86Microsoft_VC90_MFC_x86Mozilla Firefox 12.0 (x86 en-GB)Mozilla Maintenance ServiceMSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Multimedia Card ReaderMultiple Image Resizer .NET 4Nero 10 Movie ThemePack BasicNero Control Center 10Nero ControlCenter 10 Help (CHM)Nero Core Components 10Nero UpdateOpera 11.61OriginPDF Settings CS5PhotoShowExpressRealtek High Definition Audio DriverRoxio Activation ModuleRoxio BackOnTrackRoxio BurnRoxio Creator StarterRoxio Express Labeler 3s3pe - Sims3 Package EditorSafariSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)SEO PowerSuiteSimCity 4 DeluxeSkype™ 5.5Sonic CinePlayer Decoder PackStand O' Food 3Switch Sound File ConverterSyncUPThe Sims MedievalThe Sims Medieval Pirates and NoblesThe Sims™ 3The Sims™ 3 AmbitionsThe Sims™ 3 Create a World Tool - BetaThe Sims™ 3 GenerationsThe Sims™ 3 Late NightThe Sims™ 3 Outdoor Living StuffThe Sims™ 3 PetsThe Sims™ 3 ShowtimeThe Sims™ 3 Town Life StuffThe Sims™ 3 World AdventuresTHX TruStudio PCTSR RigFixUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)VLC media player 1.1.11Westward Kingdoms version 1.000Windows Live Communications PlatformWindows Live EssentialsWindows Live InstallerWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWinRAR archiverZinio Reader 4.==== Event Viewer Messages From Past Week ========.8/08/2012 11:40:49 p.m., Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: %%-21474163658/08/2012 11:40:47 p.m., Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).8/08/2012 11:40:47 p.m., Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.8/08/2012 11:40:47 p.m., Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread7/08/2012 7:20:29 p.m., Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.7/08/2012 7:20:29 p.m., Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.7/08/2012 7:20:29 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}7/08/2012 7:20:25 p.m., Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.7/08/2012 7:20:25 p.m., Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.7/08/2012 4:42:18 p.m., Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.7/08/2012 2:19:21 p.m., Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..7/08/2012 2:17:02 p.m., Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.104. The computer with the IP address 192.168.0.100 did not allow the name to be claimed by this computer.7/08/2012 2:06:42 p.m., Error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown.7/08/2012 1:46:57 p.m., Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.7/08/2012 1:46:57 p.m., Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.7/08/2012 1:46:57 p.m., Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.7/08/2012 1:45:01 p.m., Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-21470248917/08/2012 1:45:01 p.m., Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-21470248917/08/2012 1:44:44 p.m., Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.7/08/2012 1:44:44 p.m., Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.5/08/2012 7:46:52 p.m., Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.5/08/2012 7:45:05 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}5/08/2012 7:44:01 p.m., Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.5/08/2012 7:41:52 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}5/08/2012 7:41:52 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}5/08/2012 7:41:52 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}5/08/2012 7:41:52 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}5/08/2012 7:41:51 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}5/08/2012 7:41:46 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}5/08/2012 7:41:37 p.m., Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf5/08/2012 7:41:37 p.m., Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.5/08/2012 7:41:37 p.m., Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.5/08/2012 7:41:37 p.m., Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.5/08/2012 7:41:37 p.m., Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.5/08/2012 7:41:37 p.m., Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.5/08/2012 7:41:37 p.m., Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.5/08/2012 7:41:37 p.m., Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.5/08/2012 7:41:37 p.m., Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.5/08/2012 7:41:37 p.m., Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.5/08/2012 7:41:37 p.m., Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.5/08/2012 7:41:37 p.m., Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.5/08/2012 7:41:37 p.m., Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.5/08/2012 7:41:37 p.m., Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.5/08/2012 7:41:37 p.m., Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.5/08/2012 7:41:37 p.m., Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.5/08/2012 7:41:37 p.m., Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.5/08/2012 6:47:11 p.m., Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The service has returned a service-specific error code.5/08/2012 6:35:54 p.m., Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The service has not been started.4/08/2012 8:31:04 p.m., Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.4/08/2012 1:40:10 p.m., Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.4/08/2012 1:40:10 p.m., Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.4/08/2012 1:40:10 p.m., Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.11/08/2012 4:29:41 p.m., Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.11/08/2012 4:29:12 p.m., Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Security with the following error: Access is denied.10/08/2012 9:13:38 p.m., Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.10/08/2012 8:02:01 p.m., Error: Service Control Manager [7034] - The Nero Update service terminated unexpectedly. It has done this 1 time(s).10/08/2012 8:02:01 p.m., Error: Service Control Manager [7034] - The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).10/08/2012 8:02:00 p.m., Error: Service Control Manager [7034] - The Client Virtualization Handler service terminated unexpectedly. It has done this 1 time(s).10/08/2012 8:02:00 p.m., Error: Service Control Manager [7034] - The Application Virtualization Service Agent service terminated unexpectedly. It has done this 1 time(s).10/08/2012 8:02:00 p.m., Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s)..==== End Of File =========================== Link to post Share on other sites More sharing options...
MrCharlie Posted August 11, 2012 ID:583675 Share Posted August 11, 2012 Your computer is infected with a nasty rootkit. Please read the following information first.You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.BACKDOOR WARNING------------------------------One or more of the identified infections is known to use a backdoor.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?http://www.dslreports.com/faq/10451When Should I Format, How Should I Reinstallhttp://www.dslreports.com/faq/10063I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.-----------------------------------------Please make sure system restore is running and create a new restore point before continuing!For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.How to tell > 32 or 64 bitPlug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:services.exe[*]Now press the Search button[*]When the search is complete, search.txt will also be written to your USB[*]Type exit and reboot the computer normally[*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)MrC Link to post Share on other sites More sharing options...
MrCharlie Posted August 13, 2012 ID:584566 Share Posted August 13, 2012 How are we doing??Do you still need help or can I close this post??MrC Link to post Share on other sites More sharing options...
Therese1 Posted August 14, 2012 Author ID:584855 Share Posted August 14, 2012 Yup, I do. Here's the logsScan result of Farbar Recovery Scan Tool Version: 14-08-2012Ran by SYSTEM at 14-08-2012 16:25:13Running from K:\Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)The current controlset is ControlSet001========================== Registry (Whitelisted) =============HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10920552 2010-06-23] (Realtek Semiconductor)HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)HKLM\...\Run: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [21504 2009-10-15] (Creative Technology Ltd.)HKLM\...\Run: [stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet [2022976 2011-06-27] ()HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207845 2011-04-29] ()HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)HKLM-x32\...\Run: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)HKLM-x32\...\Run: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-04-19] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [963584 2009-12-01] (Creative Technology Ltd)HKLM-x32\...\Run: [updReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2012-01-03] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)HKLM-x32\...\Run: [] [x]HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)HKLM-x32\...\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 [75064 2011-07-07] ()HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2825741 2011-04-29] ()HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)HKLM-x32\...\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)HKU\Therese\...\Run: [Google Update] "C:\Users\Therese\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-01-24] (Google Inc.)HKU\Therese\...\Run: [AdobeBridge] [x]HKU\Therese\...\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x]Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]Tcpip\Parameters: [DhcpNameServer] 192.168.0.1Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnkShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)Startup: C:\Users\Therese\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> (No File)==================== Services (Whitelisted) ======2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)3 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [224704 2011-03-08] (McAfee, Inc.)3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [502032 2012-04-19] (McAfee, Inc.)4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.)2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.)2 mfevtp; "C:\Windows\system32\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.)2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)2 NitroDriverReadSpool2; "C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe" [216072 2012-06-03] (Nitro PDF Software)2 nlsX86cc; C:\Windows\SysWOW64\NLSSRV32.EXE [69640 2012-06-03] (Nalpeiron Ltd.)2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions)3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74392 2010-11-08] (MicroVision Development, Inc.)========================== Drivers (Whitelisted) =============3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-02-15] (DT Soft Ltd)3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)3 mfeavfk01; [x]3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]========================== NetSvcs (Whitelisted) ======================= One Month Created Files and Folders ==============2012-08-14 16:25 - 2012-08-14 16:25 - 00000000 ____D C:\FRST2012-08-14 12:13 - 2012-08-14 12:13 - 00000493 ____A C:\Windows\WindowsUpdate.log2012-08-13 22:24 - 2012-08-13 22:30 - 00006782 ____A C:\Users\Therese\Downloads\ProductExportNZ.csv2012-08-13 22:20 - 2012-08-13 22:20 - 00048230 ____A C:\Users\Therese\Downloads\ProductExport.csv2012-08-12 19:09 - 2012-08-12 19:09 - 03290332 ____A C:\Users\Therese\Downloads\Evernote_4.5.7.7146.exe.part2012-08-10 17:25 - 2012-08-10 17:25 - 00001218 ____A C:\Users\Therese\Downloads\mbam-download.php2012-08-10 17:09 - 2012-08-10 17:09 - 00607260 ____R (Swearware) C:\Users\Therese\Desktop\dds.scr2012-08-10 17:09 - 2012-08-10 17:09 - 00607260 ____R (Swearware) C:\Users\Therese\Desktop\dds.com2012-08-10 17:09 - 2012-08-10 17:09 - 00607260 ____A (Swearware) C:\Users\Therese\Downloads\dds.com2012-08-10 16:55 - 2012-08-10 16:55 - 00000043 ___RH C:\Users\Therese\Downloads\stinger (1).opt2012-08-10 16:19 - 2012-08-10 16:19 - 00002954 ____A C:\Users\Therese\Desktop\RKreport[1].txt2012-08-10 16:18 - 2012-08-10 16:19 - 00000000 ____D C:\Users\Therese\Desktop\RK_Quarantine2012-08-10 16:18 - 2012-08-10 16:18 - 01552896 ____A C:\Users\Therese\Downloads\RogueKiller.exe2012-08-10 16:00 - 2012-08-10 16:01 - 00000237 ____A C:\Users\Therese\Downloads\RootkitRemover20120810200011.txt2012-08-10 16:00 - 2012-08-10 16:00 - 09773160 ____A (McAfee Inc.) C:\Users\Therese\Downloads\stinger (1).exe2012-08-10 15:59 - 2012-08-10 15:59 - 00475752 ____A (McAfee, Inc.) C:\Users\Therese\Downloads\rootkitremover (1).exe2012-08-07 15:19 - 2012-08-14 12:12 - 00003000 ____A C:\Windows\PFRO.log2012-08-07 15:19 - 2012-08-14 12:12 - 00000448 ____A C:\Windows\setupact.log2012-08-07 15:19 - 2012-08-07 15:19 - 00000000 ____A C:\Windows\setuperr.log2012-08-07 13:56 - 2012-08-07 13:56 - 02975336 ____A (Piriform Ltd) C:\Users\Therese\Downloads\ccsetup321_slim.exe2012-08-07 13:56 - 2012-08-07 13:56 - 00000784 ____A C:\Users\Public\Desktop\CCleaner.lnk2012-08-07 13:56 - 2012-08-07 13:56 - 00000784 ____A C:\Users\All Users\Desktop\CCleaner.lnk2012-08-07 13:56 - 2012-08-07 13:56 - 00000000 ____D C:\Program Files\CCleaner2012-08-07 13:54 - 2012-08-07 13:54 - 00050477 ____A C:\Users\Therese\Downloads\Defogger.exe2012-08-07 13:54 - 2012-08-07 13:54 - 00000546 ____A C:\Users\Therese\Downloads\defogger_disable.log2012-08-07 13:54 - 2012-08-07 13:54 - 00000168 ____A C:\Users\Therese\defogger_reenable2012-08-07 13:41 - 2012-08-07 13:41 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2012-08-07 13:41 - 2012-08-07 13:41 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk2012-08-07 13:41 - 2012-08-07 13:41 - 00000000 ____D C:\Users\Therese\Application Data\Malwarebytes2012-08-07 13:41 - 2012-08-07 13:41 - 00000000 ____D C:\Users\Therese\AppData\Roaming\Malwarebytes2012-08-07 13:41 - 2012-08-07 13:41 - 00000000 ____D C:\Users\All Users\Malwarebytes2012-08-07 13:41 - 2012-08-07 13:41 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes2012-08-07 13:40 - 2012-08-07 13:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2012-08-07 13:40 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys2012-08-07 13:31 - 2012-08-07 13:31 - 02117108 ____A C:\Users\Therese\Downloads\tdsskiller.zip2012-08-07 13:31 - 2012-07-24 09:22 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Therese\Desktop\TDSSKiller.exe2012-08-07 13:30 - 2012-08-07 13:30 - 00000043 ___RH C:\Users\Therese\Downloads\stinger.opt2012-08-07 13:27 - 2012-08-10 16:01 - 00016200 ____A (McAfee, Inc.) C:\Windows\stinger.sys2012-08-07 13:26 - 2012-08-10 16:55 - 00000000 ____D C:\Program Files (x86)\stinger2012-08-07 13:26 - 2012-08-07 13:27 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Therese\Downloads\mbam-setup-1.62.0.1300.exe2012-08-07 13:26 - 2012-08-07 13:26 - 09769576 ____A (McAfee Inc.) C:\Users\Therese\Downloads\stinger.exe2012-08-07 13:05 - 2012-08-07 13:06 - 00000237 ____A C:\Users\Therese\Downloads\RootkitRemover20120807170553.txt2012-08-07 13:05 - 2012-08-07 13:05 - 00475712 ____A (McAfee, Inc.) C:\Users\Therese\Downloads\rootkitremover.exe2012-08-07 12:57 - 2012-08-07 13:02 - 00000215 ____A C:\Users\Therese\Desktop\elliotts changes.txt2012-08-04 20:49 - 2012-08-04 20:49 - 00229548 ____A C:\Users\Therese\Downloads\1055.BFE.reg2012-08-04 20:49 - 2012-08-04 20:49 - 00006396 ____A C:\Users\Therese\Downloads\0677.mpssvc.reg2012-08-04 20:43 - 2012-08-04 20:43 - 00176940 ____A C:\Users\Therese\Downloads\BFE.reg2012-08-04 20:43 - 2012-08-04 20:43 - 00006396 ____A C:\Users\Therese\Downloads\MpsSvc.reg2012-08-02 19:28 - 2012-08-02 20:44 - 00000000 ____D C:\Users\All Users\OrganicCoffee2012-08-02 19:28 - 2012-08-02 20:44 - 00000000 ____D C:\Users\All Users\Application Data\OrganicCoffee2012-07-19 21:11 - 2012-07-19 21:11 - 00000000 ____D C:\Users\Therese\Local Settings\MaFarm2012-07-19 21:11 - 2012-07-19 21:11 - 00000000 ____D C:\Users\Therese\Local Settings\Application Data\MaFarm2012-07-19 21:11 - 2012-07-19 21:11 - 00000000 ____D C:\Users\Therese\AppData\Local\MaFarm2012-07-19 21:10 - 2012-07-19 21:10 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA2012-07-19 21:09 - 2012-07-19 21:09 - 00000000 ____D C:\Program Files (x86)\DAMN NFO Viewer2012-07-19 19:03 - 2012-07-19 21:12 - 00000000 ____D C:\Users\Therese\Application Data\FarmFables2012-07-19 19:03 - 2012-07-19 21:12 - 00000000 ____D C:\Users\Therese\AppData\Roaming\FarmFables2012-07-19 19:03 - 2012-07-19 19:03 - 00000000 ____D C:\Windows\Farm Fables2012-07-19 19:03 - 2012-07-19 19:03 - 00000000 ____D C:\Program Files (x86)\Farm Fables============ 3 Months Modified Files ========================2012-08-14 12:21 - 2009-07-14 12:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02012-08-14 12:21 - 2009-07-14 12:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02012-08-14 12:18 - 2012-04-20 08:45 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job2012-08-14 12:17 - 2009-07-14 13:13 - 00006312 ____A C:\Windows\System32\PerfStringBackup.INI2012-08-14 12:13 - 2012-08-14 12:13 - 00000493 ____A C:\Windows\WindowsUpdate.log2012-08-14 12:12 - 2012-08-07 15:19 - 00003000 ____A C:\Windows\PFRO.log2012-08-14 12:12 - 2012-08-07 15:19 - 00000448 ____A C:\Windows\setupact.log2012-08-14 12:12 - 2009-07-14 13:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2012-08-13 22:30 - 2012-08-13 22:24 - 00006782 ____A C:\Users\Therese\Downloads\ProductExportNZ.csv2012-08-13 22:20 - 2012-08-13 22:20 - 00048230 ____A C:\Users\Therese\Downloads\ProductExport.csv2012-08-13 22:15 - 2012-01-25 09:29 - 00001456 ____A C:\Users\Therese\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs2012-08-13 22:15 - 2012-01-25 09:29 - 00001456 ____A C:\Users\Therese\Local Settings\Adobe Save for Web 12.0 Prefs2012-08-13 22:15 - 2012-01-25 09:29 - 00001456 ____A C:\Users\Therese\AppData\Local\Adobe Save for Web 12.0 Prefs2012-08-13 22:10 - 2012-04-30 08:48 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2012-08-13 21:51 - 2012-01-24 15:30 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-452861804-2919628889-209171230-1000UA.job2012-08-12 19:09 - 2012-08-12 19:09 - 03290332 ____A C:\Users\Therese\Downloads\Evernote_4.5.7.7146.exe.part2012-08-10 17:25 - 2012-08-10 17:25 - 00001218 ____A C:\Users\Therese\Downloads\mbam-download.php2012-08-10 17:09 - 2012-08-10 17:09 - 00607260 ____R (Swearware) C:\Users\Therese\Desktop\dds.scr2012-08-10 17:09 - 2012-08-10 17:09 - 00607260 ____R (Swearware) C:\Users\Therese\Desktop\dds.com2012-08-10 17:09 - 2012-08-10 17:09 - 00607260 ____A (Swearware) C:\Users\Therese\Downloads\dds.com2012-08-10 16:55 - 2012-08-10 16:55 - 00000043 ___RH C:\Users\Therese\Downloads\stinger (1).opt2012-08-10 16:51 - 2012-01-24 15:32 - 00002423 ____A C:\Users\Therese\Desktop\Google Chrome.lnk2012-08-10 16:19 - 2012-08-10 16:19 - 00002954 ____A C:\Users\Therese\Desktop\RKreport[1].txt2012-08-10 16:18 - 2012-08-10 16:18 - 01552896 ____A C:\Users\Therese\Downloads\RogueKiller.exe2012-08-10 16:01 - 2012-08-10 16:00 - 00000237 ____A C:\Users\Therese\Downloads\RootkitRemover20120810200011.txt2012-08-10 16:01 - 2012-08-07 13:27 - 00016200 ____A (McAfee, Inc.) C:\Windows\stinger.sys2012-08-10 16:00 - 2012-08-10 16:00 - 09773160 ____A (McAfee Inc.) C:\Users\Therese\Downloads\stinger (1).exe2012-08-10 15:59 - 2012-08-10 15:59 - 00475752 ____A (McAfee, Inc.) C:\Users\Therese\Downloads\rootkitremover (1).exe2012-08-07 15:19 - 2012-08-07 15:19 - 00000000 ____A C:\Windows\setuperr.log2012-08-07 13:56 - 2012-08-07 13:56 - 02975336 ____A (Piriform Ltd) C:\Users\Therese\Downloads\ccsetup321_slim.exe2012-08-07 13:56 - 2012-08-07 13:56 - 00000784 ____A C:\Users\Public\Desktop\CCleaner.lnk2012-08-07 13:56 - 2012-08-07 13:56 - 00000784 ____A C:\Users\All Users\Desktop\CCleaner.lnk2012-08-07 13:54 - 2012-08-07 13:54 - 00050477 ____A C:\Users\Therese\Downloads\Defogger.exe2012-08-07 13:54 - 2012-08-07 13:54 - 00000546 ____A C:\Users\Therese\Downloads\defogger_disable.log2012-08-07 13:54 - 2012-08-07 13:54 - 00000168 ____A C:\Users\Therese\defogger_reenable2012-08-07 13:41 - 2012-08-07 13:41 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2012-08-07 13:41 - 2012-08-07 13:41 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk2012-08-07 13:31 - 2012-08-07 13:31 - 02117108 ____A C:\Users\Therese\Downloads\tdsskiller.zip2012-08-07 13:30 - 2012-08-07 13:30 - 00000043 ___RH C:\Users\Therese\Downloads\stinger.opt2012-08-07 13:27 - 2012-08-07 13:26 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Therese\Downloads\mbam-setup-1.62.0.1300.exe2012-08-07 13:26 - 2012-08-07 13:26 - 09769576 ____A (McAfee Inc.) C:\Users\Therese\Downloads\stinger.exe2012-08-07 13:06 - 2012-08-07 13:05 - 00000237 ____A C:\Users\Therese\Downloads\RootkitRemover20120807170553.txt2012-08-07 13:05 - 2012-08-07 13:05 - 00475712 ____A (McAfee, Inc.) C:\Users\Therese\Downloads\rootkitremover.exe2012-08-07 13:02 - 2012-08-07 12:57 - 00000215 ____A C:\Users\Therese\Desktop\elliotts changes.txt2012-08-04 20:49 - 2012-08-04 20:49 - 00229548 ____A C:\Users\Therese\Downloads\1055.BFE.reg2012-08-04 20:49 - 2012-08-04 20:49 - 00006396 ____A C:\Users\Therese\Downloads\0677.mpssvc.reg2012-08-04 20:43 - 2012-08-04 20:43 - 00176940 ____A C:\Users\Therese\Downloads\BFE.reg2012-08-04 20:43 - 2012-08-04 20:43 - 00006396 ____A C:\Users\Therese\Downloads\MpsSvc.reg2012-08-03 21:53 - 2012-06-22 22:10 - 00000322 ____A C:\Windows\Tasks\At1.job2012-08-03 08:01 - 2012-04-20 08:45 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job2012-08-02 06:51 - 2012-01-24 15:30 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-452861804-2919628889-209171230-1000Core.job2012-08-01 16:56 - 2009-07-14 13:08 - 00032642 ____A C:\Windows\Tasks\SCHEDLGU.TXT2012-07-24 09:22 - 2012-08-07 13:31 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Therese\Desktop\TDSSKiller.exe2012-07-13 15:23 - 2009-07-14 12:45 - 07533576 ____A C:\Windows\System32\FNTCACHE.DAT2012-07-12 21:53 - 2012-01-25 09:11 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe2012-07-08 17:13 - 2012-01-24 15:17 - 00240336 ____A C:\Users\Therese\Local Settings\GDIPFONTCACHEV1.DAT2012-07-08 17:13 - 2012-01-24 15:17 - 00240336 ____A C:\Users\Therese\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2012-07-08 17:13 - 2012-01-24 15:17 - 00240336 ____A C:\Users\Therese\AppData\Local\GDIPFONTCACHEV1.DAT2012-07-07 20:56 - 2012-07-07 20:56 - 00000132 ____A C:\Users\Therese\Application Data\Adobe PNG Format CS5 Prefs2012-07-07 20:56 - 2012-07-07 20:56 - 00000132 ____A C:\Users\Therese\AppData\Roaming\Adobe PNG Format CS5 Prefs2012-07-03 09:46 - 2012-08-07 13:40 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys2012-06-12 11:08 - 2012-07-12 21:55 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys2012-06-09 13:43 - 2012-07-12 18:25 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll2012-06-09 12:41 - 2012-07-12 18:25 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2012-06-07 08:06 - 2012-06-07 08:06 - 00000132 ____A C:\Users\Therese\Application Data\Adobe BMP Format CS5 Prefs2012-06-07 08:06 - 2012-06-07 08:06 - 00000132 ____A C:\Users\Therese\AppData\Roaming\Adobe BMP Format CS5 Prefs2012-06-06 14:06 - 2012-07-12 18:25 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll2012-06-06 14:06 - 2012-07-12 18:25 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll2012-06-06 14:02 - 2012-07-12 18:25 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll2012-06-06 13:05 - 2012-07-12 18:25 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll2012-06-06 13:05 - 2012-07-12 18:25 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2012-06-06 13:03 - 2012-07-12 18:25 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll2012-06-03 17:25 - 2012-06-05 18:57 - 00029704 ____A (Nitro PDF Software) C:\Windows\System32\nitrolocalmon2.dll2012-06-03 17:25 - 2012-06-05 18:57 - 00017928 ____A (Nitro PDF Software) C:\Windows\System32\nitrolocalui2.dll2012-06-03 17:25 - 2012-06-03 17:25 - 00069640 ____A (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE2012-06-03 06:19 - 2012-06-22 08:05 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll2012-06-03 06:19 - 2012-06-22 08:05 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe2012-06-03 06:19 - 2012-06-22 08:05 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll2012-06-03 06:19 - 2012-06-22 08:04 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll2012-06-03 06:19 - 2012-06-22 08:04 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll2012-06-03 06:15 - 2012-06-22 08:05 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll2012-06-03 06:15 - 2012-06-22 08:04 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll2012-06-02 20:49 - 2012-07-12 21:52 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2012-06-02 20:17 - 2012-07-12 21:52 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2012-06-02 20:12 - 2012-07-12 21:52 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll2012-06-02 20:05 - 2012-07-12 21:52 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2012-06-02 20:05 - 2012-07-12 21:52 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2012-06-02 20:04 - 2012-07-12 21:52 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2012-06-02 20:04 - 2012-07-12 21:52 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2012-06-02 20:03 - 2012-07-12 21:52 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2012-06-02 20:01 - 2012-07-12 21:52 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2012-06-02 20:00 - 2012-07-12 21:52 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll2012-06-02 19:59 - 2012-07-12 21:52 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2012-06-02 19:57 - 2012-07-12 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2012-06-02 19:57 - 2012-07-12 21:52 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2012-06-02 19:54 - 2012-07-12 21:52 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2012-06-02 17:07 - 2012-07-12 21:52 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2012-06-02 16:43 - 2012-07-12 21:52 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2012-06-02 16:33 - 2012-07-12 21:52 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2012-06-02 16:26 - 2012-07-12 21:52 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2012-06-02 16:25 - 2012-07-12 21:52 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2012-06-02 16:25 - 2012-07-12 21:52 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2012-06-02 16:23 - 2012-07-12 21:52 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2012-06-02 16:21 - 2012-07-12 21:52 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2012-06-02 16:20 - 2012-07-12 21:52 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2012-06-02 16:19 - 2012-07-12 21:52 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2012-06-02 16:19 - 2012-07-12 21:52 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2012-06-02 16:17 - 2012-07-12 21:52 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2012-06-02 16:16 - 2012-07-12 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2012-06-02 16:14 - 2012-07-12 21:52 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2012-06-02 13:50 - 2012-07-12 18:25 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys2012-06-02 13:48 - 2012-07-12 18:25 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys2012-06-02 13:48 - 2012-07-12 18:25 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys2012-06-02 13:45 - 2012-07-12 18:25 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll2012-06-02 13:44 - 2012-07-12 18:25 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll2012-06-02 12:40 - 2012-07-12 18:25 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2012-06-02 12:40 - 2012-07-12 18:25 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2012-06-02 12:39 - 2012-07-12 18:25 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2012-06-02 12:34 - 2012-07-12 18:25 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2012-06-02 11:19 - 2012-06-22 08:04 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll2012-06-02 11:15 - 2012-06-22 08:04 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exeZeroAccess:C:\Windows\Installer\{6598505b-f0fe-24e6-02be-cd1e6a485879}C:\Windows\Installer\{6598505b-f0fe-24e6-02be-cd1e6a485879}\@C:\Windows\Installer\{6598505b-f0fe-24e6-02be-cd1e6a485879}\LC:\Windows\Installer\{6598505b-f0fe-24e6-02be-cd1e6a485879}\UC:\Windows\Installer\{6598505b-f0fe-24e6-02be-cd1e6a485879}\L\00000004.@C:\Windows\Installer\{6598505b-f0fe-24e6-02be-cd1e6a485879}\U\80000032.@ZeroAccess:C:\Windows\assembly\GAC_32\Desktop.iniZeroAccess:C:\Windows\assembly\GAC_64\Desktop.ini========================= Known DLLs (Whitelisted) ===================================== Bamital & volsnap Check ============C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.C:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK========================= Memory info ======================Percentage of memory in use: 9%Total physical RAM: 8174.41 MBAvailable physical RAM: 7373.02 MBTotal Pagefile: 8172.61 MBAvailable Pagefile: 7361.83 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.89 MB======================= Partitions =========================1 Drive c: (OS) (Fixed) (Total:1849.73 GB) (Free:1416.32 GB) NTFS2 Drive d: (2010-08-29 1015) (CDROM) (Total:4.1 GB) (Free:0 GB) UDF7 Drive i: (RECOVERY) (Fixed) (Total:13.25 GB) (Free:5.27 GB) NTFS ==>[system with boot components (obtained from reading drive)]8 Drive k: (TRAVELDRIVE) (Removable) (Total:1.86 GB) (Free:1.59 GB) FAT9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 1863 GB 2048 KB Disk 1 Online 1911 MB 0 B Disk 2 No Media 0 B 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Disk 5 No Media 0 B 0 B Partitions of Disk 0:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 39 MB 31 KB Partition 2 Primary 13 GB 40 MB Partition 3 Primary 1849 GB 13 GB==================================================================================Disk: 0Partition 1Type : DEHidden: YesActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 8 FAT Partition 39 MB Healthy Hidden ==================================================================================Disk: 0Partition 2Type : 07Hidden: NoActive: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 1 I RECOVERY NTFS Partition 13 GB Healthy ==================================================================================Disk: 0Partition 3Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 2 C OS NTFS Partition 1849 GB Healthy ==================================================================================Partitions of Disk 1:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1907 MB 4032 KB==================================================================================Disk: 1Partition 1Type : 06Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 3 K TRAVELDRIVE FAT Removable 1907 MB Healthy ==================================================================================Last Boot: 2012-08-07 17:44======================= End Of Log ==========================Farbar Recovery Scan Tool Version: 14-08-2012Ran by SYSTEM at 2012-08-14 16:26:35Running from K:\================== Search: "services.exe" ===================C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe[2009-07-14 07:19] - [2009-07-14 09:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCBC:\Windows\System32\services.exe[2009-07-14 07:19] - [2009-07-14 09:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC====== End Of Search ====== Link to post Share on other sites More sharing options...
MrCharlie Posted August 14, 2012 ID:584919 Share Posted August 14, 2012 OK, here you go......Please carefully carry out this procedure!!!!!!Please download the attached fixlist.txt and copy it to your flashdrive.NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemOn Vista or Windows 7: Now please enter System Recovery Options. (as you did before)Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.MrC Link to post Share on other sites More sharing options...
Therese1 Posted August 17, 2012 Author ID:586408 Share Posted August 17, 2012 Here's fixlist.txt...Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 14-08-2012Ran by SYSTEM at 2012-08-17 21:34:58 Run:1Running from J:\==============================================C:\Windows\Installer\{6598505b-f0fe-24e6-02be-cd1e6a485879} moved successfully.C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.C:\Windows\System32\services.exe moved successfully.C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe==== End of Fixlog ==== Link to post Share on other sites More sharing options...
MrCharlie Posted August 17, 2012 ID:586435 Share Posted August 17, 2012 A couple of more scans to run.........Please download and run TDSSKiller to your desktop as outlined below:Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.-------------------------Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.------------------------Click the Start Scan button.-----------------------If a suspicious object is detected, the default action will be Skip, click on ContinueIf you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on Continue----------------------If malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.--------------------A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.-------------------Here's a summary of what to do if you would like to print it out:If a suspicious object is detected, the default action will be Skip, click on ContinueIf you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on ContinueIf malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.MrC Link to post Share on other sites More sharing options...
Therese1 Posted August 17, 2012 Author ID:586764 Share Posted August 17, 2012 Ok, the scan didn't find any malicious objects11:33:06.0674 7392 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:0511:33:07.0388 7392 ============================================================11:33:07.0388 7392 Current date / time: 2012/08/18 11:33:07.038811:33:07.0388 7392 SystemInfo:11:33:07.0388 7392 11:33:07.0388 7392 OS Version: 6.1.7601 ServicePack: 1.011:33:07.0388 7392 Product type: Workstation11:33:07.0388 7392 ComputerName: THERESE-PC11:33:07.0389 7392 UserName: Therese11:33:07.0389 7392 Windows directory: C:\Windows11:33:07.0389 7392 System windows directory: C:\Windows11:33:07.0389 7392 Running under WOW6411:33:07.0389 7392 Processor architecture: Intel x6411:33:07.0389 7392 Number of processors: 811:33:07.0389 7392 Page size: 0x100011:33:07.0389 7392 Boot type: Normal boot11:33:07.0389 7392 ============================================================11:33:07.0974 7392 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1700000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B602, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004011:33:07.0977 7392 Drive \Device\Harddisk1\DR1 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'11:33:07.0987 7392 ============================================================11:33:07.0987 7392 \Device\Harddisk0\DR0:11:33:07.0987 7392 MBR partitions:11:33:07.0987 7392 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1A8000011:33:07.0987 7392 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A94000, BlocksNum 0xE737600011:33:07.0987 7392 \Device\Harddisk1\DR1:11:33:07.0987 7392 MBR partitions:11:33:07.0987 7392 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x30, BlocksNum 0x777FD011:33:07.0987 7392 ============================================================11:33:08.0009 7392 C: <-> \Device\Harddisk0\DR0\Partition211:33:08.0009 7392 ============================================================11:33:08.0010 7392 Initialize success11:33:08.0010 7392 ============================================================11:33:37.0890 4868 ============================================================11:33:37.0890 4868 Scan started11:33:37.0890 4868 Mode: Manual; SigCheck; TDLFS; 11:33:37.0890 4868 ============================================================11:33:38.0045 4868 ================ Scan services =============================11:33:38.0196 4868 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys11:33:38.0241 4868 1394ohci - ok11:33:38.0262 4868 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys11:33:38.0289 4868 ACPI - ok11:33:38.0307 4868 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys11:33:38.0317 4868 AcpiPmi - ok11:33:38.0451 4868 [ 62b7936f9036dd6ed36e6a7efa805dc0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe11:33:38.0458 4868 AdobeARMservice - ok11:33:38.0707 4868 [ 459ac130c6ab892b1cd5d7544626efc5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe11:33:38.0715 4868 AdobeFlashPlayerUpdateSvc - ok11:33:38.0731 4868 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys11:33:38.0743 4868 adp94xx - ok11:33:38.0756 4868 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\drivers\adpahci.sys11:33:38.0766 4868 adpahci - ok11:33:38.0788 4868 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys11:33:38.0796 4868 adpu320 - ok11:33:38.0839 4868 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll11:33:38.0861 4868 AeLookupSvc - ok11:33:38.0954 4868 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys11:33:38.0991 4868 AFD - ok11:33:39.0009 4868 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys11:33:39.0017 4868 agp440 - ok11:33:39.0027 4868 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe11:33:39.0036 4868 ALG - ok11:33:39.0038 4868 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys11:33:39.0046 4868 aliide - ok11:33:39.0055 4868 [ a359974eaac83a435497c52f62a2e590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe11:33:39.0067 4868 AMD External Events Utility - ok11:33:39.0078 4868 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys11:33:39.0085 4868 amdide - ok11:33:39.0088 4868 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys11:33:39.0096 4868 AmdK8 - ok11:33:39.0190 4868 [ 60216b0e704584de6d5a9f59e9c34c47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys11:33:39.0282 4868 amdkmdag - ok11:33:39.0319 4868 [ 6b4e9261b613b047a9a145f328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys11:33:39.0332 4868 amdkmdap - ok11:33:39.0334 4868 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys11:33:39.0343 4868 AmdPPM - ok11:33:39.0367 4868 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys11:33:39.0375 4868 amdsata - ok11:33:39.0379 4868 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\drivers\amdsbs.sys11:33:39.0388 4868 amdsbs - ok11:33:39.0405 4868 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys11:33:39.0412 4868 amdxata - ok11:33:39.0415 4868 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys11:33:39.0436 4868 AppID - ok11:33:39.0448 4868 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll11:33:39.0470 4868 AppIDSvc - ok11:33:39.0480 4868 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll11:33:39.0502 4868 Appinfo - ok11:33:39.0615 4868 [ 3debbecf665dcdde3a95d9b902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe11:33:39.0621 4868 Apple Mobile Device - ok11:33:39.0624 4868 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\drivers\arc.sys11:33:39.0631 4868 arc - ok11:33:39.0634 4868 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\drivers\arcsas.sys11:33:39.0642 4868 arcsas - ok11:33:39.0759 4868 [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe11:33:39.0766 4868 aspnet_state - ok11:33:39.0784 4868 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys11:33:39.0806 4868 AsyncMac - ok11:33:39.0815 4868 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys11:33:39.0823 4868 atapi - ok11:33:39.0858 4868 [ 4bf5bca6e2608cd8a00bc4a6673a9f47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys11:33:39.0869 4868 AtiHDAudioService - ok11:33:39.0889 4868 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll11:33:39.0935 4868 AudioEndpointBuilder - ok11:33:39.0940 4868 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll11:33:39.0985 4868 AudioSrv - ok11:33:40.0017 4868 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll11:33:40.0029 4868 AxInstSV - ok11:33:40.0051 4868 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys11:33:40.0064 4868 b06bdrv - ok11:33:40.0076 4868 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys11:33:40.0086 4868 b57nd60a - ok11:33:40.0141 4868 [ 0b0df4cd7c2c188c95c4e09c568ad54a ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys11:33:40.0175 4868 BCM43XX - ok11:33:40.0184 4868 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll11:33:40.0194 4868 BDESVC - ok11:33:40.0204 4868 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys11:33:40.0226 4868 Beep - ok11:33:40.0259 4868 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll11:33:40.0287 4868 BFE - ok11:33:40.0310 4868 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys11:33:40.0319 4868 blbdrive - ok11:33:40.0377 4868 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe11:33:40.0387 4868 Bonjour Service - ok11:33:40.0459 4868 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys11:33:40.0468 4868 bowser - ok11:33:40.0479 4868 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys11:33:40.0489 4868 BrFiltLo - ok11:33:40.0491 4868 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys11:33:40.0500 4868 BrFiltUp - ok11:33:40.0510 4868 [ 8ef0d5c41ec907751b8429162b1239ed ] Browser C:\Windows\System32\browser.dll11:33:40.0533 4868 Browser - ok11:33:40.0547 4868 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys11:33:40.0557 4868 Brserid - ok11:33:40.0571 4868 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys11:33:40.0581 4868 BrSerWdm - ok11:33:40.0604 4868 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys11:33:40.0614 4868 BrUsbMdm - ok11:33:40.0616 4868 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys11:33:40.0625 4868 BrUsbSer - ok11:33:40.0648 4868 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys11:33:40.0658 4868 BTHMODEM - ok11:33:40.0661 4868 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll11:33:40.0684 4868 bthserv - ok11:33:40.0703 4868 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys11:33:40.0726 4868 cdfs - ok11:33:40.0764 4868 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys11:33:40.0774 4868 cdrom - ok11:33:40.0791 4868 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll11:33:40.0813 4868 CertPropSvc - ok11:33:40.0837 4868 [ 274ce03459896006f7a5069266e0469e ] cfwids C:\Windows\system32\drivers\cfwids.sys11:33:40.0843 4868 cfwids - ok11:33:40.0855 4868 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\drivers\circlass.sys11:33:40.0865 4868 circlass - ok11:33:40.0889 4868 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys11:33:40.0899 4868 CLFS - ok11:33:40.0973 4868 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe11:33:40.0980 4868 clr_optimization_v2.0.50727_32 - ok11:33:41.0003 4868 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe11:33:41.0010 4868 clr_optimization_v2.0.50727_64 - ok11:33:41.0041 4868 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe11:33:41.0048 4868 clr_optimization_v4.0.30319_32 - ok11:33:41.0064 4868 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe11:33:41.0071 4868 clr_optimization_v4.0.30319_64 - ok11:33:41.0073 4868 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys11:33:41.0082 4868 CmBatt - ok11:33:41.0084 4868 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys11:33:41.0091 4868 cmdide - ok11:33:41.0137 4868 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys11:33:41.0153 4868 CNG - ok11:33:41.0164 4868 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys11:33:41.0171 4868 Compbatt - ok11:33:41.0183 4868 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys11:33:41.0193 4868 CompositeBus - ok11:33:41.0195 4868 COMSysApp - ok11:33:41.0197 4868 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys11:33:41.0205 4868 crcdisk - ok11:33:41.0243 4868 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll11:33:41.0272 4868 CryptSvc - ok11:33:41.0357 4868 [ 72794d112cbaff3bc0c29bf7350d4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE11:33:41.0372 4868 cvhsvc - ok11:33:41.0403 4868 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll11:33:41.0429 4868 DcomLaunch - ok11:33:41.0444 4868 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll11:33:41.0468 4868 defragsvc - ok11:33:41.0480 4868 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys11:33:41.0501 4868 DfsC - ok11:33:41.0513 4868 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll11:33:41.0536 4868 Dhcp - ok11:33:41.0539 4868 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys11:33:41.0561 4868 discache - ok11:33:41.0573 4868 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\drivers\disk.sys11:33:41.0580 4868 Disk - ok11:33:41.0599 4868 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll11:33:41.0608 4868 Dnscache - ok11:33:41.0627 4868 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll11:33:41.0650 4868 dot3svc - ok11:33:41.0663 4868 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll11:33:41.0686 4868 DPS - ok11:33:41.0742 4868 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys11:33:41.0752 4868 drmkaud - ok11:33:41.0833 4868 [ 46571ed73ae84469dca53081d33cf3c8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys11:33:41.0842 4868 dtsoftbus01 - ok11:33:41.0861 4868 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys11:33:41.0877 4868 DXGKrnl - ok11:33:41.0890 4868 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll11:33:41.0913 4868 EapHost - ok11:33:41.0958 4868 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\drivers\evbda.sys11:33:41.0987 4868 ebdrv - ok11:33:42.0017 4868 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe11:33:42.0026 4868 EFS - ok11:33:42.0086 4868 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe11:33:42.0100 4868 ehRecvr - ok11:33:42.0109 4868 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe11:33:42.0118 4868 ehSched - ok11:33:42.0135 4868 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys11:33:42.0147 4868 elxstor - ok11:33:42.0158 4868 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys11:33:42.0167 4868 ErrDev - ok11:33:42.0195 4868 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll11:33:42.0220 4868 EventSystem - ok11:33:42.0239 4868 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys11:33:42.0262 4868 exfat - ok11:33:42.0287 4868 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys11:33:42.0310 4868 fastfat - ok11:33:42.0329 4868 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe11:33:42.0342 4868 Fax - ok11:33:42.0349 4868 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\drivers\fdc.sys11:33:42.0357 4868 fdc - ok11:33:42.0367 4868 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll11:33:42.0390 4868 fdPHost - ok11:33:42.0401 4868 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll11:33:42.0423 4868 FDResPub - ok11:33:42.0434 4868 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys11:33:42.0442 4868 FileInfo - ok11:33:42.0452 4868 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys11:33:42.0474 4868 Filetrace - ok11:33:42.0511 4868 [ 8669be94f63944e4f899c3950b520241 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe11:33:42.0526 4868 FLEXnet Licensing Service - ok11:33:42.0537 4868 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys11:33:42.0546 4868 flpydisk - ok11:33:42.0565 4868 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys11:33:42.0574 4868 FltMgr - ok11:33:42.0602 4868 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll11:33:42.0617 4868 FontCache - ok11:33:42.0656 4868 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe11:33:42.0662 4868 FontCache3.0.0.0 - ok11:33:42.0672 4868 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys11:33:42.0680 4868 FsDepends - ok11:33:42.0723 4868 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys11:33:42.0730 4868 Fs_Rec - ok11:33:42.0764 4868 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys11:33:42.0801 4868 fvevol - ok11:33:42.0803 4868 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys11:33:42.0813 4868 gagp30kx - ok11:33:42.0833 4868 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys11:33:42.0839 4868 GEARAspiWDM - ok11:33:42.0906 4868 [ d3316f6e3c011435f36e3d6e49b3196c ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe11:33:42.0912 4868 GoToAssist - ok11:33:42.0956 4868 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll11:33:42.0982 4868 gpsvc - ok11:33:42.0994 4868 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys11:33:43.0003 4868 hcw85cir - ok11:33:43.0035 4868 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys11:33:43.0048 4868 HdAudAddService - ok11:33:43.0066 4868 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys11:33:43.0076 4868 HDAudBus - ok11:33:43.0086 4868 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\drivers\HidBatt.sys11:33:43.0094 4868 HidBatt - ok11:33:43.0097 4868 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\drivers\hidbth.sys11:33:43.0107 4868 HidBth - ok11:33:43.0111 4868 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\drivers\hidir.sys11:33:43.0122 4868 HidIr - ok11:33:43.0125 4868 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\system32\hidserv.dll11:33:43.0147 4868 hidserv - ok11:33:43.0156 4868 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys11:33:43.0164 4868 HidUsb - ok11:33:43.0198 4868 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll11:33:43.0221 4868 hkmsvc - ok11:33:43.0240 4868 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll11:33:43.0250 4868 HomeGroupListener - ok11:33:43.0266 4868 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll11:33:43.0275 4868 HomeGroupProvider - ok11:33:43.0278 4868 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys11:33:43.0286 4868 HpSAMD - ok11:33:43.0318 4868 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys11:33:43.0345 4868 HTTP - ok11:33:43.0356 4868 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys11:33:43.0363 4868 hwpolicy - ok11:33:43.0366 4868 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys11:33:43.0374 4868 i8042prt - ok11:33:43.0401 4868 [ 2fdaec4b02729c48c0fd1b0b4695995b ] iaStor C:\Windows\system32\drivers\iaStor.sys11:33:43.0441 4868 iaStor - ok11:33:43.0482 4868 [ d41861e56e7552c13674d7f147a02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe11:33:43.0488 4868 IAStorDataMgrSvc - ok11:33:43.0501 4868 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys11:33:43.0512 4868 iaStorV - ok11:33:43.0550 4868 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe11:33:43.0564 4868 idsvc - ok11:33:43.0567 4868 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\drivers\iirsp.sys11:33:43.0576 4868 iirsp - ok11:33:43.0638 4868 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll11:33:43.0666 4868 IKEEXT - ok11:33:43.0760 4868 [ 235362d403d9d677514649d88db31914 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys11:33:43.0788 4868 IntcAzAudAddService - ok11:33:43.0808 4868 [ fc727061c0f47c8059e88e05d5c8e381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys11:33:43.0817 4868 IntcDAud - ok11:33:43.0845 4868 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys11:33:43.0852 4868 intelide - ok11:33:43.0871 4868 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys11:33:43.0879 4868 intelppm - ok11:33:43.0899 4868 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll11:33:43.0922 4868 IPBusEnum - ok11:33:43.0925 4868 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys11:33:43.0947 4868 IpFilterDriver - ok11:33:43.0960 4868 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys11:33:43.0969 4868 IPMIDRV - ok11:33:43.0972 4868 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys11:33:43.0995 4868 IPNAT - ok11:33:44.0076 4868 [ ee4c2a137c7088911a8919effc9812e7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe11:33:44.0091 4868 iPod Service - ok11:33:44.0111 4868 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys11:33:44.0122 4868 IRENUM - ok11:33:44.0124 4868 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys11:33:44.0132 4868 isapnp - ok11:33:44.0164 4868 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys11:33:44.0173 4868 iScsiPrt - ok11:33:44.0193 4868 [ 12e27942dbb7c91880163634b0d8a776 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys11:33:44.0203 4868 k57nd60a - ok11:33:44.0211 4868 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys11:33:44.0218 4868 kbdclass - ok11:33:44.0226 4868 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys11:33:44.0234 4868 kbdhid - ok11:33:44.0240 4868 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe11:33:44.0249 4868 KeyIso - ok11:33:44.0300 4868 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys11:33:44.0308 4868 KSecDD - ok11:33:44.0327 4868 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys11:33:44.0335 4868 KSecPkg - ok11:33:44.0342 4868 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys11:33:44.0365 4868 ksthunk - ok11:33:44.0399 4868 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll11:33:44.0424 4868 KtmRm - ok11:33:44.0441 4868 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\system32\srvsvc.dll11:33:44.0464 4868 LanmanServer - ok11:33:44.0475 4868 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll11:33:44.0498 4868 LanmanWorkstation - ok11:33:44.0519 4868 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys11:33:44.0542 4868 lltdio - ok11:33:44.0564 4868 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll11:33:44.0589 4868 lltdsvc - ok11:33:44.0599 4868 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll11:33:44.0622 4868 lmhosts - ok11:33:44.0630 4868 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys11:33:44.0638 4868 LSI_FC - ok11:33:44.0640 4868 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys11:33:44.0648 4868 LSI_SAS - ok11:33:44.0650 4868 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys11:33:44.0659 4868 LSI_SAS2 - ok11:33:44.0662 4868 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys11:33:44.0670 4868 LSI_SCSI - ok11:33:44.0693 4868 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys11:33:44.0716 4868 luafv - ok11:33:44.0811 4868 [ dc8490812a3b72811ae534f423b4c206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys11:33:44.0818 4868 MBAMProtector - ok11:33:44.0908 4868 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe11:33:44.0920 4868 MBAMService - ok11:33:44.0971 4868 [ 9504f1dda1b67fb8d526fd4f8cc882f3 ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe11:33:44.0979 4868 McAWFwk - ok11:33:45.0054 4868 [ f453d1e6d881e8f8717e20ccd4199e85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe11:33:45.0062 4868 McComponentHostService - ok11:33:45.0094 4868 [ acb01bf1a905356ab7f978c7fe852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe11:33:45.0102 4868 McMPFSvc - ok11:33:45.0111 4868 [ acb01bf1a905356ab7f978c7fe852209 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe11:33:45.0119 4868 mcmscsvc - ok11:33:45.0127 4868 [ acb01bf1a905356ab7f978c7fe852209 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe11:33:45.0135 4868 McNaiAnn - ok11:33:45.0138 4868 [ acb01bf1a905356ab7f978c7fe852209 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe11:33:45.0146 4868 McNASvc - ok11:33:45.0255 4868 [ dd2321925274f2902929d76ce2b0eb45 ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe11:33:45.0266 4868 McODS - ok11:33:45.0268 4868 [ acb01bf1a905356ab7f978c7fe852209 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe11:33:45.0277 4868 McOobeSv - ok11:33:45.0279 4868 [ acb01bf1a905356ab7f978c7fe852209 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe11:33:45.0287 4868 McProxy - ok11:33:45.0341 4868 [ e998e3b12101288d716558466cbf6ae1 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe11:33:45.0349 4868 McShield - ok11:33:45.0368 4868 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll11:33:45.0377 4868 Mcx2Svc - ok11:33:45.0390 4868 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\drivers\megasas.sys11:33:45.0397 4868 megasas - ok11:33:45.0422 4868 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys11:33:45.0431 4868 MegaSR - ok11:33:45.0455 4868 [ 1c6e73fc46b509eff9d0086aa37132df ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys11:33:45.0462 4868 MEIx64 - ok11:33:45.0485 4868 [ 01884cb7655c8908b43ff5e364fe6fd2 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys11:33:45.0492 4868 mfeapfk - ok11:33:45.0501 4868 [ dab9a9cdfb04e4d68924492aa043019d ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys11:33:45.0509 4868 mfeavfk - ok11:33:45.0522 4868 mfeavfk01 - ok11:33:45.0534 4868 [ b26782c3d6045b4464017d7926877560 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe11:33:45.0542 4868 mfefire - ok11:33:45.0568 4868 [ ce9a3680675c0907ade16404ca967b49 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys11:33:45.0579 4868 mfefirek - ok11:33:45.0604 4868 [ 60cf67458dd29cd17e77f2327b1a9a54 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys11:33:45.0616 4868 mfehidk - ok11:33:45.0623 4868 [ a8129cfb919347f8533c934b365e9202 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys11:33:45.0630 4868 mfenlfk - ok11:33:45.0651 4868 [ 5041fa2bd2b3a2693b015771bfbf6dca ] mferkdet C:\Windows\system32\drivers\mferkdet.sys11:33:45.0658 4868 mferkdet - ok11:33:45.0692 4868 [ 723a5eb6cef7f408c3d0f15a82a6bff8 ] mfevtp C:\Windows\system32\mfevtps.exe11:33:45.0700 4868 mfevtp - ok11:33:45.0708 4868 [ 919c56db14a0e1e2ab6da5d2821dc26e ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys11:33:45.0717 4868 mfewfpk - ok11:33:45.0733 4868 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll11:33:45.0756 4868 MMCSS - ok11:33:45.0804 4868 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys11:33:45.0827 4868 Modem - ok11:33:45.0844 4868 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys11:33:45.0854 4868 monitor - ok11:33:45.0866 4868 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys11:33:45.0875 4868 mouclass - ok11:33:45.0885 4868 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys11:33:45.0894 4868 mouhid - ok11:33:45.0905 4868 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys11:33:45.0913 4868 mountmgr - ok11:33:46.0009 4868 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe11:33:46.0048 4868 MozillaMaintenance - ok11:33:46.0075 4868 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys11:33:46.0110 4868 mpio - ok11:33:46.0133 4868 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys11:33:46.0155 4868 mpsdrv - ok11:33:46.0176 4868 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll11:33:46.0223 4868 MpsSvc - ok11:33:46.0237 4868 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys11:33:46.0249 4868 MRxDAV - ok11:33:46.0273 4868 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys11:33:46.0283 4868 mrxsmb - ok11:33:46.0300 4868 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys11:33:46.0310 4868 mrxsmb10 - ok11:33:46.0322 4868 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys11:33:46.0331 4868 mrxsmb20 - ok11:33:46.0355 4868 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys11:33:46.0363 4868 msahci - ok11:33:46.0371 4868 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys11:33:46.0379 4868 msdsm - ok11:33:46.0388 4868 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe11:33:46.0398 4868 MSDTC - ok11:33:46.0402 4868 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys11:33:46.0423 4868 Msfs - ok11:33:46.0425 4868 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys11:33:46.0447 4868 mshidkmdf - ok11:33:46.0457 4868 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys11:33:46.0464 4868 msisadrv - ok11:33:46.0486 4868 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll11:33:46.0510 4868 MSiSCSI - ok11:33:46.0512 4868 msiserver - ok11:33:46.0514 4868 [ acb01bf1a905356ab7f978c7fe852209 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe11:33:46.0522 4868 MSK80Service - ok11:33:46.0529 4868 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys11:33:46.0551 4868 MSKSSRV - ok11:33:46.0554 4868 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys11:33:46.0575 4868 MSPCLOCK - ok11:33:46.0577 4868 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys11:33:46.0599 4868 MSPQM - ok11:33:46.0614 4868 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys11:33:46.0624 4868 MsRPC - ok11:33:46.0634 4868 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys11:33:46.0642 4868 mssmbios - ok11:33:46.0652 4868 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys11:33:46.0675 4868 MSTEE - ok11:33:46.0677 4868 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\drivers\MTConfig.sys11:33:46.0685 4868 MTConfig - ok11:33:46.0717 4868 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys11:33:46.0727 4868 Mup - ok11:33:46.0749 4868 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll11:33:46.0773 4868 napagent - ok11:33:46.0803 4868 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys11:33:46.0817 4868 NativeWifiP - ok11:33:46.0896 4868 [ 934bb0d23a25c8c136570800a5a149b6 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe11:33:46.0908 4868 NAUpdate - ok11:33:46.0942 4868 [ c38b8ae57f78915905064a9a24dc1586 ] NDIS C:\Windows\system32\drivers\ndis.sys11:33:46.0958 4868 NDIS - ok11:33:46.0962 4868 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys11:33:46.0983 4868 NdisCap - ok11:33:46.0997 4868 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys11:33:47.0019 4868 NdisTapi - ok11:33:47.0028 4868 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys11:33:47.0050 4868 Ndisuio - ok11:33:47.0063 4868 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys11:33:47.0085 4868 NdisWan - ok11:33:47.0097 4868 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys11:33:47.0118 4868 NDProxy - ok11:33:47.0128 4868 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys11:33:47.0150 4868 NetBIOS - ok11:33:47.0162 4868 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys11:33:47.0185 4868 NetBT - ok11:33:47.0195 4868 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe11:33:47.0204 4868 Netlogon - ok11:33:47.0225 4868 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll11:33:47.0251 4868 Netman - ok11:33:47.0272 4868 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe11:33:47.0279 4868 NetMsmqActivator - ok11:33:47.0282 4868 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe11:33:47.0289 4868 NetPipeActivator - ok11:33:47.0307 4868 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll11:33:47.0332 4868 netprofm - ok11:33:47.0334 4868 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe11:33:47.0342 4868 NetTcpActivator - ok11:33:47.0343 4868 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe11:33:47.0350 4868 NetTcpPortSharing - ok11:33:47.0356 4868 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys11:33:47.0363 4868 nfrd960 - ok11:33:47.0460 4868 [ 1a8ccc605736faafd9d94f07ac589f3d ] NitroDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe11:33:47.0468 4868 NitroDriverReadSpool2 - ok11:33:47.0484 4868 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll11:33:47.0508 4868 NlaSvc - ok11:33:47.0555 4868 [ b422edd69662707643e44332ec491b77 ] nlsX86cc C:\Windows\SysWOW64\NLSSRV32.EXE11:33:47.0562 4868 nlsX86cc - ok11:33:47.0617 4868 [ b9b72faaaa41d59b73b88fe3dd737ed1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe11:33:47.0648 4868 NOBU - ok11:33:47.0651 4868 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys11:33:47.0672 4868 Npfs - ok11:33:47.0698 4868 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll11:33:47.0721 4868 nsi - ok11:33:47.0723 4868 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys11:33:47.0745 4868 nsiproxy - ok11:33:47.0789 4868 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys11:33:47.0811 4868 Ntfs - ok11:33:47.0820 4868 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys11:33:47.0842 4868 Null - ok11:33:47.0853 4868 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys11:33:47.0861 4868 nvraid - ok11:33:47.0889 4868 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys11:33:47.0898 4868 nvstor - ok11:33:47.0905 4868 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys11:33:47.0913 4868 nv_agp - ok11:33:47.0929 4868 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys11:33:47.0937 4868 ohci1394 - ok11:33:47.0981 4868 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE11:33:47.0989 4868 ose - ok11:33:48.0101 4868 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE11:33:48.0154 4868 osppsvc - ok11:33:48.0172 4868 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll11:33:48.0182 4868 p2pimsvc - ok11:33:48.0193 4868 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll11:33:48.0204 4868 p2psvc - ok11:33:48.0217 4868 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\drivers\parport.sys11:33:48.0226 4868 Parport - ok11:33:48.0265 4868 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys11:33:48.0273 4868 partmgr - ok11:33:48.0286 4868 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll11:33:48.0299 4868 PcaSvc - ok11:33:48.0375 4868 [ 7317a0b550f7ac0223b7070897670476 ] PCDSRVC{1E208CE0-FB7451FF-06020101}_0 c:\program files\dell support center\pcdsrvc_x64.pkms11:33:48.0381 4868 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok11:33:48.0412 4868 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys11:33:48.0421 4868 pci - ok11:33:48.0442 4868 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys11:33:48.0449 4868 pciide - ok11:33:48.0471 4868 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\drivers\pcmcia.sys11:33:48.0480 4868 pcmcia - ok11:33:48.0494 4868 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys11:33:48.0501 4868 pcw - ok11:33:48.0526 4868 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys11:33:48.0552 4868 PEAUTH - ok11:33:48.0573 4868 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe11:33:48.0582 4868 PerfHost - ok11:33:48.0617 4868 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll11:33:48.0648 4868 pla - ok11:33:48.0684 4868 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll11:33:48.0695 4868 PlugPlay - ok11:33:48.0701 4868 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll11:33:48.0712 4868 PNRPAutoReg - ok11:33:48.0717 4868 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll11:33:48.0728 4868 PNRPsvc - ok11:33:48.0771 4868 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll11:33:48.0796 4868 PolicyAgent - ok11:33:48.0815 4868 [ a2cca4fb273e6050f17a0a416cff2fcd ] Power C:\Windows\system32\umpo.dll11:33:48.0825 4868 Power - ok11:33:48.0837 4868 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys11:33:48.0859 4868 PptpMiniport - ok11:33:48.0862 4868 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\drivers\processr.sys11:33:48.0871 4868 Processor - ok11:33:48.0926 4868 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll11:33:48.0936 4868 ProfSvc - ok11:33:48.0938 4868 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe11:33:48.0946 4868 ProtectedStorage - ok11:33:48.0979 4868 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys11:33:49.0001 4868 Psched - ok11:33:49.0025 4868 [ 87b04878a6d59d6c79251dc960c674c1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys11:33:49.0031 4868 PxHlpa64 - ok11:33:49.0068 4868 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys11:33:49.0088 4868 ql2300 - ok11:33:49.0092 4868 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys11:33:49.0100 4868 ql40xx - ok11:33:49.0117 4868 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll11:33:49.0129 4868 QWAVE - ok11:33:49.0135 4868 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys11:33:49.0146 4868 QWAVEdrv - ok11:33:49.0155 4868 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys11:33:49.0177 4868 RasAcd - ok11:33:49.0195 4868 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys11:33:49.0218 4868 RasAgileVpn - ok11:33:49.0230 4868 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll11:33:49.0253 4868 RasAuto - ok11:33:49.0265 4868 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys11:33:49.0287 4868 Rasl2tp - ok11:33:49.0337 4868 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll11:33:49.0361 4868 RasMan - ok11:33:49.0374 4868 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys11:33:49.0396 4868 RasPppoe - ok11:33:49.0404 4868 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys11:33:49.0427 4868 RasSstp - ok11:33:49.0442 4868 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys11:33:49.0465 4868 rdbss - ok11:33:49.0474 4868 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\drivers\rdpbus.sys11:33:49.0484 4868 rdpbus - ok11:33:49.0489 4868 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys11:33:49.0511 4868 RDPCDD - ok11:33:49.0522 4868 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys11:33:49.0544 4868 RDPENCDD - ok11:33:49.0555 4868 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys11:33:49.0577 4868 RDPREFMP - ok11:33:49.0617 4868 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys11:33:49.0627 4868 RDPWD - ok11:33:49.0641 4868 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys11:33:49.0649 4868 rdyboost - ok11:33:49.0665 4868 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll11:33:49.0688 4868 RemoteAccess - ok11:33:49.0721 4868 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll11:33:49.0745 4868 RemoteRegistry - ok11:33:49.0807 4868 [ 3c957189b31c34d3ad21967b12b6aed7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe11:33:49.0823 4868 RoxMediaDB12OEM - ok11:33:49.0851 4868 [ 2b73088cc2ca757a172b425c9398e5bc ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe11:33:49.0894 4868 RoxWatch12 - ok11:33:49.0906 4868 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll11:33:49.0930 4868 RpcEptMapper - ok11:33:49.0948 4868 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe11:33:49.0960 4868 RpcLocator - ok11:33:49.0983 4868 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll11:33:50.0008 4868 RpcSs - ok11:33:50.0025 4868 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys11:33:50.0047 4868 rspndr - ok11:33:50.0049 4868 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe11:33:50.0057 4868 SamSs - ok11:33:50.0072 4868 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys11:33:50.0080 4868 sbp2port - ok11:33:50.0100 4868 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll11:33:50.0124 4868 SCardSvr - ok11:33:50.0135 4868 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys11:33:50.0156 4868 scfilter - ok11:33:50.0179 4868 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll11:33:50.0208 4868 Schedule - ok11:33:50.0224 4868 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll11:33:50.0246 4868 SCPolicySvc - ok11:33:50.0263 4868 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll11:33:50.0274 4868 SDRSVC - ok11:33:50.0289 4868 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys11:33:50.0312 4868 secdrv - ok11:33:50.0316 4868 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll11:33:50.0338 4868 seclogon - ok11:33:50.0357 4868 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\System32\sens.dll11:33:50.0379 4868 SENS - ok11:33:50.0402 4868 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll11:33:50.0411 4868 SensrSvc - ok11:33:50.0428 4868 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\drivers\serenum.sys11:33:50.0437 4868 Serenum - ok11:33:50.0443 4868 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\drivers\serial.sys11:33:50.0452 4868 Serial - ok11:33:50.0454 4868 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\drivers\sermouse.sys11:33:50.0463 4868 sermouse - ok11:33:50.0490 4868 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll11:33:50.0512 4868 SessionEnv - ok11:33:50.0515 4868 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys11:33:50.0525 4868 sffdisk - ok11:33:50.0527 4868 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys11:33:50.0536 4868 sffp_mmc - ok11:33:50.0539 4868 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys11:33:50.0549 4868 sffp_sd - ok11:33:50.0551 4868 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys11:33:50.0559 4868 sfloppy - ok11:33:50.0614 4868 [ c6cc9297bd53e5229653303e556aa539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys11:33:50.0627 4868 Sftfs - ok11:33:50.0717 4868 [ 13693b6354dd6e72dc5131da7d764b90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe11:33:50.0727 4868 sftlist - ok11:33:50.0740 4868 [ 390aa7bc52cee43f6790cdea1e776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys11:33:50.0749 4868 Sftplay - ok11:33:50.0765 4868 [ 617e29a0b0a2807466560d4c4e338d3e ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys11:33:50.0771 4868 Sftredir - ok11:33:50.0838 4868 [ 29ddea72c5bdf61d62f4d438dc0e497c ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE11:33:50.0895 4868 SftService - ok11:33:50.0902 4868 [ 8f571f016fa1976f445147e9e6c8ae9b ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys11:33:50.0909 4868 Sftvol - ok11:33:50.0924 4868 [ c3cddd18f43d44ab713cf8c4916f7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe11:33:50.0962 4868 sftvsa - ok11:33:50.0996 4868 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll11:33:51.0021 4868 SharedAccess - ok11:33:51.0048 4868 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll11:33:51.0072 4868 ShellHWDetection - ok11:33:51.0075 4868 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys11:33:51.0082 4868 SiSRaid2 - ok11:33:51.0096 4868 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys11:33:51.0104 4868 SiSRaid4 - ok11:33:51.0106 4868 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys11:33:51.0128 4868 Smb - ok11:33:51.0137 4868 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe11:33:51.0149 4868 SNMPTRAP - ok11:33:51.0157 4868 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys11:33:51.0166 4868 spldr - ok11:33:51.0179 4868 [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler C:\Windows\System32\spoolsv.exe11:33:51.0231 4868 Spooler - ok11:33:51.0273 4868 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe11:33:51.0317 4868 sppsvc - ok11:33:51.0326 4868 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll11:33:51.0348 4868 sppuinotify - ok11:33:51.0368 4868 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys11:33:51.0378 4868 srv - ok11:33:51.0387 4868 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys11:33:51.0398 4868 srv2 - ok11:33:51.0409 4868 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys11:33:51.0418 4868 srvnet - ok11:33:51.0438 4868 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll11:33:51.0462 4868 SSDPSRV - ok11:33:51.0475 4868 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll11:33:51.0498 4868 SstpSvc - ok11:33:51.0515 4868 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\drivers\stexstor.sys11:33:51.0522 4868 stexstor - ok11:33:51.0543 4868 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll11:33:51.0559 4868 stisvc - ok11:33:51.0583 4868 [ 7731f46ec0d687a931cba063e8f90ef0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe11:33:51.0589 4868 stllssvr - ok11:33:51.0600 4868 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys11:33:51.0608 4868 swenum - ok11:33:51.0748 4868 [ f577910a133a592234ebaad3f3afa258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe11:33:51.0791 4868 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning11:33:51.0791 4868 SwitchBoard - detected UnsignedFile.Multi.Generic (1)11:33:51.0807 4868 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll11:33:51.0832 4868 swprv - ok11:33:51.0860 4868 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll11:33:51.0883 4868 SysMain - ok11:33:51.0896 4868 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll11:33:51.0908 4868 TabletInputService - ok11:33:51.0922 4868 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll11:33:51.0946 4868 TapiSrv - ok11:33:51.0956 4868 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll11:33:51.0980 4868 TBS - ok11:33:52.0048 4868 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys11:33:52.0072 4868 Tcpip - ok11:33:52.0092 4868 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys11:33:52.0116 4868 TCPIP6 - ok11:33:52.0131 4868 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys11:33:52.0152 4868 tcpipreg - ok11:33:52.0163 4868 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys11:33:52.0171 4868 TDPIPE - ok11:33:52.0207 4868 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys11:33:52.0215 4868 TDTCP - ok11:33:52.0252 4868 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys11:33:52.0275 4868 tdx - ok11:33:52.0283 4868 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys11:33:52.0291 4868 TermDD - ok11:33:52.0309 4868 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll11:33:52.0335 4868 TermService - ok11:33:52.0353 4868 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll11:33:52.0365 4868 Themes - ok11:33:52.0385 4868 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll11:33:52.0409 4868 THREADORDER - ok11:33:52.0418 4868 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll11:33:52.0441 4868 TrkWks - ok11:33:52.0480 4868 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe11:33:52.0503 4868 TrustedInstaller - ok11:33:52.0508 4868 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys11:33:52.0529 4868 tssecsrv - ok11:33:52.0542 4868 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys11:33:52.0550 4868 TsUsbFlt - ok11:33:52.0557 4868 [ 9cc2ccae8a84820eaecb886d477cbcb8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys11:33:52.0565 4868 TsUsbGD - ok11:33:52.0588 4868 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys11:33:52.0611 4868 tunnel - ok11:33:52.0625 4868 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys11:33:52.0632 4868 uagp35 - ok11:33:52.0646 4868 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys11:33:52.0670 4868 udfs - ok11:33:52.0677 4868 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe11:33:52.0687 4868 UI0Detect - ok11:33:52.0701 4868 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys11:33:52.0708 4868 uliagpkx - ok11:33:52.0741 4868 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys11:33:52.0750 4868 umbus - ok11:33:52.0752 4868 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\drivers\umpass.sys11:33:52.0760 4868 UmPass - ok11:33:52.0790 4868 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll11:33:52.0814 4868 upnphost - ok11:33:52.0843 4868 [ aa33fc47ed58c34e6e9261e4f850b7eb ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys11:33:52.0851 4868 USBAAPL64 - ok11:33:52.0885 4868 [ 19ad7990c0b67e48dac5b26f99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys11:33:52.0894 4868 usbccgp - ok11:33:52.0919 4868 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys11:33:52.0930 4868 usbcir - ok11:33:52.0953 4868 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys11:33:52.0961 4868 usbehci - ok11:33:52.0990 4868 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys11:33:53.0000 4868 usbhub - ok11:33:53.0015 4868 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\drivers\usbohci.sys11:33:53.0023 4868 usbohci - ok11:33:53.0039 4868 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\drivers\usbprint.sys11:33:53.0049 4868 usbprint - ok11:33:53.0071 4868 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS11:33:53.0079 4868 USBSTOR - ok11:33:53.0095 4868 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\drivers\usbuhci.sys11:33:53.0103 4868 usbuhci - ok11:33:53.0114 4868 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll11:33:53.0136 4868 UxSms - ok11:33:53.0138 4868 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe11:33:53.0147 4868 VaultSvc - ok11:33:53.0151 4868 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys11:33:53.0158 4868 vdrvroot - ok11:33:53.0167 4868 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe11:33:53.0193 4868 vds - ok11:33:53.0195 4868 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys11:33:53.0205 4868 vga - ok11:33:53.0210 4868 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys11:33:53.0232 4868 VgaSave - ok11:33:53.0246 4868 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys11:33:53.0255 4868 vhdmp - ok11:33:53.0258 4868 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys11:33:53.0265 4868 viaide - ok11:33:53.0292 4868 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys11:33:53.0300 4868 volmgr - ok11:33:53.0322 4868 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys11:33:53.0332 4868 volmgrx - ok11:33:53.0346 4868 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys11:33:53.0356 4868 volsnap - ok11:33:53.0360 4868 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys11:33:53.0368 4868 vsmraid - ok11:33:53.0401 4868 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe11:33:53.0434 4868 VSS - ok11:33:53.0445 4868 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys11:33:53.0455 4868 vwifibus - ok11:33:53.0465 4868 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys11:33:53.0476 4868 vwififlt - ok11:33:53.0497 4868 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll11:33:53.0524 4868 W32Time - ok11:33:53.0538 4868 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\drivers\wacompen.sys11:33:53.0547 4868 WacomPen - ok11:33:53.0563 4868 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys11:33:53.0585 4868 WANARP - ok11:33:53.0588 4868 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys11:33:53.0610 4868 Wanarpv6 - ok11:33:53.0665 4868 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe11:33:53.0683 4868 WatAdminSvc - ok11:33:53.0733 4868 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe11:33:53.0751 4868 wbengine - ok11:33:53.0767 4868 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll11:33:53.0780 4868 WbioSrvc - ok11:33:53.0789 4868 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll11:33:53.0803 4868 wcncsvc - ok11:33:53.0813 4868 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll11:33:53.0823 4868 WcsPlugInService - ok11:33:53.0825 4868 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\drivers\wd.sys11:33:53.0832 4868 Wd - ok11:33:53.0846 4868 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys11:33:53.0859 4868 Wdf01000 - ok11:33:53.0861 4868 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll11:33:53.0880 4868 WdiServiceHost - ok11:33:53.0883 4868 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll11:33:53.0901 4868 WdiSystemHost - ok11:33:53.0914 4868 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll11:33:53.0927 4868 WebClient - ok11:33:53.0931 4868 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll11:33:53.0955 4868 Wecsvc - ok11:33:53.0970 4868 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll11:33:53.0994 4868 wercplsupport - ok11:33:54.0016 4868 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll11:33:54.0039 4868 WerSvc - ok11:33:54.0045 4868 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys11:33:54.0067 4868 WfpLwf - ok11:33:54.0091 4868 [ b14ef15bd757fa488f9c970eee9c0d35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys11:33:54.0100 4868 WimFltr - ok11:33:54.0102 4868 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys11:33:54.0109 4868 WIMMount - ok11:33:54.0138 4868 WinDefend - ok11:33:54.0142 4868 WinHttpAutoProxySvc - ok11:33:54.0184 4868 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll11:33:54.0208 4868 Winmgmt - ok11:33:54.0235 4868 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll11:33:54.0272 4868 WinRM - ok11:33:54.0300 4868 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys11:33:54.0311 4868 WinUsb - ok11:33:54.0334 4868 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll11:33:54.0352 4868 Wlansvc - ok11:33:54.0401 4868 [ 06c8fa1cf39de6a735b54d906ba791c6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe11:33:54.0408 4868 wlcrasvc - ok11:33:54.0482 4868 [ 7e47c328fc4768cb8beafbcfafa70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE11:33:54.0509 4868 wlidsvc - ok11:33:54.0512 4868 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys11:33:54.0520 4868 WmiAcpi - ok11:33:54.0546 4868 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe11:33:54.0556 4868 wmiApSrv - ok11:33:54.0558 4868 WMPNetworkSvc - ok11:33:54.0574 4868 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll11:33:54.0583 4868 WPCSvc - ok11:33:54.0595 4868 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll11:33:54.0606 4868 WPDBusEnum - ok11:33:54.0614 4868 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys11:33:54.0636 4868 ws2ifsl - ok11:33:54.0637 4868 WSearch - ok11:33:54.0650 4868 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys11:33:54.0672 4868 WudfPf - ok11:33:54.0704 4868 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys11:33:54.0727 4868 WUDFRd - ok11:33:54.0749 4868 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll11:33:54.0772 4868 wudfsvc - ok11:33:54.0811 4868 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll11:33:54.0824 4868 WwanSvc - ok11:33:54.0829 4868 ================ Scan global ===============================11:33:54.0842 4868 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll11:33:54.0862 4868 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll11:33:54.0867 4868 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll11:33:54.0886 4868 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll11:33:54.0912 4868 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe11:33:54.0914 4868 [Global] - ok11:33:54.0914 4868 ================ Scan MBR ==================================11:33:54.0929 4868 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR011:33:55.0154 4868 \Device\Harddisk0\DR0 - ok11:33:55.0157 4868 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR111:33:56.0611 4868 \Device\Harddisk1\DR1 - ok11:33:56.0611 4868 ================ Scan VBR ==================================11:33:56.0612 4868 Boot (0x1200) (0dd43e4b0a72a4724d841acfa07e0af7) \Device\Harddisk0\DR0\Partition111:33:56.0613 4868 \Device\Harddisk0\DR0\Partition1 - ok11:33:56.0634 4868 Boot (0x1200) (9a4dff551913494e7507cd177185119a) \Device\Harddisk0\DR0\Partition211:33:56.0643 4868 \Device\Harddisk0\DR0\Partition2 - ok11:33:56.0646 4868 Boot (0x1200) (8cc2d55728a4e99993bd0ab39c461ce8) \Device\Harddisk1\DR1\Partition111:33:56.0646 4868 \Device\Harddisk1\DR1\Partition1 - ok11:33:56.0647 4868 ============================================================11:33:56.0647 4868 Scan finished11:33:56.0647 4868 ============================================================11:33:56.0652 7540 Detected object count: 111:33:56.0652 7540 Actual detected object count: 111:34:01.0240 7540 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user11:34:01.0240 7540 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:34:50.0756 5512 Deinitialize success Link to post Share on other sites More sharing options...
MrCharlie Posted August 18, 2012 ID:586910 Share Posted August 18, 2012 That scan was clean........Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingc...to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed.Please include the C:\ComboFix.txt in your next reply for further review.---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
Therese1 Posted August 21, 2012 Author ID:587957 Share Posted August 21, 2012 Here's what combofix producedComboFix 12-08-20.02 - Therese 21/08/2012 10:59:23.1.8 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.8174.6307 [GMT 12:00]Running from: c:\users\Therese\Desktop\ComboFix.exeAV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2012-07-21 to 2012-08-21 )))))))))))))))))))))))))))))))..2012-08-20 23:04 . 2012-08-20 23:04 -------- d-----w- c:\users\Default\AppData\Local\temp2012-08-18 11:21 . 2012-08-18 11:21 -------- d-----w- c:\programdata\GameHouse2012-08-18 11:14 . 2012-08-18 11:14 -------- d-----w- C:\GameHouse Games2012-08-18 11:14 . 2012-08-18 11:14 -------- d-----w- c:\program files (x86)\RealArcade2012-08-18 08:13 . 2012-08-18 08:13 -------- d-----w- c:\users\Therese\AppData\Local\Evernote2012-08-18 08:12 . 2012-08-18 08:12 -------- d-----w- c:\program files (x86)\Evernote2012-08-16 23:58 . 2012-08-16 23:58 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll2012-08-16 23:58 . 2012-08-16 23:58 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll2012-08-14 08:25 . 2012-08-14 08:25 -------- d-----w- C:\FRST2012-08-07 05:56 . 2012-08-07 05:56 -------- d-----w- c:\program files\CCleaner2012-08-07 05:41 . 2012-08-07 05:41 -------- d-----w- c:\users\Therese\AppData\Roaming\Malwarebytes2012-08-07 05:41 . 2012-08-07 05:41 -------- d-----w- c:\programdata\Malwarebytes2012-08-07 05:40 . 2012-07-03 01:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys2012-08-07 05:40 . 2012-08-07 05:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2012-08-07 05:27 . 2012-08-10 08:01 16200 ----a-w- c:\windows\stinger.sys2012-08-07 05:26 . 2012-08-10 08:55 -------- d-----w- c:\program files (x86)\stinger2012-08-07 02:28 . 2012-07-15 14:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A3A94243-FC9B-45C9-A2D6-85020D17DC93}\mpengine.dll2012-08-02 11:28 . 2012-08-02 12:44 -------- d-----w- c:\programdata\OrganicCoffee...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-08-02 11:00 . 2012-07-19 13:09 49152 ----a-r- c:\users\Therese\AppData\Roaming\Microsoft\Installer\{DA5E6A2D-DEAA-4152-A43A-FDBDE29AA724}\DAMN_NFO_Viewer.exe_DA5E6A2DDEAA4152A43AFDBDE29AA724.exe2012-08-02 11:00 . 2012-07-19 13:09 49152 ----a-r- c:\users\Therese\AppData\Roaming\Microsoft\Installer\{DA5E6A2D-DEAA-4152-A43A-FDBDE29AA724}\ARPPRODUCTICON.exe2012-07-12 13:53 . 2012-01-25 01:11 59701280 ----a-w- c:\windows\system32\MRT.exe2012-06-12 03:08 . 2012-07-12 13:55 3148800 ----a-w- c:\windows\system32\win32k.sys2012-06-09 05:43 . 2012-07-12 10:25 14172672 ----a-w- c:\windows\system32\shell32.dll2012-06-06 06:06 . 2012-07-12 10:25 2004480 ----a-w- c:\windows\system32\msxml6.dll2012-06-06 06:06 . 2012-07-12 10:25 1881600 ----a-w- c:\windows\system32\msxml3.dll2012-06-06 06:02 . 2012-07-12 10:25 1133568 ----a-w- c:\windows\system32\cdosys.dll2012-06-06 05:05 . 2012-07-12 10:25 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll2012-06-06 05:05 . 2012-07-12 10:25 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll2012-06-06 05:03 . 2012-07-12 10:25 805376 ----a-w- c:\windows\SysWow64\cdosys.dll2012-06-03 09:25 . 2012-06-03 09:25 69640 ----a-w- c:\windows\SysWow64\NLSSRV32.EXE2012-06-03 09:25 . 2012-06-05 10:57 29704 ----a-w- c:\windows\system32\nitrolocalmon2.dll2012-06-03 09:25 . 2012-06-05 10:57 17928 ----a-w- c:\windows\system32\nitrolocalui2.dll2012-06-02 22:19 . 2012-06-22 00:04 38424 ----a-w- c:\windows\system32\wups.dll2012-06-02 22:19 . 2012-06-22 00:05 2428952 ----a-w- c:\windows\system32\wuaueng.dll2012-06-02 22:19 . 2012-06-22 00:05 57880 ----a-w- c:\windows\system32\wuauclt.exe2012-06-02 22:19 . 2012-06-22 00:05 44056 ----a-w- c:\windows\system32\wups2.dll2012-06-02 22:19 . 2012-06-22 00:04 701976 ----a-w- c:\windows\system32\wuapi.dll2012-06-02 22:15 . 2012-06-22 00:05 2622464 ----a-w- c:\windows\system32\wucltux.dll2012-06-02 22:15 . 2012-06-22 00:04 99840 ----a-w- c:\windows\system32\wudriver.dll2012-06-02 12:49 . 2012-07-12 13:52 17807360 ----a-w- c:\windows\system32\mshtml.dll2012-06-02 12:17 . 2012-07-12 13:52 10924032 ----a-w- c:\windows\system32\ieframe.dll2012-06-02 12:12 . 2012-07-12 13:52 2311680 ----a-w- c:\windows\system32\jscript9.dll2012-06-02 12:05 . 2012-07-12 13:52 1346048 ----a-w- c:\windows\system32\urlmon.dll2012-06-02 12:05 . 2012-07-12 13:52 1392128 ----a-w- c:\windows\system32\wininet.dll2012-06-02 12:04 . 2012-07-12 13:52 1494528 ----a-w- c:\windows\system32\inetcpl.cpl2012-06-02 12:04 . 2012-07-12 13:52 237056 ----a-w- c:\windows\system32\url.dll2012-06-02 12:03 . 2012-07-12 13:52 85504 ----a-w- c:\windows\system32\jsproxy.dll2012-06-02 12:01 . 2012-07-12 13:52 173056 ----a-w- c:\windows\system32\ieUnatt.exe2012-06-02 12:00 . 2012-07-12 13:52 818688 ----a-w- c:\windows\system32\jscript.dll2012-06-02 11:59 . 2012-07-12 13:52 2144768 ----a-w- c:\windows\system32\iertutil.dll2012-06-02 11:57 . 2012-07-12 13:52 96768 ----a-w- c:\windows\system32\mshtmled.dll2012-06-02 11:57 . 2012-07-12 13:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb2012-06-02 11:54 . 2012-07-12 13:52 248320 ----a-w- c:\windows\system32\ieui.dll2012-06-02 08:33 . 2012-07-12 13:52 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll2012-06-02 08:25 . 2012-07-12 13:52 1129472 ----a-w- c:\windows\SysWow64\wininet.dll2012-06-02 08:25 . 2012-07-12 13:52 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl2012-06-02 08:20 . 2012-07-12 13:52 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe2012-06-02 08:16 . 2012-07-12 13:52 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb2012-06-02 05:50 . 2012-07-12 10:25 458704 ----a-w- c:\windows\system32\drivers\cng.sys2012-06-02 05:48 . 2012-07-12 10:25 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys2012-06-02 05:48 . 2012-07-12 10:25 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys2012-06-02 05:45 . 2012-07-12 10:25 340992 ----a-w- c:\windows\system32\schannel.dll2012-06-02 05:44 . 2012-07-12 10:25 307200 ----a-w- c:\windows\system32\ncrypt.dll2012-06-02 04:40 . 2012-07-12 10:25 22016 ----a-w- c:\windows\SysWow64\secur32.dll2012-06-02 04:40 . 2012-07-12 10:25 225280 ----a-w- c:\windows\SysWow64\schannel.dll2012-06-02 04:39 . 2012-07-12 10:25 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll2012-06-02 04:34 . 2012-07-12 10:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll2012-06-02 03:19 . 2012-06-22 00:04 186752 ----a-w- c:\windows\system32\wuwebv.dll2012-06-02 03:15 . 2012-06-22 00:04 36864 ----a-w- c:\windows\system32\wuapp.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2012-02-14 22:58 94208 ----a-w- c:\users\Therese\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2012-02-14 22:58 94208 ----a-w- c:\users\Therese\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2012-02-14 22:58 94208 ----a-w- c:\users\Therese\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 336384]"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-25 1117528]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-01-03 35736]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-24 240112]"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2011-07-07 75064]"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-29 885760]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-16 252296]"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920].c:\users\Therese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Therese\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-25 27112840]EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-8-14 1014624].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-16 255536].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux2"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-24 219632]R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 253088]R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-16 113120]R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-24 1116656]R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-25 1255736]R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-18 55856]S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-15 283200]S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-02 63928]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2012-06-03 216072]S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE [2012-06-03 69640]S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-09-30 508776]S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9319936]S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 306176]S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-06-08 406056]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-22 56344]S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-09-30 764264]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-09-30 268648]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-09-30 25960]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-09-30 22376]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-09-30 219496]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL*Deregistered* - mfeavfk01.Contents of the 'Scheduled Tasks' folder.2012-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 00:48].2012-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-452861804-2919628889-209171230-1000Core.job- c:\users\Therese\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-24 07:30].2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-452861804-2919628889-209171230-1000UA.job- c:\users\Therese\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-24 07:30].2012-08-03 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11].2012-08-20 c:\windows\Tasks\SystemToolsDailyTest.job- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2012-02-14 22:58 97792 ----a-w- c:\users\Therese\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2012-02-14 22:58 97792 ----a-w- c:\users\Therese\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2012-02-14 22:58 97792 ----a-w- c:\users\Therese\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2012-02-14 22:58 97792 ----a-w- c:\users\Therese\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 10920552]"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-27 2022976]"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-29 2055016]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x0.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.google.co.nz/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204TCP: DhcpNameServer = 192.168.0.1FF - ProfilePath - c:\users\Therese\AppData\Roaming\Mozilla\Firefox\Profiles\mvsz5q1i.default\.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Wow6432Node-HKCU-Run-AdobeBridge - (no file)Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exeToolbar-Locked - (no file)AddRemove-Family Farm - c:\program files (x86)\Family Farm\Uninstall.exeAddRemove-Jos Dream - Organic Coffeev1.01 - c:\program files (x86)\Jos Dream - Organic Coffee\uninstall.exeAddRemove-Lovely Kitchen - c:\program files (x86)\Lovely Kitchen\Uninstall.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe.**************************************************************************.Completion time: 2012-08-21 13:41:42 - machine was rebootedComboFix-quarantined-files.txt 2012-08-21 01:41.Pre-Run: 1,522,309,054,464 bytes freePost-Run: 1,522,670,940,160 bytes free.- - End Of File - - 2C6E241E9CE106D73222DDADDFFE48C4 Link to post Share on other sites More sharing options...
MrCharlie Posted August 21, 2012 ID:587958 Share Posted August 21, 2012 Looks Good.....Please Update and run a Quick Scan with MBAM, post the report.Make sure that everything is checked, and click Remove Selected.Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
MrCharlie Posted August 23, 2012 ID:588945 Share Posted August 23, 2012 How are we doing??Do you still need help or can I close this post??MrC Link to post Share on other sites More sharing options...
Therese1 Posted August 23, 2012 Author ID:589057 Share Posted August 23, 2012 I ran the scan, it didn't detect any malicious itemsMalwarebytes Anti-Malware 1.62.0.1300www.malwarebytes.orgDatabase version: v2012.08.23.04Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Therese :: THERESE-PC [administrator]Protection: Enabled23/08/2012 9:50:50 p.m.mbam-log-2012-08-23 (21-50-50).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 201795Time elapsed: 4 minute(s), 44 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)so does this mean everything is ok now? Link to post Share on other sites More sharing options...
MrCharlie Posted August 23, 2012 ID:589083 Share Posted August 23, 2012 Yes you're clean.Lets check your system security.......Please do this:Download Security Check by screen317 from HERE or HERE.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.MrC Link to post Share on other sites More sharing options...
Therese1 Posted August 24, 2012 Author ID:589368 Share Posted August 24, 2012 Here's checkup.txt Results of screen317's Security Check version 0.99.46 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.62.0.1300 JavaFX 2.1.0 Java 7 Update 4 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.2.202.233 Flash Player out of Date! Adobe Reader X 10.1.2 Adobe Reader out of Date! Mozilla Firefox (14.0.1) Google Chrome 21.0.1180.79 Google Chrome 21.0.1180.83 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
MrCharlie Posted August 24, 2012 ID:589442 Share Posted August 24, 2012 JavaFX 2.1.0Java™ 7 Update 4Java version out of Date!Adobe Flash Player 10 Flash Player out of Date!Adobe Flash Player 11.2.202.233 Flash Player out of Date!Adobe Reader X 10.1.2 Adobe Reader out of Date!Your Java, Adobe Flash Player and Reader are all out of date.Older versions of programs are vulnerable to malware, please update themYou can find info on that in my Preventive Maintenance~~~~~~~~~~~~~~~~~~~~~~~~~~~A little clean up to do....Please Uninstall ComboFix: (if you used it)Press the Windows logo key + R to bring up the "run box"Copy and paste next command in the field:ComboFix /uninstallMake sure there's a space between Combofix and /Then hit enter.This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)---------------------------------Please download OTL from one of the links below: (you may already have OTL on the system)http://oldtimer.geekstogo.com/OTL.exehttp://oldtimer.geekstogo.com/OTL.comhttp://www.itxassoci...T-Tools/OTL.exeSave it to your desktop.Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)Any other programs or logs you can manually delete.IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....-------------------------------Any questions...please post back.If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.Take a look at My Preventive Maintenance to avoid being infected again.Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 25, 2012 ID:589995 Share Posted August 25, 2012 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts