Something has infected me, not sure what

y_molina · Sep 14, 2012

Hello,
Today I became infected with something. A program called File Recovery started and said I had critical errors on my hard drive. After calling Dell, we discovered that it was a virus. We shut the program down, the actual execute file name was just letters and numbers. It's still on my computer in the programdata folder. Can someone look and tell me what I need to do? It's wiped out my desktop settings and such. Also, when I click some links it sends me to a different website other then the one I really want to go do. Typing in the URL works, it's just clicking on the links that causes problems. In my start menu, some of the folders say "empty" when I click on them instead of giving me the actual program name I want to open. Also, my favorites list is gone but my history is still in intact in IE.

I did run Spybot and it got rid of some cookies, babylon (I think that is what it was called) and something like wsi.iq5.fraud or something. I'm sorry I didn't write those things down.

I downloaded aswMBR but when I click on it, it doesn't open.

Anyhelp would be great.

Tammy

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Tams at 15:54:15 on 2012-09-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4009.2376 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\mfevtps.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Users\Tams\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local;<local>
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120224180915.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\npchrome_frame.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun: [<NO NAME>]
mRunOnce: [SpybotSnD] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
StartupFolder: C:\Users\Tams\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tams\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\Tams\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{DE06B0DB-24C5-4CE4-9727-3C0D9AB91FEF} : DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\npchrome_frame.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120224180915.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\npchrome_frame.dll
BHO-X64: ChromeFrame BHO - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [(Default)]
mRunOnce-x64: [SpybotSnD] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-2-21 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-2-21 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-2-21 1692480]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-9 116648]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-9 116648]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech Webcam 200(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-2-21 224704]
S3 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
S4 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-14 19:29:23 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
2012-09-14 18:49:17 -------- d-----w- C:\ProgramData\Citrix
2012-09-14 18:48:49 -------- d-----w- C:\Program Files (x86)\Citrix
2012-09-14 18:48:41 -------- d-----w- C:\Users\Tams\AppData\Local\Citrix
2012-09-14 17:28:57 278528 ----a-w- C:\ProgramData\9CB2PVYe52Lx0U.exe
2012-09-12 13:28:35 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 13:28:35 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 13:28:34 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 13:28:34 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 13:28:32 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 13:28:32 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 13:28:32 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-10 23:13:59 -------- d-----w- C:\Users\Tams\AppData\Local\Aeria Games
2012-09-10 23:13:29 -------- d-----w- C:\ProgramData\Aeria Games
2012-09-10 23:09:15 -------- d-----w- C:\Program Files (x86)\Aeria Games
2012-09-10 22:31:37 -------- d-----w- C:\Users\Tams\AppData\Local\Akamai
2012-09-10 22:31:36 -------- d-----w- C:\AeriaGames
2012-08-30 22:17:56 -------- d-----w- C:\Users\Tams\AppData\Roaming\LolClient
2012-08-30 12:51:11 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2012-08-30 12:51:11 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2012-08-30 12:51:11 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2012-08-16 00:41:27 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-16 00:41:27 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-16 00:41:23 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-16 00:41:23 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-16 00:41:23 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-16 00:41:22 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-16 00:41:19 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-16 00:41:19 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-16 00:41:18 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-16 00:41:15 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-16 00:41:10 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-15 21:51:23 -------- d-----w- C:\Users\Tams\AppData\Local\StrugglingInvestor.com
.
==================== Find3M ====================
.
2012-08-13 13:56:48 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-13 13:56:48 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-14 04:08:02 28256 ----a-w- C:\Windows\SysWow64\drivers\MxlW2k.sys
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 16:02:28.15 ===============

TechieRanger · Sep 15, 2012

Hi, and welcome to our malware removal forum!

My name is Richard and I'll be happy to help you with your computer problems.

Please be advised that I am currently in training, so my responses will need to be approved by one of our experts before I post them. This is only to ensure you are receiving accurate instructions. It may cause a delay in my replies.

Please note the following:

The cleaning process is not instant as logs can take time to research. Sit tight and please be patient.
I will be working on your malware issues. This may or may not solve other issues you may have with your system.
While we are fixing your problems, do NOT install/re-install any programs or run any fixes or scanners unless told to do so.
Ensure that your anti-virus definitions are up-to-date.
I would advise backing up all your important documents, personal data files and photos to a CD or DVD drive.
Do not back up any Applications (programs). These should be re-installed from the original source CD(s) or website(s).
During the course of our cleanup, please do not do any additional online work or surfing until we have verified that your system is clean.
I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier.
Be sure to follow the directions and run tools/scans in the order listed.
If you do not reply to your topic, it will be closed after 3 days.

I will return as soon as possible with more instructions.

Regards,

Richard:greeting:

TechieRanger · Sep 17, 2012

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Doubleclick on TDSSKiller.exe to run the application. For Windows Vista or 7, right-click on the program, select Run as Administrator.
When the program opens, click on Change parameters.
Under Additional options, put a check mark in the box next to Detect TDLFS File System click OK
Press on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
Note: If there is no option to "Cure", please ensure that you select Skip.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file in your next reply.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file in your next reply.

Next

Could you provide more information about which Desktop settings or icons are missing?

Please describe the problems as best as you can

Use unhide.exe:

Download Unhide.exe and save the file to your Desktop.

Double click unhide.exe to run the tool and allow it to complete.

Please let me know if Unhide has returned any of your missing items in your next reply.

In your next reply, please provide the following:

TDSSKiller log.
Update on how your PC is running.

Regards,

Richard:greeting:

y_molina · Sep 18, 2012

Ok I ran both programs. TSDDKiller did not find anything.

Unhide restored my desktop and favorites back to normal and I can open up my mail program now. Everything seems to be in working order although I haven't done much on it since I want to make sure all is clean before doing anything.

I did check and I think the program that caused this mess is still in my programdata folder.

Thanks for taking the time to help me!
Tammy

TDSSKiller Log:

08:31:27.0590 0948 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
08:31:27.0606 0948 ============================================================
08:31:27.0606 0948 Current date / time: 2012/09/18 08:31:27.0606
08:31:27.0606 0948 SystemInfo:
08:31:27.0606 0948
08:31:27.0606 0948 OS Version: 6.1.7601 ServicePack: 1.0
08:31:27.0606 0948 Product type: Workstation
08:31:27.0606 0948 ComputerName: TAMS-PC
08:31:27.0606 0948 UserName: Tams
08:31:27.0606 0948 Windows directory: C:\Windows
08:31:27.0606 0948 System windows directory: C:\Windows
08:31:27.0606 0948 Running under WOW64
08:31:27.0606 0948 Processor architecture: Intel x64
08:31:27.0606 0948 Number of processors: 2
08:31:27.0606 0948 Page size: 0x1000
08:31:27.0606 0948 Boot type: Normal boot
08:31:27.0606 0948 ============================================================
08:31:29.0541 0948 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000020
08:31:29.0556 0948 Drive \Device\Harddisk3\DR3 - Size: 0x7896000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:31:30.0508 0948 ============================================================
08:31:30.0508 0948 \Device\Harddisk0\DR0:
08:31:30.0539 0948 MBR partitions:
08:31:30.0539 0948 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1DA0000
08:31:30.0539 0948 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1DB4000, BlocksNum 0x385CA830
08:31:30.0539 0948 \Device\Harddisk3\DR3:
08:31:30.0539 0948 MBR partitions:
08:31:30.0539 0948 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3C3DF
08:31:30.0539 0948 ============================================================
08:31:30.0555 0948 C: <-> \Device\Harddisk0\DR0\Partition2
08:31:30.0555 0948 ============================================================
08:31:48.0947 0948 Initialize success
08:31:48.0947 0948 ============================================================
08:32:13.0189 0436 ============================================================
08:32:13.0189 0436 Scan started
08:32:13.0189 0436 Mode: Manual; TDLFS;
08:32:13.0189 0436 ============================================================
08:32:13.0891 0436 ================ Scan system memory ========================
08:32:13.0891 0436 System memory - ok
08:32:13.0891 0436 ================ Scan services =============================
08:32:13.0985 0436 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:32:13.0985 0436 1394ohci - ok
08:32:14.0016 0436 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:32:14.0016 0436 ACPI - ok
08:32:14.0032 0436 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:32:14.0032 0436 AcpiPmi - ok
08:32:14.0125 0436 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:32:14.0141 0436 AdobeARMservice - ok
08:32:14.0157 0436 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
08:32:14.0172 0436 adp94xx - ok
08:32:14.0188 0436 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
08:32:14.0188 0436 adpahci - ok
08:32:14.0188 0436 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
08:32:14.0203 0436 adpu320 - ok
08:32:14.0219 0436 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:32:14.0219 0436 AeLookupSvc - ok
08:32:14.0266 0436 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
08:32:14.0281 0436 AFD - ok
08:32:14.0297 0436 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
08:32:14.0297 0436 agp440 - ok
08:32:14.0313 0436 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
08:32:14.0313 0436 ALG - ok
08:32:14.0313 0436 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
08:32:14.0313 0436 aliide - ok
08:32:14.0313 0436 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
08:32:14.0313 0436 amdide - ok
08:32:14.0328 0436 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
08:32:14.0328 0436 AmdK8 - ok
08:32:14.0328 0436 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
08:32:14.0328 0436 AmdPPM - ok
08:32:14.0344 0436 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:32:14.0344 0436 amdsata - ok
08:32:14.0344 0436 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
08:32:14.0344 0436 amdsbs - ok
08:32:14.0359 0436 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:32:14.0359 0436 amdxata - ok
08:32:14.0375 0436 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
08:32:14.0375 0436 AppID - ok
08:32:14.0391 0436 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:32:14.0391 0436 AppIDSvc - ok
08:32:14.0406 0436 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
08:32:14.0406 0436 Appinfo - ok
08:32:14.0453 0436 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:32:14.0453 0436 Apple Mobile Device - ok
08:32:14.0469 0436 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
08:32:14.0469 0436 arc - ok
08:32:14.0469 0436 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
08:32:14.0484 0436 arcsas - ok
08:32:14.0547 0436 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:32:14.0562 0436 aspnet_state - ok
08:32:14.0578 0436 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:32:14.0593 0436 AsyncMac - ok
08:32:14.0609 0436 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
08:32:14.0609 0436 atapi - ok
08:32:14.0640 0436 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:32:14.0640 0436 AudioEndpointBuilder - ok
08:32:14.0656 0436 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:32:14.0656 0436 AudioSrv - ok
08:32:14.0671 0436 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:32:14.0671 0436 AxInstSV - ok
08:32:14.0703 0436 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
08:32:14.0703 0436 b06bdrv - ok
08:32:14.0718 0436 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
08:32:14.0718 0436 b57nd60a - ok
08:32:14.0749 0436 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
08:32:14.0749 0436 BDESVC - ok
08:32:14.0765 0436 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
08:32:14.0765 0436 Beep - ok
08:32:14.0796 0436 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
08:32:14.0796 0436 BFE - ok
08:32:14.0827 0436 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
08:32:14.0827 0436 BITS - ok
08:32:14.0859 0436 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
08:32:14.0859 0436 blbdrive - ok
08:32:14.0952 0436 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:32:14.0968 0436 Bonjour Service - ok
08:32:14.0999 0436 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:32:14.0999 0436 bowser - ok
08:32:14.0999 0436 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
08:32:15.0015 0436 BrFiltLo - ok
08:32:15.0015 0436 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
08:32:15.0015 0436 BrFiltUp - ok
08:32:15.0046 0436 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
08:32:15.0046 0436 Browser - ok
08:32:15.0061 0436 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:32:15.0061 0436 Brserid - ok
08:32:15.0077 0436 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:32:15.0077 0436 BrSerWdm - ok
08:32:15.0077 0436 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:32:15.0077 0436 BrUsbMdm - ok
08:32:15.0077 0436 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:32:15.0077 0436 BrUsbSer - ok
08:32:15.0077 0436 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
08:32:15.0093 0436 BTHMODEM - ok
08:32:15.0108 0436 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
08:32:15.0108 0436 bthserv - ok
08:32:15.0124 0436 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:32:15.0124 0436 cdfs - ok
08:32:15.0139 0436 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:32:15.0139 0436 cdrom - ok
08:32:15.0155 0436 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
08:32:15.0155 0436 CertPropSvc - ok
08:32:15.0186 0436 [ ED0263B2EB24F0F4E3898036FA1D28A1 ] cfwids C:\Windows\system32\drivers\cfwids.sys
08:32:15.0186 0436 cfwids - ok
08:32:15.0202 0436 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
08:32:15.0202 0436 circlass - ok
08:32:15.0217 0436 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
08:32:15.0217 0436 CLFS - ok
08:32:15.0264 0436 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:32:15.0264 0436 clr_optimization_v2.0.50727_32 - ok
08:32:15.0280 0436 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:32:15.0295 0436 clr_optimization_v2.0.50727_64 - ok
08:32:15.0327 0436 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:32:15.0373 0436 clr_optimization_v4.0.30319_32 - ok
08:32:15.0389 0436 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:32:15.0405 0436 clr_optimization_v4.0.30319_64 - ok
08:32:15.0420 0436 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
08:32:15.0420 0436 CmBatt - ok
08:32:15.0420 0436 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:32:15.0420 0436 cmdide - ok
08:32:15.0467 0436 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
08:32:15.0467 0436 CNG - ok
08:32:15.0514 0436 [ 5C855932E4DF00B1B6F5F6F57E82B6C5 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
08:32:15.0529 0436 CnxtHdAudService - ok
08:32:15.0529 0436 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
08:32:15.0545 0436 Compbatt - ok
08:32:15.0561 0436 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
08:32:15.0561 0436 CompositeBus - ok
08:32:15.0576 0436 COMSysApp - ok
08:32:15.0576 0436 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
08:32:15.0576 0436 crcdisk - ok
08:32:15.0607 0436 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:32:15.0607 0436 CryptSvc - ok
08:32:15.0654 0436 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:32:15.0654 0436 DcomLaunch - ok
08:32:15.0701 0436 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
08:32:15.0701 0436 defragsvc - ok
08:32:15.0795 0436 [ 2050309BAB03DFCEE455DBF913BF91B1 ] DellDigitalDelivery c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
08:32:15.0810 0436 DellDigitalDelivery - ok
08:32:15.0841 0436 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:32:15.0841 0436 DfsC - ok
08:32:15.0888 0436 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
08:32:15.0904 0436 Dhcp - ok
08:32:15.0935 0436 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
08:32:15.0935 0436 discache - ok
08:32:15.0951 0436 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
08:32:15.0966 0436 Disk - ok
08:32:15.0982 0436 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:32:15.0982 0436 Dnscache - ok
08:32:16.0013 0436 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
08:32:16.0013 0436 dot3svc - ok
08:32:16.0044 0436 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
08:32:16.0060 0436 DPS - ok
08:32:16.0107 0436 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:32:16.0122 0436 drmkaud - ok
08:32:16.0185 0436 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:32:16.0200 0436 DXGKrnl - ok
08:32:16.0231 0436 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
08:32:16.0247 0436 EapHost - ok
08:32:16.0403 0436 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
08:32:16.0465 0436 ebdrv - ok
08:32:16.0528 0436 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
08:32:16.0528 0436 EFS - ok
08:32:16.0668 0436 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:32:16.0715 0436 ehRecvr - ok
08:32:16.0731 0436 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
08:32:16.0731 0436 ehSched - ok
08:32:16.0746 0436 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
08:32:16.0762 0436 elxstor - ok
08:32:16.0762 0436 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:32:16.0762 0436 ErrDev - ok
08:32:16.0793 0436 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
08:32:16.0793 0436 EventSystem - ok
08:32:16.0809 0436 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
08:32:16.0809 0436 exfat - ok
08:32:16.0824 0436 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:32:16.0824 0436 fastfat - ok
08:32:16.0855 0436 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
08:32:16.0855 0436 Fax - ok
08:32:16.0855 0436 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
08:32:16.0855 0436 fdc - ok
08:32:16.0887 0436 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
08:32:16.0887 0436 fdPHost - ok
08:32:16.0902 0436 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
08:32:16.0902 0436 FDResPub - ok
08:32:16.0918 0436 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:32:16.0918 0436 FileInfo - ok
08:32:16.0933 0436 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:32:16.0933 0436 Filetrace - ok
08:32:16.0933 0436 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
08:32:16.0933 0436 flpydisk - ok
08:32:16.0949 0436 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:32:16.0949 0436 FltMgr - ok
08:32:16.0996 0436 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
08:32:17.0011 0436 FontCache - ok
08:32:17.0043 0436 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:32:17.0058 0436 FontCache3.0.0.0 - ok
08:32:17.0058 0436 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:32:17.0058 0436 FsDepends - ok
08:32:17.0089 0436 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:32:17.0089 0436 Fs_Rec - ok
08:32:17.0105 0436 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:32:17.0105 0436 fvevol - ok
08:32:17.0121 0436 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
08:32:17.0121 0436 gagp30kx - ok
08:32:17.0152 0436 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
08:32:17.0167 0436 GamesAppService - ok
08:32:17.0199 0436 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:32:17.0199 0436 GEARAspiWDM - ok
08:32:17.0230 0436 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
08:32:17.0230 0436 gpsvc - ok
08:32:17.0355 0436 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:32:17.0355 0436 gupdate - ok
08:32:17.0355 0436 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:32:17.0355 0436 gupdatem - ok
08:32:17.0370 0436 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:32:17.0386 0436 hcw85cir - ok
08:32:17.0401 0436 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
08:32:17.0401 0436 HDAudBus - ok
08:32:17.0417 0436 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
08:32:17.0417 0436 HidBatt - ok
08:32:17.0417 0436 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
08:32:17.0433 0436 HidBth - ok
08:32:17.0448 0436 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
08:32:17.0448 0436 HidIr - ok
08:32:17.0464 0436 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
08:32:17.0464 0436 hidserv - ok
08:32:17.0479 0436 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:32:17.0495 0436 HidUsb - ok
08:32:17.0495 0436 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:32:17.0495 0436 hkmsvc - ok
08:32:17.0526 0436 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:32:17.0526 0436 HomeGroupListener - ok
08:32:17.0557 0436 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:32:17.0557 0436 HomeGroupProvider - ok
08:32:17.0573 0436 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:32:17.0589 0436 HpSAMD - ok
08:32:17.0651 0436 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:32:17.0667 0436 HTTP - ok
08:32:17.0667 0436 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:32:17.0667 0436 hwpolicy - ok
08:32:17.0698 0436 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
08:32:17.0698 0436 i8042prt - ok
08:32:17.0729 0436 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:32:17.0729 0436 iaStorV - ok
08:32:17.0776 0436 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:32:17.0791 0436 idsvc - ok
08:32:18.0041 0436 [ EFE5A0AF39A8E179624117C521F1E012 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
08:32:18.0197 0436 igfx - ok
08:32:18.0228 0436 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
08:32:18.0228 0436 iirsp - ok
08:32:18.0259 0436 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
08:32:18.0275 0436 IKEEXT - ok
08:32:18.0291 0436 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
08:32:18.0291 0436 IntcDAud - ok
08:32:18.0322 0436 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
08:32:18.0322 0436 intelide - ok
08:32:18.0337 0436 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:32:18.0353 0436 intelppm - ok
08:32:18.0353 0436 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:32:18.0353 0436 IPBusEnum - ok
08:32:18.0369 0436 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:32:18.0369 0436 IpFilterDriver - ok
08:32:18.0384 0436 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:32:18.0400 0436 iphlpsvc - ok
08:32:18.0415 0436 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:32:18.0415 0436 IPMIDRV - ok
08:32:18.0415 0436 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:32:18.0431 0436 IPNAT - ok
08:32:18.0462 0436 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:32:18.0478 0436 iPod Service - ok
08:32:18.0493 0436 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:32:18.0493 0436 IRENUM - ok
08:32:18.0493 0436 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:32:18.0493 0436 isapnp - ok
08:32:18.0509 0436 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:32:18.0509 0436 iScsiPrt - ok
08:32:18.0525 0436 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
08:32:18.0525 0436 kbdclass - ok
08:32:18.0556 0436 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
08:32:18.0556 0436 kbdhid - ok
08:32:18.0556 0436 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
08:32:18.0571 0436 KeyIso - ok
08:32:18.0603 0436 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:32:18.0603 0436 KSecDD - ok
08:32:18.0649 0436 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:32:18.0649 0436 KSecPkg - ok
08:32:18.0665 0436 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:32:18.0665 0436 ksthunk - ok
08:32:18.0681 0436 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
08:32:18.0696 0436 KtmRm - ok
08:32:18.0712 0436 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
08:32:18.0727 0436 LanmanServer - ok
08:32:18.0727 0436 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:32:18.0727 0436 LanmanWorkstation - ok
08:32:18.0759 0436 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:32:18.0759 0436 lltdio - ok
08:32:18.0774 0436 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:32:18.0790 0436 lltdsvc - ok
08:32:18.0790 0436 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:32:18.0805 0436 lmhosts - ok
08:32:18.0821 0436 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
08:32:18.0821 0436 LSI_FC - ok
08:32:18.0837 0436 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
08:32:18.0837 0436 LSI_SAS - ok
08:32:18.0852 0436 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
08:32:18.0852 0436 LSI_SAS2 - ok
08:32:18.0852 0436 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
08:32:18.0852 0436 LSI_SCSI - ok
08:32:18.0868 0436 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
08:32:18.0868 0436 luafv - ok
08:32:18.0930 0436 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
08:32:18.0930 0436 LVRS64 - ok
08:32:19.0024 0436 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
08:32:19.0102 0436 LVUVC64 - ok
08:32:19.0149 0436 [ 9504F1DDA1B67FB8D526FD4F8CC882F3 ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe
08:32:19.0149 0436 McAWFwk - ok
08:32:19.0180 0436 [ ACB01BF1A905356AB7F978C7FE852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
08:32:19.0180 0436 McMPFSvc - ok
08:32:19.0195 0436 [ ACB01BF1A905356AB7F978C7FE852209 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
08:32:19.0195 0436 mcmscsvc - ok
08:32:19.0195 0436 [ ACB01BF1A905356AB7F978C7FE852209 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
08:32:19.0195 0436 McNaiAnn - ok
08:32:19.0211 0436 [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
08:32:19.0211 0436 McNASvc - ok
08:32:19.0242 0436 [ C6232488CDBF063CE077FC7F8F8C248C ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe
08:32:19.0242 0436 McODS - ok
08:32:19.0242 0436 [ ACB01BF1A905356AB7F978C7FE852209 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
08:32:19.0242 0436 McOobeSv - ok
08:32:19.0258 0436 [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
08:32:19.0258 0436 McProxy - ok
08:32:19.0273 0436 [ 4A463D645B48BB487CA7DF12BA5D1602 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
08:32:19.0273 0436 McShield - ok
08:32:19.0289 0436 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:32:19.0289 0436 Mcx2Svc - ok
08:32:19.0305 0436 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
08:32:19.0305 0436 megasas - ok
08:32:19.0320 0436 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
08:32:19.0320 0436 MegaSR - ok
08:32:19.0336 0436 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
08:32:19.0336 0436 MEIx64 - ok
08:32:19.0367 0436 [ EF3ACFB7E3F82D5F7CDE9EF5F0A4E2E2 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
08:32:19.0367 0436 mfeapfk - ok
08:32:19.0383 0436 [ E7A60BDB4365B561D896019B82FB7DD0 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
08:32:19.0383 0436 mfeavfk - ok
08:32:19.0398 0436 mfeavfk01 - ok
08:32:19.0414 0436 [ C53B7ABA204D9F7E9568EC147A1485C5 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
08:32:19.0414 0436 mfefire - ok
08:32:19.0445 0436 [ 670DFFE55E2F9AB99D9169C428BCECE9 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
08:32:19.0445 0436 mfefirek - ok
08:32:19.0461 0436 [ 1892616B7F9291FD77C3FA0A5811FE9F ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
08:32:19.0476 0436 mfehidk - ok
08:32:19.0476 0436 [ 1721261C77F6E7A9E0CB51B7D9F31B60 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
08:32:19.0476 0436 mfenlfk - ok
08:32:19.0492 0436 [ 65776BD8029E409935B90DE30BF99526 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
08:32:19.0507 0436 mferkdet - ok
08:32:19.0523 0436 [ 8F3B3C3625E3AAA11D6D4DB8423E1721 ] mfevtp C:\Windows\system32\mfevtps.exe
08:32:19.0523 0436 mfevtp - ok
08:32:19.0539 0436 [ 4F17D8B85B903D96EF7033BB6EF50516 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
08:32:19.0539 0436 mfewfpk - ok
08:32:19.0554 0436 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
08:32:19.0554 0436 MMCSS - ok
08:32:19.0570 0436 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
08:32:19.0570 0436 Modem - ok
08:32:19.0585 0436 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:32:19.0585 0436 monitor - ok
08:32:19.0617 0436 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:32:19.0617 0436 mouclass - ok
08:32:19.0632 0436 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:32:19.0632 0436 mouhid - ok
08:32:19.0648 0436 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:32:19.0648 0436 mountmgr - ok
08:32:19.0663 0436 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
08:32:19.0663 0436 mpio - ok
08:32:19.0679 0436 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:32:19.0679 0436 mpsdrv - ok
08:32:19.0695 0436 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:32:19.0710 0436 MpsSvc - ok
08:32:19.0726 0436 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:32:19.0726 0436 MRxDAV - ok
08:32:19.0741 0436 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:32:19.0741 0436 mrxsmb - ok
08:32:19.0773 0436 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:32:19.0773 0436 mrxsmb10 - ok
08:32:19.0788 0436 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:32:19.0788 0436 mrxsmb20 - ok
08:32:19.0819 0436 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
08:32:19.0819 0436 msahci - ok
08:32:19.0851 0436 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:32:19.0851 0436 msdsm - ok
08:32:19.0866 0436 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
08:32:19.0866 0436 MSDTC - ok
08:32:19.0882 0436 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:32:19.0882 0436 Msfs - ok
08:32:19.0897 0436 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:32:19.0897 0436 mshidkmdf - ok
08:32:19.0913 0436 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:32:19.0913 0436 msisadrv - ok
08:32:19.0960 0436 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:32:19.0960 0436 MSiSCSI - ok
08:32:19.0960 0436 msiserver - ok
08:32:19.0975 0436 [ ACB01BF1A905356AB7F978C7FE852209 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
08:32:19.0975 0436 MSK80Service - ok
08:32:19.0975 0436 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:32:19.0991 0436 MSKSSRV - ok
08:32:19.0991 0436 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:32:19.0991 0436 MSPCLOCK - ok
08:32:19.0991 0436 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:32:19.0991 0436 MSPQM - ok
08:32:20.0007 0436 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:32:20.0007 0436 MsRPC - ok
08:32:20.0022 0436 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
08:32:20.0022 0436 mssmbios - ok
08:32:20.0038 0436 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:32:20.0038 0436 MSTEE - ok
08:32:20.0038 0436 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
08:32:20.0038 0436 MTConfig - ok
08:32:20.0053 0436 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
08:32:20.0053 0436 Mup - ok
08:32:20.0069 0436 MxlW2k - ok
08:32:20.0085 0436 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
08:32:20.0085 0436 napagent - ok
08:32:20.0100 0436 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:32:20.0100 0436 NativeWifiP - ok
08:32:20.0178 0436 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
08:32:20.0178 0436 NAUpdate - ok
08:32:20.0225 0436 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
08:32:20.0241 0436 NDIS - ok
08:32:20.0241 0436 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:32:20.0241 0436 NdisCap - ok
08:32:20.0272 0436 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:32:20.0272 0436 NdisTapi - ok
08:32:20.0287 0436 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:32:20.0287 0436 Ndisuio - ok
08:32:20.0303 0436 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:32:20.0303 0436 NdisWan - ok
08:32:20.0319 0436 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:32:20.0319 0436 NDProxy - ok
08:32:20.0334 0436 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:32:20.0334 0436 NetBIOS - ok
08:32:20.0334 0436 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:32:20.0350 0436 NetBT - ok
08:32:20.0350 0436 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
08:32:20.0350 0436 Netlogon - ok
08:32:20.0381 0436 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
08:32:20.0381 0436 Netman - ok
08:32:20.0412 0436 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:32:20.0443 0436 NetMsmqActivator - ok
08:32:20.0443 0436 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:32:20.0443 0436 NetPipeActivator - ok
08:32:20.0475 0436 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
08:32:20.0475 0436 netprofm - ok
08:32:20.0475 0436 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:32:20.0475 0436 NetTcpActivator - ok
08:32:20.0490 0436 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:32:20.0490 0436 NetTcpPortSharing - ok
08:32:20.0506 0436 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
08:32:20.0506 0436 nfrd960 - ok
08:32:20.0521 0436 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:32:20.0521 0436 NlaSvc - ok
08:32:20.0615 0436 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
08:32:20.0677 0436 NOBU - ok
08:32:20.0693 0436 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:32:20.0709 0436 Npfs - ok
08:32:20.0724 0436 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
08:32:20.0724 0436 nsi - ok
08:32:20.0724 0436 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:32:20.0740 0436 nsiproxy - ok
08:32:20.0771 0436 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:32:20.0802 0436 Ntfs - ok
08:32:20.0802 0436 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
08:32:20.0818 0436 Null - ok
08:32:20.0833 0436 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:32:20.0833 0436 nvraid - ok
08:32:20.0849 0436 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:32:20.0849 0436 nvstor - ok
08:32:20.0865 0436 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:32:20.0865 0436 nv_agp - ok
08:32:20.0880 0436 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:32:20.0880 0436 ohci1394 - ok
08:32:20.0911 0436 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:32:20.0911 0436 ose - ok
08:32:21.0021 0436 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:32:21.0099 0436 osppsvc - ok
08:32:21.0130 0436 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:32:21.0130 0436 p2pimsvc - ok
08:32:21.0145 0436 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
08:32:21.0145 0436 p2psvc - ok
08:32:21.0177 0436 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
08:32:21.0177 0436 Parport - ok
08:32:21.0192 0436 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:32:21.0192 0436 partmgr - ok
08:32:21.0208 0436 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:32:21.0208 0436 PcaSvc - ok
08:32:21.0223 0436 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
08:32:21.0223 0436 pci - ok
08:32:21.0239 0436 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
08:32:21.0239 0436 pciide - ok
08:32:21.0255 0436 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
08:32:21.0255 0436 pcmcia - ok
08:32:21.0270 0436 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
08:32:21.0270 0436 pcw - ok
08:32:21.0286 0436 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:32:21.0301 0436 PEAUTH - ok
08:32:21.0348 0436 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:32:21.0426 0436 PerfHost - ok
08:32:21.0504 0436 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
08:32:21.0535 0436 pla - ok
08:32:21.0567 0436 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:32:21.0567 0436 PlugPlay - ok
08:32:21.0582 0436 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:32:21.0582 0436 PNRPAutoReg - ok
08:32:21.0598 0436 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:32:21.0598 0436 PNRPsvc - ok
08:32:21.0629 0436 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:32:21.0660 0436 PolicyAgent - ok
08:32:21.0676 0436 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
08:32:21.0676 0436 Power - ok
08:32:21.0691 0436 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:32:21.0691 0436 PptpMiniport - ok
08:32:21.0707 0436 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
08:32:21.0707 0436 Processor - ok
08:32:21.0738 0436 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
08:32:21.0738 0436 ProfSvc - ok
08:32:21.0754 0436 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:32:21.0754 0436 ProtectedStorage - ok
08:32:21.0769 0436 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:32:21.0769 0436 Psched - ok
08:32:21.0832 0436 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
08:32:21.0847 0436 PSI_SVC_2 - ok
08:32:21.0863 0436 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
08:32:21.0863 0436 PxHlpa64 - ok
08:32:21.0894 0436 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
08:32:21.0925 0436 ql2300 - ok
08:32:21.0925 0436 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
08:32:21.0925 0436 ql40xx - ok
08:32:21.0941 0436 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
08:32:21.0941 0436 QWAVE - ok
08:32:21.0941 0436 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:32:21.0957 0436 QWAVEdrv - ok
08:32:21.0957 0436 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:32:21.0957 0436 RasAcd - ok
08:32:21.0988 0436 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:32:21.0988 0436 RasAgileVpn - ok
08:32:22.0003 0436 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
08:32:22.0003 0436 RasAuto - ok
08:32:22.0019 0436 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:32:22.0019 0436 Rasl2tp - ok
08:32:22.0035 0436 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
08:32:22.0035 0436 RasMan - ok
08:32:22.0050 0436 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:32:22.0050 0436 RasPppoe - ok
08:32:22.0066 0436 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:32:22.0066 0436 RasSstp - ok
08:32:22.0081 0436 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:32:22.0081 0436 rdbss - ok
08:32:22.0097 0436 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
08:32:22.0097 0436 rdpbus - ok
08:32:22.0113 0436 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:32:22.0113 0436 RDPCDD - ok
08:32:22.0128 0436 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:32:22.0128 0436 RDPENCDD - ok
08:32:22.0144 0436 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:32:22.0144 0436 RDPREFMP - ok
08:32:22.0191 0436 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:32:22.0191 0436 RDPWD - ok
08:32:22.0206 0436 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:32:22.0206 0436 rdyboost - ok
08:32:22.0222 0436 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:32:22.0237 0436 RemoteAccess - ok
08:32:22.0253 0436 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:32:22.0253 0436 RemoteRegistry - ok
08:32:22.0300 0436 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
08:32:22.0300 0436 RimUsb - ok
08:32:22.0362 0436 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
08:32:22.0393 0436 RoxMediaDB12OEM - ok
08:32:22.0409 0436 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
08:32:22.0409 0436 RoxWatch12 - ok
08:32:22.0425 0436 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:32:22.0425 0436 RpcEptMapper - ok
08:32:22.0440 0436 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
08:32:22.0440 0436 RpcLocator - ok
08:32:22.0471 0436 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
08:32:22.0471 0436 RpcSs - ok
08:32:22.0503 0436 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:32:22.0503 0436 rspndr - ok
08:32:22.0534 0436 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
08:32:22.0534 0436 RTL8167 - ok
08:32:22.0549 0436 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
08:32:22.0549 0436 SamSs - ok
08:32:22.0565 0436 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:32:22.0565 0436 sbp2port - ok
08:32:22.0581 0436 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:32:22.0581 0436 SCardSvr - ok
08:32:22.0596 0436 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:32:22.0596 0436 scfilter - ok
08:32:22.0612 0436 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
08:32:22.0627 0436 Schedule - ok
08:32:22.0643 0436 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
08:32:22.0643 0436 SCPolicySvc - ok
08:32:22.0659 0436 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:32:22.0659 0436 SDRSVC - ok
08:32:22.0674 0436 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:32:22.0674 0436 secdrv - ok
08:32:22.0690 0436 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
08:32:22.0690 0436 seclogon - ok
08:32:22.0690 0436 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
08:32:22.0690 0436 SENS - ok
08:32:22.0721 0436 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:32:22.0721 0436 SensrSvc - ok
08:32:22.0737 0436 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
08:32:22.0737 0436 Serenum - ok
08:32:22.0737 0436 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
08:32:22.0752 0436 Serial - ok
08:32:22.0752 0436 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
08:32:22.0752 0436 sermouse - ok
08:32:22.0768 0436 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
08:32:22.0768 0436 SessionEnv - ok
08:32:22.0783 0436 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:32:22.0783 0436 sffdisk - ok
08:32:22.0799 0436 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:32:22.0799 0436 sffp_mmc - ok
08:32:22.0799 0436 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:32:22.0799 0436 sffp_sd - ok
08:32:22.0799 0436 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
08:32:22.0799 0436 sfloppy - ok
08:32:22.0877 0436 [ 29DDEA72C5BDF61D62F4D438DC0E497C ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
08:32:22.0908 0436 SftService - ok
08:32:22.0939 0436 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:32:22.0939 0436 SharedAccess - ok
08:32:22.0955 0436 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:32:22.0955 0436 ShellHWDetection - ok
08:32:22.0971 0436 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
08:32:22.0971 0436 SiSRaid2 - ok
08:32:22.0971 0436 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
08:32:22.0971 0436 SiSRaid4 - ok
08:32:23.0017 0436 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
08:32:23.0017 0436 SkypeUpdate - ok
08:32:23.0033 0436 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:32:23.0033 0436 Smb - ok
08:32:23.0049 0436 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:32:23.0049 0436 SNMPTRAP - ok
08:32:23.0064 0436 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
08:32:23.0064 0436 spldr - ok
08:32:23.0095 0436 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
08:32:23.0111 0436 Spooler - ok
08:32:23.0158 0436 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
08:32:23.0220 0436 sppsvc - ok
08:32:23.0236 0436 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:32:23.0236 0436 sppuinotify - ok
08:32:23.0267 0436 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
08:32:23.0267 0436 srv - ok
08:32:23.0283 0436 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:32:23.0298 0436 srv2 - ok
08:32:23.0298 0436 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:32:23.0298 0436 srvnet - ok
08:32:23.0329 0436 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:32:23.0329 0436 SSDPSRV - ok
08:32:23.0329 0436 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:32:23.0329 0436 SstpSvc - ok
08:32:23.0345 0436 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
08:32:23.0345 0436 stexstor - ok
08:32:23.0376 0436 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
08:32:23.0376 0436 StillCam - ok
08:32:23.0423 0436 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
08:32:23.0423 0436 stisvc - ok
08:32:23.0454 0436 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
08:32:23.0454 0436 stllssvr - ok
08:32:23.0470 0436 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
08:32:23.0470 0436 swenum - ok
08:32:23.0485 0436 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
08:32:23.0485 0436 swprv - ok
08:32:23.0517 0436 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
08:32:23.0532 0436 SysMain - ok
08:32:23.0563 0436 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:32:23.0563 0436 TabletInputService - ok
08:32:23.0579 0436 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
08:32:23.0579 0436 TapiSrv - ok
08:32:23.0595 0436 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
08:32:23.0595 0436 TBS - ok
08:32:23.0657 0436 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:32:23.0673 0436 Tcpip - ok
08:32:23.0719 0436 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:32:23.0719 0436 TCPIP6 - ok
08:32:23.0751 0436 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:32:23.0751 0436 tcpipreg - ok
08:32:23.0766 0436 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:32:23.0766 0436 TDPIPE - ok
08:32:23.0797 0436 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:32:23.0797 0436 TDTCP - ok
08:32:23.0813 0436 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:32:23.0813 0436 tdx - ok
08:32:23.0829 0436 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
08:32:23.0829 0436 TermDD - ok
08:32:23.0860 0436 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
08:32:23.0875 0436 TermService - ok
08:32:23.0875 0436 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
08:32:23.0875 0436 Themes - ok
08:32:23.0891 0436 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
08:32:23.0891 0436 THREADORDER - ok
08:32:23.0907 0436 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
08:32:23.0907 0436 TrkWks - ok
08:32:23.0953 0436 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:32:23.0953 0436 TrustedInstaller - ok
08:32:23.0985 0436 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:32:23.0985 0436 tssecsrv - ok
08:32:24.0000 0436 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:32:24.0000 0436 TsUsbFlt - ok
08:32:24.0000 0436 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
08:32:24.0016 0436 TsUsbGD - ok
08:32:24.0031 0436 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:32:24.0031 0436 tunnel - ok
08:32:24.0031 0436 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
08:32:24.0047 0436 uagp35 - ok
08:32:24.0047 0436 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:32:24.0063 0436 udfs - ok
08:32:24.0078 0436 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:32:24.0078 0436 UI0Detect - ok
08:32:24.0094 0436 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:32:24.0094 0436 uliagpkx - ok
08:32:24.0109 0436 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
08:32:24.0109 0436 umbus - ok
08:32:24.0109 0436 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
08:32:24.0109 0436 UmPass - ok
08:32:24.0172 0436 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
08:32:24.0172 0436 UMVPFSrv - ok
08:32:24.0187 0436 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
08:32:24.0203 0436 upnphost - ok
08:32:24.0219 0436 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
08:32:24.0219 0436 USBAAPL64 - ok
08:32:24.0265 0436 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
08:32:24.0265 0436 usbaudio - ok
08:32:24.0297 0436 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:32:24.0297 0436 usbccgp - ok
08:32:24.0312 0436 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:32:24.0312 0436 usbcir - ok
08:32:24.0328 0436 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:32:24.0328 0436 usbehci - ok
08:32:24.0359 0436 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:32:24.0359 0436 usbhub - ok
08:32:24.0375 0436 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
08:32:24.0375 0436 usbohci - ok
08:32:24.0390 0436 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:32:24.0390 0436 usbprint - ok
08:32:24.0421 0436 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
08:32:24.0421 0436 usbscan - ok
08:32:24.0421 0436 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:32:24.0437 0436 USBSTOR - ok
08:32:24.0453 0436 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
08:32:24.0453 0436 usbuhci - ok
08:32:24.0468 0436 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
08:32:24.0484 0436 UxSms - ok
08:32:24.0484 0436 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
08:32:24.0484 0436 VaultSvc - ok
08:32:24.0499 0436 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:32:24.0499 0436 vdrvroot - ok
08:32:24.0515 0436 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
08:32:24.0515 0436 vds - ok
08:32:24.0546 0436 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:32:24.0546 0436 vga - ok
08:32:24.0562 0436 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
08:32:24.0562 0436 VgaSave - ok
08:32:24.0577 0436 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:32:24.0577 0436 vhdmp - ok
08:32:24.0577 0436 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
08:32:24.0577 0436 viaide - ok
08:32:24.0593 0436 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:32:24.0593 0436 volmgr - ok
08:32:24.0609 0436 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:32:24.0609 0436 volmgrx - ok
08:32:24.0624 0436 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:32:24.0624 0436 volsnap - ok
08:32:24.0640 0436 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
08:32:24.0640 0436 vsmraid - ok
08:32:24.0687 0436 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
08:32:24.0702 0436 VSS - ok
08:32:24.0718 0436 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
08:32:24.0718 0436 vwifibus - ok
08:32:24.0733 0436 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
08:32:24.0733 0436 W32Time - ok
08:32:24.0749 0436 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
08:32:24.0749 0436 WacomPen - ok
08:32:24.0765 0436 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:32:24.0765 0436 WANARP - ok
08:32:24.0780 0436 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:32:24.0780 0436 Wanarpv6 - ok
08:32:24.0827 0436 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
08:32:24.0858 0436 WatAdminSvc - ok
08:32:24.0921 0436 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
08:32:24.0936 0436 wbengine - ok
08:32:24.0952 0436 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:32:24.0952 0436 WbioSrvc - ok
08:32:24.0967 0436 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:32:24.0983 0436 wcncsvc - ok

y_molina · Sep 18, 2012

08:32:24.0983 0436 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:32:24.0999 0436 WcsPlugInService - ok
08:32:25.0014 0436 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
08:32:25.0030 0436 Wd - ok
08:32:25.0045 0436 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:32:25.0045 0436 Wdf01000 - ok
08:32:25.0061 0436 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:32:25.0061 0436 WdiServiceHost - ok
08:32:25.0061 0436 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:32:25.0061 0436 WdiSystemHost - ok
08:32:25.0077 0436 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
08:32:25.0077 0436 WebClient - ok
08:32:25.0092 0436 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:32:25.0092 0436 Wecsvc - ok
08:32:25.0108 0436 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:32:25.0108 0436 wercplsupport - ok
08:32:25.0123 0436 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
08:32:25.0123 0436 WerSvc - ok
08:32:25.0139 0436 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:32:25.0139 0436 WfpLwf - ok
08:32:25.0170 0436 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
08:32:25.0170 0436 WimFltr - ok
08:32:25.0186 0436 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:32:25.0186 0436 WIMMount - ok
08:32:25.0201 0436 WinDefend - ok
08:32:25.0201 0436 WinHttpAutoProxySvc - ok
08:32:25.0264 0436 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:32:25.0279 0436 Winmgmt - ok
08:32:25.0311 0436 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
08:32:25.0357 0436 WinRM - ok
08:32:25.0404 0436 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
08:32:25.0404 0436 WinUsb - ok
08:32:25.0420 0436 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
08:32:25.0435 0436 Wlansvc - ok
08:32:25.0482 0436 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:32:25.0482 0436 wlcrasvc - ok
08:32:25.0576 0436 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:32:25.0623 0436 wlidsvc - ok
08:32:25.0638 0436 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:32:25.0638 0436 WmiAcpi - ok
08:32:25.0669 0436 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:32:25.0669 0436 wmiApSrv - ok
08:32:25.0685 0436 WMPNetworkSvc - ok
08:32:25.0716 0436 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:32:25.0716 0436 WPCSvc - ok
08:32:25.0716 0436 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:32:25.0732 0436 WPDBusEnum - ok
08:32:25.0732 0436 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:32:25.0732 0436 ws2ifsl - ok
08:32:25.0747 0436 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
08:32:25.0747 0436 wscsvc - ok
08:32:25.0747 0436 WSearch - ok
08:32:25.0825 0436 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
08:32:25.0857 0436 wuauserv - ok
08:32:25.0872 0436 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:32:25.0872 0436 WudfPf - ok
08:32:25.0903 0436 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:32:25.0903 0436 WUDFRd - ok
08:32:25.0919 0436 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:32:25.0919 0436 wudfsvc - ok
08:32:25.0935 0436 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
08:32:25.0935 0436 WwanSvc - ok
08:32:25.0981 0436 X6va005 - ok
08:32:25.0997 0436 X6va008 - ok
08:32:26.0013 0436 ================ Scan global ===============================
08:32:26.0028 0436 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
08:32:26.0059 0436 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
08:32:26.0059 0436 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
08:32:26.0075 0436 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
08:32:26.0091 0436 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
08:32:26.0091 0436 [Global] - ok
08:32:26.0091 0436 ================ Scan MBR ==================================
08:32:26.0106 0436 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
08:32:26.0527 0436 \Device\Harddisk0\DR0 - ok
08:32:27.0697 0436 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk3\DR3
08:32:29.0554 0436 \Device\Harddisk3\DR3 - ok
08:32:29.0554 0436 ================ Scan VBR ==================================
08:32:29.0803 0436 [ 89FF595FD0C7DE1341CD9A403883A535 ] \Device\Harddisk0\DR0\Partition1
08:32:29.0835 0436 \Device\Harddisk0\DR0\Partition1 - ok
08:32:29.0835 0436 [ A5E2633D19A81682051E07C1DEC5527B ] \Device\Harddisk0\DR0\Partition2
08:32:29.0850 0436 \Device\Harddisk0\DR0\Partition2 - ok
08:32:29.0850 0436 [ 56DE9981A6AAD4C677DADB1EB8DA00AA ] \Device\Harddisk3\DR3\Partition1
08:32:29.0850 0436 \Device\Harddisk3\DR3\Partition1 - ok
08:32:29.0850 0436 ============================================================
08:32:29.0850 0436 Scan finished
08:32:29.0850 0436 ============================================================
08:32:29.0850 2020 Detected object count: 0
08:32:29.0850 2020 Actual detected object count: 0
08:33:10.0832 0660 Deinitialize success

TechieRanger · Sep 19, 2012

Thanks for the information

:

I did check and I think the program that caused this mess is still in my programdata folder.

Yes, that is correct. Please do not touch it.:bigthumb:

Please download MBRCheck.exe to your Desktop.

Double click to run it
A window will open on your Desktop
If an unknown bootcode is found you will have further options available to you, but at this time press N then press Enter twice.
If nothing unusual is found just press Enter.
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your Desktop.
Please post the contents of that file.

In your next reply, please provide the following:

MBRCheck log.
Update on how your PC is running.

Regards,

Richard:greeting:

y_molina · Sep 19, 2012

I have avoided using the computer until it's all clean. I've even disconnected it from the internet. But when I do start her up, she seems to run fine. I haven't checked any online actions though.

Tammy

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 620s
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 153):
0x03065000 \SystemRoot\system32\ntoskrnl.exe
0x0301C000 \SystemRoot\system32\hal.dll
0x00BA6000 \SystemRoot\system32\kdcom.dll
0x00C5D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CAC000 \SystemRoot\system32\PSHED.dll
0x00CC0000 \SystemRoot\system32\CLFS.SYS
0x00D1E000 \SystemRoot\system32\CI.dll
0x00E29000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00ECD000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EDC000 \SystemRoot\system32\drivers\ACPI.sys
0x00F33000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F3C000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F46000 \SystemRoot\system32\drivers\pci.sys
0x00F79000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F86000 \SystemRoot\System32\drivers\partmgr.sys
0x00F9B000 \SystemRoot\system32\drivers\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FB0000 \SystemRoot\system32\drivers\intelide.sys
0x00FB8000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00FC8000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FE2000 \SystemRoot\system32\drivers\atapi.sys
0x0109B000 \SystemRoot\system32\drivers\ataport.SYS
0x010C5000 \SystemRoot\system32\drivers\amdxata.sys
0x010D0000 \SystemRoot\system32\drivers\fltmgr.sys
0x0111C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01130000 \SystemRoot\system32\drivers\mfehidk.sys
0x011CC000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01221000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
0x013C4000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014BD000 \SystemRoot\System32\Drivers\cng.sys
0x0152F000 \SystemRoot\System32\drivers\pcw.sys
0x01540000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01643000 \SystemRoot\system32\drivers\ndis.sys
0x01735000 \SystemRoot\system32\drivers\NETIO.SYS
0x01795000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x0154A000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01594000 \SystemRoot\system32\drivers\mfewfpk.sys
0x01400000 \SystemRoot\system32\drivers\volsnap.sys
0x017BF000 \SystemRoot\System32\Drivers\spldr.sys
0x01600000 \SystemRoot\System32\drivers\rdyboost.sys
0x017C7000 \SystemRoot\System32\Drivers\mup.sys
0x017D9000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0144C000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x017E2000 \SystemRoot\system32\drivers\disk.sys
0x01486000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x0105E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x015F2000 \SystemRoot\System32\Drivers\Null.SYS
0x017F8000 \SystemRoot\System32\Drivers\Beep.SYS
0x013F2000 \SystemRoot\System32\drivers\vga.sys
0x011D9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01200000 \SystemRoot\System32\drivers\watchdog.sys
0x01210000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01088000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01091000 \SystemRoot\system32\drivers\rdprefmp.sys
0x00FEB000 \SystemRoot\System32\Drivers\Msfs.SYS
0x00E00000 \SystemRoot\System32\Drivers\Npfs.SYS
0x00DDE000 \SystemRoot\system32\DRIVERS\tdx.sys
0x00E11000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03CA0000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03CE5000 \SystemRoot\system32\drivers\afd.sys
0x03D6E000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03D77000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03D9D000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x03DAE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03DBD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03DD8000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03C00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03C51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03C5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03C68000 \SystemRoot\System32\drivers\discache.sys
0x03C77000 \SystemRoot\System32\Drivers\dfsc.sys
0x03DEC000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03E85000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04809000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x03EAB000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03F9F000 \SystemRoot\System32\drivers\dxgmms1.sys
0x053BE000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x053CF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03E00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03E56000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04084000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04109000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04116000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0412C000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x0413C000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04152000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04176000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04182000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x041B1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x041CC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04000000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0401A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04029000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04038000 \SystemRoot\system32\DRIVERS\serscan.sys
0x04040000 \SystemRoot\system32\drivers\ksthunk.sys
0x0422E000 \SystemRoot\system32\drivers\ks.sys
0x04271000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04273000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04285000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x042DF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05E45000 \SystemRoot\system32\drivers\CHDRT64.sys
0x05E00000 \SystemRoot\system32\drivers\portcls.sys
0x05FD3000 \SystemRoot\system32\drivers\drmk.sys
0x042F4000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x04347000 \SystemRoot\system32\drivers\mfeavfk.sys
0x0437D000 \SystemRoot\system32\drivers\mfefirek.sys
0x043F1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04200000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x05FF5000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x0420C000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x0421F000 \SystemRoot\System32\drivers\Dxapi.sys
0x04046000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05FFE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04063000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x04074000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x053E0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x041ED000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00520000 \SystemRoot\System32\TSDDD.dll
0x03FE5000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x015D8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x04800000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x013DF000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x007B0000 \SystemRoot\System32\cdd.dll
0x00950000 \SystemRoot\System32\ATMFD.DLL
0x0262C000 \SystemRoot\system32\drivers\luafv.sys
0x0264F000 \SystemRoot\system32\drivers\WudfPf.sys
0x02670000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02685000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0269D000 \SystemRoot\system32\drivers\HTTP.sys
0x02766000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02784000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0279C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x054A9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x054F7000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0551B000 \SystemRoot\system32\drivers\peauth.sys
0x055C1000 \SystemRoot\System32\Drivers\secdrv.SYS
0x055CC000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x05400000 \SystemRoot\System32\drivers\tcpipreg.sys
0x05412000 \SystemRoot\System32\DRIVERS\srv2.sys
0x088B3000 \SystemRoot\System32\DRIVERS\srv.sys
0x0894B000 \SystemRoot\system32\drivers\mfeapfk.sys
0x08971000 \SystemRoot\system32\drivers\cfwids.sys
0x08980000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x089B1000 \SystemRoot\System32\Drivers\fastfat.SYS
0x089E7000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x089F4000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x771E0000 \Windows\System32\ntdll.dll
0x48190000 \Windows\System32\smss.exe
0xFF500000 \Windows\System32\apisetschema.dll
0xFFA80000 \Windows\System32\autochk.exe

Processes (total 53):
0 System Idle Process
4 System
292 C:\Windows\System32\smss.exe
452 csrss.exe
528 C:\Windows\System32\wininit.exe
544 csrss.exe
576 C:\Windows\System32\services.exe
592 C:\Windows\System32\lsass.exe
600 C:\Windows\System32\lsm.exe
668 C:\Windows\System32\winlogon.exe
764 C:\Windows\System32\svchost.exe
840 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\svchost.exe
988 C:\Windows\System32\svchost.exe
180 C:\Windows\System32\svchost.exe
340 C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
568 C:\Windows\System32\audiodg.exe
112 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\spoolsv.exe
1232 C:\Windows\System32\svchost.exe
1340 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1372 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1428 C:\Windows\System32\taskhost.exe
1524 C:\Windows\System32\dwm.exe
1548 C:\Windows\explorer.exe
1692 C:\Windows\System32\svchost.exe
1720 C:\Windows\System32\mfevtps.exe
1848 C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
1876 C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
1916 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
2004 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
1056 C:\Windows\System32\svchost.exe
1328 C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
2060 C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
2112 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
2204 C:\Windows\System32\rundll32.exe
2276 C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
2348 C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
2844 C:\Windows\System32\SearchIndexer.exe
2372 C:\Windows\System32\svchost.exe
2824 WUDFHost.exe
3188 C:\Windows\splwow64.exe
3248 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
3296 C:\Program Files\Windows Media Player\wmpnetwk.exe
2976 WmiPrvSE.exe
1708 C:\PROGRA~1\mcafee.com\agent\mcagent.exe
3928 <unknown>
3500 C:\Windows\System32\taskeng.exe
3964 C:\Program Files\Dell Support Center\uaclauncher.exe
1836 C:\Users\Tams\Desktop\MBRCheck.exe
2020 C:\Windows\System32\conhost.exe
3956 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`b6800000 (NTFS)

PhysicalDrive0 Model Number: ST3500413AS, Rev: JC49

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

TechieRanger · Sep 20, 2012

Download RogueKiller and save it on your Desktop.

Quit all programs.
Start RogueKiller.exe. For Vista or Windows 7, right-click on the program, select Run as Administrator to start, then when prompted, press Allow to run.
Wait until Pre-scan has finished.
Click on Scan.
Wait for the scan to complete.
When the scan completes, close the program.
The report has been created on the Desktop.
Please post the contents of the RKreport.txt file located on your Desktop.

In your next reply, please provide the following:

RK report log.
Update on how your PC is running.

Regards,

Richard:greeting:

y_molina · Sep 20, 2012

Everything is the same as before.

Thanks
Tammy

User : Tams [Admin rights]
Mode : Scan -- Date : 09/20/2012 08:58:02

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[STARTUP][BLACKLIST DLL] Monitor Ink Alerts - HP Officejet Pro 8600.lnk @Tams : C:\Windows\system32\RunDll32.exe|"C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN238BS2JD05KC;CONNECTION=USB;MONITOR=1; -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500413AS ATA Device +++++
--- User ---
[MBR] b1f02b5ae6222e42518151ebda7f38ee
[BSP] f0ed52227c5a750a084a39073d193a7e : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15168 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31145984 | Size: 461717 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 89c1f5d3152c5363e23a03831c028d20
[BSP] f0ed52227c5a750a084a39073d193a7e : Windows Vista MBR Code [possible maxSST in 3!]
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15168 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31145984 | Size: 461717 Mo
3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 976744448 | Size: 10 Mo

+++++ PhysicalDrive3: HP Officejet Pro 86 USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

TechieRanger · Sep 21, 2012

You have a hidden malware partition that we need to deactivate and remove.
We'll need a flashdrive and if possible your Windows 7 disk.

Download ListParts64 and save it to the flashdrive.

With the flash drive attached to the computer boot to the System Recovery Options screen.

Select the command prompt
Type e:\listparts64.exe and hit Enter.

(where e: is replaced by the drive letter for your USB drive)
Listparts will start to run
- Check the box beside List BCD
- Press the Scan button

When finished scanning it will make a log Result.txt on the flash drive. Please copy and paste it to your reply.

Regards,

Richard:greeting:

y_molina · Sep 21, 2012

I've ran into a bit of a snag. When I try to start System Recovery Options it just gives a black screens that says "Loading Windows Files..." I've waited over an hour and a half. I don't know what to do.

Tammy

TechieRanger · Sep 22, 2012

Have you tried entering System Recovery Options by using your Windows 7 DVD?

Plug the USB drive with Listparts into the infected machine.

To enter System Recovery Options by using your Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.
Select the Command Prompt option.
Type e:\listparts64.exe and hit Enter.

(where e: is replaced by the drive letter for your USB drive)
Listparts will start to run
- Check the box beside List BCD
- Press the Scan button

When finished scanning it will make a log Result.txt on the flash drive. Please copy and paste it to your reply.

Regards,

Richard:greeting:

y_molina · Sep 22, 2012

Ok so the computer didn't come with a Windows Installation disk. But when I got the computer, I did make the recovery disks for it. When I put the first one in and I make it boot to the CD drive it goes to a system restore screen. When I press F8 while loading with the disk drive set to boot first, I get the black screen with all the options as when I start it with the hard drive to boot first except for it is missing the "Repair the computer" option.

The only other disk I have is the drives and utilities disk. That didn't work either.

I appreciate your help!

Tammy

TechieRanger · Sep 23, 2012

We need to create a Windows 7 System Repair Disk. Note that this disk can only be used to access the Recovery Environment, not to reinstall Windows 7.

Press the Windows Key + R, then type recdisc.exe in the Run box and press Enter.
If you get a UAC prompt, allow the application to run by clicking Yes. You will see the following:
Make sure you have a blank CD or DVD in your CD/DVD drive and click Create disc. Note: If AutoPlay comes up, just close it.
When the System Repair Disk has been created, click Close and then OK. Your System Repair Disk is now ready for use.

Let me know when you have this.

Regards,

Richard:greeting:

y_molina · Sep 23, 2012

Ok I have it made.

Tammy

TechieRanger · Sep 23, 2012

Let`s try entering System Recovery Options by using your Windows 7 System Repair Disk.

:bigthumb:

Plug the USB drive with Listparts into the infected machine.

To enter System Recovery Options by using your Windows 7 System Repair Disk:

Insert the Windows 7 System Repair Disk.
Restart your computer.
If prompted, press any key to start Windows from the disk. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.
Select the Command Prompt option.
Type e:\listparts64.exe and hit Enter.

(where e: is replaced by the drive letter for your USB drive)
Listparts will start to run
- Check the box beside List BCD
- Press the Scan button

When finished scanning it will make a log Result.txt on the flash drive. Please copy and paste it to your reply.

Regards,

Richard:greeting:

y_molina · Sep 24, 2012

It finally worked! Yeah! Here is the log

ListParts by Farbar Version: 17-09-2012
Ran by SYSTEM (administrator) on 24-09-2012 at 00:19:01
Windows 7 (X64)
Running From: G:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 4008.64 MB
Available physical RAM: 3535.41 MB
Total Pagefile: 4006.84 MB
Available Pagefile: 3516.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:450.9 GB) (Free:340.75 GB) NTFS
2 Drive d: (Repair disc 64-bit) (CDROM) (Total:0.18 GB) (Free:0 GB) UDF
4 Drive f: (RECOVERY) (Fixed) (Total:14.81 GB) (Free:5.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: () (Removable) (Total:0.12 GB) (Free:0.11 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 120 MB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 450 GB 14 GB
Partition 4 Primary 10 MB 465 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 F RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 450 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 120 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 G FAT Removable 120 MB Healthy

======================================================================================================
The boot configuration data store could not be opened.
The system cannot find the file specified.

****** End Of Log ******

TechieRanger · Sep 25, 2012

Nice job:bigthumb:

Please do the following:

Click Start and in the Search programs and files box type Notepad.exe then hit Enter.
An empty Notepad file will open.
Copy and paste the contents of the code box below into Notepad.
Code:
```
Disk=0 Partition=2 active 
Disk=0 Partition=4 delete
custom
```
Press File and Save it as fix.txt to the flash drive where ListParts resides.

Now please enter System Recovery Options by using your Windows 7 System Repair Disk, then run ListParts again:

Boot your computer into Recovery Environment using the Windows 7 System Repair Disk.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select the Command Prompt option.
Type e:\listparts64.exe and hit Enter.

(where e: is replaced by the drive letter for your USB drive)
ListParts will start to run.
Press the Fix button.
ListParts will process the script in Fix.txt
When finished, please press Scan.
A log Result.txt will be saved to the flash drive.
Close the command window.
Boot back into normal mode then post the resultant log.

Regards,

Richard

olice:

y_molina · Sep 25, 2012

OK here is what happened. There is a new file on my flash drive called PLfixlog. It has this in it. I've ran it twice (in case I did something wrong) and both times this is what happened.

Script used: "Disk=0 Partition=2 active "
Script used: "Disk=0 Partition=4 delete"
Script used: "custom"

An error occurred while attempting to delete the specified data element.
Element not found.

The content of the result file is listed below.

Thank you,

Tammy

ListParts by Farbar Version: 17-09-2012
Ran by SYSTEM (administrator) on 25-09-2012 at 15:56:47
Windows 7 (X64)
Running From: G:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 4008.64 MB
Available physical RAM: 3492.72 MB
Total Pagefile: 4006.84 MB
Available Pagefile: 3478.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:450.9 GB) (Free:340.41 GB) NTFS
2 Drive d: (Repair disc 64-bit) (CDROM) (Total:0.18 GB) (Free:0 GB) UDF
5 Drive g: () (Removable) (Total:0.12 GB) (Free:0.11 GB) FAT
6 Drive h: (RECOVERY) (Fixed) (Total:14.81 GB) (Free:5.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 13 MB
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 Online 120 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 450 GB 14 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 H RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 450 GB Healthy

======================================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 120 MB 16 KB

======================================================================================================

Disk: 3
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 G FAT Removable 120 MB Healthy

======================================================================================================

****** End Of Log ******

TechieRanger · Sep 27, 2012

Do any start menu/Desktop items still need to be restored?

can you access everything on the computer now?

Please download OTL by OldTimer.

Save it to your Desktop.
Please click OTL and then click >> run.
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:Processes
explorer.exe

:Files
C:\ProgramData\9CB2PVYe52Lx0U.exe

:Commands
[purity]
[resethosts]
[Reboot]

Then click the Run Fix button at the top.
Let the program run unhindered, reboot when it is done.
Then post the results of the log it produces.

Next

Please delete your copy of aswMBR.exe and then download a fresh copy of aswMBR:

Download aswMBR.exe and save it to your desktop.
Double click aswMBR.exe to start the tool.
When asked if you want to download Avast's virus definitions please select Yes.
Click Scan
- Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
- You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

In your next reply, please provide the following:

OTL log.
aswMBR log.
Description of how your PC is running.

Regards,

Richard:greeting:

Something has infected me, not sure what

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member