[SOLVED] Dell inspiron 570 keeps restarting

[jackel]

Ok here is the file

16:37:21.0302 2708  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:37:21.0318 2708  ============================================================
16:37:21.0318 2708  Current date / time: 2013/04/16 16:37:21.0318
16:37:21.0318 2708  SystemInfo:
16:37:21.0318 2708  
16:37:21.0318 2708  OS Version: 6.1.7601 ServicePack: 1.0
16:37:21.0318 2708  Product type: Workstation
16:37:21.0318 2708  ComputerName: HOMEOFFICE-PC
16:37:21.0318 2708  UserName: Home Office
16:37:21.0318 2708  Windows directory: C:\Windows
16:37:21.0318 2708  System windows directory: C:\Windows
16:37:21.0318 2708  Running under WOW64
16:37:21.0318 2708  Processor architecture: Intel x64
16:37:21.0318 2708  Number of processors: 4
16:37:21.0318 2708  Page size: 0x1000
16:37:21.0318 2708  Boot type: Safe boot with network
16:37:21.0318 2708  ============================================================
16:37:22.0238 2708  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:37:22.0238 2708  Drive \Device\Harddisk1\DR6 - Size: 0x74C00000 (1.82 Gb), SectorSize: 0x200, Cylinders: 0xEE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:37:22.0269 2708  ============================================================
16:37:22.0269 2708  \Device\Harddisk0\DR0:
16:37:22.0269 2708  MBR partitions:
16:37:22.0269 2708  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D9F000
16:37:22.0269 2708  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1DB3000, BlocksNum 0x72953000
16:37:22.0269 2708  \Device\Harddisk1\DR6:
16:37:22.0269 2708  MBR partitions:
16:37:22.0269 2708  \Device\Harddisk1\DR6\Partition1: MBR, Type 0x6, StartLBA 0x3E, BlocksNum 0x3A57B4
16:37:22.0269 2708  ============================================================
16:37:22.0285 2708  C: <-> \Device\Harddisk0\DR0\Partition2
16:37:22.0285 2708  ============================================================
16:37:22.0285 2708  Initialize success
16:37:22.0285 2708  ============================================================
16:37:24.0984 1112  ============================================================
16:37:24.0984 1112  Scan started
16:37:24.0984 1112  Mode: Manual; 
16:37:24.0984 1112  ============================================================
16:37:25.0467 1112  ================ Scan system memory ========================
16:37:25.0467 1112  System memory - ok
16:37:25.0467 1112  ================ Scan services =============================
16:37:25.0608 1112  0121311364716903mcinstcleanup - ok
16:37:26.0013 1112  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:37:26.0013 1112  1394ohci - ok
16:37:26.0029 1112  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:37:26.0029 1112  ACPI - ok
16:37:26.0029 1112  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:37:26.0029 1112  AcpiPmi - ok
16:37:26.0154 1112  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:37:26.0154 1112  AdobeARMservice - ok
16:37:26.0200 1112  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
16:37:26.0200 1112  adp94xx - ok
16:37:26.0200 1112  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
16:37:26.0200 1112  adpahci - ok
16:37:26.0216 1112  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
16:37:26.0216 1112  adpu320 - ok
16:37:26.0247 1112  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:37:26.0247 1112  AeLookupSvc - ok
16:37:26.0278 1112  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
16:37:26.0278 1112  AFD - ok
16:37:26.0278 1112  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:37:26.0294 1112  agp440 - ok
16:37:26.0294 1112  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
16:37:26.0294 1112  ALG - ok
16:37:26.0294 1112  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:37:26.0294 1112  aliide - ok
16:37:26.0325 1112  [ E2934A5F82E010D8783544536384B035 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:37:26.0325 1112  AMD External Events Utility - ok
16:37:26.0341 1112  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
16:37:26.0341 1112  amdide - ok
16:37:26.0341 1112  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
16:37:26.0341 1112  AmdK8 - ok
16:37:26.0356 1112  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:37:26.0356 1112  AmdPPM - ok
16:37:26.0356 1112  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:37:26.0356 1112  amdsata - ok
16:37:26.0372 1112  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
16:37:26.0372 1112  amdsbs - ok
16:37:26.0388 1112  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:37:26.0388 1112  amdxata - ok
16:37:26.0388 1112  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
16:37:26.0388 1112  AppID - ok
16:37:26.0403 1112  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:37:26.0403 1112  AppIDSvc - ok
16:37:26.0403 1112  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
16:37:26.0403 1112  Appinfo - ok
16:37:26.0419 1112  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
16:37:26.0419 1112  arc - ok
16:37:26.0419 1112  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:37:26.0419 1112  arcsas - ok
16:37:26.0700 1112  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:37:26.0700 1112  aspnet_state - ok
16:37:26.0700 1112  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:37:26.0715 1112  AsyncMac - ok
16:37:26.0715 1112  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
16:37:26.0715 1112  atapi - ok
16:37:26.0731 1112  [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
16:37:26.0731 1112  AtiHdmiService - ok
16:37:26.0824 1112  [ ADF81052D94BCD3FF7DB2FE59E3ED6F4 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:37:26.0856 1112  atikmdag - ok
16:37:26.0856 1112  [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie         C:\Windows\system32\drivers\AtiPcie.sys
16:37:26.0856 1112  AtiPcie - ok
16:37:26.0871 1112  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:37:26.0887 1112  AudioEndpointBuilder - ok
16:37:26.0887 1112  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:37:26.0887 1112  AudioSrv - ok
16:37:26.0902 1112  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:37:26.0902 1112  AxInstSV - ok
16:37:26.0918 1112  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
16:37:26.0918 1112  b06bdrv - ok
16:37:26.0918 1112  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:37:26.0934 1112  b57nd60a - ok
16:37:27.0058 1112  [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
16:37:27.0058 1112  BBSvc - ok
16:37:27.0105 1112  [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
16:37:27.0105 1112  BBUpdate - ok
16:37:27.0105 1112  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:37:27.0105 1112  BDESVC - ok
16:37:27.0152 1112  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:37:27.0152 1112  Beep - ok
16:37:27.0183 1112  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
16:37:27.0183 1112  BFE - ok
16:37:27.0246 1112  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
16:37:27.0246 1112  BITS - ok
16:37:27.0261 1112  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:37:27.0261 1112  blbdrive - ok
16:37:27.0261 1112  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:37:27.0261 1112  bowser - ok
16:37:27.0261 1112  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
16:37:27.0261 1112  BrFiltLo - ok
16:37:27.0277 1112  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
16:37:27.0277 1112  BrFiltUp - ok
16:37:27.0292 1112  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
16:37:27.0292 1112  Browser - ok
16:37:27.0308 1112  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:37:27.0308 1112  Brserid - ok
16:37:27.0324 1112  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:37:27.0324 1112  BrSerWdm - ok
16:37:27.0324 1112  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:37:27.0324 1112  BrUsbMdm - ok
16:37:27.0324 1112  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:37:27.0324 1112  BrUsbSer - ok
16:37:27.0339 1112  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
16:37:27.0339 1112  BTHMODEM - ok
16:37:27.0339 1112  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
16:37:27.0339 1112  bthserv - ok
16:37:27.0339 1112  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:37:27.0355 1112  cdfs - ok
16:37:27.0386 1112  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:37:27.0386 1112  cdrom - ok
16:37:27.0417 1112  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:37:27.0417 1112  CertPropSvc - ok
16:37:27.0448 1112  [ D2B3252AD4EB499C935A56467997AA3C ] cfwids          C:\Windows\system32\drivers\cfwids.sys
16:37:27.0448 1112  cfwids - ok
16:37:27.0464 1112  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
16:37:27.0464 1112  circlass - ok
16:37:27.0480 1112  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
16:37:27.0480 1112  CLFS - ok
16:37:27.0573 1112  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:37:27.0573 1112  clr_optimization_v2.0.50727_32 - ok
16:37:27.0714 1112  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:37:27.0714 1112  clr_optimization_v2.0.50727_64 - ok
16:37:27.0916 1112  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:37:27.0916 1112  clr_optimization_v4.0.30319_32 - ok
16:37:27.0932 1112  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:37:27.0932 1112  clr_optimization_v4.0.30319_64 - ok
16:37:27.0948 1112  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
16:37:27.0948 1112  CmBatt - ok
16:37:27.0948 1112  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:37:27.0948 1112  cmdide - ok
16:37:27.0963 1112  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
16:37:27.0963 1112  CNG - ok
16:37:27.0963 1112  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
16:37:27.0963 1112  Compbatt - ok
16:37:27.0963 1112  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
16:37:27.0963 1112  CompositeBus - ok
16:37:28.0010 1112  COMSysApp - ok
16:37:28.0026 1112  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
16:37:28.0026 1112  crcdisk - ok
16:37:28.0057 1112  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:37:28.0057 1112  CryptSvc - ok
16:37:28.0166 1112  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
16:37:28.0166 1112  cvhsvc - ok
16:37:28.0213 1112  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:37:28.0213 1112  DcomLaunch - ok
16:37:28.0244 1112  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
16:37:28.0244 1112  defragsvc - ok
16:37:28.0275 1112  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:37:28.0275 1112  DfsC - ok
16:37:28.0291 1112  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:37:28.0291 1112  Dhcp - ok
16:37:28.0291 1112  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
16:37:28.0291 1112  discache - ok
16:37:28.0306 1112  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
16:37:28.0306 1112  Disk - ok
16:37:28.0322 1112  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:37:28.0322 1112  Dnscache - ok
16:37:28.0338 1112  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:37:28.0338 1112  dot3svc - ok
16:37:28.0353 1112  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
16:37:28.0353 1112  Dot4 - ok
16:37:28.0384 1112  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:37:28.0400 1112  Dot4Print - ok
16:37:28.0400 1112  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
16:37:28.0400 1112  dot4usb - ok
16:37:28.0416 1112  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
16:37:28.0416 1112  DPS - ok
16:37:28.0416 1112  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:37:28.0416 1112  drmkaud - ok
16:37:28.0447 1112  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:37:28.0447 1112  DXGKrnl - ok
16:37:28.0478 1112  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
16:37:28.0478 1112  EapHost - ok
16:37:28.0556 1112  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
16:37:28.0556 1112  ebdrv - ok
16:37:28.0587 1112  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
16:37:28.0587 1112  EFS - ok
16:37:28.0696 1112  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:37:28.0696 1112  ehRecvr - ok
16:37:28.0743 1112  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
16:37:28.0743 1112  ehSched - ok
16:37:28.0759 1112  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
16:37:28.0759 1112  elxstor - ok
16:37:28.0790 1112  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:37:28.0790 1112  ErrDev - ok
16:37:28.0821 1112  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
16:37:28.0821 1112  EventSystem - ok
16:37:28.0821 1112  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
16:37:28.0837 1112  exfat - ok
16:37:28.0837 1112  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:37:28.0837 1112  fastfat - ok
16:37:28.0868 1112  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
16:37:28.0868 1112  Fax - ok
16:37:28.0884 1112  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
16:37:28.0884 1112  fdc - ok
16:37:28.0884 1112  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:37:28.0884 1112  fdPHost - ok
16:37:28.0899 1112  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:37:28.0899 1112  FDResPub - ok
16:37:28.0930 1112  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:37:28.0946 1112  FileInfo - ok
16:37:28.0946 1112  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:37:28.0946 1112  Filetrace - ok
16:37:28.0946 1112  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
16:37:28.0946 1112  flpydisk - ok
16:37:28.0962 1112  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:37:28.0962 1112  FltMgr - ok
16:37:29.0008 1112  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
16:37:29.0008 1112  FontCache - ok
16:37:29.0040 1112  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:37:29.0040 1112  FontCache3.0.0.0 - ok
16:37:29.0071 1112  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:37:29.0086 1112  FsDepends - ok
16:37:29.0102 1112  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:37:29.0102 1112  Fs_Rec - ok
16:37:29.0102 1112  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:37:29.0102 1112  fvevol - ok
16:37:29.0102 1112  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:37:29.0102 1112  gagp30kx - ok
16:37:29.0180 1112  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
16:37:29.0180 1112  GamesAppService - ok
16:37:29.0274 1112  [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist      C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
16:37:29.0274 1112  GoToAssist - ok
16:37:29.0289 1112  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
16:37:29.0289 1112  gpsvc - ok
16:37:29.0320 1112  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:37:29.0320 1112  hcw85cir - ok
16:37:29.0336 1112  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:37:29.0336 1112  HDAudBus - ok
16:37:29.0367 1112  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
16:37:29.0367 1112  HidBatt - ok
16:37:29.0383 1112  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:37:29.0383 1112  HidBth - ok
16:37:29.0383 1112  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
16:37:29.0383 1112  HidIr - ok
16:37:29.0398 1112  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
16:37:29.0398 1112  hidserv - ok
16:37:29.0414 1112  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:37:29.0414 1112  HidUsb - ok
16:37:29.0445 1112  [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK      C:\Windows\system32\drivers\HipShieldK.sys
16:37:29.0445 1112  HipShieldK - ok
16:37:29.0461 1112  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:37:29.0476 1112  hkmsvc - ok
16:37:29.0508 1112  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:37:29.0508 1112  HomeGroupListener - ok
16:37:29.0539 1112  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:37:29.0554 1112  HomeGroupProvider - ok
16:37:29.0726 1112  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
16:37:29.0742 1112  hpqcxs08 - ok
16:37:29.0757 1112  [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
16:37:29.0757 1112  hpqddsvc - ok
16:37:29.0757 1112  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:37:29.0757 1112  HpSAMD - ok
16:37:29.0788 1112  [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
16:37:29.0804 1112  HPSLPSVC - ok
16:37:29.0835 1112  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:37:29.0851 1112  HTTP - ok
16:37:29.0851 1112  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:37:29.0851 1112  hwpolicy - ok
16:37:29.0882 1112  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:37:29.0882 1112  i8042prt - ok
16:37:29.0898 1112  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:37:29.0898 1112  iaStorV - ok
16:37:29.0960 1112  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:37:29.0960 1112  idsvc - ok
16:37:29.0976 1112  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
16:37:29.0976 1112  iirsp - ok
16:37:30.0007 1112  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
16:37:30.0007 1112  IKEEXT - ok
16:37:30.0069 1112  [ 9526F32B8A76F8DC25A1587400E30084 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:37:30.0085 1112  IntcAzAudAddService - ok
16:37:30.0085 1112  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
16:37:30.0085 1112  intelide - ok
16:37:30.0085 1112  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
16:37:30.0085 1112  intelppm - ok
16:37:30.0100 1112  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:37:30.0100 1112  IPBusEnum - ok
16:37:30.0100 1112  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:37:30.0100 1112  IpFilterDriver - ok
16:37:30.0147 1112  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:37:30.0147 1112  iphlpsvc - ok
16:37:30.0147 1112  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:37:30.0147 1112  IPMIDRV - ok
16:37:30.0163 1112  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:37:30.0163 1112  IPNAT - ok
16:37:30.0163 1112  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:37:30.0163 1112  IRENUM - ok
16:37:30.0163 1112  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:37:30.0163 1112  isapnp - ok
16:37:30.0194 1112  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:37:30.0210 1112  iScsiPrt - ok
16:37:30.0225 1112  [ D85F3F18E44F7447B5F1BA5C85BAEB7C ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
16:37:30.0225 1112  k57nd60a - ok
16:37:30.0225 1112  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:37:30.0225 1112  kbdclass - ok
16:37:30.0241 1112  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:37:30.0241 1112  kbdhid - ok
16:37:30.0288 1112  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
16:37:30.0288 1112  KeyIso - ok
16:37:30.0303 1112  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:37:30.0303 1112  KSecDD - ok
16:37:30.0319 1112  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:37:30.0319 1112  KSecPkg - ok
16:37:30.0319 1112  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:37:30.0319 1112  ksthunk - ok
16:37:30.0350 1112  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:37:30.0350 1112  KtmRm - ok
16:37:30.0412 1112  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:37:30.0412 1112  LanmanServer - ok
16:37:30.0444 1112  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:37:30.0444 1112  LanmanWorkstation - ok
16:37:30.0459 1112  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:37:30.0459 1112  lltdio - ok
16:37:30.0553 1112  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:37:30.0553 1112  lltdsvc - ok
16:37:30.0568 1112  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:37:30.0568 1112  lmhosts - ok
16:37:30.0646 1112  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
16:37:30.0646 1112  LSI_FC - ok
16:37:30.0646 1112  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:37:30.0646 1112  LSI_SAS - ok
16:37:30.0646 1112  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
16:37:30.0646 1112  LSI_SAS2 - ok
16:37:30.0662 1112  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:37:30.0662 1112  LSI_SCSI - ok
16:37:30.0662 1112  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
16:37:30.0662 1112  luafv - ok
16:37:30.0771 1112  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:37:30.0771 1112  McAfee SiteAdvisor Service - ok
16:37:30.0849 1112  [ 9504F1DDA1B67FB8D526FD4F8CC882F3 ] McAWFwk         c:\PROGRA~1\mcafee\msc\mcawfwk.exe
16:37:30.0865 1112  McAWFwk - ok
16:37:30.0880 1112  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:37:30.0880 1112  McMPFSvc - ok
16:37:30.0896 1112  [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:37:30.0896 1112  mcmscsvc - ok
16:37:30.0896 1112  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:37:30.0896 1112  McNaiAnn - ok
16:37:30.0912 1112  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:37:30.0912 1112  McNASvc - ok
16:37:30.0974 1112  [ 1814532DB0404C5FB65AA3EB051B2BE5 ] McODS           C:\Program Files\mcafee\VirusScan\mcods.exe
16:37:30.0990 1112  McODS - ok
16:37:30.0990 1112  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McOobeSv        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
16:37:30.0990 1112  McOobeSv - ok
16:37:31.0005 1112  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:37:31.0005 1112  McProxy - ok
16:37:31.0083 1112  [ 21F81090A00932C5E96700EDF2977582 ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
16:37:31.0083 1112  McShield - ok
16:37:31.0130 1112  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:37:31.0130 1112  Mcx2Svc - ok
16:37:31.0146 1112  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
16:37:31.0146 1112  megasas - ok
16:37:31.0161 1112  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
16:37:31.0161 1112  MegaSR - ok
16:37:31.0161 1112  [ B1720E97FABBDF7D30B36DAF19C3DEE8 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
16:37:31.0161 1112  mfeapfk - ok
16:37:31.0192 1112  [ 113F1534B80D65DFDCA660F19967A3B7 ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
16:37:31.0192 1112  mfeavfk - ok
16:37:31.0208 1112  [ C4F521310E40327BBC8E8E71DA344F48 ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
16:37:31.0208 1112  mfefire - ok
16:37:31.0208 1112  [ CECC9841D036EE008091825272D91331 ] mfefirek        C:\Windows\system32\drivers\mfefirek.sys
16:37:31.0224 1112  mfefirek - ok
16:37:31.0239 1112  [ EF0F85EDBDF6C0AB467E88E0CEE2B346 ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
16:37:31.0239 1112  mfehidk - ok
16:37:31.0255 1112  [ 6E3A46BF6CBB80450CC24F80FE03ED5A ] mferkdet        C:\Windows\system32\drivers\mferkdet.sys
16:37:31.0255 1112  mferkdet - ok
16:37:31.0270 1112  [ 341BFCAA3A55C08E8C9ECB1654ACA905 ] mfevtp          C:\Windows\system32\mfevtps.exe
16:37:31.0270 1112  mfevtp - ok
16:37:31.0317 1112  [ 2802D09F1B6ED502237539563F3C4992 ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
16:37:31.0317 1112  mfewfpk - ok
16:37:31.0348 1112  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
16:37:31.0348 1112  MMCSS - ok
16:37:31.0348 1112  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
16:37:31.0348 1112  Modem - ok
16:37:31.0380 1112  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:37:31.0380 1112  monitor - ok
16:37:31.0380 1112  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:37:31.0380 1112  mouclass - ok
16:37:31.0395 1112  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:37:31.0395 1112  mouhid - ok
16:37:31.0411 1112  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:37:31.0411 1112  mountmgr - ok
16:37:31.0411 1112  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:37:31.0411 1112  mpio - ok
16:37:31.0411 1112  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:37:31.0426 1112  mpsdrv - ok
16:37:31.0458 1112  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:37:31.0458 1112  MpsSvc - ok
16:37:31.0489 1112  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:37:31.0489 1112  MRxDAV - ok
16:37:31.0504 1112  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:37:31.0504 1112  mrxsmb - ok
16:37:31.0504 1112  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:37:31.0504 1112  mrxsmb10 - ok
16:37:31.0520 1112  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:37:31.0520 1112  mrxsmb20 - ok
16:37:31.0520 1112  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:37:31.0520 1112  msahci - ok
16:37:31.0536 1112  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:37:31.0536 1112  msdsm - ok
16:37:31.0551 1112  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
16:37:31.0551 1112  MSDTC - ok
16:37:31.0567 1112  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:37:31.0567 1112  Msfs - ok
16:37:31.0567 1112  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:37:31.0567 1112  mshidkmdf - ok
16:37:31.0582 1112  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:37:31.0582 1112  msisadrv - ok
16:37:31.0614 1112  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:37:31.0614 1112  MSiSCSI - ok
16:37:31.0645 1112  msiserver - ok
16:37:31.0660 1112  [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:37:31.0660 1112  MSK80Service - ok
16:37:31.0660 1112  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:37:31.0660 1112  MSKSSRV - ok
16:37:31.0692 1112  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:37:31.0692 1112  MSPCLOCK - ok
16:37:31.0692 1112  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:37:31.0692 1112  MSPQM - ok
16:37:31.0692 1112  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:37:31.0692 1112  MsRPC - ok
16:37:31.0707 1112  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:37:31.0707 1112  mssmbios - ok
16:37:31.0707 1112  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:37:31.0707 1112  MSTEE - ok
16:37:31.0723 1112  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
16:37:31.0723 1112  MTConfig - ok
16:37:31.0723 1112  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:37:31.0723 1112  Mup - ok
16:37:31.0754 1112  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
16:37:31.0754 1112  napagent - ok
16:37:31.0785 1112  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:37:31.0801 1112  NativeWifiP - ok
16:37:31.0832 1112  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:37:31.0832 1112  NDIS - ok
16:37:31.0879 1112  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:37:31.0879 1112  NdisCap - ok
16:37:31.0879 1112  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:37:31.0879 1112  NdisTapi - ok
16:37:31.0894 1112  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:37:31.0894 1112  Ndisuio - ok
16:37:31.0894 1112  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:37:31.0894 1112  NdisWan - ok
16:37:31.0910 1112  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:37:31.0910 1112  NDProxy - ok
16:37:31.0910 1112  [ 85E3DF39B5C7F5249EFD120907C0E2D2 ] NEOFLTR_650_15991 C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS
16:37:31.0910 1112  NEOFLTR_650_15991 - ok
16:37:31.0957 1112  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
16:37:31.0957 1112  Net Driver HPZ12 - ok
16:37:31.0972 1112  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:37:31.0988 1112  NetBIOS - ok
16:37:32.0004 1112  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:37:32.0004 1112  NetBT - ok
16:37:32.0019 1112  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
16:37:32.0019 1112  Netlogon - ok
16:37:32.0066 1112  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
16:37:32.0066 1112  Netman - ok
16:37:32.0269 1112  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:37:32.0269 1112  NetMsmqActivator - ok
16:37:32.0269 1112  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:37:32.0269 1112  NetPipeActivator - ok
16:37:32.0300 1112  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
16:37:32.0300 1112  netprofm - ok
16:37:32.0316 1112  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:37:32.0316 1112  NetTcpActivator - ok
16:37:32.0316 1112  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:37:32.0316 1112  NetTcpPortSharing - ok
16:37:32.0316 1112  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
16:37:32.0316 1112  nfrd960 - ok
16:37:32.0347 1112  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:37:32.0347 1112  NlaSvc - ok
16:37:32.0378 1112  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:37:32.0378 1112  Npfs - ok
16:37:32.0394 1112  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
16:37:32.0394 1112  nsi - ok
16:37:32.0394 1112  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:37:32.0394 1112  nsiproxy - ok
16:37:32.0425 1112  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:37:32.0440 1112  Ntfs - ok
16:37:32.0440 1112  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
16:37:32.0440 1112  Null - ok
16:37:32.0456 1112  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:37:32.0456 1112  nvraid - ok
16:37:32.0472 1112  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:37:32.0472 1112  nvstor - ok
16:37:32.0472 1112  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:37:32.0472 1112  nv_agp - ok
16:37:32.0472 1112  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:37:32.0472 1112  ohci1394 - ok
16:37:32.0550 1112  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:37:32.0550 1112  ose - ok
16:37:32.0706 1112  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:37:32.0721 1112  osppsvc - ok
16:37:32.0768 1112  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:37:32.0768 1112  p2pimsvc - ok
16:37:32.0799 1112  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:37:32.0799 1112  p2psvc - ok
16:37:32.0815 1112  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
16:37:32.0815 1112  Parport - ok
16:37:32.0815 1112  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:37:32.0815 1112  partmgr - ok
16:37:32.0815 1112  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:37:32.0831 1112  PcaSvc - ok
16:37:33.0096 1112  PcdrNdisuio - ok
16:37:33.0236 1112  [ 4B5F5774FF1C577B9515FDD2B5C535C5 ] PCDSRVC{1E208CE0-FB7451FF-06020200}_0 c:\program files\dell support center\pcdsrvc_x64.pkms
16:37:33.0252 1112  PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - ok
16:37:33.0611 1112  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
16:37:33.0611 1112  pci - ok
16:37:33.0611 1112  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
16:37:33.0626 1112  pciide - ok
16:37:33.0626 1112  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:37:33.0626 1112  pcmcia - ok
16:37:33.0626 1112  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:37:33.0626 1112  pcw - ok
16:37:33.0642 1112  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:37:33.0642 1112  PEAUTH - ok
16:37:33.0954 1112  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:37:33.0954 1112  PerfHost - ok
16:37:34.0250 1112  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
16:37:34.0250 1112  pla - ok
16:37:34.0313 1112  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:37:34.0313 1112  PlugPlay - ok
16:37:34.0391 1112  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
16:37:34.0391 1112  Pml Driver HPZ12 - ok
16:37:34.0422 1112  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:37:34.0422 1112  PNRPAutoReg - ok
16:37:34.0453 1112  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:37:34.0453 1112  PNRPsvc - ok
16:37:34.0484 1112  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:37:34.0484 1112  PolicyAgent - ok
16:37:34.0500 1112  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
16:37:34.0500 1112  Power - ok
16:37:34.0625 1112  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:37:34.0625 1112  PptpMiniport - ok
16:37:34.0656 1112  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
16:37:34.0656 1112  Processor - ok
16:37:34.0687 1112  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:37:34.0687 1112  ProfSvc - ok
16:37:34.0718 1112  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:37:34.0718 1112  ProtectedStorage - ok
16:37:34.0765 1112  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:37:34.0765 1112  Psched - ok
16:37:34.0781 1112  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
16:37:34.0781 1112  PxHlpa64 - ok
16:37:34.0812 1112  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
16:37:34.0812 1112  ql2300 - ok
16:37:34.0812 1112  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
16:37:34.0812 1112  ql40xx - ok
16:37:34.0859 1112  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
16:37:34.0874 1112  QWAVE - ok
16:37:34.0874 1112  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:37:34.0874 1112  QWAVEdrv - ok
16:37:34.0874 1112  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:37:34.0874 1112  RasAcd - ok
16:37:34.0921 1112  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:37:34.0921 1112  RasAgileVpn - ok
16:37:34.0937 1112  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
16:37:34.0937 1112  RasAuto - ok
16:37:34.0952 1112  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:37:34.0952 1112  Rasl2tp - ok
16:37:34.0968 1112  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
16:37:34.0968 1112  RasMan - ok
16:37:34.0968 1112  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:37:34.0968 1112  RasPppoe - ok
16:37:34.0999 1112  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:37:34.0999 1112  RasSstp - ok
16:37:35.0015 1112  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:37:35.0015 1112  rdbss - ok
16:37:35.0015 1112  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
16:37:35.0015 1112  rdpbus - ok
16:37:35.0030 1112  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:37:35.0030 1112  RDPCDD - ok
16:37:35.0030 1112  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:37:35.0030 1112  RDPENCDD - ok
16:37:35.0030 1112  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:37:35.0030 1112  RDPREFMP - ok
16:37:35.0061 1112  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:37:35.0061 1112  RDPWD - ok
16:37:35.0077 1112  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:37:35.0077 1112  rdyboost - ok
16:37:35.0108 1112  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:37:35.0108 1112  RemoteAccess - ok
16:37:35.0139 1112  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:37:35.0139 1112  RemoteRegistry - ok
16:37:35.0373 1112  [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
16:37:35.0389 1112  RoxMediaDB12OEM - ok
16:37:35.0405 1112  [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12      C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
16:37:35.0405 1112  RoxWatch12 - ok
16:37:35.0467 1112  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:37:35.0467 1112  RpcEptMapper - ok
16:37:35.0498 1112  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
16:37:35.0498 1112  RpcLocator - ok
16:37:35.0514 1112  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
16:37:35.0514 1112  RpcSs - ok
16:37:35.0529 1112  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:37:35.0529 1112  rspndr - ok
16:37:35.0529 1112  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
16:37:35.0545 1112  SamSs - ok
16:37:35.0561 1112  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:37:35.0561 1112  sbp2port - ok
16:37:35.0576 1112  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:37:35.0576 1112  SCardSvr - ok
16:37:35.0592 1112  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:37:35.0592 1112  scfilter - ok
16:37:35.0607 1112  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
16:37:35.0623 1112  Schedule - ok
16:37:35.0639 1112  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:37:35.0639 1112  SCPolicySvc - ok
16:37:35.0763 1112  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:37:35.0763 1112  SDRSVC - ok
16:37:35.0841 1112  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:37:35.0841 1112  secdrv - ok
16:37:35.0873 1112  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
16:37:35.0873 1112  seclogon - ok
16:37:35.0888 1112  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
16:37:35.0888 1112  SENS - ok
16:37:35.0935 1112  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:37:35.0935 1112  SensrSvc - ok
16:37:35.0935 1112  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
16:37:35.0935 1112  Serenum - ok
16:37:35.0951 1112  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
16:37:35.0951 1112  Serial - ok
16:37:35.0951 1112  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
16:37:35.0951 1112  sermouse - ok
16:37:35.0982 1112  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:37:35.0982 1112  SessionEnv - ok
16:37:35.0997 1112  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:37:35.0997 1112  sffdisk - ok
16:37:36.0029 1112  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:37:36.0029 1112  sffp_mmc - ok
16:37:36.0060 1112  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:37:36.0060 1112  sffp_sd - ok
16:37:36.0060 1112  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
16:37:36.0060 1112  sfloppy - ok
16:37:36.0075 1112  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
16:37:36.0075 1112  Sftfs - ok
16:37:36.0122 1112  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
16:37:36.0122 1112  sftlist - ok
16:37:36.0138 1112  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
16:37:36.0138 1112  Sftplay - ok
16:37:36.0138 1112  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
16:37:36.0138 1112  Sftredir - ok
16:37:36.0278 1112  [ 74EC60E20516AAA573BE74F31175270F ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
16:37:36.0294 1112  SftService - ok
16:37:36.0294 1112  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
16:37:36.0294 1112  Sftvol - ok
16:37:36.0309 1112  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
16:37:36.0309 1112  sftvsa - ok
16:37:36.0341 1112  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:37:36.0341 1112  SharedAccess - ok
16:37:36.0387 1112  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:37:36.0387 1112  ShellHWDetection - ok
16:37:36.0387 1112  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
16:37:36.0387 1112  SiSRaid2 - ok
16:37:36.0403 1112  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:37:36.0403 1112  SiSRaid4 - ok
16:37:36.0481 1112  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
16:37:36.0481 1112  SkypeUpdate - ok
16:37:36.0512 1112  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:37:36.0512 1112  Smb - ok
16:37:36.0543 1112  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:37:36.0543 1112  SNMPTRAP - ok
16:37:36.0559 1112  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:37:36.0559 1112  spldr - ok
16:37:36.0590 1112  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
16:37:36.0606 1112  Spooler - ok
16:37:36.0699 1112  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
16:37:36.0715 1112  sppsvc - ok
16:37:36.0731 1112  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:37:36.0731 1112  sppuinotify - ok
16:37:36.0762 1112  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:37:36.0762 1112  srv - ok
16:37:36.0777 1112  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:37:36.0777 1112  srv2 - ok
16:37:36.0777 1112  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:37:36.0777 1112  srvnet - ok
16:37:36.0824 1112  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:37:36.0824 1112  SSDPSRV - ok
16:37:36.0824 1112  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:37:36.0824 1112  SstpSvc - ok
16:37:36.0840 1112  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
16:37:36.0840 1112  stexstor - ok
16:37:36.0871 1112  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
16:37:36.0871 1112  stisvc - ok
16:37:36.0918 1112  [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr        C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
16:37:36.0918 1112  stllssvr - ok
16:37:36.0933 1112  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:37:36.0933 1112  swenum - ok
16:37:36.0949 1112  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
16:37:36.0965 1112  swprv - ok
16:37:36.0996 1112  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
16:37:37.0011 1112  SysMain - ok
16:37:37.0011 1112  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:37:37.0027 1112  TabletInputService - ok
16:37:37.0043 1112  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:37:37.0043 1112  TapiSrv - ok
16:37:37.0058 1112  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
16:37:37.0058 1112  TBS - ok
16:37:37.0089 1112  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:37:37.0089 1112  Tcpip - ok
16:37:37.0136 1112  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:37:37.0136 1112  TCPIP6 - ok
16:37:37.0183 1112  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:37:37.0183 1112  tcpipreg - ok
16:37:37.0214 1112  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:37:37.0214 1112  TDPIPE - ok
16:37:37.0214 1112  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:37:37.0214 1112  TDTCP - ok
16:37:37.0245 1112  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:37:37.0245 1112  tdx - ok
16:37:37.0245 1112  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:37:37.0245 1112  TermDD - ok
16:37:37.0277 1112  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
16:37:37.0277 1112  TermService - ok
16:37:37.0292 1112  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
16:37:37.0292 1112  Themes - ok
16:37:37.0339 1112  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
16:37:37.0339 1112  THREADORDER - ok
16:37:37.0370 1112  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
16:37:37.0370 1112  TrkWks - ok
16:37:37.0417 1112  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:37:37.0417 1112  TrustedInstaller - ok
16:37:37.0433 1112  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:37:37.0433 1112  tssecsrv - ok
16:37:37.0448 1112  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:37:37.0448 1112  TsUsbFlt - ok
16:37:37.0448 1112  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
16:37:37.0448 1112  TsUsbGD - ok
16:37:37.0464 1112  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:37:37.0464 1112  tunnel - ok
16:37:37.0464 1112  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:37:37.0464 1112  uagp35 - ok
16:37:37.0495 1112  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:37:37.0495 1112  udfs - ok
16:37:37.0542 1112  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:37:37.0542 1112  UI0Detect - ok
16:37:37.0573 1112  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:37:37.0573 1112  uliagpkx - ok
16:37:37.0589 1112  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:37:37.0589 1112  umbus - ok
16:37:37.0604 1112  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
16:37:37.0604 1112  UmPass - ok
16:37:37.0635 1112  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
16:37:37.0635 1112  upnphost - ok
16:37:37.0667 1112  [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:37:37.0667 1112  usbccgp - ok
16:37:37.0682 1112  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:37:37.0682 1112  usbcir - ok
16:37:37.0682 1112  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:37:37.0682 1112  usbehci - ok
16:37:37.0698 1112  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:37:37.0698 1112  usbhub - ok
16:37:37.0713 1112  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
16:37:37.0713 1112  usbohci - ok
16:37:37.0745 1112  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:37:37.0745 1112  usbprint - ok
16:37:37.0745 1112  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:37:37.0745 1112  usbscan - ok
16:37:37.0760 1112  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:37:37.0760 1112  USBSTOR - ok
16:37:37.0791 1112  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
16:37:37.0807 1112  usbuhci - ok
16:37:37.0823 1112  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
16:37:37.0823 1112  UxSms - ok
16:37:37.0838 1112  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
16:37:37.0838 1112  VaultSvc - ok
16:37:37.0838 1112  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:37:37.0838 1112  vdrvroot - ok
16:37:37.0869 1112  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
16:37:37.0869 1112  vds - ok
16:37:37.0885 1112  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:37:37.0885 1112  vga - ok
16:37:37.0885 1112  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:37:37.0885 1112  VgaSave - ok
16:37:37.0901 1112  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:37:37.0916 1112  vhdmp - ok
16:37:37.0932 1112  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:37:37.0932 1112  viaide - ok
16:37:37.0979 1112  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:37:37.0979 1112  volmgr - ok
16:37:37.0994 1112  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:37:37.0994 1112  volmgrx - ok
16:37:37.0994 1112  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:37:38.0010 1112  volsnap - ok
16:37:38.0010 1112  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:37:38.0010 1112  vsmraid - ok
16:37:38.0057 1112  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
16:37:38.0057 1112  VSS - ok
16:37:38.0088 1112  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
16:37:38.0088 1112  vwifibus - ok
16:37:38.0088 1112  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
16:37:38.0088 1112  W32Time - ok
16:37:38.0119 1112  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
16:37:38.0119 1112  WacomPen - ok
16:37:38.0166 1112  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:37:38.0166 1112  WANARP - ok
16:37:38.0181 1112  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:37:38.0181 1112  Wanarpv6 - ok
16:37:38.0244 1112  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
16:37:38.0259 1112  WatAdminSvc - ok
16:37:38.0306 1112  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
16:37:38.0306 1112  wbengine - ok
16:37:38.0322 1112  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:37:38.0322 1112  WbioSrvc - ok
16:37:38.0322 1112  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:37:38.0322 1112  wcncsvc - ok
16:37:38.0337 1112  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:37:38.0337 1112  WcsPlugInService - ok
16:37:38.0337 1112  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
16:37:38.0337 1112  Wd - ok
16:37:38.0353 1112  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:37:38.0353 1112  Wdf01000 - ok
16:37:38.0369 1112  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:37:38.0369 1112  WdiServiceHost - ok
16:37:38.0369 1112  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:37:38.0369 1112  WdiSystemHost - ok
16:37:38.0384 1112  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
16:37:38.0384 1112  WebClient - ok
16:37:38.0400 1112  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:37:38.0400 1112  Wecsvc - ok
16:37:38.0415 1112  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:37:38.0415 1112  wercplsupport - ok
16:37:38.0447 1112  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:37:38.0447 1112  WerSvc - ok
16:37:38.0447 1112  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:37:38.0447 1112  WfpLwf - ok
16:37:38.0462 1112  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
16:37:38.0462 1112  WimFltr - ok
16:37:38.0462 1112  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:37:38.0462 1112  WIMMount - ok
16:37:38.0493 1112  WinDefend - ok
16:37:38.0509 1112  WinHttpAutoProxySvc - ok
16:37:38.0634 1112  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:37:38.0634 1112  Winmgmt - ok
16:37:38.0696 1112  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
16:37:38.0696 1112  WinRM - ok
16:37:38.0743 1112  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:37:38.0743 1112  WinUsb - ok
16:37:38.0774 1112  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:37:38.0790 1112  Wlansvc - ok
16:37:38.0883 1112  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:37:38.0883 1112  wlcrasvc - ok
16:37:38.0946 1112  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:37:38.0961 1112  wlidsvc - ok
16:37:38.0977 1112  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:37:38.0977 1112  WmiAcpi - ok
16:37:39.0039 1112  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:37:39.0039 1112  wmiApSrv - ok
16:37:39.0086 1112  WMPNetworkSvc - ok
16:37:39.0102 1112  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:37:39.0102 1112  WPCSvc - ok
16:37:39.0117 1112  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:37:39.0117 1112  WPDBusEnum - ok
16:37:39.0117 1112  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:37:39.0117 1112  ws2ifsl - ok
16:37:39.0133 1112  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
16:37:39.0133 1112  wscsvc - ok
16:37:39.0133 1112  WSearch - ok
16:37:39.0227 1112  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:37:39.0242 1112  wuauserv - ok
16:37:39.0242 1112  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:37:39.0258 1112  WudfPf - ok
16:37:39.0289 1112  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:37:39.0289 1112  WUDFRd - ok
16:37:39.0305 1112  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:37:39.0305 1112  wudfsvc - ok
16:37:39.0320 1112  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:37:39.0320 1112  WwanSvc - ok
16:37:39.0351 1112  ================ Scan global ===============================
16:37:39.0383 1112  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:37:39.0414 1112  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:37:39.0429 1112  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:37:39.0461 1112  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:37:39.0492 1112  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:37:39.0492 1112  [Global] - ok
16:37:39.0492 1112  ================ Scan MBR ==================================
16:37:39.0507 1112  [ E9F67288208D53EF770F82E186904857 ] \Device\Harddisk0\DR0
16:37:39.0507 1112  Suspicious mbr (Forged): \Device\Harddisk0\DR0
16:37:39.0570 1112  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
16:37:39.0570 1112  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
16:37:39.0585 1112  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR6
16:37:39.0617 1112  \Device\Harddisk1\DR6 - ok
16:37:39.0617 1112  ================ Scan VBR ==================================
16:37:39.0617 1112  [ 48B6117C7F26157025F0FF64655D8BA2 ] \Device\Harddisk0\DR0\Partition1
16:37:39.0617 1112  \Device\Harddisk0\DR0\Partition1 - ok
16:37:39.0632 1112  [ 50EB1C30B265B8C26CB6601CDC1952CA ] \Device\Harddisk0\DR0\Partition2
16:37:39.0632 1112  \Device\Harddisk0\DR0\Partition2 - ok
16:37:39.0648 1112  [ A8D416036FDA41553E92920A2BA89FE2 ] \Device\Harddisk1\DR6\Partition1
16:37:39.0648 1112  \Device\Harddisk1\DR6\Partition1 - ok
16:37:39.0648 1112  ============================================================
16:37:39.0648 1112  Scan finished
16:37:39.0648 1112  ============================================================
16:37:39.0648 1148  Detected object count: 1
16:37:39.0648 1148  Actual detected object count: 1
16:37:52.0424 1148  \Device\Harddisk0\DR0\# - copied to quarantine
16:37:52.0424 1148  \Device\Harddisk0\DR0 - copied to quarantine
16:37:52.0471 1148  \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
16:37:52.0471 1148  \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
16:37:52.0471 1148  \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
16:37:52.0487 1148  \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
16:37:52.0487 1148  \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
16:37:52.0502 1148  \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
16:37:52.0502 1148  \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
16:37:52.0502 1148  \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
16:37:52.0502 1148  \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
16:37:52.0502 1148  \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
16:37:52.0502 1148  \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
16:37:52.0518 1148  \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
16:37:52.0518 1148  \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
16:37:52.0518 1148  \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
16:37:52.0518 1148  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
16:37:52.0518 1148  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
16:37:52.0518 1148  \Device\Harddisk0\DR0 - ok
16:37:52.0549 1148  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 
16:38:12.0767 2720  Deinitialize success

 

[Will]

Hi jackel,

Before you follow these instructions, please make sure you have backed up all important files on the infected PC. If there is anything on the PC that you can't live without, now is the time to save it somewhere else.

You will need to transfer the following tool over to the infected computer. Please ensure that you save the tool onto your Desktop, and do not try and run it from a flash drive.

---------------------------------------------------------------------------------------------

**Read through these instructions in their entirety BEFORE executing them.** If you have any questions or are unsure about any of the following instructions PLEASE ASK for clarification before continuing. You may want to copy this page to notepad or print it as it will not be available while you run ComboFix.

1. Download ComboFix from the following location:
   
   Link 1
   
   * IMPORTANT !!! Place combofix.exe on your Desktop
   
2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
   
3. Double click on combofix.exe & follow the prompts.
   
   
4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
   
   
5. When finished, it shall produce a log for you. Post that log in your next reply
   
   
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
   
   ---------------------------------------------------------------------------------------------
   
   
6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
   
   ---------------------------------------------------------------------------------------------

 

[jackel]

Here is the log

ComboFix 13-04-15.01 - Home Office 04/16/2013  17:25:13.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5887.4899 [GMT -5:00]
Running from: E:\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6032\AddOnDownloaded\07287f2e-4f82-4848-8132-7055ef322318.dll
c:\programdata\PCDr\6032\AddOnDownloaded\330761e0-2594-472d-8455-796592cf88dc.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3d9332d1-0b48-40cc-9189-068cf64600b6.dll
c:\users\Public\desktop(14402).ini
c:\windows\svchost.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-16 to 2013-04-16  )))))))))))))))))))))))))))))))
.
.
2013-04-16 22:28 . 2013-04-16 22:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-16 22:28 . 2013-04-16 22:28 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-04-16 21:37 . 2013-04-16 21:37 -------- d-----w- C:\TDSSKiller_Quarantine
2013-04-16 19:30 . 2013-04-16 19:30 -------- d-----w- c:\users\Home Office\AppData\Roaming\PCDr
2013-04-16 19:30 . 2013-04-16 19:30 -------- d-----w- c:\programdata\VirtualizedApplications
2013-04-16 19:26 . 2013-04-16 19:26 -------- d-----w- c:\users\Home Office\AppData\Roaming\HpUpdate
2013-04-16 19:21 . 2013-04-16 19:21 -------- d-----w- c:\users\Home Office\AppData\Roaming\Roxio
2013-04-16 17:37 . 2013-04-16 17:37 -------- d-----w- c:\users\Home Office\AppData\Roaming\Malwarebytes
2013-04-16 17:37 . 2013-04-16 17:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-16 17:37 . 2013-04-16 17:37 -------- d-----w- c:\programdata\Malwarebytes
2013-04-16 17:37 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-16 17:36 . 2013-04-16 17:36 -------- d-----w- c:\users\Home Office\AppData\Local\Programs
2013-04-16 16:40 . 2013-04-16 19:23 -------- d-----w- C:\FRST
2013-04-16 03:16 . 2013-04-16 03:16 -------- d-----w- c:\users\Home Office\AppData\Local\SoftThinks
2013-04-16 03:07 . 2013-04-16 03:07 -------- d-----w- c:\users\Home Office\AppData\Roaming\ATI
2013-04-16 03:07 . 2013-04-16 03:07 -------- d-----w- c:\users\Home Office\AppData\Local\ATI
2013-04-16 03:06 . 2013-04-16 03:06 -------- d-----w- c:\users\Home Office\AppData\Roaming\Fingertapps
2013-04-16 03:06 . 2013-04-16 03:06 -------- d-----w- c:\users\Home Office\AppData\Roaming\Dell
2013-04-16 03:06 . 2013-04-16 03:06 -------- d-----w- c:\users\Home Office\AppData\Local\blekkotb
2013-04-16 03:06 . 2013-04-16 03:06 -------- d-----w- c:\users\Home Office\AppData\Roaming\Dell Touch Zone
2013-04-16 02:54 . 2013-04-16 02:54 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2013-04-12 00:41 . 2013-04-16 02:26 -------- d-----w- C:\Emergency
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-16 08:10 . 2011-10-06 03:14 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-16 08:07 . 2013-03-16 08:07 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-16 08:07 . 2013-03-16 08:07 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-16 08:07 . 2013-03-16 08:07 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-03-16 08:07 . 2013-03-16 08:07 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-16 08:07 . 2013-03-16 08:07 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-16 08:07 . 2013-03-16 08:07 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-16 08:07 . 2013-03-16 08:07 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-03-16 08:07 . 2013-03-16 08:07 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-16 08:07 . 2013-03-16 08:07 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-16 08:07 . 2013-03-16 08:07 1766912 ----a-w- c:\windows\SysWow64\wininet.dll
2013-03-16 08:07 . 2013-03-16 08:07 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-16 08:07 . 2013-03-16 08:07 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-16 08:07 . 2013-03-16 08:07 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-16 08:07 . 2013-03-16 08:07 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-16 08:07 . 2013-03-16 08:07 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-16 08:07 . 2013-03-16 08:07 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-16 08:07 . 2013-03-16 08:07 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-16 08:07 . 2013-03-16 08:07 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-03-16 08:07 . 2013-03-16 08:07 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-16 08:07 . 2013-03-16 08:07 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-16 08:07 . 2013-03-16 08:07 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-16 08:07 . 2013-03-16 08:07 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-03-16 08:07 . 2013-03-16 08:07 855552 ----a-w- c:\windows\system32\jscript.dll
2013-03-16 08:07 . 2013-03-16 08:07 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-16 08:07 . 2013-03-16 08:07 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-16 08:07 . 2013-03-16 08:07 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-16 08:07 . 2013-03-16 08:07 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-03-16 08:07 . 2013-03-16 08:07 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-16 08:07 . 2013-03-16 08:07 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-16 08:07 . 2013-03-16 08:07 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-03-16 08:07 . 2013-03-16 08:07 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-03-16 08:07 . 2013-03-16 08:07 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-16 08:07 . 2013-03-16 08:07 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-03-16 08:07 . 2013-03-16 08:07 526848 ----a-w- c:\windows\system32\ieui.dll
2013-03-16 08:07 . 2013-03-16 08:07 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-16 08:07 . 2013-03-16 08:07 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-03-16 08:07 . 2013-03-16 08:07 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-16 08:07 . 2013-03-16 08:07 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-16 08:07 . 2013-03-16 08:07 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-16 08:07 . 2013-03-16 08:07 441856 ----a-w- c:\windows\system32\html.iec
2013-03-16 08:07 . 2013-03-16 08:07 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-03-16 08:07 . 2013-03-16 08:07 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-03-16 08:07 . 2013-03-16 08:07 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-16 08:07 . 2013-03-16 08:07 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-03-16 08:07 . 2013-03-16 08:07 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-16 08:07 . 2013-03-16 08:07 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-16 08:07 . 2013-03-16 08:07 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-16 08:07 . 2013-03-16 08:07 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-03-16 08:07 . 2013-03-16 08:07 2647552 ----a-w- c:\windows\system32\iertutil.dll
2013-03-16 08:07 . 2013-03-16 08:07 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-16 08:07 . 2013-03-16 08:07 235008 ----a-w- c:\windows\system32\url.dll
2013-03-16 08:07 . 2013-03-16 08:07 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-16 08:07 . 2013-03-16 08:07 2240512 ----a-w- c:\windows\system32\wininet.dll
2013-03-16 08:07 . 2013-03-16 08:07 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-16 08:07 . 2013-03-16 08:07 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-16 08:07 . 2013-03-16 08:07 19221504 ----a-w- c:\windows\system32\mshtml.dll
2013-03-16 08:07 . 2013-03-16 08:07 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-16 08:07 . 2013-03-16 08:07 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-16 08:07 . 2013-03-16 08:07 15407616 ----a-w- c:\windows\system32\ieframe.dll
2013-03-16 08:07 . 2013-03-16 08:07 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-16 08:07 . 2013-03-16 08:07 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-16 08:07 . 2013-03-16 08:07 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-16 08:07 . 2013-03-16 08:07 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-16 08:07 . 2013-03-16 08:07 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-16 08:07 . 2013-03-16 08:07 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-16 08:07 . 2013-03-16 08:07 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-03-16 08:07 . 2013-03-16 08:07 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-03-16 08:07 . 2013-03-16 08:07 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-16 08:07 . 2013-03-16 08:07 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-16 08:07 . 2013-03-16 08:07 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-16 08:07 . 2013-03-16 08:07 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-16 08:06 . 2013-03-16 08:06 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-16 08:06 . 2013-03-16 08:06 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-16 08:06 . 2013-03-16 08:06 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-19 19:59 . 2011-03-13 16:20 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-02-19 19:56 . 2011-03-13 16:20 340216 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-02-19 19:56 . 2011-08-31 03:48 182752 ----a-w- c:\windows\system32\mfevtps.exe
2013-02-19 19:55 . 2011-08-31 03:49 10728 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2013-02-19 19:55 . 2011-03-13 16:20 106552 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2013-02-19 19:54 . 2011-03-13 16:20 771536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-02-19 19:53 . 2011-03-13 16:20 515968 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-02-19 19:53 . 2011-03-13 16:20 309840 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-02-19 19:52 . 2011-03-13 16:20 179280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-02-12 05:45 . 2013-03-15 08:02 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-15 08:02 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-15 08:02 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 05:45 . 2013-03-15 08:02 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 04:48 . 2013-03-15 08:02 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-15 08:02 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-15 08:02 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-07 02:33 1519304 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{edb8602e-fa77-4d58-ab9f-97ac1f6ee12f}]
2012-04-17 20:38 85288 ----a-w- c:\program files (x86)\querius_001\querius_001X.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{edb8602e-fa77-4d58-ab9f-97ac1f6ee12f}"= "c:\program files (x86)\querius_001\querius_001X.dll" [2012-04-17 85288]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{edb8602e-fa77-4d58-ab9f-97ac1f6ee12f}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-15 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-15 1534504]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-03-01 232616]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-07 1564872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"49A23EA9-B6D3-48B9-92D6-74A53A3C3FC1"="start" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2011-11-21 247968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0121311364716903mcinstcleanup;McAfee Application Installer Cleanup (0121311364716903);c:\windows\TEMP\012131~1.EXE [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-15 202752]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 106552]
R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-08-17 25584]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-08 1255736]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 340216]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);c:\windows\system32\Drivers\NEOFLTR_650_15991.SYS [2010-06-08 100472]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 218760]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 182752]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 70112]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 515968]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 23564810
*Deregistered* - 23564810
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-10 8321568]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-23564810.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
   eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
   0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
"{EDB8602E-FA77-4D58-AB9F-97AC1F6EE12F}"=hex:51,66,7a,6c,4c,1d,38,12,40,63,ab,
   e9,45,b4,36,08,d4,89,d4,ec,1a,30,a5,3b
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
   06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
   07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
   79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
   b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
   f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
   fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
   51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a3,d9,0f,f4,47,af,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-16  17:30:00
ComboFix-quarantined-files.txt  2013-04-16 22:29
.
Pre-Run: 928,719,306,752 bytes free
Post-Run: 928,462,020,608 bytes free
.
- - End Of File - - C2056C815B84067F7A3CC404E5334F5D

 

[Will]

Hi jackel,

I'll look over the log and get back to you with further instructions. In the mean time are you able to access Normal Mode at all? Does the computer still crash when plugging in an Ethernet cable?

 

[jackel]

Will, The machine takes forever to load I suspect this is a dell issue. Yes the machine stays on.

 

[Will]

Hi jackel,

Could you be more specific. Are you able to log into Normal Mode, or does it freeze and not allow you to log in? You're now able to access the internet on the infected computer?

If you're able to access Normal Mode, please log in and run Combofix again, this may take some time to complete. Attach the log as before.

 

[jackel]

Yes I am able to access the internet in normal mode. It still freezes somewhat but it does not turn off or give a bsod. there is no log-in problem. Combofix finished running but has yet to show the report. It has been like this for almost 10 min

 

[Will]

Okay great, we're making progress. What message is Combofix displaying?

 

[jackel]

Here is the log. It finally finished

ComboFix 13-04-15.01 - Home Office 04/16/2013  18:11:07.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5887.4700 [GMT -5:00]
Running from: E:\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-16 to 2013-04-16  )))))))))))))))))))))))))))))))
.
.
2013-04-16 23:21 . 2013-04-16 23:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-16 23:21 . 2013-04-16 23:21 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-04-16 22:58 . 2013-04-16 22:58 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-16 22:56 . 2013-02-21 10:14 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-04-16 22:56 . 2013-02-21 10:14 19230208 ----a-w- c:\windows\system32\mshtml.dll
2013-04-16 21:37 . 2013-04-16 21:37 -------- d-----w- C:\TDSSKiller_Quarantine
2013-04-16 19:30 . 2013-04-16 19:30 -------- d-----w- c:\users\Home Office\AppData\Roaming\PCDr
2013-04-16 19:30 . 2013-04-16 22:57 -------- d-----w- c:\programdata\VirtualizedApplications
2013-04-16 19:26 . 2013-04-16 19:26 -------- d-----w- c:\users\Home Office\AppData\Roaming\HpUpdate
2013-04-16 19:21 . 2013-04-16 19:21 -------- d-----w- c:\users\Home Office\AppData\Roaming\Roxio
2013-04-16 17:37 . 2013-04-16 17:37 -------- d-----w- c:\users\Home Office\AppData\Roaming\Malwarebytes
2013-04-16 17:37 . 2013-04-16 17:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-16 17:37 . 2013-04-16 17:37 -------- d-----w- c:\programdata\Malwarebytes
2013-04-16 17:37 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-16 17:36 . 2013-04-16 17:36 -------- d-----w- c:\users\Home Office\AppData\Local\Programs
2013-04-16 16:40 . 2013-04-16 19:23 -------- d-----w- C:\FRST
2013-04-16 03:16 . 2013-04-16 03:16 -------- d-----w- c:\users\Home Office\AppData\Local\SoftThinks
2013-04-16 03:07 . 2013-04-16 03:07 -------- d-----w- c:\users\Home Office\AppData\Roaming\ATI
2013-04-16 03:07 . 2013-04-16 03:07 -------- d-----w- c:\users\Home Office\AppData\Local\ATI
2013-04-16 03:06 . 2013-04-16 03:06 -------- d-----w- c:\users\Home Office\AppData\Roaming\Fingertapps
2013-04-16 03:06 . 2013-04-16 03:06 -------- d-----w- c:\users\Home Office\AppData\Roaming\Dell
2013-04-16 03:06 . 2013-04-16 22:50 -------- d-----w- c:\users\Home Office\AppData\Local\blekkotb
2013-04-16 03:06 . 2013-04-16 03:06 -------- d-----w- c:\users\Home Office\AppData\Roaming\Dell Touch Zone
2013-04-16 02:54 . 2013-04-16 02:54 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2013-04-12 00:41 . 2013-04-16 02:26 -------- d-----w- C:\Emergency
2013-03-31 23:32 . 2013-03-31 23:32 82600 ----a-w- c:\windows\system32\drivers\amd_sata.sys
2013-03-31 23:32 . 2013-03-31 23:32 42664 ----a-w- c:\windows\system32\drivers\amd_xata.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-16 22:59 . 2011-10-06 03:14 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-16 22:57 . 2011-08-31 03:16 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-16 08:07 . 2013-03-16 08:07 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-16 08:07 . 2013-03-16 08:07 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-16 08:07 . 2013-03-16 08:07 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-16 08:07 . 2013-03-16 08:07 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-16 08:07 . 2013-03-16 08:07 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-16 08:07 . 2013-03-16 08:07 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-16 08:07 . 2013-03-16 08:07 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-16 08:07 . 2013-03-16 08:07 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-16 08:07 . 2013-03-16 08:07 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-16 08:07 . 2013-03-16 08:07 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-16 08:07 . 2013-03-16 08:07 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-16 08:07 . 2013-03-16 08:07 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-16 08:07 . 2013-03-16 08:07 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-16 08:07 . 2013-03-16 08:07 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-16 08:07 . 2013-03-16 08:07 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-16 08:07 . 2013-03-16 08:07 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-16 08:07 . 2013-03-16 08:07 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-16 08:07 . 2013-03-16 08:07 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-16 08:07 . 2013-03-16 08:07 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-16 08:07 . 2013-03-16 08:07 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-16 08:07 . 2013-03-16 08:07 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-16 08:07 . 2013-03-16 08:07 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-16 08:07 . 2013-03-16 08:07 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-16 08:07 . 2013-03-16 08:07 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-16 08:07 . 2013-03-16 08:07 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-16 08:07 . 2013-03-16 08:07 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-16 08:07 . 2013-03-16 08:07 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-16 08:07 . 2013-03-16 08:07 441856 ----a-w- c:\windows\system32\html.iec
2013-03-16 08:07 . 2013-03-16 08:07 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-16 08:07 . 2013-03-16 08:07 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-16 08:07 . 2013-03-16 08:07 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-16 08:07 . 2013-03-16 08:07 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-16 08:07 . 2013-03-16 08:07 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-16 08:07 . 2013-03-16 08:07 235008 ----a-w- c:\windows\system32\url.dll
2013-03-16 08:07 . 2013-03-16 08:07 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-16 08:07 . 2013-03-16 08:07 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-16 08:07 . 2013-03-16 08:07 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-16 08:07 . 2013-03-16 08:07 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-16 08:07 . 2013-03-16 08:07 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-16 08:07 . 2013-03-16 08:07 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-16 08:07 . 2013-03-16 08:07 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-16 08:07 . 2013-03-16 08:07 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-16 08:07 . 2013-03-16 08:07 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-16 08:07 . 2013-03-16 08:07 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-16 08:07 . 2013-03-16 08:07 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-16 08:07 . 2013-03-16 08:07 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-16 08:07 . 2013-03-16 08:07 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-16 08:07 . 2013-03-16 08:07 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-16 08:07 . 2013-03-16 08:07 102912 ----a-w- c:\windows\system32\inseng.dll
2013-02-19 19:59 . 2011-03-13 16:20 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-02-19 19:56 . 2011-03-13 16:20 340216 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-02-19 19:56 . 2011-08-31 03:48 182752 ----a-w- c:\windows\system32\mfevtps.exe
2013-02-19 19:55 . 2011-08-31 03:49 10728 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2013-02-19 19:55 . 2011-03-13 16:20 106552 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2013-02-19 19:54 . 2011-03-13 16:20 771536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-02-19 19:53 . 2011-03-13 16:20 515968 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-02-19 19:53 . 2011-03-13 16:20 309840 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-02-19 19:52 . 2011-03-13 16:20 179280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-02-12 05:45 . 2013-03-15 08:02 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-15 08:02 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-15 08:02 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 05:45 . 2013-03-15 08:02 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 04:48 . 2013-03-15 08:02 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-15 08:02 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-15 08:02 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-07 02:33 1519304 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{edb8602e-fa77-4d58-ab9f-97ac1f6ee12f}]
2012-04-17 20:38 85288 ----a-w- c:\program files (x86)\querius_001\querius_001X.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{edb8602e-fa77-4d58-ab9f-97ac1f6ee12f}"= "c:\program files (x86)\querius_001\querius_001X.dll" [2012-04-17 85288]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{edb8602e-fa77-4d58-ab9f-97ac1f6ee12f}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-15 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-15 1534504]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-03-01 232616]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-07 1564872]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2011-11-21 247968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0121311364716903mcinstcleanup;McAfee Application Installer Cleanup (0121311364716903);c:\windows\TEMP\012131~1.EXE [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 106552]
R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-08-17 25584]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-08 1255736]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2013-03-31 82600]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2013-03-31 42664]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 340216]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);c:\windows\system32\Drivers\NEOFLTR_650_15991.SYS [2010-06-08 100472]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 218760]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 182752]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 70112]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 515968]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-10 8321568]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
   eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
   0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
"{EDB8602E-FA77-4D58-AB9F-97AC1F6EE12F}"=hex:51,66,7a,6c,4c,1d,38,12,40,63,ab,
   e9,45,b4,36,08,d4,89,d4,ec,1a,30,a5,3b
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
   06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
   07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
   79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
   b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
   f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
   fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
   51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a3,d9,0f,f4,47,af,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-16  18:39:37
ComboFix-quarantined-files.txt  2013-04-16 23:39
ComboFix2.txt  2013-04-16 22:30
.
Pre-Run: 927,362,535,424 bytes free
Post-Run: 927,632,396,288 bytes free
.
- - End Of File - - 4DD362A242CBF52654CBBEE606A241C6

 

[Will]

Hi jackel,

That's great. Please run SystemLook as instructed below.

Please download SystemLook from the link below and save it to your Desktop.
Download Mirror #1

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  

  :filefind
  winlogon.exe
  services.exe
  volsnap.sys

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found at on your Desktop entitled SystemLook.txt

 

[jackel]

Here is the syslook log

SystemLook 27.08.10 by jpshortstuff
Log created at 19:17 on 16/04/2013 by Home Office
Administrator - Elevation successful
========== filefind ==========
Searching for "winlogon.exe"
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe --a---- 218184 bytes [17:37 16/04/2013] [19:50 04/04/2013] B4C6E3889BB310CA7E974A04EC6E46AC
C:\WINDOWS\erdnt\cache64\winlogon.exe --a---- 390656 bytes [22:28 16/04/2013] [03:24 21/11/2010] 1151B1BAA6F350B1DB6598E0FEA7C457
C:\WINDOWS\System32\winlogon.exe --a---- 390656 bytes [03:24 21/11/2010] [03:24 21/11/2010] 1151B1BAA6F350B1DB6598E0FEA7C457
C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe --a---- 390656 bytes [03:24 21/11/2010] [03:24 21/11/2010] 1151B1BAA6F350B1DB6598E0FEA7C457
Searching for "services.exe"
C:\WINDOWS\erdnt\cache64\services.exe --a---- 328704 bytes [22:28 16/04/2013] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\WINDOWS\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
Searching for "volsnap.sys"
C:\WINDOWS\System32\drivers\volsnap.sys --a---- 295808 bytes [03:23 21/11/2010] [03:23 21/11/2010] 0D08D2F3B3FF84E433346669B5E0F639
C:\WINDOWS\System32\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys --a---- 295808 bytes [03:23 21/11/2010] [03:23 21/11/2010] 0D08D2F3B3FF84E433346669B5E0F639
C:\WINDOWS\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys --a---- 295808 bytes [03:23 21/11/2010] [03:23 21/11/2010] 0D08D2F3B3FF84E433346669B5E0F639
-= EOF =-

 

[Will]

Hi jackel,

It looks like most the malware is off the system now, but I'd like to get to the bottom of the log on issues. Please follow the instructions in the tutorial linked below to run Startup Repair. I know you've already run this once, but for the sake of completeness please complete the tutorial three times as instructed.

Startup Repair in Windows Vista or Windows 7

Make sure you've run Startup Repair three times. Once you've done so, post back here and report how the computer is now behaving. We'll the run some additional scans to get rid of any malware remnants still on the machine.

 

[jackel]

Hello Will
I was on the phone with dell for more than an hour trying to fix a software issue but still did not fix it. but I ran TDSSkiller.ext and it found 0 threats

14:22:28.0571 2684  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:22:29.0475 2684  ============================================================
14:22:29.0475 2684  Current date / time: 2013/04/17 14:22:29.0475
14:22:29.0475 2684  SystemInfo:
14:22:29.0475 2684  
14:22:29.0475 2684  OS Version: 6.1.7601 ServicePack: 1.0
14:22:29.0475 2684  Product type: Workstation
14:22:29.0475 2684  ComputerName: HOMEOFFICE-PC
14:22:29.0475 2684  UserName: Home Office
14:22:29.0475 2684  Windows directory: C:\Windows
14:22:29.0475 2684  System windows directory: C:\Windows
14:22:29.0475 2684  Running under WOW64
14:22:29.0475 2684  Processor architecture: Intel x64
14:22:29.0475 2684  Number of processors: 4
14:22:29.0475 2684  Page size: 0x1000
14:22:29.0475 2684  Boot type: Normal boot
14:22:29.0475 2684  ============================================================
14:22:29.0865 2684  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:22:29.0897 2684  Drive \Device\Harddisk5\DR5 - Size: 0x74C00000 (1.82 Gb), SectorSize: 0x200, Cylinders: 0xEE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:22:29.0897 2684  ============================================================
14:22:29.0897 2684  \Device\Harddisk0\DR0:
14:22:29.0897 2684  MBR partitions:
14:22:29.0897 2684  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D9F000
14:22:29.0897 2684  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1DB3000, BlocksNum 0x72953000
14:22:29.0897 2684  \Device\Harddisk5\DR5:
14:22:29.0897 2684  MBR partitions:
14:22:29.0897 2684  \Device\Harddisk5\DR5\Partition1: MBR, Type 0x6, StartLBA 0x3E, BlocksNum 0x3A57B4
14:22:29.0897 2684  ============================================================
14:22:29.0912 2684  C: <-> \Device\Harddisk0\DR0\Partition2
14:22:29.0912 2684  ============================================================
14:22:29.0912 2684  Initialize success
14:22:29.0912 2684  ============================================================
14:22:31.0659 0520  ============================================================
14:22:31.0659 0520  Scan started
14:22:31.0659 0520  Mode: Manual; 
14:22:31.0659 0520  ============================================================
14:22:31.0862 0520  ================ Scan system memory ========================
14:22:31.0862 0520  System memory - ok
14:22:31.0862 0520  ================ Scan services =============================
14:22:31.0925 0520  0121311364716903mcinstcleanup - ok
14:22:32.0065 0520  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:22:32.0065 0520  1394ohci - ok
14:22:32.0096 0520  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:22:32.0096 0520  ACPI - ok
14:22:32.0112 0520  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:22:32.0112 0520  AcpiPmi - ok
14:22:32.0190 0520  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:22:32.0205 0520  AdobeARMservice - ok
14:22:32.0221 0520  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:22:32.0237 0520  adp94xx - ok
14:22:32.0252 0520  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:22:32.0252 0520  adpahci - ok
14:22:32.0252 0520  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:22:32.0252 0520  adpu320 - ok
14:22:32.0283 0520  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:22:32.0283 0520  AeLookupSvc - ok
14:22:32.0299 0520  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
14:22:32.0299 0520  AFD - ok
14:22:32.0315 0520  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:22:32.0315 0520  agp440 - ok
14:22:32.0330 0520  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
14:22:32.0330 0520  ALG - ok
14:22:32.0346 0520  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:22:32.0346 0520  aliide - ok
14:22:32.0377 0520  [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:22:32.0377 0520  AMD External Events Utility - ok
14:22:32.0393 0520  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
14:22:32.0393 0520  amdide - ok
14:22:32.0408 0520  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
14:22:32.0408 0520  AmdK8 - ok
14:22:32.0564 0520  [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
14:22:32.0611 0520  amdkmdag - ok
14:22:32.0627 0520  [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
14:22:32.0642 0520  amdkmdap - ok
14:22:32.0642 0520  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
14:22:32.0642 0520  AmdPPM - ok
14:22:32.0673 0520  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:22:32.0673 0520  amdsata - ok
14:22:32.0673 0520  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
14:22:32.0673 0520  amdsbs - ok
14:22:32.0689 0520  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:22:32.0689 0520  amdxata - ok
14:22:32.0720 0520  [ 352476C98EF3952563A14F767491BBA9 ] amd_sata        C:\Windows\system32\DRIVERS\amd_sata.sys
14:22:32.0720 0520  amd_sata - ok
14:22:32.0720 0520  [ F4805C309FE48D6939147FE5CCDB1AD4 ] amd_xata        C:\Windows\system32\DRIVERS\amd_xata.sys
14:22:32.0720 0520  amd_xata - ok
14:22:32.0736 0520  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
14:22:32.0736 0520  AppID - ok
14:22:32.0783 0520  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:22:32.0783 0520  AppIDSvc - ok
14:22:32.0798 0520  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
14:22:32.0798 0520  Appinfo - ok
14:22:32.0814 0520  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
14:22:32.0814 0520  arc - ok
14:22:32.0829 0520  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:22:32.0829 0520  arcsas - ok
14:22:32.0892 0520  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:22:32.0892 0520  aspnet_state - ok
14:22:32.0907 0520  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:22:32.0907 0520  AsyncMac - ok
14:22:32.0923 0520  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
14:22:32.0923 0520  atapi - ok
14:22:32.0954 0520  [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
14:22:32.0954 0520  AtiHdmiService - ok
14:22:33.0079 0520  [ 60216B0E704584DE6D5A9F59E9C34C47 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
14:22:33.0126 0520  atikmdag - ok
14:22:33.0173 0520  [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie         C:\Windows\system32\drivers\AtiPcie.sys
14:22:33.0173 0520  AtiPcie - ok
14:22:33.0188 0520  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:22:33.0204 0520  AudioEndpointBuilder - ok
14:22:33.0219 0520  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:22:33.0219 0520  AudioSrv - ok
14:22:33.0235 0520  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:22:33.0235 0520  AxInstSV - ok
14:22:33.0266 0520  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
14:22:33.0266 0520  b06bdrv - ok
14:22:33.0313 0520  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:22:33.0313 0520  b57nd60a - ok
14:22:33.0407 0520  [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
14:22:33.0407 0520  BBSvc - ok
14:22:33.0422 0520  [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
14:22:33.0438 0520  BBUpdate - ok
14:22:33.0469 0520  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:22:33.0469 0520  BDESVC - ok
14:22:33.0485 0520  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:22:33.0485 0520  Beep - ok
14:22:33.0531 0520  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
14:22:33.0531 0520  BFE - ok
14:22:33.0563 0520  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
14:22:33.0578 0520  BITS - ok
14:22:33.0609 0520  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:22:33.0609 0520  blbdrive - ok
14:22:33.0625 0520  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:22:33.0625 0520  bowser - ok
14:22:33.0641 0520  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
14:22:33.0641 0520  BrFiltLo - ok
14:22:33.0641 0520  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
14:22:33.0641 0520  BrFiltUp - ok
14:22:33.0641 0520  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
14:22:33.0641 0520  BridgeMP - ok
14:22:33.0656 0520  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
14:22:33.0656 0520  Browser - ok
14:22:33.0656 0520  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:22:33.0656 0520  Brserid - ok
14:22:33.0672 0520  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:22:33.0672 0520  BrSerWdm - ok
14:22:33.0672 0520  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:22:33.0672 0520  BrUsbMdm - ok
14:22:33.0672 0520  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:22:33.0687 0520  BrUsbSer - ok
14:22:33.0687 0520  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:22:33.0687 0520  BTHMODEM - ok
14:22:33.0703 0520  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
14:22:33.0703 0520  bthserv - ok
14:22:33.0703 0520  catchme - ok
14:22:33.0719 0520  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:22:33.0719 0520  cdfs - ok
14:22:33.0719 0520  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:22:33.0719 0520  cdrom - ok
14:22:33.0750 0520  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
14:22:33.0750 0520  CertPropSvc - ok
14:22:33.0765 0520  [ D2B3252AD4EB499C935A56467997AA3C ] cfwids          C:\Windows\system32\drivers\cfwids.sys
14:22:33.0765 0520  cfwids - ok
14:22:33.0781 0520  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
14:22:33.0781 0520  circlass - ok
14:22:33.0797 0520  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
14:22:33.0797 0520  CLFS - ok
14:22:33.0859 0520  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:22:33.0859 0520  clr_optimization_v2.0.50727_32 - ok
14:22:33.0906 0520  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:22:33.0906 0520  clr_optimization_v2.0.50727_64 - ok
14:22:33.0968 0520  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:22:33.0968 0520  clr_optimization_v4.0.30319_32 - ok
14:22:33.0999 0520  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:22:34.0015 0520  clr_optimization_v4.0.30319_64 - ok
14:22:34.0015 0520  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
14:22:34.0031 0520  CmBatt - ok
14:22:34.0031 0520  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:22:34.0031 0520  cmdide - ok
14:22:34.0046 0520  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
14:22:34.0046 0520  CNG - ok
14:22:34.0062 0520  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
14:22:34.0062 0520  Compbatt - ok
14:22:34.0077 0520  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
14:22:34.0077 0520  CompositeBus - ok
14:22:34.0093 0520  COMSysApp - ok
14:22:34.0109 0520  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:22:34.0109 0520  crcdisk - ok
14:22:34.0140 0520  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:22:34.0140 0520  CryptSvc - ok
14:22:34.0218 0520  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
14:22:34.0233 0520  cvhsvc - ok
14:22:34.0265 0520  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:22:34.0280 0520  DcomLaunch - ok
14:22:34.0311 0520  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
14:22:34.0311 0520  defragsvc - ok
14:22:34.0343 0520  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:22:34.0343 0520  DfsC - ok
14:22:34.0374 0520  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:22:34.0374 0520  Dhcp - ok
14:22:34.0389 0520  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
14:22:34.0389 0520  discache - ok
14:22:34.0389 0520  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
14:22:34.0389 0520  Disk - ok
14:22:34.0405 0520  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:22:34.0405 0520  Dnscache - ok
14:22:34.0421 0520  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:22:34.0421 0520  dot3svc - ok
14:22:34.0467 0520  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
14:22:34.0467 0520  Dot4 - ok
14:22:34.0499 0520  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:22:34.0499 0520  Dot4Print - ok
14:22:34.0514 0520  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
14:22:34.0514 0520  dot4usb - ok
14:22:34.0530 0520  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
14:22:34.0530 0520  DPS - ok
14:22:34.0530 0520  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:22:34.0530 0520  drmkaud - ok
14:22:34.0545 0520  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:22:34.0545 0520  DXGKrnl - ok
14:22:34.0577 0520  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
14:22:34.0577 0520  EapHost - ok
14:22:34.0655 0520  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
14:22:34.0717 0520  ebdrv - ok
14:22:34.0748 0520  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
14:22:34.0748 0520  EFS - ok
14:22:34.0811 0520  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:22:34.0811 0520  ehRecvr - ok
14:22:34.0842 0520  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
14:22:34.0842 0520  ehSched - ok
14:22:34.0873 0520  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:22:34.0889 0520  elxstor - ok
14:22:34.0904 0520  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:22:34.0904 0520  ErrDev - ok
14:22:34.0920 0520  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
14:22:34.0920 0520  EventSystem - ok
14:22:34.0935 0520  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
14:22:34.0935 0520  exfat - ok
14:22:34.0951 0520  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:22:34.0951 0520  fastfat - ok
14:22:34.0982 0520  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
14:22:34.0998 0520  Fax - ok
14:22:35.0013 0520  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
14:22:35.0013 0520  fdc - ok
14:22:35.0029 0520  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:22:35.0029 0520  fdPHost - ok
14:22:35.0029 0520  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:22:35.0029 0520  FDResPub - ok
14:22:35.0045 0520  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:22:35.0045 0520  FileInfo - ok
14:22:35.0045 0520  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:22:35.0045 0520  Filetrace - ok
14:22:35.0060 0520  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
14:22:35.0060 0520  flpydisk - ok
14:22:35.0060 0520  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:22:35.0060 0520  FltMgr - ok
14:22:35.0091 0520  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
14:22:35.0107 0520  FontCache - ok
14:22:35.0123 0520  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:22:35.0138 0520  FontCache3.0.0.0 - ok
14:22:35.0138 0520  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:22:35.0154 0520  FsDepends - ok
14:22:35.0154 0520  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:22:35.0154 0520  Fs_Rec - ok
14:22:35.0185 0520  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:22:35.0185 0520  fvevol - ok
14:22:35.0201 0520  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:22:35.0201 0520  gagp30kx - ok
14:22:35.0263 0520  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
14:22:35.0279 0520  GamesAppService - ok
14:22:35.0325 0520  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
14:22:35.0341 0520  gpsvc - ok
14:22:35.0357 0520  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:22:35.0372 0520  hcw85cir - ok
14:22:35.0372 0520  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:22:35.0372 0520  HDAudBus - ok
14:22:35.0403 0520  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
14:22:35.0403 0520  HidBatt - ok
14:22:35.0403 0520  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:22:35.0403 0520  HidBth - ok
14:22:35.0419 0520  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
14:22:35.0419 0520  HidIr - ok
14:22:35.0435 0520  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
14:22:35.0435 0520  hidserv - ok
14:22:35.0450 0520  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:22:35.0450 0520  HidUsb - ok
14:22:35.0466 0520  [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK      C:\Windows\system32\drivers\HipShieldK.sys
14:22:35.0481 0520  HipShieldK - ok
14:22:35.0513 0520  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:22:35.0528 0520  hkmsvc - ok
14:22:35.0559 0520  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:22:35.0559 0520  HomeGroupListener - ok
14:22:35.0591 0520  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:22:35.0591 0520  HomeGroupProvider - ok
14:22:35.0684 0520  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
14:22:35.0700 0520  hpqcxs08 - ok
14:22:35.0715 0520  [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
14:22:35.0715 0520  hpqddsvc - ok
14:22:35.0731 0520  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:22:35.0731 0520  HpSAMD - ok
14:22:35.0747 0520  [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
14:22:35.0762 0520  HPSLPSVC - ok
14:22:35.0778 0520  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:22:35.0778 0520  HTTP - ok
14:22:35.0793 0520  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:22:35.0793 0520  hwpolicy - ok
14:22:35.0793 0520  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:22:35.0793 0520  i8042prt - ok
14:22:35.0825 0520  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:22:35.0825 0520  iaStorV - ok
14:22:35.0887 0520  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:22:35.0903 0520  idsvc - ok
14:22:35.0918 0520  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:22:35.0918 0520  iirsp - ok
14:22:35.0965 0520  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
14:22:35.0981 0520  IKEEXT - ok
14:22:36.0027 0520  [ 9526F32B8A76F8DC25A1587400E30084 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:22:36.0043 0520  IntcAzAudAddService - ok
14:22:36.0043 0520  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
14:22:36.0043 0520  intelide - ok
14:22:36.0059 0520  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
14:22:36.0059 0520  intelppm - ok
14:22:36.0059 0520  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:22:36.0059 0520  IPBusEnum - ok
14:22:36.0074 0520  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:22:36.0074 0520  IpFilterDriver - ok
14:22:36.0090 0520  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:22:36.0090 0520  iphlpsvc - ok
14:22:36.0090 0520  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:22:36.0090 0520  IPMIDRV - ok
14:22:36.0105 0520  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:22:36.0105 0520  IPNAT - ok
14:22:36.0105 0520  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:22:36.0105 0520  IRENUM - ok
14:22:36.0121 0520  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:22:36.0121 0520  isapnp - ok
14:22:36.0137 0520  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:22:36.0137 0520  iScsiPrt - ok
14:22:36.0152 0520  [ D85F3F18E44F7447B5F1BA5C85BAEB7C ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
14:22:36.0152 0520  k57nd60a - ok
14:22:36.0168 0520  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:22:36.0168 0520  kbdclass - ok
14:22:36.0168 0520  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:22:36.0168 0520  kbdhid - ok
14:22:36.0183 0520  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
14:22:36.0183 0520  KeyIso - ok
14:22:36.0199 0520  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:22:36.0199 0520  KSecDD - ok
14:22:36.0215 0520  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:22:36.0215 0520  KSecPkg - ok
14:22:36.0215 0520  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:22:36.0215 0520  ksthunk - ok
14:22:36.0246 0520  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:22:36.0246 0520  KtmRm - ok
14:22:36.0293 0520  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
14:22:36.0308 0520  LanmanServer - ok
14:22:36.0339 0520  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:22:36.0339 0520  LanmanWorkstation - ok
14:22:36.0371 0520  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:22:36.0371 0520  lltdio - ok
14:22:36.0402 0520  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:22:36.0417 0520  lltdsvc - ok
14:22:36.0433 0520  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:22:36.0433 0520  lmhosts - ok
14:22:36.0464 0520  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:22:36.0464 0520  LSI_FC - ok
14:22:36.0480 0520  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:22:36.0480 0520  LSI_SAS - ok
14:22:36.0480 0520  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
14:22:36.0480 0520  LSI_SAS2 - ok
14:22:36.0480 0520  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:22:36.0495 0520  LSI_SCSI - ok
14:22:36.0495 0520  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
14:22:36.0495 0520  luafv - ok
14:22:36.0605 0520  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
14:22:36.0605 0520  McAfee SiteAdvisor Service - ok
14:22:36.0667 0520  [ 9504F1DDA1B67FB8D526FD4F8CC882F3 ] McAWFwk         c:\PROGRA~1\mcafee\msc\mcawfwk.exe
14:22:36.0667 0520  McAWFwk - ok
14:22:36.0683 0520  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
14:22:36.0683 0520  McMPFSvc - ok
14:22:36.0698 0520  [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
14:22:36.0698 0520  mcmscsvc - ok
14:22:36.0698 0520  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
14:22:36.0698 0520  McNaiAnn - ok
14:22:36.0698 0520  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
14:22:36.0714 0520  McNASvc - ok
14:22:36.0729 0520  [ 1814532DB0404C5FB65AA3EB051B2BE5 ] McODS           C:\Program Files\mcafee\VirusScan\mcods.exe
14:22:36.0729 0520  McODS - ok
14:22:36.0745 0520  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McOobeSv        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
14:22:36.0745 0520  McOobeSv - ok
14:22:36.0745 0520  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
14:22:36.0745 0520  McProxy - ok
14:22:36.0761 0520  [ 21F81090A00932C5E96700EDF2977582 ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
14:22:36.0761 0520  McShield - ok
14:22:36.0776 0520  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:22:36.0792 0520  Mcx2Svc - ok
14:22:36.0807 0520  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
14:22:36.0807 0520  megasas - ok
14:22:36.0823 0520  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
14:22:36.0823 0520  MegaSR - ok
14:22:36.0823 0520  [ B1720E97FABBDF7D30B36DAF19C3DEE8 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
14:22:36.0839 0520  mfeapfk - ok
14:22:36.0839 0520  [ 113F1534B80D65DFDCA660F19967A3B7 ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
14:22:36.0839 0520  mfeavfk - ok
14:22:36.0854 0520  mfeavfk01 - ok
14:22:36.0870 0520  [ C4F521310E40327BBC8E8E71DA344F48 ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
14:22:36.0870 0520  mfefire - ok
14:22:36.0870 0520  [ CECC9841D036EE008091825272D91331 ] mfefirek        C:\Windows\system32\drivers\mfefirek.sys
14:22:36.0885 0520  mfefirek - ok
14:22:36.0885 0520  [ EF0F85EDBDF6C0AB467E88E0CEE2B346 ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
14:22:36.0901 0520  mfehidk - ok
14:22:36.0901 0520  [ 6E3A46BF6CBB80450CC24F80FE03ED5A ] mferkdet        C:\Windows\system32\drivers\mferkdet.sys
14:22:36.0901 0520  mferkdet - ok
14:22:36.0917 0520  [ 341BFCAA3A55C08E8C9ECB1654ACA905 ] mfevtp          C:\Windows\system32\mfevtps.exe
14:22:36.0917 0520  mfevtp - ok
14:22:36.0932 0520  [ 2802D09F1B6ED502237539563F3C4992 ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
14:22:36.0932 0520  mfewfpk - ok
14:22:36.0948 0520  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
14:22:36.0948 0520  MMCSS - ok
14:22:36.0948 0520  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
14:22:36.0963 0520  Modem - ok
14:22:36.0979 0520  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:22:36.0979 0520  monitor - ok
14:22:36.0995 0520  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:22:36.0995 0520  mouclass - ok
14:22:37.0010 0520  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:22:37.0010 0520  mouhid - ok
14:22:37.0010 0520  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:22:37.0010 0520  mountmgr - ok
14:22:37.0041 0520  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:22:37.0041 0520  mpio - ok
14:22:37.0041 0520  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:22:37.0041 0520  mpsdrv - ok
14:22:37.0073 0520  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:22:37.0088 0520  MpsSvc - ok
14:22:37.0088 0520  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:22:37.0104 0520  MRxDAV - ok
14:22:37.0119 0520  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:22:37.0119 0520  mrxsmb - ok
14:22:37.0119 0520  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:22:37.0119 0520  mrxsmb10 - ok
14:22:37.0135 0520  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:22:37.0135 0520  mrxsmb20 - ok
14:22:37.0135 0520  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:22:37.0135 0520  msahci - ok
14:22:37.0151 0520  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:22:37.0151 0520  msdsm - ok
14:22:37.0166 0520  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
14:22:37.0166 0520  MSDTC - ok
14:22:37.0166 0520  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:22:37.0166 0520  Msfs - ok
14:22:37.0197 0520  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:22:37.0197 0520  mshidkmdf - ok
14:22:37.0197 0520  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:22:37.0197 0520  msisadrv - ok
14:22:37.0229 0520  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:22:37.0229 0520  MSiSCSI - ok
14:22:37.0244 0520  msiserver - ok
14:22:37.0275 0520  [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
14:22:37.0275 0520  MSK80Service - ok
14:22:37.0275 0520  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:22:37.0275 0520  MSKSSRV - ok
14:22:37.0291 0520  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:22:37.0291 0520  MSPCLOCK - ok
14:22:37.0307 0520  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:22:37.0307 0520  MSPQM - ok
14:22:37.0322 0520  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:22:37.0322 0520  MsRPC - ok
14:22:37.0322 0520  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
14:22:37.0322 0520  mssmbios - ok
14:22:37.0353 0520  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:22:37.0353 0520  MSTEE - ok
14:22:37.0353 0520  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
14:22:37.0353 0520  MTConfig - ok
14:22:37.0353 0520  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:22:37.0353 0520  Mup - ok
14:22:37.0385 0520  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
14:22:37.0385 0520  napagent - ok
14:22:37.0416 0520  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:22:37.0431 0520  NativeWifiP - ok
14:22:37.0447 0520  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:22:37.0463 0520  NDIS - ok
14:22:37.0463 0520  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:22:37.0463 0520  NdisCap - ok
14:22:37.0478 0520  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:22:37.0494 0520  NdisTapi - ok
14:22:37.0494 0520  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:22:37.0494 0520  Ndisuio - ok
14:22:37.0494 0520  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:22:37.0494 0520  NdisWan - ok
14:22:37.0509 0520  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:22:37.0509 0520  NDProxy - ok
14:22:37.0556 0520  [ 85E3DF39B5C7F5249EFD120907C0E2D2 ] NEOFLTR_650_15991 C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS
14:22:37.0556 0520  NEOFLTR_650_15991 - ok
14:22:37.0587 0520  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
14:22:37.0587 0520  Net Driver HPZ12 - ok
14:22:37.0587 0520  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:22:37.0587 0520  NetBIOS - ok
14:22:37.0603 0520  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:22:37.0619 0520  NetBT - ok
14:22:37.0619 0520  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
14:22:37.0619 0520  Netlogon - ok
14:22:37.0650 0520  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
14:22:37.0665 0520  Netman - ok
14:22:37.0728 0520  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:22:37.0728 0520  NetMsmqActivator - ok
14:22:37.0743 0520  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:22:37.0743 0520  NetPipeActivator - ok
14:22:37.0759 0520  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
14:22:37.0775 0520  netprofm - ok
14:22:37.0775 0520  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:22:37.0775 0520  NetTcpActivator - ok
14:22:37.0775 0520  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:22:37.0775 0520  NetTcpPortSharing - ok
14:22:37.0806 0520  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:22:37.0806 0520  nfrd960 - ok
14:22:37.0821 0520  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:22:37.0821 0520  NlaSvc - ok
14:22:37.0837 0520  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:22:37.0837 0520  Npfs - ok
14:22:37.0837 0520  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
14:22:37.0837 0520  nsi - ok
14:22:37.0853 0520  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:22:37.0853 0520  nsiproxy - ok
14:22:37.0868 0520  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:22:37.0884 0520  Ntfs - ok
14:22:37.0899 0520  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
14:22:37.0899 0520  Null - ok
14:22:37.0915 0520  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:22:37.0931 0520  nvraid - ok
14:22:37.0946 0520  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:22:37.0946 0520  nvstor - ok
14:22:37.0962 0520  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:22:37.0962 0520  nv_agp - ok
14:22:37.0962 0520  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:22:37.0977 0520  ohci1394 - ok
14:22:38.0024 0520  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:22:38.0024 0520  ose - ok
14:22:38.0196 0520  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:22:38.0289 0520  osppsvc - ok
14:22:38.0321 0520  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:22:38.0321 0520  p2pimsvc - ok
14:22:38.0367 0520  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:22:38.0367 0520  p2psvc - ok
14:22:38.0383 0520  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
14:22:38.0399 0520  Parport - ok
14:22:38.0414 0520  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:22:38.0414 0520  partmgr - ok
14:22:38.0430 0520  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:22:38.0445 0520  PcaSvc - ok
14:22:38.0539 0520  PcdrNdisuio - ok
14:22:38.0633 0520  [ 4B5F5774FF1C577B9515FDD2B5C535C5 ] PCDSRVC{1E208CE0-FB7451FF-06020200}_0 c:\program files\dell support center\pcdsrvc_x64.pkms
14:22:38.0679 0520  PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - ok
14:22:38.0773 0520  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
14:22:38.0773 0520  pci - ok
14:22:38.0789 0520  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
14:22:38.0789 0520  pciide - ok
14:22:38.0789 0520  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:22:38.0789 0520  pcmcia - ok
14:22:38.0789 0520  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:22:38.0804 0520  pcw - ok
14:22:38.0804 0520  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:22:38.0804 0520  PEAUTH - ok
14:22:38.0882 0520  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:22:38.0898 0520  PerfHost - ok
14:22:38.0991 0520  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
14:22:39.0023 0520  pla - ok
14:22:39.0054 0520  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:22:39.0069 0520  PlugPlay - ok
14:22:39.0116 0520  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
14:22:39.0116 0520  Pml Driver HPZ12 - ok
14:22:39.0132 0520  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:22:39.0132 0520  PNRPAutoReg - ok
14:22:39.0163 0520  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:22:39.0179 0520  PNRPsvc - ok
14:22:39.0210 0520  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:22:39.0210 0520  PolicyAgent - ok
14:22:39.0225 0520  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
14:22:39.0225 0520  Power - ok
14:22:39.0272 0520  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:22:39.0272 0520  PptpMiniport - ok
14:22:39.0303 0520  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
14:22:39.0303 0520  Processor - ok
14:22:39.0319 0520  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:22:39.0319 0520  ProfSvc - ok
14:22:39.0350 0520  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:22:39.0350 0520  ProtectedStorage - ok
14:22:39.0397 0520  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:22:39.0397 0520  Psched - ok
14:22:39.0413 0520  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
14:22:39.0413 0520  PxHlpa64 - ok
14:22:39.0459 0520  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:22:39.0491 0520  ql2300 - ok
14:22:39.0491 0520  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:22:39.0491 0520  ql40xx - ok
14:22:39.0522 0520  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
14:22:39.0522 0520  QWAVE - ok
14:22:39.0537 0520  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:22:39.0537 0520  QWAVEdrv - ok
14:22:39.0553 0520  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:22:39.0553 0520  RasAcd - ok
14:22:39.0569 0520  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:22:39.0584 0520  RasAgileVpn - ok
14:22:39.0600 0520  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
14:22:39.0600 0520  RasAuto - ok
14:22:39.0615 0520  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:22:39.0615 0520  Rasl2tp - ok
14:22:39.0647 0520  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
14:22:39.0647 0520  RasMan - ok
14:22:39.0647 0520  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:22:39.0647 0520  RasPppoe - ok
14:22:39.0662 0520  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:22:39.0662 0520  RasSstp - ok
14:22:39.0662 0520  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:22:39.0662 0520  rdbss - ok
14:22:39.0678 0520  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
14:22:39.0693 0520  rdpbus - ok
14:22:39.0693 0520  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:22:39.0693 0520  RDPCDD - ok
14:22:39.0709 0520  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:22:39.0709 0520  RDPENCDD - ok
14:22:39.0725 0520  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:22:39.0725 0520  RDPREFMP - ok
14:22:39.0725 0520  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:22:39.0725 0520  RDPWD - ok
14:22:39.0740 0520  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:22:39.0740 0520  rdyboost - ok
14:22:39.0771 0520  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:22:39.0771 0520  RemoteAccess - ok
14:22:39.0787 0520  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:22:39.0787 0520  RemoteRegistry - ok
14:22:39.0912 0520  [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
14:22:39.0927 0520  RoxMediaDB12OEM - ok
14:22:39.0959 0520  [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12      C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
14:22:39.0959 0520  RoxWatch12 - ok
14:22:39.0974 0520  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:22:39.0990 0520  RpcEptMapper - ok
14:22:40.0021 0520  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
14:22:40.0021 0520  RpcLocator - ok
14:22:40.0052 0520  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
14:22:40.0068 0520  RpcSs - ok
14:22:40.0083 0520  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:22:40.0083 0520  rspndr - ok
14:22:40.0099 0520  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
14:22:40.0099 0520  SamSs - ok
14:22:40.0115 0520  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:22:40.0115 0520  sbp2port - ok
14:22:40.0146 0520  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:22:40.0146 0520  SCardSvr - ok
14:22:40.0161 0520  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:22:40.0161 0520  scfilter - ok
14:22:40.0193 0520  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
14:22:40.0193 0520  Schedule - ok
14:22:40.0224 0520  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:22:40.0224 0520  SCPolicySvc - ok
14:22:40.0255 0520  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:22:40.0255 0520  SDRSVC - ok
14:22:40.0286 0520  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:22:40.0286 0520  secdrv - ok
14:22:40.0286 0520  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
14:22:40.0286 0520  seclogon - ok
14:22:40.0302 0520  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
14:22:40.0302 0520  SENS - ok
14:22:40.0333 0520  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:22:40.0333 0520  SensrSvc - ok
14:22:40.0349 0520  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
14:22:40.0349 0520  Serenum - ok
14:22:40.0364 0520  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
14:22:40.0364 0520  Serial - ok
14:22:40.0380 0520  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:22:40.0380 0520  sermouse - ok
14:22:40.0395 0520  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:22:40.0395 0520  SessionEnv - ok
14:22:40.0411 0520  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:22:40.0411 0520  sffdisk - ok
14:22:40.0411 0520  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:22:40.0411 0520  sffp_mmc - ok
14:22:40.0411 0520  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:22:40.0411 0520  sffp_sd - ok
14:22:40.0427 0520  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
14:22:40.0427 0520  sfloppy - ok
14:22:40.0442 0520  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
14:22:40.0442 0520  Sftfs - ok
14:22:40.0505 0520  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
14:22:40.0505 0520  sftlist - ok
14:22:40.0536 0520  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
14:22:40.0536 0520  Sftplay - ok
14:22:40.0536 0520  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
14:22:40.0551 0520  Sftredir - ok
14:22:40.0739 0520  [ 4215C271D6E6898C3F4DABAB4F387DC9 ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
14:22:40.0770 0520  SftService - ok
14:22:40.0770 0520  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
14:22:40.0770 0520  Sftvol - ok
14:22:40.0770 0520  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
14:22:40.0785 0520  sftvsa - ok
14:22:40.0817 0520  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:22:40.0817 0520  SharedAccess - ok
14:22:40.0863 0520  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:22:40.0879 0520  ShellHWDetection - ok
14:22:40.0895 0520  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
14:22:40.0895 0520  SiSRaid2 - ok
14:22:40.0910 0520  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:22:40.0910 0520  SiSRaid4 - ok
14:22:40.0973 0520  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
14:22:40.0988 0520  SkypeUpdate - ok
14:22:41.0019 0520  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:22:41.0019 0520  Smb - ok
14:22:41.0051 0520  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:22:41.0051 0520  SNMPTRAP - ok
14:22:41.0066 0520  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:22:41.0066 0520  spldr - ok
14:22:41.0097 0520  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
14:22:41.0097 0520  Spooler - ok
14:22:41.0191 0520  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
14:22:41.0253 0520  sppsvc - ok
14:22:41.0285 0520  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:22:41.0285 0520  sppuinotify - ok
14:22:41.0285 0520  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:22:41.0285 0520  srv - ok
14:22:41.0300 0520  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:22:41.0300 0520  srv2 - ok
14:22:41.0316 0520  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:22:41.0316 0520  srvnet - ok
14:22:41.0331 0520  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:22:41.0331 0520  SSDPSRV - ok
14:22:41.0331 0520  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:22:41.0347 0520  SstpSvc - ok
14:22:41.0363 0520  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
14:22:41.0363 0520  stexstor - ok
14:22:41.0394 0520  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
14:22:41.0409 0520  stisvc - ok
14:22:41.0456 0520  [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr        C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
14:22:41.0456 0520  stllssvr - ok
14:22:41.0472 0520  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
14:22:41.0472 0520  swenum - ok
14:22:41.0534 0520  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
14:22:41.0534 0520  swprv - ok
14:22:41.0612 0520  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
14:22:41.0643 0520  SysMain - ok
14:22:41.0643 0520  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:22:41.0643 0520  TabletInputService - ok
14:22:41.0659 0520  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:22:41.0659 0520  TapiSrv - ok
14:22:41.0690 0520  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
14:22:41.0690 0520  TBS - ok
14:22:41.0737 0520  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:22:41.0753 0520  Tcpip - ok
14:22:41.0768 0520  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:22:41.0768 0520  TCPIP6 - ok
14:22:41.0784 0520  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:22:41.0784 0520  tcpipreg - ok
14:22:41.0815 0520  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:22:41.0815 0520  TDPIPE - ok
14:22:41.0815 0520  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:22:41.0815 0520  TDTCP - ok
14:22:41.0815 0520  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:22:41.0815 0520  tdx - ok
14:22:41.0831 0520  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
14:22:41.0831 0520  TermDD - ok
14:22:41.0831 0520  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
14:22:41.0846 0520  TermService - ok
14:22:41.0846 0520  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
14:22:41.0846 0520  Themes - ok
14:22:41.0877 0520  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
14:22:41.0877 0520  THREADORDER - ok
14:22:41.0877 0520  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
14:22:41.0893 0520  TrkWks - ok
14:22:41.0940 0520  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:22:41.0955 0520  TrustedInstaller - ok
14:22:41.0971 0520  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:22:41.0971 0520  tssecsrv - ok
14:22:41.0971 0520  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:22:41.0971 0520  TsUsbFlt - ok
14:22:41.0971 0520  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
14:22:41.0971 0520  TsUsbGD - ok
14:22:41.0987 0520  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:22:41.0987 0520  tunnel - ok
14:22:42.0002 0520  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:22:42.0002 0520  uagp35 - ok
14:22:42.0002 0520  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:22:42.0018 0520  udfs - ok
14:22:42.0033 0520  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:22:42.0033 0520  UI0Detect - ok
14:22:42.0033 0520  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:22:42.0049 0520  uliagpkx - ok
14:22:42.0049 0520  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:22:42.0049 0520  umbus - ok
14:22:42.0065 0520  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
14:22:42.0065 0520  UmPass - ok
14:22:42.0096 0520  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
14:22:42.0111 0520  upnphost - ok
14:22:42.0127 0520  [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:22:42.0127 0520  usbccgp - ok
14:22:42.0127 0520  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:22:42.0127 0520  usbcir - ok
14:22:42.0143 0520  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:22:42.0143 0520  usbehci - ok
14:22:42.0143 0520  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:22:42.0143 0520  usbhub - ok
14:22:42.0158 0520  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
14:22:42.0158 0520  usbohci - ok
14:22:42.0158 0520  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:22:42.0158 0520  usbprint - ok
14:22:42.0189 0520  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
14:22:42.0189 0520  usbscan - ok
14:22:42.0189 0520  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:22:42.0189 0520  USBSTOR - ok
14:22:42.0205 0520  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:22:42.0205 0520  usbuhci - ok
14:22:42.0221 0520  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
14:22:42.0221 0520  UxSms - ok
14:22:42.0236 0520  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
14:22:42.0236 0520  VaultSvc - ok
14:22:42.0236 0520  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:22:42.0236 0520  vdrvroot - ok
14:22:42.0252 0520  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
14:22:42.0267 0520  vds - ok
14:22:42.0267 0520  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:22:42.0267 0520  vga - ok
14:22:42.0267 0520  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:22:42.0267 0520  VgaSave - ok
14:22:42.0283 0520  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:22:42.0283 0520  vhdmp - ok
14:22:42.0283 0520  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:22:42.0283 0520  viaide - ok
14:22:42.0299 0520  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:22:42.0299 0520  volmgr - ok
14:22:42.0299 0520  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:22:42.0314 0520  volmgrx - ok
14:22:42.0314 0520  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:22:42.0314 0520  volsnap - ok
14:22:42.0330 0520  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:22:42.0330 0520  vsmraid - ok
14:22:42.0377 0520  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
14:22:42.0408 0520  VSS - ok
14:22:42.0439 0520  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
14:22:42.0439 0520  vwifibus - ok
14:22:42.0455 0520  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
14:22:42.0470 0520  W32Time - ok
14:22:42.0486 0520  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:22:42.0486 0520  WacomPen - ok
14:22:42.0486 0520  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:22:42.0486 0520  WANARP - ok
14:22:42.0486 0520  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:22:42.0501 0520  Wanarpv6 - ok
14:22:42.0517 0520  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
14:22:42.0533 0520  WatAdminSvc - ok
14:22:42.0595 0520  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
14:22:42.0626 0520  wbengine - ok
14:22:42.0642 0520  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:22:42.0642 0520  WbioSrvc - ok
14:22:42.0657 0520  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:22:42.0657 0520  wcncsvc - ok
14:22:42.0657 0520  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:22:42.0673 0520  WcsPlugInService - ok
14:22:42.0673 0520  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
14:22:42.0673 0520  Wd - ok
14:22:42.0689 0520  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:22:42.0689 0520  Wdf01000 - ok
14:22:42.0689 0520  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:22:42.0704 0520  WdiServiceHost - ok
14:22:42.0704 0520  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:22:42.0704 0520  WdiSystemHost - ok
14:22:42.0720 0520  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
14:22:42.0720 0520  WebClient - ok
14:22:42.0751 0520  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:22:42.0751 0520  Wecsvc - ok
14:22:42.0767 0520  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:22:42.0782 0520  wercplsupport - ok
14:22:42.0782 0520  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:22:42.0782 0520  WerSvc - ok
14:22:42.0798 0520  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:22:42.0798 0520  WfpLwf - ok
14:22:42.0845 0520  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
14:22:42.0845 0520  WimFltr - ok
14:22:42.0876 0520  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:22:42.0876 0520  WIMMount - ok
14:22:42.0891 0520  WinDefend - ok
14:22:42.0923 0520  WinHttpAutoProxySvc - ok
14:22:42.0954 0520  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:22:42.0954 0520  Winmgmt - ok
14:22:43.0016 0520  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
14:22:43.0047 0520  WinRM - ok
14:22:43.0079 0520  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:22:43.0079 0520  WinUsb - ok
14:22:43.0125 0520  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:22:43.0125 0520  Wlansvc - ok
14:22:43.0203 0520  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:22:43.0219 0520  wlcrasvc - ok
14:22:43.0313 0520  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:22:43.0344 0520  wlidsvc - ok
14:22:43.0359 0520  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:22:43.0359 0520  WmiAcpi - ok
14:22:43.0375 0520  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:22:43.0375 0520  wmiApSrv - ok
14:22:43.0422 0520  WMPNetworkSvc - ok
14:22:43.0437 0520  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:22:43.0437 0520  WPCSvc - ok
14:22:43.0469 0520  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:22:43.0469 0520  WPDBusEnum - ok
14:22:43.0484 0520  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:22:43.0484 0520  ws2ifsl - ok
14:22:43.0500 0520  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
14:22:43.0500 0520  wscsvc - ok
14:22:43.0515 0520  WSearch - ok
14:22:43.0547 0520  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:22:43.0578 0520  wuauserv - ok
14:22:43.0578 0520  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:22:43.0578 0520  WudfPf - ok
14:22:43.0593 0520  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:22:43.0593 0520  WUDFRd - ok
14:22:43.0609 0520  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:22:43.0609 0520  wudfsvc - ok
14:22:43.0609 0520  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:22:43.0625 0520  WwanSvc - ok
14:22:43.0625 0520  ================ Scan global ===============================
14:22:43.0656 0520  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:22:43.0656 0520  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:22:43.0671 0520  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:22:43.0687 0520  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:22:43.0703 0520  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:22:43.0718 0520  [Global] - ok
14:22:43.0718 0520  ================ Scan MBR ==================================
14:22:43.0734 0520  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
14:22:43.0983 0520  \Device\Harddisk0\DR0 - ok
14:22:43.0999 0520  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk5\DR5
14:22:44.0030 0520  \Device\Harddisk5\DR5 - ok
14:22:44.0030 0520  ================ Scan VBR ==================================
14:22:44.0030 0520  [ 48B6117C7F26157025F0FF64655D8BA2 ] \Device\Harddisk0\DR0\Partition1
14:22:44.0030 0520  \Device\Harddisk0\DR0\Partition1 - ok
14:22:44.0046 0520  [ 50EB1C30B265B8C26CB6601CDC1952CA ] \Device\Harddisk0\DR0\Partition2
14:22:44.0046 0520  \Device\Harddisk0\DR0\Partition2 - ok
14:22:44.0061 0520  [ C9290612F2D609934FF629DF33392920 ] \Device\Harddisk5\DR5\Partition1
14:22:44.0061 0520  \Device\Harddisk5\DR5\Partition1 - ok
14:22:44.0061 0520  ============================================================
14:22:44.0061 0520  Scan finished
14:22:44.0061 0520  ============================================================
14:22:44.0061 4224  Detected object count: 0
14:22:44.0061 4224  Actual detected object count: 0
14:22:56.0385 6032  Deinitialize success

 

[Will]

Hi jackel,

Please read my instructions again. I've asked you to follow the steps in a specific tutorial.

I was on the phone with dell for more than an hour trying to fix a software issue but still did not fix it.

Can you be more specific? What software issue were you trying to fix, and what steps did you try and resolve the issue?

As I've mentioned before, please do not run tools or fixes unless instructed whilst receiving help here. Running TDSSKiller again is not beneficial, it will not find anything new. We're trying to help you, but you're significantly complicating the issue. If you're desperate for an instant fix to your problem, I'd suggest you perform a full reinstall of Windows 7 on this machine. Alternatively, take the machine to a local technician who will perform the reinstall for you. It'll cost you some money, but it'll be the fastest way to get the computer back into a stable state.

 

[jackel]

Will, I appreciate your help. The issue is a problem that has been going on before the viruses were on the machine. It is the dell datasafety local backup. It states at the desktop startup "dell datasafety local backup has stopped working". The last resort will be to factory restore. The machine powers on without the lag, goes to the desktop with no problem. It is only the dell issue which has been going on before the viruses. You guys do great work. All in all the machine is running great.

 

[Will]

Hi jackel,

That's great. In that case, there are a couple more scans to make sure there are no remnants remaining on the system. You mentioned you've used MBAM already on the machine. If you've already installed the program, simply update the program and run a scan. Otherwise, download a new copy from the link below.

Please download Malwarebytes Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location.
• Please post contents of that file in your next reply.

--------------------------------------

It's important to run an online scan to search for any remnants that may be lurking. Please go to here to run an online scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
• Click on Advanced Settings and ensure these options are ticked:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click Scan
• Wait for the scan to finish
• If any threats were found, click the 'List of found threats' , then click Export to text file....
• Save it to your desktop, then please copy and paste that log as a reply to this topic.

------------------------------------------------------

 

[jackel]

Hello Will

here is the Malwarebytes scan. I'll run the online scan next

Malwarebytes Anti-Malware 1.75.0.1300
[URL="http://www.malwarebytes.org"]www.malwarebytes.org[/URL]
Database version: v2013.04.17.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Home Office :: HOMEOFFICE-PC [administrator]
4/17/2013 3:01:48 PM
mbam-log-2013-04-17 (15-01-48).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237755
Time elapsed: 1 minute(s), 59 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

 

[jackel]

Here is the online scan...to my surprise there are Trojans. the ones in the datasafe back up indicates this is the reason for it not working. they were there all along. The other scanners did not pick up on them. Why?

C:\Program Files (x86)\Advanced Fix 2013\AdvancedFix.exe a variant of Win32/RegistryNuke application
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\TDSSKiller_Quarantine\16.04.2013_16.37.21\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\16.04.2013_16.37.21\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\16.04.2013_16.37.21\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\16.04.2013_16.37.21\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AG trojan
C:\TDSSKiller_Quarantine\16.04.2013_16.37.21\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AF trojan
C:\TDSSKiller_Quarantine\16.04.2013_16.37.21\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\16.04.2013_16.37.21\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.X trojan
C:\Users\Home Office\Downloads\SoftonicDownloader_for_microsoft-photo-story.exe Win32/SoftonicDownloader.D application

 

[Will]

Hi jackel,

None of the results of the ESET scan are anything to worry about. Unfortunately this isn't the reason the Dell DataSafe backup program isn't working - it isn't infected, it's just flagged as an application that starts in a certain way. The only real malware found is what's already been quarantined by TDSSKiller, all the other results are non-malicious.

----------------------------

We'll run a final check to make sure the computer is in good shape.

Please download DDS.scr by sUBs and save it to your desktop.

Download Link
Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will save 2 logs to your desktop

DDS.txt
Attach.txt​

• Disable any script blocker and then double-click dds.scr to run.
• Shortly after two logs will appear, DDS.txt & Attach.txt
• The logs will automatically be saved to your desktop.

Please attach these logs in your next reply.

 

[jackel]

here is the txt files

DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.21.2
Run by Home Office at 16:21:47 on 2013-04-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5887.4071 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~2\HP\DIGITA~1\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Windows\System32\msdtc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120624194811.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Querius Search Bar: {edb8602e-fa77-4d58-ab9f-97ac1f6ee12f} - C:\Program Files (x86)\querius_001\querius_001X.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Querius Search Bar: {edb8602e-fa77-4d58-ab9f-97ac1f6ee12f} - C:\Program Files (x86)\querius_001\querius_001X.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: dell.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://agents.nationwide.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{6928F045-6891-47E4-8644-D7B5F37A557E} : DHCPNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20120624194810.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-3-31 82600]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-3-31 42664]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-3-13 340216]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-8-30 55856]
R1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);C:\Windows\System32\drivers\NEOFLTR_650_15991.SYS [2011-9-16 100472]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-8-30 203776]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-10-26 201304]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-10-26 201304]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-10-26 201304]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-10-26 201304]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-8-30 241456]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-8-30 218760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-8-30 182752]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-3-13 70112]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-8-30 320040]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-3-13 309840]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-3-13 515968]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 0121311364716903mcinstcleanup;McAfee Application Installer Cleanup (0121311364716903);C:\Windows\TEMP\012131~1.EXE -cleanup -nolog --> C:\Windows\TEMP\012131~1.EXE -cleanup -nolog [?]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2013-4-17 1695040]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-10-26 196440]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-8-30 224704]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-3-13 106552]
S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-8-17 25584]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-8 1255736]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-10-26 201304]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-04-17 20:10:58 -------- d-----w- C:\Program Files (x86)\ESET
2013-04-17 19:11:19 151656 ----a-w- C:\Windows\System32\drivers\WimFltr.sys
2013-04-17 19:11:03 -------- d-----w- C:\Program Files (x86)\Dell DataSafe Local Backup
2013-04-17 18:14:11 -------- d-----w- C:\Program Files (x86)\Advanced Fix 2013
2013-04-17 18:04:25 -------- d-----w- C:\ProgramData\Citrix
2013-04-17 18:03:47 -------- d-----w- C:\Users\Home Office\AppData\Local\Citrix
2013-04-17 18:03:46 103832 ----a-w- C:\Users\Home Office\GoToAssistDownloadHelper.exe
2013-04-17 16:17:51 -------- d-----w- C:\Users\Home Office\AppData\Local\Apps
2013-04-17 16:17:50 -------- d-----w- C:\Users\Home Office\AppData\Local\Deployment
2013-04-17 02:36:36 -------- d-sh--w- C:\$RECYCLE.BIN
2013-04-16 22:23:48 98816 ----a-w- C:\Windows\sed.exe
2013-04-16 22:23:48 256000 ----a-w- C:\Windows\PEV.exe
2013-04-16 22:23:48 208896 ----a-w- C:\Windows\MBR.exe
2013-04-16 21:37:51 -------- d-----w- C:\TDSSKiller_Quarantine
2013-04-16 19:30:48 -------- d-----w- C:\Users\Home Office\AppData\Roaming\PCDr
2013-04-16 19:30:16 -------- d-----w- C:\ProgramData\VirtualizedApplications
2013-04-16 19:26:03 -------- d-----w- C:\Users\Home Office\AppData\Roaming\HpUpdate
2013-04-16 17:37:12 -------- d-----w- C:\Users\Home Office\AppData\Roaming\Malwarebytes
2013-04-16 17:37:04 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-04-16 17:37:04 -------- d-----w- C:\ProgramData\Malwarebytes
2013-04-16 17:37:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-16 17:36:18 -------- d-----w- C:\Users\Home Office\AppData\Local\Programs
2013-04-16 16:40:24 -------- d-----w- C:\FRST
2013-04-16 03:16:24 -------- d-----w- C:\Users\Home Office\AppData\Local\SoftThinks
2013-04-16 03:07:02 -------- d-----w- C:\Users\Home Office\AppData\Local\ATI
2013-04-16 03:06:39 -------- d-----w- C:\Users\Home Office\AppData\Roaming\Fingertapps
2013-04-16 03:06:37 -------- d-----w- C:\Users\Home Office\AppData\Roaming\Dell
2013-04-16 03:06:19 -------- d-----w- C:\Users\Home Office\AppData\Local\blekkotb
2013-04-16 03:06:15 -------- d-----w- C:\Users\Home Office\AppData\Roaming\Dell Touch Zone
2013-04-16 02:54:45 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2013-04-12 00:41:36 -------- d-----w- C:\Emergency
2013-03-31 23:32:04 82600 ----a-w- C:\Windows\System32\drivers\amd_sata.sys
2013-03-31 23:32:04 42664 ----a-w- C:\Windows\System32\drivers\amd_xata.sys
.
==================== Find3M  ====================
.
2013-04-16 22:57:51 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-16 22:57:51 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-04-16 22:57:51 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll
2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-21 10:14:05 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-02-19 19:59:06 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2013-02-19 19:56:26 340216 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2013-02-19 19:56:14 182752 ----a-w- C:\Windows\System32\mfevtps.exe
2013-02-19 19:55:26 10728 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2013-02-19 19:55:14 106552 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2013-02-19 19:54:32 771536 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2013-02-19 19:53:42 515968 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2013-02-19 19:53:02 309840 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2013-02-19 19:52:44 179280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2013-02-19 12:01:03 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-19 11:42:14 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-19 11:10:53 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-02-15 06:08:40 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-02-15 06:06:11 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2013-02-15 06:02:26 158720 ----a-w- C:\Windows\System32\aaclient.dll
2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-02-15 04:34:10 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-02-15 03:25:51 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-01-24 06:01:01 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
.
============= FINISH: 16:22:06.17 ===============

Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 9/6/2011 7:43:11 PM
System Uptime: 4/17/2013 2:03:11 PM (2 hours ago)
.
Motherboard: Dell Inc. |  | 04GJJT
Processor: AMD Athlon(tm) II X4 645 Processor | CPU 1 | 3100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 917 GiB total, 865.821 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
Z: is FIXED (FAT) - 0 GiB total, 0.029 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP15: 4/16/2013 5:56:08 PM - Windows Update
RP16: 4/17/2013 1:26:01 PM - Configured Dell DataSafe Local Backup - Support Software
RP17: 4/17/2013 1:27:24 PM - Removed Dell DataSafe Local Backup
RP18: 4/17/2013 1:33:49 PM - Installed Dell DataSafe Local Backup
RP19: 4/17/2013 1:44:26 PM - Configured Dell DataSafe Local Backup - Support Software
RP20: 4/17/2013 1:45:58 PM - Removed Dell DataSafe Local Backup
RP21: 4/17/2013 1:52:08 PM - Installed Dell DataSafe Local Backup
RP22: 4/17/2013 2:02:03 PM - Removed Dell DataSafe Local Backup
RP23: 4/17/2013 2:10:54 PM - Installed Dell DataSafe Local Backup
.
==== Installed Programs ======================
.
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
64 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 ActiveX 64-bit
Adobe Reader X (10.1.4) MUI
Advanced Fix 2013 version 2.0.1.106
Anti-phishing Domain Advisor
Ask Toolbar
Avery Toolbar Updater
Bejeweled 2 Deluxe
Bing Bar
Bing Rewards Client Installer
Blackhawk Striker 2
Bounce Symphony
BufferChm
Build-a-lot 2
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Consumer In-Home Service Agreement
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Edoc Viewer
Dell Getting Started Guide
Dell Marketplace Webslice IE8
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell Support Center
Dell System Detect
Dell VideoStage 
Destinations
DeviceDiscovery
Diner Dash 2 Restaurant Rescue
DirectX 9 Runtime
DocMgr
DocProc
Dora's World Adventure
eBay
Escape Whisper Valley (TM)
ESET Online Scanner v3
Farm Frenzy
FATE
Fax
Final Drive Fury
Final Drive Nitro
GPBaseService2
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510n-z
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
Internet Explorer
Java 7 Update 21
Java Auto Updater
Java(TM) 6 Update 24 (64-bit)
Jewel Quest
Jewel Quest Solitaire 2
Juniper Networks Host Checker
Juniper Networks Secure Application Manager
Juniper Networks Setup Client
Junk Mail filter update
Luxor
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
McAfee Total Protection
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Namco All-Stars PAC-MAN
Network64
OCR Software by I.R.I.S. 13.0
Penguins!
Photo Story 3 for Windows
PhotoShowExpress
Plants vs. Zombies - Game of the Year
Poker Superstars III
Polar Bowler
Polar Golfer
Querius Search Bar
RBVirtualFolder64Inst
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Samantha Swift
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Shared C Run-time for x64
Shop for HP Supplies
Skins
Skype Toolbars
Skype™ 5.10
SmartWebPrinting
SolutionCenter
Sonic CinePlayer Decoder Pack
Status
Toolbox
TrayApp
TrustedID
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
WebReg
Wedding Dash - Ready, Aim, Love!
WildTangent Games
WildTangent Games App (Dell Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Toolbar
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
4/17/2013 2:01:53 PM, Error: Service Control Manager [7034]  - The SoftThinks Agent Service service terminated unexpectedly.  It has done this 1 time(s).
4/16/2013 6:21:48 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
4/16/2013 6:09:15 PM, Error: Service Control Manager [7034]  - The hpqcxs08 service terminated unexpectedly.  It has done this 1 time(s).
4/16/2013 6:09:15 PM, Error: Service Control Manager [7034]  - The HP CUE DeviceDiscovery Service service terminated unexpectedly.  It has done this 1 time(s).
4/16/2013 6:07:02 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
4/16/2013 5:42:56 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
4/16/2013 5:42:47 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service McNaSvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
4/16/2013 5:28:05 PM, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
4/16/2013 5:23:50 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
4/16/2013 5:15:18 PM, Error: Disk [11]  - The driver detected a controller error on \...\DR6.
4/16/2013 4:44:30 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
4/16/2013 4:42:55 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/16/2013 4:42:55 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/16/2013 4:42:48 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/16/2013 4:42:42 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/16/2013 4:42:28 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache spldr Wanarpv6
4/16/2013 4:42:21 PM, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The dependency service or group failed to start.
4/16/2013 4:09:18 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000000a (0x0000000000000088, 0x0000000000000002, 0x0000000000000001, 0xfffff8000305d766). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041613-242004-01.
4/16/2013 4:00:55 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff800030b80ea, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041613-219524-01.
4/16/2013 2:17:19 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800030ad32f, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041613-97578-01.
4/16/2013 2:10:42 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.
4/16/2013 2:10:42 PM, Error: Service Control Manager [7000]  - The Windows Installer service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/16/2013 2:10:42 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
4/16/2013 2:10:12 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service MCODS with arguments "" in order to run the server: {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}
4/16/2013 2:10:10 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the McAfee Scanner service to connect.
4/16/2013 2:10:10 PM, Error: Service Control Manager [7000]  - The McAfee Scanner service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/16/2013 2:09:02 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:  An instance of the service is already running.
4/16/2013 2:08:32 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
4/16/2013 2:08:30 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
4/16/2013 12:31:15 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff800030e4525). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041613-83320-01.
4/16/2013 12:06:02 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/16/2013 12:04:19 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000000a (0x000000000007f084, 0x0000000000000002, 0x0000000000000001, 0xfffff800030b8045). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041613-87126-01.
4/16/2013 11:58:34 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800030b8045). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041613-99809-01.
4/16/2013 11:52:51 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800030f9045). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041613-96611-01.
4/16/2013 11:50:06 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Skype Updater service to connect.
4/16/2013 11:49:35 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Service Agent service to connect.
4/16/2013 11:49:35 AM, Error: Service Control Manager [7000]  - The Application Virtualization Service Agent service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/16/2013 11:47:01 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800030f6045, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041613-94380-01.
4/16/2013 11:38:06 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff8000310d045). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041613-88904-01.
4/16/2013 11:32:10 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80003108045). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041613-91338-01.
4/16/2013 11:27:16 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800030ba045). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041613-90090-01.
4/16/2013 1:14:14 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
4/16/2013 1:14:14 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/16/2013 1:13:57 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/16/2013 1:12:47 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache mfehidk NEOFLTR_650_15991 NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
4/16/2013 1:12:47 PM, Error: Service Control Manager [7001]  - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:  The dependency service or group failed to start.
4/16/2013 1:12:47 PM, Error: Service Control Manager [7001]  - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error:  The dependency service or group failed to start.
4/16/2013 1:12:47 PM, Error: Service Control Manager [7001]  - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error:  The dependency service or group failed to start.
4/16/2013 1:12:47 PM, Error: Service Control Manager [7001]  - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:  The dependency service or group failed to start.
4/16/2013 1:12:46 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
4/16/2013 1:12:46 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
4/16/2013 1:12:46 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
4/16/2013 1:12:46 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
4/16/2013 1:12:46 PM, Error: Service Control Manager [7001]  - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error:  A device attached to the system is not functioning.
4/16/2013 1:12:46 PM, Error: Service Control Manager [7001]  - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error:  The dependency service or group failed to start.
4/16/2013 1:12:46 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
4/16/2013 1:12:42 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
4/16/2013 1:12:42 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
4/16/2013 1:12:42 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
4/16/2013 1:12:42 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
4/16/2013 1:12:42 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
4/15/2013 8:04:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003060faf, 0x0000000000000000, 0x000000007ef90000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041513-38111-01.
4/15/2013 10:14:50 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800030c0045). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041513-99544-01.
4/15/2013 10:09:54 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff800030d2525). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041513-97110-01.
4/15/2013 10:05:46 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Adobe Acrobat Update Service service to connect.
4/14/2013 9:19:58 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000050 (0xfffff8a000a57000, 0x0000000000000000, 0xfffff80002b1c3ca, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041413-25989-01.
4/14/2013 10:08:37 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002a72faf, 0x0000000000000000, 0x000000007ef90000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041413-26629-01.
.
==== End Of File ===========================