headinhome

worked indeed... you are the man. thanks so, so much for all your help!

ok, great... one more issue. my excel and word starter 2010 are not working now. they say "microsoft excel starter 2010 cannot be opened. try again or repair product in control panel" when you click to open them. any ideas... probably been a week or more since i used them and they worked fine then. thanks, scott

ok, good. thanks!

hope this is what you were needing. thanks. MyZip.zip

thank! just let me know if there's anything else. scott

seems to be ok.

MBRScan v1.1.1 OS : Windows 7 Service Pack 1 (64 bit) PROCESSOR : AMD64 Family 16 Model 5 Stepping 3, AuthenticAMD BOOT : Normal Boot DATE : 2012/04/06 (ISO 8601) at 21:09:50 ________________________________________________________________________________ DISK : Device\Harddisk0\DR0 __ST310005 28AS (HP40) BUS_TYPE : (0x0B) S-ATA USE_PIO : YES MAX_TRANSFER : 128 Kb ALIGNMENT_MASK : word aligned ________________________________________________________________________________ Device\Harddisk0\DR0 931.5 Go [Fixed] ==> 7 MBR Code... ==> PARTITION TABLE FAKED !! MBR_MD5 : 58E87BBCCBDDC74DABA40B61BBF22A8A MBR_SHA1 : C449B09F46442F05567C07895A61479C0039B25B Device\Harddisk0\Partition1 100.0 Mo 0x07 NTFS / HPFS __ BOOTABLE __ Device\Harddisk0\Partition2 920.3 Go 0x07 NTFS / HPFS Device\Harddisk0\Partition3 11.16 Go 0x07 NTFS / HPFS ________________________________________________________________________________ ############################### Additional scan ################################ DRIVER : C:\Windows\system32\hal.dll => Invisible on the disk ADDRESS : 0x031F4000 SIZE : 292.0 Ko DRIVER : C:\Windows\system32\kdcom.dll => Invisible on the disk ADDRESS : 0x00BD3000 SIZE : 40.0 Ko DRIVER : C:\Windows\system32\mcupdate_AuthenticAMD.dll => Invisible on the disk ADDRESS : 0x00C29000 SIZE : 52.0 Ko DRIVER : C:\Windows\system32\CLFS.SYS => Invisible on the disk ADDRESS : 0x00C4A000 SIZE : 376.0 Ko DRIVER : C:\Windows\system32\CI.dll => Invisible on the disk ADDRESS : 0x00CA8000 SIZE : 768.0 Ko DRIVER : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk ADDRESS : 0x00E52000 SIZE : 656.0 Ko DRIVER : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk ADDRESS : 0x00EF6000 SIZE : 60.0 Ko DRIVER : C:\Windows\system32\drivers\ACPI.sys => Invisible on the disk ADDRESS : 0x00F05000 SIZE : 348.0 Ko DRIVER : C:\Windows\system32\drivers\WMILIB.SYS => Invisible on the disk ADDRESS : 0x00F5C000 SIZE : 36.0 Ko DRIVER : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the disk ADDRESS : 0x00F65000 SIZE : 40.0 Ko DRIVER : C:\Windows\system32\drivers\pci.sys => Invisible on the disk ADDRESS : 0x00F6F000 SIZE : 204.0 Ko DRIVER : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the disk ADDRESS : 0x00FA2000 SIZE : 52.0 Ko DRIVER : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk ADDRESS : 0x00FAF000 SIZE : 84.0 Ko DRIVER : C:\Windows\system32\drivers\volmgr.sys => Invisible on the disk ADDRESS : 0x00FC4000 SIZE : 84.0 Ko DRIVER : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk ADDRESS : 0x00D68000 SIZE : 368.0 Ko DRIVER : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk ADDRESS : 0x00FD9000 SIZE : 104.0 Ko DRIVER : C:\Windows\system32\drivers\amd_sata.sys => Invisible on the disk ADDRESS : 0x00E00000 SIZE : 88.0 Ko DRIVER : C:\Windows\system32\drivers\storport.sys => Invisible on the disk ADDRESS : 0x0104C000 SIZE : 396.0 Ko DRIVER : C:\Windows\system32\drivers\amd_xata.sys => Invisible on the disk ADDRESS : 0x010AF000 SIZE : 52.0 Ko DRIVER : C:\Windows\system32\drivers\amdxata.sys => Invisible on the disk ADDRESS : 0x010BC000 SIZE : 44.0 Ko DRIVER : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk ADDRESS : 0x010C7000 SIZE : 304.0 Ko DRIVER : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk ADDRESS : 0x01113000 SIZE : 80.0 Ko DRIVER : C:\Windows\system32\drivers\mfehidk.sys => Invisible on the disk ADDRESS : 0x01127000 SIZE : 624.0 Ko DRIVER : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk ADDRESS : 0x01224000 SIZE : 1.64 Mo DRIVER : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk ADDRESS : 0x01426000 SIZE : 376.0 Ko DRIVER : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk ADDRESS : 0x01484000 SIZE : 108.0 Ko DRIVER : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk ADDRESS : 0x0149F000 SIZE : 456.0 Ko DRIVER : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk ADDRESS : 0x01511000 SIZE : 68.0 Ko DRIVER : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk ADDRESS : 0x01522000 SIZE : 40.0 Ko DRIVER : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk ADDRESS : 0x0161B000 SIZE : 972.0 Ko DRIVER : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk ADDRESS : 0x0170E000 SIZE : 384.0 Ko DRIVER : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk ADDRESS : 0x0176E000 SIZE : 172.0 Ko DRIVER : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk ADDRESS : 0x01826000 SIZE : 2.02 Mo DRIVER : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk ADDRESS : 0x01A2A000 SIZE : 296.0 Ko DRIVER : C:\Windows\system32\drivers\volsnap.sys => Invisible on the disk ADDRESS : 0x01A74000 SIZE : 304.0 Ko DRIVER : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk ADDRESS : 0x01AC0000 SIZE : 32.0 Ko DRIVER : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk ADDRESS : 0x01AC8000 SIZE : 232.0 Ko DRIVER : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk ADDRESS : 0x01B02000 SIZE : 72.0 Ko DRIVER : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk ADDRESS : 0x01B14000 SIZE : 36.0 Ko DRIVER : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk ADDRESS : 0x01B1D000 SIZE : 232.0 Ko DRIVER : C:\Windows\system32\drivers\disk.sys => Invisible on the disk ADDRESS : 0x01B57000 SIZE : 88.0 Ko DRIVER : C:\Windows\system32\drivers\CLASSPNP.SYS => Invisible on the disk ADDRESS : 0x01B6D000 SIZE : 192.0 Ko DRIVER : C:\Windows\system32\DRIVERS\avgrkx64.sys => Invisible on the disk ADDRESS : 0x01B9D000 SIZE : 48.0 Ko DRIVER : C:\Windows\system32\DRIVERS\avgidseha.sys => Invisible on the disk ADDRESS : 0x01BA9000 SIZE : 40.0 Ko DRIVER : C:\Windows\system32\drivers\AtiPcie64.sys => Invisible on the disk ADDRESS : 0x01BB3000 SIZE : 32.0 Ko DRIVER : C:\Windows\system32\DRIVERS\cdrom.sys => Invisible on the disk ADDRESS : 0x01799000 SIZE : 168.0 Ko DRIVER : C:\Windows\system32\DRIVERS\avgmfx64.sys => Invisible on the disk ADDRESS : 0x01800000 SIZE : 64.0 Ko DRIVER : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk ADDRESS : 0x01810000 SIZE : 36.0 Ko DRIVER : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk ADDRESS : 0x01819000 SIZE : 28.0 Ko DRIVER : C:\Windows\System32\drivers\vga.sys => Invisible on the disk ADDRESS : 0x017C3000 SIZE : 56.0 Ko DRIVER : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk ADDRESS : 0x017D1000 SIZE : 148.0 Ko DRIVER : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk ADDRESS : 0x01600000 SIZE : 64.0 Ko DRIVER : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk ADDRESS : 0x01610000 SIZE : 36.0 Ko DRIVER : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk ADDRESS : 0x017F6000 SIZE : 36.0 Ko DRIVER : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk ADDRESS : 0x0152C000 SIZE : 36.0 Ko DRIVER : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk ADDRESS : 0x01535000 SIZE : 44.0 Ko DRIVER : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk ADDRESS : 0x01540000 SIZE : 68.0 Ko DRIVER : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk ADDRESS : 0x01551000 SIZE : 136.0 Ko DRIVER : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk ADDRESS : 0x01573000 SIZE : 52.0 Ko DRIVER : C:\Windows\system32\DRIVERS\avgtdia.sys => Invisible on the disk ADDRESS : 0x01580000 SIZE : 388.0 Ko DRIVER : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk ADDRESS : 0x01000000 SIZE : 276.0 Ko DRIVER : C:\Windows\system32\drivers\afd.sys => Invisible on the disk ADDRESS : 0x02E67000 SIZE : 548.0 Ko DRIVER : C:\Windows\system32\drivers\ws2ifsl.sys => Invisible on the disk ADDRESS : 0x02EF0000 SIZE : 44.0 Ko DRIVER : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk ADDRESS : 0x02EFB000 SIZE : 36.0 Ko DRIVER : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk ADDRESS : 0x02F04000 SIZE : 152.0 Ko DRIVER : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk ADDRESS : 0x02F2A000 SIZE : 60.0 Ko DRIVER : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk ADDRESS : 0x02F39000 SIZE : 108.0 Ko DRIVER : C:\Windows\system32\drivers\termdd.sys => Invisible on the disk ADDRESS : 0x02F54000 SIZE : 80.0 Ko DRIVER : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk ADDRESS : 0x02F68000 SIZE : 324.0 Ko DRIVER : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk ADDRESS : 0x02FB9000 SIZE : 48.0 Ko DRIVER : C:\Windows\system32\drivers\mssmbios.sys => Invisible on the disk ADDRESS : 0x02FC5000 SIZE : 44.0 Ko DRIVER : C:\Windows\System32\drivers\discache.sys => Invisible on the disk ADDRESS : 0x02FD0000 SIZE : 60.0 Ko DRIVER : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk ADDRESS : 0x02FDF000 SIZE : 120.0 Ko DRIVER : C:\Windows\system32\drivers\blbdrive.sys => Invisible on the disk ADDRESS : 0x02E00000 SIZE : 68.0 Ko DRIVER : C:\Windows\system32\DRIVERS\avgldx64.sys => Invisible on the disk ADDRESS : 0x02E11000 SIZE : 300.0 Ko DRIVER : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk ADDRESS : 0x01400000 SIZE : 152.0 Ko DRIVER : C:\Windows\system32\drivers\amdppm.sys => Invisible on the disk ADDRESS : 0x015E1000 SIZE : 84.0 Ko DRIVER : C:\Windows\system32\DRIVERS\atikmpag.sys => Invisible on the disk ADDRESS : 0x011C3000 SIZE : 236.0 Ko DRIVER : C:\Windows\system32\DRIVERS\atikmdag.sys => Invisible on the disk ADDRESS : 0x04A9C000 SIZE : 6.79 Mo DRIVER : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk ADDRESS : 0x040D6000 SIZE : 976.0 Ko DRIVER : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk ADDRESS : 0x04000000 SIZE : 280.0 Ko DRIVER : C:\Windows\system32\DRIVERS\HDAudBus.sys => Invisible on the disk ADDRESS : 0x04046000 SIZE : 144.0 Ko DRIVER : C:\Windows\system32\DRIVERS\Rt64win7.sys => Invisible on the disk ADDRESS : 0x0406A000 SIZE : 412.0 Ko DRIVER : C:\Windows\system32\DRIVERS\usbohci.sys => Invisible on the disk ADDRESS : 0x041CA000 SIZE : 44.0 Ko DRIVER : C:\Windows\system32\DRIVERS\USBPORT.SYS => Invisible on the disk ADDRESS : 0x05167000 SIZE : 344.0 Ko DRIVER : C:\Windows\system32\drivers\usbfilter.sys => Invisible on the disk ADDRESS : 0x041D5000 SIZE : 52.0 Ko DRIVER : C:\Windows\system32\DRIVERS\usbehci.sys => Invisible on the disk ADDRESS : 0x041E2000 SIZE : 68.0 Ko DRIVER : C:\Windows\system32\drivers\wmiacpi.sys => Invisible on the disk ADDRESS : 0x041F3000 SIZE : 36.0 Ko DRIVER : C:\Windows\system32\drivers\CompositeBus.sys => Invisible on the disk ADDRESS : 0x051BD000 SIZE : 64.0 Ko DRIVER : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk ADDRESS : 0x051CD000 SIZE : 88.0 Ko DRIVER : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk ADDRESS : 0x04A00000 SIZE : 144.0 Ko DRIVER : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk ADDRESS : 0x04A24000 SIZE : 48.0 Ko DRIVER : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk ADDRESS : 0x04A30000 SIZE : 188.0 Ko DRIVER : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk ADDRESS : 0x04A5F000 SIZE : 108.0 Ko DRIVER : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk ADDRESS : 0x04A7A000 SIZE : 132.0 Ko DRIVER : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk ADDRESS : 0x051E3000 SIZE : 104.0 Ko DRIVER : C:\Windows\system32\DRIVERS\kbdclass.sys => Invisible on the disk ADDRESS : 0x013C7000 SIZE : 60.0 Ko DRIVER : C:\Windows\system32\DRIVERS\mouclass.sys => Invisible on the disk ADDRESS : 0x013D6000 SIZE : 60.0 Ko DRIVER : C:\Windows\system32\drivers\swenum.sys => Invisible on the disk ADDRESS : 0x041FC000 SIZE : 8.0 Ko DRIVER : C:\Windows\system32\drivers\ks.sys => Invisible on the disk ADDRESS : 0x04439000 SIZE : 268.0 Ko DRIVER : C:\Windows\system32\DRIVERS\umbus.sys => Invisible on the disk ADDRESS : 0x0447C000 SIZE : 72.0 Ko DRIVER : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the disk ADDRESS : 0x0448E000 SIZE : 360.0 Ko DRIVER : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk ADDRESS : 0x044E8000 SIZE : 84.0 Ko DRIVER : C:\Windows\system32\drivers\HdAudio.sys => Invisible on the disk ADDRESS : 0x044FD000 SIZE : 368.0 Ko DRIVER : C:\Windows\system32\drivers\portcls.sys => Invisible on the disk ADDRESS : 0x04559000 SIZE : 244.0 Ko DRIVER : C:\Windows\system32\drivers\drmk.sys => Invisible on the disk ADDRESS : 0x04596000 SIZE : 136.0 Ko DRIVER : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk ADDRESS : 0x045B8000 SIZE : 24.0 Ko DRIVER : C:\Windows\system32\drivers\RTKVHD64.sys => Invisible on the disk ADDRESS : 0x06675000 SIZE : 2.44 Mo DRIVER : C:\Windows\system32\DRIVERS\cdfs.sys => Invisible on the disk ADDRESS : 0x068E6000 SIZE : 116.0 Ko DRIVER : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk ADDRESS : 0x06903000 SIZE : 116.0 Ko DRIVER : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the disk ADDRESS : 0x06920000 SIZE : 8.0 Ko DRIVER : C:\Windows\system32\DRIVERS\HIDPARSE.SYS => Invisible on the disk ADDRESS : 0x06949000 SIZE : 36.0 Ko DRIVER : C:\Windows\system32\DRIVERS\USBSTOR.SYS => Invisible on the disk ADDRESS : 0x0696D000 SIZE : 108.0 Ko DRIVER : C:\Windows\system32\DRIVERS\usbprint.sys => Invisible on the disk ADDRESS : 0x06988000 SIZE : 48.0 Ko DRIVER : C:\Windows\system32\DRIVERS\usbscan.sys => Invisible on the disk ADDRESS : 0x06994000 SIZE : 68.0 Ko DRIVER : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk ADDRESS : 0x069A5000 SIZE : 56.0 Ko DRIVER : C:\Windows\System32\Drivers\dump_diskdump.sys => Invisible on the disk ADDRESS : 0x069B3000 SIZE : 40.0 Ko DRIVER : C:\Windows\System32\Drivers\dump_amd_sata.sys => Invisible on the disk ADDRESS : 0x069BD000 SIZE : 88.0 Ko DRIVER : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk ADDRESS : 0x069D3000 SIZE : 76.0 Ko DRIVER : C:\Windows\System32\win32k.sys => Invisible on the disk ADDRESS : 0x00030000 SIZE : 3.08 Mo DRIVER : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk ADDRESS : 0x069E6000 SIZE : 48.0 Ko DRIVER : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the disk ADDRESS : 0x069F2000 SIZE : 56.0 Ko DRIVER : C:\Windows\System32\TSDDD.dll => Invisible on the disk ADDRESS : 0x00510000 SIZE : 40.0 Ko DRIVER : C:\Windows\System32\cdd.dll => Invisible on the disk ADDRESS : 0x007C0000 SIZE : 156.0 Ko DRIVER : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk ADDRESS : 0x06600000 SIZE : 140.0 Ko DRIVER : C:\Windows\system32\DRIVERS\Sftvollh.sys => Invisible on the disk ADDRESS : 0x06623000 SIZE : 44.0 Ko DRIVER : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the disk ADDRESS : 0x0662E000 SIZE : 132.0 Ko DRIVER : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the disk ADDRESS : 0x0664F000 SIZE : 84.0 Ko DRIVER : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the disk ADDRESS : 0x03C68000 SIZE : 332.0 Ko DRIVER : C:\Windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk ADDRESS : 0x03CBB000 SIZE : 76.0 Ko DRIVER : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the disk ADDRESS : 0x03CCE000 SIZE : 96.0 Ko DRIVER : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk ADDRESS : 0x03CE6000 SIZE : 804.0 Ko DRIVER : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk ADDRESS : 0x03DAF000 SIZE : 120.0 Ko DRIVER : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk ADDRESS : 0x03DCD000 SIZE : 96.0 Ko DRIVER : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk ADDRESS : 0x03C00000 SIZE : 180.0 Ko DRIVER : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk ADDRESS : 0x05631000 SIZE : 312.0 Ko DRIVER : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk ADDRESS : 0x0567F000 SIZE : 144.0 Ko DRIVER : C:\Windows\system32\DRIVERS\avgidsfiltera.sys => Invisible on the disk ADDRESS : 0x056A3000 SIZE : 44.0 Ko DRIVER : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk ADDRESS : 0x056AE000 SIZE : 664.0 Ko DRIVER : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the disk ADDRESS : 0x05754000 SIZE : 44.0 Ko DRIVER : C:\Windows\system32\DRIVERS\Sftfslh.sys => Invisible on the disk ADDRESS : 0x0828B000 SIZE : 772.0 Ko DRIVER : C:\Windows\system32\DRIVERS\Sftplaylh.sys => Invisible on the disk ADDRESS : 0x0834C000 SIZE : 308.0 Ko DRIVER : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk ADDRESS : 0x08399000 SIZE : 196.0 Ko DRIVER : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk ADDRESS : 0x083CA000 SIZE : 72.0 Ko DRIVER : C:\Windows\system32\DRIVERS\avgidsdrivera.sys => Invisible on the disk ADDRESS : 0x08200000 SIZE : 176.0 Ko DRIVER : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk ADDRESS : 0x0575F000 SIZE : 420.0 Ko DRIVER : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk ADDRESS : 0x09226000 SIZE : 608.0 Ko DRIVER : C:\Windows\system32\DRIVERS\Sftredirlh.sys => Invisible on the disk ADDRESS : 0x092BE000 SIZE : 44.0 Ko DRIVER : C:\Windows\system32\DRIVERS\WUDFRd.sys => Invisible on the disk ADDRESS : 0x092C9000 SIZE : 196.0 Ko DRIVER : C:\Windows\system32\DRIVERS\hidusb.sys => Invisible on the disk ADDRESS : 0x0936B000 SIZE : 56.0 Ko DRIVER : C:\Windows\system32\DRIVERS\HIDCLASS.SYS => Invisible on the disk ADDRESS : 0x09379000 SIZE : 100.0 Ko DRIVER : C:\Windows\system32\DRIVERS\kbdhid.sys => Invisible on the disk ADDRESS : 0x09392000 SIZE : 56.0 Ko DRIVER : C:\Windows\system32\DRIVERS\mouhid.sys => Invisible on the disk ADDRESS : 0x093A0000 SIZE : 52.0 Ko DRIVER : C:\Windows\System32\smss.exe => Invisible on the disk ADDRESS : 0x47820000 SIZE : 128.0 Ko BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020) SystemStartOptions : NOEXECUTE=OPTIN ________________________________________________________________________________ _____FAKED \Device\Harddisk0\DR0 0x00000000 33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00 3À.м.|.À.ؾ.|¿. 0x00000010 06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00 .¹..üó¤Ph..Ëû¹.. 0x00000020 BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10 ½¾..~..|......Å. 0x00000030 E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00 âñÍ..V.UÆF..ÆF.. 0x00000040 B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09 ´A»ªUÍ.]r..ûUªu. 0x00000050 F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74 ÷Á..t.þF.f`.~..t 0x00000060 26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00 &fh....f.v.h..h. 0x00000070 7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13 |h..h..´B.V..ôÍ. 0x00000080 9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00 ..Ä..Ë.¸..».|.V. 0x00000090 8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE .v..N..n.Í.fas.þ 0x000000A0 4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84 N.u..~......².Ë. 0x000000B0 55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55 U2Ä.V.Í.]Ë..>þ}U 0x000000C0 AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64 ªun.v.è..u.ú°ñÆd 0x000000D0 E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75 è..°ßÆ`è|.°.Ædèu 0x000000E0 00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54 .û¸.»Í.f#Àu;f.ûT 0x000000F0 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00 CPAu2.ù..r,fh.». 0x00000100 00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66 .fh....fh....fSf 0x00000110 53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66 SfUfh....fh.|..f 0x00000120 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD ah...Í.Z2öê.|..Í 0x00000130 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4 ..·.Ë..¶.Ë..µ.2Ä 0x00000140 05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD ....Ь<.t.»..´.Í 0x00000150 10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8 .ËòôËý+ÉÄdË.$.ÀØ 0x00000160 24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 $.ÃInvalid parti 0x00000170 74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 tion table.Error 0x00000180 20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 loading operati 0x00000190 6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E ng system.Missin 0x000001A0 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst 0x000001B0 65 6D 00 00 00 63 7B 9A 26 59 A2 C2 00 00 80 FE em...c{.&Y¢â...þ 0x000001C0 FF FF 07 FE FF FF 00 68 FD 0C 00 60 09 00 00 00 ...þ...hý..`.... 0x000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª __ORIGINAL \Device\Harddisk0\DR0 0x00000000 33 C0 8E D0 BC 00 7C FB 8E C0 8E D8 8B F4 BF 00 3À.м.|û.À.Ø.ô¿. 0x00000010 06 B9 00 02 FC F3 A4 EA 60 06 00 00 00 00 00 00 .¹..üó¤ê`....... 0x00000020 52 65 63 6F 76 65 72 79 4D 67 72 20 00 40 0B 73 RecoveryMgr .@.s 0x00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0D 0A ................ 0x00000050 00 00 00 00 57 00 00 00 FF FF FF FF FF FF FF FF ....W........... 0x00000060 86 4C BD BE 30 06 AC B4 0E 33 DB CD 10 0A C0 75 .L½¾0.¬´.3ûÍ..Àu 0x00000070 F5 E3 0B FE 06 13 06 53 53 E8 70 00 EB 39 B4 11 õÃ.þ...SSèp.Ë9´. 0x00000080 CD 16 74 2D B4 10 CD 16 80 FC 85 75 F1 3C 00 75 Í.t-´.Í..ü.uñ<.u 0x00000090 ED EB 24 8B 16 6C 04 FA 66 A1 1C 06 BF 54 06 B1 ÍË$..l.úf¡..¿T.± 0x000000A0 03 F2 66 AF FB 3D 00 00 6C 04 2B C2 83 F8 24 76 .òf¯û=..l.+â.Ø$v 0x000000B0 E6 B0 01 84 C0 75 1C BB C6 7D 66 8B 37 66 8B 3E Æ°..Àu.»Æ}f.7f.> 0x000000C0 2C 06 66 3B F7 74 07 80 C3 10 73 EE EB 05 BB 28 ,.f;÷t..Ã.sîË.»( 0x000000D0 06 EB 10 BB C2 7D 80 7F FC 00 78 07 80 C3 10 73 .Ë.»â}..ü.x..Ã.s 0x000000E0 F5 EB FE 66 FF 77 04 E8 02 00 FF E4 C8 10 00 00 õËþf.w.è...Äè... 0x000000F0 B4 08 B2 80 CD 13 8A C1 24 3F FE C6 8A D8 F6 E6 ´.².Í..Á$?þÆ.ØöÆ 0x00000100 C0 E9 06 86 CD 41 91 F7 E1 39 56 06 8B 56 06 8B ÀÉ..ÍA.÷Á9V..V.. 0x00000110 46 04 73 1C F7 F1 91 92 F6 F3 86 CD C0 E1 06 02 F.s.÷ñ..öó.ÍÀÁ.. 0x00000120 CC 41 8A F0 B8 01 02 BB 00 7C 86 26 13 06 EB 14 ÌA.и..».|.&..Ë. 0x00000130 83 C4 10 0E 0E 52 50 0E 68 00 7C 6A 01 6A 10 8B .Ä...RP.h.|j.j.. 0x00000140 F4 B8 00 42 B2 80 CD 13 C9 C2 04 00 1E 50 53 0E ô¸.B².Í.Éâ...PS. 0x00000150 1F BB 1B 06 A0 17 04 24 0F 88 47 04 E4 60 3C E0 .».....$..G.Ä`<À 0x00000160 74 1A 3C 1D 74 10 3C 2A 74 0C 3C 36 74 08 3C 38 t.<.t.<*t.<6t.<8 0x00000170 74 04 84 C0 79 06 66 83 27 00 EB 06 FE 07 02 1F t..Ày.f.'.Ë.þ... 0x00000180 88 07 5B 58 1F EA 00 00 00 00 00 00 00 00 00 00 ..[X.ê.......... 0x00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x000001B0 00 00 00 00 00 00 00 00 0D 59 A2 C2 00 00 80 20 .........Y¢â... 0x000001C0 21 00 07 DF 13 0C 00 08 00 00 00 20 03 00 00 DF !..ß....... ...ß 0x000001D0 14 0C 07 FE FF FF 00 28 03 00 00 18 08 73 00 FE ...þ...(.....s.þ 0x000001E0 FF FF 07 FE FF FF 00 40 0B 73 00 20 65 01 00 00 ...þ...@.s. e... 0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª

ListParts by Farbar Version: 12-03-2012 03 Ran by Aug-11 (administrator) on 06-04-2012 at 21:05:31 Windows 7 (X64) Running From: C:\Users\Aug-11\Desktop Language: 0409 ************************************************************ ========================= Memory info ====================== Percentage of memory in use: 44% Total physical RAM: 5887.29 MB Available physical RAM: 3291.63 MB Total Pagefile: 11772.76 MB Available Pagefile: 7486.71 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: (OS) (Fixed) (Total:920.25 GB) (Free:720.81 GB) NTFS 2 Drive d: (HP_RECOVERY) (Fixed) (Total:11.16 GB) (Free:1.36 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 931 GB 0 B Disk 1 No Media 0 B 0 B Disk 2 No Media 0 B 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Disk 5 No Media 0 B 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 920 GB 101 MB Partition 3 Primary 11 GB 920 GB ====================================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 SYSTEM NTFS Partition 100 MB Healthy System (partition with boot components) ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 920 GB Healthy Boot ====================================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 D HP_RECOVERY NTFS Partition 11 GB Healthy ====================================================================================================== ****** End Of Log ******

will do... post back shortly. thanks.

ok, i don't get it. i don't have any drives plugged in. only 3 usb are currently in - mouse, keyboard and printer. i ran it again after i double checked just to make sure and it still shows those... RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Aug-11 [Admin rights] Mode: Scan -- Date: 04/06/2012 17:23:10 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 3 ¤¤¤ [sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}.job @ : C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST310005 28AS SATA Disk Device +++++ --- User --- [MBR] 4664794ea9b3e1381cc1903ffa268820 [bSP] 4380b6c166e94d201c68450087fc3aec : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942339 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930117120 | Size: 11428 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] 58e87bbccbddc74daba40b61bbf22a8a [bSP] 774670e719613688107af143ed71084f : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 217933824 | Size: 300 Mo +++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[13].txt >> RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt

ok, maybe my isp has their stuff fixed as i was able to get on google and bing etc this morning. no redirects on either. everything looks good to me. (but hey, i can't even post in the right thread 1/2 the time, so what do i know ) let me know if you see anything else that need taken care of and one more time... thanks so much for your help! scott

seems to be running ok, but until my isp gets there issue fixed i can't get on google or bing to test the redirect problem. when i called my isp today they said check back with them tomorrow. so i will have to wait and see on that. i just did a reboot. downloaded and ran a new roguekill. still says infected... RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo...13-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Aug-11 [Admin rights] Mode: Scan -- Date: 04/05/2012 20:57:05 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 3 ¤¤¤ [sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}.job @ : C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST310005 28AS SATA Disk Device +++++ --- User --- [MBR] 4664794ea9b3e1381cc1903ffa268820 [bSP] 4380b6c166e94d201c68450087fc3aec : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942339 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930117120 | Size: 11428 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] 58e87bbccbddc74daba40b61bbf22a8a [bSP] 774670e719613688107af143ed71084f : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 217933824 | Size: 300 Mo +++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[10].txt >> RKreport[10].txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt

Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.04.05.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Aug-11 :: AUG-11-HP [administrator] 4/5/2012 7:21:51 PM mbam-log-2012-04-05 (19-21-51).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 196657 Time elapsed: 2 minute(s), 46 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

All processes killed ========== OTL ========== ========== FILES ========== C:\Users\Aug-11\AppData\Roaming\Adobe\Flash Player\NativeCache\F0928C8124B77479D780B2CCBD010F48\60014acf\adobecp-200489-1.dll moved successfully. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Aug-11 ->Java cache emptied: 1611902 bytes User: Default User: Default User User: Public Total Java Files Cleaned = 2.00 mb [EMPTYTEMP] User: All Users User: Aug-11 ->Temp folder emptied: 70287671 bytes ->Temporary Internet Files folder emptied: 2784041 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 71549574 bytes ->Flash cache emptied: 43858 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 107552 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 86591 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67496 bytes RecycleBin emptied: 8523872 bytes Total Files Cleaned = 146.00 mb OTL by OldTimer - Version 3.2.39.2 log created on 04052012_191255 Files\Folders moved on Reboot... C:\Users\Aug-11\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Users\Aug-11\AppData\Local\Temp\~DF21C7AB11FCF23389.TMP not found! File\Folder C:\Users\Aug-11\AppData\Local\Temp\~DF5A72F4F6284379F6.TMP not found! File\Folder C:\Users\Aug-11\AppData\Local\Temp\~DF76610AE0378C0753.TMP not found! File\Folder C:\Users\Aug-11\AppData\Local\Temp\~DF953FA3D4F577B63B.TMP not found! File\Folder C:\Users\Aug-11\AppData\Local\Temp\~DF97826647707B84BF.TMP not found! File\Folder C:\Users\Aug-11\AppData\Local\Temp\~DF981A2E6ACEE9004A.TMP not found! File\Folder C:\Users\Aug-11\AppData\Local\Temp\~DFB7D1DB8B8D46AAA0.TMP not found! File\Folder C:\Users\Aug-11\AppData\Local\Temp\~DFF3097A9AC1671B61.TMP not found! File\Folder C:\Users\Aug-11\AppData\Local\Temp\~DFF3F700904D8E53DA.TMP not found! File\Folder C:\Users\Aug-11\AppData\Local\Temp\~DFF74D28587EC0363A.TMP not found! Registry entries deleted on Reboot...

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-04-05 18:11:05 ----------------------------- 18:11:05.256 OS Version: Windows x64 6.1.7601 Service Pack 1 18:11:05.256 Number of processors: 4 586 0x503 18:11:05.257 ComputerName: AUG-11-HP UserName: Aug-11 18:11:08.721 Initialize success 18:12:13.733 AVAST engine defs: 12040501 18:12:25.761 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005a 18:12:25.763 Disk 0 Vendor: ST310005 HP40 Size: 953869MB BusType: 11 18:12:25.805 Disk 0 MBR read successfully 18:12:25.807 Disk 0 MBR scan 18:12:25.811 Disk 0 unknown MBR code 18:12:25.881 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 18:12:25.927 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942339 MB offset 206848 18:12:25.953 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11428 MB offset 1930117120 18:12:25.999 Disk 0 scanning C:\Windows\system32\drivers 18:12:38.495 Service scanning 18:12:56.637 Modules scanning 18:12:56.642 Disk 0 trace - called modules: 18:12:56.667 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys 18:12:56.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f3d790] 18:12:56.675 3 CLASSPNP.SYS[fffff880019b043f] -> nt!IofCallDriver -> [0xfffffa80059e2ac0] 18:12:56.679 5 amd_xata.sys[fffff88000fde8b4] -> nt!IofCallDriver -> \Device\0000005a[0xfffffa80059db9c0] 18:13:02.333 AVAST engine scan C:\Windows 18:13:06.545 AVAST engine scan C:\Windows\system32 18:18:30.009 AVAST engine scan C:\Windows\system32\drivers 18:18:59.880 AVAST engine scan C:\Users\Aug-11 18:22:39.966 File: C:\Users\Aug-11\AppData\Roaming\Adobe\Flash Player\NativeCache\F0928C8124B77479D780B2CCBD010F48\60014acf\adobecp-200489-1.dll **INFECTED** Win32:Malware-gen 18:23:02.438 File: C:\Users\Aug-11\Desktop\RK_Quarantine\hrapr.dll.vir **INFECTED** Win32:MalOb-KF [Cryp] 18:28:55.208 AVAST engine scan C:\ProgramData 18:30:12.860 Scan finished successfully 18:30:31.221 Disk 0 MBR has been saved successfully to "C:\Users\Aug-11\Desktop\MBR.dat" 18:30:31.226 The log file has been saved successfully to "C:\Users\Aug-11\Desktop\aswMBR.txt" MBR.dat.zip

RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo...13-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Aug-11 [Admin rights] Mode: Scan -- Date: 04/05/2012 14:17:16 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 3 ¤¤¤ [sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}.job @ : C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST310005 28AS SATA Disk Device +++++ --- User --- [MBR] 4664794ea9b3e1381cc1903ffa268820 [bSP] 4380b6c166e94d201c68450087fc3aec : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942339 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930117120 | Size: 11428 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] 58e87bbccbddc74daba40b61bbf22a8a [bSP] 774670e719613688107af143ed71084f : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 217933824 | Size: 300 Mo +++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[8].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt

14:08:05.0304 4124 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02 14:08:05.0676 4124 ============================================================ 14:08:05.0676 4124 Current date / time: 2012/04/05 14:08:05.0676 14:08:05.0676 4124 SystemInfo: 14:08:05.0676 4124 14:08:05.0676 4124 OS Version: 6.1.7601 ServicePack: 1.0 14:08:05.0676 4124 Product type: Workstation 14:08:05.0676 4124 ComputerName: AUG-11-HP 14:08:05.0677 4124 UserName: Aug-11 14:08:05.0677 4124 Windows directory: C:\Windows 14:08:05.0677 4124 System windows directory: C:\Windows 14:08:05.0677 4124 Running under WOW64 14:08:05.0677 4124 Processor architecture: Intel x64 14:08:05.0677 4124 Number of processors: 4 14:08:05.0677 4124 Page size: 0x1000 14:08:05.0677 4124 Boot type: Normal boot 14:08:05.0677 4124 ============================================================ 14:08:08.0156 4124 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 14:08:08.0252 4124 \Device\Harddisk0\DR0: 14:08:08.0252 4124 MBR used 14:08:08.0252 4124 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 14:08:08.0252 4124 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x73081800 14:08:08.0252 4124 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x730B4000, BlocksNum 0x1652000 14:08:08.0330 4124 Initialize success 14:08:08.0330 4124 ============================================================ 14:09:48.0132 4940 ============================================================ 14:09:48.0132 4940 Scan started 14:09:48.0132 4940 Mode: Manual; SigCheck; TDLFS; 14:09:48.0132 4940 ============================================================ 14:09:49.0084 4940 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 14:09:49.0162 4940 1394ohci - ok 14:09:49.0193 4940 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 14:09:49.0209 4940 ACPI - ok 14:09:49.0224 4940 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 14:09:49.0302 4940 AcpiPmi - ok 14:09:49.0380 4940 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 14:09:49.0396 4940 adp94xx - ok 14:09:49.0427 4940 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 14:09:49.0443 4940 adpahci - ok 14:09:49.0521 4940 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 14:09:49.0536 4940 adpu320 - ok 14:09:49.0646 4940 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 14:09:49.0708 4940 AeLookupSvc - ok 14:09:49.0770 4940 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 14:09:49.0802 4940 AFD - ok 14:09:49.0942 4940 AffinegyService (b29bc445561f1ac7b1daf67af954c36b) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe 14:09:49.0958 4940 AffinegyService - ok 14:09:50.0020 4940 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 14:09:50.0036 4940 agp440 - ok 14:09:50.0051 4940 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 14:09:50.0067 4940 ALG - ok 14:09:50.0129 4940 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 14:09:50.0145 4940 aliide - ok 14:09:50.0176 4940 AMD External Events Utility (ca0d6c1390f4b3baf2a0a69d1a7f8332) C:\Windows\system32\atiesrxx.exe 14:09:50.0192 4940 AMD External Events Utility - ok 14:09:50.0207 4940 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 14:09:50.0223 4940 amdide - ok 14:09:50.0238 4940 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 14:09:50.0270 4940 AmdK8 - ok 14:09:50.0379 4940 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys 14:09:50.0535 4940 amdkmdag - ok 14:09:50.0566 4940 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys 14:09:50.0582 4940 amdkmdap - ok 14:09:50.0660 4940 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys 14:09:50.0675 4940 AmdPPM - ok 14:09:50.0738 4940 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 14:09:50.0753 4940 amdsata - ok 14:09:50.0800 4940 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 14:09:50.0816 4940 amdsbs - ok 14:09:50.0831 4940 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 14:09:50.0847 4940 amdxata - ok 14:09:50.0862 4940 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\Windows\system32\drivers\amd_sata.sys 14:09:50.0878 4940 amd_sata - ok 14:09:50.0909 4940 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\Windows\system32\drivers\amd_xata.sys 14:09:50.0925 4940 amd_xata - ok 14:09:50.0987 4940 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 14:09:51.0034 4940 AppID - ok 14:09:51.0050 4940 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 14:09:51.0096 4940 AppIDSvc - ok 14:09:51.0143 4940 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 14:09:51.0174 4940 Appinfo - ok 14:09:51.0252 4940 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 14:09:51.0284 4940 arc - ok 14:09:51.0299 4940 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 14:09:51.0315 4940 arcsas - ok 14:09:51.0393 4940 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 14:09:51.0408 4940 aspnet_state - ok 14:09:51.0424 4940 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 14:09:51.0486 4940 AsyncMac - ok 14:09:51.0518 4940 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 14:09:51.0549 4940 atapi - ok 14:09:51.0611 4940 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\drivers\AtiPcie64.sys 14:09:51.0627 4940 AtiPcie - ok 14:09:51.0642 4940 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 14:09:51.0674 4940 AudioEndpointBuilder - ok 14:09:51.0689 4940 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 14:09:51.0720 4940 AudioSrv - ok 14:09:51.0892 4940 AVGIDSAgent (f5689fba4360be50839999882e0a9d99) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe 14:09:52.0001 4940 AVGIDSAgent - ok 14:09:52.0095 4940 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys 14:09:52.0110 4940 AVGIDSDriver - ok 14:09:52.0142 4940 AVGIDSEH (9650578c511527e218328df6d311b4fa) C:\Windows\system32\DRIVERS\avgidseha.sys 14:09:52.0157 4940 AVGIDSEH - ok 14:09:52.0173 4940 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys 14:09:52.0173 4940 AVGIDSFilter - ok 14:09:52.0235 4940 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys 14:09:52.0251 4940 Avgldx64 - ok 14:09:52.0266 4940 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys 14:09:52.0298 4940 Avgmfx64 - ok 14:09:52.0329 4940 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys 14:09:52.0344 4940 Avgrkx64 - ok 14:09:52.0391 4940 Avgtdia (e601444168adfb78afa22a1e270d9253) C:\Windows\system32\DRIVERS\avgtdia.sys 14:09:52.0407 4940 Avgtdia - ok 14:09:52.0438 4940 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe 14:09:52.0438 4940 avgwd - ok 14:09:52.0516 4940 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 14:09:52.0547 4940 AxInstSV - ok 14:09:52.0610 4940 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 14:09:52.0641 4940 b06bdrv - ok 14:09:52.0734 4940 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 14:09:52.0766 4940 b57nd60a - ok 14:09:52.0828 4940 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 14:09:52.0890 4940 BDESVC - ok 14:09:52.0922 4940 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 14:09:52.0968 4940 Beep - ok 14:09:53.0031 4940 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 14:09:53.0078 4940 BFE - ok 14:09:53.0156 4940 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll 14:09:53.0218 4940 BITS - ok 14:09:53.0265 4940 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys 14:09:53.0296 4940 blbdrive - ok 14:09:53.0327 4940 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 14:09:53.0343 4940 bowser - ok 14:09:53.0374 4940 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 14:09:53.0390 4940 BrFiltLo - ok 14:09:53.0436 4940 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 14:09:53.0468 4940 BrFiltUp - ok 14:09:53.0546 4940 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 14:09:53.0592 4940 BridgeMP - ok 14:09:53.0639 4940 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 14:09:53.0686 4940 Browser - ok 14:09:53.0702 4940 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 14:09:53.0733 4940 Brserid - ok 14:09:53.0764 4940 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 14:09:53.0795 4940 BrSerWdm - ok 14:09:53.0811 4940 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 14:09:53.0826 4940 BrUsbMdm - ok 14:09:53.0858 4940 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 14:09:53.0889 4940 BrUsbSer - ok 14:09:53.0904 4940 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 14:09:53.0920 4940 BTHMODEM - ok 14:09:53.0967 4940 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 14:09:53.0998 4940 bthserv - ok 14:09:54.0138 4940 CarboniteService (9da7d983b4e9ea2d065edf566ca64fc8) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe 14:09:54.0216 4940 CarboniteService - ok 14:09:54.0248 4940 catchme - ok 14:09:54.0279 4940 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 14:09:54.0310 4940 cdfs - ok 14:09:54.0372 4940 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 14:09:54.0419 4940 cdrom - ok 14:09:54.0466 4940 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 14:09:54.0497 4940 CertPropSvc - ok 14:09:54.0638 4940 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 14:09:54.0684 4940 circlass - ok 14:09:54.0747 4940 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 14:09:54.0762 4940 CLFS - ok 14:09:54.0794 4940 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:09:54.0825 4940 clr_optimization_v2.0.50727_32 - ok 14:09:54.0887 4940 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 14:09:54.0903 4940 clr_optimization_v2.0.50727_64 - ok 14:09:54.0950 4940 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:09:54.0965 4940 clr_optimization_v4.0.30319_32 - ok 14:09:54.0996 4940 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 14:09:55.0012 4940 clr_optimization_v4.0.30319_64 - ok 14:09:55.0043 4940 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys 14:09:55.0074 4940 CmBatt - ok 14:09:55.0106 4940 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 14:09:55.0121 4940 cmdide - ok 14:09:55.0137 4940 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 14:09:55.0168 4940 CNG - ok 14:09:55.0184 4940 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys 14:09:55.0199 4940 Compbatt - ok 14:09:55.0262 4940 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 14:09:55.0277 4940 CompositeBus - ok 14:09:55.0293 4940 COMSysApp - ok 14:09:55.0324 4940 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 14:09:55.0340 4940 crcdisk - ok 14:09:55.0355 4940 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 14:09:55.0386 4940 CryptSvc - ok 14:09:55.0464 4940 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 14:09:55.0480 4940 cvhsvc - ok 14:09:55.0511 4940 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 14:09:55.0574 4940 DcomLaunch - ok 14:09:55.0605 4940 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 14:09:55.0652 4940 defragsvc - ok 14:09:55.0714 4940 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 14:09:55.0761 4940 DfsC - ok 14:09:55.0823 4940 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 14:09:55.0854 4940 Dhcp - ok 14:09:55.0870 4940 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 14:09:55.0917 4940 discache - ok 14:09:55.0964 4940 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 14:09:55.0979 4940 Disk - ok 14:09:56.0010 4940 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 14:09:56.0042 4940 Dnscache - ok 14:09:56.0073 4940 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 14:09:56.0104 4940 dot3svc - ok 14:09:56.0120 4940 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 14:09:56.0166 4940 DPS - ok 14:09:56.0213 4940 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 14:09:56.0229 4940 drmkaud - ok 14:09:56.0260 4940 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 14:09:56.0291 4940 DXGKrnl - ok 14:09:56.0322 4940 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 14:09:56.0354 4940 EapHost - ok 14:09:56.0432 4940 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 14:09:56.0510 4940 ebdrv - ok 14:09:56.0556 4940 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 14:09:56.0572 4940 EFS - ok 14:09:56.0603 4940 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 14:09:56.0650 4940 ehRecvr - ok 14:09:56.0650 4940 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 14:09:56.0666 4940 ehSched - ok 14:09:56.0697 4940 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 14:09:56.0728 4940 elxstor - ok 14:09:56.0790 4940 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 14:09:56.0837 4940 ErrDev - ok 14:09:56.0900 4940 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 14:09:56.0946 4940 EventSystem - ok 14:09:56.0962 4940 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 14:09:57.0009 4940 exfat - ok 14:09:57.0024 4940 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 14:09:57.0071 4940 fastfat - ok 14:09:57.0149 4940 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 14:09:57.0180 4940 Fax - ok 14:09:57.0212 4940 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 14:09:57.0258 4940 fdc - ok 14:09:57.0290 4940 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 14:09:57.0321 4940 fdPHost - ok 14:09:57.0336 4940 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 14:09:57.0368 4940 FDResPub - ok 14:09:57.0414 4940 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 14:09:57.0446 4940 FileInfo - ok 14:09:57.0461 4940 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 14:09:57.0492 4940 Filetrace - ok 14:09:57.0508 4940 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 14:09:57.0539 4940 flpydisk - ok 14:09:57.0555 4940 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 14:09:57.0570 4940 FltMgr - ok 14:09:57.0617 4940 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 14:09:57.0680 4940 FontCache - ok 14:09:57.0726 4940 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 14:09:57.0742 4940 FontCache3.0.0.0 - ok 14:09:57.0804 4940 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 14:09:57.0820 4940 FsDepends - ok 14:09:57.0836 4940 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 14:09:57.0836 4940 Fs_Rec - ok 14:09:57.0882 4940 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 14:09:57.0898 4940 fvevol - ok 14:09:57.0929 4940 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 14:09:57.0945 4940 gagp30kx - ok 14:09:58.0023 4940 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 14:09:58.0054 4940 GamesAppService - ok 14:09:58.0085 4940 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 14:09:58.0116 4940 gpsvc - ok 14:09:58.0132 4940 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 14:09:58.0179 4940 hcw85cir - ok 14:09:58.0226 4940 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 14:09:58.0257 4940 HdAudAddService - ok 14:09:58.0304 4940 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys 14:09:58.0319 4940 HDAudBus - ok 14:09:58.0335 4940 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 14:09:58.0366 4940 HidBatt - ok 14:09:58.0366 4940 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 14:09:58.0397 4940 HidBth - ok 14:09:58.0444 4940 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 14:09:58.0460 4940 HidIr - ok 14:09:58.0491 4940 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 14:09:58.0522 4940 hidserv - ok 14:09:58.0553 4940 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 14:09:58.0569 4940 HidUsb - ok 14:09:58.0647 4940 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 14:09:58.0678 4940 hkmsvc - ok 14:09:58.0725 4940 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 14:09:58.0740 4940 HomeGroupListener - ok 14:09:58.0772 4940 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 14:09:58.0803 4940 HomeGroupProvider - ok 14:09:58.0896 4940 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 14:09:58.0896 4940 HP Support Assistant Service - ok 14:09:58.0974 4940 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe 14:09:58.0974 4940 HPClientSvc - ok 14:09:59.0021 4940 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 14:09:59.0021 4940 HPDrvMntSvc.exe - ok 14:09:59.0084 4940 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 14:09:59.0130 4940 hpqwmiex - ok 14:09:59.0193 4940 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 14:09:59.0208 4940 HpSAMD - ok 14:09:59.0286 4940 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 14:09:59.0333 4940 HTTP - ok 14:09:59.0349 4940 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 14:09:59.0349 4940 hwpolicy - ok 14:09:59.0427 4940 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 14:09:59.0458 4940 i8042prt - ok 14:09:59.0505 4940 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 14:09:59.0520 4940 iaStorV - ok 14:09:59.0583 4940 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 14:09:59.0630 4940 idsvc - ok 14:09:59.0786 4940 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys 14:09:59.0988 4940 igfx - ok 14:10:00.0035 4940 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 14:10:00.0051 4940 iirsp - ok 14:10:00.0098 4940 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 14:10:00.0129 4940 IKEEXT - ok 14:10:00.0191 4940 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys 14:10:00.0285 4940 IntcAzAudAddService - ok 14:10:00.0316 4940 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 14:10:00.0332 4940 intelide - ok 14:10:00.0363 4940 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys 14:10:00.0394 4940 intelppm - ok 14:10:00.0441 4940 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 14:10:00.0472 4940 IPBusEnum - ok 14:10:00.0503 4940 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:10:00.0550 4940 IpFilterDriver - ok 14:10:00.0597 4940 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 14:10:00.0659 4940 iphlpsvc - ok 14:10:00.0690 4940 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 14:10:00.0706 4940 IPMIDRV - ok 14:10:00.0722 4940 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 14:10:00.0768 4940 IPNAT - ok 14:10:00.0815 4940 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 14:10:00.0831 4940 IRENUM - ok 14:10:00.0846 4940 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 14:10:00.0862 4940 isapnp - ok 14:10:00.0924 4940 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 14:10:00.0940 4940 iScsiPrt - ok 14:10:00.0956 4940 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 14:10:00.0971 4940 kbdclass - ok 14:10:00.0987 4940 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 14:10:01.0018 4940 kbdhid - ok 14:10:01.0034 4940 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 14:10:01.0049 4940 KeyIso - ok 14:10:01.0065 4940 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 14:10:01.0080 4940 KSecDD - ok 14:10:01.0096 4940 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 14:10:01.0112 4940 KSecPkg - ok 14:10:01.0112 4940 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 14:10:01.0158 4940 ksthunk - ok 14:10:01.0190 4940 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 14:10:01.0252 4940 KtmRm - ok 14:10:01.0268 4940 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll 14:10:01.0299 4940 LanmanServer - ok 14:10:01.0314 4940 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 14:10:01.0377 4940 LanmanWorkstation - ok 14:10:01.0408 4940 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 14:10:01.0439 4940 lltdio - ok 14:10:01.0486 4940 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 14:10:01.0533 4940 lltdsvc - ok 14:10:01.0564 4940 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 14:10:01.0595 4940 lmhosts - ok 14:10:01.0689 4940 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 14:10:01.0704 4940 LSI_FC - ok 14:10:01.0736 4940 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 14:10:01.0751 4940 LSI_SAS - ok 14:10:01.0767 4940 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 14:10:01.0782 4940 LSI_SAS2 - ok 14:10:01.0814 4940 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 14:10:01.0845 4940 LSI_SCSI - ok 14:10:01.0860 4940 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 14:10:01.0892 4940 luafv - ok 14:10:01.0923 4940 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 14:10:01.0938 4940 Mcx2Svc - ok 14:10:01.0970 4940 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 14:10:01.0985 4940 megasas - ok 14:10:02.0001 4940 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 14:10:02.0032 4940 MegaSR - ok 14:10:02.0048 4940 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys 14:10:02.0063 4940 mfeapfk - ok 14:10:02.0141 4940 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys 14:10:02.0172 4940 mfehidk - ok 14:10:02.0219 4940 mfevtp (3ed58a36f7f7d60f0ef44d29810b0b80) C:\Windows\system32\mfevtps.exe 14:10:02.0219 4940 mfevtp - ok 14:10:02.0266 4940 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 14:10:02.0297 4940 MMCSS - ok 14:10:02.0328 4940 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 14:10:02.0375 4940 Modem - ok 14:10:02.0406 4940 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 14:10:02.0422 4940 monitor - ok 14:10:02.0453 4940 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 14:10:02.0469 4940 mouclass - ok 14:10:02.0516 4940 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 14:10:02.0562 4940 mouhid - ok 14:10:02.0625 4940 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 14:10:02.0640 4940 mountmgr - ok 14:10:02.0672 4940 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 14:10:02.0687 4940 mpio - ok 14:10:02.0750 4940 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 14:10:02.0781 4940 mpsdrv - ok 14:10:02.0812 4940 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 14:10:02.0843 4940 MpsSvc - ok 14:10:02.0874 4940 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 14:10:02.0906 4940 MRxDAV - ok 14:10:02.0968 4940 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 14:10:02.0999 4940 mrxsmb - ok 14:10:03.0030 4940 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:10:03.0030 4940 mrxsmb10 - ok 14:10:03.0046 4940 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:10:03.0062 4940 mrxsmb20 - ok 14:10:03.0077 4940 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 14:10:03.0093 4940 msahci - ok 14:10:03.0124 4940 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 14:10:03.0140 4940 msdsm - ok 14:10:03.0155 4940 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 14:10:03.0186 4940 MSDTC - ok 14:10:03.0218 4940 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 14:10:03.0264 4940 Msfs - ok 14:10:03.0264 4940 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 14:10:03.0311 4940 mshidkmdf - ok 14:10:03.0327 4940 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 14:10:03.0342 4940 msisadrv - ok 14:10:03.0405 4940 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 14:10:03.0436 4940 MSiSCSI - ok 14:10:03.0436 4940 msiserver - ok 14:10:03.0483 4940 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 14:10:03.0530 4940 MSKSSRV - ok 14:10:03.0592 4940 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 14:10:03.0639 4940 MSPCLOCK - ok 14:10:03.0670 4940 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 14:10:03.0701 4940 MSPQM - ok 14:10:03.0732 4940 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 14:10:03.0748 4940 MsRPC - ok 14:10:03.0764 4940 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 14:10:03.0764 4940 mssmbios - ok 14:10:03.0795 4940 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 14:10:03.0842 4940 MSTEE - ok 14:10:03.0888 4940 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 14:10:03.0920 4940 MTConfig - ok 14:10:03.0920 4940 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 14:10:03.0935 4940 Mup - ok 14:10:03.0966 4940 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 14:10:03.0998 4940 napagent - ok 14:10:04.0060 4940 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 14:10:04.0076 4940 NativeWifiP - ok 14:10:04.0138 4940 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 14:10:04.0169 4940 NDIS - ok 14:10:04.0200 4940 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 14:10:04.0263 4940 NdisCap - ok 14:10:04.0278 4940 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 14:10:04.0310 4940 NdisTapi - ok 14:10:04.0325 4940 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 14:10:04.0356 4940 Ndisuio - ok 14:10:04.0388 4940 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 14:10:04.0434 4940 NdisWan - ok 14:10:04.0450 4940 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 14:10:04.0481 4940 NDProxy - ok 14:10:04.0497 4940 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 14:10:04.0544 4940 NetBIOS - ok 14:10:04.0606 4940 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 14:10:04.0637 4940 NetBT - ok 14:10:04.0668 4940 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 14:10:04.0684 4940 Netlogon - ok 14:10:04.0731 4940 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 14:10:04.0762 4940 Netman - ok 14:10:04.0856 4940 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:10:04.0871 4940 NetMsmqActivator - ok 14:10:04.0871 4940 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:10:04.0887 4940 NetPipeActivator - ok 14:10:04.0902 4940 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 14:10:04.0949 4940 netprofm - ok 14:10:04.0965 4940 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:10:04.0965 4940 NetTcpActivator - ok 14:10:04.0965 4940 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:10:04.0980 4940 NetTcpPortSharing - ok 14:10:05.0012 4940 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 14:10:05.0043 4940 nfrd960 - ok 14:10:05.0090 4940 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 14:10:05.0121 4940 NlaSvc - ok 14:10:05.0136 4940 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 14:10:05.0183 4940 Npfs - ok 14:10:05.0183 4940 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 14:10:05.0230 4940 nsi - ok 14:10:05.0246 4940 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 14:10:05.0277 4940 nsiproxy - ok 14:10:05.0370 4940 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 14:10:05.0433 4940 Ntfs - ok 14:10:05.0526 4940 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 14:10:05.0573 4940 Null - ok 14:10:05.0651 4940 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 14:10:05.0667 4940 nvraid - ok 14:10:05.0745 4940 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 14:10:05.0760 4940 nvstor - ok 14:10:05.0807 4940 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 14:10:05.0823 4940 nv_agp - ok 14:10:05.0838 4940 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 14:10:05.0870 4940 ohci1394 - ok 14:10:05.0948 4940 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 14:10:05.0979 4940 ose - ok 14:10:06.0088 4940 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 14:10:06.0384 4940 osppsvc - ok 14:10:06.0416 4940 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 14:10:06.0447 4940 p2pimsvc - ok 14:10:06.0509 4940 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 14:10:06.0525 4940 p2psvc - ok 14:10:06.0572 4940 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 14:10:06.0603 4940 Parport - ok 14:10:06.0665 4940 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 14:10:06.0681 4940 partmgr - ok 14:10:06.0696 4940 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 14:10:06.0728 4940 PcaSvc - ok 14:10:06.0743 4940 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 14:10:06.0759 4940 pci - ok 14:10:06.0790 4940 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 14:10:06.0806 4940 pciide - ok 14:10:06.0821 4940 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 14:10:06.0837 4940 pcmcia - ok 14:10:06.0852 4940 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 14:10:06.0868 4940 pcw - ok 14:10:06.0962 4940 pdfcDispatcher - ok 14:10:07.0008 4940 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 14:10:07.0055 4940 PEAUTH - ok 14:10:07.0118 4940 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 14:10:07.0133 4940 PerfHost - ok 14:10:07.0180 4940 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 14:10:07.0242 4940 pla - ok 14:10:07.0274 4940 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 14:10:07.0305 4940 PlugPlay - ok 14:10:07.0320 4940 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 14:10:07.0336 4940 PNRPAutoReg - ok 14:10:07.0352 4940 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 14:10:07.0367 4940 PNRPsvc - ok 14:10:07.0430 4940 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 14:10:07.0476 4940 PolicyAgent - ok 14:10:07.0508 4940 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 14:10:07.0539 4940 Power - ok 14:10:07.0617 4940 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 14:10:07.0664 4940 PptpMiniport - ok 14:10:07.0726 4940 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 14:10:07.0757 4940 Processor - ok 14:10:07.0788 4940 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 14:10:07.0820 4940 ProfSvc - ok 14:10:07.0866 4940 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 14:10:07.0866 4940 ProtectedStorage - ok 14:10:07.0882 4940 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 14:10:07.0929 4940 Psched - ok 14:10:07.0991 4940 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 14:10:08.0054 4940 ql2300 - ok 14:10:08.0069 4940 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 14:10:08.0085 4940 ql40xx - ok 14:10:08.0116 4940 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 14:10:08.0132 4940 QWAVE - ok 14:10:08.0147 4940 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 14:10:08.0178 4940 QWAVEdrv - ok 14:10:08.0194 4940 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 14:10:08.0225 4940 RasAcd - ok 14:10:08.0256 4940 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 14:10:08.0303 4940 RasAgileVpn - ok 14:10:08.0334 4940 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 14:10:08.0381 4940 RasAuto - ok 14:10:08.0397 4940 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 14:10:08.0444 4940 Rasl2tp - ok 14:10:08.0475 4940 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 14:10:08.0506 4940 RasMan - ok 14:10:08.0537 4940 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 14:10:08.0646 4940 RasPppoe - ok 14:10:08.0678 4940 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 14:10:08.0709 4940 RasSstp - ok 14:10:08.0724 4940 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 14:10:08.0771 4940 rdbss - ok 14:10:08.0787 4940 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys 14:10:08.0818 4940 rdpbus - ok 14:10:08.0849 4940 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 14:10:08.0880 4940 RDPCDD - ok 14:10:08.0912 4940 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 14:10:08.0943 4940 RDPENCDD - ok 14:10:08.0974 4940 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 14:10:08.0990 4940 RDPREFMP - ok 14:10:09.0021 4940 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 14:10:09.0083 4940 RDPWD - ok 14:10:09.0099 4940 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 14:10:09.0114 4940 rdyboost - ok 14:10:09.0130 4940 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 14:10:09.0177 4940 RemoteAccess - ok 14:10:09.0208 4940 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 14:10:09.0239 4940 RemoteRegistry - ok 14:10:09.0317 4940 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe 14:10:09.0333 4940 RoxioNow Service - ok 14:10:09.0348 4940 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 14:10:09.0380 4940 RpcEptMapper - ok 14:10:09.0411 4940 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 14:10:09.0411 4940 RpcLocator - ok 14:10:09.0442 4940 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 14:10:09.0473 4940 RpcSs - ok 14:10:09.0489 4940 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 14:10:09.0520 4940 rspndr - ok 14:10:09.0582 4940 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys 14:10:09.0598 4940 RTL8167 - ok 14:10:09.0707 4940 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 14:10:09.0707 4940 SamSs - ok 14:10:09.0738 4940 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 14:10:09.0754 4940 sbp2port - ok 14:10:09.0785 4940 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 14:10:09.0816 4940 SCardSvr - ok 14:10:09.0832 4940 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 14:10:09.0863 4940 scfilter - ok 14:10:09.0894 4940 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 14:10:09.0957 4940 Schedule - ok 14:10:09.0988 4940 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 14:10:10.0019 4940 SCPolicySvc - ok 14:10:10.0113 4940 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 14:10:10.0128 4940 SDRSVC - ok 14:10:10.0206 4940 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 14:10:10.0206 4940 SeaPort - ok 14:10:10.0269 4940 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 14:10:10.0300 4940 secdrv - ok 14:10:10.0347 4940 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 14:10:10.0378 4940 seclogon - ok 14:10:10.0440 4940 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 14:10:10.0472 4940 SENS - ok 14:10:10.0503 4940 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 14:10:10.0534 4940 SensrSvc - ok 14:10:10.0815 4940 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys 14:10:10.0877 4940 Serenum - ok 14:10:10.0924 4940 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys 14:10:10.0955 4940 Serial - ok 14:10:10.0971 4940 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 14:10:11.0002 4940 sermouse - ok 14:10:11.0018 4940 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 14:10:11.0064 4940 SessionEnv - ok 14:10:11.0080 4940 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 14:10:11.0111 4940 sffdisk - ok 14:10:11.0111 4940 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 14:10:11.0142 4940 sffp_mmc - ok 14:10:11.0158 4940 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 14:10:11.0189 4940 sffp_sd - ok 14:10:11.0205 4940 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 14:10:11.0220 4940 sfloppy - ok 14:10:11.0252 4940 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys 14:10:11.0283 4940 Sftfs - ok 14:10:11.0345 4940 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 14:10:11.0361 4940 sftlist - ok 14:10:11.0376 4940 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys 14:10:11.0392 4940 Sftplay - ok 14:10:11.0408 4940 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys 14:10:11.0408 4940 Sftredir - ok 14:10:11.0423 4940 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys 14:10:11.0439 4940 Sftvol - ok 14:10:11.0454 4940 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 14:10:11.0454 4940 sftvsa - ok 14:10:11.0486 4940 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 14:10:11.0517 4940 SharedAccess - ok 14:10:11.0564 4940 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 14:10:11.0595 4940 ShellHWDetection - ok 14:10:11.0657 4940 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 14:10:11.0673 4940 SiSRaid2 - ok 14:10:11.0688 4940 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 14:10:11.0704 4940 SiSRaid4 - ok 14:10:11.0735 4940 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 14:10:11.0782 4940 Smb - ok 14:10:11.0829 4940 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 14:10:11.0844 4940 SNMPTRAP - ok 14:10:11.0860 4940 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 14:10:11.0876 4940 spldr - ok 14:10:11.0891 4940 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 14:10:11.0922 4940 Spooler - ok 14:10:12.0032 4940 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 14:10:12.0078 4940 sppsvc - ok 14:10:12.0094 4940 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 14:10:12.0125 4940 sppuinotify - ok 14:10:12.0172 4940 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 14:10:12.0203 4940 srv - ok 14:10:12.0219 4940 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 14:10:12.0234 4940 srv2 - ok 14:10:12.0266 4940 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 14:10:12.0281 4940 srvnet - ok 14:10:12.0328 4940 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 14:10:12.0359 4940 SSDPSRV - ok 14:10:12.0390 4940 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 14:10:12.0422 4940 SstpSvc - ok 14:10:12.0453 4940 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 14:10:12.0468 4940 stexstor - ok 14:10:12.0515 4940 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 14:10:12.0546 4940 stisvc - ok 14:10:12.0578 4940 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 14:10:12.0593 4940 swenum - ok 14:10:12.0640 4940 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 14:10:12.0671 4940 swprv - ok 14:10:12.0921 4940 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 14:10:12.0968 4940 SysMain - ok 14:10:12.0999 4940 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 14:10:13.0014 4940 TabletInputService - ok 14:10:13.0030 4940 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 14:10:13.0092 4940 TapiSrv - ok 14:10:13.0155 4940 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 14:10:13.0170 4940 TBS - ok 14:10:13.0233 4940 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 14:10:13.0280 4940 Tcpip - ok 14:10:13.0342 4940 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 14:10:13.0373 4940 TCPIP6 - ok 14:10:13.0389 4940 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 14:10:13.0420 4940 tcpipreg - ok 14:10:13.0467 4940 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 14:10:13.0482 4940 TDPIPE - ok 14:10:13.0514 4940 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 14:10:13.0529 4940 TDTCP - ok 14:10:13.0592 4940 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 14:10:13.0623 4940 tdx - ok 14:10:13.0732 4940 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 14:10:13.0748 4940 TermDD - ok 14:10:13.0779 4940 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 14:10:13.0826 4940 TermService - ok 14:10:13.0841 4940 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 14:10:13.0857 4940 Themes - ok 14:10:13.0904 4940 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 14:10:13.0919 4940 THREADORDER - ok 14:10:13.0935 4940 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 14:10:13.0966 4940 TrkWks - ok 14:10:13.0982 4940 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 14:10:14.0013 4940 TrustedInstaller - ok 14:10:14.0028 4940 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 14:10:14.0060 4940 tssecsrv - ok 14:10:14.0091 4940 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 14:10:14.0122 4940 TsUsbFlt - ok 14:10:14.0153 4940 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 14:10:14.0184 4940 TsUsbGD - ok 14:10:14.0231 4940 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 14:10:14.0278 4940 tunnel - ok 14:10:14.0294 4940 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 14:10:14.0309 4940 uagp35 - ok 14:10:14.0340 4940 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 14:10:14.0387 4940 udfs - ok 14:10:14.0403 4940 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 14:10:14.0418 4940 UI0Detect - ok 14:10:14.0434 4940 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 14:10:14.0450 4940 uliagpkx - ok 14:10:14.0481 4940 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 14:10:14.0496 4940 umbus - ok 14:10:14.0512 4940 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 14:10:14.0528 4940 UmPass - ok 14:10:14.0574 4940 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 14:10:14.0606 4940 upnphost - ok 14:10:14.0652 4940 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 14:10:14.0730 4940 usbccgp - ok 14:10:14.0746 4940 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 14:10:14.0762 4940 usbcir - ok 14:10:14.0793 4940 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 14:10:14.0808 4940 usbehci - ok 14:10:14.0824 4940 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\drivers\usbfilter.sys 14:10:14.0840 4940 usbfilter - ok 14:10:14.0886 4940 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 14:10:14.0918 4940 usbhub - ok 14:10:14.0933 4940 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys 14:10:14.0949 4940 usbohci - ok 14:10:14.0996 4940 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 14:10:15.0027 4940 usbprint - ok 14:10:15.0042 4940 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 14:10:15.0074 4940 usbscan - ok 14:10:15.0089 4940 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:10:15.0136 4940 USBSTOR - ok 14:10:15.0152 4940 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 14:10:15.0167 4940 usbuhci - ok 14:10:15.0198 4940 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 14:10:15.0245 4940 UxSms - ok 14:10:15.0292 4940 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 14:10:15.0308 4940 VaultSvc - ok 14:10:15.0323 4940 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 14:10:15.0323 4940 vdrvroot - ok 14:10:15.0370 4940 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 14:10:15.0401 4940 vds - ok 14:10:15.0464 4940 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 14:10:15.0479 4940 vga - ok 14:10:15.0510 4940 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 14:10:15.0573 4940 VgaSave - ok 14:10:15.0635 4940 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 14:10:15.0651 4940 vhdmp - ok 14:10:15.0682 4940 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 14:10:15.0698 4940 viaide - ok 14:10:15.0729 4940 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 14:10:15.0729 4940 volmgr - ok 14:10:15.0760 4940 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 14:10:15.0760 4940 volmgrx - ok 14:10:15.0791 4940 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 14:10:15.0807 4940 volsnap - ok 14:10:15.0822 4940 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 14:10:15.0854 4940 vsmraid - ok 14:10:15.0932 4940 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 14:10:15.0978 4940 VSS - ok 14:10:16.0056 4940 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe 14:10:16.0072 4940 vToolbarUpdater10.2.0 - ok 14:10:16.0088 4940 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 14:10:16.0119 4940 vwifibus - ok 14:10:16.0197 4940 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 14:10:16.0228 4940 W32Time - ok 14:10:16.0259 4940 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 14:10:16.0275 4940 WacomPen - ok 14:10:16.0322 4940 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 14:10:16.0353 4940 WANARP - ok 14:10:16.0353 4940 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 14:10:16.0384 4940 Wanarpv6 - ok 14:10:16.0462 4940 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 14:10:16.0680 4940 WatAdminSvc - ok 14:10:16.0712 4940 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 14:10:16.0774 4940 wbengine - ok 14:10:16.0790 4940 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 14:10:16.0805 4940 WbioSrvc - ok 14:10:16.0821 4940 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 14:10:16.0852 4940 wcncsvc - ok 14:10:16.0868 4940 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 14:10:16.0883 4940 WcsPlugInService - ok 14:10:16.0914 4940 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 14:10:16.0930 4940 Wd - ok 14:10:16.0961 4940 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 14:10:16.0977 4940 Wdf01000 - ok 14:10:16.0992 4940 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 14:10:17.0102 4940 WdiServiceHost - ok 14:10:17.0102 4940 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 14:10:17.0117 4940 WdiSystemHost - ok 14:10:17.0148 4940 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 14:10:17.0180 4940 WebClient - ok 14:10:17.0195 4940 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 14:10:17.0226 4940 Wecsvc - ok 14:10:17.0242 4940 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 14:10:17.0273 4940 wercplsupport - ok 14:10:17.0320 4940 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 14:10:17.0351 4940 WerSvc - ok 14:10:17.0382 4940 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 14:10:17.0414 4940 WfpLwf - ok 14:10:17.0429 4940 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 14:10:17.0445 4940 WIMMount - ok 14:10:17.0476 4940 WinDefend - ok 14:10:17.0476 4940 WinHttpAutoProxySvc - ok 14:10:17.0523 4940 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 14:10:17.0554 4940 Winmgmt - ok 14:10:17.0632 4940 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 14:10:17.0694 4940 WinRM - ok 14:10:17.0741 4940 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 14:10:17.0772 4940 WinUsb - ok 14:10:17.0788 4940 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 14:10:17.0819 4940 Wlansvc - ok 14:10:17.0882 4940 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 14:10:17.0897 4940 wlcrasvc - ok 14:10:17.0975 4940 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 14:10:18.0006 4940 wlidsvc - ok 14:10:18.0053 4940 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 14:10:18.0069 4940 WmiAcpi - ok 14:10:18.0116 4940 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 14:10:18.0131 4940 wmiApSrv - ok 14:10:18.0178 4940 WMPNetworkSvc - ok 14:10:18.0194 4940 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 14:10:18.0209 4940 WPCSvc - ok 14:10:18.0209 4940 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 14:10:18.0225 4940 WPDBusEnum - ok 14:10:18.0256 4940 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 14:10:18.0287 4940 ws2ifsl - ok 14:10:18.0318 4940 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 14:10:18.0350 4940 wscsvc - ok 14:10:18.0350 4940 WSearch - ok 14:10:18.0396 4940 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 14:10:18.0474 4940 wuauserv - ok 14:10:18.0506 4940 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 14:10:18.0537 4940 WudfPf - ok 14:10:18.0584 4940 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 14:10:18.0615 4940 WUDFRd - ok 14:10:18.0677 4940 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 14:10:18.0708 4940 wudfsvc - ok 14:10:18.0724 4940 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 14:10:18.0755 4940 WwanSvc - ok 14:10:18.0818 4940 MBR (0x1B8) (6f9dd6ab827c8b46cad334291946f201) \Device\Harddisk0\DR0 14:10:19.0098 4940 \Device\Harddisk0\DR0 - ok 14:10:19.0114 4940 Boot (0x1200) (b920e4bc4db2a2f85672de53afd62e83) \Device\Harddisk0\DR0\Partition0 14:10:19.0114 4940 \Device\Harddisk0\DR0\Partition0 - ok 14:10:19.0114 4940 Boot (0x1200) (6c565c6c6da482cbbc6f595924924585) \Device\Harddisk0\DR0\Partition1 14:10:19.0114 4940 \Device\Harddisk0\DR0\Partition1 - ok 14:10:19.0145 4940 Boot (0x1200) (bff80509c2c7cfccb6c9f2aed897ec2b) \Device\Harddisk0\DR0\Partition2 14:10:19.0145 4940 \Device\Harddisk0\DR0\Partition2 - ok 14:10:19.0145 4940 ============================================================ 14:10:19.0145 4940 Scan finished 14:10:19.0145 4940 ============================================================ 14:10:19.0161 1268 Detected object count: 0 14:10:19.0161 1268 Actual detected object count: 0

didn't delete anything on roguekill. just ran scan and copied log. if i x out roguekill it says none elements have been deleted, do you want to quit. should i quit or delete the elements? thanks, scott

RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Aug-11 [Admin rights] Mode: Scan -- Date: 04/04/2012 21:21:48 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 4 ¤¤¤ [sUSP PATH] winupd.job @ : C:\Users\Aug-11\AppData\Local\Temp:winupd.exe -> FOUND [sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}.job @ : C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST310005 28AS SATA Disk Device +++++ --- User --- [MBR] 4664794ea9b3e1381cc1903ffa268820 [bSP] 4380b6c166e94d201c68450087fc3aec : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942339 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930117120 | Size: 11428 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] 58e87bbccbddc74daba40b61bbf22a8a [bSP] 774670e719613688107af143ed71084f : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 217933824 | Size: 300 Mo Finished : << RKreport[4].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

let me see how it's doing when my isp gets their stuff fixed. i can't even get on google or bing right now (to see if my searches are getting redirected).

seems to be good. having issues accessing several websites, but i think that is a problem with my isp. thanks so much for all your help!

Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.04.04.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Aug-11 :: AUG-11-HP [administrator] 4/4/2012 7:15:45 PM mbam-log-2012-04-04 (19-15-45).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 195943 Time elapsed: 2 minute(s), 31 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

combofix... ComboFix 12-04-04.02 - Aug-11 04/04/2012 18:35:53.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.2176 [GMT -5:00] Running from: c:\users\Aug-11\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Aug-11\AppData\Local\Temp\1.tmp\F_IN_BOX.dll . . ((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 ))))))))))))))))))))))))))))))) . . 2012-04-04 23:39 . 2012-04-04 23:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-04 05:21 . 2012-04-04 05:21 0 ----a-w- c:\windows\SysWow64\sho4D58.tmp 2012-04-04 05:19 . 2011-10-15 17:16 647080 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-04-04 05:19 . 2011-11-18 21:36 161168 ----a-w- c:\windows\system32\mfevtps.exe 2012-04-04 05:18 . 2012-04-04 05:18 -------- d-----w- c:\programdata\McAfee 2012-04-03 23:35 . 2012-04-04 23:30 -------- d-----w- C:\TDSSKiller_Quarantine 2012-04-03 10:46 . 2012-04-03 10:46 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F89A2F2-CE23-4A69-AFE1-7358AC940FE3}\offreg.dll 2012-04-03 07:01 . 2012-03-20 08:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F89A2F2-CE23-4A69-AFE1-7358AC940FE3}\mpengine.dll 2012-04-01 19:24 . 2012-04-01 19:24 -------- d-----w- c:\program files\Carbonite 2012-04-01 19:24 . 2012-04-01 19:24 -------- d-----w- c:\programdata\Carbonite 2012-04-01 19:24 . 2012-04-01 19:24 -------- d-----w- c:\program files (x86)\Carbonite 2012-04-01 02:25 . 2012-04-01 17:40 -------- d-----w- c:\users\Aug-11\AppData\Local\{5A6D2003-7B79-11E1-826D-B8AC6F996F26} 2012-03-29 01:06 . 2012-03-29 01:06 -------- d-----w- c:\users\Aug-11\AppData\Roaming\SUPERAntiSpyware.com 2012-03-29 01:06 . 2012-04-01 17:40 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-03-29 01:06 . 2012-03-29 01:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-03-29 00:19 . 2012-03-29 00:19 -------- d-----w- c:\program files (x86)\PC Tools 2012-03-29 00:16 . 2012-03-29 00:47 -------- d-----w- c:\programdata\PC Tools 2012-03-29 00:16 . 2012-03-29 00:16 -------- d-----w- c:\users\Aug-11\AppData\Roaming\TestApp 2012-03-28 12:57 . 2012-03-28 12:57 -------- d-----w- c:\programdata\AVG Secure Search 2012-03-28 12:57 . 2012-04-01 17:40 -------- d-----w- c:\program files (x86)\AVG Secure Search 2012-03-28 12:57 . 2012-04-01 17:40 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search 2012-03-27 22:40 . 2012-03-13 04:39 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll 2012-03-27 22:40 . 2012-03-13 04:39 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll 2012-03-27 22:28 . 2012-03-27 22:29 -------- d-----w- c:\users\Aug-11\AppData\Roaming\Xaest 2012-03-27 22:28 . 2012-03-27 22:29 -------- d-----w- c:\users\Aug-11\AppData\Roaming\Quensi 2012-03-17 21:49 . 2012-03-17 21:49 -------- d-----w- c:\program files (x86)\ESET 2012-03-17 03:48 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys 2012-03-17 03:30 . 2012-04-01 17:33 -------- d-----w- c:\users\Aug-11\AppData\Roaming\Malwarebytes 2012-03-17 03:30 . 2012-04-01 17:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-03-17 03:30 . 2012-03-28 02:33 -------- d-----w- c:\programdata\Malwarebytes 2012-03-17 03:30 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-14 08:03 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-14 08:03 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-14 08:03 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-14 03:02 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 03:02 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 03:02 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-03-14 03:00 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-14 03:00 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-14 03:00 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-14 03:00 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-14 03:00 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-03-14 03:00 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-14 03:00 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-23 14:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-02-16 02:54 . 2011-08-13 06:23 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((( SnapShot@2012-03-28_03.43.23 ))))))))))))))))))))))))))))))))))))))))) . + 2012-04-04 23:39 . 2012-04-04 23:39 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat - 2012-03-28 03:41 . 2012-03-28 03:41 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat - 2012-03-16 18:02 . 2012-03-28 03:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2012-03-16 18:02 . 2012-04-01 14:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2012-04-01 14:47 . 2012-04-01 14:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040120120402\index.dat + 2012-03-27 22:26 . 2012-03-28 04:08 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012032720120328\index.dat - 2012-03-27 22:26 . 2012-03-28 03:27 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012032720120328\index.dat - 2012-03-16 18:02 . 2012-03-28 03:27 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat + 2012-03-16 18:02 . 2012-04-01 14:44 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat + 2010-11-21 03:09 . 2012-04-04 23:25 48808 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-04-04 23:25 35646 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-08-13 07:15 . 2012-04-04 23:25 10512 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2443618145-3234143949-2320547976-1000_UserData.bin + 2012-04-01 17:42 . 2012-04-04 00:40 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat - 2011-02-11 19:25 . 2012-03-28 03:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-02-11 19:25 . 2012-04-04 23:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-02-11 19:25 . 2012-03-28 03:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-02-11 19:25 . 2012-04-04 23:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-04-04 23:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-03-28 03:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-08-13 05:36 . 2012-04-04 23:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-08-13 05:36 . 2012-03-28 03:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-03-16 17:58 . 2012-03-28 03:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat + 2012-03-16 17:58 . 2012-04-03 23:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat + 2012-03-16 17:58 . 2012-04-03 23:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat - 2012-03-16 17:58 . 2012-03-28 03:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat + 2012-03-16 17:58 . 2012-04-03 23:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat - 2012-03-16 17:58 . 2012-03-28 03:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat - 2011-08-13 05:36 . 2012-03-28 03:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-08-13 05:36 . 2012-04-04 23:23 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-08-13 05:36 . 2012-04-04 23:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-08-13 05:36 . 2012-03-28 03:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-08-13 07:15 . 2012-03-28 03:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-08-13 07:15 . 2012-04-04 23:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-08-13 07:15 . 2012-03-28 03:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-08-13 07:15 . 2012-04-04 23:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-08-14 03:44 . 2012-03-29 02:34 5414 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2012-04-04 23:40 . 2012-04-04 23:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-03-28 03:42 . 2012-03-28 03:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 04:54 . 2012-04-04 23:40 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-02-11 18:41 . 2012-04-04 12:43 328494 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin - 2009-07-14 02:36 . 2012-03-28 03:27 660520 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-04-04 23:28 660520 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-03-28 03:27 121190 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-04-04 23:28 121190 c:\windows\system32\perfc009.dat + 2011-10-15 17:16 . 2011-10-15 17:16 160280 c:\windows\system32\drivers\mfeapfk.sys + 2009-07-14 05:01 . 2012-04-04 23:39 277296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-03-28 03:41 277296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 04:54 . 2012-04-04 23:40 5177344 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-03-28 03:42 1458176 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-04-04 23:40 1458176 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-08-13 07:12 . 2012-03-28 03:09 1627496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-08-13 07:12 . 2012-04-04 13:06 1627496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2011-08-13 07:12 . 2012-03-28 03:41 1989984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2443618145-3234143949-2320547976-1000-8192.dat + 2011-08-13 07:12 . 2012-04-04 23:39 1989984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2443618145-3234143949-2320547976-1000-8192.dat + 2012-03-28 12:54 . 2012-03-28 12:54 2872832 c:\windows\Installer\1e32a47.msi . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-17 21:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}] 2011-01-17 21:54 175912 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2012-03-17 02:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2012-03-17 02:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2012-03-17 02:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-01 656920] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-03-17 1059984] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448] S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-04-04 c:\windows\Tasks\HPCeeScheduleForAug-11.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2012-03-17 01:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2012-03-17 01:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2012-03-17 01:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Aug-11\AppData\Roaming\Mozilla\Firefox\Profiles\t5h1wh4w.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Be379abac-22b4-479e-921f-fec664619ae5%7D&mid=740066f430df47d1abb6ed906db4abbc-ebe5aca7cfd32f9faede2535b753341eef991577&ds=AVG&v=10.2.0.3〈=en&pr=fr&d=2011-10-24%2023%3A59%3A26&sap=ku&q= . - - - - ORPHANS REMOVED - - - - . WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\08\06\0d\0f2\04v" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe . ************************************************************************** . Completion time: 2012-04-04 18:43:09 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-04 23:43 ComboFix2.txt 2012-04-04 00:37 ComboFix3.txt 2012-03-28 04:04 . Pre-Run: 773,720,489,984 bytes free Post-Run: 773,685,772,288 bytes free . - - End Of File - - 39DEDA364BAFA40B859F7A44FAF41D02

ran tdsskiller again and deleted... here's that log. will run combofix again as well. 18:29:19.0109 4108 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32 18:29:19.0488 4108 ============================================================ 18:29:19.0488 4108 Current date / time: 2012/04/04 18:29:19.0488 18:29:19.0488 4108 SystemInfo: 18:29:19.0488 4108 18:29:19.0488 4108 OS Version: 6.1.7601 ServicePack: 1.0 18:29:19.0488 4108 Product type: Workstation 18:29:19.0488 4108 ComputerName: AUG-11-HP 18:29:19.0489 4108 UserName: Aug-11 18:29:19.0489 4108 Windows directory: C:\Windows 18:29:19.0489 4108 System windows directory: C:\Windows 18:29:19.0489 4108 Running under WOW64 18:29:19.0489 4108 Processor architecture: Intel x64 18:29:19.0489 4108 Number of processors: 4 18:29:19.0489 4108 Page size: 0x1000 18:29:19.0489 4108 Boot type: Normal boot 18:29:19.0489 4108 ============================================================ 18:29:22.0254 4108 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:29:22.0350 4108 \Device\Harddisk0\DR0: 18:29:22.0350 4108 MBR used 18:29:22.0350 4108 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 18:29:22.0350 4108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x73081800 18:29:22.0350 4108 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x730B4000, BlocksNum 0x1652000 18:29:22.0461 4108 Initialize success 18:29:22.0461 4108 ============================================================ 18:29:29.0126 3584 ============================================================ 18:29:29.0126 3584 Scan started 18:29:29.0126 3584 Mode: Manual; SigCheck; TDLFS; 18:29:29.0126 3584 ============================================================ 18:29:30.0434 3584 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 18:29:30.0508 3584 1394ohci - ok 18:29:30.0535 3584 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 18:29:30.0549 3584 ACPI - ok 18:29:30.0570 3584 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 18:29:30.0605 3584 AcpiPmi - ok 18:29:30.0630 3584 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 18:29:30.0647 3584 adp94xx - ok 18:29:30.0721 3584 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 18:29:30.0739 3584 adpahci - ok 18:29:30.0754 3584 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 18:29:30.0765 3584 adpu320 - ok 18:29:30.0789 3584 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 18:29:30.0862 3584 AeLookupSvc - ok 18:29:30.0918 3584 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 18:29:30.0949 3584 AFD - ok 18:29:31.0109 3584 AffinegyService (b29bc445561f1ac7b1daf67af954c36b) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe 18:29:31.0149 3584 AffinegyService - ok 18:29:31.0193 3584 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 18:29:31.0203 3584 agp440 - ok 18:29:31.0220 3584 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 18:29:31.0245 3584 ALG - ok 18:29:31.0293 3584 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 18:29:31.0302 3584 aliide - ok 18:29:31.0354 3584 AMD External Events Utility (ca0d6c1390f4b3baf2a0a69d1a7f8332) C:\Windows\system32\atiesrxx.exe 18:29:31.0397 3584 AMD External Events Utility - ok 18:29:31.0416 3584 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 18:29:31.0425 3584 amdide - ok 18:29:31.0488 3584 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 18:29:31.0538 3584 AmdK8 - ok 18:29:31.0660 3584 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys 18:29:31.0830 3584 amdkmdag - ok 18:29:31.0868 3584 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys 18:29:31.0890 3584 amdkmdap - ok 18:29:31.0931 3584 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys 18:29:31.0963 3584 AmdPPM - ok 18:29:32.0004 3584 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 18:29:32.0027 3584 amdsata - ok 18:29:32.0112 3584 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 18:29:32.0136 3584 amdsbs - ok 18:29:32.0161 3584 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 18:29:32.0182 3584 amdxata - ok 18:29:32.0207 3584 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\Windows\system32\drivers\amd_sata.sys 18:29:32.0269 3584 amd_sata - ok 18:29:32.0343 3584 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\Windows\system32\drivers\amd_xata.sys 18:29:32.0350 3584 amd_xata - ok 18:29:32.0414 3584 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 18:29:32.0524 3584 AppID - ok 18:29:32.0620 3584 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 18:29:32.0673 3584 AppIDSvc - ok 18:29:32.0687 3584 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 18:29:32.0718 3584 Appinfo - ok 18:29:32.0775 3584 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 18:29:32.0785 3584 arc - ok 18:29:32.0823 3584 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 18:29:32.0833 3584 arcsas - ok 18:29:32.0923 3584 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 18:29:32.0950 3584 aspnet_state - ok 18:29:32.0992 3584 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 18:29:33.0035 3584 AsyncMac - ok 18:29:33.0082 3584 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 18:29:33.0091 3584 atapi - ok 18:29:33.0145 3584 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\drivers\AtiPcie64.sys 18:29:33.0153 3584 AtiPcie - ok 18:29:33.0175 3584 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 18:29:33.0215 3584 AudioEndpointBuilder - ok 18:29:33.0225 3584 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 18:29:33.0256 3584 AudioSrv - ok 18:29:33.0277 3584 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 18:29:33.0305 3584 AxInstSV - ok 18:29:33.0333 3584 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 18:29:33.0387 3584 b06bdrv - ok 18:29:33.0418 3584 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 18:29:33.0446 3584 b57nd60a - ok 18:29:33.0486 3584 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 18:29:33.0509 3584 BDESVC - ok 18:29:33.0526 3584 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 18:29:33.0574 3584 Beep - ok 18:29:33.0633 3584 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 18:29:33.0678 3584 BFE - ok 18:29:33.0835 3584 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll 18:29:33.0897 3584 BITS - ok 18:29:33.0943 3584 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys 18:29:33.0955 3584 blbdrive - ok 18:29:34.0037 3584 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 18:29:34.0072 3584 bowser - ok 18:29:34.0095 3584 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 18:29:34.0108 3584 BrFiltLo - ok 18:29:34.0123 3584 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 18:29:34.0137 3584 BrFiltUp - ok 18:29:34.0203 3584 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 18:29:34.0240 3584 BridgeMP - ok 18:29:34.0265 3584 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 18:29:34.0301 3584 Browser - ok 18:29:34.0317 3584 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 18:29:34.0351 3584 Brserid - ok 18:29:34.0378 3584 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 18:29:34.0404 3584 BrSerWdm - ok 18:29:34.0417 3584 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 18:29:34.0440 3584 BrUsbMdm - ok 18:29:34.0459 3584 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 18:29:34.0470 3584 BrUsbSer - ok 18:29:34.0482 3584 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 18:29:34.0510 3584 BTHMODEM - ok 18:29:34.0554 3584 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 18:29:34.0605 3584 bthserv - ok 18:29:35.0130 3584 CarboniteService (9da7d983b4e9ea2d065edf566ca64fc8) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe 18:29:35.0302 3584 CarboniteService - ok 18:29:35.0334 3584 catchme - ok 18:29:35.0403 3584 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 18:29:35.0443 3584 cdfs - ok 18:29:35.0495 3584 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 18:29:35.0517 3584 cdrom - ok 18:29:35.0560 3584 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 18:29:35.0601 3584 CertPropSvc - ok 18:29:35.0664 3584 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 18:29:35.0694 3584 circlass - ok 18:29:35.0710 3584 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 18:29:35.0727 3584 CLFS - ok 18:29:35.0767 3584 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:29:35.0776 3584 clr_optimization_v2.0.50727_32 - ok 18:29:35.0813 3584 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 18:29:35.0823 3584 clr_optimization_v2.0.50727_64 - ok 18:29:35.0873 3584 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:29:35.0924 3584 clr_optimization_v4.0.30319_32 - ok 18:29:35.0968 3584 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 18:29:35.0979 3584 clr_optimization_v4.0.30319_64 - ok 18:29:36.0028 3584 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys 18:29:36.0051 3584 CmBatt - ok 18:29:36.0069 3584 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 18:29:36.0078 3584 cmdide - ok 18:29:36.0127 3584 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 18:29:36.0147 3584 CNG - ok 18:29:36.0168 3584 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys 18:29:36.0177 3584 Compbatt - ok 18:29:36.0224 3584 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 18:29:36.0242 3584 CompositeBus - ok 18:29:36.0261 3584 COMSysApp - ok 18:29:36.0296 3584 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 18:29:36.0306 3584 crcdisk - ok 18:29:36.0328 3584 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 18:29:36.0369 3584 CryptSvc - ok 18:29:36.0471 3584 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 18:29:36.0491 3584 cvhsvc - ok 18:29:36.0531 3584 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 18:29:36.0575 3584 DcomLaunch - ok 18:29:36.0625 3584 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 18:29:36.0658 3584 defragsvc - ok 18:29:36.0737 3584 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 18:29:36.0776 3584 DfsC - ok 18:29:36.0829 3584 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 18:29:36.0865 3584 Dhcp - ok 18:29:36.0906 3584 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 18:29:36.0960 3584 discache - ok 18:29:36.0987 3584 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 18:29:37.0000 3584 Disk - ok 18:29:37.0035 3584 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 18:29:37.0068 3584 Dnscache - ok 18:29:37.0093 3584 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 18:29:37.0124 3584 dot3svc - ok 18:29:37.0137 3584 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 18:29:37.0175 3584 DPS - ok 18:29:37.0214 3584 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 18:29:37.0234 3584 drmkaud - ok 18:29:37.0265 3584 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 18:29:37.0284 3584 DXGKrnl - ok 18:29:37.0299 3584 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 18:29:37.0330 3584 EapHost - ok 18:29:37.0404 3584 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 18:29:37.0475 3584 ebdrv - ok 18:29:37.0498 3584 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 18:29:37.0513 3584 EFS - ok 18:29:37.0575 3584 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 18:29:37.0613 3584 ehRecvr - ok 18:29:37.0656 3584 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 18:29:37.0670 3584 ehSched - ok 18:29:37.0763 3584 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 18:29:37.0779 3584 elxstor - ok 18:29:37.0818 3584 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 18:29:37.0879 3584 ErrDev - ok 18:29:37.0910 3584 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 18:29:37.0960 3584 EventSystem - ok 18:29:38.0040 3584 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 18:29:38.0072 3584 exfat - ok 18:29:38.0120 3584 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 18:29:38.0164 3584 fastfat - ok 18:29:38.0238 3584 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 18:29:38.0274 3584 Fax - ok 18:29:38.0339 3584 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 18:29:38.0359 3584 fdc - ok 18:29:38.0478 3584 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 18:29:38.0528 3584 fdPHost - ok 18:29:38.0673 3584 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 18:29:38.0702 3584 FDResPub - ok 18:29:38.0784 3584 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 18:29:38.0793 3584 FileInfo - ok 18:29:38.0824 3584 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 18:29:38.0857 3584 Filetrace - ok 18:29:38.0897 3584 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 18:29:38.0908 3584 flpydisk - ok 18:29:38.0926 3584 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 18:29:38.0939 3584 FltMgr - ok 18:29:39.0002 3584 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 18:29:39.0061 3584 FontCache - ok 18:29:39.0137 3584 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 18:29:39.0154 3584 FontCache3.0.0.0 - ok 18:29:39.0174 3584 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 18:29:39.0183 3584 FsDepends - ok 18:29:39.0221 3584 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 18:29:39.0229 3584 Fs_Rec - ok 18:29:39.0247 3584 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 18:29:39.0260 3584 fvevol - ok 18:29:39.0283 3584 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 18:29:39.0307 3584 gagp30kx - ok 18:29:39.0376 3584 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 18:29:39.0395 3584 GamesAppService - ok 18:29:39.0458 3584 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 18:29:39.0513 3584 gpsvc - ok 18:29:39.0539 3584 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 18:29:39.0571 3584 hcw85cir - ok 18:29:39.0618 3584 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 18:29:39.0642 3584 HdAudAddService - ok 18:29:39.0663 3584 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys 18:29:39.0682 3584 HDAudBus - ok 18:29:39.0698 3584 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 18:29:39.0723 3584 HidBatt - ok 18:29:39.0737 3584 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 18:29:39.0752 3584 HidBth - ok 18:29:39.0795 3584 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 18:29:39.0809 3584 HidIr - ok 18:29:39.0824 3584 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 18:29:39.0858 3584 hidserv - ok 18:29:39.0940 3584 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 18:29:39.0951 3584 HidUsb - ok 18:29:39.0966 3584 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 18:29:40.0006 3584 hkmsvc - ok 18:29:40.0046 3584 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 18:29:40.0082 3584 HomeGroupListener - ok 18:29:40.0127 3584 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 18:29:40.0168 3584 HomeGroupProvider - ok 18:29:40.0285 3584 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 18:29:40.0305 3584 HP Support Assistant Service - ok 18:29:40.0372 3584 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe 18:29:40.0384 3584 HPClientSvc - ok 18:29:40.0418 3584 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 18:29:40.0426 3584 HPDrvMntSvc.exe - ok 18:29:40.0502 3584 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 18:29:40.0532 3584 hpqwmiex - ok 18:29:40.0571 3584 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 18:29:40.0580 3584 HpSAMD - ok 18:29:40.0654 3584 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 18:29:40.0710 3584 HTTP - ok 18:29:40.0767 3584 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 18:29:40.0795 3584 hwpolicy - ok 18:29:40.0856 3584 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 18:29:40.0869 3584 i8042prt - ok 18:29:40.0918 3584 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 18:29:40.0932 3584 iaStorV - ok 18:29:41.0053 3584 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 18:29:41.0083 3584 idsvc - ok 18:29:41.0225 3584 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys 18:29:41.0376 3584 igfx - ok 18:29:41.0395 3584 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 18:29:41.0411 3584 iirsp - ok 18:29:41.0467 3584 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 18:29:41.0524 3584 IKEEXT - ok 18:29:41.0793 3584 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys 18:29:41.0829 3584 IntcAzAudAddService - ok 18:29:41.0944 3584 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 18:29:41.0962 3584 intelide - ok 18:29:42.0025 3584 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys 18:29:42.0046 3584 intelppm - ok 18:29:42.0093 3584 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 18:29:42.0129 3584 IPBusEnum - ok 18:29:42.0200 3584 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:29:42.0239 3584 IpFilterDriver - ok 18:29:42.0307 3584 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 18:29:42.0351 3584 iphlpsvc - ok 18:29:42.0369 3584 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 18:29:42.0394 3584 IPMIDRV - ok 18:29:42.0408 3584 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 18:29:42.0438 3584 IPNAT - ok 18:29:42.0474 3584 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 18:29:42.0489 3584 IRENUM - ok 18:29:42.0509 3584 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 18:29:42.0518 3584 isapnp - ok 18:29:42.0551 3584 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 18:29:42.0564 3584 iScsiPrt - ok 18:29:42.0578 3584 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 18:29:42.0586 3584 kbdclass - ok 18:29:42.0603 3584 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 18:29:42.0626 3584 kbdhid - ok 18:29:42.0692 3584 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 18:29:42.0703 3584 KeyIso - ok 18:29:42.0726 3584 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 18:29:42.0736 3584 KSecDD - ok 18:29:42.0934 3584 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 18:29:42.0954 3584 KSecPkg - ok 18:29:42.0999 3584 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 18:29:43.0035 3584 ksthunk - ok 18:29:43.0065 3584 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 18:29:43.0117 3584 KtmRm - ok 18:29:43.0179 3584 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll 18:29:43.0223 3584 LanmanServer - ok 18:29:43.0243 3584 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 18:29:43.0292 3584 LanmanWorkstation - ok 18:29:43.0351 3584 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 18:29:43.0383 3584 lltdio - ok 18:29:43.0411 3584 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 18:29:43.0450 3584 lltdsvc - ok 18:29:43.0486 3584 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 18:29:43.0515 3584 lmhosts - ok 18:29:43.0560 3584 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 18:29:43.0570 3584 LSI_FC - ok 18:29:43.0668 3584 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 18:29:43.0679 3584 LSI_SAS - ok 18:29:43.0694 3584 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 18:29:43.0704 3584 LSI_SAS2 - ok 18:29:43.0728 3584 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 18:29:43.0745 3584 LSI_SCSI - ok 18:29:43.0762 3584 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 18:29:43.0795 3584 luafv - ok 18:29:43.0841 3584 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 18:29:43.0855 3584 Mcx2Svc - ok 18:29:43.0879 3584 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 18:29:43.0888 3584 megasas - ok 18:29:43.0910 3584 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 18:29:43.0924 3584 MegaSR - ok 18:29:43.0974 3584 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys 18:29:43.0984 3584 mfeapfk - ok 18:29:44.0052 3584 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys 18:29:44.0069 3584 mfehidk - ok 18:29:44.0119 3584 mfevtp (3ed58a36f7f7d60f0ef44d29810b0b80) C:\Windows\system32\mfevtps.exe 18:29:44.0129 3584 mfevtp - ok 18:29:44.0140 3584 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 18:29:44.0177 3584 MMCSS - ok 18:29:44.0198 3584 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 18:29:44.0239 3584 Modem - ok 18:29:44.0260 3584 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 18:29:44.0279 3584 monitor - ok 18:29:44.0334 3584 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 18:29:44.0342 3584 mouclass - ok 18:29:44.0356 3584 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 18:29:44.0376 3584 mouhid - ok 18:29:44.0413 3584 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 18:29:44.0423 3584 mountmgr - ok 18:29:44.0450 3584 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 18:29:44.0469 3584 mpio - ok 18:29:44.0485 3584 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 18:29:44.0514 3584 mpsdrv - ok 18:29:44.0535 3584 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 18:29:44.0573 3584 MpsSvc - ok 18:29:44.0616 3584 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 18:29:44.0659 3584 MRxDAV - ok 18:29:44.0747 3584 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 18:29:44.0790 3584 mrxsmb - ok 18:29:44.0813 3584 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:29:44.0831 3584 mrxsmb10 - ok 18:29:44.0849 3584 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:29:44.0862 3584 mrxsmb20 - ok 18:29:44.0878 3584 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 18:29:44.0887 3584 msahci - ok 18:29:44.0912 3584 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 18:29:44.0922 3584 msdsm - ok 18:29:44.0934 3584 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 18:29:44.0956 3584 MSDTC - ok 18:29:44.0971 3584 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 18:29:44.0999 3584 Msfs - ok 18:29:45.0011 3584 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 18:29:45.0040 3584 mshidkmdf - ok 18:29:45.0071 3584 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 18:29:45.0079 3584 msisadrv - ok 18:29:45.0146 3584 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 18:29:45.0178 3584 MSiSCSI - ok 18:29:45.0229 3584 msiserver - ok 18:29:45.0285 3584 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 18:29:45.0322 3584 MSKSSRV - ok 18:29:45.0334 3584 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 18:29:45.0372 3584 MSPCLOCK - ok 18:29:45.0387 3584 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 18:29:45.0424 3584 MSPQM - ok 18:29:45.0447 3584 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 18:29:45.0460 3584 MsRPC - ok 18:29:45.0473 3584 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 18:29:45.0481 3584 mssmbios - ok 18:29:45.0520 3584 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 18:29:45.0562 3584 MSTEE - ok 18:29:45.0610 3584 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 18:29:45.0630 3584 MTConfig - ok 18:29:45.0667 3584 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 18:29:45.0676 3584 Mup - ok 18:29:45.0768 3584 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 18:29:45.0806 3584 napagent - ok 18:29:45.0869 3584 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 18:29:45.0900 3584 NativeWifiP - ok 18:29:45.0958 3584 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 18:29:45.0980 3584 NDIS - ok 18:29:45.0997 3584 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 18:29:46.0027 3584 NdisCap - ok 18:29:46.0047 3584 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 18:29:46.0076 3584 NdisTapi - ok 18:29:46.0090 3584 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 18:29:46.0129 3584 Ndisuio - ok 18:29:46.0149 3584 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 18:29:46.0187 3584 NdisWan - ok 18:29:46.0213 3584 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 18:29:46.0241 3584 NDProxy - ok 18:29:46.0252 3584 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 18:29:46.0290 3584 NetBIOS - ok 18:29:46.0320 3584 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 18:29:46.0349 3584 NetBT - ok 18:29:46.0405 3584 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 18:29:46.0416 3584 Netlogon - ok 18:29:46.0466 3584 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 18:29:46.0500 3584 Netman - ok 18:29:46.0581 3584 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 18:29:46.0601 3584 NetMsmqActivator - ok 18:29:46.0605 3584 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 18:29:46.0613 3584 NetPipeActivator - ok 18:29:46.0695 3584 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 18:29:46.0757 3584 netprofm - ok 18:29:46.0763 3584 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 18:29:46.0772 3584 NetTcpActivator - ok 18:29:46.0776 3584 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 18:29:46.0784 3584 NetTcpPortSharing - ok 18:29:46.0933 3584 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 18:29:46.0947 3584 nfrd960 - ok 18:29:46.0993 3584 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 18:29:47.0032 3584 NlaSvc - ok 18:29:47.0074 3584 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 18:29:47.0103 3584 Npfs - ok 18:29:47.0115 3584 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 18:29:47.0151 3584 nsi - ok 18:29:47.0168 3584 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 18:29:47.0197 3584 nsiproxy - ok 18:29:47.0251 3584 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 18:29:47.0301 3584 Ntfs - ok 18:29:47.0315 3584 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 18:29:47.0343 3584 Null - ok 18:29:47.0392 3584 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 18:29:47.0404 3584 nvraid - ok 18:29:47.0454 3584 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 18:29:47.0466 3584 nvstor - ok 18:29:47.0590 3584 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 18:29:47.0605 3584 nv_agp - ok 18:29:47.0626 3584 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 18:29:47.0639 3584 ohci1394 - ok 18:29:47.0745 3584 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 18:29:47.0755 3584 ose - ok 18:29:47.0866 3584 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 18:29:47.0985 3584 osppsvc - ok 18:29:48.0092 3584 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 18:29:48.0141 3584 p2pimsvc - ok 18:29:48.0201 3584 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 18:29:48.0218 3584 p2psvc - ok 18:29:48.0275 3584 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 18:29:48.0287 3584 Parport - ok 18:29:48.0314 3584 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 18:29:48.0323 3584 partmgr - ok 18:29:48.0339 3584 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 18:29:48.0362 3584 PcaSvc - ok 18:29:48.0382 3584 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 18:29:48.0393 3584 pci - ok 18:29:48.0419 3584 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 18:29:48.0432 3584 pciide - ok 18:29:48.0461 3584 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 18:29:48.0473 3584 pcmcia - ok 18:29:48.0491 3584 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 18:29:48.0499 3584 pcw - ok 18:29:48.0578 3584 pdfcDispatcher - ok 18:29:48.0671 3584 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 18:29:48.0742 3584 PEAUTH - ok 18:29:48.0804 3584 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 18:29:48.0826 3584 PerfHost - ok 18:29:48.0970 3584 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 18:29:49.0032 3584 pla - ok 18:29:49.0096 3584 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 18:29:49.0131 3584 PlugPlay - ok 18:29:49.0142 3584 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 18:29:49.0162 3584 PNRPAutoReg - ok 18:29:49.0191 3584 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 18:29:49.0204 3584 PNRPsvc - ok 18:29:49.0228 3584 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 18:29:49.0270 3584 PolicyAgent - ok 18:29:49.0291 3584 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 18:29:49.0328 3584 Power - ok 18:29:49.0402 3584 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 18:29:49.0440 3584 PptpMiniport - ok 18:29:49.0535 3584 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 18:29:49.0565 3584 Processor - ok 18:29:49.0633 3584 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 18:29:49.0672 3584 ProfSvc - ok 18:29:49.0686 3584 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 18:29:49.0697 3584 ProtectedStorage - ok 18:29:49.0718 3584 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 18:29:49.0747 3584 Psched - ok 18:29:49.0863 3584 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 18:29:49.0918 3584 ql2300 - ok 18:29:49.0945 3584 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 18:29:49.0963 3584 ql40xx - ok 18:29:49.0990 3584 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 18:29:50.0008 3584 QWAVE - ok 18:29:50.0025 3584 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 18:29:50.0063 3584 QWAVEdrv - ok 18:29:50.0097 3584 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 18:29:50.0126 3584 RasAcd - ok 18:29:50.0175 3584 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 18:29:50.0205 3584 RasAgileVpn - ok 18:29:50.0231 3584 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 18:29:50.0265 3584 RasAuto - ok 18:29:50.0280 3584 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 18:29:50.0318 3584 Rasl2tp - ok 18:29:50.0354 3584 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 18:29:50.0386 3584 RasMan - ok 18:29:50.0401 3584 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 18:29:50.0440 3584 RasPppoe - ok 18:29:50.0458 3584 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 18:29:50.0488 3584 RasSstp - ok 18:29:50.0526 3584 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 18:29:50.0562 3584 rdbss - ok 18:29:50.0615 3584 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys 18:29:50.0629 3584 rdpbus - ok 18:29:50.0661 3584 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 18:29:50.0695 3584 RDPCDD - ok 18:29:50.0745 3584 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 18:29:50.0787 3584 RDPENCDD - ok 18:29:50.0909 3584 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 18:29:50.0937 3584 RDPREFMP - ok 18:29:51.0035 3584 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 18:29:51.0083 3584 RDPWD - ok 18:29:51.0116 3584 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 18:29:51.0128 3584 rdyboost - ok 18:29:51.0149 3584 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 18:29:51.0185 3584 RemoteAccess - ok 18:29:51.0233 3584 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 18:29:51.0270 3584 RemoteRegistry - ok 18:29:51.0323 3584 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe 18:29:51.0339 3584 RoxioNow Service - ok 18:29:51.0363 3584 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 18:29:51.0403 3584 RpcEptMapper - ok 18:29:51.0414 3584 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 18:29:51.0427 3584 RpcLocator - ok 18:29:51.0443 3584 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 18:29:51.0475 3584 RpcSs - ok 18:29:51.0526 3584 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 18:29:51.0561 3584 rspndr - ok 18:29:51.0665 3584 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys 18:29:51.0677 3584 RTL8167 - ok 18:29:51.0700 3584 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 18:29:51.0711 3584 SamSs - ok 18:29:51.0822 3584 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 18:29:51.0843 3584 sbp2port - ok 18:29:51.0871 3584 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 18:29:51.0903 3584 SCardSvr - ok 18:29:51.0937 3584 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 18:29:51.0971 3584 scfilter - ok 18:29:52.0001 3584 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 18:29:52.0056 3584 Schedule - ok 18:29:52.0101 3584 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 18:29:52.0128 3584 SCPolicySvc - ok 18:29:52.0205 3584 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 18:29:52.0239 3584 SDRSVC - ok 18:29:52.0307 3584 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 18:29:52.0318 3584 SeaPort - ok 18:29:52.0344 3584 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 18:29:52.0397 3584 secdrv - ok 18:29:52.0442 3584 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 18:29:52.0470 3584 seclogon - ok 18:29:52.0525 3584 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 18:29:52.0578 3584 SENS - ok 18:29:52.0633 3584 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 18:29:52.0671 3584 SensrSvc - ok 18:29:52.0726 3584 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys 18:29:52.0747 3584 Serenum - ok 18:29:52.0774 3584 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys 18:29:52.0795 3584 Serial - ok 18:29:52.0813 3584 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 18:29:52.0837 3584 sermouse - ok 18:29:52.0858 3584 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 18:29:52.0893 3584 SessionEnv - ok 18:29:52.0920 3584 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 18:29:52.0939 3584 sffdisk - ok 18:29:52.0947 3584 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 18:29:52.0961 3584 sffp_mmc - ok 18:29:52.0981 3584 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 18:29:52.0995 3584 sffp_sd - ok 18:29:53.0012 3584 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 18:29:53.0024 3584 sfloppy - ok 18:29:53.0064 3584 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys 18:29:53.0080 3584 Sftfs - ok 18:29:53.0180 3584 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 18:29:53.0195 3584 sftlist - ok 18:29:53.0213 3584 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys 18:29:53.0223 3584 Sftplay - ok 18:29:53.0239 3584 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys 18:29:53.0245 3584 Sftredir - ok 18:29:53.0329 3584 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys 18:29:53.0336 3584 Sftvol - ok 18:29:53.0404 3584 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 18:29:53.0422 3584 sftvsa - ok 18:29:53.0452 3584 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 18:29:53.0485 3584 SharedAccess - ok 18:29:53.0520 3584 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 18:29:53.0570 3584 ShellHWDetection - ok 18:29:53.0608 3584 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 18:29:53.0617 3584 SiSRaid2 - ok 18:29:53.0638 3584 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 18:29:53.0647 3584 SiSRaid4 - ok 18:29:53.0693 3584 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 18:29:53.0746 3584 Smb - ok 18:29:53.0790 3584 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 18:29:53.0811 3584 SNMPTRAP - ok 18:29:53.0836 3584 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 18:29:53.0843 3584 spldr - ok 18:29:53.0876 3584 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 18:29:53.0911 3584 Spooler - ok 18:29:54.0278 3584 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 18:29:54.0385 3584 sppsvc - ok 18:29:54.0399 3584 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 18:29:54.0432 3584 sppuinotify - ok 18:29:54.0489 3584 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 18:29:54.0532 3584 srv - ok 18:29:54.0557 3584 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 18:29:54.0580 3584 srv2 - ok 18:29:54.0617 3584 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 18:29:54.0630 3584 srvnet - ok 18:29:54.0669 3584 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 18:29:54.0711 3584 SSDPSRV - ok 18:29:54.0748 3584 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 18:29:54.0779 3584 SstpSvc - ok 18:29:54.0803 3584 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 18:29:54.0820 3584 stexstor - ok 18:29:54.0881 3584 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 18:29:54.0903 3584 stisvc - ok 18:29:54.0937 3584 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 18:29:54.0944 3584 swenum - ok 18:29:54.0964 3584 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 18:29:55.0004 3584 swprv - ok 18:29:55.0095 3584 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 18:29:55.0158 3584 SysMain - ok 18:29:55.0184 3584 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 18:29:55.0205 3584 TabletInputService - ok 18:29:55.0226 3584 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 18:29:55.0261 3584 TapiSrv - ok 18:29:55.0287 3584 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 18:29:55.0316 3584 TBS - ok 18:29:55.0535 3584 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 18:29:55.0590 3584 Tcpip - ok 18:29:55.0651 3584 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 18:29:55.0681 3584 TCPIP6 - ok 18:29:55.0800 3584 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 18:29:55.0832 3584 tcpipreg - ok 18:29:55.0850 3584 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 18:29:55.0862 3584 TDPIPE - ok 18:29:55.0894 3584 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 18:29:55.0915 3584 TDTCP - ok 18:29:55.0935 3584 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 18:29:55.0963 3584 tdx - ok 18:29:55.0991 3584 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 18:29:55.0999 3584 TermDD - ok 18:29:56.0043 3584 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 18:29:56.0088 3584 TermService - ok 18:29:56.0101 3584 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 18:29:56.0117 3584 Themes - ok 18:29:56.0145 3584 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 18:29:56.0174 3584 THREADORDER - ok 18:29:56.0186 3584 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 18:29:56.0217 3584 TrkWks - ok 18:29:56.0235 3584 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 18:29:56.0273 3584 TrustedInstaller - ok 18:29:56.0284 3584 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 18:29:56.0317 3584 tssecsrv - ok 18:29:56.0360 3584 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 18:29:56.0381 3584 TsUsbFlt - ok 18:29:56.0409 3584 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 18:29:56.0420 3584 TsUsbGD - ok 18:29:56.0470 3584 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 18:29:56.0507 3584 tunnel - ok 18:29:56.0522 3584 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 18:29:56.0537 3584 uagp35 - ok 18:29:56.0558 3584 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 18:29:56.0599 3584 udfs - ok 18:29:56.0634 3584 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 18:29:56.0648 3584 UI0Detect - ok 18:29:56.0697 3584 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 18:29:56.0706 3584 uliagpkx - ok 18:29:56.0751 3584 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 18:29:56.0762 3584 umbus - ok 18:29:56.0793 3584 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 18:29:56.0815 3584 UmPass - ok 18:29:56.0836 3584 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 18:29:56.0876 3584 upnphost - ok 18:29:56.0947 3584 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 18:29:56.0965 3584 usbccgp - ok 18:29:56.0986 3584 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 18:29:57.0001 3584 usbcir - ok 18:29:57.0017 3584 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 18:29:57.0033 3584 usbehci - ok 18:29:57.0052 3584 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\drivers\usbfilter.sys 18:29:57.0060 3584 usbfilter - ok 18:29:57.0079 3584 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 18:29:57.0104 3584 usbhub - ok 18:29:57.0120 3584 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys 18:29:57.0136 3584 usbohci - ok 18:29:57.0193 3584 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 18:29:57.0212 3584 usbprint - ok 18:29:57.0226 3584 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 18:29:57.0240 3584 usbscan - ok 18:29:57.0261 3584 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:29:57.0288 3584 USBSTOR - ok 18:29:57.0309 3584 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 18:29:57.0329 3584 usbuhci - ok 18:29:57.0352 3584 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 18:29:57.0392 3584 UxSms - ok 18:29:57.0411 3584 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 18:29:57.0422 3584 VaultSvc - ok 18:29:57.0485 3584 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 18:29:57.0494 3584 vdrvroot - ok 18:29:57.0511 3584 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 18:29:57.0552 3584 vds - ok 18:29:57.0597 3584 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 18:29:57.0611 3584 vga - ok 18:29:57.0668 3584 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 18:29:57.0706 3584 VgaSave - ok 18:29:57.0730 3584 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 18:29:57.0741 3584 vhdmp - ok 18:29:57.0769 3584 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 18:29:57.0778 3584 viaide - ok 18:29:57.0795 3584 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 18:29:57.0804 3584 volmgr - ok 18:29:57.0826 3584 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 18:29:57.0840 3584 volmgrx - ok 18:29:57.0854 3584 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 18:29:57.0867 3584 volsnap - ok 18:29:57.0889 3584 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 18:29:57.0899 3584 vsmraid - ok 18:29:57.0955 3584 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 18:29:58.0017 3584 VSS - ok 18:29:58.0041 3584 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 18:29:58.0066 3584 vwifibus - ok 18:29:58.0118 3584 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 18:29:58.0152 3584 W32Time - ok 18:29:58.0177 3584 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 18:29:58.0193 3584 WacomPen - ok 18:29:58.0240 3584 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 18:29:58.0273 3584 WANARP - ok 18:29:58.0277 3584 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 18:29:58.0304 3584 Wanarpv6 - ok 18:29:58.0372 3584 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 18:29:58.0423 3584 WatAdminSvc - ok 18:29:58.0455 3584 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 18:29:58.0509 3584 wbengine - ok 18:29:58.0526 3584 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 18:29:58.0544 3584 WbioSrvc - ok 18:29:58.0612 3584 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 18:29:58.0644 3584 wcncsvc - ok 18:29:58.0663 3584 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 18:29:58.0680 3584 WcsPlugInService - ok 18:29:58.0716 3584 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 18:29:58.0728 3584 Wd - ok 18:29:58.0767 3584 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 18:29:58.0785 3584 Wdf01000 - ok 18:29:58.0798 3584 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 18:29:58.0871 3584 WdiServiceHost - ok 18:29:58.0874 3584 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 18:29:58.0890 3584 WdiSystemHost - ok 18:29:58.0929 3584 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 18:29:58.0948 3584 WebClient - ok 18:29:58.0991 3584 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 18:29:59.0036 3584 Wecsvc - ok 18:29:59.0074 3584 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 18:29:59.0112 3584 wercplsupport - ok 18:29:59.0157 3584 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 18:29:59.0187 3584 WerSvc - ok 18:29:59.0225 3584 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 18:29:59.0254 3584 WfpLwf - ok 18:29:59.0286 3584 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 18:29:59.0295 3584 WIMMount - ok 18:29:59.0311 3584 WinDefend - ok 18:29:59.0319 3584 WinHttpAutoProxySvc - ok 18:29:59.0360 3584 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 18:29:59.0391 3584 Winmgmt - ok 18:29:59.0433 3584 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 18:29:59.0502 3584 WinRM - ok 18:29:59.0600 3584 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 18:29:59.0614 3584 WinUsb - ok 18:29:59.0746 3584 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 18:29:59.0798 3584 Wlansvc - ok 18:29:59.0869 3584 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 18:29:59.0881 3584 wlcrasvc - ok 18:29:59.0968 3584 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 18:30:00.0025 3584 wlidsvc - ok 18:30:00.0049 3584 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 18:30:00.0062 3584 WmiAcpi - ok 18:30:00.0108 3584 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 18:30:00.0136 3584 wmiApSrv - ok 18:30:00.0178 3584 WMPNetworkSvc - ok 18:30:00.0217 3584 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 18:30:00.0230 3584 WPCSvc - ok 18:30:00.0247 3584 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 18:30:00.0262 3584 WPDBusEnum - ok 18:30:00.0280 3584 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 18:30:00.0308 3584 ws2ifsl - ok 18:30:00.0344 3584 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 18:30:00.0369 3584 wscsvc - ok 18:30:00.0376 3584 WSearch - ok 18:30:00.0522 3584 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 18:30:00.0603 3584 wuauserv - ok 18:30:00.0634 3584 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 18:30:00.0671 3584 WudfPf - ok 18:30:00.0730 3584 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 18:30:00.0760 3584 WUDFRd - ok 18:30:00.0793 3584 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 18:30:00.0822 3584 wudfsvc - ok 18:30:00.0879 3584 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 18:30:00.0917 3584 WwanSvc - ok 18:30:00.0965 3584 MBR (0x1B8) (6f9dd6ab827c8b46cad334291946f201) \Device\Harddisk0\DR0 18:30:02.0686 3584 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 18:30:02.0686 3584 \Device\Harddisk0\DR0 - detected TDSS File System (1) 18:30:02.0703 3584 Boot (0x1200) (b920e4bc4db2a2f85672de53afd62e83) \Device\Harddisk0\DR0\Partition0 18:30:02.0705 3584 \Device\Harddisk0\DR0\Partition0 - ok 18:30:02.0716 3584 Boot (0x1200) (6c565c6c6da482cbbc6f595924924585) \Device\Harddisk0\DR0\Partition1 18:30:02.0726 3584 \Device\Harddisk0\DR0\Partition1 - ok 18:30:02.0750 3584 Boot (0x1200) (bff80509c2c7cfccb6c9f2aed897ec2b) \Device\Harddisk0\DR0\Partition2 18:30:02.0751 3584 \Device\Harddisk0\DR0\Partition2 - ok 18:30:02.0751 3584 ============================================================ 18:30:02.0751 3584 Scan finished 18:30:02.0751 3584 ============================================================ 18:30:02.0762 3100 Detected object count: 1 18:30:02.0762 3100 Actual detected object count: 1 18:30:14.0697 3100 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 18:30:14.0699 3100 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine 18:30:14.0712 3100 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 18:30:14.0718 3100 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 18:30:14.0732 3100 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 18:30:14.0741 3100 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine 18:30:14.0742 3100 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 18:30:14.0743 3100 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 18:30:14.0745 3100 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 18:30:14.0747 3100 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 18:30:14.0750 3100 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine 18:30:14.0751 3100 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 18:30:14.0752 3100 \Device\Harddisk0\DR0\TDLFS - deleted 18:30:14.0752 3100 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete