headinhome
-
Posts
35 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by headinhome
-
-
ok, great... one more issue. my excel and word starter 2010 are not working now. they say "microsoft excel starter 2010 cannot be opened. try again or repair product in control panel" when you click to open them. any ideas... probably been a week or more since i used them and they worked fine then.
thanks,
scott
-
ok, good. thanks!
-
-
thank! just let me know if there's anything else.
scott
-
seems to be ok.
-
MBRScan v1.1.1
OS : Windows 7 Service Pack 1 (64 bit)
PROCESSOR : AMD64 Family 16 Model 5 Stepping 3, AuthenticAMD
BOOT : Normal Boot
DATE : 2012/04/06 (ISO 8601) at 21:09:50
________________________________________________________________________________
DISK : Device\Harddisk0\DR0 __ST310005 28AS (HP40)
BUS_TYPE : (0x0B) S-ATA
USE_PIO : YES
MAX_TRANSFER : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________
Device\Harddisk0\DR0 931.5 Go [Fixed] ==> 7 MBR Code... ==> PARTITION TABLE FAKED !!
MBR_MD5 : 58E87BBCCBDDC74DABA40B61BBF22A8A
MBR_SHA1 : C449B09F46442F05567C07895A61479C0039B25B
Device\Harddisk0\Partition1 100.0 Mo 0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2 920.3 Go 0x07 NTFS / HPFS
Device\Harddisk0\Partition3 11.16 Go 0x07 NTFS / HPFS
________________________________________________________________________________
############################### Additional scan ################################
DRIVER : C:\Windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x031F4000
SIZE : 292.0 Ko
DRIVER : C:\Windows\system32\kdcom.dll => Invisible on the disk
ADDRESS : 0x00BD3000
SIZE : 40.0 Ko
DRIVER : C:\Windows\system32\mcupdate_AuthenticAMD.dll => Invisible on the disk
ADDRESS : 0x00C29000
SIZE : 52.0 Ko
DRIVER : C:\Windows\system32\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00C4A000
SIZE : 376.0 Ko
DRIVER : C:\Windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00CA8000
SIZE : 768.0 Ko
DRIVER : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x00E52000
SIZE : 656.0 Ko
DRIVER : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x00EF6000
SIZE : 60.0 Ko
DRIVER : C:\Windows\system32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0x00F05000
SIZE : 348.0 Ko
DRIVER : C:\Windows\system32\drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x00F5C000
SIZE : 36.0 Ko
DRIVER : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0x00F65000
SIZE : 40.0 Ko
DRIVER : C:\Windows\system32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0x00F6F000
SIZE : 204.0 Ko
DRIVER : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x00FA2000
SIZE : 52.0 Ko
DRIVER : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x00FAF000
SIZE : 84.0 Ko
DRIVER : C:\Windows\system32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0x00FC4000
SIZE : 84.0 Ko
DRIVER : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x00D68000
SIZE : 368.0 Ko
DRIVER : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x00FD9000
SIZE : 104.0 Ko
DRIVER : C:\Windows\system32\drivers\amd_sata.sys => Invisible on the disk
ADDRESS : 0x00E00000
SIZE : 88.0 Ko
DRIVER : C:\Windows\system32\drivers\storport.sys => Invisible on the disk
ADDRESS : 0x0104C000
SIZE : 396.0 Ko
DRIVER : C:\Windows\system32\drivers\amd_xata.sys => Invisible on the disk
ADDRESS : 0x010AF000
SIZE : 52.0 Ko
DRIVER : C:\Windows\system32\drivers\amdxata.sys => Invisible on the disk
ADDRESS : 0x010BC000
SIZE : 44.0 Ko
DRIVER : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x010C7000
SIZE : 304.0 Ko
DRIVER : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x01113000
SIZE : 80.0 Ko
DRIVER : C:\Windows\system32\drivers\mfehidk.sys => Invisible on the disk
ADDRESS : 0x01127000
SIZE : 624.0 Ko
DRIVER : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x01224000
SIZE : 1.64 Mo
DRIVER : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x01426000
SIZE : 376.0 Ko
DRIVER : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x01484000
SIZE : 108.0 Ko
DRIVER : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x0149F000
SIZE : 456.0 Ko
DRIVER : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x01511000
SIZE : 68.0 Ko
DRIVER : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x01522000
SIZE : 40.0 Ko
DRIVER : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x0161B000
SIZE : 972.0 Ko
DRIVER : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x0170E000
SIZE : 384.0 Ko
DRIVER : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x0176E000
SIZE : 172.0 Ko
DRIVER : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x01826000
SIZE : 2.02 Mo
DRIVER : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x01A2A000
SIZE : 296.0 Ko
DRIVER : C:\Windows\system32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0x01A74000
SIZE : 304.0 Ko
DRIVER : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk
ADDRESS : 0x01AC0000
SIZE : 32.0 Ko
DRIVER : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x01AC8000
SIZE : 232.0 Ko
DRIVER : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x01B02000
SIZE : 72.0 Ko
DRIVER : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk
ADDRESS : 0x01B14000
SIZE : 36.0 Ko
DRIVER : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x01B1D000
SIZE : 232.0 Ko
DRIVER : C:\Windows\system32\drivers\disk.sys => Invisible on the disk
ADDRESS : 0x01B57000
SIZE : 88.0 Ko
DRIVER : C:\Windows\system32\drivers\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x01B6D000
SIZE : 192.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\avgrkx64.sys => Invisible on the disk
ADDRESS : 0x01B9D000
SIZE : 48.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\avgidseha.sys => Invisible on the disk
ADDRESS : 0x01BA9000
SIZE : 40.0 Ko
DRIVER : C:\Windows\system32\drivers\AtiPcie64.sys => Invisible on the disk
ADDRESS : 0x01BB3000
SIZE : 32.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\cdrom.sys => Invisible on the disk
ADDRESS : 0x01799000
SIZE : 168.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\avgmfx64.sys => Invisible on the disk
ADDRESS : 0x01800000
SIZE : 64.0 Ko
DRIVER : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x01810000
SIZE : 36.0 Ko
DRIVER : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x01819000
SIZE : 28.0 Ko
DRIVER : C:\Windows\System32\drivers\vga.sys => Invisible on the disk
ADDRESS : 0x017C3000
SIZE : 56.0 Ko
DRIVER : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
ADDRESS : 0x017D1000
SIZE : 148.0 Ko
DRIVER : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x01600000
SIZE : 64.0 Ko
DRIVER : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk
ADDRESS : 0x01610000
SIZE : 36.0 Ko
DRIVER : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk
ADDRESS : 0x017F6000
SIZE : 36.0 Ko
DRIVER : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk
ADDRESS : 0x0152C000
SIZE : 36.0 Ko
DRIVER : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x01535000
SIZE : 44.0 Ko
DRIVER : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x01540000
SIZE : 68.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x01551000
SIZE : 136.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x01573000
SIZE : 52.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\avgtdia.sys => Invisible on the disk
ADDRESS : 0x01580000
SIZE : 388.0 Ko
DRIVER : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x01000000
SIZE : 276.0 Ko
DRIVER : C:\Windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x02E67000
SIZE : 548.0 Ko
DRIVER : C:\Windows\system32\drivers\ws2ifsl.sys => Invisible on the disk
ADDRESS : 0x02EF0000
SIZE : 44.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk
ADDRESS : 0x02EFB000
SIZE : 36.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x02F04000
SIZE : 152.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x02F2A000
SIZE : 60.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
ADDRESS : 0x02F39000
SIZE : 108.0 Ko
DRIVER : C:\Windows\system32\drivers\termdd.sys => Invisible on the disk
ADDRESS : 0x02F54000
SIZE : 80.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x02F68000
SIZE : 324.0 Ko
DRIVER : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x02FB9000
SIZE : 48.0 Ko
DRIVER : C:\Windows\system32\drivers\mssmbios.sys => Invisible on the disk
ADDRESS : 0x02FC5000
SIZE : 44.0 Ko
DRIVER : C:\Windows\System32\drivers\discache.sys => Invisible on the disk
ADDRESS : 0x02FD0000
SIZE : 60.0 Ko
DRIVER : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x02FDF000
SIZE : 120.0 Ko
DRIVER : C:\Windows\system32\drivers\blbdrive.sys => Invisible on the disk
ADDRESS : 0x02E00000
SIZE : 68.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\avgldx64.sys => Invisible on the disk
ADDRESS : 0x02E11000
SIZE : 300.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x01400000
SIZE : 152.0 Ko
DRIVER : C:\Windows\system32\drivers\amdppm.sys => Invisible on the disk
ADDRESS : 0x015E1000
SIZE : 84.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\atikmpag.sys => Invisible on the disk
ADDRESS : 0x011C3000
SIZE : 236.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\atikmdag.sys => Invisible on the disk
ADDRESS : 0x04A9C000
SIZE : 6.79 Mo
DRIVER : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x040D6000
SIZE : 976.0 Ko
DRIVER : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x04000000
SIZE : 280.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x04046000
SIZE : 144.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\Rt64win7.sys => Invisible on the disk
ADDRESS : 0x0406A000
SIZE : 412.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\usbohci.sys => Invisible on the disk
ADDRESS : 0x041CA000
SIZE : 44.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x05167000
SIZE : 344.0 Ko
DRIVER : C:\Windows\system32\drivers\usbfilter.sys => Invisible on the disk
ADDRESS : 0x041D5000
SIZE : 52.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\usbehci.sys => Invisible on the disk
ADDRESS : 0x041E2000
SIZE : 68.0 Ko
DRIVER : C:\Windows\system32\drivers\wmiacpi.sys => Invisible on the disk
ADDRESS : 0x041F3000
SIZE : 36.0 Ko
DRIVER : C:\Windows\system32\drivers\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x051BD000
SIZE : 64.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
ADDRESS : 0x051CD000
SIZE : 88.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
ADDRESS : 0x04A00000
SIZE : 144.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
ADDRESS : 0x04A24000
SIZE : 48.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
ADDRESS : 0x04A30000
SIZE : 188.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
ADDRESS : 0x04A5F000
SIZE : 108.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
ADDRESS : 0x04A7A000
SIZE : 132.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
ADDRESS : 0x051E3000
SIZE : 104.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\kbdclass.sys => Invisible on the disk
ADDRESS : 0x013C7000
SIZE : 60.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\mouclass.sys => Invisible on the disk
ADDRESS : 0x013D6000
SIZE : 60.0 Ko
DRIVER : C:\Windows\system32\drivers\swenum.sys => Invisible on the disk
ADDRESS : 0x041FC000
SIZE : 8.0 Ko
DRIVER : C:\Windows\system32\drivers\ks.sys => Invisible on the disk
ADDRESS : 0x04439000
SIZE : 268.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\umbus.sys => Invisible on the disk
ADDRESS : 0x0447C000
SIZE : 72.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the disk
ADDRESS : 0x0448E000
SIZE : 360.0 Ko
DRIVER : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
ADDRESS : 0x044E8000
SIZE : 84.0 Ko
DRIVER : C:\Windows\system32\drivers\HdAudio.sys => Invisible on the disk
ADDRESS : 0x044FD000
SIZE : 368.0 Ko
DRIVER : C:\Windows\system32\drivers\portcls.sys => Invisible on the disk
ADDRESS : 0x04559000
SIZE : 244.0 Ko
DRIVER : C:\Windows\system32\drivers\drmk.sys => Invisible on the disk
ADDRESS : 0x04596000
SIZE : 136.0 Ko
DRIVER : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x045B8000
SIZE : 24.0 Ko
DRIVER : C:\Windows\system32\drivers\RTKVHD64.sys => Invisible on the disk
ADDRESS : 0x06675000
SIZE : 2.44 Mo
DRIVER : C:\Windows\system32\DRIVERS\cdfs.sys => Invisible on the disk
ADDRESS : 0x068E6000
SIZE : 116.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk
ADDRESS : 0x06903000
SIZE : 116.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the disk
ADDRESS : 0x06920000
SIZE : 8.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\HIDPARSE.SYS => Invisible on the disk
ADDRESS : 0x06949000
SIZE : 36.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\USBSTOR.SYS => Invisible on the disk
ADDRESS : 0x0696D000
SIZE : 108.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\usbprint.sys => Invisible on the disk
ADDRESS : 0x06988000
SIZE : 48.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\usbscan.sys => Invisible on the disk
ADDRESS : 0x06994000
SIZE : 68.0 Ko
DRIVER : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x069A5000
SIZE : 56.0 Ko
DRIVER : C:\Windows\System32\Drivers\dump_diskdump.sys => Invisible on the disk
ADDRESS : 0x069B3000
SIZE : 40.0 Ko
DRIVER : C:\Windows\System32\Drivers\dump_amd_sata.sys => Invisible on the disk
ADDRESS : 0x069BD000
SIZE : 88.0 Ko
DRIVER : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x069D3000
SIZE : 76.0 Ko
DRIVER : C:\Windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x00030000
SIZE : 3.08 Mo
DRIVER : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk
ADDRESS : 0x069E6000
SIZE : 48.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the disk
ADDRESS : 0x069F2000
SIZE : 56.0 Ko
DRIVER : C:\Windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x00510000
SIZE : 40.0 Ko
DRIVER : C:\Windows\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x007C0000
SIZE : 156.0 Ko
DRIVER : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x06600000
SIZE : 140.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\Sftvollh.sys => Invisible on the disk
ADDRESS : 0x06623000
SIZE : 44.0 Ko
DRIVER : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the disk
ADDRESS : 0x0662E000
SIZE : 132.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
ADDRESS : 0x0664F000
SIZE : 84.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the disk
ADDRESS : 0x03C68000
SIZE : 332.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk
ADDRESS : 0x03CBB000
SIZE : 76.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
ADDRESS : 0x03CCE000
SIZE : 96.0 Ko
DRIVER : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x03CE6000
SIZE : 804.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x03DAF000
SIZE : 120.0 Ko
DRIVER : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x03DCD000
SIZE : 96.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x03C00000
SIZE : 180.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x05631000
SIZE : 312.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x0567F000
SIZE : 144.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\avgidsfiltera.sys => Invisible on the disk
ADDRESS : 0x056A3000
SIZE : 44.0 Ko
DRIVER : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x056AE000
SIZE : 664.0 Ko
DRIVER : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the disk
ADDRESS : 0x05754000
SIZE : 44.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\Sftfslh.sys => Invisible on the disk
ADDRESS : 0x0828B000
SIZE : 772.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\Sftplaylh.sys => Invisible on the disk
ADDRESS : 0x0834C000
SIZE : 308.0 Ko
DRIVER : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x08399000
SIZE : 196.0 Ko
DRIVER : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x083CA000
SIZE : 72.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\avgidsdrivera.sys => Invisible on the disk
ADDRESS : 0x08200000
SIZE : 176.0 Ko
DRIVER : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x0575F000
SIZE : 420.0 Ko
DRIVER : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x09226000
SIZE : 608.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\Sftredirlh.sys => Invisible on the disk
ADDRESS : 0x092BE000
SIZE : 44.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\WUDFRd.sys => Invisible on the disk
ADDRESS : 0x092C9000
SIZE : 196.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\hidusb.sys => Invisible on the disk
ADDRESS : 0x0936B000
SIZE : 56.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\HIDCLASS.SYS => Invisible on the disk
ADDRESS : 0x09379000
SIZE : 100.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\kbdhid.sys => Invisible on the disk
ADDRESS : 0x09392000
SIZE : 56.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\mouhid.sys => Invisible on the disk
ADDRESS : 0x093A0000
SIZE : 52.0 Ko
DRIVER : C:\Windows\System32\smss.exe => Invisible on the disk
ADDRESS : 0x47820000
SIZE : 128.0 Ko
BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)
SystemStartOptions : NOEXECUTE=OPTIN
________________________________________________________________________________
_____FAKED \Device\Harddisk0\DR0
0x00000000 33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00 3À.м.|.À.ؾ.|¿.
0x00000010 06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00 .¹..üó¤Ph..Ëû¹..
0x00000020 BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10 ½¾..~..|......Å.
0x00000030 E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00 âñÍ..V.UÆF..ÆF..
0x00000040 B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09 ´A»ªUÍ.]r..ûUªu.
0x00000050 F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74 ÷Á..t.þF.f`.~..t
0x00000060 26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00 &fh....f.v.h..h.
0x00000070 7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13 |h..h..´B.V..ôÍ.
0x00000080 9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00 ..Ä..Ë.¸..».|.V.
0x00000090 8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE .v..N..n.Í.fas.þ
0x000000A0 4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84 N.u..~......².Ë.
0x000000B0 55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55 U2Ä.V.Í.]Ë..>þ}U
0x000000C0 AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64 ªun.v.è..u.ú°ñÆd
0x000000D0 E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75 è..°ßÆ`è|.°.Ædèu
0x000000E0 00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54 .û¸.»Í.f#Àu;f.ûT
0x000000F0 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00 CPAu2.ù..r,fh.».
0x00000100 00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66 .fh....fh....fSf
0x00000110 53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66 SfUfh....fh.|..f
0x00000120 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD ah...Í.Z2öê.|..Í
0x00000130 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4 ..·.Ë..¶.Ë..µ.2Ä
0x00000140 05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD ....Ь<.t.»..´.Í
0x00000150 10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8 .ËòôËý+ÉÄdË.$.ÀØ
0x00000160 24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 $.ÃInvalid parti
0x00000170 74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 tion table.Error
0x00000180 20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 loading operati
0x00000190 6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E ng system.Missin
0x000001A0 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst
0x000001B0 65 6D 00 00 00 63 7B 9A 26 59 A2 C2 00 00 80 FE em...c{.&Y¢â...þ
0x000001C0 FF FF 07 FE FF FF 00 68 FD 0C 00 60 09 00 00 00 ...þ...hý..`....
0x000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª
__ORIGINAL \Device\Harddisk0\DR0
0x00000000 33 C0 8E D0 BC 00 7C FB 8E C0 8E D8 8B F4 BF 00 3À.м.|û.À.Ø.ô¿.
0x00000010 06 B9 00 02 FC F3 A4 EA 60 06 00 00 00 00 00 00 .¹..üó¤ê`.......
0x00000020 52 65 63 6F 76 65 72 79 4D 67 72 20 00 40 0B 73 RecoveryMgr .@.s
0x00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0D 0A ................
0x00000050 00 00 00 00 57 00 00 00 FF FF FF FF FF FF FF FF ....W...........
0x00000060 86 4C BD BE 30 06 AC B4 0E 33 DB CD 10 0A C0 75 .L½¾0.¬´.3ûÍ..Àu
0x00000070 F5 E3 0B FE 06 13 06 53 53 E8 70 00 EB 39 B4 11 õÃ.þ...SSèp.Ë9´.
0x00000080 CD 16 74 2D B4 10 CD 16 80 FC 85 75 F1 3C 00 75 Í.t-´.Í..ü.uñ<.u
0x00000090 ED EB 24 8B 16 6C 04 FA 66 A1 1C 06 BF 54 06 B1 ÍË$..l.úf¡..¿T.±
0x000000A0 03 F2 66 AF FB 3D 00 00 6C 04 2B C2 83 F8 24 76 .òf¯û=..l.+â.Ø$v
0x000000B0 E6 B0 01 84 C0 75 1C BB C6 7D 66 8B 37 66 8B 3E Æ°..Àu.»Æ}f.7f.>
0x000000C0 2C 06 66 3B F7 74 07 80 C3 10 73 EE EB 05 BB 28 ,.f;÷t..Ã.sîË.»(
0x000000D0 06 EB 10 BB C2 7D 80 7F FC 00 78 07 80 C3 10 73 .Ë.»â}..ü.x..Ã.s
0x000000E0 F5 EB FE 66 FF 77 04 E8 02 00 FF E4 C8 10 00 00 õËþf.w.è...Äè...
0x000000F0 B4 08 B2 80 CD 13 8A C1 24 3F FE C6 8A D8 F6 E6 ´.².Í..Á$?þÆ.ØöÆ
0x00000100 C0 E9 06 86 CD 41 91 F7 E1 39 56 06 8B 56 06 8B ÀÉ..ÍA.÷Á9V..V..
0x00000110 46 04 73 1C F7 F1 91 92 F6 F3 86 CD C0 E1 06 02 F.s.÷ñ..öó.ÍÀÁ..
0x00000120 CC 41 8A F0 B8 01 02 BB 00 7C 86 26 13 06 EB 14 ÌA.и..».|.&..Ë.
0x00000130 83 C4 10 0E 0E 52 50 0E 68 00 7C 6A 01 6A 10 8B .Ä...RP.h.|j.j..
0x00000140 F4 B8 00 42 B2 80 CD 13 C9 C2 04 00 1E 50 53 0E ô¸.B².Í.Éâ...PS.
0x00000150 1F BB 1B 06 A0 17 04 24 0F 88 47 04 E4 60 3C E0 .».....$..G.Ä`<À
0x00000160 74 1A 3C 1D 74 10 3C 2A 74 0C 3C 36 74 08 3C 38 t.<.t.<*t.<6t.<8
0x00000170 74 04 84 C0 79 06 66 83 27 00 EB 06 FE 07 02 1F t..Ày.f.'.Ë.þ...
0x00000180 88 07 5B 58 1F EA 00 00 00 00 00 00 00 00 00 00 ..[X.ê..........
0x00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001B0 00 00 00 00 00 00 00 00 0D 59 A2 C2 00 00 80 20 .........Y¢â...
0x000001C0 21 00 07 DF 13 0C 00 08 00 00 00 20 03 00 00 DF !..ß....... ...ß
0x000001D0 14 0C 07 FE FF FF 00 28 03 00 00 18 08 73 00 FE ...þ...(.....s.þ
0x000001E0 FF FF 07 FE FF FF 00 40 0B 73 00 20 65 01 00 00 ...þ...@.s. e...
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª -
ListParts by Farbar Version: 12-03-2012 03
Ran by Aug-11 (administrator) on 06-04-2012 at 21:05:31
Windows 7 (X64)
Running From: C:\Users\Aug-11\Desktop
Language: 0409
************************************************************
========================= Memory info ======================
Percentage of memory in use: 44%
Total physical RAM: 5887.29 MB
Available physical RAM: 3291.63 MB
Total Pagefile: 11772.76 MB
Available Pagefile: 7486.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:920.25 GB) (Free:720.81 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:11.16 GB) (Free:1.36 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 920 GB 101 MB
Partition 3 Primary 11 GB 920 GB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM NTFS Partition 100 MB Healthy System (partition with boot components)
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 920 GB Healthy Boot
======================================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D HP_RECOVERY NTFS Partition 11 GB Healthy
======================================================================================================
****** End Of Log ******
-
will do... post back shortly.
thanks.
-
ok, i don't get it. i don't have any drives plugged in. only 3 usb are currently in - mouse, keyboard and printer. i ran it again after i double checked just to make sure and it still shows those...
RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Aug-11 [Admin rights]
Mode: Scan -- Date: 04/06/2012 17:23:10
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 3 ¤¤¤
[sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}.job @ : C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : Root.MBR ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST310005 28AS SATA Disk Device +++++
--- User ---
[MBR] 4664794ea9b3e1381cc1903ffa268820
[bSP] 4380b6c166e94d201c68450087fc3aec : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942339 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930117120 | Size: 11428 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 58e87bbccbddc74daba40b61bbf22a8a
[bSP] 774670e719613688107af143ed71084f : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 217933824 | Size: 300 Mo
+++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[13].txt >>
RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[1].txt ;
RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ;
RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt
-
ok, maybe my isp has their stuff fixed as i was able to get on google and bing etc this morning. no redirects on either.
everything looks good to me. (but hey, i can't even post in the right thread 1/2 the time, so what do i know
)let me know if you see anything else that need taken care of and one more time... thanks so much for your help!
scott
-
seems to be running ok, but until my isp gets there issue fixed i can't get on google or bing to test the redirect problem. when i called my isp today they said check back with them tomorrow. so i will have to wait and see on that. i just did a reboot. downloaded and ran a new roguekill. still says infected...
RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Aug-11 [Admin rights]
Mode: Scan -- Date: 04/05/2012 20:57:05
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 3 ¤¤¤
[sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}.job @ : C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : Root.MBR ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST310005 28AS SATA Disk Device +++++
--- User ---
[MBR] 4664794ea9b3e1381cc1903ffa268820
[bSP] 4380b6c166e94d201c68450087fc3aec : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942339 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930117120 | Size: 11428 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 58e87bbccbddc74daba40b61bbf22a8a
[bSP] 774670e719613688107af143ed71084f : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 217933824 | Size: 300 Mo
+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[10].txt >>
RKreport[10].txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ;
RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt
-
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.04.05.11
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Aug-11 :: AUG-11-HP [administrator]
4/5/2012 7:21:51 PM
mbam-log-2012-04-05 (19-21-51).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196657
Time elapsed: 2 minute(s), 46 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
All processes killed
========== OTL ==========
========== FILES ==========
C:\Users\Aug-11\AppData\Roaming\Adobe\Flash Player\NativeCache\F0928C8124B77479D780B2CCBD010F48\60014acf\adobecp-200489-1.dll moved successfully.
========== COMMANDS ==========
[EMPTYJAVA]
User: All Users
User: Aug-11
->Java cache emptied: 1611902 bytes
User: Default
User: Default User
User: Public
Total Java Files Cleaned = 2.00 mb
[EMPTYTEMP]
User: All Users
User: Aug-11
->Temp folder emptied: 70287671 bytes
->Temporary Internet Files folder emptied: 2784041 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 71549574 bytes
->Flash cache emptied: 43858 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 107552 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 86591 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67496 bytes
RecycleBin emptied: 8523872 bytes
Total Files Cleaned = 146.00 mb
OTL by OldTimer - Version 3.2.39.2 log created on 04052012_191255
Files\Folders moved on Reboot...
C:\Users\Aug-11\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Aug-11\AppData\Local\Temp\~DF21C7AB11FCF23389.TMP not found!
File\Folder C:\Users\Aug-11\AppData\Local\Temp\~DF5A72F4F6284379F6.TMP not found!
File\Folder C:\Users\Aug-11\AppData\Local\Temp\~DF76610AE0378C0753.TMP not found!
File\Folder C:\Users\Aug-11\AppData\Local\Temp\~DF953FA3D4F577B63B.TMP not found!
File\Folder C:\Users\Aug-11\AppData\Local\Temp\~DF97826647707B84BF.TMP not found!
File\Folder C:\Users\Aug-11\AppData\Local\Temp\~DF981A2E6ACEE9004A.TMP not found!
File\Folder C:\Users\Aug-11\AppData\Local\Temp\~DFB7D1DB8B8D46AAA0.TMP not found!
File\Folder C:\Users\Aug-11\AppData\Local\Temp\~DFF3097A9AC1671B61.TMP not found!
File\Folder C:\Users\Aug-11\AppData\Local\Temp\~DFF3F700904D8E53DA.TMP not found!
File\Folder C:\Users\Aug-11\AppData\Local\Temp\~DFF74D28587EC0363A.TMP not found!
Registry entries deleted on Reboot...
-
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-05 18:11:05
-----------------------------
18:11:05.256 OS Version: Windows x64 6.1.7601 Service Pack 1
18:11:05.256 Number of processors: 4 586 0x503
18:11:05.257 ComputerName: AUG-11-HP UserName: Aug-11
18:11:08.721 Initialize success
18:12:13.733 AVAST engine defs: 12040501
18:12:25.761 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005a
18:12:25.763 Disk 0 Vendor: ST310005 HP40 Size: 953869MB BusType: 11
18:12:25.805 Disk 0 MBR read successfully
18:12:25.807 Disk 0 MBR scan
18:12:25.811 Disk 0 unknown MBR code
18:12:25.881 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:12:25.927 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942339 MB offset 206848
18:12:25.953 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11428 MB offset 1930117120
18:12:25.999 Disk 0 scanning C:\Windows\system32\drivers
18:12:38.495 Service scanning
18:12:56.637 Modules scanning
18:12:56.642 Disk 0 trace - called modules:
18:12:56.667 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
18:12:56.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f3d790]
18:12:56.675 3 CLASSPNP.SYS[fffff880019b043f] -> nt!IofCallDriver -> [0xfffffa80059e2ac0]
18:12:56.679 5 amd_xata.sys[fffff88000fde8b4] -> nt!IofCallDriver -> \Device\0000005a[0xfffffa80059db9c0]
18:13:02.333 AVAST engine scan C:\Windows
18:13:06.545 AVAST engine scan C:\Windows\system32
18:18:30.009 AVAST engine scan C:\Windows\system32\drivers
18:18:59.880 AVAST engine scan C:\Users\Aug-11
18:22:39.966 File: C:\Users\Aug-11\AppData\Roaming\Adobe\Flash Player\NativeCache\F0928C8124B77479D780B2CCBD010F48\60014acf\adobecp-200489-1.dll **INFECTED** Win32:Malware-gen
18:23:02.438 File: C:\Users\Aug-11\Desktop\RK_Quarantine\hrapr.dll.vir **INFECTED** Win32:MalOb-KF [Cryp]
18:28:55.208 AVAST engine scan C:\ProgramData
18:30:12.860 Scan finished successfully
18:30:31.221 Disk 0 MBR has been saved successfully to "C:\Users\Aug-11\Desktop\MBR.dat"
18:30:31.226 The log file has been saved successfully to "C:\Users\Aug-11\Desktop\aswMBR.txt"
-
RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Aug-11 [Admin rights]
Mode: Scan -- Date: 04/05/2012 14:17:16
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 3 ¤¤¤
[sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}.job @ : C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : Root.MBR ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST310005 28AS SATA Disk Device +++++
--- User ---
[MBR] 4664794ea9b3e1381cc1903ffa268820
[bSP] 4380b6c166e94d201c68450087fc3aec : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942339 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930117120 | Size: 11428 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 58e87bbccbddc74daba40b61bbf22a8a
[bSP] 774670e719613688107af143ed71084f : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 217933824 | Size: 300 Mo
+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[8].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt
-
14:08:05.0304 4124 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
14:08:05.0676 4124 ============================================================
14:08:05.0676 4124 Current date / time: 2012/04/05 14:08:05.0676
14:08:05.0676 4124 SystemInfo:
14:08:05.0676 4124
14:08:05.0676 4124 OS Version: 6.1.7601 ServicePack: 1.0
14:08:05.0676 4124 Product type: Workstation
14:08:05.0676 4124 ComputerName: AUG-11-HP
14:08:05.0677 4124 UserName: Aug-11
14:08:05.0677 4124 Windows directory: C:\Windows
14:08:05.0677 4124 System windows directory: C:\Windows
14:08:05.0677 4124 Running under WOW64
14:08:05.0677 4124 Processor architecture: Intel x64
14:08:05.0677 4124 Number of processors: 4
14:08:05.0677 4124 Page size: 0x1000
14:08:05.0677 4124 Boot type: Normal boot
14:08:05.0677 4124 ============================================================
14:08:08.0156 4124 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:08:08.0252 4124 \Device\Harddisk0\DR0:
14:08:08.0252 4124 MBR used
14:08:08.0252 4124 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:08:08.0252 4124 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x73081800
14:08:08.0252 4124 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x730B4000, BlocksNum 0x1652000
14:08:08.0330 4124 Initialize success
14:08:08.0330 4124 ============================================================
14:09:48.0132 4940 ============================================================
14:09:48.0132 4940 Scan started
14:09:48.0132 4940 Mode: Manual; SigCheck; TDLFS;
14:09:48.0132 4940 ============================================================
14:09:49.0084 4940 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:09:49.0162 4940 1394ohci - ok
14:09:49.0193 4940 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:09:49.0209 4940 ACPI - ok
14:09:49.0224 4940 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:09:49.0302 4940 AcpiPmi - ok
14:09:49.0380 4940 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:09:49.0396 4940 adp94xx - ok
14:09:49.0427 4940 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:09:49.0443 4940 adpahci - ok
14:09:49.0521 4940 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:09:49.0536 4940 adpu320 - ok
14:09:49.0646 4940 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:09:49.0708 4940 AeLookupSvc - ok
14:09:49.0770 4940 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:09:49.0802 4940 AFD - ok
14:09:49.0942 4940 AffinegyService (b29bc445561f1ac7b1daf67af954c36b) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
14:09:49.0958 4940 AffinegyService - ok
14:09:50.0020 4940 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:09:50.0036 4940 agp440 - ok
14:09:50.0051 4940 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:09:50.0067 4940 ALG - ok
14:09:50.0129 4940 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:09:50.0145 4940 aliide - ok
14:09:50.0176 4940 AMD External Events Utility (ca0d6c1390f4b3baf2a0a69d1a7f8332) C:\Windows\system32\atiesrxx.exe
14:09:50.0192 4940 AMD External Events Utility - ok
14:09:50.0207 4940 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:09:50.0223 4940 amdide - ok
14:09:50.0238 4940 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:09:50.0270 4940 AmdK8 - ok
14:09:50.0379 4940 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys
14:09:50.0535 4940 amdkmdag - ok
14:09:50.0566 4940 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys
14:09:50.0582 4940 amdkmdap - ok
14:09:50.0660 4940 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
14:09:50.0675 4940 AmdPPM - ok
14:09:50.0738 4940 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:09:50.0753 4940 amdsata - ok
14:09:50.0800 4940 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:09:50.0816 4940 amdsbs - ok
14:09:50.0831 4940 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:09:50.0847 4940 amdxata - ok
14:09:50.0862 4940 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\Windows\system32\drivers\amd_sata.sys
14:09:50.0878 4940 amd_sata - ok
14:09:50.0909 4940 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\Windows\system32\drivers\amd_xata.sys
14:09:50.0925 4940 amd_xata - ok
14:09:50.0987 4940 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:09:51.0034 4940 AppID - ok
14:09:51.0050 4940 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:09:51.0096 4940 AppIDSvc - ok
14:09:51.0143 4940 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:09:51.0174 4940 Appinfo - ok
14:09:51.0252 4940 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:09:51.0284 4940 arc - ok
14:09:51.0299 4940 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:09:51.0315 4940 arcsas - ok
14:09:51.0393 4940 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:09:51.0408 4940 aspnet_state - ok
14:09:51.0424 4940 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:09:51.0486 4940 AsyncMac - ok
14:09:51.0518 4940 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:09:51.0549 4940 atapi - ok
14:09:51.0611 4940 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\drivers\AtiPcie64.sys
14:09:51.0627 4940 AtiPcie - ok
14:09:51.0642 4940 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:09:51.0674 4940 AudioEndpointBuilder - ok
14:09:51.0689 4940 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:09:51.0720 4940 AudioSrv - ok
14:09:51.0892 4940 AVGIDSAgent (f5689fba4360be50839999882e0a9d99) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
14:09:52.0001 4940 AVGIDSAgent - ok
14:09:52.0095 4940 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
14:09:52.0110 4940 AVGIDSDriver - ok
14:09:52.0142 4940 AVGIDSEH (9650578c511527e218328df6d311b4fa) C:\Windows\system32\DRIVERS\avgidseha.sys
14:09:52.0157 4940 AVGIDSEH - ok
14:09:52.0173 4940 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
14:09:52.0173 4940 AVGIDSFilter - ok
14:09:52.0235 4940 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
14:09:52.0251 4940 Avgldx64 - ok
14:09:52.0266 4940 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
14:09:52.0298 4940 Avgmfx64 - ok
14:09:52.0329 4940 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
14:09:52.0344 4940 Avgrkx64 - ok
14:09:52.0391 4940 Avgtdia (e601444168adfb78afa22a1e270d9253) C:\Windows\system32\DRIVERS\avgtdia.sys
14:09:52.0407 4940 Avgtdia - ok
14:09:52.0438 4940 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
14:09:52.0438 4940 avgwd - ok
14:09:52.0516 4940 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:09:52.0547 4940 AxInstSV - ok
14:09:52.0610 4940 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:09:52.0641 4940 b06bdrv - ok
14:09:52.0734 4940 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:09:52.0766 4940 b57nd60a - ok
14:09:52.0828 4940 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:09:52.0890 4940 BDESVC - ok
14:09:52.0922 4940 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:09:52.0968 4940 Beep - ok
14:09:53.0031 4940 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:09:53.0078 4940 BFE - ok
14:09:53.0156 4940 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
14:09:53.0218 4940 BITS - ok
14:09:53.0265 4940 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
14:09:53.0296 4940 blbdrive - ok
14:09:53.0327 4940 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:09:53.0343 4940 bowser - ok
14:09:53.0374 4940 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:09:53.0390 4940 BrFiltLo - ok
14:09:53.0436 4940 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:09:53.0468 4940 BrFiltUp - ok
14:09:53.0546 4940 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:09:53.0592 4940 BridgeMP - ok
14:09:53.0639 4940 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:09:53.0686 4940 Browser - ok
14:09:53.0702 4940 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:09:53.0733 4940 Brserid - ok
14:09:53.0764 4940 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:09:53.0795 4940 BrSerWdm - ok
14:09:53.0811 4940 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:09:53.0826 4940 BrUsbMdm - ok
14:09:53.0858 4940 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:09:53.0889 4940 BrUsbSer - ok
14:09:53.0904 4940 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
14:09:53.0920 4940 BTHMODEM - ok
14:09:53.0967 4940 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:09:53.0998 4940 bthserv - ok
14:09:54.0138 4940 CarboniteService (9da7d983b4e9ea2d065edf566ca64fc8) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
14:09:54.0216 4940 CarboniteService - ok
14:09:54.0248 4940 catchme - ok
14:09:54.0279 4940 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:09:54.0310 4940 cdfs - ok
14:09:54.0372 4940 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:09:54.0419 4940 cdrom - ok
14:09:54.0466 4940 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:09:54.0497 4940 CertPropSvc - ok
14:09:54.0638 4940 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:09:54.0684 4940 circlass - ok
14:09:54.0747 4940 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:09:54.0762 4940 CLFS - ok
14:09:54.0794 4940 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:09:54.0825 4940 clr_optimization_v2.0.50727_32 - ok
14:09:54.0887 4940 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:09:54.0903 4940 clr_optimization_v2.0.50727_64 - ok
14:09:54.0950 4940 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:09:54.0965 4940 clr_optimization_v4.0.30319_32 - ok
14:09:54.0996 4940 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:09:55.0012 4940 clr_optimization_v4.0.30319_64 - ok
14:09:55.0043 4940 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
14:09:55.0074 4940 CmBatt - ok
14:09:55.0106 4940 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:09:55.0121 4940 cmdide - ok
14:09:55.0137 4940 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:09:55.0168 4940 CNG - ok
14:09:55.0184 4940 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
14:09:55.0199 4940 Compbatt - ok
14:09:55.0262 4940 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:09:55.0277 4940 CompositeBus - ok
14:09:55.0293 4940 COMSysApp - ok
14:09:55.0324 4940 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:09:55.0340 4940 crcdisk - ok
14:09:55.0355 4940 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:09:55.0386 4940 CryptSvc - ok
14:09:55.0464 4940 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
14:09:55.0480 4940 cvhsvc - ok
14:09:55.0511 4940 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:09:55.0574 4940 DcomLaunch - ok
14:09:55.0605 4940 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:09:55.0652 4940 defragsvc - ok
14:09:55.0714 4940 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:09:55.0761 4940 DfsC - ok
14:09:55.0823 4940 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:09:55.0854 4940 Dhcp - ok
14:09:55.0870 4940 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:09:55.0917 4940 discache - ok
14:09:55.0964 4940 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:09:55.0979 4940 Disk - ok
14:09:56.0010 4940 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:09:56.0042 4940 Dnscache - ok
14:09:56.0073 4940 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:09:56.0104 4940 dot3svc - ok
14:09:56.0120 4940 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:09:56.0166 4940 DPS - ok
14:09:56.0213 4940 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:09:56.0229 4940 drmkaud - ok
14:09:56.0260 4940 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:09:56.0291 4940 DXGKrnl - ok
14:09:56.0322 4940 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:09:56.0354 4940 EapHost - ok
14:09:56.0432 4940 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:09:56.0510 4940 ebdrv - ok
14:09:56.0556 4940 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:09:56.0572 4940 EFS - ok
14:09:56.0603 4940 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:09:56.0650 4940 ehRecvr - ok
14:09:56.0650 4940 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:09:56.0666 4940 ehSched - ok
14:09:56.0697 4940 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:09:56.0728 4940 elxstor - ok
14:09:56.0790 4940 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:09:56.0837 4940 ErrDev - ok
14:09:56.0900 4940 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:09:56.0946 4940 EventSystem - ok
14:09:56.0962 4940 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:09:57.0009 4940 exfat - ok
14:09:57.0024 4940 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:09:57.0071 4940 fastfat - ok
14:09:57.0149 4940 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:09:57.0180 4940 Fax - ok
14:09:57.0212 4940 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
14:09:57.0258 4940 fdc - ok
14:09:57.0290 4940 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:09:57.0321 4940 fdPHost - ok
14:09:57.0336 4940 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:09:57.0368 4940 FDResPub - ok
14:09:57.0414 4940 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:09:57.0446 4940 FileInfo - ok
14:09:57.0461 4940 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:09:57.0492 4940 Filetrace - ok
14:09:57.0508 4940 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
14:09:57.0539 4940 flpydisk - ok
14:09:57.0555 4940 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:09:57.0570 4940 FltMgr - ok
14:09:57.0617 4940 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:09:57.0680 4940 FontCache - ok
14:09:57.0726 4940 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:09:57.0742 4940 FontCache3.0.0.0 - ok
14:09:57.0804 4940 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:09:57.0820 4940 FsDepends - ok
14:09:57.0836 4940 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:09:57.0836 4940 Fs_Rec - ok
14:09:57.0882 4940 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:09:57.0898 4940 fvevol - ok
14:09:57.0929 4940 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:09:57.0945 4940 gagp30kx - ok
14:09:58.0023 4940 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
14:09:58.0054 4940 GamesAppService - ok
14:09:58.0085 4940 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:09:58.0116 4940 gpsvc - ok
14:09:58.0132 4940 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:09:58.0179 4940 hcw85cir - ok
14:09:58.0226 4940 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:09:58.0257 4940 HdAudAddService - ok
14:09:58.0304 4940 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:09:58.0319 4940 HDAudBus - ok
14:09:58.0335 4940 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:09:58.0366 4940 HidBatt - ok
14:09:58.0366 4940 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
14:09:58.0397 4940 HidBth - ok
14:09:58.0444 4940 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:09:58.0460 4940 HidIr - ok
14:09:58.0491 4940 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:09:58.0522 4940 hidserv - ok
14:09:58.0553 4940 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:09:58.0569 4940 HidUsb - ok
14:09:58.0647 4940 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:09:58.0678 4940 hkmsvc - ok
14:09:58.0725 4940 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:09:58.0740 4940 HomeGroupListener - ok
14:09:58.0772 4940 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:09:58.0803 4940 HomeGroupProvider - ok
14:09:58.0896 4940 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
14:09:58.0896 4940 HP Support Assistant Service - ok
14:09:58.0974 4940 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
14:09:58.0974 4940 HPClientSvc - ok
14:09:59.0021 4940 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
14:09:59.0021 4940 HPDrvMntSvc.exe - ok
14:09:59.0084 4940 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
14:09:59.0130 4940 hpqwmiex - ok
14:09:59.0193 4940 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:09:59.0208 4940 HpSAMD - ok
14:09:59.0286 4940 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:09:59.0333 4940 HTTP - ok
14:09:59.0349 4940 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:09:59.0349 4940 hwpolicy - ok
14:09:59.0427 4940 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:09:59.0458 4940 i8042prt - ok
14:09:59.0505 4940 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:09:59.0520 4940 iaStorV - ok
14:09:59.0583 4940 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:09:59.0630 4940 idsvc - ok
14:09:59.0786 4940 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:09:59.0988 4940 igfx - ok
14:10:00.0035 4940 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:10:00.0051 4940 iirsp - ok
14:10:00.0098 4940 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:10:00.0129 4940 IKEEXT - ok
14:10:00.0191 4940 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
14:10:00.0285 4940 IntcAzAudAddService - ok
14:10:00.0316 4940 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:10:00.0332 4940 intelide - ok
14:10:00.0363 4940 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
14:10:00.0394 4940 intelppm - ok
14:10:00.0441 4940 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:10:00.0472 4940 IPBusEnum - ok
14:10:00.0503 4940 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:10:00.0550 4940 IpFilterDriver - ok
14:10:00.0597 4940 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:10:00.0659 4940 iphlpsvc - ok
14:10:00.0690 4940 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:10:00.0706 4940 IPMIDRV - ok
14:10:00.0722 4940 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:10:00.0768 4940 IPNAT - ok
14:10:00.0815 4940 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:10:00.0831 4940 IRENUM - ok
14:10:00.0846 4940 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:10:00.0862 4940 isapnp - ok
14:10:00.0924 4940 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:10:00.0940 4940 iScsiPrt - ok
14:10:00.0956 4940 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:10:00.0971 4940 kbdclass - ok
14:10:00.0987 4940 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:10:01.0018 4940 kbdhid - ok
14:10:01.0034 4940 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:10:01.0049 4940 KeyIso - ok
14:10:01.0065 4940 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:10:01.0080 4940 KSecDD - ok
14:10:01.0096 4940 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:10:01.0112 4940 KSecPkg - ok
14:10:01.0112 4940 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:10:01.0158 4940 ksthunk - ok
14:10:01.0190 4940 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:10:01.0252 4940 KtmRm - ok
14:10:01.0268 4940 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:10:01.0299 4940 LanmanServer - ok
14:10:01.0314 4940 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:10:01.0377 4940 LanmanWorkstation - ok
14:10:01.0408 4940 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:10:01.0439 4940 lltdio - ok
14:10:01.0486 4940 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:10:01.0533 4940 lltdsvc - ok
14:10:01.0564 4940 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:10:01.0595 4940 lmhosts - ok
14:10:01.0689 4940 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:10:01.0704 4940 LSI_FC - ok
14:10:01.0736 4940 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:10:01.0751 4940 LSI_SAS - ok
14:10:01.0767 4940 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:10:01.0782 4940 LSI_SAS2 - ok
14:10:01.0814 4940 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:10:01.0845 4940 LSI_SCSI - ok
14:10:01.0860 4940 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:10:01.0892 4940 luafv - ok
14:10:01.0923 4940 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:10:01.0938 4940 Mcx2Svc - ok
14:10:01.0970 4940 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:10:01.0985 4940 megasas - ok
14:10:02.0001 4940 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:10:02.0032 4940 MegaSR - ok
14:10:02.0048 4940 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
14:10:02.0063 4940 mfeapfk - ok
14:10:02.0141 4940 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
14:10:02.0172 4940 mfehidk - ok
14:10:02.0219 4940 mfevtp (3ed58a36f7f7d60f0ef44d29810b0b80) C:\Windows\system32\mfevtps.exe
14:10:02.0219 4940 mfevtp - ok
14:10:02.0266 4940 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:10:02.0297 4940 MMCSS - ok
14:10:02.0328 4940 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:10:02.0375 4940 Modem - ok
14:10:02.0406 4940 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:10:02.0422 4940 monitor - ok
14:10:02.0453 4940 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:10:02.0469 4940 mouclass - ok
14:10:02.0516 4940 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:10:02.0562 4940 mouhid - ok
14:10:02.0625 4940 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:10:02.0640 4940 mountmgr - ok
14:10:02.0672 4940 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:10:02.0687 4940 mpio - ok
14:10:02.0750 4940 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:10:02.0781 4940 mpsdrv - ok
14:10:02.0812 4940 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:10:02.0843 4940 MpsSvc - ok
14:10:02.0874 4940 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:10:02.0906 4940 MRxDAV - ok
14:10:02.0968 4940 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:10:02.0999 4940 mrxsmb - ok
14:10:03.0030 4940 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:10:03.0030 4940 mrxsmb10 - ok
14:10:03.0046 4940 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:10:03.0062 4940 mrxsmb20 - ok
14:10:03.0077 4940 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:10:03.0093 4940 msahci - ok
14:10:03.0124 4940 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:10:03.0140 4940 msdsm - ok
14:10:03.0155 4940 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:10:03.0186 4940 MSDTC - ok
14:10:03.0218 4940 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:10:03.0264 4940 Msfs - ok
14:10:03.0264 4940 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:10:03.0311 4940 mshidkmdf - ok
14:10:03.0327 4940 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:10:03.0342 4940 msisadrv - ok
14:10:03.0405 4940 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:10:03.0436 4940 MSiSCSI - ok
14:10:03.0436 4940 msiserver - ok
14:10:03.0483 4940 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:10:03.0530 4940 MSKSSRV - ok
14:10:03.0592 4940 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:10:03.0639 4940 MSPCLOCK - ok
14:10:03.0670 4940 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:10:03.0701 4940 MSPQM - ok
14:10:03.0732 4940 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:10:03.0748 4940 MsRPC - ok
14:10:03.0764 4940 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:10:03.0764 4940 mssmbios - ok
14:10:03.0795 4940 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:10:03.0842 4940 MSTEE - ok
14:10:03.0888 4940 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:10:03.0920 4940 MTConfig - ok
14:10:03.0920 4940 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:10:03.0935 4940 Mup - ok
14:10:03.0966 4940 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:10:03.0998 4940 napagent - ok
14:10:04.0060 4940 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:10:04.0076 4940 NativeWifiP - ok
14:10:04.0138 4940 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:10:04.0169 4940 NDIS - ok
14:10:04.0200 4940 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:10:04.0263 4940 NdisCap - ok
14:10:04.0278 4940 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:10:04.0310 4940 NdisTapi - ok
14:10:04.0325 4940 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:10:04.0356 4940 Ndisuio - ok
14:10:04.0388 4940 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:10:04.0434 4940 NdisWan - ok
14:10:04.0450 4940 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:10:04.0481 4940 NDProxy - ok
14:10:04.0497 4940 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:10:04.0544 4940 NetBIOS - ok
14:10:04.0606 4940 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:10:04.0637 4940 NetBT - ok
14:10:04.0668 4940 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:10:04.0684 4940 Netlogon - ok
14:10:04.0731 4940 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:10:04.0762 4940 Netman - ok
14:10:04.0856 4940 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:10:04.0871 4940 NetMsmqActivator - ok
14:10:04.0871 4940 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:10:04.0887 4940 NetPipeActivator - ok
14:10:04.0902 4940 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:10:04.0949 4940 netprofm - ok
14:10:04.0965 4940 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:10:04.0965 4940 NetTcpActivator - ok
14:10:04.0965 4940 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:10:04.0980 4940 NetTcpPortSharing - ok
14:10:05.0012 4940 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:10:05.0043 4940 nfrd960 - ok
14:10:05.0090 4940 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:10:05.0121 4940 NlaSvc - ok
14:10:05.0136 4940 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:10:05.0183 4940 Npfs - ok
14:10:05.0183 4940 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:10:05.0230 4940 nsi - ok
14:10:05.0246 4940 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:10:05.0277 4940 nsiproxy - ok
14:10:05.0370 4940 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:10:05.0433 4940 Ntfs - ok
14:10:05.0526 4940 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:10:05.0573 4940 Null - ok
14:10:05.0651 4940 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:10:05.0667 4940 nvraid - ok
14:10:05.0745 4940 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:10:05.0760 4940 nvstor - ok
14:10:05.0807 4940 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:10:05.0823 4940 nv_agp - ok
14:10:05.0838 4940 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:10:05.0870 4940 ohci1394 - ok
14:10:05.0948 4940 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:10:05.0979 4940 ose - ok
14:10:06.0088 4940 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:10:06.0384 4940 osppsvc - ok
14:10:06.0416 4940 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:10:06.0447 4940 p2pimsvc - ok
14:10:06.0509 4940 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:10:06.0525 4940 p2psvc - ok
14:10:06.0572 4940 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:10:06.0603 4940 Parport - ok
14:10:06.0665 4940 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:10:06.0681 4940 partmgr - ok
14:10:06.0696 4940 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:10:06.0728 4940 PcaSvc - ok
14:10:06.0743 4940 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:10:06.0759 4940 pci - ok
14:10:06.0790 4940 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:10:06.0806 4940 pciide - ok
14:10:06.0821 4940 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:10:06.0837 4940 pcmcia - ok
14:10:06.0852 4940 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:10:06.0868 4940 pcw - ok
14:10:06.0962 4940 pdfcDispatcher - ok
14:10:07.0008 4940 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:10:07.0055 4940 PEAUTH - ok
14:10:07.0118 4940 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:10:07.0133 4940 PerfHost - ok
14:10:07.0180 4940 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:10:07.0242 4940 pla - ok
14:10:07.0274 4940 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:10:07.0305 4940 PlugPlay - ok
14:10:07.0320 4940 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:10:07.0336 4940 PNRPAutoReg - ok
14:10:07.0352 4940 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:10:07.0367 4940 PNRPsvc - ok
14:10:07.0430 4940 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:10:07.0476 4940 PolicyAgent - ok
14:10:07.0508 4940 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:10:07.0539 4940 Power - ok
14:10:07.0617 4940 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:10:07.0664 4940 PptpMiniport - ok
14:10:07.0726 4940 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:10:07.0757 4940 Processor - ok
14:10:07.0788 4940 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:10:07.0820 4940 ProfSvc - ok
14:10:07.0866 4940 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:10:07.0866 4940 ProtectedStorage - ok
14:10:07.0882 4940 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:10:07.0929 4940 Psched - ok
14:10:07.0991 4940 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:10:08.0054 4940 ql2300 - ok
14:10:08.0069 4940 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:10:08.0085 4940 ql40xx - ok
14:10:08.0116 4940 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:10:08.0132 4940 QWAVE - ok
14:10:08.0147 4940 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:10:08.0178 4940 QWAVEdrv - ok
14:10:08.0194 4940 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:10:08.0225 4940 RasAcd - ok
14:10:08.0256 4940 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:10:08.0303 4940 RasAgileVpn - ok
14:10:08.0334 4940 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:10:08.0381 4940 RasAuto - ok
14:10:08.0397 4940 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:10:08.0444 4940 Rasl2tp - ok
14:10:08.0475 4940 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:10:08.0506 4940 RasMan - ok
14:10:08.0537 4940 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:10:08.0646 4940 RasPppoe - ok
14:10:08.0678 4940 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:10:08.0709 4940 RasSstp - ok
14:10:08.0724 4940 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:10:08.0771 4940 rdbss - ok
14:10:08.0787 4940 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
14:10:08.0818 4940 rdpbus - ok
14:10:08.0849 4940 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:10:08.0880 4940 RDPCDD - ok
14:10:08.0912 4940 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:10:08.0943 4940 RDPENCDD - ok
14:10:08.0974 4940 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:10:08.0990 4940 RDPREFMP - ok
14:10:09.0021 4940 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:10:09.0083 4940 RDPWD - ok
14:10:09.0099 4940 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:10:09.0114 4940 rdyboost - ok
14:10:09.0130 4940 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:10:09.0177 4940 RemoteAccess - ok
14:10:09.0208 4940 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:10:09.0239 4940 RemoteRegistry - ok
14:10:09.0317 4940 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
14:10:09.0333 4940 RoxioNow Service - ok
14:10:09.0348 4940 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:10:09.0380 4940 RpcEptMapper - ok
14:10:09.0411 4940 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:10:09.0411 4940 RpcLocator - ok
14:10:09.0442 4940 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:10:09.0473 4940 RpcSs - ok
14:10:09.0489 4940 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:10:09.0520 4940 rspndr - ok
14:10:09.0582 4940 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:10:09.0598 4940 RTL8167 - ok
14:10:09.0707 4940 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:10:09.0707 4940 SamSs - ok
14:10:09.0738 4940 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:10:09.0754 4940 sbp2port - ok
14:10:09.0785 4940 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:10:09.0816 4940 SCardSvr - ok
14:10:09.0832 4940 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:10:09.0863 4940 scfilter - ok
14:10:09.0894 4940 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:10:09.0957 4940 Schedule - ok
14:10:09.0988 4940 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:10:10.0019 4940 SCPolicySvc - ok
14:10:10.0113 4940 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:10:10.0128 4940 SDRSVC - ok
14:10:10.0206 4940 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
14:10:10.0206 4940 SeaPort - ok
14:10:10.0269 4940 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:10:10.0300 4940 secdrv - ok
14:10:10.0347 4940 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:10:10.0378 4940 seclogon - ok
14:10:10.0440 4940 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
14:10:10.0472 4940 SENS - ok
14:10:10.0503 4940 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:10:10.0534 4940 SensrSvc - ok
14:10:10.0815 4940 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
14:10:10.0877 4940 Serenum - ok
14:10:10.0924 4940 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
14:10:10.0955 4940 Serial - ok
14:10:10.0971 4940 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:10:11.0002 4940 sermouse - ok
14:10:11.0018 4940 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:10:11.0064 4940 SessionEnv - ok
14:10:11.0080 4940 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:10:11.0111 4940 sffdisk - ok
14:10:11.0111 4940 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:10:11.0142 4940 sffp_mmc - ok
14:10:11.0158 4940 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:10:11.0189 4940 sffp_sd - ok
14:10:11.0205 4940 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:10:11.0220 4940 sfloppy - ok
14:10:11.0252 4940 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
14:10:11.0283 4940 Sftfs - ok
14:10:11.0345 4940 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
14:10:11.0361 4940 sftlist - ok
14:10:11.0376 4940 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
14:10:11.0392 4940 Sftplay - ok
14:10:11.0408 4940 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
14:10:11.0408 4940 Sftredir - ok
14:10:11.0423 4940 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
14:10:11.0439 4940 Sftvol - ok
14:10:11.0454 4940 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
14:10:11.0454 4940 sftvsa - ok
14:10:11.0486 4940 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:10:11.0517 4940 SharedAccess - ok
14:10:11.0564 4940 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:10:11.0595 4940 ShellHWDetection - ok
14:10:11.0657 4940 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:10:11.0673 4940 SiSRaid2 - ok
14:10:11.0688 4940 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:10:11.0704 4940 SiSRaid4 - ok
14:10:11.0735 4940 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:10:11.0782 4940 Smb - ok
14:10:11.0829 4940 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:10:11.0844 4940 SNMPTRAP - ok
14:10:11.0860 4940 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:10:11.0876 4940 spldr - ok
14:10:11.0891 4940 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:10:11.0922 4940 Spooler - ok
14:10:12.0032 4940 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:10:12.0078 4940 sppsvc - ok
14:10:12.0094 4940 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:10:12.0125 4940 sppuinotify - ok
14:10:12.0172 4940 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:10:12.0203 4940 srv - ok
14:10:12.0219 4940 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:10:12.0234 4940 srv2 - ok
14:10:12.0266 4940 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:10:12.0281 4940 srvnet - ok
14:10:12.0328 4940 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:10:12.0359 4940 SSDPSRV - ok
14:10:12.0390 4940 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:10:12.0422 4940 SstpSvc - ok
14:10:12.0453 4940 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:10:12.0468 4940 stexstor - ok
14:10:12.0515 4940 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:10:12.0546 4940 stisvc - ok
14:10:12.0578 4940 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:10:12.0593 4940 swenum - ok
14:10:12.0640 4940 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:10:12.0671 4940 swprv - ok
14:10:12.0921 4940 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:10:12.0968 4940 SysMain - ok
14:10:12.0999 4940 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:10:13.0014 4940 TabletInputService - ok
14:10:13.0030 4940 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:10:13.0092 4940 TapiSrv - ok
14:10:13.0155 4940 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:10:13.0170 4940 TBS - ok
14:10:13.0233 4940 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:10:13.0280 4940 Tcpip - ok
14:10:13.0342 4940 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:10:13.0373 4940 TCPIP6 - ok
14:10:13.0389 4940 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:10:13.0420 4940 tcpipreg - ok
14:10:13.0467 4940 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:10:13.0482 4940 TDPIPE - ok
14:10:13.0514 4940 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:10:13.0529 4940 TDTCP - ok
14:10:13.0592 4940 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:10:13.0623 4940 tdx - ok
14:10:13.0732 4940 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:10:13.0748 4940 TermDD - ok
14:10:13.0779 4940 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:10:13.0826 4940 TermService - ok
14:10:13.0841 4940 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:10:13.0857 4940 Themes - ok
14:10:13.0904 4940 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:10:13.0919 4940 THREADORDER - ok
14:10:13.0935 4940 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:10:13.0966 4940 TrkWks - ok
14:10:13.0982 4940 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:10:14.0013 4940 TrustedInstaller - ok
14:10:14.0028 4940 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:10:14.0060 4940 tssecsrv - ok
14:10:14.0091 4940 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:10:14.0122 4940 TsUsbFlt - ok
14:10:14.0153 4940 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
14:10:14.0184 4940 TsUsbGD - ok
14:10:14.0231 4940 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:10:14.0278 4940 tunnel - ok
14:10:14.0294 4940 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:10:14.0309 4940 uagp35 - ok
14:10:14.0340 4940 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:10:14.0387 4940 udfs - ok
14:10:14.0403 4940 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:10:14.0418 4940 UI0Detect - ok
14:10:14.0434 4940 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:10:14.0450 4940 uliagpkx - ok
14:10:14.0481 4940 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:10:14.0496 4940 umbus - ok
14:10:14.0512 4940 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:10:14.0528 4940 UmPass - ok
14:10:14.0574 4940 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:10:14.0606 4940 upnphost - ok
14:10:14.0652 4940 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:10:14.0730 4940 usbccgp - ok
14:10:14.0746 4940 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:10:14.0762 4940 usbcir - ok
14:10:14.0793 4940 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:10:14.0808 4940 usbehci - ok
14:10:14.0824 4940 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\drivers\usbfilter.sys
14:10:14.0840 4940 usbfilter - ok
14:10:14.0886 4940 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:10:14.0918 4940 usbhub - ok
14:10:14.0933 4940 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
14:10:14.0949 4940 usbohci - ok
14:10:14.0996 4940 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:10:15.0027 4940 usbprint - ok
14:10:15.0042 4940 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:10:15.0074 4940 usbscan - ok
14:10:15.0089 4940 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:10:15.0136 4940 USBSTOR - ok
14:10:15.0152 4940 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:10:15.0167 4940 usbuhci - ok
14:10:15.0198 4940 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:10:15.0245 4940 UxSms - ok
14:10:15.0292 4940 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:10:15.0308 4940 VaultSvc - ok
14:10:15.0323 4940 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:10:15.0323 4940 vdrvroot - ok
14:10:15.0370 4940 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:10:15.0401 4940 vds - ok
14:10:15.0464 4940 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:10:15.0479 4940 vga - ok
14:10:15.0510 4940 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:10:15.0573 4940 VgaSave - ok
14:10:15.0635 4940 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:10:15.0651 4940 vhdmp - ok
14:10:15.0682 4940 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:10:15.0698 4940 viaide - ok
14:10:15.0729 4940 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:10:15.0729 4940 volmgr - ok
14:10:15.0760 4940 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:10:15.0760 4940 volmgrx - ok
14:10:15.0791 4940 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:10:15.0807 4940 volsnap - ok
14:10:15.0822 4940 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:10:15.0854 4940 vsmraid - ok
14:10:15.0932 4940 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:10:15.0978 4940 VSS - ok
14:10:16.0056 4940 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
14:10:16.0072 4940 vToolbarUpdater10.2.0 - ok
14:10:16.0088 4940 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:10:16.0119 4940 vwifibus - ok
14:10:16.0197 4940 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:10:16.0228 4940 W32Time - ok
14:10:16.0259 4940 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:10:16.0275 4940 WacomPen - ok
14:10:16.0322 4940 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:10:16.0353 4940 WANARP - ok
14:10:16.0353 4940 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:10:16.0384 4940 Wanarpv6 - ok
14:10:16.0462 4940 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:10:16.0680 4940 WatAdminSvc - ok
14:10:16.0712 4940 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:10:16.0774 4940 wbengine - ok
14:10:16.0790 4940 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:10:16.0805 4940 WbioSrvc - ok
14:10:16.0821 4940 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:10:16.0852 4940 wcncsvc - ok
14:10:16.0868 4940 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:10:16.0883 4940 WcsPlugInService - ok
14:10:16.0914 4940 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:10:16.0930 4940 Wd - ok
14:10:16.0961 4940 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:10:16.0977 4940 Wdf01000 - ok
14:10:16.0992 4940 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:10:17.0102 4940 WdiServiceHost - ok
14:10:17.0102 4940 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:10:17.0117 4940 WdiSystemHost - ok
14:10:17.0148 4940 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:10:17.0180 4940 WebClient - ok
14:10:17.0195 4940 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:10:17.0226 4940 Wecsvc - ok
14:10:17.0242 4940 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:10:17.0273 4940 wercplsupport - ok
14:10:17.0320 4940 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:10:17.0351 4940 WerSvc - ok
14:10:17.0382 4940 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:10:17.0414 4940 WfpLwf - ok
14:10:17.0429 4940 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:10:17.0445 4940 WIMMount - ok
14:10:17.0476 4940 WinDefend - ok
14:10:17.0476 4940 WinHttpAutoProxySvc - ok
14:10:17.0523 4940 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:10:17.0554 4940 Winmgmt - ok
14:10:17.0632 4940 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:10:17.0694 4940 WinRM - ok
14:10:17.0741 4940 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:10:17.0772 4940 WinUsb - ok
14:10:17.0788 4940 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:10:17.0819 4940 Wlansvc - ok
14:10:17.0882 4940 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:10:17.0897 4940 wlcrasvc - ok
14:10:17.0975 4940 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:10:18.0006 4940 wlidsvc - ok
14:10:18.0053 4940 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:10:18.0069 4940 WmiAcpi - ok
14:10:18.0116 4940 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:10:18.0131 4940 wmiApSrv - ok
14:10:18.0178 4940 WMPNetworkSvc - ok
14:10:18.0194 4940 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:10:18.0209 4940 WPCSvc - ok
14:10:18.0209 4940 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:10:18.0225 4940 WPDBusEnum - ok
14:10:18.0256 4940 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:10:18.0287 4940 ws2ifsl - ok
14:10:18.0318 4940 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:10:18.0350 4940 wscsvc - ok
14:10:18.0350 4940 WSearch - ok
14:10:18.0396 4940 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:10:18.0474 4940 wuauserv - ok
14:10:18.0506 4940 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:10:18.0537 4940 WudfPf - ok
14:10:18.0584 4940 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:10:18.0615 4940 WUDFRd - ok
14:10:18.0677 4940 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:10:18.0708 4940 wudfsvc - ok
14:10:18.0724 4940 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:10:18.0755 4940 WwanSvc - ok
14:10:18.0818 4940 MBR (0x1B8) (6f9dd6ab827c8b46cad334291946f201) \Device\Harddisk0\DR0
14:10:19.0098 4940 \Device\Harddisk0\DR0 - ok
14:10:19.0114 4940 Boot (0x1200) (b920e4bc4db2a2f85672de53afd62e83) \Device\Harddisk0\DR0\Partition0
14:10:19.0114 4940 \Device\Harddisk0\DR0\Partition0 - ok
14:10:19.0114 4940 Boot (0x1200) (6c565c6c6da482cbbc6f595924924585) \Device\Harddisk0\DR0\Partition1
14:10:19.0114 4940 \Device\Harddisk0\DR0\Partition1 - ok
14:10:19.0145 4940 Boot (0x1200) (bff80509c2c7cfccb6c9f2aed897ec2b) \Device\Harddisk0\DR0\Partition2
14:10:19.0145 4940 \Device\Harddisk0\DR0\Partition2 - ok
14:10:19.0145 4940 ============================================================
14:10:19.0145 4940 Scan finished
14:10:19.0145 4940 ============================================================
14:10:19.0161 1268 Detected object count: 0
14:10:19.0161 1268 Actual detected object count: 0
-
didn't delete anything on roguekill. just ran scan and copied log. if i x out roguekill it says none elements have been deleted, do you want to quit. should i quit or delete the elements?
thanks, scott
-
RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Aug-11 [Admin rights]
Mode: Scan -- Date: 04/04/2012 21:21:48
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 4 ¤¤¤
[sUSP PATH] winupd.job @ : C:\Users\Aug-11\AppData\Local\Temp:winupd.exe -> FOUND
[sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}.job @ : C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : Root.MBR ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST310005 28AS SATA Disk Device +++++
--- User ---
[MBR] 4664794ea9b3e1381cc1903ffa268820
[bSP] 4380b6c166e94d201c68450087fc3aec : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942339 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930117120 | Size: 11428 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 58e87bbccbddc74daba40b61bbf22a8a
[bSP] 774670e719613688107af143ed71084f : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 217933824 | Size: 300 Mo
Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt
-
let me see how it's doing when my isp gets their stuff fixed. i can't even get on google or bing right now (to see if my searches are getting redirected).
-
seems to be good. having issues accessing several websites, but i think that is a problem with my isp.
thanks so much for all your help!
-
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.04.04.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Aug-11 :: AUG-11-HP [administrator]
4/4/2012 7:15:45 PM
mbam-log-2012-04-04 (19-15-45).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195943
Time elapsed: 2 minute(s), 31 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
combofix...
ComboFix 12-04-04.02 - Aug-11 04/04/2012 18:35:53.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.2176 [GMT -5:00]
Running from: c:\users\Aug-11\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Aug-11\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-04 23:39 . 2012-04-04 23:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-04 05:21 . 2012-04-04 05:21 0 ----a-w- c:\windows\SysWow64\sho4D58.tmp
2012-04-04 05:19 . 2011-10-15 17:16 647080 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-04-04 05:19 . 2011-11-18 21:36 161168 ----a-w- c:\windows\system32\mfevtps.exe
2012-04-04 05:18 . 2012-04-04 05:18 -------- d-----w- c:\programdata\McAfee
2012-04-03 23:35 . 2012-04-04 23:30 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-03 10:46 . 2012-04-03 10:46 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F89A2F2-CE23-4A69-AFE1-7358AC940FE3}\offreg.dll
2012-04-03 07:01 . 2012-03-20 08:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F89A2F2-CE23-4A69-AFE1-7358AC940FE3}\mpengine.dll
2012-04-01 19:24 . 2012-04-01 19:24 -------- d-----w- c:\program files\Carbonite
2012-04-01 19:24 . 2012-04-01 19:24 -------- d-----w- c:\programdata\Carbonite
2012-04-01 19:24 . 2012-04-01 19:24 -------- d-----w- c:\program files (x86)\Carbonite
2012-04-01 02:25 . 2012-04-01 17:40 -------- d-----w- c:\users\Aug-11\AppData\Local\{5A6D2003-7B79-11E1-826D-B8AC6F996F26}
2012-03-29 01:06 . 2012-03-29 01:06 -------- d-----w- c:\users\Aug-11\AppData\Roaming\SUPERAntiSpyware.com
2012-03-29 01:06 . 2012-04-01 17:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-29 01:06 . 2012-03-29 01:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-29 00:19 . 2012-03-29 00:19 -------- d-----w- c:\program files (x86)\PC Tools
2012-03-29 00:16 . 2012-03-29 00:47 -------- d-----w- c:\programdata\PC Tools
2012-03-29 00:16 . 2012-03-29 00:16 -------- d-----w- c:\users\Aug-11\AppData\Roaming\TestApp
2012-03-28 12:57 . 2012-03-28 12:57 -------- d-----w- c:\programdata\AVG Secure Search
2012-03-28 12:57 . 2012-04-01 17:40 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-03-28 12:57 . 2012-04-01 17:40 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-03-27 22:40 . 2012-03-13 04:39 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-27 22:40 . 2012-03-13 04:39 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-27 22:28 . 2012-03-27 22:29 -------- d-----w- c:\users\Aug-11\AppData\Roaming\Xaest
2012-03-27 22:28 . 2012-03-27 22:29 -------- d-----w- c:\users\Aug-11\AppData\Roaming\Quensi
2012-03-17 21:49 . 2012-03-17 21:49 -------- d-----w- c:\program files (x86)\ESET
2012-03-17 03:48 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-03-17 03:30 . 2012-04-01 17:33 -------- d-----w- c:\users\Aug-11\AppData\Roaming\Malwarebytes
2012-03-17 03:30 . 2012-04-01 17:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-17 03:30 . 2012-03-28 02:33 -------- d-----w- c:\programdata\Malwarebytes
2012-03-17 03:30 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-14 08:03 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 08:03 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 08:03 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 03:02 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 03:02 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 03:02 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 03:00 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 03:00 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 03:00 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 03:00 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 03:00 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 03:00 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 03:00 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 14:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-16 02:54 . 2011-08-13 06:23 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-28_03.43.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-04 23:39 . 2012-04-04 23:39 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-03-28 03:41 . 2012-03-28 03:41 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-03-16 18:02 . 2012-03-28 03:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-03-16 18:02 . 2012-04-01 14:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-04-01 14:47 . 2012-04-01 14:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040120120402\index.dat
+ 2012-03-27 22:26 . 2012-03-28 04:08 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012032720120328\index.dat
- 2012-03-27 22:26 . 2012-03-28 03:27 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012032720120328\index.dat
- 2012-03-16 18:02 . 2012-03-28 03:27 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-03-16 18:02 . 2012-04-01 14:44 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-11-21 03:09 . 2012-04-04 23:25 48808 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-04 23:25 35646 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-13 07:15 . 2012-04-04 23:25 10512 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2443618145-3234143949-2320547976-1000_UserData.bin
+ 2012-04-01 17:42 . 2012-04-04 00:40 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2011-02-11 19:25 . 2012-03-28 03:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-11 19:25 . 2012-04-04 23:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-11 19:25 . 2012-03-28 03:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-11 19:25 . 2012-04-04 23:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-04 23:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-28 03:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-13 05:36 . 2012-04-04 23:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-13 05:36 . 2012-03-28 03:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-16 17:58 . 2012-03-28 03:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-16 17:58 . 2012-04-03 23:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-16 17:58 . 2012-04-03 23:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2012-03-16 17:58 . 2012-03-28 03:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2012-03-16 17:58 . 2012-04-03 23:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2012-03-16 17:58 . 2012-03-28 03:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2011-08-13 05:36 . 2012-03-28 03:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-13 05:36 . 2012-04-04 23:23 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-13 05:36 . 2012-04-04 23:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-13 05:36 . 2012-03-28 03:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-13 07:15 . 2012-03-28 03:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-13 07:15 . 2012-04-04 23:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-13 07:15 . 2012-03-28 03:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-13 07:15 . 2012-04-04 23:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-14 03:44 . 2012-03-29 02:34 5414 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-04-04 23:40 . 2012-04-04 23:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-28 03:42 . 2012-03-28 03:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-04-04 23:40 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-11 18:41 . 2012-04-04 12:43 328494 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-03-28 03:27 660520 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-04 23:28 660520 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-28 03:27 121190 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-04 23:28 121190 c:\windows\system32\perfc009.dat
+ 2011-10-15 17:16 . 2011-10-15 17:16 160280 c:\windows\system32\drivers\mfeapfk.sys
+ 2009-07-14 05:01 . 2012-04-04 23:39 277296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-28 03:41 277296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-04-04 23:40 5177344 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-28 03:42 1458176 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-04 23:40 1458176 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-13 07:12 . 2012-03-28 03:09 1627496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-08-13 07:12 . 2012-04-04 13:06 1627496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-08-13 07:12 . 2012-03-28 03:41 1989984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2443618145-3234143949-2320547976-1000-8192.dat
+ 2011-08-13 07:12 . 2012-04-04 23:39 1989984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2443618145-3234143949-2320547976-1000-8192.dat
+ 2012-03-28 12:54 . 2012-03-28 12:54 2872832 c:\windows\Installer\1e32a47.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 21:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 21:54 175912 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-03-17 02:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-03-17 02:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-03-17 02:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-01 656920]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-03-17 1059984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-04 c:\windows\Tasks\HPCeeScheduleForAug-11.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-03-17 01:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-03-17 01:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-03-17 01:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Aug-11\AppData\Roaming\Mozilla\Firefox\Profiles\t5h1wh4w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Be379abac-22b4-479e-921f-fec664619ae5%7D&mid=740066f430df47d1abb6ed906db4abbc-ebe5aca7cfd32f9faede2535b753341eef991577&ds=AVG&v=10.2.0.3〈=en&pr=fr&d=2011-10-24%2023%3A59%3A26&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\08\06\0d\0f2\04v"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2012-04-04 18:43:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-04 23:43
ComboFix2.txt 2012-04-04 00:37
ComboFix3.txt 2012-03-28 04:04
.
Pre-Run: 773,720,489,984 bytes free
Post-Run: 773,685,772,288 bytes free
.
- - End Of File - - 39DEDA364BAFA40B859F7A44FAF41D02
-
ran tdsskiller again and deleted... here's that log. will run combofix again as well.
18:29:19.0109 4108 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
18:29:19.0488 4108 ============================================================
18:29:19.0488 4108 Current date / time: 2012/04/04 18:29:19.0488
18:29:19.0488 4108 SystemInfo:
18:29:19.0488 4108
18:29:19.0488 4108 OS Version: 6.1.7601 ServicePack: 1.0
18:29:19.0488 4108 Product type: Workstation
18:29:19.0488 4108 ComputerName: AUG-11-HP
18:29:19.0489 4108 UserName: Aug-11
18:29:19.0489 4108 Windows directory: C:\Windows
18:29:19.0489 4108 System windows directory: C:\Windows
18:29:19.0489 4108 Running under WOW64
18:29:19.0489 4108 Processor architecture: Intel x64
18:29:19.0489 4108 Number of processors: 4
18:29:19.0489 4108 Page size: 0x1000
18:29:19.0489 4108 Boot type: Normal boot
18:29:19.0489 4108 ============================================================
18:29:22.0254 4108 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:29:22.0350 4108 \Device\Harddisk0\DR0:
18:29:22.0350 4108 MBR used
18:29:22.0350 4108 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:29:22.0350 4108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x73081800
18:29:22.0350 4108 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x730B4000, BlocksNum 0x1652000
18:29:22.0461 4108 Initialize success
18:29:22.0461 4108 ============================================================
18:29:29.0126 3584 ============================================================
18:29:29.0126 3584 Scan started
18:29:29.0126 3584 Mode: Manual; SigCheck; TDLFS;
18:29:29.0126 3584 ============================================================
18:29:30.0434 3584 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:29:30.0508 3584 1394ohci - ok
18:29:30.0535 3584 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:29:30.0549 3584 ACPI - ok
18:29:30.0570 3584 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:29:30.0605 3584 AcpiPmi - ok
18:29:30.0630 3584 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
18:29:30.0647 3584 adp94xx - ok
18:29:30.0721 3584 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
18:29:30.0739 3584 adpahci - ok
18:29:30.0754 3584 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
18:29:30.0765 3584 adpu320 - ok
18:29:30.0789 3584 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:29:30.0862 3584 AeLookupSvc - ok
18:29:30.0918 3584 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:29:30.0949 3584 AFD - ok
18:29:31.0109 3584 AffinegyService (b29bc445561f1ac7b1daf67af954c36b) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
18:29:31.0149 3584 AffinegyService - ok
18:29:31.0193 3584 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:29:31.0203 3584 agp440 - ok
18:29:31.0220 3584 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:29:31.0245 3584 ALG - ok
18:29:31.0293 3584 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:29:31.0302 3584 aliide - ok
18:29:31.0354 3584 AMD External Events Utility (ca0d6c1390f4b3baf2a0a69d1a7f8332) C:\Windows\system32\atiesrxx.exe
18:29:31.0397 3584 AMD External Events Utility - ok
18:29:31.0416 3584 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:29:31.0425 3584 amdide - ok
18:29:31.0488 3584 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
18:29:31.0538 3584 AmdK8 - ok
18:29:31.0660 3584 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys
18:29:31.0830 3584 amdkmdag - ok
18:29:31.0868 3584 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys
18:29:31.0890 3584 amdkmdap - ok
18:29:31.0931 3584 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
18:29:31.0963 3584 AmdPPM - ok
18:29:32.0004 3584 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:29:32.0027 3584 amdsata - ok
18:29:32.0112 3584 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
18:29:32.0136 3584 amdsbs - ok
18:29:32.0161 3584 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:29:32.0182 3584 amdxata - ok
18:29:32.0207 3584 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\Windows\system32\drivers\amd_sata.sys
18:29:32.0269 3584 amd_sata - ok
18:29:32.0343 3584 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\Windows\system32\drivers\amd_xata.sys
18:29:32.0350 3584 amd_xata - ok
18:29:32.0414 3584 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:29:32.0524 3584 AppID - ok
18:29:32.0620 3584 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:29:32.0673 3584 AppIDSvc - ok
18:29:32.0687 3584 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:29:32.0718 3584 Appinfo - ok
18:29:32.0775 3584 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
18:29:32.0785 3584 arc - ok
18:29:32.0823 3584 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
18:29:32.0833 3584 arcsas - ok
18:29:32.0923 3584 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:29:32.0950 3584 aspnet_state - ok
18:29:32.0992 3584 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:29:33.0035 3584 AsyncMac - ok
18:29:33.0082 3584 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:29:33.0091 3584 atapi - ok
18:29:33.0145 3584 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\drivers\AtiPcie64.sys
18:29:33.0153 3584 AtiPcie - ok
18:29:33.0175 3584 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:29:33.0215 3584 AudioEndpointBuilder - ok
18:29:33.0225 3584 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:29:33.0256 3584 AudioSrv - ok
18:29:33.0277 3584 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:29:33.0305 3584 AxInstSV - ok
18:29:33.0333 3584 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
18:29:33.0387 3584 b06bdrv - ok
18:29:33.0418 3584 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:29:33.0446 3584 b57nd60a - ok
18:29:33.0486 3584 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:29:33.0509 3584 BDESVC - ok
18:29:33.0526 3584 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:29:33.0574 3584 Beep - ok
18:29:33.0633 3584 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:29:33.0678 3584 BFE - ok
18:29:33.0835 3584 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
18:29:33.0897 3584 BITS - ok
18:29:33.0943 3584 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
18:29:33.0955 3584 blbdrive - ok
18:29:34.0037 3584 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:29:34.0072 3584 bowser - ok
18:29:34.0095 3584 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
18:29:34.0108 3584 BrFiltLo - ok
18:29:34.0123 3584 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
18:29:34.0137 3584 BrFiltUp - ok
18:29:34.0203 3584 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:29:34.0240 3584 BridgeMP - ok
18:29:34.0265 3584 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:29:34.0301 3584 Browser - ok
18:29:34.0317 3584 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:29:34.0351 3584 Brserid - ok
18:29:34.0378 3584 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:29:34.0404 3584 BrSerWdm - ok
18:29:34.0417 3584 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:29:34.0440 3584 BrUsbMdm - ok
18:29:34.0459 3584 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:29:34.0470 3584 BrUsbSer - ok
18:29:34.0482 3584 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
18:29:34.0510 3584 BTHMODEM - ok
18:29:34.0554 3584 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:29:34.0605 3584 bthserv - ok
18:29:35.0130 3584 CarboniteService (9da7d983b4e9ea2d065edf566ca64fc8) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
18:29:35.0302 3584 CarboniteService - ok
18:29:35.0334 3584 catchme - ok
18:29:35.0403 3584 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:29:35.0443 3584 cdfs - ok
18:29:35.0495 3584 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:29:35.0517 3584 cdrom - ok
18:29:35.0560 3584 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:29:35.0601 3584 CertPropSvc - ok
18:29:35.0664 3584 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
18:29:35.0694 3584 circlass - ok
18:29:35.0710 3584 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:29:35.0727 3584 CLFS - ok
18:29:35.0767 3584 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:29:35.0776 3584 clr_optimization_v2.0.50727_32 - ok
18:29:35.0813 3584 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:29:35.0823 3584 clr_optimization_v2.0.50727_64 - ok
18:29:35.0873 3584 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:29:35.0924 3584 clr_optimization_v4.0.30319_32 - ok
18:29:35.0968 3584 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:29:35.0979 3584 clr_optimization_v4.0.30319_64 - ok
18:29:36.0028 3584 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
18:29:36.0051 3584 CmBatt - ok
18:29:36.0069 3584 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:29:36.0078 3584 cmdide - ok
18:29:36.0127 3584 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:29:36.0147 3584 CNG - ok
18:29:36.0168 3584 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
18:29:36.0177 3584 Compbatt - ok
18:29:36.0224 3584 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:29:36.0242 3584 CompositeBus - ok
18:29:36.0261 3584 COMSysApp - ok
18:29:36.0296 3584 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
18:29:36.0306 3584 crcdisk - ok
18:29:36.0328 3584 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
18:29:36.0369 3584 CryptSvc - ok
18:29:36.0471 3584 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:29:36.0491 3584 cvhsvc - ok
18:29:36.0531 3584 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:29:36.0575 3584 DcomLaunch - ok
18:29:36.0625 3584 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:29:36.0658 3584 defragsvc - ok
18:29:36.0737 3584 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:29:36.0776 3584 DfsC - ok
18:29:36.0829 3584 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:29:36.0865 3584 Dhcp - ok
18:29:36.0906 3584 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:29:36.0960 3584 discache - ok
18:29:36.0987 3584 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
18:29:37.0000 3584 Disk - ok
18:29:37.0035 3584 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:29:37.0068 3584 Dnscache - ok
18:29:37.0093 3584 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:29:37.0124 3584 dot3svc - ok
18:29:37.0137 3584 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:29:37.0175 3584 DPS - ok
18:29:37.0214 3584 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:29:37.0234 3584 drmkaud - ok
18:29:37.0265 3584 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:29:37.0284 3584 DXGKrnl - ok
18:29:37.0299 3584 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:29:37.0330 3584 EapHost - ok
18:29:37.0404 3584 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
18:29:37.0475 3584 ebdrv - ok
18:29:37.0498 3584 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:29:37.0513 3584 EFS - ok
18:29:37.0575 3584 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:29:37.0613 3584 ehRecvr - ok
18:29:37.0656 3584 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:29:37.0670 3584 ehSched - ok
18:29:37.0763 3584 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
18:29:37.0779 3584 elxstor - ok
18:29:37.0818 3584 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:29:37.0879 3584 ErrDev - ok
18:29:37.0910 3584 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:29:37.0960 3584 EventSystem - ok
18:29:38.0040 3584 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:29:38.0072 3584 exfat - ok
18:29:38.0120 3584 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:29:38.0164 3584 fastfat - ok
18:29:38.0238 3584 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:29:38.0274 3584 Fax - ok
18:29:38.0339 3584 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
18:29:38.0359 3584 fdc - ok
18:29:38.0478 3584 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:29:38.0528 3584 fdPHost - ok
18:29:38.0673 3584 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:29:38.0702 3584 FDResPub - ok
18:29:38.0784 3584 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:29:38.0793 3584 FileInfo - ok
18:29:38.0824 3584 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:29:38.0857 3584 Filetrace - ok
18:29:38.0897 3584 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
18:29:38.0908 3584 flpydisk - ok
18:29:38.0926 3584 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:29:38.0939 3584 FltMgr - ok
18:29:39.0002 3584 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:29:39.0061 3584 FontCache - ok
18:29:39.0137 3584 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:29:39.0154 3584 FontCache3.0.0.0 - ok
18:29:39.0174 3584 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:29:39.0183 3584 FsDepends - ok
18:29:39.0221 3584 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:29:39.0229 3584 Fs_Rec - ok
18:29:39.0247 3584 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:29:39.0260 3584 fvevol - ok
18:29:39.0283 3584 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
18:29:39.0307 3584 gagp30kx - ok
18:29:39.0376 3584 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
18:29:39.0395 3584 GamesAppService - ok
18:29:39.0458 3584 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:29:39.0513 3584 gpsvc - ok
18:29:39.0539 3584 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:29:39.0571 3584 hcw85cir - ok
18:29:39.0618 3584 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:29:39.0642 3584 HdAudAddService - ok
18:29:39.0663 3584 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:29:39.0682 3584 HDAudBus - ok
18:29:39.0698 3584 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
18:29:39.0723 3584 HidBatt - ok
18:29:39.0737 3584 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
18:29:39.0752 3584 HidBth - ok
18:29:39.0795 3584 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
18:29:39.0809 3584 HidIr - ok
18:29:39.0824 3584 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:29:39.0858 3584 hidserv - ok
18:29:39.0940 3584 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:29:39.0951 3584 HidUsb - ok
18:29:39.0966 3584 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:29:40.0006 3584 hkmsvc - ok
18:29:40.0046 3584 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:29:40.0082 3584 HomeGroupListener - ok
18:29:40.0127 3584 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:29:40.0168 3584 HomeGroupProvider - ok
18:29:40.0285 3584 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
18:29:40.0305 3584 HP Support Assistant Service - ok
18:29:40.0372 3584 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
18:29:40.0384 3584 HPClientSvc - ok
18:29:40.0418 3584 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
18:29:40.0426 3584 HPDrvMntSvc.exe - ok
18:29:40.0502 3584 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
18:29:40.0532 3584 hpqwmiex - ok
18:29:40.0571 3584 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:29:40.0580 3584 HpSAMD - ok
18:29:40.0654 3584 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:29:40.0710 3584 HTTP - ok
18:29:40.0767 3584 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:29:40.0795 3584 hwpolicy - ok
18:29:40.0856 3584 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:29:40.0869 3584 i8042prt - ok
18:29:40.0918 3584 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:29:40.0932 3584 iaStorV - ok
18:29:41.0053 3584 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:29:41.0083 3584 idsvc - ok
18:29:41.0225 3584 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:29:41.0376 3584 igfx - ok
18:29:41.0395 3584 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
18:29:41.0411 3584 iirsp - ok
18:29:41.0467 3584 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:29:41.0524 3584 IKEEXT - ok
18:29:41.0793 3584 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
18:29:41.0829 3584 IntcAzAudAddService - ok
18:29:41.0944 3584 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:29:41.0962 3584 intelide - ok
18:29:42.0025 3584 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
18:29:42.0046 3584 intelppm - ok
18:29:42.0093 3584 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:29:42.0129 3584 IPBusEnum - ok
18:29:42.0200 3584 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:29:42.0239 3584 IpFilterDriver - ok
18:29:42.0307 3584 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:29:42.0351 3584 iphlpsvc - ok
18:29:42.0369 3584 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:29:42.0394 3584 IPMIDRV - ok
18:29:42.0408 3584 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:29:42.0438 3584 IPNAT - ok
18:29:42.0474 3584 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:29:42.0489 3584 IRENUM - ok
18:29:42.0509 3584 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:29:42.0518 3584 isapnp - ok
18:29:42.0551 3584 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:29:42.0564 3584 iScsiPrt - ok
18:29:42.0578 3584 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:29:42.0586 3584 kbdclass - ok
18:29:42.0603 3584 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:29:42.0626 3584 kbdhid - ok
18:29:42.0692 3584 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:29:42.0703 3584 KeyIso - ok
18:29:42.0726 3584 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:29:42.0736 3584 KSecDD - ok
18:29:42.0934 3584 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:29:42.0954 3584 KSecPkg - ok
18:29:42.0999 3584 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:29:43.0035 3584 ksthunk - ok
18:29:43.0065 3584 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:29:43.0117 3584 KtmRm - ok
18:29:43.0179 3584 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
18:29:43.0223 3584 LanmanServer - ok
18:29:43.0243 3584 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:29:43.0292 3584 LanmanWorkstation - ok
18:29:43.0351 3584 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:29:43.0383 3584 lltdio - ok
18:29:43.0411 3584 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:29:43.0450 3584 lltdsvc - ok
18:29:43.0486 3584 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:29:43.0515 3584 lmhosts - ok
18:29:43.0560 3584 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
18:29:43.0570 3584 LSI_FC - ok
18:29:43.0668 3584 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
18:29:43.0679 3584 LSI_SAS - ok
18:29:43.0694 3584 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
18:29:43.0704 3584 LSI_SAS2 - ok
18:29:43.0728 3584 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
18:29:43.0745 3584 LSI_SCSI - ok
18:29:43.0762 3584 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:29:43.0795 3584 luafv - ok
18:29:43.0841 3584 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:29:43.0855 3584 Mcx2Svc - ok
18:29:43.0879 3584 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
18:29:43.0888 3584 megasas - ok
18:29:43.0910 3584 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
18:29:43.0924 3584 MegaSR - ok
18:29:43.0974 3584 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
18:29:43.0984 3584 mfeapfk - ok
18:29:44.0052 3584 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
18:29:44.0069 3584 mfehidk - ok
18:29:44.0119 3584 mfevtp (3ed58a36f7f7d60f0ef44d29810b0b80) C:\Windows\system32\mfevtps.exe
18:29:44.0129 3584 mfevtp - ok
18:29:44.0140 3584 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:29:44.0177 3584 MMCSS - ok
18:29:44.0198 3584 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:29:44.0239 3584 Modem - ok
18:29:44.0260 3584 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:29:44.0279 3584 monitor - ok
18:29:44.0334 3584 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:29:44.0342 3584 mouclass - ok
18:29:44.0356 3584 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:29:44.0376 3584 mouhid - ok
18:29:44.0413 3584 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:29:44.0423 3584 mountmgr - ok
18:29:44.0450 3584 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:29:44.0469 3584 mpio - ok
18:29:44.0485 3584 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:29:44.0514 3584 mpsdrv - ok
18:29:44.0535 3584 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:29:44.0573 3584 MpsSvc - ok
18:29:44.0616 3584 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:29:44.0659 3584 MRxDAV - ok
18:29:44.0747 3584 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:29:44.0790 3584 mrxsmb - ok
18:29:44.0813 3584 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:29:44.0831 3584 mrxsmb10 - ok
18:29:44.0849 3584 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:29:44.0862 3584 mrxsmb20 - ok
18:29:44.0878 3584 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:29:44.0887 3584 msahci - ok
18:29:44.0912 3584 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:29:44.0922 3584 msdsm - ok
18:29:44.0934 3584 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:29:44.0956 3584 MSDTC - ok
18:29:44.0971 3584 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:29:44.0999 3584 Msfs - ok
18:29:45.0011 3584 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:29:45.0040 3584 mshidkmdf - ok
18:29:45.0071 3584 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:29:45.0079 3584 msisadrv - ok
18:29:45.0146 3584 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:29:45.0178 3584 MSiSCSI - ok
18:29:45.0229 3584 msiserver - ok
18:29:45.0285 3584 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:29:45.0322 3584 MSKSSRV - ok
18:29:45.0334 3584 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:29:45.0372 3584 MSPCLOCK - ok
18:29:45.0387 3584 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:29:45.0424 3584 MSPQM - ok
18:29:45.0447 3584 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:29:45.0460 3584 MsRPC - ok
18:29:45.0473 3584 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:29:45.0481 3584 mssmbios - ok
18:29:45.0520 3584 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:29:45.0562 3584 MSTEE - ok
18:29:45.0610 3584 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
18:29:45.0630 3584 MTConfig - ok
18:29:45.0667 3584 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:29:45.0676 3584 Mup - ok
18:29:45.0768 3584 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:29:45.0806 3584 napagent - ok
18:29:45.0869 3584 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:29:45.0900 3584 NativeWifiP - ok
18:29:45.0958 3584 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:29:45.0980 3584 NDIS - ok
18:29:45.0997 3584 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:29:46.0027 3584 NdisCap - ok
18:29:46.0047 3584 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:29:46.0076 3584 NdisTapi - ok
18:29:46.0090 3584 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:29:46.0129 3584 Ndisuio - ok
18:29:46.0149 3584 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:29:46.0187 3584 NdisWan - ok
18:29:46.0213 3584 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:29:46.0241 3584 NDProxy - ok
18:29:46.0252 3584 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:29:46.0290 3584 NetBIOS - ok
18:29:46.0320 3584 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:29:46.0349 3584 NetBT - ok
18:29:46.0405 3584 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:29:46.0416 3584 Netlogon - ok
18:29:46.0466 3584 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:29:46.0500 3584 Netman - ok
18:29:46.0581 3584 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:29:46.0601 3584 NetMsmqActivator - ok
18:29:46.0605 3584 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:29:46.0613 3584 NetPipeActivator - ok
18:29:46.0695 3584 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:29:46.0757 3584 netprofm - ok
18:29:46.0763 3584 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:29:46.0772 3584 NetTcpActivator - ok
18:29:46.0776 3584 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:29:46.0784 3584 NetTcpPortSharing - ok
18:29:46.0933 3584 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
18:29:46.0947 3584 nfrd960 - ok
18:29:46.0993 3584 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:29:47.0032 3584 NlaSvc - ok
18:29:47.0074 3584 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:29:47.0103 3584 Npfs - ok
18:29:47.0115 3584 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:29:47.0151 3584 nsi - ok
18:29:47.0168 3584 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:29:47.0197 3584 nsiproxy - ok
18:29:47.0251 3584 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:29:47.0301 3584 Ntfs - ok
18:29:47.0315 3584 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:29:47.0343 3584 Null - ok
18:29:47.0392 3584 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:29:47.0404 3584 nvraid - ok
18:29:47.0454 3584 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:29:47.0466 3584 nvstor - ok
18:29:47.0590 3584 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:29:47.0605 3584 nv_agp - ok
18:29:47.0626 3584 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:29:47.0639 3584 ohci1394 - ok
18:29:47.0745 3584 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:29:47.0755 3584 ose - ok
18:29:47.0866 3584 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:29:47.0985 3584 osppsvc - ok
18:29:48.0092 3584 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:29:48.0141 3584 p2pimsvc - ok
18:29:48.0201 3584 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:29:48.0218 3584 p2psvc - ok
18:29:48.0275 3584 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
18:29:48.0287 3584 Parport - ok
18:29:48.0314 3584 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:29:48.0323 3584 partmgr - ok
18:29:48.0339 3584 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:29:48.0362 3584 PcaSvc - ok
18:29:48.0382 3584 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:29:48.0393 3584 pci - ok
18:29:48.0419 3584 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:29:48.0432 3584 pciide - ok
18:29:48.0461 3584 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
18:29:48.0473 3584 pcmcia - ok
18:29:48.0491 3584 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:29:48.0499 3584 pcw - ok
18:29:48.0578 3584 pdfcDispatcher - ok
18:29:48.0671 3584 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:29:48.0742 3584 PEAUTH - ok
18:29:48.0804 3584 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:29:48.0826 3584 PerfHost - ok
18:29:48.0970 3584 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:29:49.0032 3584 pla - ok
18:29:49.0096 3584 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:29:49.0131 3584 PlugPlay - ok
18:29:49.0142 3584 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:29:49.0162 3584 PNRPAutoReg - ok
18:29:49.0191 3584 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:29:49.0204 3584 PNRPsvc - ok
18:29:49.0228 3584 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:29:49.0270 3584 PolicyAgent - ok
18:29:49.0291 3584 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:29:49.0328 3584 Power - ok
18:29:49.0402 3584 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:29:49.0440 3584 PptpMiniport - ok
18:29:49.0535 3584 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
18:29:49.0565 3584 Processor - ok
18:29:49.0633 3584 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
18:29:49.0672 3584 ProfSvc - ok
18:29:49.0686 3584 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:29:49.0697 3584 ProtectedStorage - ok
18:29:49.0718 3584 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:29:49.0747 3584 Psched - ok
18:29:49.0863 3584 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
18:29:49.0918 3584 ql2300 - ok
18:29:49.0945 3584 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
18:29:49.0963 3584 ql40xx - ok
18:29:49.0990 3584 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:29:50.0008 3584 QWAVE - ok
18:29:50.0025 3584 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:29:50.0063 3584 QWAVEdrv - ok
18:29:50.0097 3584 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:29:50.0126 3584 RasAcd - ok
18:29:50.0175 3584 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:29:50.0205 3584 RasAgileVpn - ok
18:29:50.0231 3584 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:29:50.0265 3584 RasAuto - ok
18:29:50.0280 3584 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:29:50.0318 3584 Rasl2tp - ok
18:29:50.0354 3584 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:29:50.0386 3584 RasMan - ok
18:29:50.0401 3584 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:29:50.0440 3584 RasPppoe - ok
18:29:50.0458 3584 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:29:50.0488 3584 RasSstp - ok
18:29:50.0526 3584 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:29:50.0562 3584 rdbss - ok
18:29:50.0615 3584 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
18:29:50.0629 3584 rdpbus - ok
18:29:50.0661 3584 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:29:50.0695 3584 RDPCDD - ok
18:29:50.0745 3584 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:29:50.0787 3584 RDPENCDD - ok
18:29:50.0909 3584 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:29:50.0937 3584 RDPREFMP - ok
18:29:51.0035 3584 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
18:29:51.0083 3584 RDPWD - ok
18:29:51.0116 3584 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:29:51.0128 3584 rdyboost - ok
18:29:51.0149 3584 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:29:51.0185 3584 RemoteAccess - ok
18:29:51.0233 3584 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:29:51.0270 3584 RemoteRegistry - ok
18:29:51.0323 3584 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
18:29:51.0339 3584 RoxioNow Service - ok
18:29:51.0363 3584 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:29:51.0403 3584 RpcEptMapper - ok
18:29:51.0414 3584 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:29:51.0427 3584 RpcLocator - ok
18:29:51.0443 3584 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:29:51.0475 3584 RpcSs - ok
18:29:51.0526 3584 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:29:51.0561 3584 rspndr - ok
18:29:51.0665 3584 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:29:51.0677 3584 RTL8167 - ok
18:29:51.0700 3584 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:29:51.0711 3584 SamSs - ok
18:29:51.0822 3584 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:29:51.0843 3584 sbp2port - ok
18:29:51.0871 3584 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:29:51.0903 3584 SCardSvr - ok
18:29:51.0937 3584 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:29:51.0971 3584 scfilter - ok
18:29:52.0001 3584 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:29:52.0056 3584 Schedule - ok
18:29:52.0101 3584 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:29:52.0128 3584 SCPolicySvc - ok
18:29:52.0205 3584 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:29:52.0239 3584 SDRSVC - ok
18:29:52.0307 3584 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
18:29:52.0318 3584 SeaPort - ok
18:29:52.0344 3584 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:29:52.0397 3584 secdrv - ok
18:29:52.0442 3584 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:29:52.0470 3584 seclogon - ok
18:29:52.0525 3584 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:29:52.0578 3584 SENS - ok
18:29:52.0633 3584 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:29:52.0671 3584 SensrSvc - ok
18:29:52.0726 3584 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
18:29:52.0747 3584 Serenum - ok
18:29:52.0774 3584 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
18:29:52.0795 3584 Serial - ok
18:29:52.0813 3584 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
18:29:52.0837 3584 sermouse - ok
18:29:52.0858 3584 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:29:52.0893 3584 SessionEnv - ok
18:29:52.0920 3584 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:29:52.0939 3584 sffdisk - ok
18:29:52.0947 3584 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:29:52.0961 3584 sffp_mmc - ok
18:29:52.0981 3584 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:29:52.0995 3584 sffp_sd - ok
18:29:53.0012 3584 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
18:29:53.0024 3584 sfloppy - ok
18:29:53.0064 3584 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
18:29:53.0080 3584 Sftfs - ok
18:29:53.0180 3584 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:29:53.0195 3584 sftlist - ok
18:29:53.0213 3584 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:29:53.0223 3584 Sftplay - ok
18:29:53.0239 3584 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:29:53.0245 3584 Sftredir - ok
18:29:53.0329 3584 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
18:29:53.0336 3584 Sftvol - ok
18:29:53.0404 3584 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:29:53.0422 3584 sftvsa - ok
18:29:53.0452 3584 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:29:53.0485 3584 SharedAccess - ok
18:29:53.0520 3584 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:29:53.0570 3584 ShellHWDetection - ok
18:29:53.0608 3584 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
18:29:53.0617 3584 SiSRaid2 - ok
18:29:53.0638 3584 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
18:29:53.0647 3584 SiSRaid4 - ok
18:29:53.0693 3584 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:29:53.0746 3584 Smb - ok
18:29:53.0790 3584 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:29:53.0811 3584 SNMPTRAP - ok
18:29:53.0836 3584 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:29:53.0843 3584 spldr - ok
18:29:53.0876 3584 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:29:53.0911 3584 Spooler - ok
18:29:54.0278 3584 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:29:54.0385 3584 sppsvc - ok
18:29:54.0399 3584 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:29:54.0432 3584 sppuinotify - ok
18:29:54.0489 3584 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:29:54.0532 3584 srv - ok
18:29:54.0557 3584 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:29:54.0580 3584 srv2 - ok
18:29:54.0617 3584 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:29:54.0630 3584 srvnet - ok
18:29:54.0669 3584 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:29:54.0711 3584 SSDPSRV - ok
18:29:54.0748 3584 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:29:54.0779 3584 SstpSvc - ok
18:29:54.0803 3584 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
18:29:54.0820 3584 stexstor - ok
18:29:54.0881 3584 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:29:54.0903 3584 stisvc - ok
18:29:54.0937 3584 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:29:54.0944 3584 swenum - ok
18:29:54.0964 3584 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:29:55.0004 3584 swprv - ok
18:29:55.0095 3584 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:29:55.0158 3584 SysMain - ok
18:29:55.0184 3584 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:29:55.0205 3584 TabletInputService - ok
18:29:55.0226 3584 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:29:55.0261 3584 TapiSrv - ok
18:29:55.0287 3584 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:29:55.0316 3584 TBS - ok
18:29:55.0535 3584 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:29:55.0590 3584 Tcpip - ok
18:29:55.0651 3584 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:29:55.0681 3584 TCPIP6 - ok
18:29:55.0800 3584 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:29:55.0832 3584 tcpipreg - ok
18:29:55.0850 3584 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:29:55.0862 3584 TDPIPE - ok
18:29:55.0894 3584 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:29:55.0915 3584 TDTCP - ok
18:29:55.0935 3584 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:29:55.0963 3584 tdx - ok
18:29:55.0991 3584 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:29:55.0999 3584 TermDD - ok
18:29:56.0043 3584 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:29:56.0088 3584 TermService - ok
18:29:56.0101 3584 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:29:56.0117 3584 Themes - ok
18:29:56.0145 3584 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:29:56.0174 3584 THREADORDER - ok
18:29:56.0186 3584 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:29:56.0217 3584 TrkWks - ok
18:29:56.0235 3584 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:29:56.0273 3584 TrustedInstaller - ok
18:29:56.0284 3584 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:29:56.0317 3584 tssecsrv - ok
18:29:56.0360 3584 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:29:56.0381 3584 TsUsbFlt - ok
18:29:56.0409 3584 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
18:29:56.0420 3584 TsUsbGD - ok
18:29:56.0470 3584 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:29:56.0507 3584 tunnel - ok
18:29:56.0522 3584 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
18:29:56.0537 3584 uagp35 - ok
18:29:56.0558 3584 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:29:56.0599 3584 udfs - ok
18:29:56.0634 3584 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:29:56.0648 3584 UI0Detect - ok
18:29:56.0697 3584 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:29:56.0706 3584 uliagpkx - ok
18:29:56.0751 3584 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:29:56.0762 3584 umbus - ok
18:29:56.0793 3584 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
18:29:56.0815 3584 UmPass - ok
18:29:56.0836 3584 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:29:56.0876 3584 upnphost - ok
18:29:56.0947 3584 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:29:56.0965 3584 usbccgp - ok
18:29:56.0986 3584 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:29:57.0001 3584 usbcir - ok
18:29:57.0017 3584 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:29:57.0033 3584 usbehci - ok
18:29:57.0052 3584 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\drivers\usbfilter.sys
18:29:57.0060 3584 usbfilter - ok
18:29:57.0079 3584 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:29:57.0104 3584 usbhub - ok
18:29:57.0120 3584 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:29:57.0136 3584 usbohci - ok
18:29:57.0193 3584 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:29:57.0212 3584 usbprint - ok
18:29:57.0226 3584 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:29:57.0240 3584 usbscan - ok
18:29:57.0261 3584 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:29:57.0288 3584 USBSTOR - ok
18:29:57.0309 3584 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:29:57.0329 3584 usbuhci - ok
18:29:57.0352 3584 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:29:57.0392 3584 UxSms - ok
18:29:57.0411 3584 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:29:57.0422 3584 VaultSvc - ok
18:29:57.0485 3584 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:29:57.0494 3584 vdrvroot - ok
18:29:57.0511 3584 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:29:57.0552 3584 vds - ok
18:29:57.0597 3584 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:29:57.0611 3584 vga - ok
18:29:57.0668 3584 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:29:57.0706 3584 VgaSave - ok
18:29:57.0730 3584 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:29:57.0741 3584 vhdmp - ok
18:29:57.0769 3584 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:29:57.0778 3584 viaide - ok
18:29:57.0795 3584 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:29:57.0804 3584 volmgr - ok
18:29:57.0826 3584 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:29:57.0840 3584 volmgrx - ok
18:29:57.0854 3584 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:29:57.0867 3584 volsnap - ok
18:29:57.0889 3584 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
18:29:57.0899 3584 vsmraid - ok
18:29:57.0955 3584 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:29:58.0017 3584 VSS - ok
18:29:58.0041 3584 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:29:58.0066 3584 vwifibus - ok
18:29:58.0118 3584 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:29:58.0152 3584 W32Time - ok
18:29:58.0177 3584 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
18:29:58.0193 3584 WacomPen - ok
18:29:58.0240 3584 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:29:58.0273 3584 WANARP - ok
18:29:58.0277 3584 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:29:58.0304 3584 Wanarpv6 - ok
18:29:58.0372 3584 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:29:58.0423 3584 WatAdminSvc - ok
18:29:58.0455 3584 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:29:58.0509 3584 wbengine - ok
18:29:58.0526 3584 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:29:58.0544 3584 WbioSrvc - ok
18:29:58.0612 3584 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:29:58.0644 3584 wcncsvc - ok
18:29:58.0663 3584 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:29:58.0680 3584 WcsPlugInService - ok
18:29:58.0716 3584 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
18:29:58.0728 3584 Wd - ok
18:29:58.0767 3584 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:29:58.0785 3584 Wdf01000 - ok
18:29:58.0798 3584 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:29:58.0871 3584 WdiServiceHost - ok
18:29:58.0874 3584 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:29:58.0890 3584 WdiSystemHost - ok
18:29:58.0929 3584 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:29:58.0948 3584 WebClient - ok
18:29:58.0991 3584 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:29:59.0036 3584 Wecsvc - ok
18:29:59.0074 3584 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:29:59.0112 3584 wercplsupport - ok
18:29:59.0157 3584 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:29:59.0187 3584 WerSvc - ok
18:29:59.0225 3584 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:29:59.0254 3584 WfpLwf - ok
18:29:59.0286 3584 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:29:59.0295 3584 WIMMount - ok
18:29:59.0311 3584 WinDefend - ok
18:29:59.0319 3584 WinHttpAutoProxySvc - ok
18:29:59.0360 3584 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:29:59.0391 3584 Winmgmt - ok
18:29:59.0433 3584 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:29:59.0502 3584 WinRM - ok
18:29:59.0600 3584 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:29:59.0614 3584 WinUsb - ok
18:29:59.0746 3584 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:29:59.0798 3584 Wlansvc - ok
18:29:59.0869 3584 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:29:59.0881 3584 wlcrasvc - ok
18:29:59.0968 3584 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:30:00.0025 3584 wlidsvc - ok
18:30:00.0049 3584 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:30:00.0062 3584 WmiAcpi - ok
18:30:00.0108 3584 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:30:00.0136 3584 wmiApSrv - ok
18:30:00.0178 3584 WMPNetworkSvc - ok
18:30:00.0217 3584 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:30:00.0230 3584 WPCSvc - ok
18:30:00.0247 3584 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:30:00.0262 3584 WPDBusEnum - ok
18:30:00.0280 3584 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:30:00.0308 3584 ws2ifsl - ok
18:30:00.0344 3584 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
18:30:00.0369 3584 wscsvc - ok
18:30:00.0376 3584 WSearch - ok
18:30:00.0522 3584 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
18:30:00.0603 3584 wuauserv - ok
18:30:00.0634 3584 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:30:00.0671 3584 WudfPf - ok
18:30:00.0730 3584 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:30:00.0760 3584 WUDFRd - ok
18:30:00.0793 3584 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:30:00.0822 3584 wudfsvc - ok
18:30:00.0879 3584 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:30:00.0917 3584 WwanSvc - ok
18:30:00.0965 3584 MBR (0x1B8) (6f9dd6ab827c8b46cad334291946f201) \Device\Harddisk0\DR0
18:30:02.0686 3584 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:30:02.0686 3584 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:30:02.0703 3584 Boot (0x1200) (b920e4bc4db2a2f85672de53afd62e83) \Device\Harddisk0\DR0\Partition0
18:30:02.0705 3584 \Device\Harddisk0\DR0\Partition0 - ok
18:30:02.0716 3584 Boot (0x1200) (6c565c6c6da482cbbc6f595924924585) \Device\Harddisk0\DR0\Partition1
18:30:02.0726 3584 \Device\Harddisk0\DR0\Partition1 - ok
18:30:02.0750 3584 Boot (0x1200) (bff80509c2c7cfccb6c9f2aed897ec2b) \Device\Harddisk0\DR0\Partition2
18:30:02.0751 3584 \Device\Harddisk0\DR0\Partition2 - ok
18:30:02.0751 3584 ============================================================
18:30:02.0751 3584 Scan finished
18:30:02.0751 3584 ============================================================
18:30:02.0762 3100 Detected object count: 1
18:30:02.0762 3100 Actual detected object count: 1
18:30:14.0697 3100 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
18:30:14.0699 3100 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
18:30:14.0712 3100 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
18:30:14.0718 3100 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
18:30:14.0732 3100 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
18:30:14.0741 3100 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
18:30:14.0742 3100 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
18:30:14.0743 3100 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
18:30:14.0745 3100 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
18:30:14.0747 3100 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
18:30:14.0750 3100 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
18:30:14.0751 3100 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
18:30:14.0752 3100 \Device\Harddisk0\DR0\TDLFS - deleted
18:30:14.0752 3100 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
-
gotta get to work. will check back this evening. thanks for you continued help!
)
svchost trojan - search redirects
in Resolved Malware Removal Logs
Posted
worked indeed... you are the man. thanks so, so much for all your help!