headinhome

gotta get to work. will check back this evening. thanks for you continued help!

08:02:15.0155 2360 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32 08:02:15.0541 2360 ============================================================ 08:02:15.0541 2360 Current date / time: 2012/04/04 08:02:15.0541 08:02:15.0541 2360 SystemInfo: 08:02:15.0541 2360 08:02:15.0541 2360 OS Version: 6.1.7601 ServicePack: 1.0 08:02:15.0541 2360 Product type: Workstation 08:02:15.0541 2360 ComputerName: AUG-11-HP 08:02:15.0541 2360 UserName: Aug-11 08:02:15.0541 2360 Windows directory: C:\Windows 08:02:15.0541 2360 System windows directory: C:\Windows 08:02:15.0541 2360 Running under WOW64 08:02:15.0541 2360 Processor architecture: Intel x64 08:02:15.0541 2360 Number of processors: 4 08:02:15.0541 2360 Page size: 0x1000 08:02:15.0541 2360 Boot type: Normal boot 08:02:15.0541 2360 ============================================================ 08:02:17.0283 2360 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 08:02:17.0379 2360 \Device\Harddisk0\DR0: 08:02:17.0380 2360 MBR used 08:02:17.0380 2360 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 08:02:17.0380 2360 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x73081800 08:02:17.0380 2360 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x730B4000, BlocksNum 0x1652000 08:02:17.0523 2360 Initialize success 08:02:17.0523 2360 ============================================================ 08:02:50.0347 5100 ============================================================ 08:02:50.0347 5100 Scan started 08:02:50.0347 5100 Mode: Manual; SigCheck; TDLFS; 08:02:50.0347 5100 ============================================================ 08:02:50.0784 5100 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 08:02:50.0846 5100 1394ohci - ok 08:02:50.0893 5100 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 08:02:50.0908 5100 ACPI - ok 08:02:50.0924 5100 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 08:02:50.0955 5100 AcpiPmi - ok 08:02:50.0986 5100 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 08:02:51.0002 5100 adp94xx - ok 08:02:51.0033 5100 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 08:02:51.0049 5100 adpahci - ok 08:02:51.0064 5100 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 08:02:51.0080 5100 adpu320 - ok 08:02:51.0096 5100 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 08:02:51.0174 5100 AeLookupSvc - ok 08:02:51.0205 5100 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 08:02:51.0236 5100 AFD - ok 08:02:51.0345 5100 AffinegyService (b29bc445561f1ac7b1daf67af954c36b) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe 08:02:51.0361 5100 AffinegyService - ok 08:02:51.0408 5100 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 08:02:51.0408 5100 agp440 - ok 08:02:51.0439 5100 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 08:02:51.0454 5100 ALG - ok 08:02:51.0470 5100 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 08:02:51.0486 5100 aliide - ok 08:02:51.0501 5100 AMD External Events Utility (ca0d6c1390f4b3baf2a0a69d1a7f8332) C:\Windows\system32\atiesrxx.exe 08:02:51.0532 5100 AMD External Events Utility - ok 08:02:51.0548 5100 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 08:02:51.0548 5100 amdide - ok 08:02:51.0564 5100 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 08:02:51.0595 5100 AmdK8 - ok 08:02:51.0688 5100 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys 08:02:51.0829 5100 amdkmdag - ok 08:02:51.0860 5100 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys 08:02:51.0876 5100 amdkmdap - ok 08:02:51.0922 5100 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys 08:02:51.0954 5100 AmdPPM - ok 08:02:51.0969 5100 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 08:02:51.0985 5100 amdsata - ok 08:02:52.0016 5100 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 08:02:52.0032 5100 amdsbs - ok 08:02:52.0047 5100 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 08:02:52.0063 5100 amdxata - ok 08:02:52.0078 5100 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\Windows\system32\drivers\amd_sata.sys 08:02:52.0094 5100 amd_sata - ok 08:02:52.0141 5100 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\Windows\system32\drivers\amd_xata.sys 08:02:52.0141 5100 amd_xata - ok 08:02:52.0203 5100 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 08:02:52.0297 5100 AppID - ok 08:02:52.0328 5100 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 08:02:52.0359 5100 AppIDSvc - ok 08:02:52.0375 5100 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 08:02:52.0406 5100 Appinfo - ok 08:02:52.0468 5100 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 08:02:52.0468 5100 arc - ok 08:02:52.0500 5100 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 08:02:52.0515 5100 arcsas - ok 08:02:52.0578 5100 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 08:02:52.0578 5100 aspnet_state - ok 08:02:52.0609 5100 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 08:02:52.0656 5100 AsyncMac - ok 08:02:52.0702 5100 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 08:02:52.0718 5100 atapi - ok 08:02:52.0765 5100 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\drivers\AtiPcie64.sys 08:02:52.0780 5100 AtiPcie - ok 08:02:52.0796 5100 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 08:02:52.0843 5100 AudioEndpointBuilder - ok 08:02:52.0843 5100 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 08:02:52.0874 5100 AudioSrv - ok 08:02:52.0968 5100 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 08:02:52.0999 5100 AxInstSV - ok 08:02:53.0030 5100 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 08:02:53.0061 5100 b06bdrv - ok 08:02:53.0077 5100 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 08:02:53.0108 5100 b57nd60a - ok 08:02:53.0139 5100 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 08:02:53.0155 5100 BDESVC - ok 08:02:53.0170 5100 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 08:02:53.0217 5100 Beep - ok 08:02:53.0264 5100 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 08:02:53.0311 5100 BFE - ok 08:02:53.0342 5100 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll 08:02:53.0389 5100 BITS - ok 08:02:53.0451 5100 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys 08:02:53.0467 5100 blbdrive - ok 08:02:53.0498 5100 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 08:02:53.0514 5100 bowser - ok 08:02:53.0545 5100 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 08:02:53.0560 5100 BrFiltLo - ok 08:02:53.0576 5100 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 08:02:53.0576 5100 BrFiltUp - ok 08:02:53.0638 5100 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 08:02:53.0670 5100 BridgeMP - ok 08:02:53.0701 5100 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 08:02:53.0732 5100 Browser - ok 08:02:53.0763 5100 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 08:02:53.0794 5100 Brserid - ok 08:02:53.0826 5100 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 08:02:53.0857 5100 BrSerWdm - ok 08:02:53.0872 5100 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 08:02:53.0888 5100 BrUsbMdm - ok 08:02:53.0919 5100 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 08:02:53.0919 5100 BrUsbSer - ok 08:02:53.0950 5100 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 08:02:53.0966 5100 BTHMODEM - ok 08:02:53.0997 5100 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 08:02:54.0028 5100 bthserv - ok 08:02:54.0200 5100 CarboniteService (9da7d983b4e9ea2d065edf566ca64fc8) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe 08:02:54.0325 5100 CarboniteService - ok 08:02:54.0340 5100 catchme - ok 08:02:54.0372 5100 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 08:02:54.0403 5100 cdfs - ok 08:02:54.0450 5100 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 08:02:54.0465 5100 cdrom - ok 08:02:54.0496 5100 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 08:02:54.0528 5100 CertPropSvc - ok 08:02:54.0543 5100 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 08:02:54.0543 5100 circlass - ok 08:02:54.0574 5100 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 08:02:54.0590 5100 CLFS - ok 08:02:54.0621 5100 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 08:02:54.0637 5100 clr_optimization_v2.0.50727_32 - ok 08:02:54.0668 5100 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 08:02:54.0684 5100 clr_optimization_v2.0.50727_64 - ok 08:02:54.0730 5100 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 08:02:54.0730 5100 clr_optimization_v4.0.30319_32 - ok 08:02:54.0777 5100 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 08:02:54.0777 5100 clr_optimization_v4.0.30319_64 - ok 08:02:54.0808 5100 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys 08:02:54.0824 5100 CmBatt - ok 08:02:54.0855 5100 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 08:02:54.0855 5100 cmdide - ok 08:02:54.0886 5100 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 08:02:54.0902 5100 CNG - ok 08:02:54.0918 5100 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys 08:02:54.0918 5100 Compbatt - ok 08:02:54.0964 5100 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 08:02:54.0996 5100 CompositeBus - ok 08:02:54.0996 5100 COMSysApp - ok 08:02:55.0011 5100 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 08:02:55.0027 5100 crcdisk - ok 08:02:55.0042 5100 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 08:02:55.0074 5100 CryptSvc - ok 08:02:55.0167 5100 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 08:02:55.0183 5100 cvhsvc - ok 08:02:55.0214 5100 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 08:02:55.0261 5100 DcomLaunch - ok 08:02:55.0276 5100 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 08:02:55.0308 5100 defragsvc - ok 08:02:55.0339 5100 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 08:02:55.0370 5100 DfsC - ok 08:02:55.0386 5100 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 08:02:55.0432 5100 Dhcp - ok 08:02:55.0448 5100 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 08:02:55.0479 5100 discache - ok 08:02:55.0542 5100 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 08:02:55.0557 5100 Disk - ok 08:02:55.0588 5100 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 08:02:55.0588 5100 Dnscache - ok 08:02:55.0620 5100 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 08:02:55.0651 5100 dot3svc - ok 08:02:55.0666 5100 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 08:02:55.0713 5100 DPS - ok 08:02:55.0760 5100 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 08:02:55.0776 5100 drmkaud - ok 08:02:55.0807 5100 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 08:02:55.0822 5100 DXGKrnl - ok 08:02:55.0869 5100 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 08:02:55.0900 5100 EapHost - ok 08:02:55.0963 5100 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 08:02:56.0025 5100 ebdrv - ok 08:02:56.0072 5100 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 08:02:56.0088 5100 EFS - ok 08:02:56.0134 5100 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 08:02:56.0150 5100 ehRecvr - ok 08:02:56.0166 5100 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 08:02:56.0181 5100 ehSched - ok 08:02:56.0228 5100 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 08:02:56.0244 5100 elxstor - ok 08:02:56.0275 5100 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 08:02:56.0306 5100 ErrDev - ok 08:02:56.0322 5100 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 08:02:56.0368 5100 EventSystem - ok 08:02:56.0431 5100 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 08:02:56.0462 5100 exfat - ok 08:02:56.0478 5100 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 08:02:56.0509 5100 fastfat - ok 08:02:56.0540 5100 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 08:02:56.0571 5100 Fax - ok 08:02:56.0587 5100 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 08:02:56.0602 5100 fdc - ok 08:02:56.0618 5100 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 08:02:56.0649 5100 fdPHost - ok 08:02:56.0665 5100 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 08:02:56.0696 5100 FDResPub - ok 08:02:56.0712 5100 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 08:02:56.0712 5100 FileInfo - ok 08:02:56.0727 5100 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 08:02:56.0758 5100 Filetrace - ok 08:02:56.0774 5100 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 08:02:56.0790 5100 flpydisk - ok 08:02:56.0805 5100 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 08:02:56.0821 5100 FltMgr - ok 08:02:56.0868 5100 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 08:02:56.0899 5100 FontCache - ok 08:02:56.0946 5100 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 08:02:56.0961 5100 FontCache3.0.0.0 - ok 08:02:56.0977 5100 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 08:02:56.0977 5100 FsDepends - ok 08:02:56.0992 5100 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 08:02:57.0008 5100 Fs_Rec - ok 08:02:57.0024 5100 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 08:02:57.0039 5100 fvevol - ok 08:02:57.0070 5100 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 08:02:57.0070 5100 gagp30kx - ok 08:02:57.0148 5100 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 08:02:57.0148 5100 GamesAppService - ok 08:02:57.0195 5100 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 08:02:57.0226 5100 gpsvc - ok 08:02:57.0242 5100 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 08:02:57.0273 5100 hcw85cir - ok 08:02:57.0304 5100 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 08:02:57.0336 5100 HdAudAddService - ok 08:02:57.0382 5100 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys 08:02:57.0398 5100 HDAudBus - ok 08:02:57.0414 5100 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 08:02:57.0445 5100 HidBatt - ok 08:02:57.0460 5100 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 08:02:57.0476 5100 HidBth - ok 08:02:57.0507 5100 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 08:02:57.0507 5100 HidIr - ok 08:02:57.0538 5100 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 08:02:57.0570 5100 hidserv - ok 08:02:57.0601 5100 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 08:02:57.0616 5100 HidUsb - ok 08:02:57.0632 5100 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 08:02:57.0679 5100 hkmsvc - ok 08:02:57.0710 5100 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 08:02:57.0726 5100 HomeGroupListener - ok 08:02:57.0741 5100 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 08:02:57.0772 5100 HomeGroupProvider - ok 08:02:57.0866 5100 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 08:02:57.0866 5100 HP Support Assistant Service - ok 08:02:57.0928 5100 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe 08:02:57.0928 5100 HPClientSvc - ok 08:02:58.0006 5100 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 08:02:58.0022 5100 HPDrvMntSvc.exe - ok 08:02:58.0256 5100 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 08:02:58.0287 5100 hpqwmiex - ok 08:02:58.0350 5100 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 08:02:58.0365 5100 HpSAMD - ok 08:02:58.0396 5100 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 08:02:58.0443 5100 HTTP - ok 08:02:58.0459 5100 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 08:02:58.0474 5100 hwpolicy - ok 08:02:58.0506 5100 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 08:02:58.0521 5100 i8042prt - ok 08:02:58.0552 5100 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 08:02:58.0568 5100 iaStorV - ok 08:02:58.0630 5100 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 08:02:58.0646 5100 idsvc - ok 08:02:58.0755 5100 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys 08:02:58.0880 5100 igfx - ok 08:02:58.0927 5100 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 08:02:58.0942 5100 iirsp - ok 08:02:58.0974 5100 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 08:02:59.0020 5100 IKEEXT - ok 08:02:59.0067 5100 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys 08:02:59.0098 5100 IntcAzAudAddService - ok 08:02:59.0145 5100 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 08:02:59.0161 5100 intelide - ok 08:02:59.0176 5100 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys 08:02:59.0192 5100 intelppm - ok 08:02:59.0239 5100 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 08:02:59.0286 5100 IPBusEnum - ok 08:02:59.0301 5100 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 08:02:59.0332 5100 IpFilterDriver - ok 08:02:59.0348 5100 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 08:02:59.0395 5100 iphlpsvc - ok 08:02:59.0410 5100 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 08:02:59.0426 5100 IPMIDRV - ok 08:02:59.0442 5100 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 08:02:59.0473 5100 IPNAT - ok 08:02:59.0504 5100 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 08:02:59.0520 5100 IRENUM - ok 08:02:59.0535 5100 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 08:02:59.0535 5100 isapnp - ok 08:02:59.0566 5100 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 08:02:59.0582 5100 iScsiPrt - ok 08:02:59.0598 5100 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 08:02:59.0613 5100 kbdclass - ok 08:02:59.0644 5100 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 08:02:59.0660 5100 kbdhid - ok 08:02:59.0707 5100 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:02:59.0722 5100 KeyIso - ok 08:02:59.0738 5100 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 08:02:59.0738 5100 KSecDD - ok 08:02:59.0754 5100 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 08:02:59.0769 5100 KSecPkg - ok 08:02:59.0785 5100 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 08:02:59.0832 5100 ksthunk - ok 08:02:59.0847 5100 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 08:02:59.0894 5100 KtmRm - ok 08:02:59.0941 5100 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll 08:02:59.0988 5100 LanmanServer - ok 08:03:00.0003 5100 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 08:03:00.0034 5100 LanmanWorkstation - ok 08:03:00.0097 5100 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 08:03:00.0128 5100 lltdio - ok 08:03:00.0159 5100 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 08:03:00.0190 5100 lltdsvc - ok 08:03:00.0206 5100 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 08:03:00.0237 5100 lmhosts - ok 08:03:00.0284 5100 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 08:03:00.0300 5100 LSI_FC - ok 08:03:00.0315 5100 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 08:03:00.0331 5100 LSI_SAS - ok 08:03:00.0346 5100 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 08:03:00.0362 5100 LSI_SAS2 - ok 08:03:00.0393 5100 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 08:03:00.0409 5100 LSI_SCSI - ok 08:03:00.0424 5100 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 08:03:00.0456 5100 luafv - ok 08:03:00.0471 5100 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 08:03:00.0487 5100 Mcx2Svc - ok 08:03:00.0518 5100 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 08:03:00.0518 5100 megasas - ok 08:03:00.0549 5100 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 08:03:00.0549 5100 MegaSR - ok 08:03:00.0612 5100 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys 08:03:00.0627 5100 mfeapfk - ok 08:03:00.0690 5100 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys 08:03:00.0705 5100 mfehidk - ok 08:03:00.0721 5100 mfevtp (3ed58a36f7f7d60f0ef44d29810b0b80) C:\Windows\system32\mfevtps.exe 08:03:00.0736 5100 mfevtp - ok 08:03:00.0752 5100 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 08:03:00.0783 5100 MMCSS - ok 08:03:00.0799 5100 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 08:03:00.0846 5100 Modem - ok 08:03:00.0892 5100 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 08:03:00.0908 5100 monitor - ok 08:03:00.0939 5100 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 08:03:00.0955 5100 mouclass - ok 08:03:00.0970 5100 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 08:03:00.0986 5100 mouhid - ok 08:03:01.0017 5100 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 08:03:01.0033 5100 mountmgr - ok 08:03:01.0064 5100 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 08:03:01.0064 5100 mpio - ok 08:03:01.0080 5100 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 08:03:01.0111 5100 mpsdrv - ok 08:03:01.0142 5100 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 08:03:01.0173 5100 MpsSvc - ok 08:03:01.0189 5100 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 08:03:01.0220 5100 MRxDAV - ok 08:03:01.0267 5100 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 08:03:01.0282 5100 mrxsmb - ok 08:03:01.0314 5100 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 08:03:01.0329 5100 mrxsmb10 - ok 08:03:01.0345 5100 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 08:03:01.0360 5100 mrxsmb20 - ok 08:03:01.0376 5100 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 08:03:01.0376 5100 msahci - ok 08:03:01.0407 5100 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 08:03:01.0407 5100 msdsm - ok 08:03:01.0423 5100 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 08:03:01.0438 5100 MSDTC - ok 08:03:01.0485 5100 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 08:03:01.0501 5100 Msfs - ok 08:03:01.0516 5100 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 08:03:01.0548 5100 mshidkmdf - ok 08:03:01.0563 5100 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 08:03:01.0579 5100 msisadrv - ok 08:03:01.0641 5100 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 08:03:01.0672 5100 MSiSCSI - ok 08:03:01.0688 5100 msiserver - ok 08:03:01.0719 5100 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 08:03:01.0750 5100 MSKSSRV - ok 08:03:01.0766 5100 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 08:03:01.0797 5100 MSPCLOCK - ok 08:03:01.0813 5100 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 08:03:01.0860 5100 MSPQM - ok 08:03:01.0875 5100 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 08:03:01.0891 5100 MsRPC - ok 08:03:01.0906 5100 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 08:03:01.0922 5100 mssmbios - ok 08:03:01.0969 5100 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 08:03:02.0000 5100 MSTEE - ok 08:03:02.0016 5100 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 08:03:02.0016 5100 MTConfig - ok 08:03:02.0031 5100 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 08:03:02.0047 5100 Mup - ok 08:03:02.0062 5100 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 08:03:02.0109 5100 napagent - ok 08:03:02.0140 5100 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 08:03:02.0172 5100 NativeWifiP - ok 08:03:02.0234 5100 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 08:03:02.0265 5100 NDIS - ok 08:03:02.0312 5100 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 08:03:02.0328 5100 NdisCap - ok 08:03:02.0359 5100 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 08:03:02.0390 5100 NdisTapi - ok 08:03:02.0406 5100 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 08:03:02.0421 5100 Ndisuio - ok 08:03:02.0437 5100 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 08:03:02.0484 5100 NdisWan - ok 08:03:02.0499 5100 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 08:03:02.0530 5100 NDProxy - ok 08:03:02.0530 5100 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 08:03:02.0577 5100 NetBIOS - ok 08:03:02.0593 5100 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 08:03:02.0624 5100 NetBT - ok 08:03:02.0640 5100 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:03:02.0655 5100 Netlogon - ok 08:03:02.0702 5100 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 08:03:02.0749 5100 Netman - ok 08:03:02.0827 5100 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 08:03:02.0827 5100 NetMsmqActivator - ok 08:03:02.0842 5100 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 08:03:02.0842 5100 NetPipeActivator - ok 08:03:02.0858 5100 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 08:03:02.0905 5100 netprofm - ok 08:03:02.0920 5100 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 08:03:02.0920 5100 NetTcpActivator - ok 08:03:02.0920 5100 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 08:03:02.0936 5100 NetTcpPortSharing - ok 08:03:03.0014 5100 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 08:03:03.0014 5100 nfrd960 - ok 08:03:03.0061 5100 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 08:03:03.0108 5100 NlaSvc - ok 08:03:03.0139 5100 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 08:03:03.0154 5100 Npfs - ok 08:03:03.0170 5100 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 08:03:03.0201 5100 nsi - ok 08:03:03.0232 5100 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 08:03:03.0248 5100 nsiproxy - ok 08:03:03.0310 5100 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 08:03:03.0357 5100 Ntfs - ok 08:03:03.0373 5100 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 08:03:03.0404 5100 Null - ok 08:03:03.0451 5100 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 08:03:03.0451 5100 nvraid - ok 08:03:03.0466 5100 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 08:03:03.0482 5100 nvstor - ok 08:03:03.0513 5100 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 08:03:03.0513 5100 nv_agp - ok 08:03:03.0529 5100 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 08:03:03.0544 5100 ohci1394 - ok 08:03:03.0622 5100 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 08:03:03.0622 5100 ose - ok 08:03:03.0716 5100 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 08:03:03.0825 5100 osppsvc - ok 08:03:03.0872 5100 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 08:03:03.0903 5100 p2pimsvc - ok 08:03:03.0934 5100 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 08:03:03.0966 5100 p2psvc - ok 08:03:03.0997 5100 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 08:03:04.0012 5100 Parport - ok 08:03:04.0059 5100 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 08:03:04.0059 5100 partmgr - ok 08:03:04.0075 5100 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 08:03:04.0106 5100 PcaSvc - ok 08:03:04.0122 5100 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 08:03:04.0137 5100 pci - ok 08:03:04.0153 5100 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 08:03:04.0168 5100 pciide - ok 08:03:04.0184 5100 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 08:03:04.0200 5100 pcmcia - ok 08:03:04.0215 5100 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 08:03:04.0231 5100 pcw - ok 08:03:04.0309 5100 pdfcDispatcher - ok 08:03:04.0324 5100 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 08:03:04.0371 5100 PEAUTH - ok 08:03:04.0418 5100 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 08:03:04.0434 5100 PerfHost - ok 08:03:04.0496 5100 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 08:03:04.0543 5100 pla - ok 08:03:04.0605 5100 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 08:03:04.0636 5100 PlugPlay - ok 08:03:04.0636 5100 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 08:03:04.0668 5100 PNRPAutoReg - ok 08:03:04.0683 5100 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 08:03:04.0699 5100 PNRPsvc - ok 08:03:04.0730 5100 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 08:03:04.0777 5100 PolicyAgent - ok 08:03:04.0808 5100 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 08:03:04.0839 5100 Power - ok 08:03:04.0902 5100 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 08:03:04.0933 5100 PptpMiniport - ok 08:03:04.0964 5100 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 08:03:04.0995 5100 Processor - ok 08:03:05.0042 5100 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 08:03:05.0073 5100 ProfSvc - ok 08:03:05.0089 5100 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:03:05.0104 5100 ProtectedStorage - ok 08:03:05.0120 5100 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 08:03:05.0151 5100 Psched - ok 08:03:05.0214 5100 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 08:03:05.0260 5100 ql2300 - ok 08:03:05.0276 5100 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 08:03:05.0292 5100 ql40xx - ok 08:03:05.0307 5100 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 08:03:05.0338 5100 QWAVE - ok 08:03:05.0354 5100 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 08:03:05.0370 5100 QWAVEdrv - ok 08:03:05.0385 5100 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 08:03:05.0416 5100 RasAcd - ok 08:03:05.0463 5100 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 08:03:05.0494 5100 RasAgileVpn - ok 08:03:05.0494 5100 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 08:03:05.0526 5100 RasAuto - ok 08:03:05.0541 5100 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 08:03:05.0588 5100 Rasl2tp - ok 08:03:05.0619 5100 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 08:03:05.0650 5100 RasMan - ok 08:03:05.0666 5100 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 08:03:05.0713 5100 RasPppoe - ok 08:03:05.0728 5100 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 08:03:05.0760 5100 RasSstp - ok 08:03:05.0775 5100 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 08:03:05.0806 5100 rdbss - ok 08:03:05.0822 5100 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys 08:03:05.0838 5100 rdpbus - ok 08:03:05.0853 5100 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 08:03:05.0884 5100 RDPCDD - ok 08:03:05.0900 5100 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 08:03:05.0931 5100 RDPENCDD - ok 08:03:05.0947 5100 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 08:03:05.0978 5100 RDPREFMP - ok 08:03:05.0994 5100 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 08:03:06.0025 5100 RDPWD - ok 08:03:06.0040 5100 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 08:03:06.0056 5100 rdyboost - ok 08:03:06.0072 5100 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 08:03:06.0103 5100 RemoteAccess - ok 08:03:06.0134 5100 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 08:03:06.0165 5100 RemoteRegistry - ok 08:03:06.0228 5100 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe 08:03:06.0228 5100 RoxioNow Service - ok 08:03:06.0259 5100 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 08:03:06.0290 5100 RpcEptMapper - ok 08:03:06.0290 5100 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 08:03:06.0306 5100 RpcLocator - ok 08:03:06.0321 5100 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 08:03:06.0352 5100 RpcSs - ok 08:03:06.0384 5100 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 08:03:06.0399 5100 rspndr - ok 08:03:06.0462 5100 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys 08:03:06.0462 5100 RTL8167 - ok 08:03:06.0493 5100 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:03:06.0508 5100 SamSs - ok 08:03:06.0524 5100 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 08:03:06.0540 5100 sbp2port - ok 08:03:06.0571 5100 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 08:03:06.0602 5100 SCardSvr - ok 08:03:06.0618 5100 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 08:03:06.0649 5100 scfilter - ok 08:03:06.0680 5100 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 08:03:06.0727 5100 Schedule - ok 08:03:06.0758 5100 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 08:03:06.0789 5100 SCPolicySvc - ok 08:03:06.0805 5100 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 08:03:06.0820 5100 SDRSVC - ok 08:03:06.0867 5100 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 08:03:06.0883 5100 SeaPort - ok 08:03:06.0930 5100 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 08:03:06.0961 5100 secdrv - ok 08:03:06.0992 5100 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 08:03:07.0008 5100 seclogon - ok 08:03:07.0054 5100 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 08:03:07.0086 5100 SENS - ok 08:03:07.0101 5100 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 08:03:07.0117 5100 SensrSvc - ok 08:03:07.0179 5100 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys 08:03:07.0195 5100 Serenum - ok 08:03:07.0242 5100 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys 08:03:07.0257 5100 Serial - ok 08:03:07.0288 5100 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 08:03:07.0304 5100 sermouse - ok 08:03:07.0335 5100 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 08:03:07.0366 5100 SessionEnv - ok 08:03:07.0382 5100 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 08:03:07.0398 5100 sffdisk - ok 08:03:07.0413 5100 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 08:03:07.0429 5100 sffp_mmc - ok 08:03:07.0444 5100 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 08:03:07.0460 5100 sffp_sd - ok 08:03:07.0476 5100 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 08:03:07.0491 5100 sfloppy - ok 08:03:07.0554 5100 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys 08:03:07.0569 5100 Sftfs - ok 08:03:07.0616 5100 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 08:03:07.0632 5100 sftlist - ok 08:03:07.0647 5100 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys 08:03:07.0663 5100 Sftplay - ok 08:03:07.0678 5100 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys 08:03:07.0678 5100 Sftredir - ok 08:03:07.0710 5100 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys 08:03:07.0710 5100 Sftvol - ok 08:03:07.0756 5100 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 08:03:07.0772 5100 sftvsa - ok 08:03:07.0788 5100 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 08:03:07.0834 5100 SharedAccess - ok 08:03:07.0866 5100 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 08:03:07.0912 5100 ShellHWDetection - ok 08:03:07.0959 5100 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 08:03:07.0975 5100 SiSRaid2 - ok 08:03:07.0990 5100 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 08:03:08.0006 5100 SiSRaid4 - ok 08:03:08.0053 5100 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 08:03:08.0100 5100 Smb - ok 08:03:08.0146 5100 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 08:03:08.0162 5100 SNMPTRAP - ok 08:03:08.0178 5100 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 08:03:08.0193 5100 spldr - ok 08:03:08.0224 5100 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 08:03:08.0256 5100 Spooler - ok 08:03:08.0318 5100 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 08:03:08.0427 5100 sppsvc - ok 08:03:08.0458 5100 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 08:03:08.0474 5100 sppuinotify - ok 08:03:08.0521 5100 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 08:03:08.0536 5100 srv - ok 08:03:08.0583 5100 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 08:03:08.0614 5100 srv2 - ok 08:03:08.0630 5100 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 08:03:08.0646 5100 srvnet - ok 08:03:08.0692 5100 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 08:03:08.0724 5100 SSDPSRV - ok 08:03:08.0739 5100 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 08:03:08.0770 5100 SstpSvc - ok 08:03:08.0786 5100 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 08:03:08.0802 5100 stexstor - ok 08:03:08.0864 5100 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 08:03:08.0880 5100 stisvc - ok 08:03:08.0911 5100 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 08:03:08.0911 5100 swenum - ok 08:03:08.0926 5100 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 08:03:08.0973 5100 swprv - ok 08:03:09.0004 5100 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 08:03:09.0067 5100 SysMain - ok 08:03:09.0082 5100 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 08:03:09.0098 5100 TabletInputService - ok 08:03:09.0114 5100 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 08:03:09.0160 5100 TapiSrv - ok 08:03:09.0176 5100 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 08:03:09.0207 5100 TBS - ok 08:03:09.0410 5100 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 08:03:09.0472 5100 Tcpip - ok 08:03:09.0535 5100 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 08:03:09.0566 5100 TCPIP6 - ok 08:03:09.0582 5100 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 08:03:09.0613 5100 tcpipreg - ok 08:03:09.0628 5100 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 08:03:09.0644 5100 TDPIPE - ok 08:03:09.0675 5100 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 08:03:09.0675 5100 TDTCP - ok 08:03:09.0691 5100 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 08:03:09.0722 5100 tdx - ok 08:03:09.0769 5100 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 08:03:09.0769 5100 TermDD - ok 08:03:09.0800 5100 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 08:03:09.0847 5100 TermService - ok 08:03:09.0862 5100 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 08:03:09.0894 5100 Themes - ok 08:03:09.0909 5100 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 08:03:09.0940 5100 THREADORDER - ok 08:03:09.0956 5100 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 08:03:09.0987 5100 TrkWks - ok 08:03:10.0003 5100 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 08:03:10.0034 5100 TrustedInstaller - ok 08:03:10.0065 5100 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 08:03:10.0096 5100 tssecsrv - ok 08:03:10.0143 5100 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 08:03:10.0143 5100 TsUsbFlt - ok 08:03:10.0159 5100 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 08:03:10.0174 5100 TsUsbGD - ok 08:03:10.0221 5100 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 08:03:10.0252 5100 tunnel - ok 08:03:10.0268 5100 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 08:03:10.0284 5100 uagp35 - ok 08:03:10.0299 5100 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 08:03:10.0346 5100 udfs - ok 08:03:10.0362 5100 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 08:03:10.0377 5100 UI0Detect - ok 08:03:10.0393 5100 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 08:03:10.0408 5100 uliagpkx - ok 08:03:10.0455 5100 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 08:03:10.0471 5100 umbus - ok 08:03:10.0502 5100 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 08:03:10.0518 5100 UmPass - ok 08:03:10.0533 5100 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 08:03:10.0580 5100 upnphost - ok 08:03:10.0627 5100 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 08:03:10.0642 5100 usbccgp - ok 08:03:10.0658 5100 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 08:03:10.0674 5100 usbcir - ok 08:03:10.0689 5100 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 08:03:10.0720 5100 usbehci - ok 08:03:10.0736 5100 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\drivers\usbfilter.sys 08:03:10.0752 5100 usbfilter - ok 08:03:10.0767 5100 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 08:03:10.0783 5100 usbhub - ok 08:03:10.0814 5100 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys 08:03:10.0830 5100 usbohci - ok 08:03:10.0876 5100 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 08:03:10.0892 5100 usbprint - ok 08:03:10.0908 5100 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 08:03:10.0923 5100 usbscan - ok 08:03:10.0939 5100 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 08:03:10.0954 5100 USBSTOR - ok 08:03:10.0970 5100 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 08:03:10.0986 5100 usbuhci - ok 08:03:11.0017 5100 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 08:03:11.0048 5100 UxSms - ok 08:03:11.0064 5100 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:03:11.0079 5100 VaultSvc - ok 08:03:11.0126 5100 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 08:03:11.0126 5100 vdrvroot - ok 08:03:11.0142 5100 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 08:03:11.0188 5100 vds - ok 08:03:11.0220 5100 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 08:03:11.0235 5100 vga - ok 08:03:11.0251 5100 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 08:03:11.0298 5100 VgaSave - ok 08:03:11.0313 5100 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 08:03:11.0313 5100 vhdmp - ok 08:03:11.0344 5100 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 08:03:11.0360 5100 viaide - ok 08:03:11.0376 5100 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 08:03:11.0376 5100 volmgr - ok 08:03:11.0407 5100 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 08:03:11.0422 5100 volmgrx - ok 08:03:11.0438 5100 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 08:03:11.0438 5100 volsnap - ok 08:03:11.0485 5100 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 08:03:11.0500 5100 vsmraid - ok 08:03:11.0547 5100 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 08:03:11.0610 5100 VSS - ok 08:03:11.0625 5100 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 08:03:11.0641 5100 vwifibus - ok 08:03:11.0688 5100 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 08:03:11.0719 5100 W32Time - ok 08:03:11.0750 5100 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 08:03:11.0766 5100 WacomPen - ok 08:03:11.0812 5100 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 08:03:11.0844 5100 WANARP - ok 08:03:11.0844 5100 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 08:03:11.0875 5100 Wanarpv6 - ok 08:03:11.0937 5100 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 08:03:11.0968 5100 WatAdminSvc - ok 08:03:12.0000 5100 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 08:03:12.0062 5100 wbengine - ok 08:03:12.0093 5100 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 08:03:12.0109 5100 WbioSrvc - ok 08:03:12.0124 5100 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 08:03:12.0156 5100 wcncsvc - ok 08:03:12.0187 5100 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 08:03:12.0187 5100 WcsPlugInService - ok 08:03:12.0218 5100 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 08:03:12.0234 5100 Wd - ok 08:03:12.0265 5100 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 08:03:12.0280 5100 Wdf01000 - ok 08:03:12.0296 5100 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 08:03:12.0327 5100 WdiServiceHost - ok 08:03:12.0327 5100 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 08:03:12.0343 5100 WdiSystemHost - ok 08:03:12.0358 5100 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 08:03:12.0374 5100 WebClient - ok 08:03:12.0390 5100 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 08:03:12.0436 5100 Wecsvc - ok 08:03:12.0452 5100 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 08:03:12.0483 5100 wercplsupport - ok 08:03:12.0499 5100 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 08:03:12.0530 5100 WerSvc - ok 08:03:12.0561 5100 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 08:03:12.0592 5100 WfpLwf - ok 08:03:12.0608 5100 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 08:03:12.0608 5100 WIMMount - ok 08:03:12.0624 5100 WinDefend - ok 08:03:12.0639 5100 WinHttpAutoProxySvc - ok 08:03:12.0670 5100 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 08:03:12.0702 5100 Winmgmt - ok 08:03:12.0748 5100 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 08:03:12.0811 5100 WinRM - ok 08:03:12.0873 5100 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 08:03:12.0889 5100 WinUsb - ok 08:03:12.0904 5100 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 08:03:12.0936 5100 Wlansvc - ok 08:03:12.0998 5100 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 08:03:13.0014 5100 wlcrasvc - ok 08:03:13.0092 5100 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 08:03:13.0123 5100 wlidsvc - ok 08:03:13.0170 5100 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 08:03:13.0201 5100 WmiAcpi - ok 08:03:13.0216 5100 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 08:03:13.0248 5100 wmiApSrv - ok 08:03:13.0294 5100 WMPNetworkSvc - ok 08:03:13.0294 5100 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 08:03:13.0310 5100 WPCSvc - ok 08:03:13.0326 5100 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 08:03:13.0341 5100 WPDBusEnum - ok 08:03:13.0357 5100 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 08:03:13.0388 5100 ws2ifsl - ok 08:03:13.0435 5100 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 08:03:13.0450 5100 wscsvc - ok 08:03:13.0466 5100 WSearch - ok 08:03:13.0497 5100 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 08:03:13.0575 5100 wuauserv - ok 08:03:13.0606 5100 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 08:03:13.0653 5100 WudfPf - ok 08:03:13.0700 5100 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 08:03:13.0731 5100 WUDFRd - ok 08:03:13.0778 5100 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 08:03:13.0809 5100 wudfsvc - ok 08:03:13.0825 5100 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 08:03:13.0856 5100 WwanSvc - ok 08:03:13.0903 5100 MBR (0x1B8) (6f9dd6ab827c8b46cad334291946f201) \Device\Harddisk0\DR0 08:03:14.0074 5100 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 08:03:14.0074 5100 \Device\Harddisk0\DR0 - detected TDSS File System (1) 08:03:14.0074 5100 Boot (0x1200) (b920e4bc4db2a2f85672de53afd62e83) \Device\Harddisk0\DR0\Partition0 08:03:14.0074 5100 \Device\Harddisk0\DR0\Partition0 - ok 08:03:14.0106 5100 Boot (0x1200) (6c565c6c6da482cbbc6f595924924585) \Device\Harddisk0\DR0\Partition1 08:03:14.0106 5100 \Device\Harddisk0\DR0\Partition1 - ok 08:03:14.0137 5100 Boot (0x1200) (bff80509c2c7cfccb6c9f2aed897ec2b) \Device\Harddisk0\DR0\Partition2 08:03:14.0137 5100 \Device\Harddisk0\DR0\Partition2 - ok 08:03:14.0137 5100 ============================================================ 08:03:14.0137 5100 Scan finished 08:03:14.0137 5100 ============================================================ 08:03:14.0137 5052 Detected object count: 1 08:03:14.0137 5052 Actual detected object count: 1 08:03:28.0899 5052 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 08:03:28.0899 5052 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

OTL logfile created on: 4/4/2012 7:47:22 AM - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Aug-11\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.75 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 35.60% Memory free 11.50 Gb Paging File | 7.22 Gb Available in Paging File | 62.83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 920.25 Gb Total Space | 720.64 Gb Free Space | 78.31% Space Free | Partition Type: NTFS Drive D: | 11.16 Gb Total Space | 1.36 Gb Free Space | 12.21% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: AUG-11-HP | User Name: Aug-11 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days < End of report >

Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.04.04.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Aug-11 :: AUG-11-HP [administrator] 4/3/2012 9:01:53 PM mbam-log-2012-04-03 (21-01-53).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 196133 Time elapsed: 2 minute(s), 14 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\Aug-11\AppData\Local\Temp\ch8l0.exe (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. (end)

ok, i'm getting website security issues on ie on my wife's laptop with those sites as well, so not sure that it has anything to do with this other stuff we've been working on. thanks.

now i am getting an untrusted connection warning from firefox when i try to go to google, bing, facebook, yahoo, msn. i can get on foxnews, hulu, speedtest, netflix.

after running combofix, nothing on my computer would work - everything i clicked gave me an error message. i shut down and restarted and got blue screen telling me windows could not load and needed to do system restore. finally after several attempts windows did finally work. here is the log from combofix... ComboFix 12-04-03.02 - Aug-11 04/03/2012 19:28:27.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.2081 [GMT -5:00] Running from: c:\users\Aug-11\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Aug-11\AppData\Local\Temp\1.tmp\F_IN_BOX.dll c:\users\Public\Desktop\Internet Security.lnk c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini c:\windows\assembly\temp\@ c:\windows\assembly\temp\cfg.ini c:\windows\system32\consrv.dll c:\windows\system32\dds_trash_log.cmd c:\windows\System64 . . ((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 ))))))))))))))))))))))))))))))) . . 2012-04-04 00:32 . 2012-04-04 00:32 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-03 23:35 . 2012-04-03 23:35 -------- d-----w- C:\TDSSKiller_Quarantine 2012-04-03 10:46 . 2012-04-03 10:46 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F89A2F2-CE23-4A69-AFE1-7358AC940FE3}\offreg.dll 2012-04-03 07:01 . 2012-03-20 08:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F89A2F2-CE23-4A69-AFE1-7358AC940FE3}\mpengine.dll 2012-04-01 19:24 . 2012-04-01 19:24 -------- d-----w- c:\program files\Carbonite 2012-04-01 19:24 . 2012-04-01 19:24 -------- d-----w- c:\programdata\Carbonite 2012-04-01 19:24 . 2012-04-01 19:24 -------- d-----w- c:\program files (x86)\Carbonite 2012-04-01 02:25 . 2012-04-01 17:40 -------- d-----w- c:\users\Aug-11\AppData\Local\{5A6D2003-7B79-11E1-826D-B8AC6F996F26} 2012-03-29 01:06 . 2012-03-29 01:06 -------- d-----w- c:\users\Aug-11\AppData\Roaming\SUPERAntiSpyware.com 2012-03-29 01:06 . 2012-04-01 17:40 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-03-29 01:06 . 2012-03-29 01:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-03-29 00:19 . 2012-03-29 00:19 -------- d-----w- c:\program files (x86)\PC Tools 2012-03-29 00:16 . 2012-03-29 00:47 -------- d-----w- c:\programdata\PC Tools 2012-03-29 00:16 . 2012-03-29 00:16 -------- d-----w- c:\users\Aug-11\AppData\Roaming\TestApp 2012-03-28 12:57 . 2012-03-28 12:57 -------- d-----w- c:\programdata\AVG Secure Search 2012-03-28 12:57 . 2012-04-01 17:40 -------- d-----w- c:\program files (x86)\AVG Secure Search 2012-03-28 12:57 . 2012-04-01 17:40 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search 2012-03-27 22:40 . 2012-03-13 04:39 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll 2012-03-27 22:40 . 2012-03-13 04:39 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll 2012-03-27 22:28 . 2012-03-27 22:29 -------- d-----w- c:\users\Aug-11\AppData\Roaming\Xaest 2012-03-27 22:28 . 2012-03-27 22:29 -------- d-----w- c:\users\Aug-11\AppData\Roaming\Quensi 2012-03-17 21:49 . 2012-03-17 21:49 -------- d-----w- c:\program files (x86)\ESET 2012-03-17 03:48 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys 2012-03-17 03:30 . 2012-04-01 17:33 -------- d-----w- c:\users\Aug-11\AppData\Roaming\Malwarebytes 2012-03-17 03:30 . 2012-04-01 17:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-03-17 03:30 . 2012-03-28 02:33 -------- d-----w- c:\programdata\Malwarebytes 2012-03-17 03:30 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-14 08:03 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-14 08:03 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-14 08:03 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-14 03:02 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 03:02 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 03:02 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-03-14 03:00 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-14 03:00 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-14 03:00 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-14 03:00 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-14 03:00 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-03-14 03:00 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-14 03:00 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-23 14:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-02-16 02:54 . 2011-08-13 06:23 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((( SnapShot@2012-03-28_03.43.23 ))))))))))))))))))))))))))))))))))))))))) . + 2012-04-04 00:33 . 2012-04-04 00:33 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat - 2012-03-28 03:41 . 2012-03-28 03:41 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat - 2012-03-16 18:02 . 2012-03-28 03:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2012-03-16 18:02 . 2012-04-04 00:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2012-04-03 22:50 . 2012-04-03 23:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040320120404\index.dat + 2012-04-03 22:50 . 2012-04-03 22:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012032620120402\index.dat - 2012-03-16 18:02 . 2012-03-28 03:27 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat + 2012-03-16 18:02 . 2012-04-04 00:28 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat + 2010-11-21 03:09 . 2012-04-04 00:08 48364 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-04-04 00:08 35270 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-08-13 07:15 . 2012-04-04 00:08 10090 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2443618145-3234143949-2320547976-1000_UserData.bin + 2012-04-01 17:42 . 2012-04-01 05:36 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat - 2011-02-11 19:25 . 2012-03-28 03:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-02-11 19:25 . 2012-04-03 23:37 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-02-11 19:25 . 2012-03-28 03:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-02-11 19:25 . 2012-04-03 23:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-04-03 23:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-03-28 03:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-08-13 05:36 . 2012-04-04 00:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-08-13 05:36 . 2012-03-28 03:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-03-16 17:58 . 2012-03-28 03:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat + 2012-03-16 17:58 . 2012-04-03 23:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat + 2012-03-16 17:58 . 2012-04-03 23:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat - 2012-03-16 17:58 . 2012-03-28 03:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat + 2012-03-16 17:58 . 2012-04-03 23:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat - 2012-03-16 17:58 . 2012-03-28 03:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat + 2011-08-13 05:36 . 2012-04-04 00:07 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-08-13 05:36 . 2012-03-28 03:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-08-13 05:36 . 2012-04-04 00:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-08-13 05:36 . 2012-03-28 03:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-08-13 07:15 . 2012-03-28 03:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-08-13 07:15 . 2012-04-04 00:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-08-13 07:15 . 2012-03-28 03:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-08-13 07:15 . 2012-04-04 00:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-08-14 03:44 . 2012-03-29 02:34 5414 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2009-07-13 23:31 . 2009-07-14 01:39 6656 c:\windows\system32\adsservice.dll + 2012-04-04 00:34 . 2012-04-04 00:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-03-28 03:42 . 2012-03-28 03:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 04:54 . 2012-04-04 00:34 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-02-11 18:41 . 2012-04-02 22:50 327602 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin + 2009-07-14 02:36 . 2012-04-04 00:11 660520 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-03-28 03:27 660520 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-03-28 03:27 121190 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-04-04 00:11 121190 c:\windows\system32\perfc009.dat + 2009-07-14 05:01 . 2012-04-04 00:33 277296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-03-28 03:41 277296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 04:54 . 2012-04-04 00:34 5177344 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-03-28 03:42 1458176 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-04-04 00:34 1458176 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-08-13 07:12 . 2012-03-28 03:09 1627496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-08-13 07:12 . 2012-03-29 00:48 1627496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2011-08-13 07:12 . 2012-03-28 03:41 1989984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2443618145-3234143949-2320547976-1000-8192.dat + 2011-08-13 07:12 . 2012-04-04 00:33 1989984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2443618145-3234143949-2320547976-1000-8192.dat + 2012-03-28 12:54 . 2012-03-28 12:54 2872832 c:\windows\Installer\1e32a47.msi . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-17 21:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}] 2011-01-17 21:54 175912 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2012-03-17 02:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2012-03-17 02:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2012-03-17 02:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-01 656920] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-03-17 1059984] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448] S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-04-03 c:\windows\Tasks\HPCeeScheduleForAug-11.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2012-03-17 01:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2012-03-17 01:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2012-03-17 01:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "combofix"="c:\combofix\CF9611.3XE" [2010-11-21 345088] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs alertservice . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm LSP: mswsock.dll TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Aug-11\AppData\Roaming\Mozilla\Firefox\Profiles\t5h1wh4w.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Be379abac-22b4-479e-921f-fec664619ae5%7D&mid=740066f430df47d1abb6ed906db4abbc-ebe5aca7cfd32f9faede2535b753341eef991577&ds=AVG&v=10.2.0.3〈=en&pr=fr&d=2011-10-24%2023%3A59%3A26&sap=ku&q= . - - - - ORPHANS REMOVED - - - - . WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\08\06\0d\0f2\04v" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe . ************************************************************************** . Completion time: 2012-04-03 19:37:04 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-04 00:37 ComboFix2.txt 2012-03-28 04:04 . Pre-Run: 774,580,187,136 bytes free Post-Run: 774,357,270,528 bytes free . - - End Of File - - 5A20CECBB369F4A23C8A2C199AE7D2AB

i had an issue the 1st time i tried to run it. before i hit scan something called internet security popped up and started scanning. to my knowledge that is not something i put on my computer. it shut down tdsskiller and firefox and would not let me open the task manager. i have to shut down the computer and when i restarted i was able to run tdsskiller. i now have a new icon on my desktop labeled internet security. thanks.

18:33:13.0280 3928 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32 18:33:13.0639 3928 ============================================================ 18:33:13.0639 3928 Current date / time: 2012/04/03 18:33:13.0639 18:33:13.0639 3928 SystemInfo: 18:33:13.0639 3928 18:33:13.0639 3928 OS Version: 6.1.7601 ServicePack: 1.0 18:33:13.0639 3928 Product type: Workstation 18:33:13.0639 3928 ComputerName: AUG-11-HP 18:33:13.0639 3928 UserName: Aug-11 18:33:13.0639 3928 Windows directory: C:\Windows 18:33:13.0639 3928 System windows directory: C:\Windows 18:33:13.0639 3928 Running under WOW64 18:33:13.0639 3928 Processor architecture: Intel x64 18:33:13.0639 3928 Number of processors: 4 18:33:13.0639 3928 Page size: 0x1000 18:33:13.0639 3928 Boot type: Normal boot 18:33:13.0639 3928 ============================================================ 18:33:15.0262 3928 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:33:15.0355 3928 \Device\Harddisk0\DR0: 18:33:15.0355 3928 MBR used 18:33:15.0355 3928 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 18:33:15.0355 3928 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x73081800 18:33:15.0355 3928 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x730B4000, BlocksNum 0x1652000 18:33:15.0418 3928 Initialize success 18:33:15.0418 3928 ============================================================ 18:33:22.0110 1328 ============================================================ 18:33:22.0110 1328 Scan started 18:33:22.0110 1328 Mode: Manual; SigCheck; TDLFS; 18:33:22.0110 1328 ============================================================ 18:33:26.0353 1328 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 18:33:26.0431 1328 1394ohci - ok 18:33:26.0462 1328 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 18:33:26.0478 1328 ACPI - ok 18:33:26.0494 1328 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 18:33:26.0556 1328 AcpiPmi - ok 18:33:26.0587 1328 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 18:33:26.0603 1328 adp94xx - ok 18:33:26.0634 1328 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 18:33:26.0650 1328 adpahci - ok 18:33:26.0665 1328 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 18:33:26.0681 1328 adpu320 - ok 18:33:26.0696 1328 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 18:33:26.0774 1328 AeLookupSvc - ok 18:33:26.0821 1328 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 18:33:26.0852 1328 AFD - ok 18:33:26.0946 1328 AffinegyService (b29bc445561f1ac7b1daf67af954c36b) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe 18:33:26.0962 1328 AffinegyService - ok 18:33:26.0993 1328 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 18:33:26.0993 1328 agp440 - ok 18:33:27.0024 1328 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 18:33:27.0071 1328 ALG - ok 18:33:27.0086 1328 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 18:33:27.0102 1328 aliide - ok 18:33:27.0118 1328 AMD External Events Utility (ca0d6c1390f4b3baf2a0a69d1a7f8332) C:\Windows\system32\atiesrxx.exe 18:33:27.0164 1328 AMD External Events Utility - ok 18:33:27.0164 1328 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 18:33:27.0180 1328 amdide - ok 18:33:27.0196 1328 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 18:33:27.0227 1328 AmdK8 - ok 18:33:27.0320 1328 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys 18:33:27.0461 1328 amdkmdag - ok 18:33:27.0523 1328 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys 18:33:27.0523 1328 amdkmdap - ok 18:33:27.0788 1328 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys 18:33:27.0804 1328 AmdPPM - ok 18:33:27.0898 1328 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 18:33:27.0913 1328 amdsata - ok 18:33:28.0756 1328 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 18:33:28.0771 1328 amdsbs - ok 18:33:28.0865 1328 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 18:33:28.0880 1328 amdxata - ok 18:33:28.0927 1328 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\Windows\system32\drivers\amd_sata.sys 18:33:28.0943 1328 amd_sata - ok 18:33:28.0974 1328 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\Windows\system32\drivers\amd_xata.sys 18:33:28.0974 1328 amd_xata - ok 18:33:29.0021 1328 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 18:33:29.0114 1328 AppID - ok 18:33:29.0146 1328 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 18:33:29.0177 1328 AppIDSvc - ok 18:33:29.0208 1328 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 18:33:29.0239 1328 Appinfo - ok 18:33:29.0286 1328 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 18:33:29.0302 1328 arc - ok 18:33:29.0317 1328 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 18:33:29.0333 1328 arcsas - ok 18:33:29.0395 1328 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 18:33:29.0426 1328 aspnet_state - ok 18:33:29.0442 1328 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 18:33:29.0489 1328 AsyncMac - ok 18:33:29.0520 1328 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 18:33:29.0520 1328 atapi - ok 18:33:29.0551 1328 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\drivers\AtiPcie64.sys 18:33:29.0567 1328 AtiPcie - ok 18:33:29.0582 1328 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 18:33:29.0629 1328 AudioEndpointBuilder - ok 18:33:29.0645 1328 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 18:33:29.0660 1328 AudioSrv - ok 18:33:29.0692 1328 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 18:33:29.0770 1328 AxInstSV - ok 18:33:29.0801 1328 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 18:33:29.0832 1328 b06bdrv - ok 18:33:29.0863 1328 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 18:33:29.0894 1328 b57nd60a - ok 18:33:29.0926 1328 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 18:33:29.0972 1328 BDESVC - ok 18:33:29.0988 1328 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 18:33:30.0019 1328 Beep - ok 18:33:30.0066 1328 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll 18:33:30.0113 1328 BITS - ok 18:33:30.0144 1328 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys 18:33:30.0160 1328 blbdrive - ok 18:33:30.0191 1328 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 18:33:30.0238 1328 bowser - ok 18:33:30.0253 1328 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 18:33:30.0253 1328 BrFiltLo - ok 18:33:30.0269 1328 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 18:33:30.0284 1328 BrFiltUp - ok 18:33:30.0331 1328 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 18:33:30.0378 1328 BridgeMP - ok 18:33:30.0425 1328 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 18:33:30.0456 1328 Browser - ok 18:33:30.0472 1328 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 18:33:30.0518 1328 Brserid - ok 18:33:30.0550 1328 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 18:33:30.0565 1328 BrSerWdm - ok 18:33:30.0581 1328 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 18:33:30.0612 1328 BrUsbMdm - ok 18:33:30.0643 1328 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 18:33:30.0643 1328 BrUsbSer - ok 18:33:30.0674 1328 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 18:33:30.0690 1328 BTHMODEM - ok 18:33:30.0721 1328 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 18:33:30.0752 1328 bthserv - ok 18:33:31.0033 1328 CarboniteService (9da7d983b4e9ea2d065edf566ca64fc8) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe 18:33:31.0111 1328 CarboniteService - ok 18:33:31.0158 1328 catchme - ok 18:33:31.0298 1328 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 18:33:31.0345 1328 cdfs - ok 18:33:31.0392 1328 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 18:33:31.0423 1328 cdrom - ok 18:33:31.0486 1328 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 18:33:31.0517 1328 CertPropSvc - ok 18:33:31.0549 1328 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 18:33:31.0565 1328 circlass - ok 18:33:31.0596 1328 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 18:33:31.0611 1328 CLFS - ok 18:33:31.0658 1328 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:33:31.0674 1328 clr_optimization_v2.0.50727_32 - ok 18:33:31.0721 1328 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 18:33:31.0736 1328 clr_optimization_v2.0.50727_64 - ok 18:33:31.0783 1328 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:33:31.0892 1328 clr_optimization_v4.0.30319_32 - ok 18:33:32.0095 1328 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 18:33:32.0126 1328 clr_optimization_v4.0.30319_64 - ok 18:33:32.0220 1328 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys 18:33:32.0251 1328 CmBatt - ok 18:33:32.0282 1328 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 18:33:32.0298 1328 cmdide - ok 18:33:32.0345 1328 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 18:33:32.0376 1328 CNG - ok 18:33:32.0407 1328 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys 18:33:32.0423 1328 Compbatt - ok 18:33:32.0438 1328 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 18:33:32.0469 1328 CompositeBus - ok 18:33:32.0485 1328 COMSysApp - ok 18:33:32.0501 1328 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 18:33:32.0516 1328 crcdisk - ok 18:33:32.0532 1328 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 18:33:32.0579 1328 CryptSvc - ok 18:33:32.0657 1328 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 18:33:32.0672 1328 cvhsvc - ok 18:33:32.0719 1328 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 18:33:32.0750 1328 DcomLaunch - ok 18:33:32.0781 1328 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 18:33:32.0813 1328 defragsvc - ok 18:33:32.0859 1328 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 18:33:32.0906 1328 DfsC - ok 18:33:32.0937 1328 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 18:33:32.0969 1328 Dhcp - ok 18:33:32.0984 1328 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 18:33:33.0031 1328 discache - ok 18:33:33.0062 1328 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 18:33:33.0078 1328 Disk - ok 18:33:33.0109 1328 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 18:33:33.0140 1328 Dnscache - ok 18:33:33.0156 1328 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 18:33:33.0187 1328 dot3svc - ok 18:33:33.0218 1328 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 18:33:33.0249 1328 DPS - ok 18:33:33.0281 1328 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 18:33:33.0296 1328 drmkaud - ok 18:33:33.0327 1328 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 18:33:33.0343 1328 DXGKrnl - ok 18:33:33.0359 1328 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 18:33:33.0390 1328 EapHost - ok 18:33:33.0483 1328 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 18:33:33.0561 1328 ebdrv - ok 18:33:33.0608 1328 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 18:33:33.0624 1328 EFS - ok 18:33:33.0671 1328 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 18:33:33.0702 1328 ehRecvr - ok 18:33:33.0733 1328 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 18:33:33.0749 1328 ehSched - ok 18:33:33.0827 1328 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 18:33:33.0842 1328 elxstor - ok 18:33:33.0873 1328 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 18:33:33.0889 1328 ErrDev - ok 18:33:33.0967 1328 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 18:33:34.0029 1328 EventSystem - ok 18:33:34.0139 1328 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 18:33:34.0170 1328 exfat - ok 18:33:34.0232 1328 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 18:33:34.0279 1328 fastfat - ok 18:33:34.0404 1328 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 18:33:34.0482 1328 Fax - ok 18:33:34.0544 1328 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 18:33:34.0575 1328 fdc - ok 18:33:34.0685 1328 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 18:33:34.0731 1328 fdPHost - ok 18:33:34.0778 1328 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 18:33:34.0809 1328 FDResPub - ok 18:33:34.0919 1328 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 18:33:34.0934 1328 FileInfo - ok 18:33:35.0012 1328 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 18:33:35.0090 1328 Filetrace - ok 18:33:35.0199 1328 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 18:33:35.0215 1328 flpydisk - ok 18:33:35.0293 1328 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 18:33:35.0309 1328 FltMgr - ok 18:33:35.0433 1328 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 18:33:35.0511 1328 FontCache - ok 18:33:35.0652 1328 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 18:33:35.0667 1328 FontCache3.0.0.0 - ok 18:33:35.0745 1328 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 18:33:35.0761 1328 FsDepends - ok 18:33:35.0839 1328 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 18:33:35.0839 1328 Fs_Rec - ok 18:33:35.0933 1328 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 18:33:35.0948 1328 fvevol - ok 18:33:36.0026 1328 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 18:33:36.0042 1328 gagp30kx - ok 18:33:36.0167 1328 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 18:33:36.0182 1328 GamesAppService - ok 18:33:36.0323 1328 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 18:33:36.0369 1328 gpsvc - ok 18:33:36.0463 1328 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 18:33:36.0525 1328 hcw85cir - ok 18:33:36.0635 1328 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 18:33:36.0666 1328 HdAudAddService - ok 18:33:36.0775 1328 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys 18:33:36.0806 1328 HDAudBus - ok 18:33:36.0884 1328 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 18:33:36.0915 1328 HidBatt - ok 18:33:36.0993 1328 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 18:33:37.0025 1328 HidBth - ok 18:33:37.0290 1328 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 18:33:37.0321 1328 HidIr - ok 18:33:37.0493 1328 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 18:33:37.0539 1328 hidserv - ok 18:33:37.0727 1328 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 18:33:37.0742 1328 HidUsb - ok 18:33:37.0976 1328 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 18:33:38.0054 1328 hkmsvc - ok 18:33:38.0085 1328 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 18:33:38.0163 1328 HomeGroupListener - ok 18:33:38.0351 1328 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 18:33:38.0397 1328 HomeGroupProvider - ok 18:33:38.0585 1328 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 18:33:38.0616 1328 HP Support Assistant Service - ok 18:33:38.0772 1328 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe 18:33:38.0803 1328 HPClientSvc - ok 18:33:38.0928 1328 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 18:33:38.0959 1328 HPDrvMntSvc.exe - ok 18:33:39.0021 1328 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 18:33:39.0053 1328 hpqwmiex - ok 18:33:39.0209 1328 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 18:33:39.0224 1328 HpSAMD - ok 18:33:39.0287 1328 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 18:33:39.0333 1328 HTTP - ok 18:33:39.0427 1328 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 18:33:39.0427 1328 hwpolicy - ok 18:33:39.0458 1328 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 18:33:39.0474 1328 i8042prt - ok 18:33:39.0536 1328 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 18:33:39.0552 1328 iaStorV - ok 18:33:39.0692 1328 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 18:33:39.0723 1328 idsvc - ok 18:33:40.0098 1328 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys 18:33:40.0269 1328 igfx - ok 18:33:40.0347 1328 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 18:33:40.0379 1328 iirsp - ok 18:33:40.0519 1328 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 18:33:40.0659 1328 IKEEXT - ok 18:33:40.0815 1328 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys 18:33:40.0862 1328 IntcAzAudAddService - ok 18:33:40.0956 1328 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 18:33:40.0987 1328 intelide - ok 18:33:41.0065 1328 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys 18:33:41.0096 1328 intelppm - ok 18:33:41.0174 1328 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 18:33:41.0268 1328 IPBusEnum - ok 18:33:41.0315 1328 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:33:41.0377 1328 IpFilterDriver - ok 18:33:41.0439 1328 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 18:33:41.0502 1328 IPMIDRV - ok 18:33:41.0549 1328 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 18:33:41.0627 1328 IPNAT - ok 18:33:41.0673 1328 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 18:33:41.0705 1328 IRENUM - ok 18:33:41.0767 1328 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 18:33:41.0798 1328 isapnp - ok 18:33:41.0861 1328 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 18:33:41.0892 1328 iScsiPrt - ok 18:33:41.0923 1328 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 18:33:41.0954 1328 kbdclass - ok 18:33:42.0001 1328 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 18:33:42.0048 1328 kbdhid - ok 18:33:42.0110 1328 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 18:33:42.0141 1328 KeyIso - ok 18:33:42.0188 1328 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 18:33:42.0219 1328 KSecDD - ok 18:33:42.0266 1328 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 18:33:42.0282 1328 KSecPkg - ok 18:33:42.0329 1328 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 18:33:42.0407 1328 ksthunk - ok 18:33:42.0500 1328 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 18:33:42.0578 1328 KtmRm - ok 18:33:42.0687 1328 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll 18:33:42.0765 1328 LanmanServer - ok 18:33:42.0797 1328 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 18:33:42.0890 1328 LanmanWorkstation - ok 18:33:42.0999 1328 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 18:33:43.0093 1328 lltdio - ok 18:33:43.0218 1328 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 18:33:43.0296 1328 lltdsvc - ok 18:33:43.0374 1328 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 18:33:43.0436 1328 lmhosts - ok 18:33:43.0623 1328 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 18:33:43.0655 1328 LSI_FC - ok 18:33:43.0951 1328 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 18:33:43.0982 1328 LSI_SAS - ok 18:33:44.0076 1328 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 18:33:44.0107 1328 LSI_SAS2 - ok 18:33:44.0201 1328 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 18:33:44.0247 1328 LSI_SCSI - ok 18:33:44.0325 1328 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 18:33:44.0419 1328 luafv - ok 18:33:44.0481 1328 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 18:33:44.0513 1328 Mcx2Svc - ok 18:33:44.0684 1328 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 18:33:44.0715 1328 megasas - ok 18:33:44.0809 1328 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 18:33:44.0825 1328 MegaSR - ok 18:33:44.0887 1328 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 18:33:44.0918 1328 MMCSS - ok 18:33:44.0996 1328 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 18:33:45.0027 1328 Modem - ok 18:33:45.0137 1328 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 18:33:45.0183 1328 monitor - ok 18:33:45.0230 1328 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 18:33:45.0230 1328 mouclass - ok 18:33:45.0261 1328 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 18:33:45.0293 1328 mouhid - ok 18:33:45.0371 1328 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 18:33:45.0386 1328 mountmgr - ok 18:33:45.0464 1328 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 18:33:45.0511 1328 mpio - ok 18:33:45.0542 1328 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 18:33:45.0573 1328 mpsdrv - ok 18:33:45.0605 1328 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 18:33:45.0683 1328 MRxDAV - ok 18:33:45.0729 1328 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 18:33:45.0807 1328 mrxsmb - ok 18:33:45.0885 1328 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:33:45.0901 1328 mrxsmb10 - ok 18:33:45.0932 1328 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:33:45.0948 1328 mrxsmb20 - ok 18:33:46.0041 1328 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 18:33:46.0057 1328 msahci - ok 18:33:46.0088 1328 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 18:33:46.0104 1328 msdsm - ok 18:33:46.0151 1328 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 18:33:46.0197 1328 MSDTC - ok 18:33:46.0338 1328 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 18:33:46.0385 1328 Msfs - ok 18:33:46.0447 1328 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 18:33:46.0556 1328 mshidkmdf - ok 18:33:46.0650 1328 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 18:33:46.0650 1328 msisadrv - ok 18:33:46.0697 1328 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 18:33:46.0743 1328 MSiSCSI - ok 18:33:46.0790 1328 msiserver - ok 18:33:46.0977 1328 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 18:33:47.0102 1328 MSKSSRV - ok 18:33:47.0196 1328 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 18:33:47.0289 1328 MSPCLOCK - ok 18:33:47.0336 1328 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 18:33:47.0430 1328 MSPQM - ok 18:33:47.0492 1328 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 18:33:47.0539 1328 MsRPC - ok 18:33:47.0586 1328 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 18:33:47.0601 1328 mssmbios - ok 18:33:47.0633 1328 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 18:33:47.0711 1328 MSTEE - ok 18:33:47.0742 1328 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 18:33:47.0757 1328 MTConfig - ok 18:33:47.0773 1328 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 18:33:47.0773 1328 Mup - ok 18:33:47.0898 1328 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 18:33:47.0991 1328 napagent - ok 18:33:48.0116 1328 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 18:33:48.0194 1328 NativeWifiP - ok 18:33:48.0397 1328 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 18:33:48.0444 1328 NDIS - ok 18:33:48.0491 1328 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 18:33:48.0537 1328 NdisCap - ok 18:33:48.0569 1328 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 18:33:48.0631 1328 NdisTapi - ok 18:33:48.0647 1328 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 18:33:48.0693 1328 Ndisuio - ok 18:33:48.0756 1328 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 18:33:48.0787 1328 NdisWan - ok 18:33:48.0834 1328 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 18:33:48.0865 1328 NDProxy - ok 18:33:48.0881 1328 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 18:33:48.0912 1328 NetBIOS - ok 18:33:48.0974 1328 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 18:33:49.0006 1328 NetBT - ok 18:33:49.0037 1328 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 18:33:49.0052 1328 Netlogon - ok 18:33:49.0130 1328 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 18:33:49.0240 1328 Netman - ok 18:33:49.0567 1328 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 18:33:49.0583 1328 NetMsmqActivator - ok 18:33:49.0598 1328 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 18:33:49.0598 1328 NetPipeActivator - ok 18:33:49.0614 1328 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 18:33:49.0676 1328 netprofm - ok 18:33:49.0676 1328 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 18:33:49.0692 1328 NetTcpActivator - ok 18:33:49.0692 1328 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 18:33:49.0708 1328 NetTcpPortSharing - ok 18:33:49.0770 1328 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 18:33:49.0786 1328 nfrd960 - ok 18:33:49.0864 1328 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 18:33:49.0957 1328 NlaSvc - ok 18:33:50.0020 1328 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 18:33:50.0082 1328 Npfs - ok 18:33:50.0160 1328 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 18:33:50.0238 1328 nsi - ok 18:33:50.0285 1328 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 18:33:50.0347 1328 nsiproxy - ok 18:33:50.0441 1328 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 18:33:50.0519 1328 Ntfs - ok 18:33:50.0566 1328 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 18:33:50.0612 1328 Null - ok 18:33:50.0675 1328 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 18:33:50.0690 1328 nvraid - ok 18:33:50.0753 1328 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 18:33:50.0768 1328 nvstor - ok 18:33:50.0815 1328 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 18:33:50.0878 1328 nv_agp - ok 18:33:50.0987 1328 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 18:33:51.0034 1328 ohci1394 - ok 18:33:51.0439 1328 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 18:33:51.0470 1328 ose - ok 18:33:51.0673 1328 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 18:33:51.0829 1328 osppsvc - ok 18:33:51.0892 1328 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 18:33:51.0970 1328 p2pimsvc - ok 18:33:52.0016 1328 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 18:33:52.0032 1328 p2psvc - ok 18:33:52.0079 1328 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 18:33:52.0094 1328 Parport - ok 18:33:52.0141 1328 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 18:33:52.0157 1328 partmgr - ok 18:33:52.0172 1328 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 18:33:52.0204 1328 PcaSvc - ok 18:33:52.0250 1328 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 18:33:52.0250 1328 pci - ok 18:33:52.0328 1328 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 18:33:52.0360 1328 pciide - ok 18:33:52.0406 1328 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 18:33:52.0438 1328 pcmcia - ok 18:33:52.0516 1328 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 18:33:52.0547 1328 pcw - ok 18:33:52.0609 1328 pdfcDispatcher - ok 18:33:52.0687 1328 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 18:33:52.0812 1328 PEAUTH - ok 18:33:52.0906 1328 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 18:33:52.0952 1328 PerfHost - ok 18:33:53.0077 1328 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 18:33:53.0171 1328 pla - ok 18:33:53.0218 1328 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 18:33:53.0280 1328 PlugPlay - ok 18:33:53.0311 1328 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 18:33:53.0358 1328 PNRPAutoReg - ok 18:33:53.0389 1328 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 18:33:53.0405 1328 PNRPsvc - ok 18:33:53.0483 1328 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 18:33:53.0545 1328 PolicyAgent - ok 18:33:53.0576 1328 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 18:33:53.0623 1328 Power - ok 18:33:53.0686 1328 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 18:33:53.0717 1328 PptpMiniport - ok 18:33:53.0764 1328 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 18:33:53.0795 1328 Processor - ok 18:33:53.0826 1328 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 18:33:53.0857 1328 ProfSvc - ok 18:33:53.0904 1328 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 18:33:53.0920 1328 ProtectedStorage - ok 18:33:53.0951 1328 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 18:33:53.0982 1328 Psched - ok 18:33:54.0091 1328 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 18:33:54.0138 1328 ql2300 - ok 18:33:54.0185 1328 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 18:33:54.0185 1328 ql40xx - ok 18:33:54.0216 1328 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 18:33:54.0232 1328 QWAVE - ok 18:33:54.0263 1328 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 18:33:54.0310 1328 QWAVEdrv - ok 18:33:54.0356 1328 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 18:33:54.0372 1328 RasAcd - ok 18:33:54.0419 1328 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 18:33:54.0450 1328 RasAgileVpn - ok 18:33:54.0481 1328 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 18:33:54.0512 1328 RasAuto - ok 18:33:54.0559 1328 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 18:33:54.0606 1328 Rasl2tp - ok 18:33:54.0684 1328 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 18:33:54.0715 1328 RasMan - ok 18:33:54.0762 1328 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 18:33:54.0809 1328 RasPppoe - ok 18:33:54.0824 1328 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 18:33:54.0856 1328 RasSstp - ok 18:33:54.0918 1328 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 18:33:54.0965 1328 rdbss - ok 18:33:55.0012 1328 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys 18:33:55.0058 1328 rdpbus - ok 18:33:55.0090 1328 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 18:33:55.0121 1328 RDPCDD - ok 18:33:55.0168 1328 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 18:33:55.0214 1328 RDPENCDD - ok 18:33:55.0292 1328 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 18:33:55.0308 1328 RDPREFMP - ok 18:33:55.0386 1328 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 18:33:55.0448 1328 RDPWD - ok 18:33:55.0480 1328 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 18:33:55.0495 1328 rdyboost - ok 18:33:55.0526 1328 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 18:33:55.0542 1328 RemoteAccess - ok 18:33:55.0573 1328 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 18:33:55.0620 1328 RemoteRegistry - ok 18:33:55.0807 1328 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe 18:33:55.0823 1328 RoxioNow Service - ok 18:33:55.0854 1328 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 18:33:55.0901 1328 RpcEptMapper - ok 18:33:55.0948 1328 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 18:33:55.0948 1328 RpcLocator - ok 18:33:55.0979 1328 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 18:33:56.0010 1328 RpcSs - ok 18:33:56.0041 1328 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 18:33:56.0072 1328 rspndr - ok 18:33:56.0104 1328 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys 18:33:56.0119 1328 RTL8167 - ok 18:33:56.0150 1328 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 18:33:56.0166 1328 SamSs - ok 18:33:56.0213 1328 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 18:33:56.0213 1328 sbp2port - ok 18:33:56.0244 1328 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 18:33:56.0275 1328 SCardSvr - ok 18:33:56.0322 1328 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 18:33:56.0353 1328 scfilter - ok 18:33:56.0400 1328 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 18:33:56.0462 1328 Schedule - ok 18:33:56.0509 1328 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 18:33:56.0540 1328 SCPolicySvc - ok 18:33:56.0556 1328 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 18:33:56.0572 1328 SDRSVC - ok 18:33:56.0618 1328 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 18:33:56.0618 1328 SeaPort - ok 18:33:56.0634 1328 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 18:33:56.0681 1328 secdrv - ok 18:33:56.0696 1328 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 18:33:56.0743 1328 seclogon - ok 18:33:56.0759 1328 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 18:33:56.0790 1328 SENS - ok 18:33:56.0806 1328 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 18:33:56.0837 1328 SensrSvc - ok 18:33:56.0884 1328 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys 18:33:56.0915 1328 Serenum - ok 18:33:56.0946 1328 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys 18:33:56.0977 1328 Serial - ok 18:33:56.0993 1328 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 18:33:57.0008 1328 sermouse - ok 18:33:57.0040 1328 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 18:33:57.0086 1328 SessionEnv - ok 18:33:57.0118 1328 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 18:33:57.0133 1328 sffdisk - ok 18:33:57.0133 1328 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 18:33:57.0149 1328 sffp_mmc - ok 18:33:57.0164 1328 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 18:33:57.0180 1328 sffp_sd - ok 18:33:57.0211 1328 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 18:33:57.0227 1328 sfloppy - ok 18:33:57.0258 1328 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys 18:33:57.0274 1328 Sftfs - ok 18:33:57.0383 1328 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 18:33:57.0398 1328 sftlist - ok 18:33:57.0414 1328 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys 18:33:57.0430 1328 Sftplay - ok 18:33:57.0445 1328 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys 18:33:57.0445 1328 Sftredir - ok 18:33:57.0461 1328 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys 18:33:57.0476 1328 Sftvol - ok 18:33:57.0492 1328 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 18:33:57.0492 1328 sftvsa - ok 18:33:57.0539 1328 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 18:33:57.0570 1328 SharedAccess - ok 18:33:57.0601 1328 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 18:33:57.0648 1328 ShellHWDetection - ok 18:33:57.0679 1328 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 18:33:57.0679 1328 SiSRaid2 - ok 18:33:57.0695 1328 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 18:33:57.0710 1328 SiSRaid4 - ok 18:33:57.0742 1328 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 18:33:57.0788 1328 Smb - ok 18:33:57.0804 1328 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 18:33:57.0820 1328 SNMPTRAP - ok 18:33:57.0851 1328 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 18:33:57.0851 1328 spldr - ok 18:33:57.0882 1328 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 18:33:57.0913 1328 Spooler - ok 18:33:57.0976 1328 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 18:33:58.0100 1328 sppsvc - ok 18:33:58.0116 1328 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 18:33:58.0147 1328 sppuinotify - ok 18:33:58.0178 1328 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 18:33:58.0225 1328 srv - ok 18:33:58.0272 1328 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 18:33:58.0303 1328 srv2 - ok 18:33:58.0334 1328 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 18:33:58.0350 1328 srvnet - ok 18:33:58.0381 1328 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 18:33:58.0428 1328 SSDPSRV - ok 18:33:58.0444 1328 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 18:33:58.0475 1328 SstpSvc - ok 18:33:58.0522 1328 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 18:33:58.0537 1328 stexstor - ok 18:33:58.0584 1328 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 18:33:58.0615 1328 stisvc - ok 18:33:58.0631 1328 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 18:33:58.0646 1328 swenum - ok 18:33:58.0678 1328 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 18:33:58.0740 1328 swprv - ok 18:33:58.0896 1328 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 18:33:58.0974 1328 SysMain - ok 18:33:59.0005 1328 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 18:33:59.0021 1328 TabletInputService - ok 18:33:59.0083 1328 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 18:33:59.0146 1328 TapiSrv - ok 18:33:59.0192 1328 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 18:33:59.0224 1328 TBS - ok 18:33:59.0302 1328 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 18:33:59.0364 1328 Tcpip - ok 18:33:59.0426 1328 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 18:33:59.0442 1328 TCPIP6 - ok 18:33:59.0489 1328 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 18:33:59.0536 1328 tcpipreg - ok 18:33:59.0567 1328 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 18:33:59.0582 1328 TDPIPE - ok 18:33:59.0660 1328 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 18:33:59.0692 1328 TDTCP - ok 18:33:59.0707 1328 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 18:33:59.0738 1328 tdx - ok 18:33:59.0879 1328 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 18:33:59.0894 1328 TermDD - ok 18:33:59.0941 1328 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 18:34:00.0019 1328 TermService - ok 18:34:00.0066 1328 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 18:34:00.0082 1328 Themes - ok 18:34:00.0144 1328 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 18:34:00.0175 1328 THREADORDER - ok 18:34:00.0206 1328 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 18:34:00.0253 1328 TrkWks - ok 18:34:00.0284 1328 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 18:34:00.0331 1328 TrustedInstaller - ok 18:34:00.0362 1328 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 18:34:00.0394 1328 tssecsrv - ok 18:34:00.0440 1328 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 18:34:00.0456 1328 TsUsbFlt - ok 18:34:00.0487 1328 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 18:34:00.0503 1328 TsUsbGD - ok 18:34:00.0534 1328 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 18:34:00.0565 1328 tunnel - ok 18:34:00.0596 1328 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 18:34:00.0596 1328 uagp35 - ok 18:34:00.0643 1328 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 18:34:00.0659 1328 udfs - ok 18:34:00.0690 1328 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 18:34:00.0706 1328 UI0Detect - ok 18:34:00.0721 1328 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 18:34:00.0737 1328 uliagpkx - ok 18:34:00.0752 1328 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 18:34:00.0752 1328 umbus - ok 18:34:00.0784 1328 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 18:34:00.0799 1328 UmPass - ok 18:34:00.0846 1328 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 18:34:00.0924 1328 upnphost - ok 18:34:00.0955 1328 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 18:34:01.0002 1328 usbccgp - ok 18:34:01.0018 1328 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 18:34:01.0049 1328 usbcir - ok 18:34:01.0064 1328 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 18:34:01.0096 1328 usbehci - ok 18:34:01.0127 1328 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\drivers\usbfilter.sys 18:34:01.0127 1328 usbfilter - ok 18:34:01.0158 1328 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 18:34:01.0189 1328 usbhub - ok 18:34:01.0236 1328 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys 18:34:01.0298 1328 usbohci - ok 18:34:01.0330 1328 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 18:34:01.0376 1328 usbprint - ok 18:34:01.0408 1328 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 18:34:01.0439 1328 usbscan - ok 18:34:01.0470 1328 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:34:01.0532 1328 USBSTOR - ok 18:34:01.0548 1328 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 18:34:01.0564 1328 usbuhci - ok 18:34:01.0626 1328 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 18:34:01.0673 1328 UxSms - ok 18:34:01.0704 1328 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 18:34:01.0720 1328 VaultSvc - ok 18:34:01.0735 1328 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 18:34:01.0735 1328 vdrvroot - ok 18:34:01.0766 1328 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 18:34:01.0813 1328 vds - ok 18:34:01.0844 1328 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 18:34:01.0876 1328 vga - ok 18:34:01.0891 1328 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 18:34:01.0922 1328 VgaSave - ok 18:34:01.0954 1328 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 18:34:01.0969 1328 vhdmp - ok 18:34:01.0985 1328 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 18:34:02.0000 1328 viaide - ok 18:34:02.0016 1328 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 18:34:02.0032 1328 volmgr - ok 18:34:02.0047 1328 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 18:34:02.0063 1328 volmgrx - ok 18:34:02.0078 1328 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 18:34:02.0094 1328 volsnap - ok 18:34:02.0094 1328 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 18:34:02.0110 1328 vsmraid - ok 18:34:02.0250 1328 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 18:34:02.0359 1328 VSS - ok 18:34:02.0406 1328 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 18:34:02.0453 1328 vwifibus - ok 18:34:02.0484 1328 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 18:34:02.0546 1328 W32Time - ok 18:34:02.0609 1328 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 18:34:02.0640 1328 WacomPen - ok 18:34:02.0671 1328 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 18:34:02.0702 1328 WANARP - ok 18:34:02.0718 1328 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 18:34:02.0749 1328 Wanarpv6 - ok 18:34:02.0796 1328 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 18:34:02.0827 1328 WatAdminSvc - ok 18:34:02.0858 1328 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 18:34:02.0921 1328 wbengine - ok 18:34:02.0936 1328 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 18:34:02.0952 1328 WbioSrvc - ok 18:34:02.0968 1328 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 18:34:02.0999 1328 wcncsvc - ok 18:34:03.0046 1328 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 18:34:03.0108 1328 WcsPlugInService - ok 18:34:03.0124 1328 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 18:34:03.0139 1328 Wd - ok 18:34:03.0170 1328 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 18:34:03.0186 1328 Wdf01000 - ok 18:34:03.0217 1328 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 18:34:03.0280 1328 WdiServiceHost - ok 18:34:03.0295 1328 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 18:34:03.0311 1328 WdiSystemHost - ok 18:34:03.0342 1328 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 18:34:03.0389 1328 WebClient - ok 18:34:03.0420 1328 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 18:34:03.0467 1328 Wecsvc - ok 18:34:03.0498 1328 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 18:34:03.0529 1328 wercplsupport - ok 18:34:03.0545 1328 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 18:34:03.0576 1328 WerSvc - ok 18:34:03.0592 1328 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 18:34:03.0607 1328 WfpLwf - ok 18:34:03.0638 1328 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 18:34:03.0638 1328 WIMMount - ok 18:34:03.0638 1328 WinHttpAutoProxySvc - ok 18:34:03.0685 1328 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 18:34:03.0763 1328 Winmgmt - ok 18:34:03.0841 1328 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 18:34:03.0982 1328 WinRM - ok 18:34:04.0044 1328 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 18:34:04.0044 1328 WinUsb - ok 18:34:04.0106 1328 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 18:34:04.0184 1328 Wlansvc - ok 18:34:04.0216 1328 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 18:34:04.0247 1328 wlcrasvc - ok 18:34:04.0294 1328 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 18:34:04.0387 1328 wlidsvc - ok 18:34:04.0418 1328 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 18:34:04.0465 1328 WmiAcpi - ok 18:34:04.0528 1328 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 18:34:04.0543 1328 wmiApSrv - ok 18:34:04.0559 1328 WMPNetworkSvc - ok 18:34:04.0590 1328 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 18:34:04.0606 1328 WPCSvc - ok 18:34:04.0652 1328 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 18:34:04.0699 1328 WPDBusEnum - ok 18:34:04.0793 1328 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 18:34:04.0855 1328 ws2ifsl - ok 18:34:04.0871 1328 WSearch - ok 18:34:04.0933 1328 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 18:34:05.0011 1328 wuauserv - ok 18:34:05.0042 1328 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 18:34:05.0089 1328 WudfPf - ok 18:34:05.0120 1328 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 18:34:05.0198 1328 WUDFRd - ok 18:34:05.0230 1328 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 18:34:05.0261 1328 wudfsvc - ok 18:34:05.0292 1328 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 18:34:05.0323 1328 WwanSvc - ok 18:34:05.0339 1328 MBR (0x1B8) (22a989b08cd088728d4e9fc470755d79) \Device\Harddisk0\DR0 18:34:05.0354 1328 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected 18:34:05.0354 1328 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0) 18:34:05.0464 1328 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 18:34:05.0464 1328 \Device\Harddisk0\DR0 - detected TDSS File System (1) 18:34:05.0464 1328 Boot (0x1200) (b920e4bc4db2a2f85672de53afd62e83) \Device\Harddisk0\DR0\Partition0 18:34:05.0464 1328 \Device\Harddisk0\DR0\Partition0 - ok 18:34:05.0479 1328 Boot (0x1200) (6c565c6c6da482cbbc6f595924924585) \Device\Harddisk0\DR0\Partition1 18:34:05.0479 1328 \Device\Harddisk0\DR0\Partition1 - ok 18:34:05.0510 1328 Boot (0x1200) (bff80509c2c7cfccb6c9f2aed897ec2b) \Device\Harddisk0\DR0\Partition2 18:34:05.0510 1328 \Device\Harddisk0\DR0\Partition2 - ok 18:34:05.0510 1328 ============================================================ 18:34:05.0510 1328 Scan finished 18:34:05.0510 1328 ============================================================ 18:34:05.0526 2532 Detected object count: 2 18:34:05.0526 2532 Actual detected object count: 2 18:35:44.0742 2532 \Device\Harddisk0\DR0\# - copied to quarantine 18:35:44.0742 2532 \Device\Harddisk0\DR0 - copied to quarantine 18:35:44.0789 2532 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 18:35:44.0789 2532 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine 18:35:44.0789 2532 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 18:35:44.0805 2532 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 18:35:44.0820 2532 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 18:35:44.0820 2532 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine 18:35:44.0820 2532 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 18:35:44.0820 2532 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 18:35:44.0820 2532 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 18:35:44.0836 2532 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 18:35:44.0836 2532 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine 18:35:44.0836 2532 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 18:35:44.0867 2532 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot 18:35:44.0867 2532 \Device\Harddisk0\DR0 - ok 18:35:45.0304 2532 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 18:35:45.0304 2532 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 18:35:45.0304 2532 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 18:36:03.0228 3068 Deinitialize success

definitely still need help. here are the new logs. thanks! Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.04.03.12 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Aug-11 :: AUG-11-HP [administrator] 4/3/2012 5:32:57 PM mbam-log-2012-04-03 (17-35-38).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 196769 Time elapsed: 2 minute(s), 23 second(s) Memory Processes Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> 4620 -> No action taken. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> No action taken. (end) RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Aug-11 [Admin rights] Mode: Scan -- Date: 04/03/2012 17:46:27 ¤¤¤ Bad processes: 1 ¤¤¤ [sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 4 ¤¤¤ [sUSP PATH] winupd.job @ : C:\Users\Aug-11\AppData\Local\Temp:winupd.exe -> FOUND [sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}.job @ : C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST310005 28AS SATA Disk Device +++++ --- User --- [MBR] 4664794ea9b3e1381cc1903ffa268820 [bSP] 4380b6c166e94d201c68450087fc3aec : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942339 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930117120 | Size: 11428 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] 58e87bbccbddc74daba40b61bbf22a8a [bSP] 774670e719613688107af143ed71084f : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 217933824 | Size: 300 Mo Finished : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

can't seem to remove svchost trojan. along with seeming to be running slower all my google and bing searches get redirected. please help. below are dds, mbam and roguekiller logs. THANKS! . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22 Run by Aug-11 at 21:35:33 on 2012-03-31 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.1609 [GMT -5:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2012\avgrsa.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe C:\Program Files (x86)\AVG\AVG2012\avgemca.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe C:\Program Files (x86)\PDF Complete\pdfsvc.exe C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe -netsvcs C:\Windows\system32\conhost.exe c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" dRun: [sysVer] "C:\Windows\system32\config\systemprofile\AppData\Local\MSRebar\SysVer\SysVer.exe" mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{B1FB28BE-9E27-4566-B7C3-E818386505AD} : DhcpNameServer = 192.168.2.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll BHO-X64: Conduit Engine - No File BHO-X64: AVG Do-Not-Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO-X64: AVG Do-Not-Track - No File BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO-X64: Search Helper - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll BHO-X64: Vuze Remote - No File BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" Hosts: 94.63.147.22 www.google.com Hosts: 94.63.147.23 www.bing.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Aug-11\AppData\Roaming\Mozilla\Firefox\Profiles\t5h1wh4w.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B524cc4d6-b3ab-4a88-9d73-cc368777775d%7D&mid=740066f430df47d1abb6ed906db4abbc-ebe5aca7cfd32f9faede2535b753341eef991577&ds=AVG&v=10.2.0.3〈=en&pr=fr&d=2012-03-28%2007%3A57%3A09&sap=ku&q= FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\system32\drivers\amd_sata.sys --> C:\Windows\system32\drivers\amd_sata.sys [?] R0 amd_xata;amd_xata;C:\Windows\system32\drivers\amd_xata.sys --> C:\Windows\system32\drivers\amd_xata.sys [?] R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\avgidseha.sys --> C:\Windows\system32\DRIVERS\avgidseha.sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-2-14 5104992] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264] R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-6-1 1127448] R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-3-28 918880] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\drivers\usbfilter.sys --> C:\Windows\system32\drivers\usbfilter.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-04-01 02:25:25 -------- d-----w- C:\Users\Aug-11\AppData\Local\{5A6D2003-7B79-11E1-826D-B8AC6F996F26} 2012-03-31 20:02:01 20480 ----a-w- C:\Windows\svchost.exe 2012-03-31 13:36:43 -------- d-----w- C:\Users\Aug-11\AppData\Local\{CC8E1090-3A7E-4916-90BA-992BC03E943C} 2012-03-30 12:01:41 -------- d-----w- C:\Users\Aug-11\AppData\Local\{36052974-B56F-4D69-98CD-ABA4EB4EDCC5} 2012-03-29 23:43:05 -------- d-----w- C:\Users\Aug-11\AppData\Local\{1989AC9F-2FF3-4D5A-9F50-FD329BD2E4F6} 2012-03-29 21:06:45 -------- d-----w- C:\Users\Aug-11\AppData\Local\{F6072F4B-C1C8-4E3D-A5A6-C78973F8A40B} 2012-03-29 02:45:26 -------- d-----w- C:\Users\Aug-11\AppData\Local\{4757459F-2128-4A65-89F2-31D0F8414701} 2012-03-29 01:06:58 -------- d-----w- C:\Users\Aug-11\AppData\Roaming\SUPERAntiSpyware.com 2012-03-29 01:06:22 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2012-03-29 01:06:22 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2012-03-29 00:19:57 -------- d-----w- C:\Program Files (x86)\PC Tools 2012-03-29 00:16:42 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys 2012-03-29 00:16:41 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools 2012-03-29 00:16:07 -------- d-----w- C:\Users\Aug-11\AppData\Roaming\TestApp 2012-03-29 00:16:07 -------- d-----w- C:\ProgramData\PC Tools 2012-03-28 23:55:04 -------- d-----w- C:\Users\Aug-11\AppData\Roaming\AVG2012 2012-03-28 12:57:07 -------- d-----w- C:\ProgramData\AVG Secure Search 2012-03-28 12:57:04 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search 2012-03-28 12:57:04 -------- d-----w- C:\Program Files (x86)\AVG Secure Search 2012-03-28 12:55:58 -------- d-----w- C:\Windows\SysWow64\drivers\AVG 2012-03-28 12:55:23 -------- d-----w- C:\Windows\System32\drivers\AVG 2012-03-28 12:28:46 -------- d-----w- C:\Users\Aug-11\AppData\Local\{EB65F8D6-B9E9-4E9B-89ED-E7E8EA545D88} 2012-03-28 12:28:35 -------- d-----w- C:\Users\Aug-11\AppData\Local\{3DE67B08-976C-46B4-B511-12BE03117840} 2012-03-28 04:07:12 -------- d-sh--w- C:\$RECYCLE.BIN 2012-03-28 03:15:00 98816 ----a-w- C:\Windows\sed.exe 2012-03-28 03:15:00 518144 ----a-w- C:\Windows\SWREG.exe 2012-03-28 03:15:00 256000 ----a-w- C:\Windows\PEV.exe 2012-03-28 03:15:00 208896 ----a-w- C:\Windows\MBR.exe 2012-03-28 02:10:49 -------- d-----w- C:\Users\Aug-11\AppData\Local\{543A1248-BA24-4DD7-8D52-F9F1BAA246A6} 2012-03-28 02:10:38 -------- d-----w- C:\Users\Aug-11\AppData\Local\{F6019DD5-2DF0-44B8-B6AE-91148238F8B2} 2012-03-27 22:40:34 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll 2012-03-27 22:40:34 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll 2012-03-27 22:28:59 -------- d-----w- C:\Users\Aug-11\AppData\Roaming\Xaest 2012-03-27 22:28:59 -------- d-----w- C:\Users\Aug-11\AppData\Roaming\Quensi 2012-03-24 15:31:54 -------- d-----w- C:\Users\Aug-11\AppData\Local\{3F0B8F00-E9E8-4B79-9D34-8FF319577888} 2012-03-24 15:31:43 -------- d-----w- C:\Users\Aug-11\AppData\Local\{5EBF3213-C140-465B-97A9-335A706D5700} 2012-03-21 02:10:35 -------- d-----w- C:\Users\Aug-11\AppData\Local\{A4AA4B41-6D80-4123-8B79-81AC44AE4809} 2012-03-21 02:10:25 -------- d-----w- C:\Users\Aug-11\AppData\Local\{26D79D2A-EC60-4D64-90E4-C151E4EBFB04} 2012-03-18 03:07:56 -------- d-----w- C:\Users\Aug-11\AppData\Local\{464D1096-6E7B-40C2-BFA2-849780B1D289} 2012-03-18 03:07:44 -------- d-----w- C:\Users\Aug-11\AppData\Local\{22200AA3-8B88-4F1D-9157-D12C88CDDD8C} 2012-03-17 21:49:43 -------- d-----w- C:\Program Files (x86)\ESET 2012-03-17 15:03:15 -------- d-----w- C:\Users\Aug-11\AppData\Local\{D6B864A0-CC2B-4B1D-BFE4-EB7232611086} 2012-03-17 15:03:04 -------- d-----w- C:\Users\Aug-11\AppData\Local\{ED4D0DD1-82C6-41B2-BD4B-312EE14A99C6} 2012-03-17 03:48:16 200976 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys 2012-03-17 03:30:51 -------- d-----w- C:\Users\Aug-11\AppData\Roaming\Malwarebytes 2012-03-17 03:30:47 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-17 03:30:47 -------- d-----w- C:\ProgramData\Malwarebytes 2012-03-17 03:30:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-03-16 17:59:55 -------- d-----w- C:\Users\Aug-11\AppData\Local\{C11CE875-C519-4F0A-8A10-ED9EDBFC9C94} 2012-03-16 17:59:42 -------- d-----w- C:\Users\Aug-11\AppData\Local\{AB5517E7-89C4-430A-805E-66A9D50B6BC4} 2012-03-14 08:21:39 -------- d-----w- C:\Users\Aug-11\AppData\Local\{1EE1E69C-D5BD-4953-9F53-653A5C261B6A} 2012-03-14 08:21:28 -------- d-----w- C:\Users\Aug-11\AppData\Local\{B1E71EC1-A841-43C3-9F1D-219451F6119C} 2012-03-14 08:03:14 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-03-14 08:03:13 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-03-14 08:03:13 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-03-14 03:02:31 3145728 ----a-w- C:\Windows\System32\win32k.sys 2012-03-14 03:02:26 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2012-03-14 03:02:26 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-03-14 03:00:58 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-03-14 03:00:58 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-03-14 03:00:58 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-03-14 03:00:50 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-03-14 03:00:49 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-03-14 03:00:49 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-03-14 03:00:49 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-03-12 12:32:30 -------- d-----w- C:\Users\Aug-11\AppData\Local\{B192DEF9-034F-4E10-A902-8CB661D4C479} 2012-03-12 12:32:19 -------- d-----w- C:\Users\Aug-11\AppData\Local\{D72C8EC2-59B3-42C3-A629-72D86B56FF77} 2012-03-09 13:28:08 -------- d-----w- C:\Users\Aug-11\AppData\Local\{3C839183-38A6-4207-A614-1D962455BC60} 2012-03-09 13:27:58 -------- d-----w- C:\Users\Aug-11\AppData\Local\{000D904D-75E0-49B3-B685-D80B53F38680} 2012-03-04 15:05:13 -------- d-----w- C:\Users\Aug-11\AppData\Local\{EE55F82A-2FE8-4AF0-B07C-7056374ED595} 2012-03-04 15:05:04 -------- d-----w- C:\Users\Aug-11\AppData\Local\{ED47A238-9C94-47FF-B360-7820F18828B0} 2012-03-04 06:36:15 -------- d-----w- C:\Users\Aug-11\AppData\Local\Amazon . ==================== Find3M ==================== . 2012-02-22 10:25:50 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys 2012-02-22 10:25:32 289872 ----a-w- C:\Windows\System32\drivers\avgldx64.sys 2012-02-16 02:54:40 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-01-31 09:46:48 36944 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys 2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll 2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll . ============= FINISH: 21:36:28.27 =============== Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.27.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Aug-11 :: AUG-11-HP [administrator] 3/31/2012 9:37:59 PM mbam-log-2012-03-31 (21-41-31).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 195206 Time elapsed: 3 minute(s), 23 second(s) Memory Processes Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> 5496 -> No action taken. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> No action taken. (end) RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Aug-11 [Admin rights] Mode: Scan -- Date: 03/31/2012 16:13:33 ¤¤¤ Bad processes: 1 ¤¤¤ [sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 3 ¤¤¤ [sUSP PATH] winupd.job @ : C:\Users\Aug-11\AppData\Local\Temp:winupd.exe -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 94.63.147.22 www.google.com 94.63.147.23 www.bing.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST310005 28AS SATA Disk Device +++++ --- User --- [MBR] 4664794ea9b3e1381cc1903ffa268820 [bSP] 4380b6c166e94d201c68450087fc3aec : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942339 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930117120 | Size: 11428 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] 58e87bbccbddc74daba40b61bbf22a8a [bSP] 774670e719613688107af143ed71084f : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 217933824 | Size: 300 Mo Finished : << RKreport[1].txt >> RKreport[1].txt