datdarncomputer
-
Posts
2 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by datdarncomputer
-
-
I'm getting repeated (blocked) pop-up attempts from xHttp://newgenerationp.com/s/1042/68/... and xHttp://oldschool.zzzz.x. I already did a boot-time scan with Avast, and a scan via Malwarebytes turned up nothing.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_20
Run by Parent at 17:24:31 on 2012-07-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3579.2449 [GMT -5:00]
.
AV: McAfee® Total Protection™ Service *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee® Total Protection™ Service *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Windows\system32\lxdvcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Lexmark X5400 Series\lxdvmon.exe
C:\Program Files\Lexmark X5400 Series\lxdvamon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbengine.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\vds.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://getstarted.k12.com/
uDefault_Page_URL = hxxp://getstarted.k12.com/
mStart Page = hxxp://getstarted.k12.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\managed virusscan\vscan\ScriptSn.20120517153930.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtkNGUI.exe -s
mRun: [MVS Splash] "c:\program files\mcafee\managed virusscan\desktopui\XTray.exe" /LOGON
mRun: [McAfee Managed Services Tray] c:\program files\mcafee\managed virusscan\desktopui\XTray.Exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [lxdvmon.exe] "c:\program files\lexmark x5400 series\lxdvmon.exe"
mRun: [lxdvamon] "c:\program files\lexmark x5400 series\lxdvamon.exe"
mRun: [Lexmark X5400 Series Fax Server] "c:\program files\lexmark x5400 series\fm3032.exe" /s
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\users\parent\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office11\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{404D8727-3964-4734-9AC8-3C6AC5F79635} : DhcpNameServer = 192.168.0.1
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed virusscan\agent\MyRmProt5.0.0.811.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\parent\appdata\roaming\mozilla\firefox\profiles\59kkoegy.default\
FF - prefs.js: browser.startup.homepage - hxxp://getstarted.k12.com/
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-7-18 66176]
R0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-7-18 31872]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-6 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-6 353688]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-5-18 214664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2011-7-18 87968]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-2 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-6 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-7-6 57656]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-6 44808]
R2 EngineServer;EngineServer;c:\program files\mcafee\managed virusscan\vscan\EngineServer.exe [2012-5-18 14144]
R2 lxdv_device;lxdv_device;c:\windows\system32\lxdvcoms.exe -service --> c:\windows\system32\lxdvcoms.exe -service [?]
R2 McShield;McShield;c:\progra~1\mcafee\manage~1\vscan\McShield.exe [2012-5-18 144704]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2012-5-18 282824]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2010-11-16 13880]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-7-18 6789632]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-7-18 236032]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-7-18 101392]
R3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2012-5-18 79816]
R3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2012-5-18 35272]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2011-7-18 251496]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-7-18 348776]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\drivers\rtl8192Ce.sys [2011-8-16 982632]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-7-18 35968]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-5-3 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-5 257224]
S3 afcmx86;afcmx86;c:\windows\system32\drivers\afcmx86.sys [2011-7-18 25144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-5-31 260648]
S3 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2012-5-18 34248]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2009-5-19 599040]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-10 1343400]
.
=============== Created Last 30 ================
.
2012-07-06 15:32:27 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-06 15:32:26 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-06 15:32:24 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-06 15:30:13 41224 ----a-w- c:\windows\avastSS.scr
2012-07-06 15:29:33 -------- d-----w- c:\programdata\AVAST Software
2012-07-06 15:29:33 -------- d-----w- c:\program files\AVAST Software
2012-07-06 00:33:45 -------- d-----w- c:\users\parent\appdata\roaming\Malwarebytes
2012-07-05 23:59:40 -------- d-----w- c:\users\parent\appdata\local\Macromedia
2012-07-05 23:58:35 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-05 23:58:35 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-05 23:55:07 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-24 19:14:42 -------- d-----w- c:\users\parent\appdata\local\Apple Computer
.
==================== Find3M ====================
.
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: TOSHIBA_ rev.GS00 -> Harddisk0\DR0 ->
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys amd_xata.sys >>UNKNOWN [0x86F2D4B1]<<
c:\windows\system32\drivers\amd_xata.sys Advanced Micro Devices Stor Filter Driver
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86f3493c]; MOV EAX, [0x86f34ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82E8D52F] -> \Device\Harddisk0\DR0[0x86A7AA38]
3 CLASSPNP[0x8C98659E] -> ntkrnlpa!IofCallDriver[0x82E8D52F] -> [0x86A38020]
5 amd_xata[0x837308DF] -> ntkrnlpa!IofCallDriver[0x82E8D52F] -> \0000005c[0x868DA718]
\Driver\amd_sata[0x86E04D28] -> IRP_MJ_CREATE -> 0x86F2D4B1
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; }
detected disk devices:
\Device\0000005c -> \??\SCSI#Disk&Ven_TOSHIBA&Prod_MK3276GSX#4&c8df9c2&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 17:27:40.93 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/18/2012 12:19:53 AM
System Uptime: 7/6/2012 5:05:11 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 3577
Processor: AMD E-300 APU with Radeon HD Graphics | Socket FT1 | 1300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 296 GiB total, 263.582 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP31: 5/18/2012 2:05:12 PM - Windows Modules Installer
RP32: 5/28/2012 12:55:54 PM - Scheduled Checkpoint
RP33: 6/3/2012 8:23:45 PM - Windows Modules Installer
RP39: 7/6/2012 10:28:58 AM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X
Adobe Shockwave Player 11.5
ALT Access
Apple Application Support
Apple Software Update
Audacity
avast! Free Antivirus
Compatibility Pack for the 2007 Office system
Corel WinDVD
Defraggler (remove only)
Graph 4.3
GTK+ 2.10.11 runtime environment
HP Customer Experience Enhancements
HP Vision Hardware Diagnostics
Java 2 Runtime Environment, SE v1.4.2_07
Java Auto Updater
Java 6 Update 20
Lexmark X5400 Series
LSI PCI-SV92EX Soft Modem
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee Virus and Spyware Protection Service
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Express Edition - ENU
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Mozilla Firefox (3.5.3)
OpenOffice.org 3.2
Opera 11.64
Password Corral v4.0
Picasa 3
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Skype™ 5.9
The GIMP 2.2.15
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
VC Runtimes MSI
Visual C++ 8.0 x86 Runtime Setup Package
VLC media player 1.0.5
WebDwarf V2
.
==== Event Viewer Messages From Past Week ========
.
7/6/2012 5:22:58 PM, Error: Disk [11] - The driver detected a controller error on \...\DR3.
7/6/2012 5:16:41 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
7/6/2012 5:16:41 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
7/6/2012 5:10:45 PM, Error: Service Control Manager [7034] - The McShield service terminated unexpectedly. It has done this 1 time(s).
7/6/2012 5:08:32 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The system cannot find the file specified.
7/6/2012 10:42:14 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
7/6/2012 1:31:12 PM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
7/5/2012 8:49:52 PM, Error: Disk [11] - The driver detected a controller error on \...\DR1.
7/5/2012 8:31:19 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/5/2012 7:59:48 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/5/2012 7:59:48 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/5/2012 7:59:48 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/5/2012 7:59:48 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/5/2012 7:59:48 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/5/2012 7:59:48 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/5/2012 7:59:48 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/5/2012 7:59:48 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The pipe has been ended.
7/5/2012 6:36:55 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
==== End Of File ===========================
Redirect trojan - need help
in Resolved Malware Removal Logs
Posted
09:21:42.0947 1368 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
09:21:42.0995 1368 ============================================================
09:21:42.0997 1368 Current date / time: 2012/07/07 09:21:42.0995
09:21:42.0997 1368 SystemInfo:
09:21:42.0997 1368
09:21:42.0997 1368 OS Version: 6.1.7601 ServicePack: 1.0
09:21:42.0997 1368 Product type: Workstation
09:21:42.0997 1368 ComputerName: IQ-K12-LAPTOP
09:21:42.0997 1368 UserName: Parent
09:21:42.0997 1368 Windows directory: C:\Windows
09:21:42.0997 1368 System windows directory: C:\Windows
09:21:42.0997 1368 Processor architecture: Intel x86
09:21:42.0997 1368 Number of processors: 2
09:21:42.0997 1368 Page size: 0x1000
09:21:42.0997 1368 Boot type: Normal boot
09:21:42.0997 1368 ============================================================
09:21:43.0750 1368 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:21:43.0757 1368 ============================================================
09:21:43.0757 1368 \Device\Harddisk0\DR0:
09:21:43.0757 1368 MBR partitions:
09:21:43.0757 1368 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x400000
09:21:43.0757 1368 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x400800, BlocksNum 0x2502DAB0
09:21:43.0757 1368 ============================================================
09:21:43.0787 1368 C: <-> \Device\Harddisk0\DR0\Partition1
09:21:43.0787 1368 ============================================================
09:21:43.0787 1368 Initialize success
09:21:43.0787 1368 ============================================================
09:22:14.0573 3912 ============================================================
09:22:14.0573 3912 Scan started
09:22:14.0573 3912 Mode: Manual; SigCheck; TDLFS;
09:22:14.0573 3912 ============================================================
09:22:15.0133 3912 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
09:22:15.0420 3912 1394ohci - ok
09:22:15.0488 3912 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
09:22:15.0523 3912 ACPI - ok
09:22:15.0570 3912 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
09:22:15.0633 3912 AcpiPmi - ok
09:22:15.0713 3912 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:22:15.0743 3912 AdobeFlashPlayerUpdateSvc - ok
09:22:15.0830 3912 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
09:22:15.0875 3912 adp94xx - ok
09:22:15.0915 3912 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
09:22:15.0950 3912 adpahci - ok
09:22:15.0983 3912 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
09:22:16.0013 3912 adpu320 - ok
09:22:16.0043 3912 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
09:22:16.0130 3912 AeLookupSvc - ok
09:22:16.0203 3912 AERTFilters (a6ce73469591554279da63be715dbc93) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
09:22:16.0233 3912 AERTFilters - ok
09:22:16.0268 3912 afcmx86 (4054b5195755b08b212a68538f24d54c) C:\Windows\system32\drivers\afcmx86.sys
09:22:16.0338 3912 afcmx86 - ok
09:22:16.0410 3912 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys
09:22:16.0498 3912 AFD - ok
09:22:16.0548 3912 AgereModemAudio (48091a2374a69f473273c44951195452) C:\Program Files\LSI SoftModem\agrsmsvc.exe
09:22:16.0575 3912 AgereModemAudio - ok
09:22:16.0715 3912 AgereSoftModem (c6fa08a8cca9001f3197525b07331715) C:\Windows\system32\DRIVERS\AGRSM.sys
09:22:16.0868 3912 AgereSoftModem - ok
09:22:16.0903 3912 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
09:22:16.0930 3912 agp440 - ok
09:22:16.0990 3912 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
09:22:17.0018 3912 aic78xx - ok
09:22:17.0070 3912 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
09:22:17.0125 3912 ALG - ok
09:22:17.0170 3912 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
09:22:17.0205 3912 aliide - ok
09:22:17.0243 3912 AMD External Events Utility (547d4c6b23ca9703d7b803d6c969a9e2) C:\Windows\system32\atiesrxx.exe
09:22:17.0305 3912 AMD External Events Utility - ok
09:22:17.0355 3912 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
09:22:17.0383 3912 amdagp - ok
09:22:17.0425 3912 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
09:22:17.0450 3912 amdide - ok
09:22:17.0488 3912 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
09:22:17.0545 3912 AmdK8 - ok
09:22:18.0025 3912 amdkmdag (15fbc2bf6029d19e97d765547bf87aa4) C:\Windows\system32\DRIVERS\atikmdag.sys
09:22:18.0320 3912 amdkmdag - ok
09:22:18.0485 3912 amdkmdap (46df722b208d17dedb50c1a4821d91d2) C:\Windows\system32\DRIVERS\atikmpag.sys
09:22:18.0553 3912 amdkmdap - ok
09:22:18.0610 3912 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
09:22:18.0663 3912 AmdPPM - ok
09:22:18.0718 3912 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
09:22:18.0745 3912 amdsata - ok
09:22:18.0783 3912 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
09:22:18.0815 3912 amdsbs - ok
09:22:18.0833 3912 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
09:22:18.0858 3912 amdxata - ok
09:22:18.0890 3912 amd_sata (00889d0e9a2a65b7e4454b2238d41ac7) C:\Windows\system32\drivers\amd_sata.sys
09:22:18.0918 3912 amd_sata - ok
09:22:18.0938 3912 amd_xata (b289c50849907738c9460fb093f28f7f) C:\Windows\system32\drivers\amd_xata.sys
09:22:18.0963 3912 amd_xata - ok
09:22:19.0013 3912 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
09:22:19.0090 3912 AppID - ok
09:22:19.0138 3912 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
09:22:19.0210 3912 AppIDSvc - ok
09:22:19.0223 3912 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
09:22:19.0303 3912 Appinfo - ok
09:22:19.0343 3912 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
09:22:19.0370 3912 arc - ok
09:22:19.0393 3912 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
09:22:19.0420 3912 arcsas - ok
09:22:19.0540 3912 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:22:19.0573 3912 aspnet_state - ok
09:22:19.0623 3912 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\Windows\system32\drivers\aswFsBlk.sys
09:22:19.0650 3912 aswFsBlk - ok
09:22:19.0678 3912 aswMonFlt (a48d8015af2a0d8b4937613ffbfd28de) C:\Windows\system32\drivers\aswMonFlt.sys
09:22:19.0708 3912 aswMonFlt - ok
09:22:19.0740 3912 aswRdr (4a951beba9e49410cde478b6f6abb252) C:\Windows\System32\Drivers\aswrdr2.sys
09:22:19.0768 3912 aswRdr - ok
09:22:19.0860 3912 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\Windows\system32\drivers\aswSnx.sys
09:22:19.0908 3912 aswSnx - ok
09:22:19.0960 3912 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\Windows\system32\drivers\aswSP.sys
09:22:19.0998 3912 aswSP - ok
09:22:20.0020 3912 aswTdi (7109a9aa551f37cd168c02368465957e) C:\Windows\system32\drivers\aswTdi.sys
09:22:20.0048 3912 aswTdi - ok
09:22:20.0093 3912 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
09:22:20.0170 3912 AsyncMac - ok
09:22:20.0235 3912 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
09:22:20.0260 3912 atapi - ok
09:22:20.0318 3912 AtiHDAudioService (95b1e9804ca10d096c0383f7c6684950) C:\Windows\system32\drivers\AtihdW73.sys
09:22:20.0345 3912 AtiHDAudioService - ok
09:22:20.0920 3912 atikmdag (15fbc2bf6029d19e97d765547bf87aa4) C:\Windows\system32\DRIVERS\atikmdag.sys
09:22:21.0103 3912 atikmdag - ok
09:22:21.0275 3912 AtiPcie (4ffe74e33bd9170950116f0ca46eac89) C:\Windows\system32\drivers\AtiPcie.sys
09:22:21.0300 3912 AtiPcie - ok
09:22:21.0378 3912 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
09:22:21.0450 3912 AudioEndpointBuilder - ok
09:22:21.0463 3912 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
09:22:21.0535 3912 Audiosrv - ok
09:22:21.0668 3912 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
09:22:21.0695 3912 avast! Antivirus - ok
09:22:21.0750 3912 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
09:22:21.0803 3912 AxInstSV - ok
09:22:21.0868 3912 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
09:22:21.0938 3912 b06bdrv - ok
09:22:22.0005 3912 b57nd60x (6f41a4c5745bb99f89406f57164f099e) C:\Windows\system32\DRIVERS\b57nd60x.sys
09:22:22.0040 3912 b57nd60x - ok
09:22:22.0090 3912 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
09:22:22.0148 3912 BDESVC - ok
09:22:22.0173 3912 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
09:22:22.0265 3912 Beep - ok
09:22:22.0340 3912 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
09:22:22.0518 3912 BITS - ok
09:22:22.0570 3912 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\drivers\blbdrive.sys
09:22:22.0628 3912 blbdrive - ok
09:22:22.0673 3912 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
09:22:22.0708 3912 bowser - ok
09:22:22.0723 3912 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
09:22:22.0775 3912 BrFiltLo - ok
09:22:22.0810 3912 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
09:22:22.0870 3912 BrFiltUp - ok
09:22:22.0925 3912 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
09:22:23.0005 3912 Browser - ok
09:22:23.0055 3912 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
09:22:23.0110 3912 Brserid - ok
09:22:23.0150 3912 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
09:22:23.0210 3912 BrSerWdm - ok
09:22:23.0233 3912 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:22:23.0285 3912 BrUsbMdm - ok
09:22:23.0303 3912 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
09:22:23.0360 3912 BrUsbSer - ok
09:22:23.0383 3912 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
09:22:23.0435 3912 BTHMODEM - ok
09:22:23.0498 3912 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
09:22:23.0578 3912 bthserv - ok
09:22:23.0628 3912 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
09:22:23.0715 3912 cdfs - ok
09:22:23.0765 3912 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
09:22:23.0825 3912 cdrom - ok
09:22:23.0878 3912 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
09:22:23.0958 3912 CertPropSvc - ok
09:22:23.0998 3912 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
09:22:24.0050 3912 circlass - ok
09:22:24.0118 3912 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
09:22:24.0155 3912 CLFS - ok
09:22:24.0270 3912 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:22:24.0298 3912 clr_optimization_v2.0.50727_32 - ok
09:22:24.0375 3912 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:22:24.0403 3912 clr_optimization_v4.0.30319_32 - ok
09:22:24.0440 3912 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
09:22:24.0488 3912 CmBatt - ok
09:22:24.0518 3912 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
09:22:24.0543 3912 cmdide - ok
09:22:24.0598 3912 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
09:22:24.0648 3912 CNG - ok
09:22:24.0690 3912 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
09:22:24.0715 3912 Compbatt - ok
09:22:24.0770 3912 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
09:22:24.0820 3912 CompositeBus - ok
09:22:24.0838 3912 COMSysApp - ok
09:22:24.0870 3912 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
09:22:24.0895 3912 crcdisk - ok
09:22:24.0938 3912 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
09:22:25.0020 3912 CryptSvc - ok
09:22:25.0083 3912 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
09:22:25.0185 3912 DcomLaunch - ok
09:22:25.0223 3912 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
09:22:25.0313 3912 defragsvc - ok
09:22:25.0390 3912 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
09:22:25.0475 3912 Dhcp - ok
09:22:25.0510 3912 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
09:22:25.0595 3912 discache - ok
09:22:25.0653 3912 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
09:22:25.0678 3912 Disk - ok
09:22:25.0718 3912 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
09:22:25.0773 3912 Dnscache - ok
09:22:25.0825 3912 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
09:22:25.0918 3912 dot3svc - ok
09:22:25.0940 3912 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
09:22:26.0028 3912 DPS - ok
09:22:26.0085 3912 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
09:22:26.0138 3912 drmkaud - ok
09:22:26.0203 3912 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
09:22:26.0253 3912 DXGKrnl - ok
09:22:26.0275 3912 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
09:22:26.0368 3912 EapHost - ok
09:22:26.0640 3912 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
09:22:26.0850 3912 ebdrv - ok
09:22:26.0963 3912 EFS (f42309c4191c506b71db5d1126d26318) C:\Windows\System32\lsass.exe
09:22:27.0023 3912 EFS - ok
09:22:27.0128 3912 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
09:22:27.0170 3912 elxstor - ok
09:22:27.0198 3912 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
09:22:27.0245 3912 ErrDev - ok
09:22:27.0308 3912 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
09:22:27.0403 3912 EventSystem - ok
09:22:27.0455 3912 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
09:22:27.0528 3912 exfat - ok
09:22:27.0543 3912 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
09:22:27.0630 3912 fastfat - ok
09:22:27.0680 3912 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
09:22:27.0735 3912 fdc - ok
09:22:27.0768 3912 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
09:22:27.0855 3912 fdPHost - ok
09:22:27.0865 3912 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
09:22:27.0935 3912 FDResPub - ok
09:22:27.0973 3912 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
09:22:27.0998 3912 FileInfo - ok
09:22:28.0018 3912 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
09:22:28.0098 3912 Filetrace - ok
09:22:28.0140 3912 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
09:22:28.0200 3912 flpydisk - ok
09:22:28.0245 3912 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
09:22:28.0278 3912 FltMgr - ok
09:22:28.0353 3912 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
09:22:28.0423 3912 FontCache - ok
09:22:28.0498 3912 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:22:28.0523 3912 FontCache3.0.0.0 - ok
09:22:28.0550 3912 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
09:22:28.0578 3912 FsDepends - ok
09:22:28.0605 3912 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
09:22:28.0630 3912 Fs_Rec - ok
09:22:28.0680 3912 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
09:22:28.0720 3912 fvevol - ok
09:22:28.0770 3912 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
09:22:28.0798 3912 gagp30kx - ok
09:22:28.0858 3912 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
09:22:28.0955 3912 gpsvc - ok
09:22:29.0065 3912 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:22:29.0100 3912 gusvc - ok
09:22:29.0123 3912 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
09:22:29.0158 3912 hcw85cir - ok
09:22:29.0225 3912 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
09:22:29.0280 3912 HdAudAddService - ok
09:22:29.0343 3912 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:22:29.0400 3912 HDAudBus - ok
09:22:29.0440 3912 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
09:22:29.0490 3912 HidBatt - ok
09:22:29.0523 3912 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
09:22:29.0565 3912 HidBth - ok
09:22:29.0605 3912 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
09:22:29.0665 3912 HidIr - ok
09:22:29.0708 3912 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
09:22:29.0798 3912 hidserv - ok
09:22:29.0835 3912 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
09:22:29.0890 3912 HidUsb - ok
09:22:29.0923 3912 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
09:22:29.0993 3912 hkmsvc - ok
09:22:30.0025 3912 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
09:22:30.0085 3912 HomeGroupListener - ok
09:22:30.0138 3912 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
09:22:30.0208 3912 HomeGroupProvider - ok
09:22:30.0253 3912 HP Health Check Service - ok
09:22:30.0295 3912 hpqwmiex - ok
09:22:30.0350 3912 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
09:22:30.0378 3912 HpSAMD - ok
09:22:30.0460 3912 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
09:22:30.0535 3912 HTTP - ok
09:22:30.0563 3912 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
09:22:30.0590 3912 hwpolicy - ok
09:22:30.0643 3912 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
09:22:30.0691 3912 i8042prt - ok
09:22:30.0756 3912 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
09:22:30.0793 3912 iaStorV - ok
09:22:30.0923 3912 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:22:31.0046 3912 idsvc - ok
09:22:31.0403 3912 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
09:22:31.0668 3912 igfx - ok
09:22:31.0813 3912 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
09:22:31.0843 3912 iirsp - ok
09:22:31.0923 3912 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
09:22:32.0078 3912 IKEEXT - ok
09:22:32.0383 3912 IntcAzAudAddService (1963b62f7fe2e99e719c7f2d18fc7c64) C:\Windows\system32\drivers\RTKVHDA.sys
09:22:32.0518 3912 IntcAzAudAddService - ok
09:22:32.0678 3912 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
09:22:32.0713 3912 intelide - ok
09:22:32.0751 3912 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\drivers\intelppm.sys
09:22:32.0803 3912 intelppm - ok
09:22:32.0836 3912 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
09:22:32.0908 3912 IPBusEnum - ok
09:22:32.0943 3912 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:22:33.0021 3912 IpFilterDriver - ok
09:22:33.0061 3912 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
09:22:33.0098 3912 IPMIDRV - ok
09:22:33.0116 3912 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
09:22:33.0206 3912 IPNAT - ok
09:22:33.0253 3912 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
09:22:33.0296 3912 IRENUM - ok
09:22:33.0333 3912 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
09:22:33.0361 3912 isapnp - ok
09:22:33.0406 3912 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
09:22:33.0438 3912 iScsiPrt - ok
09:22:33.0521 3912 IviRegMgr (f415a88162d23977b5edae4f0410e903) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
09:22:33.0543 3912 IviRegMgr - ok
09:22:33.0611 3912 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:22:33.0638 3912 kbdclass - ok
09:22:33.0666 3912 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
09:22:33.0723 3912 kbdhid - ok
09:22:33.0761 3912 KeyIso (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
09:22:33.0803 3912 KeyIso - ok
09:22:33.0841 3912 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
09:22:33.0868 3912 KSecDD - ok
09:22:33.0886 3912 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
09:22:33.0916 3912 KSecPkg - ok
09:22:33.0956 3912 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
09:22:34.0051 3912 KtmRm - ok
09:22:34.0118 3912 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
09:22:34.0213 3912 LanmanServer - ok
09:22:34.0246 3912 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
09:22:34.0323 3912 LanmanWorkstation - ok
09:22:34.0358 3912 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
09:22:34.0446 3912 lltdio - ok
09:22:34.0508 3912 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
09:22:34.0586 3912 lltdsvc - ok
09:22:34.0621 3912 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
09:22:34.0703 3912 lmhosts - ok
09:22:34.0756 3912 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
09:22:34.0786 3912 LSI_FC - ok
09:22:34.0811 3912 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
09:22:34.0838 3912 LSI_SAS - ok
09:22:34.0858 3912 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
09:22:34.0886 3912 LSI_SAS2 - ok
09:22:34.0911 3912 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
09:22:34.0938 3912 LSI_SCSI - ok
09:22:34.0978 3912 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
09:22:35.0063 3912 luafv - ok
09:22:35.0106 3912 lxdv_device - ok
09:22:35.0231 3912 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
09:22:35.0271 3912 MDM - ok
09:22:35.0303 3912 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
09:22:35.0328 3912 megasas - ok
09:22:35.0378 3912 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
09:22:35.0413 3912 MegaSR - ok
09:22:35.0466 3912 MfeAVFK (32bcd2aec12cee766b2488731a78127c) C:\Windows\system32\drivers\MfeAVFK.sys
09:22:35.0493 3912 MfeAVFK - ok
09:22:35.0521 3912 MfeBOPK (963abf1a4d3a19206f7b059e5a1a190b) C:\Windows\system32\drivers\MfeBOPK.sys
09:22:35.0548 3912 MfeBOPK - ok
09:22:35.0593 3912 mfehidk (586a07b1fa933c340d990419d6894d7a) C:\Windows\system32\drivers\mfehidk.sys
09:22:35.0626 3912 mfehidk - ok
09:22:35.0651 3912 MfeRKDK (820d6aa3f7f0cfa8a1fa8f63d3f1df04) C:\Windows\system32\drivers\MfeRKDK.sys
09:22:35.0678 3912 MfeRKDK - ok
09:22:35.0713 3912 mfetdik (3812e49fa67a3f604895f0d0c2e1ef90) C:\Windows\system32\drivers\mfetdik.sys
09:22:35.0741 3912 mfetdik - ok
09:22:35.0781 3912 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
09:22:35.0863 3912 MMCSS - ok
09:22:35.0913 3912 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
09:22:35.0988 3912 Modem - ok
09:22:36.0031 3912 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
09:22:36.0091 3912 monitor - ok
09:22:36.0156 3912 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
09:22:36.0181 3912 mouclass - ok
09:22:36.0213 3912 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
09:22:36.0271 3912 mouhid - ok
09:22:36.0316 3912 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
09:22:36.0343 3912 mountmgr - ok
09:22:36.0383 3912 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
09:22:36.0413 3912 mpio - ok
09:22:36.0433 3912 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
09:22:36.0518 3912 mpsdrv - ok
09:22:36.0548 3912 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
09:22:36.0593 3912 MRxDAV - ok
09:22:36.0676 3912 mrxsmb (ed3d3419b064f28d812995ed8cadc541) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:22:36.0718 3912 mrxsmb - ok
09:22:36.0758 3912 mrxsmb10 (dc914446049169a964e27fd8888ffaee) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:22:36.0821 3912 mrxsmb10 - ok
09:22:36.0846 3912 mrxsmb20 (e7d90388d14fae057c166c1801e0bf94) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:22:36.0883 3912 mrxsmb20 - ok
09:22:36.0906 3912 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
09:22:36.0933 3912 msahci - ok
09:22:36.0968 3912 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
09:22:37.0001 3912 msdsm - ok
09:22:37.0043 3912 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
09:22:37.0101 3912 MSDTC - ok
09:22:37.0151 3912 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
09:22:37.0218 3912 Msfs - ok
09:22:37.0233 3912 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
09:22:37.0303 3912 mshidkmdf - ok
09:22:37.0341 3912 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
09:22:37.0366 3912 msisadrv - ok
09:22:37.0418 3912 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
09:22:37.0498 3912 MSiSCSI - ok
09:22:37.0508 3912 msiserver - ok
09:22:37.0561 3912 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
09:22:37.0638 3912 MSKSSRV - ok
09:22:37.0676 3912 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
09:22:37.0753 3912 MSPCLOCK - ok
09:22:37.0778 3912 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
09:22:37.0861 3912 MSPQM - ok
09:22:37.0896 3912 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
09:22:37.0928 3912 MsRPC - ok
09:22:37.0976 3912 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
09:22:38.0001 3912 mssmbios - ok
09:22:38.0018 3912 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
09:22:38.0091 3912 MSTEE - ok
09:22:38.0116 3912 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
09:22:38.0171 3912 MTConfig - ok
09:22:38.0211 3912 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
09:22:38.0238 3912 Mup - ok
09:22:38.0291 3912 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
09:22:38.0383 3912 napagent - ok
09:22:38.0456 3912 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
09:22:38.0506 3912 NativeWifiP - ok
09:22:38.0566 3912 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
09:22:38.0616 3912 NDIS - ok
09:22:38.0648 3912 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
09:22:38.0733 3912 NdisCap - ok
09:22:38.0761 3912 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
09:22:38.0843 3912 NdisTapi - ok
09:22:38.0871 3912 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
09:22:38.0951 3912 Ndisuio - ok
09:22:38.0991 3912 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
09:22:39.0081 3912 NdisWan - ok
09:22:39.0093 3912 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
09:22:39.0166 3912 NDProxy - ok
09:22:39.0191 3912 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
09:22:39.0278 3912 NetBIOS - ok
09:22:39.0301 3912 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
09:22:39.0368 3912 NetBT - ok
09:22:39.0406 3912 Netlogon (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
09:22:39.0446 3912 Netlogon - ok
09:22:39.0501 3912 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
09:22:39.0581 3912 Netman - ok
09:22:39.0691 3912 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:22:39.0738 3912 NetMsmqActivator - ok
09:22:39.0746 3912 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:22:39.0776 3912 NetPipeActivator - ok
09:22:39.0828 3912 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
09:22:39.0923 3912 netprofm - ok
09:22:40.0011 3912 netr28 (08981d4d90e09102fc9b2883efaaa805) C:\Windows\system32\DRIVERS\netr28.sys
09:22:40.0146 3912 netr28 - ok
09:22:40.0153 3912 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:22:40.0183 3912 NetTcpActivator - ok
09:22:40.0193 3912 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:22:40.0221 3912 NetTcpPortSharing - ok
09:22:40.0263 3912 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
09:22:40.0291 3912 nfrd960 - ok
09:22:40.0346 3912 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
09:22:40.0433 3912 NlaSvc - ok
09:22:40.0473 3912 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
09:22:40.0558 3912 Npfs - ok
09:22:40.0588 3912 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
09:22:40.0663 3912 nsi - ok
09:22:40.0688 3912 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
09:22:40.0771 3912 nsiproxy - ok
09:22:40.0891 3912 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
09:22:41.0043 3912 Ntfs - ok
09:22:41.0073 3912 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
09:22:41.0158 3912 Null - ok
09:22:41.0208 3912 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
09:22:41.0238 3912 nvraid - ok
09:22:41.0266 3912 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
09:22:41.0296 3912 nvstor - ok
09:22:41.0336 3912 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
09:22:41.0366 3912 nv_agp - ok
09:22:41.0381 3912 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
09:22:41.0436 3912 ohci1394 - ok
09:22:41.0511 3912 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:22:41.0541 3912 ose - ok
09:22:41.0601 3912 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
09:22:41.0671 3912 p2pimsvc - ok
09:22:41.0726 3912 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
09:22:41.0783 3912 p2psvc - ok
09:22:41.0828 3912 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
09:22:41.0868 3912 Parport - ok
09:22:41.0911 3912 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
09:22:41.0941 3912 partmgr - ok
09:22:41.0966 3912 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
09:22:42.0021 3912 Parvdm - ok
09:22:42.0066 3912 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
09:22:42.0118 3912 PcaSvc - ok
09:22:42.0171 3912 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
09:22:42.0201 3912 pci - ok
09:22:42.0228 3912 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
09:22:42.0256 3912 pciide - ok
09:22:42.0301 3912 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
09:22:42.0333 3912 pcmcia - ok
09:22:42.0366 3912 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
09:22:42.0393 3912 pcw - ok
09:22:42.0468 3912 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
09:22:42.0643 3912 PEAUTH - ok
09:22:42.0831 3912 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
09:22:43.0023 3912 pla - ok
09:22:43.0181 3912 PlugPlay (92dc6e68d2c856c5c2f21ae9e22112b8) C:\Windows\system32\umpnpmgr.dll
09:22:43.0281 3912 PlugPlay - ok
09:22:43.0316 3912 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
09:22:43.0373 3912 PNRPAutoReg - ok
09:22:43.0401 3912 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
09:22:43.0448 3912 PNRPsvc - ok
09:22:43.0501 3912 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
09:22:43.0591 3912 PolicyAgent - ok
09:22:43.0638 3912 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
09:22:43.0713 3912 Power - ok
09:22:43.0801 3912 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
09:22:43.0883 3912 PptpMiniport - ok
09:22:43.0916 3912 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
09:22:43.0963 3912 Processor - ok
09:22:44.0013 3912 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
09:22:44.0088 3912 ProfSvc - ok
09:22:44.0128 3912 ProtectedStorage (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
09:22:44.0168 3912 ProtectedStorage - ok
09:22:44.0226 3912 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
09:22:44.0318 3912 Psched - ok
09:22:44.0391 3912 PSI_SVC_2 (f036cfb275d0c55f4e45fbbf5f98b3c8) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
09:22:44.0418 3912 PSI_SVC_2 - ok
09:22:44.0531 3912 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
09:22:44.0683 3912 ql2300 - ok
09:22:44.0841 3912 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
09:22:44.0871 3912 ql40xx - ok
09:22:44.0923 3912 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
09:22:44.0998 3912 QWAVE - ok
09:22:45.0043 3912 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
09:22:45.0083 3912 QWAVEdrv - ok
09:22:45.0106 3912 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
09:22:45.0186 3912 RasAcd - ok
09:22:45.0236 3912 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:22:45.0318 3912 RasAgileVpn - ok
09:22:45.0361 3912 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
09:22:45.0456 3912 RasAuto - ok
09:22:45.0503 3912 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:22:45.0588 3912 Rasl2tp - ok
09:22:45.0628 3912 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
09:22:45.0728 3912 RasMan - ok
09:22:45.0766 3912 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
09:22:45.0851 3912 RasPppoe - ok
09:22:45.0881 3912 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
09:22:45.0963 3912 RasSstp - ok
09:22:45.0991 3912 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
09:22:46.0071 3912 rdbss - ok
09:22:46.0111 3912 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\drivers\rdpbus.sys
09:22:46.0171 3912 rdpbus - ok
09:22:46.0206 3912 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:22:46.0281 3912 RDPCDD - ok
09:22:46.0331 3912 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
09:22:46.0413 3912 RDPENCDD - ok
09:22:46.0446 3912 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
09:22:46.0523 3912 RDPREFMP - ok
09:22:46.0556 3912 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
09:22:46.0631 3912 RDPWD - ok
09:22:46.0681 3912 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
09:22:46.0713 3912 rdyboost - ok
09:22:46.0753 3912 regi (24d3b49dab660a8b8afa40240e735e24) C:\Windows\system32\drivers\regi.sys
09:22:46.0781 3912 regi - ok
09:22:46.0831 3912 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
09:22:46.0903 3912 RemoteAccess - ok
09:22:46.0936 3912 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
09:22:47.0013 3912 RemoteRegistry - ok
09:22:47.0028 3912 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
09:22:47.0118 3912 RpcEptMapper - ok
09:22:47.0156 3912 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
09:22:47.0213 3912 RpcLocator - ok
09:22:47.0268 3912 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
09:22:47.0348 3912 RpcSs - ok
09:22:47.0401 3912 RSPCIESTOR (4ada96cdedca3ca8dd70f51575f6a7af) C:\Windows\system32\DRIVERS\RtsPStor.sys
09:22:47.0436 3912 RSPCIESTOR - ok
09:22:47.0476 3912 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
09:22:47.0563 3912 rspndr - ok
09:22:47.0656 3912 RTL8167 (fb3ca58c5447432b8e10c0df3d4d2a1b) C:\Windows\system32\DRIVERS\Rt86win7.sys
09:22:47.0691 3912 RTL8167 - ok
09:22:47.0788 3912 RTL8192Ce (0f67de40033768be99d93e24e519e766) C:\Windows\system32\DRIVERS\rtl8192Ce.sys
09:22:47.0846 3912 RTL8192Ce - ok
09:22:47.0873 3912 SamSs (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
09:22:47.0913 3912 SamSs - ok
09:22:47.0958 3912 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
09:22:47.0986 3912 sbp2port - ok
09:22:48.0021 3912 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
09:22:48.0116 3912 SCardSvr - ok
09:22:48.0153 3912 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
09:22:48.0228 3912 scfilter - ok
09:22:48.0303 3912 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
09:22:48.0408 3912 Schedule - ok
09:22:48.0458 3912 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
09:22:48.0521 3912 SCPolicySvc - ok
09:22:48.0561 3912 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
09:22:48.0623 3912 SDRSVC - ok
09:22:48.0666 3912 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:22:48.0753 3912 secdrv - ok
09:22:48.0788 3912 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
09:22:48.0903 3912 seclogon - ok
09:22:48.0936 3912 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
09:22:49.0021 3912 SENS - ok
09:22:49.0048 3912 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
09:22:49.0106 3912 SensrSvc - ok
09:22:49.0158 3912 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\drivers\serenum.sys
09:22:49.0196 3912 Serenum - ok
09:22:49.0231 3912 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys
09:22:49.0283 3912 Serial - ok
09:22:49.0323 3912 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
09:22:49.0358 3912 sermouse - ok
09:22:49.0416 3912 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
09:22:49.0506 3912 SessionEnv - ok
09:22:49.0546 3912 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
09:22:49.0601 3912 sffdisk - ok
09:22:49.0621 3912 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
09:22:49.0658 3912 sffp_mmc - ok
09:22:49.0668 3912 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
09:22:49.0738 3912 sffp_sd - ok
09:22:49.0786 3912 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
09:22:49.0841 3912 sfloppy - ok
09:22:49.0888 3912 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
09:22:49.0986 3912 ShellHWDetection - ok
09:22:50.0036 3912 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
09:22:50.0063 3912 sisagp - ok
09:22:50.0098 3912 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
09:22:50.0126 3912 SiSRaid2 - ok
09:22:50.0173 3912 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
09:22:50.0203 3912 SiSRaid4 - ok
09:22:50.0276 3912 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files\Skype\Updater\Updater.exe
09:22:50.0313 3912 SkypeUpdate - ok
09:22:50.0366 3912 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
09:22:50.0436 3912 Smb - ok
09:22:50.0483 3912 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
09:22:50.0543 3912 SNMPTRAP - ok
09:22:50.0573 3912 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
09:22:50.0603 3912 spldr - ok
09:22:50.0648 3912 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
09:22:50.0728 3912 Spooler - ok
09:22:50.0983 3912 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
09:22:51.0138 3912 sppsvc - ok
09:22:51.0256 3912 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
09:22:51.0351 3912 sppuinotify - ok
09:22:51.0426 3912 srv (4e636465a8653ba3bf29f929aa578e6f) C:\Windows\system32\DRIVERS\srv.sys
09:22:51.0476 3912 srv - ok
09:22:51.0521 3912 srv2 (4e4e17a3865f650ee8c67726872d9431) C:\Windows\system32\DRIVERS\srv2.sys
09:22:51.0656 3912 srv2 - ok
09:22:51.0693 3912 srvnet (1346dff5be932939997d373d61a35626) C:\Windows\system32\DRIVERS\srvnet.sys
09:22:51.0746 3912 srvnet - ok
09:22:51.0791 3912 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
09:22:51.0871 3912 SSDPSRV - ok
09:22:51.0888 3912 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
09:22:51.0986 3912 SstpSvc - ok
09:22:52.0018 3912 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
09:22:52.0046 3912 stexstor - ok
09:22:52.0108 3912 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
09:22:52.0193 3912 StiSvc - ok
09:22:52.0228 3912 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
09:22:52.0256 3912 swenum - ok
09:22:52.0303 3912 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
09:22:52.0406 3912 swprv - ok
09:22:52.0506 3912 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
09:22:52.0586 3912 SysMain - ok
09:22:52.0603 3912 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
09:22:52.0671 3912 TabletInputService - ok
09:22:52.0731 3912 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
09:22:52.0836 3912 TapiSrv - ok
09:22:52.0878 3912 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
09:22:52.0956 3912 TBS - ok
09:22:53.0096 3912 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys
09:22:53.0163 3912 Tcpip - ok
09:22:53.0193 3912 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys
09:22:53.0261 3912 TCPIP6 - ok
09:22:53.0281 3912 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
09:22:53.0358 3912 tcpipreg - ok
09:22:53.0391 3912 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
09:22:53.0426 3912 TDPIPE - ok
09:22:53.0438 3912 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
09:22:53.0513 3912 TDTCP - ok
09:22:53.0543 3912 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
09:22:53.0623 3912 tdx - ok
09:22:53.0666 3912 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
09:22:53.0693 3912 TermDD - ok
09:22:53.0758 3912 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
09:22:53.0846 3912 TermService - ok
09:22:53.0866 3912 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
09:22:53.0938 3912 Themes - ok
09:22:53.0983 3912 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
09:22:54.0056 3912 THREADORDER - ok
09:22:54.0091 3912 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
09:22:54.0138 3912 TPM - ok
09:22:54.0181 3912 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
09:22:54.0276 3912 TrkWks - ok
09:22:54.0341 3912 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
09:22:54.0418 3912 TrustedInstaller - ok
09:22:54.0461 3912 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:22:54.0541 3912 tssecsrv - ok
09:22:54.0553 3912 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
09:22:54.0593 3912 TsUsbFlt - ok
09:22:54.0633 3912 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
09:22:54.0691 3912 TsUsbGD - ok
09:22:54.0751 3912 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
09:22:54.0831 3912 tunnel - ok
09:22:54.0868 3912 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
09:22:54.0898 3912 uagp35 - ok
09:22:54.0936 3912 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
09:22:55.0016 3912 udfs - ok
09:22:55.0068 3912 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
09:22:55.0131 3912 UI0Detect - ok
09:22:55.0181 3912 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
09:22:55.0208 3912 uliagpkx - ok
09:22:55.0253 3912 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
09:22:55.0306 3912 umbus - ok
09:22:55.0343 3912 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
09:22:55.0391 3912 UmPass - ok
09:22:55.0443 3912 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
09:22:55.0541 3912 upnphost - ok
09:22:55.0578 3912 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
09:22:55.0613 3912 usbccgp - ok
09:22:55.0648 3912 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
09:22:55.0691 3912 usbcir - ok
09:22:55.0721 3912 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
09:22:55.0753 3912 usbehci - ok
09:22:55.0791 3912 usbfilter (56e89c8e05a987a49ffa595428fb9767) C:\Windows\system32\drivers\usbfilter.sys
09:22:55.0821 3912 usbfilter - ok
09:22:55.0883 3912 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
09:22:55.0926 3912 usbhub - ok
09:22:55.0951 3912 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
09:22:56.0001 3912 usbohci - ok
09:22:56.0033 3912 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
09:22:56.0073 3912 usbprint - ok
09:22:56.0111 3912 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
09:22:56.0168 3912 usbscan - ok
09:22:56.0193 3912 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:22:56.0231 3912 USBSTOR - ok
09:22:56.0263 3912 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
09:22:56.0298 3912 usbuhci - ok
09:22:56.0346 3912 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
09:22:56.0406 3912 usbvideo - ok
09:22:56.0451 3912 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
09:22:56.0526 3912 UxSms - ok
09:22:56.0551 3912 VaultSvc (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
09:22:56.0593 3912 VaultSvc - ok
09:22:56.0646 3912 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
09:22:56.0671 3912 vdrvroot - ok
09:22:56.0793 3912 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
09:22:56.0953 3912 vds - ok
09:22:57.0001 3912 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
09:22:57.0046 3912 vga - ok
09:22:57.0088 3912 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
09:22:57.0153 3912 VgaSave - ok
09:22:57.0196 3912 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
09:22:57.0228 3912 vhdmp - ok
09:22:57.0261 3912 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
09:22:57.0291 3912 viaagp - ok
09:22:57.0318 3912 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
09:22:57.0356 3912 ViaC7 - ok
09:22:57.0373 3912 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
09:22:57.0401 3912 viaide - ok
09:22:57.0443 3912 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
09:22:57.0471 3912 volmgr - ok
09:22:57.0528 3912 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
09:22:57.0566 3912 volmgrx - ok
09:22:57.0613 3912 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
09:22:57.0658 3912 volsnap - ok
09:22:57.0716 3912 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
09:22:57.0746 3912 vsmraid - ok
09:22:57.0843 3912 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
09:22:57.0978 3912 VSS - ok
09:22:58.0023 3912 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
09:22:58.0071 3912 vwifibus - ok
09:22:58.0106 3912 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
09:22:58.0153 3912 vwififlt - ok
09:22:58.0208 3912 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
09:22:58.0311 3912 W32Time - ok
09:22:58.0356 3912 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
09:22:58.0401 3912 WacomPen - ok
09:22:58.0451 3912 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
09:22:58.0533 3912 WANARP - ok
09:22:58.0546 3912 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
09:22:58.0613 3912 Wanarpv6 - ok
09:22:58.0743 3912 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
09:22:58.0906 3912 WatAdminSvc - ok
09:22:59.0051 3912 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
09:22:59.0198 3912 wbengine - ok
09:22:59.0236 3912 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
09:22:59.0311 3912 WbioSrvc - ok
09:22:59.0373 3912 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
09:22:59.0453 3912 wcncsvc - ok
09:22:59.0466 3912 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
09:22:59.0516 3912 WcsPlugInService - ok
09:22:59.0573 3912 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
09:22:59.0601 3912 Wd - ok
09:22:59.0656 3912 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
09:22:59.0698 3912 Wdf01000 - ok
09:22:59.0728 3912 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
09:22:59.0801 3912 WdiServiceHost - ok
09:22:59.0811 3912 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
09:22:59.0863 3912 WdiSystemHost - ok
09:22:59.0901 3912 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
09:22:59.0973 3912 WebClient - ok
09:23:00.0001 3912 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
09:23:00.0143 3912 Wecsvc - ok
09:23:00.0173 3912 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
09:23:00.0248 3912 wercplsupport - ok
09:23:00.0286 3912 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
09:23:00.0366 3912 WerSvc - ok
09:23:00.0401 3912 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
09:23:00.0466 3912 WfpLwf - ok
09:23:00.0491 3912 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
09:23:00.0518 3912 WIMMount - ok
09:23:00.0541 3912 WinHttpAutoProxySvc - ok
09:23:00.0623 3912 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
09:23:00.0701 3912 Winmgmt - ok
09:23:00.0813 3912 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
09:23:01.0011 3912 WinRM - ok
09:23:01.0126 3912 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
09:23:01.0213 3912 Wlansvc - ok
09:23:01.0273 3912 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
09:23:01.0316 3912 WmiAcpi - ok
09:23:01.0388 3912 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
09:23:01.0441 3912 wmiApSrv - ok
09:23:01.0488 3912 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
09:23:01.0553 3912 WPCSvc - ok
09:23:01.0588 3912 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
09:23:01.0648 3912 WPDBusEnum - ok
09:23:01.0696 3912 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
09:23:01.0776 3912 ws2ifsl - ok
09:23:01.0798 3912 WSearch - ok
09:23:01.0968 3912 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
09:23:02.0128 3912 wuauserv - ok
09:23:02.0261 3912 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
09:23:02.0346 3912 WudfPf - ok
09:23:02.0391 3912 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:23:02.0478 3912 WUDFRd - ok
09:23:02.0526 3912 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
09:23:02.0613 3912 wudfsvc - ok
09:23:02.0646 3912 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
09:23:02.0723 3912 WwanSvc - ok
09:23:02.0798 3912 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:23:02.0831 3912 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
09:23:02.0831 3912 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
09:23:03.0729 3912 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:23:03.0729 3912 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:23:03.0764 3912 Boot (0x1200) (4a781feae4554f1adbc740518dab9e09) \Device\Harddisk0\DR0\Partition0
09:23:03.0766 3912 \Device\Harddisk0\DR0\Partition0 - ok
09:23:03.0784 3912 Boot (0x1200) (e8078b026380379c86c6b564005c6795) \Device\Harddisk0\DR0\Partition1
09:23:03.0786 3912 \Device\Harddisk0\DR0\Partition1 - ok
09:23:03.0786 3912 ============================================================
09:23:03.0786 3912 Scan finished
09:23:03.0786 3912 ============================================================
09:23:03.0816 2804 Detected object count: 2
09:23:03.0816 2804 Actual detected object count: 2
09:23:21.0131 2804 \Device\Harddisk0\DR0\# - copied to quarantine
09:23:21.0131 2804 \Device\Harddisk0\DR0 - copied to quarantine
09:23:21.0186 2804 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
09:23:21.0206 2804 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
09:23:21.0236 2804 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
09:23:21.0276 2804 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
09:23:25.0729 2804 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
09:23:25.0811 2804 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
09:23:25.0816 2804 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
09:23:25.0824 2804 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
09:23:25.0831 2804 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
09:23:25.0894 2804 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
09:23:25.0974 2804 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
09:23:25.0981 2804 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
09:23:26.0016 2804 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
09:23:26.0044 2804 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
09:23:26.0076 2804 \Device\Harddisk0\DR0 - ok
09:23:26.0088 2804 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
09:23:26.0089 2804 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:23:26.0090 2804 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
09:24:16.0894 2312 Deinitialize success
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_20
Run by Parent at 9:46:49 on 2012-07-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3579.2872 [GMT -5:00]
.
AV: McAfee® Total Protection™ Service *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee® Total Protection™ Service *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\lxdvcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Skype\Updater\Updater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Lexmark X5400 Series\lxdvmon.exe
C:\Program Files\Lexmark X5400 Series\lxdvamon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://getstarted.k12.com/
uDefault_Page_URL = hxxp://getstarted.k12.com/
mStart Page = hxxp://getstarted.k12.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtkNGUI.exe -s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [lxdvmon.exe] "c:\program files\lexmark x5400 series\lxdvmon.exe"
mRun: [lxdvamon] "c:\program files\lexmark x5400 series\lxdvamon.exe"
mRun: [Lexmark X5400 Series Fax Server] "c:\program files\lexmark x5400 series\fm3032.exe" /s
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\users\parent\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office11\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{404D8727-3964-4734-9AC8-3C6AC5F79635} : DhcpNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\parent\appdata\roaming\mozilla\firefox\profiles\59kkoegy.default\
FF - prefs.js: browser.startup.homepage - hxxp://getstarted.k12.com/
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-7-18 66176]
R0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-7-18 31872]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-6 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-6 353688]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-5-18 214664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2011-7-18 87968]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-2 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-6 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-7-6 57656]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-6 44808]
R2 lxdv_device;lxdv_device;c:\windows\system32\lxdvcoms.exe -service --> c:\windows\system32\lxdvcoms.exe -service [?]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2010-11-16 13880]
R2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-5-3 158856]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-7-18 6789632]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-7-18 236032]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-7-18 101392]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2011-7-18 251496]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-7-18 348776]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\drivers\rtl8192Ce.sys [2011-8-16 982632]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-7-18 35968]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-5 257224]
S3 afcmx86;afcmx86;c:\windows\system32\drivers\afcmx86.sys [2011-7-18 25144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-5-31 260648]
S3 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-7-7 40776]
S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2012-5-18 79816]
S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2012-5-18 35272]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2012-5-18 34248]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2009-5-19 599040]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-10 1343400]
.
=============== Created Last 30 ================
.
2012-07-07 14:26:00 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-07 14:23:19 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-07 14:21:15 306 ----a-w- c:\windows\myClean.bat
2012-07-06 15:32:27 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-06 15:32:26 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-06 15:32:24 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-06 15:30:13 41224 ----a-w- c:\windows\avastSS.scr
2012-07-06 15:29:33 -------- d-----w- c:\programdata\AVAST Software
2012-07-06 15:29:33 -------- d-----w- c:\program files\AVAST Software
2012-07-06 00:33:45 -------- d-----w- c:\users\parent\appdata\roaming\Malwarebytes
2012-07-05 23:59:40 -------- d-----w- c:\users\parent\appdata\local\Macromedia
2012-07-05 23:58:35 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-05 23:58:35 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-05 23:55:07 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-24 19:14:42 -------- d-----w- c:\users\parent\appdata\local\Apple Computer
.
==================== Find3M ====================
.
.
============= FINISH: 9:50:22.57 ===============
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.07.07.05
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Parent :: IQ-K12-LAPTOP [administrator]
7/7/2012 9:27:04 AM
mbam-log-2012-07-07 (09-27-04).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201040
Time elapsed: 10 minute(s), 27 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Note: I wasn't sure if you needed me to include the 'Attach' log from DDS, so I didn't. Also, I didn't turn up anything when I ran a quick scan on Malwarebytes; is this a problem?
Thanks for your help.