Jump to content

RichHeller

Honorary Members
 View Profile  See their activity

  • Posts

    30

  • Joined

  • Last visited

 Content Type 

Everything posted by RichHeller

  1. RichHeller
    When I use Chrome, some text gets changed to an "Ads By Advertise" link. I'm running the free version of Malwarebytes and it scans clean. My other browsers, Firefox and MS Edge, don't seem to be affected. Addition.txt FRST.txt
  2. RichHeller
    OK, got everything cleaned up. Can close this. Thanks!
  3. RichHeller
    No, everything seems to be ok.
  4. RichHeller
    ========== OTL ========== C:\Users\rich\AppData\Local\704g2smt3les0vhg27bh254kl6878srlwy60 moved successfully. C:\ProgramData\704g2smt3les0vhg27bh254kl6878srlwy60 moved successfully. C:\Users\rich\AppData\Local\Btemutejefifino.dat moved successfully. C:\Users\rich\AppData\Local\Vsuqu.bin moved successfully. ========== FILES ========== < dir /s /a /b "C:\ProgramData\1cba34b0" /c > C:\ProgramData\1cba34b0 C:\Users\rich\Desktop\cmd.bat deleted successfully. C:\Users\rich\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== OTL by OldTimer - Version 3.2.39.2 log created on 04102012_111032 C:\TDSSKiller_Quarantine\03.04.2012_10.26.30\tdlfs0000\tsk0003.dta a variant of Win32/Olmarik.AOV trojan
  5. RichHeller
    From poking around online, it looks like the redirect to "goole.com/url" type addresses is google doing some annoying usage tracking stuff.
  6. RichHeller
    Yes, it happens with both.
  7. RichHeller
    It does end up taking me to the right address if I follow the link.
  8. RichHeller
    If I search for "malwarebytes", the actual address that is shown in the results is www.malwarebytes.org, but if I right click and select Copy Link Location, it gives this, http://www.google.com/url?sa=t&rct=j&q=malwarebytes&source=web&cd=1&sqi=2&ved=0CEIQFjAA&url=http%3A%2F%2Fwww.malwarebytes.org%2F&ei=JiKDT9zJCoXS2AXct_n7Bw&usg=AFQjCNF1rUbMKiFgRseh32Zb1S3MP3pO3w&cad=rja
  9. RichHeller
    Seems to have worked. Now everything redirects to the "http://www.google.com?url" addresses. The numbered addresses aren't coming up anymore. ========== FILES ========== C:\USERS\RICH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KVTCMBDK.DEFAULT\EXTENSIONS\zufoguhmwk@zufoguhmwk.org.xpi moved successfully. ========== COMMANDS ========== OTL by OldTimer - Version 3.2.39.2 log created on 04092012_120802
  10. RichHeller
    Used Avaste. Might try the MS one. The redirect is still there, though the behavior is a little different. After right clicking on a link and having it change to a numbered address, once I move off the link then the redirect is gone. IE still changes things to google URLs. Is that normal? All processes killed ========== OTL ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56502 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: postgres ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56502 bytes User: Public ->Temp folder emptied: 0 bytes User: rich ->Temp folder emptied: 3459 bytes ->Temporary Internet Files folder emptied: 38999458 bytes ->Java cache emptied: 157625 bytes ->FireFox cache emptied: 168728331 bytes ->Flash cache emptied: 55153 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 198.00 mb OTL by OldTimer - Version 3.2.39.2 log created on 04082012_164646 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
  11. RichHeller
    It only created the OTL.txt. There wasn't an Extras.txt. Here's the one it did make. OTL logfile created on: 4/8/2012 9:26:20 AM - Run 2 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\rich\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 79.82% Memory free 5.99 Gb Paging File | 5.33 Gb Available in Paging File | 88.93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 287.95 Gb Total Space | 217.55 Gb Free Space | 75.55% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 5.35 Gb Free Space | 53.48% Space Free | Partition Type: NTFS Computer Name: RICH-PC | User Name: rich | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/04/08 09:25:13 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\rich\Desktop\OTL.exe PRC - [2011/06/23 23:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011/03/22 13:10:37 | 000,094,720 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe PRC - [2011/03/22 13:09:59 | 004,913,152 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\9.0\bin\postgres.exe PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/12/07 16:08:32 | 000,644,104 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\System32\M-AudioTaskBarIcon.exe PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/08/18 05:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009/08/18 05:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - [2011/03/22 13:10:37 | 000,094,720 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe -- (postgresql-9.0) SRV - [2010/11/20 10:51:19 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009/08/18 05:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\rich\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2010/12/07 16:08:18 | 000,158,344 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK) DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 05:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009/08/18 06:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 70 EB D6 7C 88 CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 8D 87 63 0E D9 0A 74 4E AD EF 61 F3 47 7C 9F 33 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/15 21:03:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/26 10:40:46 | 000,000,000 | ---D | M] [2011/05/15 21:04:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rich\AppData\Roaming\Mozilla\Extensions [2012/03/30 17:55:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rich\AppData\Roaming\Mozilla\Firefox\Profiles\kvtcmbdk.default\extensions [2011/06/11 19:04:43 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\rich\AppData\Roaming\Mozilla\Firefox\Profiles\kvtcmbdk.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2011/11/28 22:16:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/08/22 21:59:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} [2011/11/28 22:16:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} () (No name found) -- C:\USERS\RICH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KVTCMBDK.DEFAULT\EXTENSIONS\ZUFOGUHMWK@ZUFOGUHMWK.ORG.XPI [2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/10/03 03:53:41 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/03/22 13:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml O1 HOSTS File: ([2012/03/30 18:31:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{855A61B4-F3AB-4273-AA7C-3A9801B994B6}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96E1D7E3-0FF9-4000-AC2A-8104715BC0B7}: DhcpNameServer = 192.168.0.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKCU\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/04/08 09:25:11 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\rich\Desktop\OTL.exe [2012/04/05 16:04:35 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/04/05 16:03:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/04/05 10:36:24 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\rich\Desktop\aswMBR.exe [2012/04/04 13:17:17 | 002,072,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\rich\Desktop\tdsskiller.exe [2012/04/03 10:43:40 | 000,000,000 | ---D | C] -- C:\Users\rich\AppData\Local\Diagnostics [2012/04/03 10:29:42 | 004,449,976 | R--- | C] (Swearware) -- C:\Users\rich\Desktop\ComboFix.exe [2012/04/03 10:27:18 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/03/30 18:33:07 | 000,000,000 | ---D | C] -- C:\Users\rich\AppData\Local\temp [2012/03/30 18:22:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/03/30 18:22:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/03/30 18:22:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/03/14 13:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio [2012/03/14 13:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\M-Audio [2012/03/10 19:15:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\bassmididrv [2012/03/10 19:15:01 | 000,000,000 | ---D | C] -- C:\Users\rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BASSMIDI System Synth [2012/03/10 17:39:58 | 000,000,000 | ---D | C] -- C:\Users\rich\TruePianos Settings [2012/03/10 17:39:31 | 000,000,000 | ---D | C] -- C:\Users\rich\Documents\Cakewalk [2012/03/10 17:39:31 | 000,000,000 | ---D | C] -- C:\Users\rich\AppData\Roaming\Cakewalk [2012/03/10 17:37:13 | 000,000,000 | ---D | C] -- C:\Users\rich\Documents\Native Instruments [2012/03/10 17:35:22 | 000,000,000 | ---D | C] -- C:\Users\rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments [2012/03/10 17:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments [2012/03/10 17:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments [2012/03/10 17:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Digidesign [2012/03/10 17:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments [2012/03/10 17:34:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Identities [2012/03/10 17:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cakewalk [2012/03/10 17:27:21 | 000,368,640 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\ReWire.dll [2012/03/10 17:26:45 | 000,000,000 | ---D | C] -- C:\Cakewalk Projects [2012/03/10 17:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Cakewalk [2012/03/10 17:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Cakewalk ========== Files - Modified Within 30 Days ========== [2012/04/08 09:25:13 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\rich\Desktop\OTL.exe [2012/04/08 09:19:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/04/07 08:01:08 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/07 08:01:08 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/05 16:09:50 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/04/05 16:09:50 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/04/05 16:05:30 | 2414,325,760 | -HS- | M] () -- C:\hiberfil.sys [2012/04/05 15:56:21 | 004,449,976 | R--- | M] (Swearware) -- C:\Users\rich\Desktop\ComboFix.exe [2012/04/05 13:39:31 | 000,000,567 | ---- | M] () -- C:\Users\rich\Desktop\MBR.zip [2012/04/05 13:38:47 | 000,000,512 | ---- | M] () -- C:\Users\rich\Desktop\MBR.dat [2012/04/05 10:36:37 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\rich\Desktop\aswMBR.exe [2012/04/04 13:17:18 | 002,072,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\rich\Desktop\tdsskiller.exe [2012/04/03 13:15:57 | 000,302,592 | ---- | M] () -- C:\Users\rich\Desktop\gmer.exe [2012/03/30 18:31:09 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012/03/16 13:34:24 | 269,658,397 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/03/14 13:24:50 | 000,291,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/03/10 19:22:41 | 000,000,047 | ---- | M] () -- C:\Windows\bassmidi.sflist [2012/03/10 19:15:01 | 000,068,068 | ---- | M] () -- C:\Windows\System32\bassmididrvuninstall.exe [2012/03/10 17:33:48 | 000,002,126 | ---- | M] () -- C:\Users\Public\Desktop\SONAR 8 Producer Edition.lnk ========== Files Created - No Company Name ========== [2012/04/05 13:39:31 | 000,000,567 | ---- | C] () -- C:\Users\rich\Desktop\MBR.zip [2012/04/05 13:38:47 | 000,000,512 | ---- | C] () -- C:\Users\rich\Desktop\MBR.dat [2012/04/03 13:17:02 | 000,302,592 | ---- | C] () -- C:\Users\rich\Desktop\gmer.exe [2012/03/30 18:22:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/03/30 18:22:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/03/30 18:22:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/03/30 18:22:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/03/30 18:22:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/03/10 19:22:41 | 000,000,047 | ---- | C] () -- C:\Windows\bassmidi.sflist [2012/03/10 19:15:01 | 000,068,068 | ---- | C] () -- C:\Windows\System32\bassmididrvuninstall.exe [2012/03/10 17:33:48 | 000,002,126 | ---- | C] () -- C:\Users\Public\Desktop\SONAR 8 Producer Edition.lnk [2011/07/27 23:45:00 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011/07/27 23:43:08 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011/07/26 22:30:12 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011/06/24 11:31:49 | 000,000,024 | ---- | C] () -- C:\ProgramData\1cba34b0 [2011/05/15 21:04:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011/04/03 11:46:28 | 000,011,936 | -HS- | C] () -- C:\Users\rich\AppData\Local\704g2smt3les0vhg27bh254kl6878srlwy60 [2011/04/03 11:46:28 | 000,011,936 | -HS- | C] () -- C:\ProgramData\704g2smt3les0vhg27bh254kl6878srlwy60 [2011/04/03 11:36:46 | 000,000,120 | ---- | C] () -- C:\Users\rich\AppData\Local\Btemutejefifino.dat [2011/04/03 11:36:46 | 000,000,000 | ---- | C] () -- C:\Users\rich\AppData\Local\Vsuqu.bin [2010/11/20 01:09:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010/08/29 15:15:21 | 000,000,792 | ---- | C] () -- C:\Windows\System32\RTSLCS.dll ========== LOP Check ========== [2011/08/22 22:46:32 | 000,000,000 | ---D | M] -- C:\Users\rich\AppData\Roaming\794570693DE38B612A5551A88025B00F [2010/11/21 11:40:31 | 000,000,000 | ---D | M] -- C:\Users\rich\AppData\Roaming\Absolute Poker [2012/03/30 17:55:07 | 000,000,000 | ---D | M] -- C:\Users\rich\AppData\Roaming\Cakewalk [2011/05/31 23:27:27 | 000,000,000 | ---D | M] -- C:\Users\rich\AppData\Roaming\MakeMusic [2011/05/26 14:16:17 | 000,000,000 | ---D | M] -- C:\Users\rich\AppData\Roaming\Mp3tag [2011/04/09 07:53:54 | 000,000,000 | ---D | M] -- C:\Users\rich\AppData\Roaming\postgresql [2011/06/29 14:15:22 | 000,030,410 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012/04/05 16:03:54 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011/08/21 16:51:31 | 000,000,000 | ---D | M] -- C:\Boot [2012/03/16 13:36:22 | 000,000,000 | ---D | M] -- C:\Cakewalk Projects [2008/10/03 17:03:59 | 000,000,000 | ---D | M] -- C:\DELL [2011/01/02 13:18:04 | 000,000,000 | ---D | M] -- C:\derby-10.7.1.1 [2008/09/17 18:46:38 | 000,000,000 | ---D | M] -- C:\doctemp [2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2008/03/11 05:47:38 | 000,000,000 | ---D | M] -- C:\Drivers [2011/05/12 22:09:30 | 000,000,000 | ---D | M] -- C:\eclipse [2009/01/24 14:29:53 | 000,000,000 | ---D | M] -- C:\emacs [2011/03/24 08:18:29 | 000,000,000 | ---D | M] -- C:\glassfish3 [2011/05/26 15:10:38 | 000,000,000 | ---D | M] -- C:\home [2010/01/07 20:07:46 | 000,000,000 | R--D | M] -- C:\MSOCache [2009/07/13 21:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2008/10/24 22:04:10 | 000,000,000 | ---D | M] -- C:\Poker Application [2012/03/14 13:23:27 | 000,000,000 | R--D | M] -- C:\Program Files [2012/03/10 17:34:11 | 000,000,000 | ---D | M] -- C:\ProgramData [2011/05/31 23:26:33 | 000,000,000 | ---D | M] -- C:\PSFONTS [2012/04/05 16:04:35 | 000,000,000 | ---D | M] -- C:\Qoobox [2010/11/20 01:25:30 | 000,000,000 | ---D | M] -- C:\Recovery [2012/04/08 09:27:53 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012/04/03 10:27:18 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine [2011/04/08 23:25:38 | 000,000,000 | R--D | M] -- C:\Users [2012/04/05 16:04:35 | 000,000,000 | ---D | M] -- C:\Windows [2010/11/20 00:55:56 | 000,000,000 | ---D | M] -- C:\Windows.old < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: EXPLORER.EXE > [2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2010/08/29 15:05:59 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows.old\Windows\explorer.exe [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2010/08/29 15:03:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2010/08/29 15:03:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2010/08/29 15:05:59 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe [2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008/01/20 21:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008/01/20 21:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows.old\Windows\regedit.exe [2008/01/20 21:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe [2009/07/13 20:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\ERDNT\cache\regedit.exe [2009/07/13 20:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009/07/13 20:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe < MD5 for: USERINIT.EXE > [2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\System32\userinit.exe [2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe [2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2008/01/20 21:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\System32\wininit.exe [2008/01/20 21:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe [2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010/08/29 15:05:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2010/08/29 15:05:58 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe [2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\System32\winlogon.exe [2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-03-08 16:45:54 < End of report >
  12. RichHeller
    It appears to only be happening in FF. In IE, when I right click on a search result on google, it changes to a url of the form "http://www.google.com/url?" but ends up going to the intended site. In FF, one of the links will get changed to a numbered address, for example http://206.51.231.116/c.php?p=ZNmiPzi4JCRRgyv0tuv_J20PAm9jquvAOcVaUXXyn2yOIlZgrahdXhjEZUBPYYA8k89G15DYYIOvi5UIZatP0T3RCJ62zekU3LPF2YLzgwcbmvMqdumLItp4TYui3kygxUebVgXvNeTAUuHH39xLy4aJswMM2prU-O8ox00TSegoqnhfxxbj5fftu8J4j5Kjtpwv3SXGxAx_CsmeCp-jJvaTaJL9BF3xr-H5v5oKUToNW95voz6e7pfpti-cPcRV2_ddm3y5190NCkENA9AGLAnqn3gSJWtcUpA--5SZWcORCnwu9if8QZtuInUtUAfqVN858MENAPPKWU84rGSkwVF1rw0AHr18OojlnxPTwH-IgmGQqukFR_8VdUWI527y1WFZNKtsptj1QRujNYNGl5QbZ6h9su6v259ncfXncFsoyNjeoiOtNzbv8ilOjN1Fa4NpOGVw6coJfIlAneKbobxRLoMKU1reyiifj5MYDnD5NYXLJc4FzsfGmzkNJG0PU401CnerycaG0EsCKTX1KWO9Hgc2noty-Ft2eRKoYGzzSnm0Le5iH1zPT8i64mAm2sKsYHebFtqahQZuxhjz7vpnbIhFGMo-MOSdosvdodX1QRujNYNGl5ArMi0rwKecDa6Gpbzg6fRGljsKQvm08zOB9XVTITYSkwvCcT-WjUp8yKBbbFIQbxIt8WpZi9JFMQb_VKINsb0&o=http%3A%2F%2Fwwwengine.com%2Fsearch%3Fq%3Davp After one of them changes, the rest of the links on the page don't get changed. No other issues. I have a USB stick and can burn CDs.
  13. RichHeller
    ComboFix 12-04-05.06 - rich 04/05/2012 15:57:52.5.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.1765 [GMT -5:00] Running from: c:\users\rich\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2012-03-05 to 2012-04-05 ))))))))))))))))))))))))))))))) . . 2012-04-05 21:03 . 2012-04-05 21:03 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-04-05 21:03 . 2012-04-05 21:03 -------- d-----w- c:\users\postgres\AppData\Local\temp 2012-04-05 21:03 . 2012-04-05 21:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-03 15:43 . 2012-04-03 15:43 -------- d-----w- c:\users\rich\AppData\Local\Diagnostics 2012-04-03 15:27 . 2012-04-03 15:27 -------- d-----w- C:\TDSSKiller_Quarantine 2012-03-30 23:33 . 2012-04-05 21:03 -------- d-----w- c:\users\rich\AppData\Local\temp 2012-03-14 18:23 . 2012-03-14 18:23 -------- d-----w- c:\program files\M-Audio 2012-03-11 00:15 . 2012-03-11 00:15 -------- d-----w- c:\windows\system32\bassmididrv 2012-03-10 22:39 . 2012-03-10 22:39 -------- d-----w- c:\users\rich\TruePianos Settings 2012-03-10 22:39 . 2012-03-30 22:55 -------- d-----w- c:\users\rich\AppData\Roaming\Cakewalk 2012-03-10 22:35 . 2012-03-10 22:36 -------- d-----w- c:\program files\Common Files\Native Instruments 2012-03-10 22:35 . 2012-03-10 22:35 -------- d-----w- c:\program files\Common Files\Digidesign 2012-03-10 22:34 . 2012-03-10 22:35 -------- d-----w- c:\program files\Native Instruments 2012-03-10 22:27 . 2006-11-30 21:49 368640 ----a-w- c:\windows\system32\ReWire.dll 2012-03-10 22:27 . 2006-02-24 16:00 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-03-10 22:27 . 2006-02-24 16:00 487424 ----a-w- c:\windows\system32\msvcp70.dll 2012-03-10 22:27 . 2006-02-24 16:00 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-03-10 22:27 . 2006-02-24 16:00 344064 ----a-w- c:\windows\system32\msvcr70.dll 2012-03-10 22:27 . 2006-02-24 16:00 1047552 ----a-w- c:\windows\system32\mfc71u.dll 2012-03-10 22:27 . 2006-02-24 16:00 1060864 ----a-w- c:\windows\system32\mfc71.dll 2012-03-10 22:26 . 2012-03-16 18:36 -------- d-----w- C:\Cakewalk Projects 2012-03-10 22:26 . 2012-03-10 22:33 -------- d-----w- c:\programdata\Cakewalk 2012-03-10 22:26 . 2012-03-10 22:33 -------- d-----w- c:\program files\Cakewalk . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-14 16:26 . 2011-05-16 02:03 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136] "M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 644104] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . R3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys [2010-12-07 158344] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-20 1343400] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128] S2 postgresql-9.0;postgresql-9.0 - PostgreSQL Server 9.0;C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-9.0 -D C:/Program Files/PostgreSQL/9.0/data -w [x] S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 91556802 *NewlyCreated* - ASWMBR *Deregistered* - 91556802 *Deregistered* - aswMBR *Deregistered* - pxldrpow . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\rich\AppData\Roaming\Mozilla\Firefox\Profiles\kvtcmbdk.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-9.0] "ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-9.0] "ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-04-05 16:04:33 ComboFix-quarantined-files.txt 2012-04-05 21:04 ComboFix2.txt 2012-04-03 15:38 ComboFix3.txt 2011-08-22 16:32 ComboFix4.txt 2011-08-21 14:53 . Pre-Run: 233,308,356,608 bytes free Post-Run: 233,373,519,872 bytes free . - - End Of File - - 1BC23575C4345C52CC89180C209DB690
  14. RichHeller
    aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-04-05 10:36:45 ----------------------------- 10:36:45.977 OS Version: Windows 6.1.7601 Service Pack 1 10:36:45.977 Number of processors: 2 586 0xF0D 10:36:45.977 ComputerName: RICH-PC UserName: rich 10:36:48.177 Initialize success 10:38:54.373 AVAST engine defs: 12040500 10:39:12.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 10:39:12.453 Disk 0 Vendor: WDC_WD3200BEVT-75ZCT2 11.01A11 Size: 305245MB BusType: 11 10:39:12.516 Disk 0 MBR read successfully 10:39:12.531 Disk 0 MBR scan 10:39:12.531 Disk 0 Windows 7 default MBR code 10:39:12.609 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 141 MB offset 63 10:39:12.703 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 290816 10:39:12.874 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 294862 MB offset 21262336 10:39:13.046 Disk 0 scanning sectors +625139712 10:39:13.186 Disk 0 scanning C:\Windows\system32\drivers 10:41:35.677 Service scanning 10:41:54.257 Modules scanning 10:45:52.204 Disk 0 trace - called modules: 10:45:52.344 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys 10:45:52.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d8f7b8] 10:45:52.391 3 CLASSPNP.SYS[8afd659e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85c7a030] 10:45:55.199 AVAST engine scan C:\Windows 10:51:43.501 AVAST engine scan C:\Windows\system32 11:30:49.585 AVAST engine scan C:\Windows\system32\drivers 11:33:24.668 AVAST engine scan C:\Users\rich 12:10:32.360 File: C:\Users\rich\AppData\Roaming\Cakewalk\Cakewalk\ivzucplz.dll **INFECTED** Win32:Malware-gen 12:29:12.059 File: C:\Users\rich\AppData\Roaming\Media Center Programs\Media Center Programs\ezbdzgg.dll **INFECTED** Win32:Rootkit-gen [Rtk] 13:10:05.003 AVAST engine scan C:\ProgramData 13:36:57.621 Scan finished successfully 13:38:47.876 Disk 0 MBR has been saved successfully to "C:\Users\rich\Desktop\MBR.dat" 13:38:47.885 The log file has been saved successfully to "C:\Users\rich\Desktop\aswMBR.txt" MBR.zip
  15. RichHeller
    13:17:27.0346 2244 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32 13:17:27.0767 2244 ============================================================ 13:17:27.0767 2244 Current date / time: 2012/04/04 13:17:27.0767 13:17:27.0767 2244 SystemInfo: 13:17:27.0767 2244 13:17:27.0767 2244 OS Version: 6.1.7601 ServicePack: 1.0 13:17:27.0767 2244 Product type: Workstation 13:17:27.0767 2244 ComputerName: RICH-PC 13:17:27.0767 2244 UserName: rich 13:17:27.0767 2244 Windows directory: C:\Windows 13:17:27.0767 2244 System windows directory: C:\Windows 13:17:27.0767 2244 Processor architecture: Intel x86 13:17:27.0767 2244 Number of processors: 2 13:17:27.0767 2244 Page size: 0x1000 13:17:27.0767 2244 Boot type: Normal boot 13:17:27.0767 2244 ============================================================ 13:17:28.0828 2244 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 13:17:28.0828 2244 \Device\Harddisk0\DR0: 13:17:28.0843 2244 MBR used 13:17:28.0843 2244 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x47000, BlocksNum 0x1400000 13:17:28.0843 2244 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1447000, BlocksNum 0x23FE7000 13:17:28.0890 2244 Initialize success 13:17:28.0890 2244 ============================================================ 13:17:34.0303 3996 ============================================================ 13:17:34.0303 3996 Scan started 13:17:34.0303 3996 Mode: Manual; 13:17:34.0303 3996 ============================================================ 13:17:36.0441 3996 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 13:17:36.0441 3996 1394ohci - ok 13:17:36.0503 3996 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 13:17:36.0503 3996 ACPI - ok 13:17:36.0550 3996 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 13:17:36.0550 3996 AcpiPmi - ok 13:17:36.0597 3996 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 13:17:36.0612 3996 adp94xx - ok 13:17:36.0643 3996 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 13:17:36.0643 3996 adpahci - ok 13:17:36.0690 3996 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 13:17:36.0690 3996 adpu320 - ok 13:17:36.0737 3996 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll 13:17:36.0737 3996 AeLookupSvc - ok 13:17:36.0799 3996 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys 13:17:36.0799 3996 AFD - ok 13:17:36.0846 3996 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 13:17:36.0846 3996 agp440 - ok 13:17:36.0893 3996 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 13:17:36.0893 3996 aic78xx - ok 13:17:36.0924 3996 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe 13:17:36.0924 3996 ALG - ok 13:17:36.0955 3996 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 13:17:36.0955 3996 aliide - ok 13:17:37.0002 3996 AMD External Events Utility (b19505648f033393e907e2e419fde8b3) C:\Windows\system32\atiesrxx.exe 13:17:37.0018 3996 AMD External Events Utility - ok 13:17:37.0049 3996 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 13:17:37.0049 3996 amdagp - ok 13:17:37.0080 3996 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 13:17:37.0080 3996 amdide - ok 13:17:37.0127 3996 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 13:17:37.0127 3996 AmdK8 - ok 13:17:37.0143 3996 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 13:17:37.0158 3996 AmdPPM - ok 13:17:37.0189 3996 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys 13:17:37.0189 3996 amdsata - ok 13:17:37.0221 3996 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 13:17:37.0221 3996 amdsbs - ok 13:17:37.0236 3996 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys 13:17:37.0236 3996 amdxata - ok 13:17:37.0283 3996 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 13:17:37.0299 3996 AppID - ok 13:17:37.0361 3996 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll 13:17:37.0361 3996 AppIDSvc - ok 13:17:37.0392 3996 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll 13:17:37.0392 3996 Appinfo - ok 13:17:37.0439 3996 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll 13:17:37.0455 3996 AppMgmt - ok 13:17:37.0501 3996 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 13:17:37.0501 3996 arc - ok 13:17:37.0533 3996 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 13:17:37.0533 3996 arcsas - ok 13:17:37.0579 3996 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 13:17:37.0579 3996 AsyncMac - ok 13:17:37.0626 3996 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 13:17:37.0626 3996 atapi - ok 13:17:37.0767 3996 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys 13:17:37.0876 3996 atikmdag - ok 13:17:37.0938 3996 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 13:17:37.0954 3996 AudioEndpointBuilder - ok 13:17:37.0969 3996 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 13:17:37.0969 3996 Audiosrv - ok 13:17:38.0016 3996 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll 13:17:38.0016 3996 AxInstSV - ok 13:17:38.0079 3996 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 13:17:38.0094 3996 b06bdrv - ok 13:17:38.0141 3996 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 13:17:38.0141 3996 b57nd60x - ok 13:17:38.0235 3996 BCM43XX (eb7c2dadf52f50f69f198c14c3556dc1) C:\Windows\system32\DRIVERS\bcmwl6.sys 13:17:38.0266 3996 BCM43XX - ok 13:17:38.0313 3996 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll 13:17:38.0313 3996 BDESVC - ok 13:17:38.0328 3996 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 13:17:38.0344 3996 Beep - ok 13:17:38.0391 3996 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll 13:17:38.0391 3996 BFE - ok 13:17:38.0437 3996 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll 13:17:38.0453 3996 BITS - ok 13:17:38.0469 3996 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 13:17:38.0469 3996 blbdrive - ok 13:17:38.0515 3996 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 13:17:38.0515 3996 bowser - ok 13:17:38.0531 3996 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 13:17:38.0531 3996 BrFiltLo - ok 13:17:38.0562 3996 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 13:17:38.0562 3996 BrFiltUp - ok 13:17:38.0609 3996 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys 13:17:38.0609 3996 BridgeMP - ok 13:17:38.0656 3996 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll 13:17:38.0656 3996 Browser - ok 13:17:38.0687 3996 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 13:17:38.0687 3996 Brserid - ok 13:17:38.0718 3996 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 13:17:38.0718 3996 BrSerWdm - ok 13:17:38.0734 3996 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 13:17:38.0734 3996 BrUsbMdm - ok 13:17:38.0765 3996 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 13:17:38.0765 3996 BrUsbSer - ok 13:17:38.0796 3996 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 13:17:38.0796 3996 BTHMODEM - ok 13:17:38.0859 3996 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll 13:17:38.0859 3996 bthserv - ok 13:17:38.0952 3996 catchme - ok 13:17:38.0999 3996 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 13:17:38.0999 3996 cdfs - ok 13:17:39.0046 3996 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys 13:17:39.0046 3996 cdrom - ok 13:17:39.0093 3996 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 13:17:39.0093 3996 CertPropSvc - ok 13:17:39.0124 3996 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 13:17:39.0124 3996 circlass - ok 13:17:39.0155 3996 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 13:17:39.0155 3996 CLFS - ok 13:17:39.0217 3996 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 13:17:39.0233 3996 clr_optimization_v2.0.50727_32 - ok 13:17:39.0249 3996 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 13:17:39.0249 3996 CmBatt - ok 13:17:39.0295 3996 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 13:17:39.0311 3996 cmdide - ok 13:17:39.0342 3996 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys 13:17:39.0358 3996 CNG - ok 13:17:39.0389 3996 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 13:17:39.0389 3996 Compbatt - ok 13:17:39.0451 3996 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys 13:17:39.0451 3996 CompositeBus - ok 13:17:39.0467 3996 COMSysApp - ok 13:17:39.0483 3996 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 13:17:39.0483 3996 crcdisk - ok 13:17:39.0545 3996 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll 13:17:39.0545 3996 CryptSvc - ok 13:17:39.0592 3996 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys 13:17:39.0592 3996 CSC - ok 13:17:39.0654 3996 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll 13:17:39.0654 3996 CscService - ok 13:17:39.0732 3996 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 13:17:39.0732 3996 DcomLaunch - ok 13:17:39.0763 3996 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll 13:17:39.0779 3996 defragsvc - ok 13:17:39.0826 3996 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 13:17:39.0826 3996 DfsC - ok 13:17:39.0857 3996 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll 13:17:39.0873 3996 Dhcp - ok 13:17:39.0904 3996 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 13:17:39.0904 3996 discache - ok 13:17:39.0935 3996 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 13:17:39.0951 3996 Disk - ok 13:17:39.0982 3996 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll 13:17:39.0982 3996 Dnscache - ok 13:17:40.0029 3996 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll 13:17:40.0029 3996 dot3svc - ok 13:17:40.0075 3996 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll 13:17:40.0075 3996 DPS - ok 13:17:40.0122 3996 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 13:17:40.0138 3996 drmkaud - ok 13:17:40.0185 3996 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 13:17:40.0200 3996 DXGKrnl - ok 13:17:40.0247 3996 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll 13:17:40.0247 3996 EapHost - ok 13:17:40.0356 3996 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 13:17:40.0419 3996 ebdrv - ok 13:17:40.0450 3996 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe 13:17:40.0450 3996 EFS - ok 13:17:40.0512 3996 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe 13:17:40.0528 3996 ehRecvr - ok 13:17:40.0559 3996 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe 13:17:40.0575 3996 ehSched - ok 13:17:40.0621 3996 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 13:17:40.0637 3996 elxstor - ok 13:17:40.0668 3996 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 13:17:40.0668 3996 ErrDev - ok 13:17:40.0715 3996 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll 13:17:40.0731 3996 EventSystem - ok 13:17:40.0762 3996 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 13:17:40.0762 3996 exfat - ok 13:17:40.0777 3996 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 13:17:40.0793 3996 fastfat - ok 13:17:40.0824 3996 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe 13:17:40.0855 3996 Fax - ok 13:17:40.0871 3996 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 13:17:40.0871 3996 fdc - ok 13:17:40.0902 3996 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll 13:17:40.0902 3996 fdPHost - ok 13:17:40.0918 3996 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll 13:17:40.0918 3996 FDResPub - ok 13:17:40.0949 3996 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 13:17:40.0949 3996 FileInfo - ok 13:17:40.0965 3996 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 13:17:40.0965 3996 Filetrace - ok 13:17:40.0980 3996 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 13:17:40.0996 3996 flpydisk - ok 13:17:41.0027 3996 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 13:17:41.0027 3996 FltMgr - ok 13:17:41.0074 3996 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll 13:17:41.0089 3996 FontCache - ok 13:17:41.0183 3996 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 13:17:41.0183 3996 FontCache3.0.0.0 - ok 13:17:41.0214 3996 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 13:17:41.0214 3996 FsDepends - ok 13:17:41.0245 3996 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 13:17:41.0245 3996 Fs_Rec - ok 13:17:41.0277 3996 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 13:17:41.0292 3996 fvevol - ok 13:17:41.0339 3996 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 13:17:41.0339 3996 gagp30kx - ok 13:17:41.0386 3996 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll 13:17:41.0401 3996 gpsvc - ok 13:17:41.0433 3996 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 13:17:41.0433 3996 hcw85cir - ok 13:17:41.0511 3996 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys 13:17:41.0511 3996 HdAudAddService - ok 13:17:41.0557 3996 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys 13:17:41.0573 3996 HDAudBus - ok 13:17:41.0589 3996 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 13:17:41.0589 3996 HidBatt - ok 13:17:41.0620 3996 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 13:17:41.0620 3996 HidBth - ok 13:17:41.0667 3996 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 13:17:41.0667 3996 HidIr - ok 13:17:41.0698 3996 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll 13:17:41.0698 3996 hidserv - ok 13:17:41.0745 3996 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys 13:17:41.0760 3996 HidUsb - ok 13:17:41.0791 3996 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll 13:17:41.0791 3996 hkmsvc - ok 13:17:41.0838 3996 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll 13:17:41.0838 3996 HomeGroupListener - ok 13:17:41.0885 3996 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll 13:17:41.0885 3996 HomeGroupProvider - ok 13:17:41.0932 3996 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 13:17:41.0932 3996 HpSAMD - ok 13:17:41.0994 3996 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 13:17:41.0994 3996 HTTP - ok 13:17:42.0025 3996 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 13:17:42.0025 3996 hwpolicy - ok 13:17:42.0103 3996 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 13:17:42.0103 3996 i8042prt - ok 13:17:42.0150 3996 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys 13:17:42.0166 3996 iaStorV - ok 13:17:42.0259 3996 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 13:17:42.0291 3996 idsvc - ok 13:17:42.0322 3996 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 13:17:42.0322 3996 iirsp - ok 13:17:42.0400 3996 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll 13:17:42.0415 3996 IKEEXT - ok 13:17:42.0462 3996 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 13:17:42.0462 3996 intelide - ok 13:17:42.0493 3996 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 13:17:42.0493 3996 intelppm - ok 13:17:42.0540 3996 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll 13:17:42.0540 3996 IPBusEnum - ok 13:17:42.0571 3996 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 13:17:42.0571 3996 IpFilterDriver - ok 13:17:42.0618 3996 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll 13:17:42.0618 3996 iphlpsvc - ok 13:17:42.0665 3996 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 13:17:42.0665 3996 IPMIDRV - ok 13:17:42.0696 3996 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 13:17:42.0696 3996 IPNAT - ok 13:17:42.0727 3996 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 13:17:42.0727 3996 IRENUM - ok 13:17:42.0759 3996 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 13:17:42.0759 3996 isapnp - ok 13:17:42.0805 3996 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 13:17:42.0805 3996 iScsiPrt - ok 13:17:42.0868 3996 k57nd60x (c4c95805b85bce1eb9d20f4a02fc5f9b) C:\Windows\system32\DRIVERS\k57nd60x.sys 13:17:42.0868 3996 k57nd60x - ok 13:17:42.0899 3996 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys 13:17:42.0899 3996 kbdclass - ok 13:17:42.0946 3996 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys 13:17:42.0946 3996 kbdhid - ok 13:17:42.0993 3996 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 13:17:42.0993 3996 KeyIso - ok 13:17:43.0024 3996 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys 13:17:43.0024 3996 KSecDD - ok 13:17:43.0039 3996 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys 13:17:43.0039 3996 KSecPkg - ok 13:17:43.0102 3996 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll 13:17:43.0102 3996 KtmRm - ok 13:17:43.0164 3996 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll 13:17:43.0164 3996 LanmanServer - ok 13:17:43.0211 3996 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll 13:17:43.0211 3996 LanmanWorkstation - ok 13:17:43.0305 3996 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 13:17:43.0305 3996 lltdio - ok 13:17:43.0336 3996 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll 13:17:43.0351 3996 lltdsvc - ok 13:17:43.0383 3996 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll 13:17:43.0383 3996 lmhosts - ok 13:17:43.0414 3996 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 13:17:43.0414 3996 LSI_FC - ok 13:17:43.0445 3996 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 13:17:43.0445 3996 LSI_SAS - ok 13:17:43.0476 3996 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 13:17:43.0476 3996 LSI_SAS2 - ok 13:17:43.0507 3996 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 13:17:43.0507 3996 LSI_SCSI - ok 13:17:43.0539 3996 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 13:17:43.0539 3996 luafv - ok 13:17:43.0617 3996 MAUSBFASTTRACK (862d7bd3be3399670a7e3358ce7e6344) C:\Windows\system32\DRIVERS\MAudioFastTrack.sys 13:17:43.0617 3996 MAUSBFASTTRACK - ok 13:17:43.0663 3996 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll 13:17:43.0663 3996 Mcx2Svc - ok 13:17:43.0695 3996 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 13:17:43.0695 3996 megasas - ok 13:17:43.0726 3996 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 13:17:43.0726 3996 MegaSR - ok 13:17:43.0773 3996 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 13:17:43.0773 3996 MMCSS - ok 13:17:43.0788 3996 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 13:17:43.0788 3996 Modem - ok 13:17:43.0819 3996 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 13:17:43.0819 3996 monitor - ok 13:17:43.0882 3996 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys 13:17:43.0882 3996 mouclass - ok 13:17:43.0897 3996 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 13:17:43.0897 3996 mouhid - ok 13:17:43.0944 3996 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 13:17:43.0944 3996 mountmgr - ok 13:17:43.0975 3996 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 13:17:43.0991 3996 mpio - ok 13:17:44.0007 3996 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 13:17:44.0007 3996 mpsdrv - ok 13:17:44.0053 3996 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll 13:17:44.0069 3996 MpsSvc - ok 13:17:44.0116 3996 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 13:17:44.0116 3996 MRxDAV - ok 13:17:44.0163 3996 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys 13:17:44.0163 3996 mrxsmb - ok 13:17:44.0209 3996 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys 13:17:44.0209 3996 mrxsmb10 - ok 13:17:44.0241 3996 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys 13:17:44.0241 3996 mrxsmb20 - ok 13:17:44.0272 3996 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 13:17:44.0272 3996 msahci - ok 13:17:44.0319 3996 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 13:17:44.0319 3996 msdsm - ok 13:17:44.0365 3996 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe 13:17:44.0365 3996 MSDTC - ok 13:17:44.0412 3996 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 13:17:44.0412 3996 Msfs - ok 13:17:44.0443 3996 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 13:17:44.0443 3996 mshidkmdf - ok 13:17:44.0475 3996 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 13:17:44.0475 3996 msisadrv - ok 13:17:44.0521 3996 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll 13:17:44.0521 3996 MSiSCSI - ok 13:17:44.0537 3996 msiserver - ok 13:17:44.0584 3996 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 13:17:44.0584 3996 MSKSSRV - ok 13:17:44.0615 3996 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 13:17:44.0615 3996 MSPCLOCK - ok 13:17:44.0631 3996 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 13:17:44.0631 3996 MSPQM - ok 13:17:44.0662 3996 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 13:17:44.0677 3996 MsRPC - ok 13:17:44.0693 3996 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 13:17:44.0693 3996 mssmbios - ok 13:17:44.0709 3996 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 13:17:44.0724 3996 MSTEE - ok 13:17:44.0740 3996 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 13:17:44.0740 3996 MTConfig - ok 13:17:44.0755 3996 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 13:17:44.0755 3996 Mup - ok 13:17:44.0802 3996 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll 13:17:44.0802 3996 napagent - ok 13:17:44.0849 3996 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 13:17:44.0849 3996 NativeWifiP - ok 13:17:44.0896 3996 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 13:17:44.0911 3996 NDIS - ok 13:17:44.0927 3996 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 13:17:44.0943 3996 NdisCap - ok 13:17:44.0958 3996 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 13:17:44.0974 3996 NdisTapi - ok 13:17:45.0005 3996 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 13:17:45.0005 3996 Ndisuio - ok 13:17:45.0036 3996 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 13:17:45.0052 3996 NdisWan - ok 13:17:45.0083 3996 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 13:17:45.0083 3996 NDProxy - ok 13:17:45.0099 3996 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 13:17:45.0114 3996 NetBIOS - ok 13:17:45.0145 3996 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 13:17:45.0145 3996 NetBT - ok 13:17:45.0192 3996 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 13:17:45.0192 3996 Netlogon - ok 13:17:45.0239 3996 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll 13:17:45.0239 3996 Netman - ok 13:17:45.0286 3996 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll 13:17:45.0301 3996 netprofm - ok 13:17:45.0395 3996 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 13:17:45.0395 3996 NetTcpPortSharing - ok 13:17:45.0442 3996 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 13:17:45.0442 3996 nfrd960 - ok 13:17:45.0473 3996 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll 13:17:45.0473 3996 NlaSvc - ok 13:17:45.0504 3996 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 13:17:45.0504 3996 Npfs - ok 13:17:45.0535 3996 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll 13:17:45.0535 3996 nsi - ok 13:17:45.0567 3996 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 13:17:45.0567 3996 nsiproxy - ok 13:17:45.0629 3996 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys 13:17:45.0660 3996 Ntfs - ok 13:17:45.0676 3996 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 13:17:45.0676 3996 Null - ok 13:17:45.0738 3996 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys 13:17:45.0738 3996 nvraid - ok 13:17:45.0754 3996 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys 13:17:45.0754 3996 nvstor - ok 13:17:45.0785 3996 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 13:17:45.0801 3996 nv_agp - ok 13:17:45.0832 3996 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 13:17:45.0832 3996 ohci1394 - ok 13:17:45.0925 3996 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 13:17:45.0925 3996 ose - ok 13:17:45.0957 3996 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 13:17:45.0972 3996 p2pimsvc - ok 13:17:46.0019 3996 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll 13:17:46.0019 3996 p2psvc - ok 13:17:46.0050 3996 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 13:17:46.0050 3996 Parport - ok 13:17:46.0081 3996 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys 13:17:46.0081 3996 partmgr - ok 13:17:46.0113 3996 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 13:17:46.0113 3996 Parvdm - ok 13:17:46.0144 3996 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll 13:17:46.0144 3996 PcaSvc - ok 13:17:46.0175 3996 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 13:17:46.0191 3996 pci - ok 13:17:46.0222 3996 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 13:17:46.0237 3996 pciide - ok 13:17:46.0253 3996 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 13:17:46.0269 3996 pcmcia - ok 13:17:46.0284 3996 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 13:17:46.0284 3996 pcw - ok 13:17:46.0315 3996 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 13:17:46.0331 3996 PEAUTH - ok 13:17:46.0409 3996 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll 13:17:46.0440 3996 PeerDistSvc - ok 13:17:46.0518 3996 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll 13:17:46.0565 3996 pla - ok 13:17:46.0627 3996 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll 13:17:46.0627 3996 PlugPlay - ok 13:17:46.0659 3996 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll 13:17:46.0659 3996 PNRPAutoReg - ok 13:17:46.0690 3996 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 13:17:46.0690 3996 PNRPsvc - ok 13:17:46.0705 3996 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll 13:17:46.0721 3996 PolicyAgent - ok 13:17:46.0815 3996 postgresql-9.0 - ok 13:17:46.0861 3996 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll 13:17:46.0861 3996 Power - ok 13:17:46.0893 3996 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 13:17:46.0908 3996 PptpMiniport - ok 13:17:46.0939 3996 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 13:17:46.0939 3996 Processor - ok 13:17:46.0971 3996 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll 13:17:46.0971 3996 ProfSvc - ok 13:17:47.0017 3996 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 13:17:47.0017 3996 ProtectedStorage - ok 13:17:47.0064 3996 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 13:17:47.0064 3996 Psched - ok 13:17:47.0111 3996 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 13:17:47.0142 3996 ql2300 - ok 13:17:47.0173 3996 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 13:17:47.0173 3996 ql40xx - ok 13:17:47.0251 3996 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll 13:17:47.0251 3996 QWAVE - ok 13:17:47.0267 3996 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 13:17:47.0267 3996 QWAVEdrv - ok 13:17:47.0298 3996 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 13:17:47.0298 3996 RasAcd - ok 13:17:47.0361 3996 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 13:17:47.0361 3996 RasAgileVpn - ok 13:17:47.0376 3996 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll 13:17:47.0376 3996 RasAuto - ok 13:17:47.0407 3996 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 13:17:47.0407 3996 Rasl2tp - ok 13:17:47.0454 3996 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll 13:17:47.0470 3996 RasMan - ok 13:17:47.0501 3996 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 13:17:47.0501 3996 RasPppoe - ok 13:17:47.0517 3996 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 13:17:47.0517 3996 RasSstp - ok 13:17:47.0563 3996 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 13:17:47.0563 3996 rdbss - ok 13:17:47.0579 3996 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 13:17:47.0595 3996 rdpbus - ok 13:17:47.0610 3996 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 13:17:47.0610 3996 RDPCDD - ok 13:17:47.0641 3996 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys 13:17:47.0641 3996 RDPDR - ok 13:17:47.0688 3996 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 13:17:47.0688 3996 RDPENCDD - ok 13:17:47.0704 3996 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 13:17:47.0704 3996 RDPREFMP - ok 13:17:47.0766 3996 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys 13:17:47.0766 3996 RdpVideoMiniport - ok 13:17:47.0813 3996 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys 13:17:47.0813 3996 RDPWD - ok 13:17:47.0860 3996 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 13:17:47.0860 3996 rdyboost - ok 13:17:47.0907 3996 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll 13:17:47.0907 3996 RemoteAccess - ok 13:17:47.0953 3996 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll 13:17:47.0953 3996 RemoteRegistry - ok 13:17:47.0969 3996 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll 13:17:47.0969 3996 RpcEptMapper - ok 13:17:48.0031 3996 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe 13:17:48.0031 3996 RpcLocator - ok 13:17:48.0078 3996 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\System32\rpcss.dll 13:17:48.0078 3996 RpcSs - ok 13:17:48.0141 3996 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 13:17:48.0141 3996 rspndr - ok 13:17:48.0172 3996 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys 13:17:48.0172 3996 s3cap - ok 13:17:48.0219 3996 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 13:17:48.0219 3996 SamSs - ok 13:17:48.0250 3996 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 13:17:48.0250 3996 sbp2port - ok 13:17:48.0281 3996 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll 13:17:48.0297 3996 SCardSvr - ok 13:17:48.0343 3996 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 13:17:48.0343 3996 scfilter - ok 13:17:48.0406 3996 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll 13:17:48.0421 3996 Schedule - ok 13:17:48.0453 3996 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 13:17:48.0453 3996 SCPolicySvc - ok 13:17:48.0499 3996 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys 13:17:48.0499 3996 sdbus - ok 13:17:48.0546 3996 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll 13:17:48.0546 3996 SDRSVC - ok 13:17:48.0593 3996 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 13:17:48.0593 3996 secdrv - ok 13:17:48.0624 3996 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll 13:17:48.0640 3996 seclogon - ok 13:17:48.0671 3996 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll 13:17:48.0671 3996 SENS - ok 13:17:48.0702 3996 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll 13:17:48.0702 3996 SensrSvc - ok 13:17:48.0733 3996 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 13:17:48.0733 3996 Serenum - ok 13:17:48.0749 3996 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 13:17:48.0749 3996 Serial - ok 13:17:48.0796 3996 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 13:17:48.0796 3996 sermouse - ok 13:17:48.0827 3996 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll 13:17:48.0827 3996 SessionEnv - ok 13:17:48.0874 3996 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 13:17:48.0874 3996 sffdisk - ok 13:17:48.0905 3996 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 13:17:48.0905 3996 sffp_mmc - ok 13:17:48.0921 3996 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys 13:17:48.0921 3996 sffp_sd - ok 13:17:48.0952 3996 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 13:17:48.0952 3996 sfloppy - ok 13:17:48.0999 3996 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll 13:17:48.0999 3996 SharedAccess - ok 13:17:49.0045 3996 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll 13:17:49.0045 3996 ShellHWDetection - ok 13:17:49.0092 3996 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 13:17:49.0092 3996 sisagp - ok 13:17:49.0123 3996 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 13:17:49.0123 3996 SiSRaid2 - ok 13:17:49.0139 3996 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 13:17:49.0139 3996 SiSRaid4 - ok 13:17:49.0186 3996 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 13:17:49.0186 3996 Smb - ok 13:17:49.0233 3996 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe 13:17:49.0233 3996 SNMPTRAP - ok 13:17:49.0264 3996 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 13:17:49.0279 3996 spldr - ok 13:17:49.0326 3996 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe 13:17:49.0357 3996 Spooler - ok 13:17:49.0498 3996 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe 13:17:49.0607 3996 sppsvc - ok 13:17:49.0654 3996 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll 13:17:49.0654 3996 sppuinotify - ok 13:17:49.0701 3996 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys 13:17:49.0716 3996 srv - ok 13:17:49.0732 3996 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys 13:17:49.0732 3996 srv2 - ok 13:17:49.0779 3996 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys 13:17:49.0794 3996 srvnet - ok 13:17:49.0825 3996 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll 13:17:49.0841 3996 SSDPSRV - ok 13:17:49.0857 3996 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll 13:17:49.0857 3996 SstpSvc - ok 13:17:49.0903 3996 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 13:17:49.0903 3996 stexstor - ok 13:17:49.0950 3996 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll 13:17:49.0981 3996 StiSvc - ok 13:17:50.0013 3996 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys 13:17:50.0013 3996 storflt - ok 13:17:50.0044 3996 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys 13:17:50.0044 3996 storvsc - ok 13:17:50.0075 3996 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 13:17:50.0075 3996 swenum - ok 13:17:50.0106 3996 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll 13:17:50.0122 3996 swprv - ok 13:17:50.0153 3996 Synth3dVsc - ok 13:17:50.0231 3996 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll 13:17:50.0262 3996 SysMain - ok 13:17:50.0309 3996 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll 13:17:50.0309 3996 TabletInputService - ok 13:17:50.0371 3996 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll 13:17:50.0371 3996 TapiSrv - ok 13:17:50.0418 3996 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll 13:17:50.0418 3996 TBS - ok 13:17:50.0496 3996 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys 13:17:50.0543 3996 Tcpip - ok 13:17:50.0605 3996 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys 13:17:50.0621 3996 TCPIP6 - ok 13:17:50.0668 3996 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 13:17:50.0668 3996 tcpipreg - ok 13:17:50.0715 3996 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 13:17:50.0715 3996 TDPIPE - ok 13:17:50.0730 3996 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys 13:17:50.0730 3996 TDTCP - ok 13:17:50.0777 3996 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 13:17:50.0777 3996 tdx - ok 13:17:50.0824 3996 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys 13:17:50.0824 3996 TermDD - ok 13:17:50.0886 3996 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll 13:17:50.0902 3996 TermService - ok 13:17:50.0949 3996 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll 13:17:50.0949 3996 Themes - ok 13:17:50.0995 3996 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 13:17:50.0995 3996 THREADORDER - ok 13:17:51.0027 3996 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll 13:17:51.0027 3996 TrkWks - ok 13:17:51.0089 3996 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe 13:17:51.0105 3996 TrustedInstaller - ok 13:17:51.0136 3996 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 13:17:51.0136 3996 tssecsrv - ok 13:17:51.0229 3996 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 13:17:51.0245 3996 TsUsbFlt - ok 13:17:51.0245 3996 tsusbhub - ok 13:17:51.0323 3996 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 13:17:51.0323 3996 tunnel - ok 13:17:51.0370 3996 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 13:17:51.0370 3996 uagp35 - ok 13:17:51.0417 3996 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 13:17:51.0417 3996 udfs - ok 13:17:51.0463 3996 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe 13:17:51.0463 3996 UI0Detect - ok 13:17:51.0526 3996 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 13:17:51.0541 3996 uliagpkx - ok 13:17:51.0588 3996 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys 13:17:51.0588 3996 umbus - ok 13:17:51.0651 3996 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 13:17:51.0651 3996 UmPass - ok 13:17:51.0697 3996 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll 13:17:51.0697 3996 UmRdpService - ok 13:17:51.0760 3996 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll 13:17:51.0760 3996 upnphost - ok 13:17:51.0807 3996 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys 13:17:51.0807 3996 usbaudio - ok 13:17:51.0853 3996 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys 13:17:51.0853 3996 usbccgp - ok 13:17:51.0916 3996 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 13:17:51.0916 3996 usbcir - ok 13:17:51.0947 3996 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys 13:17:51.0947 3996 usbehci - ok 13:17:51.0978 3996 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys 13:17:51.0994 3996 usbhub - ok 13:17:52.0009 3996 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys 13:17:52.0009 3996 usbohci - ok 13:17:52.0056 3996 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 13:17:52.0056 3996 usbprint - ok 13:17:52.0087 3996 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS 13:17:52.0087 3996 USBSTOR - ok 13:17:52.0103 3996 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys 13:17:52.0103 3996 usbuhci - ok 13:17:52.0150 3996 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys 13:17:52.0165 3996 usbvideo - ok 13:17:52.0197 3996 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll 13:17:52.0212 3996 UxSms - ok 13:17:52.0243 3996 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 13:17:52.0243 3996 VaultSvc - ok 13:17:52.0306 3996 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 13:17:52.0306 3996 vdrvroot - ok 13:17:52.0368 3996 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe 13:17:52.0399 3996 vds - ok 13:17:52.0431 3996 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 13:17:52.0431 3996 vga - ok 13:17:52.0462 3996 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 13:17:52.0462 3996 VgaSave - ok 13:17:52.0477 3996 VGPU - ok 13:17:52.0524 3996 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 13:17:52.0540 3996 vhdmp - ok 13:17:52.0587 3996 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 13:17:52.0587 3996 viaagp - ok 13:17:52.0618 3996 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 13:17:52.0618 3996 ViaC7 - ok 13:17:52.0633 3996 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 13:17:52.0633 3996 viaide - ok 13:17:52.0665 3996 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys 13:17:52.0680 3996 vmbus - ok 13:17:52.0696 3996 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys 13:17:52.0696 3996 VMBusHID - ok 13:17:52.0743 3996 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 13:17:52.0743 3996 volmgr - ok 13:17:52.0758 3996 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 13:17:52.0774 3996 volmgrx - ok 13:17:52.0789 3996 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 13:17:52.0789 3996 volsnap - ok 13:17:52.0821 3996 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 13:17:52.0836 3996 vsmraid - ok 13:17:52.0883 3996 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe 13:17:52.0930 3996 VSS - ok 13:17:52.0945 3996 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 13:17:52.0945 3996 vwifibus - ok 13:17:52.0961 3996 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 13:17:52.0977 3996 vwififlt - ok 13:17:53.0008 3996 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys 13:17:53.0008 3996 vwifimp - ok 13:17:53.0055 3996 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll 13:17:53.0070 3996 W32Time - ok 13:17:53.0086 3996 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 13:17:53.0086 3996 WacomPen - ok 13:17:53.0133 3996 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 13:17:53.0133 3996 WANARP - ok 13:17:53.0148 3996 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 13:17:53.0148 3996 Wanarpv6 - ok 13:17:53.0257 3996 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe 13:17:53.0304 3996 WatAdminSvc - ok 13:17:53.0367 3996 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe 13:17:53.0413 3996 wbengine - ok 13:17:53.0460 3996 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll 13:17:53.0476 3996 WbioSrvc - ok 13:17:53.0507 3996 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll 13:17:53.0523 3996 wcncsvc - ok 13:17:53.0554 3996 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll 13:17:53.0569 3996 WcsPlugInService - ok 13:17:53.0601 3996 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 13:17:53.0601 3996 Wd - ok 13:17:53.0632 3996 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 13:17:53.0647 3996 Wdf01000 - ok 13:17:53.0663 3996 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 13:17:53.0663 3996 WdiServiceHost - ok 13:17:53.0679 3996 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 13:17:53.0679 3996 WdiSystemHost - ok 13:17:53.0710 3996 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll 13:17:53.0725 3996 WebClient - ok 13:17:53.0741 3996 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll 13:17:53.0741 3996 Wecsvc - ok 13:17:53.0772 3996 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll 13:17:53.0772 3996 wercplsupport - ok 13:17:53.0803 3996 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll 13:17:53.0803 3996 WerSvc - ok 13:17:53.0866 3996 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 13:17:53.0866 3996 WfpLwf - ok 13:17:53.0881 3996 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 13:17:53.0897 3996 WIMMount - ok 13:17:54.0006 3996 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll 13:17:54.0037 3996 WinDefend - ok 13:17:54.0037 3996 WinHttpAutoProxySvc - ok 13:17:54.0115 3996 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll 13:17:54.0115 3996 Winmgmt - ok 13:17:54.0193 3996 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll 13:17:54.0240 3996 WinRM - ok 13:17:54.0303 3996 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll 13:17:54.0334 3996 Wlansvc - ok 13:17:54.0381 3996 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 13:17:54.0381 3996 WmiAcpi - ok 13:17:54.0459 3996 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe 13:17:54.0459 3996 wmiApSrv - ok 13:17:54.0568 3996 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe 13:17:54.0615 3996 WMPNetworkSvc - ok 13:17:54.0646 3996 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll 13:17:54.0661 3996 WPCSvc - ok 13:17:54.0708 3996 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll 13:17:54.0708 3996 WPDBusEnum - ok 13:17:54.0755 3996 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 13:17:54.0755 3996 ws2ifsl - ok 13:17:54.0786 3996 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll 13:17:54.0786 3996 wscsvc - ok 13:17:54.0802 3996 WSearch - ok 13:17:54.0895 3996 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll 13:17:54.0958 3996 wuauserv - ok 13:17:54.0989 3996 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 13:17:55.0005 3996 WudfPf - ok 13:17:55.0036 3996 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 13:17:55.0036 3996 WUDFRd - ok 13:17:55.0098 3996 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll 13:17:55.0098 3996 wudfsvc - ok 13:17:55.0145 3996 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll 13:17:55.0161 3996 WwanSvc - ok 13:17:55.0192 3996 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 13:17:55.0254 3996 \Device\Harddisk0\DR0 - ok 13:17:55.0270 3996 Boot (0x1200) (7ef4f5ffa007777457f9170bf81cc197) \Device\Harddisk0\DR0\Partition0 13:17:55.0270 3996 \Device\Harddisk0\DR0\Partition0 - ok 13:17:55.0285 3996 Boot (0x1200) (d1f645201fcabad361e29e5c1fb9b7e2) \Device\Harddisk0\DR0\Partition1 13:17:55.0285 3996 \Device\Harddisk0\DR0\Partition1 - ok 13:17:55.0285 3996 ============================================================ 13:17:55.0285 3996 Scan finished 13:17:55.0285 3996 ============================================================ 13:17:55.0363 3220 Detected object count: 0 13:17:55.0363 3220 Actual detected object count: 0 13:18:07.0360 2200 Deinitialize success
  16. RichHeller
    GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-04-03 14:35:17 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-75ZCT2 rev.11.01A11 Running: gmer.exe; Driver: C:\Users\rich\AppData\Local\Temp\pxldrpow.sys ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{2B754346-56B8-42EE-B406-E2CCACEB027B}\Connection@Name isatap.{87969DCC-9B23-468E-B0A8-9D57C8CAEFBF} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{EB4A2B50-1ECF-48B2-AED2-6552D7E6FD7F}?\Device\{2B754346-56B8-42EE-B406-E2CCACEB027B}?\Device\{F77D4552-B0B1-4E81-8963-D46A9AF67B8E}?\Device\{BCDBE0DC-ACAF-4B83-AF81-BFD2AA53A0FA}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{EB4A2B50-1ECF-48B2-AED2-6552D7E6FD7F}"?"{2B754346-56B8-42EE-B406-E2CCACEB027B}"?"{F77D4552-B0B1-4E81-8963-D46A9AF67B8E}"?"{BCDBE0DC-ACAF-4B83-AF81-BFD2AA53A0FA}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{EB4A2B50-1ECF-48B2-AED2-6552D7E6FD7F}?\Device\TCPIP6TUNNEL_{2B754346-56B8-42EE-B406-E2CCACEB027B}?\Device\TCPIP6TUNNEL_{F77D4552-B0B1-4E81-8963-D46A9AF67B8E}?\Device\TCPIP6TUNNEL_{BCDBE0DC-ACAF-4B83-AF81-BFD2AA53A0FA}? Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{2B754346-56B8-42EE-B406-E2CCACEB027B}@InterfaceName isatap.{87969DCC-9B23-468E-B0A8-9D57C8CAEFBF} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{2B754346-56B8-42EE-B406-E2CCACEB027B}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 11438 ---- EOF - GMER 1.0.15 ----
  17. RichHeller
    https://www.virustotal.com/file/eb12bc72cd39fac7750542815272467fa161b039df858f29878e9fca837cb087/analysis/1333470770/
  18. RichHeller
    Yes, I downloaded fresh copies of all the programs. I don't have the old logs, unfortunately. It happens in both firefox and IE. I rarely run IE, though. I do have a wireless router that I'm using. Netgear N300. OTL log ------------------------- OTL logfile created on: 4/3/2012 11:18:27 AM - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\rich\Downloads\anti-virus Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 74.65% Memory free 5.99 Gb Paging File | 5.16 Gb Available in Paging File | 86.02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 287.95 Gb Total Space | 217.66 Gb Free Space | 75.59% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 5.35 Gb Free Space | 53.48% Space Free | Partition Type: NTFS Computer Name: RICH-PC | User Name: rich | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found < End of report >
  19. RichHeller
    After running ComboFix, I had to restart my computer. Firefox wouldn't start because a registry entry was marked for deletion and my computer no longer recognized its wireless card. After shutting it down and restarting it, it's running normally again. The redirect from google is still happening, though.
  20. RichHeller
    ComboFix 12-04-03.02 - rich 04/03/2012 10:30:42.4.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.2258 [GMT -5:00] Running from: c:\users\rich\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2012-03-03 to 2012-04-03 ))))))))))))))))))))))))))))))) . . 2012-04-03 15:37 . 2012-04-03 15:37 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-04-03 15:37 . 2012-04-03 15:37 -------- d-----w- c:\users\postgres\AppData\Local\temp 2012-04-03 15:37 . 2012-04-03 15:37 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-03 15:27 . 2012-04-03 15:27 -------- d-----w- C:\TDSSKiller_Quarantine 2012-03-30 23:33 . 2012-04-03 15:37 -------- d-----w- c:\users\rich\AppData\Local\temp 2012-03-14 18:23 . 2012-03-14 18:23 -------- d-----w- c:\program files\M-Audio 2012-03-11 00:15 . 2012-03-11 00:15 -------- d-----w- c:\windows\system32\bassmididrv 2012-03-10 22:39 . 2012-03-10 22:39 -------- d-----w- c:\users\rich\TruePianos Settings 2012-03-10 22:39 . 2012-03-30 22:55 -------- d-----w- c:\users\rich\AppData\Roaming\Cakewalk 2012-03-10 22:35 . 2012-03-10 22:36 -------- d-----w- c:\program files\Common Files\Native Instruments 2012-03-10 22:35 . 2012-03-10 22:35 -------- d-----w- c:\program files\Common Files\Digidesign 2012-03-10 22:34 . 2012-03-10 22:35 -------- d-----w- c:\program files\Native Instruments 2012-03-10 22:27 . 2006-11-30 21:49 368640 ----a-w- c:\windows\system32\ReWire.dll 2012-03-10 22:27 . 2006-02-24 16:00 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-03-10 22:27 . 2006-02-24 16:00 487424 ----a-w- c:\windows\system32\msvcp70.dll 2012-03-10 22:27 . 2006-02-24 16:00 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-03-10 22:27 . 2006-02-24 16:00 344064 ----a-w- c:\windows\system32\msvcr70.dll 2012-03-10 22:27 . 2006-02-24 16:00 1047552 ----a-w- c:\windows\system32\mfc71u.dll 2012-03-10 22:27 . 2006-02-24 16:00 1060864 ----a-w- c:\windows\system32\mfc71.dll 2012-03-10 22:26 . 2012-03-16 18:36 -------- d-----w- C:\Cakewalk Projects 2012-03-10 22:26 . 2012-03-10 22:33 -------- d-----w- c:\programdata\Cakewalk 2012-03-10 22:26 . 2012-03-10 22:33 -------- d-----w- c:\program files\Cakewalk . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-14 16:26 . 2011-05-16 02:03 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136] "M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 644104] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . R3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys [2010-12-07 158344] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-20 1343400] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128] S2 postgresql-9.0;postgresql-9.0 - PostgreSQL Server 9.0;C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-9.0 -D C:/Program Files/PostgreSQL/9.0/data -w [x] S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 12925704 *NewlyCreated* - 22474933 *NewlyCreated* - 28969053 *NewlyCreated* - TRUESIGHT *NewlyCreated* - WS2IFSL *Deregistered* - 12925704 *Deregistered* - 22474933 *Deregistered* - 28969053 *Deregistered* - TrueSight . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\rich\AppData\Roaming\Mozilla\Firefox\Profiles\kvtcmbdk.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-9.0] "ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-9.0] "ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-04-03 10:38:50 ComboFix-quarantined-files.txt 2012-04-03 15:38 ComboFix2.txt 2011-08-22 16:32 ComboFix3.txt 2011-08-21 14:53 . Pre-Run: 233,459,658,752 bytes free Post-Run: 233,417,146,368 bytes free . - - End Of File - - 6C0CF25ACE71D0F8D27E23E906B1D8C5
  21. RichHeller
    08:38:54.0701 2828 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32 08:38:55.0091 2828 ============================================================ 08:38:55.0091 2828 Current date / time: 2012/04/03 08:38:55.0091 08:38:55.0091 2828 SystemInfo: 08:38:55.0091 2828 08:38:55.0091 2828 OS Version: 6.1.7601 ServicePack: 1.0 08:38:55.0091 2828 Product type: Workstation 08:38:55.0091 2828 ComputerName: RICH-PC 08:38:55.0091 2828 UserName: rich 08:38:55.0091 2828 Windows directory: C:\Windows 08:38:55.0091 2828 System windows directory: C:\Windows 08:38:55.0091 2828 Processor architecture: Intel x86 08:38:55.0091 2828 Number of processors: 2 08:38:55.0091 2828 Page size: 0x1000 08:38:55.0091 2828 Boot type: Normal boot 08:38:55.0091 2828 ============================================================ 08:38:56.0136 2828 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 08:38:56.0136 2828 \Device\Harddisk0\DR0: 08:38:56.0136 2828 MBR used 08:38:56.0136 2828 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x47000, BlocksNum 0x1400000 08:38:56.0136 2828 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1447000, BlocksNum 0x23FE7000 08:38:56.0183 2828 Initialize success 08:38:56.0183 2828 ============================================================ 08:39:20.0409 2328 ============================================================ 08:39:20.0409 2328 Scan started 08:39:20.0409 2328 Mode: Manual; SigCheck; TDLFS; 08:39:20.0409 2328 ============================================================ 08:39:21.0267 2328 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 08:39:21.0470 2328 1394ohci - ok 08:39:21.0533 2328 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 08:39:21.0564 2328 ACPI - ok 08:39:21.0595 2328 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 08:39:21.0704 2328 AcpiPmi - ok 08:39:21.0798 2328 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 08:39:21.0829 2328 adp94xx - ok 08:39:21.0845 2328 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 08:39:21.0860 2328 adpahci - ok 08:39:21.0876 2328 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 08:39:21.0891 2328 adpu320 - ok 08:39:21.0938 2328 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll 08:39:22.0016 2328 AeLookupSvc - ok 08:39:22.0063 2328 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys 08:39:22.0141 2328 AFD - ok 08:39:22.0188 2328 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 08:39:22.0219 2328 agp440 - ok 08:39:22.0297 2328 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 08:39:22.0313 2328 aic78xx - ok 08:39:22.0375 2328 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe 08:39:22.0453 2328 ALG - ok 08:39:22.0469 2328 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 08:39:22.0484 2328 aliide - ok 08:39:22.0531 2328 AMD External Events Utility (b19505648f033393e907e2e419fde8b3) C:\Windows\system32\atiesrxx.exe 08:39:22.0609 2328 AMD External Events Utility - ok 08:39:22.0640 2328 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 08:39:22.0656 2328 amdagp - ok 08:39:22.0687 2328 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 08:39:22.0703 2328 amdide - ok 08:39:22.0749 2328 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 08:39:22.0827 2328 AmdK8 - ok 08:39:22.0827 2328 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 08:39:22.0890 2328 AmdPPM - ok 08:39:22.0952 2328 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys 08:39:22.0968 2328 amdsata - ok 08:39:22.0999 2328 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 08:39:22.0999 2328 amdsbs - ok 08:39:23.0030 2328 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys 08:39:23.0046 2328 amdxata - ok 08:39:23.0093 2328 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 08:39:23.0249 2328 AppID - ok 08:39:23.0311 2328 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll 08:39:23.0389 2328 AppIDSvc - ok 08:39:23.0436 2328 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll 08:39:23.0514 2328 Appinfo - ok 08:39:23.0576 2328 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll 08:39:23.0639 2328 AppMgmt - ok 08:39:23.0701 2328 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 08:39:23.0717 2328 arc - ok 08:39:23.0732 2328 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 08:39:23.0748 2328 arcsas - ok 08:39:23.0779 2328 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 08:39:23.0966 2328 AsyncMac - ok 08:39:24.0107 2328 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 08:39:24.0122 2328 atapi - ok 08:39:24.0294 2328 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys 08:39:24.0450 2328 atikmdag - ok 08:39:24.0512 2328 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 08:39:24.0559 2328 AudioEndpointBuilder - ok 08:39:24.0606 2328 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 08:39:24.0653 2328 Audiosrv - ok 08:39:24.0715 2328 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll 08:39:24.0824 2328 AxInstSV - ok 08:39:24.0887 2328 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 08:39:24.0965 2328 b06bdrv - ok 08:39:25.0011 2328 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 08:39:25.0043 2328 b57nd60x - ok 08:39:25.0121 2328 BCM43XX (eb7c2dadf52f50f69f198c14c3556dc1) C:\Windows\system32\DRIVERS\bcmwl6.sys 08:39:25.0261 2328 BCM43XX - ok 08:39:25.0292 2328 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll 08:39:25.0370 2328 BDESVC - ok 08:39:25.0417 2328 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 08:39:25.0495 2328 Beep - ok 08:39:25.0573 2328 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll 08:39:25.0651 2328 BFE - ok 08:39:25.0698 2328 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll 08:39:25.0792 2328 BITS - ok 08:39:25.0823 2328 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 08:39:25.0870 2328 blbdrive - ok 08:39:25.0916 2328 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 08:39:25.0948 2328 bowser - ok 08:39:25.0948 2328 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 08:39:25.0994 2328 BrFiltLo - ok 08:39:26.0010 2328 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 08:39:26.0057 2328 BrFiltUp - ok 08:39:26.0119 2328 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys 08:39:26.0182 2328 BridgeMP - ok 08:39:26.0228 2328 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll 08:39:26.0306 2328 Browser - ok 08:39:26.0322 2328 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 08:39:26.0353 2328 Brserid - ok 08:39:26.0384 2328 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 08:39:26.0416 2328 BrSerWdm - ok 08:39:26.0431 2328 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 08:39:26.0447 2328 BrUsbMdm - ok 08:39:26.0462 2328 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 08:39:26.0494 2328 BrUsbSer - ok 08:39:26.0509 2328 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 08:39:26.0540 2328 BTHMODEM - ok 08:39:26.0603 2328 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll 08:39:26.0634 2328 bthserv - ok 08:39:26.0743 2328 catchme - ok 08:39:26.0790 2328 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 08:39:26.0852 2328 cdfs - ok 08:39:26.0915 2328 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys 08:39:26.0962 2328 cdrom - ok 08:39:27.0008 2328 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 08:39:27.0211 2328 CertPropSvc - ok 08:39:27.0242 2328 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 08:39:27.0274 2328 circlass - ok 08:39:27.0320 2328 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 08:39:27.0336 2328 CLFS - ok 08:39:27.0414 2328 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 08:39:27.0414 2328 clr_optimization_v2.0.50727_32 - ok 08:39:27.0461 2328 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 08:39:27.0508 2328 CmBatt - ok 08:39:27.0554 2328 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 08:39:27.0570 2328 cmdide - ok 08:39:27.0617 2328 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys 08:39:27.0648 2328 CNG - ok 08:39:27.0679 2328 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 08:39:27.0695 2328 Compbatt - ok 08:39:27.0726 2328 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys 08:39:27.0788 2328 CompositeBus - ok 08:39:27.0820 2328 COMSysApp - ok 08:39:27.0851 2328 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 08:39:27.0851 2328 crcdisk - ok 08:39:27.0913 2328 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll 08:39:27.0960 2328 CryptSvc - ok 08:39:28.0022 2328 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys 08:39:28.0085 2328 CSC - ok 08:39:28.0132 2328 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll 08:39:28.0194 2328 CscService - ok 08:39:28.0256 2328 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 08:39:28.0490 2328 DcomLaunch - ok 08:39:28.0537 2328 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll 08:39:28.0584 2328 defragsvc - ok 08:39:28.0646 2328 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 08:39:28.0709 2328 DfsC - ok 08:39:28.0771 2328 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll 08:39:28.0834 2328 Dhcp - ok 08:39:28.0865 2328 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 08:39:28.0927 2328 discache - ok 08:39:28.0974 2328 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 08:39:28.0990 2328 Disk - ok 08:39:29.0036 2328 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll 08:39:29.0114 2328 Dnscache - ok 08:39:29.0161 2328 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll 08:39:29.0239 2328 dot3svc - ok 08:39:29.0270 2328 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll 08:39:29.0333 2328 DPS - ok 08:39:29.0395 2328 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 08:39:29.0442 2328 drmkaud - ok 08:39:29.0504 2328 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 08:39:29.0551 2328 DXGKrnl - ok 08:39:29.0582 2328 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll 08:39:29.0629 2328 EapHost - ok 08:39:29.0770 2328 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 08:39:29.0863 2328 ebdrv - ok 08:39:29.0894 2328 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe 08:39:29.0926 2328 EFS - ok 08:39:30.0019 2328 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe 08:39:30.0113 2328 ehRecvr - ok 08:39:30.0144 2328 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe 08:39:30.0222 2328 ehSched - ok 08:39:30.0284 2328 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 08:39:30.0300 2328 elxstor - ok 08:39:30.0331 2328 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 08:39:30.0362 2328 ErrDev - ok 08:39:30.0440 2328 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll 08:39:30.0503 2328 EventSystem - ok 08:39:30.0550 2328 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 08:39:30.0581 2328 exfat - ok 08:39:30.0628 2328 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 08:39:30.0690 2328 fastfat - ok 08:39:30.0784 2328 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe 08:39:30.0846 2328 Fax - ok 08:39:30.0877 2328 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 08:39:30.0924 2328 fdc - ok 08:39:30.0971 2328 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll 08:39:31.0018 2328 fdPHost - ok 08:39:31.0064 2328 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll 08:39:31.0111 2328 FDResPub - ok 08:39:31.0142 2328 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 08:39:31.0158 2328 FileInfo - ok 08:39:31.0174 2328 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 08:39:31.0220 2328 Filetrace - ok 08:39:31.0236 2328 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 08:39:31.0252 2328 flpydisk - ok 08:39:31.0283 2328 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 08:39:31.0298 2328 FltMgr - ok 08:39:31.0361 2328 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll 08:39:31.0439 2328 FontCache - ok 08:39:31.0532 2328 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 08:39:31.0548 2328 FontCache3.0.0.0 - ok 08:39:31.0564 2328 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 08:39:31.0579 2328 FsDepends - ok 08:39:31.0595 2328 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 08:39:31.0595 2328 Fs_Rec - ok 08:39:31.0657 2328 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 08:39:31.0673 2328 fvevol - ok 08:39:31.0704 2328 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 08:39:31.0720 2328 gagp30kx - ok 08:39:31.0766 2328 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll 08:39:31.0829 2328 gpsvc - ok 08:39:31.0860 2328 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 08:39:31.0922 2328 hcw85cir - ok 08:39:32.0000 2328 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys 08:39:32.0047 2328 HdAudAddService - ok 08:39:32.0110 2328 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys 08:39:32.0156 2328 HDAudBus - ok 08:39:32.0203 2328 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 08:39:32.0234 2328 HidBatt - ok 08:39:32.0266 2328 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 08:39:32.0312 2328 HidBth - ok 08:39:32.0344 2328 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 08:39:32.0390 2328 HidIr - ok 08:39:32.0437 2328 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll 08:39:32.0484 2328 hidserv - ok 08:39:32.0546 2328 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys 08:39:32.0593 2328 HidUsb - ok 08:39:32.0640 2328 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll 08:39:32.0718 2328 hkmsvc - ok 08:39:32.0765 2328 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll 08:39:32.0843 2328 HomeGroupListener - ok 08:39:32.0890 2328 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll 08:39:32.0936 2328 HomeGroupProvider - ok 08:39:32.0999 2328 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 08:39:33.0030 2328 HpSAMD - ok 08:39:33.0092 2328 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 08:39:33.0124 2328 HTTP - ok 08:39:33.0155 2328 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 08:39:33.0155 2328 hwpolicy - ok 08:39:33.0233 2328 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 08:39:33.0280 2328 i8042prt - ok 08:39:33.0342 2328 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys 08:39:33.0373 2328 iaStorV - ok 08:39:33.0498 2328 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 08:39:33.0560 2328 idsvc - ok 08:39:33.0607 2328 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 08:39:33.0623 2328 iirsp - ok 08:39:33.0685 2328 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll 08:39:33.0779 2328 IKEEXT - ok 08:39:33.0826 2328 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 08:39:33.0841 2328 intelide - ok 08:39:33.0872 2328 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 08:39:33.0904 2328 intelppm - ok 08:39:33.0950 2328 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll 08:39:34.0028 2328 IPBusEnum - ok 08:39:34.0060 2328 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 08:39:34.0091 2328 IpFilterDriver - ok 08:39:34.0200 2328 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll 08:39:34.0262 2328 iphlpsvc - ok 08:39:34.0356 2328 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 08:39:34.0403 2328 IPMIDRV - ok 08:39:34.0450 2328 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 08:39:34.0496 2328 IPNAT - ok 08:39:34.0528 2328 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 08:39:34.0606 2328 IRENUM - ok 08:39:34.0637 2328 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 08:39:34.0652 2328 isapnp - ok 08:39:34.0699 2328 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 08:39:34.0730 2328 iScsiPrt - ok 08:39:34.0793 2328 k57nd60x (c4c95805b85bce1eb9d20f4a02fc5f9b) C:\Windows\system32\DRIVERS\k57nd60x.sys 08:39:34.0855 2328 k57nd60x - ok 08:39:34.0933 2328 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys 08:39:34.0933 2328 kbdclass - ok 08:39:34.0996 2328 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys 08:39:35.0011 2328 kbdhid - ok 08:39:35.0058 2328 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 08:39:35.0074 2328 KeyIso - ok 08:39:35.0120 2328 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys 08:39:35.0120 2328 KSecDD - ok 08:39:35.0167 2328 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys 08:39:35.0183 2328 KSecPkg - ok 08:39:35.0245 2328 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll 08:39:35.0292 2328 KtmRm - ok 08:39:35.0354 2328 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll 08:39:35.0417 2328 LanmanServer - ok 08:39:35.0464 2328 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll 08:39:35.0542 2328 LanmanWorkstation - ok 08:39:35.0604 2328 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 08:39:35.0635 2328 lltdio - ok 08:39:35.0682 2328 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll 08:39:35.0729 2328 lltdsvc - ok 08:39:35.0760 2328 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll 08:39:35.0776 2328 lmhosts - ok 08:39:35.0822 2328 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 08:39:35.0854 2328 LSI_FC - ok 08:39:35.0885 2328 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 08:39:35.0900 2328 LSI_SAS - ok 08:39:35.0916 2328 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 08:39:35.0916 2328 LSI_SAS2 - ok 08:39:35.0947 2328 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 08:39:35.0963 2328 LSI_SCSI - ok 08:39:35.0978 2328 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 08:39:36.0025 2328 luafv - ok 08:39:36.0119 2328 MAUSBFASTTRACK (862d7bd3be3399670a7e3358ce7e6344) C:\Windows\system32\DRIVERS\MAudioFastTrack.sys 08:39:36.0634 2328 MAUSBFASTTRACK - ok 08:39:36.0680 2328 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll 08:39:36.0696 2328 Mcx2Svc - ok 08:39:36.0743 2328 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 08:39:36.0758 2328 megasas - ok 08:39:36.0790 2328 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 08:39:36.0805 2328 MegaSR - ok 08:39:36.0836 2328 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 08:39:36.0883 2328 MMCSS - ok 08:39:36.0914 2328 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 08:39:36.0992 2328 Modem - ok 08:39:37.0039 2328 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 08:39:37.0086 2328 monitor - ok 08:39:37.0164 2328 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys 08:39:37.0180 2328 mouclass - ok 08:39:37.0195 2328 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 08:39:37.0258 2328 mouhid - ok 08:39:37.0304 2328 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 08:39:37.0320 2328 mountmgr - ok 08:39:37.0367 2328 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 08:39:37.0398 2328 mpio - ok 08:39:37.0398 2328 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 08:39:37.0460 2328 mpsdrv - ok 08:39:37.0523 2328 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll 08:39:37.0616 2328 MpsSvc - ok 08:39:37.0663 2328 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 08:39:37.0710 2328 MRxDAV - ok 08:39:37.0772 2328 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys 08:39:37.0835 2328 mrxsmb - ok 08:39:37.0882 2328 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys 08:39:37.0913 2328 mrxsmb10 - ok 08:39:37.0944 2328 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys 08:39:37.0975 2328 mrxsmb20 - ok 08:39:38.0022 2328 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 08:39:38.0038 2328 msahci - ok 08:39:38.0100 2328 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 08:39:38.0100 2328 msdsm - ok 08:39:38.0162 2328 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe 08:39:38.0194 2328 MSDTC - ok 08:39:38.0225 2328 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 08:39:38.0272 2328 Msfs - ok 08:39:38.0303 2328 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 08:39:38.0318 2328 mshidkmdf - ok 08:39:38.0350 2328 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 08:39:38.0365 2328 msisadrv - ok 08:39:38.0412 2328 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll 08:39:38.0490 2328 MSiSCSI - ok 08:39:38.0490 2328 msiserver - ok 08:39:38.0537 2328 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 08:39:38.0599 2328 MSKSSRV - ok 08:39:38.0630 2328 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 08:39:38.0693 2328 MSPCLOCK - ok 08:39:38.0724 2328 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 08:39:38.0786 2328 MSPQM - ok 08:39:38.0833 2328 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 08:39:38.0833 2328 MsRPC - ok 08:39:38.0880 2328 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 08:39:38.0896 2328 mssmbios - ok 08:39:38.0911 2328 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 08:39:38.0927 2328 MSTEE - ok 08:39:38.0958 2328 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 08:39:38.0989 2328 MTConfig - ok 08:39:38.0989 2328 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 08:39:39.0005 2328 Mup - ok 08:39:39.0052 2328 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll 08:39:39.0130 2328 napagent - ok 08:39:39.0192 2328 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 08:39:39.0239 2328 NativeWifiP - ok 08:39:39.0301 2328 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 08:39:39.0332 2328 NDIS - ok 08:39:39.0520 2328 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 08:39:39.0598 2328 NdisCap - ok 08:39:39.0644 2328 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 08:39:39.0707 2328 NdisTapi - ok 08:39:39.0754 2328 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 08:39:39.0832 2328 Ndisuio - ok 08:39:39.0910 2328 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 08:39:39.0988 2328 NdisWan - ok 08:39:40.0034 2328 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 08:39:40.0050 2328 NDProxy - ok 08:39:40.0097 2328 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 08:39:40.0159 2328 NetBIOS - ok 08:39:40.0206 2328 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 08:39:40.0222 2328 NetBT - ok 08:39:40.0268 2328 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 08:39:40.0284 2328 Netlogon - ok 08:39:40.0362 2328 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll 08:39:40.0440 2328 Netman - ok 08:39:40.0456 2328 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll 08:39:40.0487 2328 netprofm - ok 08:39:40.0596 2328 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 08:39:40.0612 2328 NetTcpPortSharing - ok 08:39:40.0674 2328 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 08:39:40.0674 2328 nfrd960 - ok 08:39:40.0705 2328 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll 08:39:40.0768 2328 NlaSvc - ok 08:39:40.0814 2328 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 08:39:40.0892 2328 Npfs - ok 08:39:40.0924 2328 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll 08:39:41.0002 2328 nsi - ok 08:39:41.0033 2328 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 08:39:41.0095 2328 nsiproxy - ok 08:39:41.0173 2328 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys 08:39:41.0220 2328 Ntfs - ok 08:39:41.0236 2328 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 08:39:41.0267 2328 Null - ok 08:39:41.0314 2328 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys 08:39:41.0329 2328 nvraid - ok 08:39:41.0345 2328 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys 08:39:41.0360 2328 nvstor - ok 08:39:41.0392 2328 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 08:39:41.0407 2328 nv_agp - ok 08:39:41.0454 2328 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 08:39:41.0501 2328 ohci1394 - ok 08:39:41.0610 2328 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 08:39:41.0626 2328 ose - ok 08:39:41.0672 2328 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 08:39:41.0719 2328 p2pimsvc - ok 08:39:41.0766 2328 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll 08:39:41.0828 2328 p2psvc - ok 08:39:41.0875 2328 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 08:39:41.0906 2328 Parport - ok 08:39:41.0938 2328 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys 08:39:41.0953 2328 partmgr - ok 08:39:41.0984 2328 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 08:39:42.0016 2328 Parvdm - ok 08:39:42.0047 2328 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll 08:39:42.0078 2328 PcaSvc - ok 08:39:42.0125 2328 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 08:39:42.0125 2328 pci - ok 08:39:42.0156 2328 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 08:39:42.0172 2328 pciide - ok 08:39:42.0187 2328 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 08:39:42.0203 2328 pcmcia - ok 08:39:42.0203 2328 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 08:39:42.0218 2328 pcw - ok 08:39:42.0265 2328 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 08:39:42.0296 2328 PEAUTH - ok 08:39:42.0343 2328 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll 08:39:42.0452 2328 PeerDistSvc - ok 08:39:42.0546 2328 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll 08:39:42.0624 2328 pla - ok 08:39:42.0671 2328 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll 08:39:42.0749 2328 PlugPlay - ok 08:39:42.0780 2328 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll 08:39:42.0827 2328 PNRPAutoReg - ok 08:39:42.0874 2328 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 08:39:42.0905 2328 PNRPsvc - ok 08:39:42.0936 2328 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll 08:39:42.0998 2328 PolicyAgent - ok 08:39:43.0108 2328 postgresql-9.0 - ok 08:39:43.0154 2328 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll 08:39:43.0217 2328 Power - ok 08:39:43.0279 2328 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 08:39:43.0326 2328 PptpMiniport - ok 08:39:43.0357 2328 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 08:39:43.0404 2328 Processor - ok 08:39:43.0466 2328 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll 08:39:43.0498 2328 ProfSvc - ok 08:39:43.0544 2328 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 08:39:43.0560 2328 ProtectedStorage - ok 08:39:43.0607 2328 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 08:39:43.0669 2328 Psched - ok 08:39:43.0732 2328 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 08:39:43.0763 2328 ql2300 - ok 08:39:43.0778 2328 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 08:39:43.0794 2328 ql40xx - ok 08:39:43.0825 2328 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll 08:39:43.0872 2328 QWAVE - ok 08:39:43.0903 2328 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 08:39:43.0919 2328 QWAVEdrv - ok 08:39:43.0934 2328 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 08:39:43.0981 2328 RasAcd - ok 08:39:44.0044 2328 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 08:39:44.0075 2328 RasAgileVpn - ok 08:39:44.0090 2328 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll 08:39:44.0122 2328 RasAuto - ok 08:39:44.0153 2328 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 08:39:44.0215 2328 Rasl2tp - ok 08:39:44.0278 2328 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll 08:39:44.0356 2328 RasMan - ok 08:39:44.0387 2328 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 08:39:44.0449 2328 RasPppoe - ok 08:39:44.0480 2328 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 08:39:44.0543 2328 RasSstp - ok 08:39:44.0699 2328 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 08:39:44.0761 2328 rdbss - ok 08:39:44.0792 2328 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 08:39:44.0808 2328 rdpbus - ok 08:39:44.0839 2328 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 08:39:44.0886 2328 RDPCDD - ok 08:39:44.0933 2328 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys 08:39:44.0964 2328 RDPDR - ok 08:39:44.0995 2328 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 08:39:45.0058 2328 RDPENCDD - ok 08:39:45.0089 2328 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 08:39:45.0120 2328 RDPREFMP - ok 08:39:45.0167 2328 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys 08:39:45.0229 2328 RdpVideoMiniport - ok 08:39:45.0260 2328 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys 08:39:45.0338 2328 RDPWD - ok 08:39:45.0385 2328 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 08:39:45.0416 2328 rdyboost - ok 08:39:45.0448 2328 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll 08:39:45.0526 2328 RemoteAccess - ok 08:39:45.0572 2328 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll 08:39:45.0650 2328 RemoteRegistry - ok 08:39:45.0682 2328 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll 08:39:45.0744 2328 RpcEptMapper - ok 08:39:45.0791 2328 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe 08:39:45.0822 2328 RpcLocator - ok 08:39:45.0869 2328 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\System32\rpcss.dll 08:39:45.0916 2328 RpcSs - ok 08:39:45.0962 2328 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 08:39:46.0009 2328 rspndr - ok 08:39:46.0056 2328 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys 08:39:46.0118 2328 s3cap - ok 08:39:46.0165 2328 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 08:39:46.0181 2328 SamSs - ok 08:39:46.0243 2328 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 08:39:46.0274 2328 sbp2port - ok 08:39:46.0306 2328 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll 08:39:46.0352 2328 SCardSvr - ok 08:39:46.0399 2328 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 08:39:46.0446 2328 scfilter - ok 08:39:46.0493 2328 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll 08:39:46.0586 2328 Schedule - ok 08:39:46.0633 2328 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 08:39:46.0649 2328 SCPolicySvc - ok 08:39:46.0696 2328 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys 08:39:46.0742 2328 sdbus - ok 08:39:46.0789 2328 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll 08:39:46.0867 2328 SDRSVC - ok 08:39:46.0914 2328 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 08:39:46.0976 2328 secdrv - ok 08:39:47.0023 2328 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll 08:39:47.0101 2328 seclogon - ok 08:39:47.0148 2328 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll 08:39:47.0210 2328 SENS - ok 08:39:47.0257 2328 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll 08:39:47.0335 2328 SensrSvc - ok 08:39:47.0351 2328 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 08:39:47.0382 2328 Serenum - ok 08:39:47.0398 2328 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 08:39:47.0413 2328 Serial - ok 08:39:47.0460 2328 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 08:39:47.0507 2328 sermouse - ok 08:39:47.0569 2328 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll 08:39:47.0647 2328 SessionEnv - ok 08:39:47.0678 2328 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 08:39:47.0741 2328 sffdisk - ok 08:39:47.0772 2328 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 08:39:47.0803 2328 sffp_mmc - ok 08:39:47.0819 2328 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys 08:39:47.0850 2328 sffp_sd - ok 08:39:47.0881 2328 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 08:39:47.0912 2328 sfloppy - ok 08:39:47.0990 2328 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll 08:39:48.0037 2328 SharedAccess - ok 08:39:48.0068 2328 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll 08:39:48.0131 2328 ShellHWDetection - ok 08:39:48.0178 2328 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 08:39:48.0193 2328 sisagp - ok 08:39:48.0256 2328 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 08:39:48.0271 2328 SiSRaid2 - ok 08:39:48.0302 2328 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 08:39:48.0302 2328 SiSRaid4 - ok 08:39:48.0334 2328 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 08:39:48.0365 2328 Smb - ok 08:39:48.0396 2328 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe 08:39:48.0427 2328 SNMPTRAP - ok 08:39:48.0443 2328 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 08:39:48.0458 2328 spldr - ok 08:39:48.0505 2328 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe 08:39:48.0583 2328 Spooler - ok 08:39:48.0708 2328 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe 08:39:48.0848 2328 sppsvc - ok 08:39:48.0895 2328 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll 08:39:48.0973 2328 sppuinotify - ok 08:39:49.0020 2328 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys 08:39:49.0098 2328 srv - ok 08:39:49.0129 2328 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys 08:39:49.0160 2328 srv2 - ok 08:39:49.0207 2328 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys 08:39:49.0254 2328 srvnet - ok 08:39:49.0301 2328 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll 08:39:49.0332 2328 SSDPSRV - ok 08:39:49.0348 2328 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll 08:39:49.0394 2328 SstpSvc - ok 08:39:49.0426 2328 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 08:39:49.0441 2328 stexstor - ok 08:39:49.0488 2328 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll 08:39:49.0566 2328 StiSvc - ok 08:39:49.0628 2328 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys 08:39:49.0644 2328 storflt - ok 08:39:49.0675 2328 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys 08:39:49.0691 2328 storvsc - ok 08:39:49.0784 2328 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 08:39:49.0800 2328 swenum - ok 08:39:49.0878 2328 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll 08:39:49.0940 2328 swprv - ok 08:39:49.0972 2328 Synth3dVsc - ok 08:39:50.0050 2328 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll 08:39:50.0112 2328 SysMain - ok 08:39:50.0143 2328 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll 08:39:50.0174 2328 TabletInputService - ok 08:39:50.0221 2328 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll 08:39:50.0284 2328 TapiSrv - ok 08:39:50.0315 2328 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll 08:39:50.0362 2328 TBS - ok 08:39:50.0440 2328 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys 08:39:50.0471 2328 Tcpip - ok 08:39:50.0533 2328 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys 08:39:50.0564 2328 TCPIP6 - ok 08:39:50.0611 2328 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 08:39:50.0658 2328 tcpipreg - ok 08:39:50.0705 2328 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 08:39:50.0752 2328 TDPIPE - ok 08:39:50.0767 2328 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys 08:39:50.0798 2328 TDTCP - ok 08:39:50.0845 2328 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 08:39:50.0908 2328 tdx - ok 08:39:50.0954 2328 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys 08:39:50.0970 2328 TermDD - ok 08:39:51.0017 2328 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll 08:39:51.0110 2328 TermService - ok 08:39:51.0142 2328 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll 08:39:51.0188 2328 Themes - ok 08:39:51.0235 2328 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 08:39:51.0266 2328 THREADORDER - ok 08:39:51.0282 2328 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll 08:39:51.0329 2328 TrkWks - ok 08:39:51.0407 2328 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe 08:39:51.0469 2328 TrustedInstaller - ok 08:39:51.0516 2328 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 08:39:51.0563 2328 tssecsrv - ok 08:39:51.0641 2328 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 08:39:51.0688 2328 TsUsbFlt - ok 08:39:51.0703 2328 tsusbhub - ok 08:39:51.0781 2328 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 08:39:51.0828 2328 tunnel - ok 08:39:51.0875 2328 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 08:39:51.0890 2328 uagp35 - ok 08:39:51.0937 2328 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 08:39:51.0984 2328 udfs - ok 08:39:52.0031 2328 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe 08:39:52.0078 2328 UI0Detect - ok 08:39:52.0124 2328 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 08:39:52.0156 2328 uliagpkx - ok 08:39:52.0187 2328 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys 08:39:52.0218 2328 umbus - ok 08:39:52.0249 2328 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 08:39:52.0296 2328 UmPass - ok 08:39:52.0358 2328 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll 08:39:52.0405 2328 UmRdpService - ok 08:39:52.0468 2328 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll 08:39:52.0546 2328 upnphost - ok 08:39:52.0608 2328 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys 08:39:52.0639 2328 usbaudio - ok 08:39:52.0686 2328 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys 08:39:52.0717 2328 usbccgp - ok 08:39:52.0748 2328 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 08:39:52.0780 2328 usbcir - ok 08:39:52.0795 2328 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys 08:39:52.0811 2328 usbehci - ok 08:39:52.0858 2328 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys 08:39:52.0889 2328 usbhub - ok 08:39:52.0904 2328 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys 08:39:52.0951 2328 usbohci - ok 08:39:52.0998 2328 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 08:39:53.0029 2328 usbprint - ok 08:39:53.0045 2328 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS 08:39:53.0060 2328 USBSTOR - ok 08:39:53.0076 2328 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys 08:39:53.0092 2328 usbuhci - ok 08:39:53.0123 2328 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys 08:39:53.0170 2328 usbvideo - ok 08:39:53.0216 2328 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll 08:39:53.0279 2328 UxSms - ok 08:39:53.0310 2328 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 08:39:53.0341 2328 VaultSvc - ok 08:39:53.0404 2328 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 08:39:53.0419 2328 vdrvroot - ok 08:39:53.0482 2328 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe 08:39:53.0528 2328 vds - ok 08:39:53.0575 2328 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 08:39:53.0622 2328 vga - ok 08:39:53.0669 2328 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 08:39:53.0731 2328 VgaSave - ok 08:39:53.0731 2328 VGPU - ok 08:39:53.0778 2328 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 08:39:53.0794 2328 vhdmp - ok 08:39:53.0825 2328 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 08:39:53.0840 2328 viaagp - ok 08:39:53.0856 2328 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 08:39:53.0887 2328 ViaC7 - ok 08:39:53.0934 2328 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 08:39:53.0950 2328 viaide - ok 08:39:53.0996 2328 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys 08:39:54.0012 2328 vmbus - ok 08:39:54.0043 2328 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys 08:39:54.0059 2328 VMBusHID - ok 08:39:54.0074 2328 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 08:39:54.0090 2328 volmgr - ok 08:39:54.0121 2328 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 08:39:54.0137 2328 volmgrx - ok 08:39:54.0152 2328 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 08:39:54.0168 2328 volsnap - ok 08:39:54.0199 2328 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 08:39:54.0215 2328 vsmraid - ok 08:39:54.0277 2328 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe 08:39:54.0386 2328 VSS - ok 08:39:54.0418 2328 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 08:39:54.0464 2328 vwifibus - ok 08:39:54.0511 2328 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 08:39:54.0542 2328 vwififlt - ok 08:39:54.0574 2328 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys 08:39:54.0589 2328 vwifimp - ok 08:39:54.0652 2328 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll 08:39:54.0714 2328 W32Time - ok 08:39:54.0745 2328 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 08:39:54.0792 2328 WacomPen - ok 08:39:54.0854 2328 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 08:39:54.0917 2328 WANARP - ok 08:39:54.0932 2328 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 08:39:54.0948 2328 Wanarpv6 - ok 08:39:55.0042 2328 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe 08:39:55.0135 2328 WatAdminSvc - ok 08:39:55.0198 2328 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe 08:39:55.0244 2328 wbengine - ok 08:39:55.0291 2328 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll 08:39:55.0354 2328 WbioSrvc - ok 08:39:55.0400 2328 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll 08:39:55.0432 2328 wcncsvc - ok 08:39:55.0447 2328 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll 08:39:55.0525 2328 WcsPlugInService - ok 08:39:55.0556 2328 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 08:39:55.0588 2328 Wd - ok 08:39:55.0603 2328 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 08:39:55.0634 2328 Wdf01000 - ok 08:39:55.0650 2328 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 08:39:55.0759 2328 WdiServiceHost - ok 08:39:55.0759 2328 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 08:39:55.0790 2328 WdiSystemHost - ok 08:39:55.0822 2328 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll 08:39:55.0853 2328 WebClient - ok 08:39:55.0900 2328 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll 08:39:55.0931 2328 Wecsvc - ok 08:39:55.0946 2328 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll 08:39:55.0978 2328 wercplsupport - ok 08:39:56.0009 2328 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll 08:39:56.0024 2328 WerSvc - ok 08:39:56.0071 2328 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 08:39:56.0118 2328 WfpLwf - ok 08:39:56.0134 2328 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 08:39:56.0134 2328 WIMMount - ok 08:39:56.0258 2328 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll 08:39:56.0352 2328 WinDefend - ok 08:39:56.0368 2328 WinHttpAutoProxySvc - ok 08:39:56.0430 2328 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll 08:39:56.0492 2328 Winmgmt - ok 08:39:56.0586 2328 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll 08:39:56.0680 2328 WinRM - ok 08:39:56.0742 2328 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll 08:39:56.0789 2328 Wlansvc - ok 08:39:56.0820 2328 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 08:39:56.0836 2328 WmiAcpi - ok 08:39:56.0898 2328 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe 08:39:56.0945 2328 wmiApSrv - ok 08:39:57.0070 2328 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe 08:39:57.0194 2328 WMPNetworkSvc - ok 08:39:57.0241 2328 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll 08:39:57.0304 2328 WPCSvc - ok 08:39:57.0335 2328 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll 08:39:57.0382 2328 WPDBusEnum - ok 08:39:57.0413 2328 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 08:39:57.0475 2328 ws2ifsl - ok 08:39:57.0522 2328 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll 08:39:57.0553 2328 wscsvc - ok 08:39:57.0569 2328 WSearch - ok 08:39:57.0662 2328 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll 08:39:57.0756 2328 wuauserv - ok 08:39:57.0803 2328 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 08:39:57.0834 2328 WudfPf - ok 08:39:57.0881 2328 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 08:39:57.0912 2328 WUDFRd - ok 08:39:57.0959 2328 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll 08:39:58.0021 2328 wudfsvc - ok 08:39:58.0068 2328 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll 08:39:58.0115 2328 WwanSvc - ok 08:39:58.0162 2328 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 08:39:58.0286 2328 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 08:39:58.0286 2328 \Device\Harddisk0\DR0 - detected TDSS File System (1) 08:39:58.0318 2328 Boot (0x1200) (7ef4f5ffa007777457f9170bf81cc197) \Device\Harddisk0\DR0\Partition0 08:39:58.0318 2328 \Device\Harddisk0\DR0\Partition0 - ok 08:39:58.0333 2328 Boot (0x1200) (d1f645201fcabad361e29e5c1fb9b7e2) \Device\Harddisk0\DR0\Partition1 08:39:58.0333 2328 \Device\Harddisk0\DR0\Partition1 - ok 08:39:58.0333 2328 ============================================================ 08:39:58.0333 2328 Scan finished 08:39:58.0333 2328 ============================================================ 08:39:58.0349 3716 Detected object count: 1 08:39:58.0349 3716 Actual detected object count: 1 08:40:21.0109 3716 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 08:40:21.0109 3716 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
  22. RichHeller
    RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User: rich [Admin rights] Mode: Scan -- Date: 04/03/2012 08:26:11 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 5 ¤¤¤ [bLACKLIST DLL] HKUS\S-1-5-21-1128884737-855229167-1334141587-1001[...]\Run : Update (rundll32.exe "C:\Users\rich\AppData\Roaming\Cakewalk\Cakewalk\buhjtfc.dll",DllRegisterServer) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200BEVT-75ZCT2 ATA Device +++++ --- User --- [MBR] a98ce58c0140bae4bbc9f1c3d419755e [bSP] 4b59f11fc371874d53edb2cda998bf92 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 141 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 290816 | Size: 10240 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21262336 | Size: 294862 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  23. RichHeller
    When I do a search on google, the address of the links changes when I click on them. Well, the first one changes. If I right click on a link, it will change it to another address. After that, the other links on the page are unaffected. Malwarebytes quick scan results ------------------------------------------ Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.29.09 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 rich :: RICH-PC [administrator] 4/2/2012 9:05:10 AM mbam-log-2012-04-02 (09-05-10).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 190005 Time elapsed: 3 minute(s), 44 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) DDS.log ---------------------------------------- . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.1.0 Run by rich at 9:09:15 on 2012-04-02 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.2156 [GMT -5:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\taskeng.exe C:\Windows\system32\rundll32.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe C:\Program Files\PostgreSQL\9.0\bin\postgres.exe C:\Windows\system32\conhost.exe C:\Program Files\PostgreSQL\9.0\bin\postgres.exe C:\Program Files\PostgreSQL\9.0\bin\postgres.exe C:\Program Files\PostgreSQL\9.0\bin\postgres.exe C:\Program Files\PostgreSQL\9.0\bin\postgres.exe C:\Program Files\PostgreSQL\9.0\bin\postgres.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\M-AudioTaskBarIcon.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\notepad.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{855A61B4-F3AB-4273-AA7C-3A9801B994B6} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{96E1D7E3-0FF9-4000-AC2A-8104715BC0B7} : DhcpNameServer = 192.168.0.1 . ================= FIREFOX =================== . FF - ProfilePath - c:\users\rich\appdata\roaming\mozilla\firefox\profiles\kvtcmbdk.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll . ============= SERVICES / DRIVERS =============== . R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128] R2 postgresql-9.0;postgresql-9.0 - PostgreSQL Server 9.0;C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N "postgresql-9.0" -D "C:/Program Files/PostgreSQL/9.0/data" -w --> C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-9.0 [?] R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-13 229888] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-2 40776] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\drivers\MAudioFastTrack.sys [2010-12-7 158344] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-27 15872] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-27 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-20 1343400] . =============== Created Last 30 ================ . 2012-04-02 14:05:02 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-03-30 23:33:08 -------- d-sh--w- C:\$RECYCLE.BIN 2012-03-30 23:33:07 -------- d-----w- c:\users\rich\appdata\local\temp 2012-03-30 23:22:49 98816 ----a-w- c:\windows\sed.exe 2012-03-30 23:22:49 518144 ----a-w- c:\windows\SWREG.exe 2012-03-30 23:22:49 256000 ----a-w- c:\windows\PEV.exe 2012-03-30 23:22:49 208896 ----a-w- c:\windows\MBR.exe 2012-03-14 18:23:27 -------- d-----w- c:\program files\M-Audio 2012-03-11 00:15:01 68068 ----a-w- c:\windows\system32\bassmididrvuninstall.exe 2012-03-11 00:15:01 -------- d-----w- c:\windows\system32\bassmididrv 2012-03-10 22:39:58 -------- d-----w- c:\users\rich\TruePianos Settings 2012-03-10 22:39:31 -------- d-----w- c:\users\rich\appdata\roaming\Cakewalk 2012-03-10 22:35:17 -------- d-----w- c:\program files\common files\Native Instruments 2012-03-10 22:35:14 -------- d-----w- c:\program files\common files\Digidesign 2012-03-10 22:34:29 -------- d-----w- c:\program files\Native Instruments 2012-03-10 22:27:21 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-03-10 22:27:21 487424 ----a-w- c:\windows\system32\msvcp70.dll 2012-03-10 22:27:21 368640 ----a-w- c:\windows\system32\ReWire.dll 2012-03-10 22:27:21 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-03-10 22:27:21 344064 ----a-w- c:\windows\system32\msvcr70.dll 2012-03-10 22:27:21 1047552 ----a-w- c:\windows\system32\mfc71u.dll 2012-03-10 22:27:18 1060864 ----a-w- c:\windows\system32\mfc71.dll 2012-03-10 22:26:45 -------- d-----w- c:\programdata\Cakewalk 2012-03-10 22:26:45 -------- d-----w- c:\program files\Cakewalk 2012-03-10 22:26:45 -------- d-----w- C:\Cakewalk Projects . ==================== Find3M ==================== . 2012-01-14 03:35:54 2343424 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 9:09:42.83 =============== Attach.txt --------------------------------------- . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-06-23.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume3 Install Date: 11/20/2010 12:25:40 AM System Uptime: 4/2/2012 4:11:26 AM (5 hours ago) . Motherboard: Dell Inc. | | 0H275K Processor: Intel® Core2 Duo CPU T5850 @ 2.16GHz | Microprocessor | 996/166mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 288 GiB total, 217.518 GiB free. D: is FIXED (NTFS) - 10 GiB total, 5.348 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: Base System Device Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_02561028&REV_12\4&2CB1F2EC&0&0CF0 Manufacturer: Name: Base System Device PNP Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_02561028&REV_12\4&2CB1F2EC&0&0CF0 Service: . Class GUID: Description: Base System Device Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02561028&REV_12\4&2CB1F2EC&0&0BF0 Manufacturer: Name: Base System Device PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02561028&REV_12\4&2CB1F2EC&0&0BF0 Service: . Class GUID: Description: Device ID: ACPI\ITE8708\4&1E0559A0&0 Manufacturer: Name: PNP Device ID: ACPI\ITE8708\4&1E0559A0&0 Service: . Class GUID: Description: Base System Device Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02561028&REV_12\4&2CB1F2EC&0&0AF0 Manufacturer: Name: Base System Device PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02561028&REV_12\4&2CB1F2EC&0&0AF0 Service: . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Absolute Poker Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X Android SDK Tools Audacity 1.2.6 Compatibility Pack for the 2007 Office system ESET Online Scanner v3 Finale Reader 2011 Full Tilt Poker Guitar Pro 5.2 Java Auto Updater Java DB 10.5.3.0 Java 7 Update 1 M-Audio FastTrack Driver 6.0.6 (x86) Malwarebytes Anti-Malware version 1.60.1.1000 Microsoft Office Word Viewer 2003 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Mozilla Firefox 4.0.1 (x86 en-US) Mp3tag v2.48 Native Instruments Guitar Rig 3 Native Instruments Service Center NetBeans IDE 7.0 Beta 2 PokerStars PostgreSQL 9.0 SONAR 8.0 Producer Edition Winamp Winamp Detector Plug-in Yahoo! Detect . ==== Event Viewer Messages From Past Week ======== . 4/2/2012 8:40:54 AM, Error: atikmdag [43029] - Display is not active 3/30/2012 6:36:32 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter 3/30/2012 6:31:11 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 3/29/2012 4:59:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 3/29/2012 4:59:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 3/29/2012 4:59:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 3/29/2012 4:59:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 3/29/2012 4:59:09 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6 . ==== End Of File ===========================
  24. RichHeller
    . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.1.0 Run by rich at 22:50:30 on 2012-03-29 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.2259 [GMT -5:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\rundll32.exe C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\PostgreSQL\9.0\bin\postgres.exe C:\Windows\system32\conhost.exe C:\Program Files\PostgreSQL\9.0\bin\postgres.exe C:\Program Files\PostgreSQL\9.0\bin\postgres.exe C:\Program Files\PostgreSQL\9.0\bin\postgres.exe C:\Program Files\PostgreSQL\9.0\bin\postgres.exe C:\Program Files\PostgreSQL\9.0\bin\postgres.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\M-AudioTaskBarIcon.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{855A61B4-F3AB-4273-AA7C-3A9801B994B6} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{96E1D7E3-0FF9-4000-AC2A-8104715BC0B7} : DhcpNameServer = 192.168.0.1 . ================= FIREFOX =================== . FF - ProfilePath - c:\users\rich\appdata\roaming\mozilla\firefox\profiles\kvtcmbdk.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll . ============= SERVICES / DRIVERS =============== . R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128] R2 postgresql-9.0;postgresql-9.0 - PostgreSQL Server 9.0;C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N "postgresql-9.0" -D "C:/Program Files/PostgreSQL/9.0/data" -w --> C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-9.0 [?] R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-13 229888] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\drivers\MAudioFastTrack.sys [2010-12-7 158344] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-27 15872] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-27 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-20 1343400] . =============== Created Last 30 ================ . 2012-03-14 18:23:27 -------- d-----w- c:\program files\M-Audio 2012-03-11 00:15:01 68068 ----a-w- c:\windows\system32\bassmididrvuninstall.exe 2012-03-11 00:15:01 -------- d-----w- c:\windows\system32\bassmididrv 2012-03-10 22:39:58 -------- d-----w- c:\users\rich\TruePianos Settings 2012-03-10 22:39:31 -------- d-----w- c:\users\rich\appdata\roaming\Cakewalk 2012-03-10 22:35:17 -------- d-----w- c:\program files\common files\Native Instruments 2012-03-10 22:35:14 -------- d-----w- c:\program files\common files\Digidesign 2012-03-10 22:34:29 -------- d-----w- c:\program files\Native Instruments 2012-03-10 22:27:21 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-03-10 22:27:21 487424 ----a-w- c:\windows\system32\msvcp70.dll 2012-03-10 22:27:21 368640 ----a-w- c:\windows\system32\ReWire.dll 2012-03-10 22:27:21 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-03-10 22:27:21 344064 ----a-w- c:\windows\system32\msvcr70.dll 2012-03-10 22:27:21 1047552 ----a-w- c:\windows\system32\mfc71u.dll 2012-03-10 22:27:18 1060864 ----a-w- c:\windows\system32\mfc71.dll 2012-03-10 22:26:45 -------- d-----w- c:\programdata\Cakewalk 2012-03-10 22:26:45 -------- d-----w- c:\program files\Cakewalk 2012-03-10 22:26:45 -------- d-----w- C:\Cakewalk Projects . ==================== Find3M ==================== . 2012-01-14 03:35:54 2343424 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 22:50:57.75 =============== Attach.txt
  25. RichHeller
    Ok, we're good to go. This can be closed. Thanks for all the help!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.