sunnyd53

Unhide by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2012 BleepingComputer.com More Information about Unhide.exe can be found at this link: http://www.bleepingcomputer.com/forums/topic405109.html Program started at: 04/14/2012 10:21:24 AM Windows Version: Windows 7 Please be patient while your files are made visible again. Processing the C:\ drive Finished processing the C:\ drive. 200586 files processed. The C:\Users\Shane\AppData\Local\Temp\smtmp\ folder does not exist!! Unhide cannot restore your missing shortcuts!! Please see this topic in order to learn how to restore default Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html Searching for Windows Registry changes made by FakeHDD rogues. - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced No registry changes detected. Restarting Explorer.exe in order to apply changes. Program finished at: 04/14/2012 10:23:41 AM Execution time: 0 hours(s), 2 minute(s), and 16 seconds(s)

OK - but I don't see %TEMP% to move everything back. I found C:\ProgramData\Microsoft\Windows\Start Menu but every folder is actually empty even after changing my pref's to show all (known types and system are shown too) - Can I use that find utility to look for some other program that should be in one of those folders?

It isn't a huge issue, but my start menu is empty - every folder shows as empty in the actual start menu, and in users/myname/startmenu (or whatever the exact dir. is).

Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.12.01 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Shane :: SHANES-LAPTOP [administrator] Protection: Enabled 4/11/2012 10:42:27 PM mbam-log-2012-04-11 (22-42-27).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 205607 Time elapsed: 9 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

SystemLook 30.07.11 by jpshortstuff Log created at 22:22 on 11/04/2012 by Shane Administrator - Elevation successful ========== Filefind ========== Searching for "i8042prt.sys" C:\Windows\System32\drivers\i8042prt.sys --ah--- 80896 bytes [23:11 13/07/2009] [23:11 13/07/2009] F151F0BDC47F4A28B1B20A0818EA36D6 C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_0c4a1880f2aa5a72\i8042prt.sys --ah--- 80896 bytes [23:11 13/07/2009] [23:11 13/07/2009] F151F0BDC47F4A28B1B20A0818EA36D6 C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_x86_neutral_7a9084e0177406eb\i8042prt.sys --ah--- 80896 bytes [23:11 13/07/2009] [23:11 13/07/2009] F151F0BDC47F4A28B1B20A0818EA36D6 C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_9724c3fc3a4c81ef\i8042prt.sys --ah--- 80896 bytes [23:11 13/07/2009] [23:11 13/07/2009] F151F0BDC47F4A28B1B20A0818EA36D6 C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_9955d7c4373b0589\i8042prt.sys --ah--- 80896 bytes [23:11 13/07/2009] [23:11 13/07/2009] F151F0BDC47F4A28B1B20A0818EA36D6 C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_4e0a61a033aec8c3\i8042prt.sys --ah--- 80896 bytes [23:11 13/07/2009] [23:11 13/07/2009] F151F0BDC47F4A28B1B20A0818EA36D6 Searching for "Calc.exe" C:\Windows\System32\calc.exe --a---- 776192 bytes [23:41 13/07/2009] [01:14 14/07/2009] 4884DA7754823B44CCC2B2106F21146E C:\Windows\winsxs\x86_microsoft-windows-calc_31bf3856ad364e35_6.1.7600.16385_none_a994575e7c0f8d6e\calc.exe --a---- 776192 bytes [23:41 13/07/2009] [01:14 14/07/2009] 4884DA7754823B44CCC2B2106F21146E C:\Windows\winsxs\x86_microsoft-windows-calc_31bf3856ad364e35_6.1.7601.17514_none_abc56b2678fe1108\calc.exe --a---- 776192 bytes [14:08 26/05/2011] [12:16 20/11/2010] 60B7C0FEAD45F2066E5B805A91F4F0FC -= EOF =-

Nope - Smart HDD popped back up as an icon on my desktop after a restart, and my start menu folders are all "empty".

Ok - and another issue - my mouse driver is gone so my touchpad auto scroll - all that fun stuff is missing...

Smart HDD still has a folder with a smart HDD exe and an uninstall app... should I delete that?

Seems better... it changed my task bar a bit and my start menu isn't auto populated with recent files / programs and I can't find my calculator... but it seems better.

Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.04.10.01 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Shane :: SHANES-LAPTOP [administrator] Protection: Disabled 4/9/2012 10:24:23 PM mbam-log-2012-04-09 (22-24-23).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 202565 Time elapsed: 7 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

ComboFix 12-04-09.05 - Shane 04/09/2012 20:27:57.5.2 - x86 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3582.2661 [GMT -4:00] Running from: c:\users\Shane\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2012-03-10 to 2012-04-10 ))))))))))))))))))))))))))))))) . . 2012-04-10 00:33 . 2012-04-10 00:33 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-04-10 00:33 . 2012-04-10 00:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-07 18:48 . 2012-04-10 00:40 -------- d-----w- c:\users\Shane\AppData\Local\temp 2012-04-07 17:22 . 2012-04-07 17:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-07 17:22 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-07 16:42 . 2012-04-10 00:04 -------- d-----w- C:\TDSSKiller_Quarantine 2012-04-05 23:24 . 2012-04-05 23:24 117760 ----a-w- c:\programdata\Microsoft\Windows\DRM\D5C6.tmp 2012-03-29 02:10 . 2012-03-29 02:10 -------- d-----w- c:\users\Shane\AppData\Roaming\NVIDIA 2012-03-14 11:17 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-14 11:17 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-13 22:36 . 2012-02-03 04:01 2341376 ----a-w- c:\windows\system32\win32k.sys 2012-03-13 22:36 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\system32\DWrite.dll 2012-03-13 22:36 . 2012-02-10 05:41 218624 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-03-13 22:36 . 2012-02-10 05:41 161792 ----a-w- c:\windows\system32\d3d10_1.dll 2012-03-13 22:36 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\system32\d3d10warp.dll 2012-03-13 22:36 . 2012-02-10 05:41 739840 ----a-w- c:\windows\system32\d2d1.dll 2012-03-13 22:36 . 2012-01-25 05:44 57856 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-13 22:36 . 2012-01-25 05:44 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-13 22:36 . 2012-01-25 05:40 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-13 22:36 . 2012-02-15 05:44 826368 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-13 22:36 . 2012-02-15 04:22 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-13 22:36 . 2012-02-15 04:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-07 16:43 . 2009-07-13 23:15 387584 ----a-w- c:\windows\system32\drivers\csc.sys 2012-03-02 23:04 . 2011-08-24 00:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\users\Shane\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-28 137536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160] "V0650Mon.exe"="c:\windows\V0650Mon.exe" [2010-02-23 28672] "Rocket Live! Central 2"="c:\program files\Rocketfish HD Webcam\Live! Central\RFLVCentral2.exe" [2010-02-24 430247] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . c:\users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Shane\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216] MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-3-10 576000] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srv1A8] @="service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 srv1A8;srv1A8;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-03-26 144640] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 MicrosoftDynamicsNavWS;Microsoft Dynamics NAV Business Web Services;c:\program files\Microsoft Dynamics NAV\60\Service\Microsoft.Dynamics.Nav.Server.exe [2009-08-14 141184] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] R3 V0650Vid;Rocketfish HD Webcam Driver;c:\windows\system32\DRIVERS\V0650Vid.sys [2010-03-31 322176] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-25 1343400] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 MicrosoftDynamicsNavServer;Microsoft Dynamics NAV Server;c:\program files\Microsoft Dynamics NAV\60\Service\Microsoft.Dynamics.Nav.Server.exe [2009-08-14 141184] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs srv1A8 sonicstagemonitoring ndasscsi susbser aracpi AtcL002 Dell1100_FUService cachemgr . Contents of the 'Scheduled Tasks' folder . 2012-04-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-6052232-4208316721-2272119812-1000Core.job - c:\users\Shane\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-28 00:02] . 2012-04-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-6052232-4208316721-2272119812-1000UA.job - c:\users\Shane\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-28 00:02] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105 Trusted Zone: caplugs.com\citrix TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv1A8] "servicedll"="\\?\globalroot\Device\HarddiskVolume2\Windows\Temp\srv1A8.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(800) c:\users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . ------------------------ Other Running Processes ------------------------ . c:\progra~1\AVG\AVG2012\avgrsx.exe c:\program files\AVG\AVG2012\avgcsrvx.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\System32\bgsvcgen.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\AVG\AVG2012\avgnsx.exe c:\program files\AVG\AVG2012\avgemcx.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe . ************************************************************************** . Completion time: 2012-04-09 20:44:54 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-10 00:44 ComboFix2.txt 2012-04-07 18:48 ComboFix3.txt 2011-08-21 21:10 ComboFix4.txt 2011-08-19 00:16 ComboFix5.txt 2012-04-10 00:26 . Pre-Run: 98,348,232,704 bytes free Post-Run: 98,071,592,960 bytes free . - - End Of File - - D7848785C67A83D1668FE348E839DA8D

20:01:25.0267 2108 TDSS rootkit removing tool 2.7.27.0 Apr 9 2012 09:53:37 20:01:25.0907 2108 ============================================================ 20:01:25.0907 2108 Current date / time: 2012/04/09 20:01:25.0907 20:01:25.0907 2108 SystemInfo: 20:01:25.0907 2108 20:01:25.0907 2108 OS Version: 6.1.7600 ServicePack: 0.0 20:01:25.0907 2108 Product type: Workstation 20:01:25.0907 2108 ComputerName: SHANES-LAPTOP 20:01:25.0907 2108 UserName: Shane 20:01:25.0907 2108 Windows directory: C:\Windows 20:01:25.0907 2108 System windows directory: C:\Windows 20:01:25.0907 2108 Processor architecture: Intel x86 20:01:25.0907 2108 Number of processors: 2 20:01:25.0907 2108 Page size: 0x1000 20:01:25.0907 2108 Boot type: Normal boot 20:01:25.0907 2108 ============================================================ 20:01:26.0997 2108 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 20:01:26.0997 2108 \Device\Harddisk0\DR0: 20:01:26.0997 2108 MBR used 20:01:26.0997 2108 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x1D192000 20:01:27.0027 2108 Initialize success 20:01:27.0027 2108 ============================================================ 20:01:51.0665 7648 ============================================================ 20:01:51.0665 7648 Scan started 20:01:51.0665 7648 Mode: Manual; SigCheck; TDLFS; 20:01:51.0665 7648 ============================================================ 20:01:53.0954 7648 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys 20:01:54.0094 7648 1394ohci - ok 20:01:54.0124 7648 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 20:01:54.0144 7648 ACPI - ok 20:01:54.0154 7648 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 20:01:54.0224 7648 AcpiPmi - ok 20:01:54.0324 7648 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 20:01:54.0344 7648 AdobeARMservice - ok 20:01:54.0454 7648 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 20:01:54.0474 7648 adp94xx - ok 20:01:54.0524 7648 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 20:01:54.0544 7648 adpahci - ok 20:01:54.0564 7648 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 20:01:54.0574 7648 adpu320 - ok 20:01:54.0604 7648 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll 20:01:54.0644 7648 AeLookupSvc - ok 20:01:54.0804 7648 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys 20:01:54.0854 7648 AFD - ok 20:01:54.0884 7648 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 20:01:54.0894 7648 agp440 - ok 20:01:54.0924 7648 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 20:01:54.0934 7648 aic78xx - ok 20:01:54.0984 7648 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe 20:01:55.0014 7648 ALG - ok 20:01:55.0124 7648 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 20:01:55.0134 7648 aliide - ok 20:01:55.0144 7648 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 20:01:55.0154 7648 amdagp - ok 20:01:55.0174 7648 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 20:01:55.0184 7648 amdide - ok 20:01:55.0224 7648 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 20:01:55.0254 7648 AmdK8 - ok 20:01:55.0284 7648 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 20:01:55.0314 7648 AmdPPM - ok 20:01:55.0434 7648 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys 20:01:55.0444 7648 amdsata - ok 20:01:55.0484 7648 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 20:01:55.0494 7648 amdsbs - ok 20:01:55.0564 7648 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys 20:01:55.0574 7648 amdxata - ok 20:01:55.0604 7648 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 20:01:55.0644 7648 AppID - ok 20:01:55.0684 7648 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll 20:01:55.0744 7648 AppIDSvc - ok 20:01:55.0784 7648 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll 20:01:55.0844 7648 Appinfo - ok 20:01:55.0974 7648 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 20:01:55.0984 7648 Apple Mobile Device - ok 20:01:56.0074 7648 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll 20:01:56.0114 7648 AppMgmt - ok 20:01:56.0174 7648 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 20:01:56.0184 7648 arc - ok 20:01:56.0214 7648 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 20:01:56.0224 7648 arcsas - ok 20:01:56.0274 7648 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 20:01:56.0374 7648 AsyncMac - ok 20:01:56.0504 7648 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 20:01:56.0514 7648 atapi - ok 20:01:56.0564 7648 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll 20:01:56.0634 7648 AudioEndpointBuilder - ok 20:01:56.0644 7648 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll 20:01:56.0674 7648 Audiosrv - ok 20:01:56.0894 7648 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe 20:01:56.0994 7648 AVGIDSAgent - ok 20:01:57.0124 7648 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 20:01:57.0154 7648 AVGIDSDriver - ok 20:01:57.0184 7648 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 20:01:57.0194 7648 AVGIDSEH - ok 20:01:57.0214 7648 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 20:01:57.0224 7648 AVGIDSFilter - ok 20:01:57.0264 7648 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys 20:01:57.0274 7648 AVGIDSShim - ok 20:01:57.0374 7648 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys 20:01:57.0384 7648 Avgldx86 - ok 20:01:57.0424 7648 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys 20:01:57.0434 7648 Avgmfx86 - ok 20:01:57.0504 7648 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys 20:01:57.0504 7648 Avgrkx86 - ok 20:01:57.0574 7648 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys 20:01:57.0584 7648 Avgtdix - ok 20:01:57.0724 7648 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe 20:01:57.0774 7648 avgwd - ok 20:01:57.0824 7648 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll 20:01:57.0904 7648 AxInstSV - ok 20:01:57.0984 7648 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 20:01:58.0034 7648 b06bdrv - ok 20:01:58.0094 7648 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 20:01:58.0144 7648 b57nd60x - ok 20:01:58.0194 7648 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll 20:01:58.0224 7648 BDESVC - ok 20:01:58.0284 7648 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 20:01:58.0334 7648 Beep - ok 20:01:58.0414 7648 bgsvcgen (acc9c8c560c567fad6f79c977ab2ea09) C:\Windows\System32\bgsvcgen.exe 20:01:58.0424 7648 bgsvcgen - ok 20:01:58.0474 7648 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll 20:01:58.0534 7648 BITS - ok 20:01:58.0574 7648 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 20:01:58.0604 7648 blbdrive - ok 20:01:58.0744 7648 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe 20:01:58.0754 7648 Bonjour Service - ok 20:01:58.0914 7648 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys 20:01:58.0984 7648 bowser - ok 20:01:59.0004 7648 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 20:01:59.0044 7648 BrFiltLo - ok 20:01:59.0074 7648 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 20:01:59.0104 7648 BrFiltUp - ok 20:01:59.0214 7648 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys 20:01:59.0264 7648 BridgeMP - ok 20:01:59.0304 7648 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll 20:01:59.0344 7648 Browser - ok 20:01:59.0394 7648 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 20:01:59.0444 7648 Brserid - ok 20:01:59.0544 7648 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 20:01:59.0574 7648 BrSerWdm - ok 20:01:59.0604 7648 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 20:01:59.0644 7648 BrUsbMdm - ok 20:01:59.0674 7648 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 20:01:59.0704 7648 BrUsbSer - ok 20:01:59.0744 7648 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 20:01:59.0774 7648 BTHMODEM - ok 20:01:59.0854 7648 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll 20:01:59.0904 7648 bthserv - ok 20:02:00.0004 7648 catchme - ok 20:02:00.0054 7648 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 20:02:00.0104 7648 cdfs - ok 20:02:00.0174 7648 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys 20:02:00.0214 7648 cdrom - ok 20:02:00.0294 7648 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll 20:02:00.0354 7648 CertPropSvc - ok 20:02:00.0394 7648 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 20:02:00.0414 7648 circlass - ok 20:02:00.0474 7648 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 20:02:00.0494 7648 CLFS - ok 20:02:00.0584 7648 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:02:00.0624 7648 clr_optimization_v2.0.50727_32 - ok 20:02:00.0754 7648 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:02:00.0774 7648 clr_optimization_v4.0.30319_32 - ok 20:02:00.0854 7648 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 20:02:00.0904 7648 CmBatt - ok 20:02:00.0934 7648 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 20:02:00.0944 7648 cmdide - ok 20:02:01.0004 7648 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys 20:02:01.0024 7648 CNG - ok 20:02:01.0064 7648 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 20:02:01.0074 7648 Compbatt - ok 20:02:01.0084 7648 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 20:02:01.0094 7648 CompositeBus - ok 20:02:01.0144 7648 COMSysApp - ok 20:02:01.0204 7648 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 20:02:01.0214 7648 crcdisk - ok 20:02:01.0244 7648 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll 20:02:01.0294 7648 CryptSvc - ok 20:02:01.0354 7648 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys 20:02:01.0404 7648 CSC - ok 20:02:01.0474 7648 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll 20:02:01.0514 7648 CscService - ok 20:02:01.0634 7648 CtClsFlt (d7d3bb3a3df1193ec0fdbb24d4540fb5) C:\Windows\system32\DRIVERS\CtClsFlt.sys 20:02:01.0664 7648 CtClsFlt - ok 20:02:01.0764 7648 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys 20:02:01.0774 7648 ctxusbm - ok 20:02:01.0854 7648 dc3d (7caaf4af453ef3582fef65dd72caa0aa) C:\Windows\system32\DRIVERS\dc3d.sys 20:02:01.0924 7648 dc3d - ok 20:02:01.0964 7648 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll 20:02:02.0054 7648 DcomLaunch - ok 20:02:02.0114 7648 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll 20:02:02.0164 7648 defragsvc - ok 20:02:02.0224 7648 Dell1100_FUService - ok 20:02:02.0304 7648 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys 20:02:02.0324 7648 DfsC - ok 20:02:02.0374 7648 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll 20:02:02.0444 7648 Dhcp - ok 20:02:02.0494 7648 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 20:02:02.0544 7648 discache - ok 20:02:02.0654 7648 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 20:02:02.0664 7648 Disk - ok 20:02:02.0714 7648 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll 20:02:02.0744 7648 Dnscache - ok 20:02:02.0794 7648 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll 20:02:02.0844 7648 dot3svc - ok 20:02:02.0874 7648 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll 20:02:02.0914 7648 DPS - ok 20:02:03.0034 7648 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 20:02:03.0084 7648 drmkaud - ok 20:02:03.0174 7648 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys 20:02:03.0194 7648 DXGKrnl - ok 20:02:03.0274 7648 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll 20:02:03.0324 7648 EapHost - ok 20:02:03.0434 7648 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 20:02:03.0494 7648 ebdrv - ok 20:02:03.0604 7648 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe 20:02:03.0644 7648 EFS - ok 20:02:03.0714 7648 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe 20:02:03.0764 7648 ehRecvr - ok 20:02:03.0794 7648 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe 20:02:03.0824 7648 ehSched - ok 20:02:03.0894 7648 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 20:02:03.0904 7648 elxstor - ok 20:02:03.0984 7648 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 20:02:04.0034 7648 ErrDev - ok 20:02:04.0134 7648 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll 20:02:04.0194 7648 EventSystem - ok 20:02:04.0214 7648 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 20:02:04.0244 7648 exfat - ok 20:02:04.0274 7648 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 20:02:04.0294 7648 fastfat - ok 20:02:04.0334 7648 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe 20:02:04.0384 7648 Fax - ok 20:02:04.0494 7648 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 20:02:04.0524 7648 fdc - ok 20:02:04.0564 7648 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll 20:02:04.0604 7648 fdPHost - ok 20:02:04.0634 7648 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll 20:02:04.0684 7648 FDResPub - ok 20:02:04.0714 7648 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 20:02:04.0724 7648 FileInfo - ok 20:02:04.0844 7648 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 20:02:04.0874 7648 Filetrace - ok 20:02:04.0894 7648 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 20:02:04.0924 7648 flpydisk - ok 20:02:04.0974 7648 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 20:02:04.0984 7648 FltMgr - ok 20:02:05.0044 7648 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll 20:02:05.0094 7648 FontCache - ok 20:02:05.0194 7648 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 20:02:05.0194 7648 FontCache3.0.0.0 - ok 20:02:05.0274 7648 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 20:02:05.0284 7648 FsDepends - ok 20:02:05.0294 7648 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 20:02:05.0304 7648 Fs_Rec - ok 20:02:05.0344 7648 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys 20:02:05.0354 7648 fvevol - ok 20:02:05.0394 7648 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 20:02:05.0404 7648 gagp30kx - ok 20:02:05.0494 7648 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 20:02:05.0504 7648 GEARAspiWDM - ok 20:02:05.0554 7648 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll 20:02:05.0604 7648 gpsvc - ok 20:02:05.0694 7648 guardian2 (f058c5f64dff28a2c8d7d1d04171e604) C:\Windows\system32\Drivers\oz776.sys 20:02:05.0704 7648 guardian2 - ok 20:02:05.0734 7648 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 20:02:05.0774 7648 hcw85cir - ok 20:02:05.0844 7648 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 20:02:05.0874 7648 HdAudAddService - ok 20:02:05.0964 7648 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 20:02:06.0004 7648 HDAudBus - ok 20:02:06.0044 7648 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 20:02:06.0074 7648 HidBatt - ok 20:02:06.0104 7648 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 20:02:06.0134 7648 HidBth - ok 20:02:06.0184 7648 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 20:02:06.0224 7648 HidIr - ok 20:02:06.0264 7648 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll 20:02:06.0314 7648 hidserv - ok 20:02:06.0364 7648 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 20:02:06.0404 7648 HidUsb - ok 20:02:06.0434 7648 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll 20:02:06.0484 7648 hkmsvc - ok 20:02:06.0514 7648 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll 20:02:06.0554 7648 HomeGroupListener - ok 20:02:06.0614 7648 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll 20:02:06.0654 7648 HomeGroupProvider - ok 20:02:06.0754 7648 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 20:02:06.0764 7648 HpSAMD - ok 20:02:06.0804 7648 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 20:02:06.0854 7648 HTTP - ok 20:02:06.0904 7648 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 20:02:06.0914 7648 hwpolicy - ok 20:02:07.0004 7648 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 20:02:07.0044 7648 i8042prt - ok 20:02:07.0114 7648 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys 20:02:07.0124 7648 iaStorV - ok 20:02:07.0234 7648 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe 20:02:07.0274 7648 IDriverT ( UnsignedFile.Multi.Generic ) - warning 20:02:07.0274 7648 IDriverT - detected UnsignedFile.Multi.Generic (1) 20:02:07.0394 7648 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 20:02:07.0414 7648 idsvc - ok 20:02:07.0514 7648 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 20:02:07.0534 7648 iirsp - ok 20:02:07.0604 7648 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll 20:02:07.0654 7648 IKEEXT - ok 20:02:07.0744 7648 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 20:02:07.0754 7648 intelide - ok 20:02:07.0784 7648 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 20:02:07.0824 7648 intelppm - ok 20:02:07.0874 7648 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll 20:02:07.0934 7648 IPBusEnum - ok 20:02:07.0954 7648 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:02:08.0014 7648 IpFilterDriver - ok 20:02:08.0084 7648 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll 20:02:08.0144 7648 iphlpsvc - ok 20:02:08.0214 7648 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 20:02:08.0254 7648 IPMIDRV - ok 20:02:08.0284 7648 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 20:02:08.0334 7648 IPNAT - ok 20:02:08.0424 7648 iPod Service (6e27978a4755f4789f912f5f49392f7c) C:\Program Files\iPod\bin\iPodService.exe 20:02:08.0474 7648 iPod Service - ok 20:02:08.0564 7648 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 20:02:08.0574 7648 IRENUM - ok 20:02:08.0614 7648 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 20:02:08.0624 7648 isapnp - ok 20:02:08.0644 7648 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 20:02:08.0664 7648 iScsiPrt - ok 20:02:08.0694 7648 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 20:02:08.0704 7648 kbdclass - ok 20:02:08.0734 7648 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 20:02:08.0764 7648 kbdhid - ok 20:02:08.0804 7648 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe 20:02:08.0814 7648 KeyIso - ok 20:02:08.0864 7648 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys 20:02:08.0874 7648 KSecDD - ok 20:02:08.0974 7648 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys 20:02:08.0984 7648 KSecPkg - ok 20:02:09.0024 7648 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll 20:02:09.0074 7648 KtmRm - ok 20:02:09.0184 7648 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll 20:02:09.0224 7648 LanmanServer - ok 20:02:09.0294 7648 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll 20:02:09.0344 7648 LanmanWorkstation - ok 20:02:09.0494 7648 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 20:02:09.0534 7648 lltdio - ok 20:02:09.0574 7648 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll 20:02:09.0634 7648 lltdsvc - ok 20:02:09.0654 7648 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll 20:02:09.0714 7648 lmhosts - ok 20:02:09.0784 7648 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 20:02:09.0794 7648 LSI_FC - ok 20:02:09.0834 7648 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 20:02:09.0854 7648 LSI_SAS - ok 20:02:09.0874 7648 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 20:02:09.0884 7648 LSI_SAS2 - ok 20:02:09.0914 7648 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 20:02:09.0934 7648 LSI_SCSI - ok 20:02:09.0964 7648 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 20:02:10.0014 7648 luafv - ok 20:02:10.0054 7648 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys 20:02:10.0074 7648 MBAMProtector - ok 20:02:10.0164 7648 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 20:02:10.0184 7648 MBAMService - ok 20:02:10.0314 7648 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys 20:02:10.0344 7648 mcdbus ( UnsignedFile.Multi.Generic ) - warning 20:02:10.0344 7648 mcdbus - detected UnsignedFile.Multi.Generic (1) 20:02:10.0384 7648 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll 20:02:10.0424 7648 Mcx2Svc - ok 20:02:10.0464 7648 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 20:02:10.0474 7648 megasas - ok 20:02:10.0584 7648 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 20:02:10.0604 7648 MegaSR - ok 20:02:10.0684 7648 Microsoft SharePoint Workspace Audit Service - ok 20:02:10.0764 7648 MicrosoftDynamicsNavServer (5da917ccfcceed280cfddbe94aae9b3f) C:\Program Files\Microsoft Dynamics NAV\60\Service\Microsoft.Dynamics.Nav.Server.exe 20:02:10.0774 7648 MicrosoftDynamicsNavServer - ok 20:02:10.0774 7648 MicrosoftDynamicsNavWS (5da917ccfcceed280cfddbe94aae9b3f) C:\Program Files\Microsoft Dynamics NAV\60\Service\Microsoft.Dynamics.Nav.Server.exe 20:02:10.0784 7648 MicrosoftDynamicsNavWS - ok 20:02:10.0854 7648 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 20:02:10.0904 7648 MMCSS - ok 20:02:10.0954 7648 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 20:02:11.0004 7648 Modem - ok 20:02:11.0044 7648 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 20:02:11.0074 7648 monitor - ok 20:02:11.0114 7648 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 20:02:11.0124 7648 mouclass - ok 20:02:11.0164 7648 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 20:02:11.0194 7648 mouhid - ok 20:02:11.0294 7648 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 20:02:11.0304 7648 mountmgr - ok 20:02:11.0324 7648 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 20:02:11.0344 7648 mpio - ok 20:02:11.0364 7648 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 20:02:11.0434 7648 mpsdrv - ok 20:02:11.0474 7648 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 20:02:11.0494 7648 MRxDAV - ok 20:02:11.0544 7648 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys 20:02:11.0594 7648 mrxsmb - ok 20:02:11.0714 7648 mrxsmb10 (c108952d3660375dcb716b222912e868) C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:02:11.0744 7648 mrxsmb10 - ok 20:02:11.0764 7648 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:02:11.0784 7648 mrxsmb20 - ok 20:02:11.0824 7648 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys 20:02:11.0834 7648 msahci - ok 20:02:11.0864 7648 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 20:02:11.0874 7648 msdsm - ok 20:02:11.0914 7648 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe 20:02:11.0954 7648 MSDTC - ok 20:02:12.0034 7648 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 20:02:12.0064 7648 Msfs - ok 20:02:12.0074 7648 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 20:02:12.0124 7648 mshidkmdf - ok 20:02:12.0174 7648 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 20:02:12.0184 7648 msisadrv - ok 20:02:12.0214 7648 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll 20:02:12.0244 7648 MSiSCSI - ok 20:02:12.0254 7648 msiserver - ok 20:02:12.0294 7648 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 20:02:12.0334 7648 MSKSSRV - ok 20:02:12.0424 7648 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 20:02:12.0474 7648 MSPCLOCK - ok 20:02:12.0524 7648 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 20:02:12.0554 7648 MSPQM - ok 20:02:12.0574 7648 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 20:02:12.0584 7648 MsRPC - ok 20:02:12.0604 7648 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 20:02:12.0614 7648 mssmbios - ok 20:02:12.0764 7648 MSSQLSERVER - ok 20:02:12.0844 7648 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe 20:02:12.0854 7648 MSSQLServerADHelper - ok 20:02:12.0944 7648 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 20:02:12.0974 7648 MSTEE - ok 20:02:13.0004 7648 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 20:02:13.0044 7648 MTConfig - ok 20:02:13.0074 7648 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 20:02:13.0084 7648 Mup - ok 20:02:13.0114 7648 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll 20:02:13.0164 7648 napagent - ok 20:02:13.0204 7648 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 20:02:13.0244 7648 NativeWifiP - ok 20:02:13.0284 7648 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys 20:02:13.0314 7648 NDIS - ok 20:02:13.0414 7648 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 20:02:13.0464 7648 NdisCap - ok 20:02:13.0504 7648 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 20:02:13.0544 7648 NdisTapi - ok 20:02:13.0584 7648 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 20:02:13.0634 7648 Ndisuio - ok 20:02:13.0744 7648 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 20:02:13.0774 7648 NdisWan - ok 20:02:13.0794 7648 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 20:02:13.0824 7648 NDProxy - ok 20:02:13.0844 7648 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 20:02:13.0894 7648 NetBIOS - ok 20:02:13.0924 7648 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 20:02:13.0974 7648 NetBT - ok 20:02:14.0014 7648 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe 20:02:14.0034 7648 Netlogon - ok 20:02:14.0094 7648 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll 20:02:14.0144 7648 Netman - ok 20:02:14.0194 7648 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll 20:02:14.0244 7648 netprofm - ok 20:02:14.0314 7648 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:02:14.0324 7648 NetTcpPortSharing - ok 20:02:14.0434 7648 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys 20:02:14.0554 7648 netw5v32 - ok 20:02:14.0684 7648 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 20:02:14.0694 7648 nfrd960 - ok 20:02:14.0734 7648 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll 20:02:14.0794 7648 NlaSvc - ok 20:02:14.0814 7648 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 20:02:14.0854 7648 Npfs - ok 20:02:14.0874 7648 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll 20:02:14.0904 7648 nsi - ok 20:02:14.0924 7648 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 20:02:14.0974 7648 nsiproxy - ok 20:02:15.0124 7648 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys 20:02:15.0164 7648 Ntfs - ok 20:02:15.0174 7648 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 20:02:15.0214 7648 Null - ok 20:02:15.0534 7648 nvlddmkm (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys 20:02:15.0824 7648 nvlddmkm - ok 20:02:15.0994 7648 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys 20:02:16.0014 7648 nvraid - ok 20:02:16.0024 7648 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys 20:02:16.0034 7648 nvstor - ok 20:02:16.0084 7648 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 20:02:16.0104 7648 nv_agp - ok 20:02:16.0124 7648 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 20:02:16.0164 7648 ohci1394 - ok 20:02:16.0224 7648 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:02:16.0234 7648 ose - ok 20:02:16.0404 7648 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 20:02:16.0524 7648 osppsvc - ok 20:02:16.0604 7648 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 20:02:16.0644 7648 p2pimsvc - ok 20:02:16.0684 7648 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll 20:02:16.0724 7648 p2psvc - ok 20:02:16.0774 7648 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 20:02:16.0815 7648 Parport - ok 20:02:16.0831 7648 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 20:02:16.0846 7648 partmgr - ok 20:02:16.0862 7648 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 20:02:16.0919 7648 Parvdm - ok 20:02:16.0999 7648 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll 20:02:17.0019 7648 PcaSvc - ok 20:02:17.0039 7648 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 20:02:17.0049 7648 pci - ok 20:02:17.0069 7648 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 20:02:17.0079 7648 pciide - ok 20:02:17.0109 7648 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 20:02:17.0119 7648 pcmcia - ok 20:02:17.0139 7648 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 20:02:17.0159 7648 pcw - ok 20:02:17.0209 7648 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 20:02:17.0279 7648 PEAUTH - ok 20:02:17.0369 7648 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll 20:02:17.0419 7648 PeerDistSvc - ok 20:02:17.0489 7648 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll 20:02:17.0559 7648 pla - ok 20:02:17.0679 7648 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll 20:02:17.0729 7648 PlugPlay - ok 20:02:17.0819 7648 Pml Driver HPZ12 (13fbe33e8ab8284c6a3c6ce86fa59ea0) C:\Windows\system32\HPZipm12.dll 20:02:17.0859 7648 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 20:02:17.0859 7648 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 20:02:17.0899 7648 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll 20:02:17.0939 7648 PNRPAutoReg - ok 20:02:17.0969 7648 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 20:02:17.0989 7648 PNRPsvc - ok 20:02:18.0109 7648 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys 20:02:18.0119 7648 Point32 - ok 20:02:18.0149 7648 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll 20:02:18.0209 7648 PolicyAgent - ok 20:02:18.0249 7648 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll 20:02:18.0289 7648 Power - ok 20:02:18.0379 7648 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 20:02:18.0439 7648 PptpMiniport - ok 20:02:18.0549 7648 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 20:02:18.0589 7648 Processor - ok 20:02:18.0649 7648 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll 20:02:18.0709 7648 ProfSvc - ok 20:02:18.0779 7648 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe 20:02:18.0799 7648 ProtectedStorage - ok 20:02:18.0889 7648 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 20:02:18.0939 7648 Psched - ok 20:02:18.0985 7648 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 20:02:19.0017 7648 ql2300 - ok 20:02:19.0126 7648 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 20:02:19.0141 7648 ql40xx - ok 20:02:19.0173 7648 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll 20:02:19.0219 7648 QWAVE - ok 20:02:19.0235 7648 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 20:02:19.0266 7648 QWAVEdrv - ok 20:02:19.0329 7648 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll 20:02:19.0344 7648 RapiMgr - ok 20:02:19.0360 7648 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 20:02:19.0407 7648 RasAcd - ok 20:02:19.0563 7648 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 20:02:19.0594 7648 RasAgileVpn - ok 20:02:19.0609 7648 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll 20:02:19.0641 7648 RasAuto - ok 20:02:19.0672 7648 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 20:02:19.0719 7648 Rasl2tp - ok 20:02:19.0765 7648 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll 20:02:19.0828 7648 RasMan - ok 20:02:19.0953 7648 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 20:02:19.0999 7648 RasPppoe - ok 20:02:20.0046 7648 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 20:02:20.0077 7648 RasSstp - ok 20:02:20.0093 7648 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 20:02:20.0124 7648 rdbss - ok 20:02:20.0140 7648 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 20:02:20.0155 7648 rdpbus - ok 20:02:20.0187 7648 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 20:02:20.0218 7648 RDPCDD - ok 20:02:20.0311 7648 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys 20:02:20.0343 7648 RDPDR - ok 20:02:20.0405 7648 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 20:02:20.0436 7648 RDPENCDD - ok 20:02:20.0467 7648 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 20:02:20.0530 7648 RDPREFMP - ok 20:02:20.0561 7648 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys 20:02:20.0577 7648 RDPWD - ok 20:02:20.0608 7648 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 20:02:20.0623 7648 rdyboost - ok 20:02:20.0686 7648 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll 20:02:20.0717 7648 RemoteAccess - ok 20:02:20.0764 7648 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll 20:02:20.0811 7648 RemoteRegistry - ok 20:02:20.0873 7648 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys 20:02:20.0935 7648 rimmptsk - ok 20:02:20.0951 7648 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys 20:02:20.0967 7648 rimsptsk - ok 20:02:20.0982 7648 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys 20:02:20.0998 7648 rismxdp - ok 20:02:21.0013 7648 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll 20:02:21.0076 7648 RpcEptMapper - ok 20:02:21.0154 7648 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe 20:02:21.0185 7648 RpcLocator - ok 20:02:21.0232 7648 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll 20:02:21.0263 7648 RpcSs - ok 20:02:21.0310 7648 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 20:02:21.0372 7648 rspndr - ok 20:02:21.0403 7648 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys 20:02:21.0450 7648 s3cap - ok 20:02:21.0481 7648 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe 20:02:21.0497 7648 SamSs - ok 20:02:21.0575 7648 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 20:02:21.0591 7648 sbp2port - ok 20:02:21.0637 7648 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll 20:02:21.0684 7648 SCardSvr - ok 20:02:21.0731 7648 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 20:02:21.0793 7648 scfilter - ok 20:02:21.0840 7648 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll 20:02:21.0903 7648 Schedule - ok 20:02:21.0965 7648 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll 20:02:21.0996 7648 SCPolicySvc - ok 20:02:22.0074 7648 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\drivers\sdbus.sys 20:02:22.0137 7648 sdbus - ok 20:02:22.0168 7648 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll 20:02:22.0199 7648 SDRSVC - ok 20:02:22.0293 7648 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 20:02:22.0324 7648 secdrv - ok 20:02:22.0386 7648 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll 20:02:22.0433 7648 seclogon - ok 20:02:22.0464 7648 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll 20:02:22.0511 7648 SENS - ok 20:02:22.0558 7648 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll 20:02:22.0620 7648 SensrSvc - ok 20:02:22.0667 7648 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 20:02:22.0683 7648 Serenum - ok 20:02:22.0698 7648 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 20:02:22.0714 7648 Serial - ok 20:02:22.0761 7648 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 20:02:22.0792 7648 sermouse - ok 20:02:22.0839 7648 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll 20:02:22.0885 7648 SessionEnv - ok 20:02:22.0932 7648 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 20:02:22.0963 7648 sffdisk - ok 20:02:22.0995 7648 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 20:02:22.0995 7648 sffp_mmc - ok 20:02:23.0041 7648 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\drivers\sffp_sd.sys 20:02:23.0073 7648 sffp_sd - ok 20:02:23.0104 7648 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 20:02:23.0135 7648 sfloppy - ok 20:02:23.0213 7648 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll 20:02:23.0275 7648 SharedAccess - ok 20:02:23.0322 7648 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll 20:02:23.0369 7648 ShellHWDetection - ok 20:02:23.0400 7648 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 20:02:23.0400 7648 sisagp - ok 20:02:23.0463 7648 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 20:02:23.0478 7648 SiSRaid2 - ok 20:02:23.0494 7648 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 20:02:23.0509 7648 SiSRaid4 - ok 20:02:23.0572 7648 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 20:02:23.0619 7648 Smb - ok 20:02:23.0650 7648 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe 20:02:23.0681 7648 SNMPTRAP - ok 20:02:23.0697 7648 sonicstagemonitoring - ok 20:02:23.0728 7648 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 20:02:23.0743 7648 spldr - ok 20:02:23.0775 7648 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe 20:02:23.0821 7648 Spooler - ok 20:02:23.0915 7648 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe 20:02:24.0009 7648 sppsvc - ok 20:02:24.0087 7648 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll 20:02:24.0133 7648 sppuinotify - ok 20:02:24.0284 7648 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 20:02:24.0299 7648 SQLBrowser - ok 20:02:24.0346 7648 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 20:02:24.0362 7648 SQLWriter - ok 20:02:24.0409 7648 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys 20:02:24.0471 7648 srv - ok 20:02:24.0502 7648 srv1A8 - ok 20:02:24.0549 7648 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys 20:02:24.0580 7648 srv2 - ok 20:02:24.0611 7648 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 20:02:24.0658 7648 SrvHsfHDA - ok 20:02:24.0689 7648 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 20:02:24.0736 7648 SrvHsfV92 - ok 20:02:24.0767 7648 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 20:02:24.0799 7648 SrvHsfWinac - ok 20:02:24.0892 7648 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys 20:02:24.0923 7648 srvnet - ok 20:02:24.0970 7648 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll 20:02:25.0001 7648 SSDPSRV - ok 20:02:25.0017 7648 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll 20:02:25.0079 7648 SstpSvc - ok 20:02:25.0142 7648 Steam Client Service - ok 20:02:25.0173 7648 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 20:02:25.0189 7648 stexstor - ok 20:02:25.0267 7648 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll 20:02:25.0313 7648 StiSvc - ok 20:02:25.0345 7648 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys 20:02:25.0360 7648 storflt - ok 20:02:25.0376 7648 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll 20:02:25.0391 7648 StorSvc - ok 20:02:25.0423 7648 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys 20:02:25.0423 7648 storvsc - ok 20:02:25.0454 7648 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 20:02:25.0454 7648 swenum - ok 20:02:25.0501 7648 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll 20:02:25.0547 7648 swprv - ok 20:02:25.0672 7648 SynTP (451e8037e2eb6da6bdf0a66f65d1810b) C:\Windows\system32\DRIVERS\SynTP.sys 20:02:25.0688 7648 SynTP - ok 20:02:25.0750 7648 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll 20:02:25.0813 7648 SysMain - ok 20:02:25.0891 7648 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll 20:02:25.0937 7648 TabletInputService - ok 20:02:25.0969 7648 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll 20:02:26.0000 7648 TapiSrv - ok 20:02:26.0015 7648 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll 20:02:26.0062 7648 TBS - ok 20:02:26.0156 7648 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys 20:02:26.0203 7648 Tcpip - ok 20:02:26.0265 7648 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys 20:02:26.0312 7648 TCPIP6 - ok 20:02:26.0343 7648 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 20:02:26.0374 7648 tcpipreg - ok 20:02:26.0405 7648 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 20:02:26.0437 7648 TDPIPE - ok 20:02:26.0483 7648 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys 20:02:26.0515 7648 TDTCP - ok 20:02:26.0561 7648 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 20:02:26.0624 7648 tdx - ok 20:02:26.0702 7648 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 20:02:26.0702 7648 TermDD - ok 20:02:26.0749 7648 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll 20:02:26.0800 7648 TermService - ok 20:02:26.0830 7648 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll 20:02:26.0850 7648 Themes - ok 20:02:26.0880 7648 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 20:02:26.0910 7648 THREADORDER - ok 20:02:26.0940 7648 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll 20:02:26.0990 7648 TrkWks - ok 20:02:27.0060 7648 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe 20:02:27.0080 7648 TrustedInstaller - ok 20:02:27.0160 7648 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 20:02:27.0220 7648 tssecsrv - ok 20:02:27.0250 7648 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 20:02:27.0290 7648 tunnel - ok 20:02:27.0310 7648 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 20:02:27.0320 7648 uagp35 - ok 20:02:27.0370 7648 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys 20:02:27.0430 7648 udfs - ok 20:02:27.0490 7648 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe 20:02:27.0530 7648 UI0Detect - ok 20:02:27.0590 7648 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 20:02:27.0600 7648 uliagpkx - ok 20:02:27.0630 7648 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys 20:02:27.0670 7648 umbus - ok 20:02:27.0710 7648 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 20:02:27.0750 7648 UmPass - ok 20:02:27.0810 7648 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll 20:02:27.0840 7648 UmRdpService - ok 20:02:27.0910 7648 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll 20:02:27.0950 7648 upnphost - ok 20:02:28.0010 7648 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys 20:02:28.0020 7648 USBAAPL - ok 20:02:28.0080 7648 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys 20:02:28.0120 7648 usbaudio - ok 20:02:28.0160 7648 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys 20:02:28.0200 7648 usbccgp - ok 20:02:28.0320 7648 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 20:02:28.0350 7648 usbcir - ok 20:02:28.0380 7648 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys 20:02:28.0400 7648 usbehci - ok 20:02:28.0440 7648 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys 20:02:28.0470 7648 usbhub - ok 20:02:28.0510 7648 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys 20:02:28.0550 7648 usbohci - ok 20:02:28.0580 7648 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 20:02:28.0630 7648 usbprint - ok 20:02:28.0760 7648 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:02:28.0790 7648 USBSTOR - ok 20:02:28.0810 7648 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys 20:02:28.0851 7648 usbuhci - ok 20:02:28.0929 7648 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys 20:02:28.0945 7648 usb_rndisx - ok 20:02:28.0976 7648 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll 20:02:29.0038 7648 UxSms - ok 20:02:29.0179 7648 V0650Vid (d52dfef8e9c947369e46c24b4fa70e9a) C:\Windows\system32\DRIVERS\V0650Vid.sys 20:02:29.0210 7648 V0650Vid - ok 20:02:29.0257 7648 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe 20:02:29.0257 7648 VaultSvc - ok 20:02:29.0288 7648 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 20:02:29.0303 7648 vdrvroot - ok 20:02:29.0319 7648 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe 20:02:29.0366 7648 vds - ok 20:02:29.0491 7648 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 20:02:29.0506 7648 vga - ok 20:02:29.0537 7648 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 20:02:29.0569 7648 VgaSave - ok 20:02:29.0600 7648 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 20:02:29.0615 7648 vhdmp - ok 20:02:29.0647 7648 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 20:02:29.0647 7648 viaagp - ok 20:02:29.0678 7648 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 20:02:29.0709 7648 ViaC7 - ok 20:02:29.0740 7648 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 20:02:29.0756 7648 viaide - ok 20:02:29.0865 7648 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys 20:02:29.0881 7648 vmbus - ok 20:02:29.0912 7648 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys 20:02:29.0927 7648 VMBusHID - ok 20:02:29.0959 7648 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 20:02:29.0974 7648 volmgr - ok 20:02:29.0990 7648 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 20:02:30.0005 7648 volmgrx - ok 20:02:30.0037 7648 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys 20:02:30.0052 7648 volsnap - ok 20:02:30.0146 7648 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 20:02:30.0161 7648 vsmraid - ok 20:02:30.0208 7648 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe 20:02:30.0255 7648 VSS - ok 20:02:30.0380 7648 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 20:02:30.0411 7648 vwifibus - ok 20:02:30.0442 7648 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll 20:02:30.0505 7648 W32Time - ok 20:02:30.0536 7648 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 20:02:30.0551 7648 WacomPen - ok 20:02:30.0583 7648 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 20:02:30.0614 7648 WANARP - ok 20:02:30.0614 7648 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 20:02:30.0661 7648 Wanarpv6 - ok 20:02:30.0754 7648 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe 20:02:30.0817 7648 WatAdminSvc - ok 20:02:30.0863 7648 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe 20:02:30.0910 7648 wbengine - ok 20:02:30.0957 7648 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll 20:02:31.0004 7648 WbioSrvc - ok 20:02:31.0082 7648 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll 20:02:31.0097 7648 WcesComm - ok 20:02:31.0160 7648 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll 20:02:31.0191 7648 wcncsvc - ok 20:02:31.0222 7648 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll 20:02:31.0253 7648 WcsPlugInService - ok 20:02:31.0285 7648 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 20:02:31.0300 7648 Wd - ok 20:02:31.0316 7648 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 20:02:31.0347 7648 Wdf01000 - ok 20:02:31.0407 7648 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 20:02:31.0447 7648 WdiServiceHost - ok 20:02:31.0457 7648 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 20:02:31.0477 7648 WdiSystemHost - ok 20:02:31.0517 7648 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll 20:02:31.0557 7648 WebClient - ok 20:02:31.0587 7648 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll 20:02:31.0627 7648 Wecsvc - ok 20:02:31.0657 7648 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll 20:02:31.0697 7648 wercplsupport - ok 20:02:31.0717 7648 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll 20:02:31.0757 7648 WerSvc - ok 20:02:31.0807 7648 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 20:02:31.0847 7648 WfpLwf - ok 20:02:31.0897 7648 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 20:02:31.0907 7648 WIMMount - ok 20:02:31.0967 7648 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll 20:02:32.0007 7648 WinDefend - ok 20:02:32.0017 7648 WinHttpAutoProxySvc - ok 20:02:32.0067 7648 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll 20:02:32.0117 7648 Winmgmt - ok 20:02:32.0207 7648 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll 20:02:32.0257 7648 WinRM - ok 20:02:32.0307 7648 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys 20:02:32.0337 7648 WinUsb - ok 20:02:32.0377 7648 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll 20:02:32.0437 7648 Wlansvc - ok 20:02:32.0567 7648 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 20:02:32.0617 7648 WmiAcpi - ok 20:02:32.0687 7648 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe 20:02:32.0737 7648 wmiApSrv - ok 20:02:32.0837 7648 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe 20:02:32.0897 7648 WMPNetworkSvc - ok 20:02:32.0977 7648 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll 20:02:32.0997 7648 WPCSvc - ok 20:02:33.0017 7648 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll 20:02:33.0047 7648 WPDBusEnum - ok 20:02:33.0097 7648 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 20:02:33.0147 7648 ws2ifsl - ok 20:02:33.0227 7648 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll 20:02:33.0277 7648 wscsvc - ok 20:02:33.0287 7648 WSearch - ok 20:02:33.0347 7648 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll 20:02:33.0417 7648 wuauserv - ok 20:02:33.0547 7648 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 20:02:33.0597 7648 WudfPf - ok 20:02:33.0617 7648 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 20:02:33.0657 7648 WUDFRd - ok 20:02:33.0697 7648 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll 20:02:33.0757 7648 wudfsvc - ok 20:02:33.0797 7648 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll 20:02:33.0837 7648 WwanSvc - ok 20:02:33.0967 7648 xusb21 (c26c68bcbac1f33f890c226769759209) C:\Windows\system32\DRIVERS\xusb21.sys 20:02:34.0007 7648 xusb21 - ok 20:02:34.0047 7648 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 20:02:34.0154 7648 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 20:02:34.0154 7648 \Device\Harddisk0\DR0 - detected TDSS File System (1) 20:02:34.0154 7648 Boot (0x1200) (8e88f1c300f2dc34334438e92109adcd) \Device\Harddisk0\DR0\Partition0 20:02:34.0154 7648 \Device\Harddisk0\DR0\Partition0 - ok 20:02:34.0154 7648 ============================================================ 20:02:34.0154 7648 Scan finished 20:02:34.0154 7648 ============================================================ 20:02:34.0169 6608 Detected object count: 4 20:02:34.0169 6608 Actual detected object count: 4 20:04:06.0428 6608 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 20:04:06.0428 6608 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:04:06.0428 6608 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user 20:04:06.0428 6608 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:04:06.0428 6608 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 20:04:06.0428 6608 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:04:06.0524 6608 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 20:04:06.0534 6608 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 20:04:06.0574 6608 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine 20:04:06.0574 6608 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 20:04:06.0574 6608 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 20:04:06.0584 6608 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 20:04:06.0594 6608 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine 20:04:06.0594 6608 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 20:04:06.0604 6608 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 20:04:06.0604 6608 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 20:04:06.0604 6608 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 20:04:06.0614 6608 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine 20:04:06.0614 6608 \Device\Harddisk0\DR0\TDLFS - deleted 20:04:06.0614 6608 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete 20:04:31.0736 5256 Deinitialize success Unhide restored most everything except the items when I first pop open my start menu - like the recently used programs and files...

RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User: Shane [Admin rights] Mode: Scan -- Date: 04/09/2012 19:16:29 ¤¤¤ Bad processes: 1 ¤¤¤ [sUSP PATH] V0650Mon.exe -- C:\Windows\V0650Mon.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 10 ¤¤¤ [sUSP PATH] HKLM\[...]\Run : V0650Mon.exe (C:\Windows\V0650Mon.exe) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS723225L9A362 ATA Device +++++ --- User --- [MBR] be9661f0a67815957b5bf46d56ce0152 [bSP] e7a4d88e39462edee4d9ce59ade9badd : Windows 7 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 238372 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt As requested. S

OK, so my cable company stopped carrying my local hockey team. Watching them on pirate websites has taken it's toll on my rig (again)... Her are the logs and thanks in advance for your help. . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Shane at 8:48:11 on 2012-04-08 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3582.2099 [GMT -4:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Windows\System32\bgsvcgen.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Microsoft Dynamics NAV\60\Service\Microsoft.Dynamics.Nav.Server.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\V0650Mon.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Citrix\ICA Client\wfcrun32.exe C:\Program Files\AVG\AVG2012\avgemcx.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Users\Shane\AppData\Roaming\Dropbox\bin\Dropbox.exe c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Windows\System32\svchost.exe -k HPZ12 c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local mURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll uRun: [Facebook Update] "c:\users\shane\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [V0650Mon.exe] c:\windows\V0650Mon.exe mRun: [Rocket Live! Central 2] "c:\program files\rocketfish hd webcam\live! central\RFLVCentral2.exe" /mode2 mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\users\shane\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\shane\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\users\shane\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Trusted Zone: caplugs.com\citrix DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{09E9C12D-B854-4F27-BBA9-0425849B4188} : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{C1EEF202-5EBC-4682-A820-E45D6359DE9B} : DhcpNameServer = 10.1.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248] R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-7 652360] R2 MicrosoftDynamicsNavServer;Microsoft Dynamics NAV Server;c:\program files\microsoft dynamics nav\60\service\Microsoft.Dynamics.Nav.Server.exe [2009-8-14 141184] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-7 20464] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 srv1A8;srv1A8;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2011-1-20 144640] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880] S3 MicrosoftDynamicsNavWS;Microsoft Dynamics NAV Business Web Services;c:\program files\microsoft dynamics nav\60\service\Microsoft.Dynamics.Nav.Server.exe [2009-8-14 141184] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 V0650Vid;Rocketfish HD Webcam Driver;c:\windows\system32\drivers\V0650Vid.sys [2011-1-16 322176] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-25 1343400] . =============== Created Last 30 ================ . 2012-04-07 18:48:38 -------- d-sh--w- C:\$RECYCLE.BIN 2012-04-07 18:48:36 -------- d-----w- c:\users\shane\appdata\local\temp 2012-04-07 17:47:33 98816 ----a-w- c:\windows\sed.exe 2012-04-07 17:47:33 518144 ----a-w- c:\windows\SWREG.exe 2012-04-07 17:47:33 256000 ----a-w- c:\windows\PEV.exe 2012-04-07 17:47:33 208896 ----a-w- c:\windows\MBR.exe 2012-04-07 17:22:29 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-07 17:22:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-07 16:42:38 -------- d-----w- C:\TDSSKiller_Quarantine 2012-04-05 23:24:50 117760 ----a-w- c:\programdata\microsoft\windows\drm\D5C6.tmp 2012-03-29 02:10:17 -------- d-----w- c:\users\shane\appdata\roaming\NVIDIA 2012-03-14 11:17:10 3957616 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-14 11:17:08 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-13 22:36:22 2341376 ----a-w- c:\windows\system32\win32k.sys 2012-03-13 22:36:21 739840 ----a-w- c:\windows\system32\d2d1.dll 2012-03-13 22:36:21 218624 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-03-13 22:36:21 161792 ----a-w- c:\windows\system32\d3d10_1.dll 2012-03-13 22:36:21 1170944 ----a-w- c:\windows\system32\d3d10warp.dll 2012-03-13 22:36:21 1074176 ----a-w- c:\windows\system32\DWrite.dll 2012-03-13 22:36:02 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-13 22:36:02 57856 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-13 22:36:02 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-13 22:36:00 826368 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-13 22:36:00 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-13 22:36:00 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys . ==================== Find3M ==================== . 2012-04-07 16:43:26 387584 ----a-w- c:\windows\system32\drivers\csc.sys 2012-03-02 23:04:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ============= FINISH: 8:50:29.70 =============== ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-06-23.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 9/24/2010 9:20:35 PM System Uptime: 4/8/2012 8:31:08 AM (0 hours ago) . Motherboard: Dell Inc. | | 0JM680 Processor: Intel® Core2 Duo CPU T9300 @ 2.50GHz | Microprocessor | 2501/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 233 GiB total, 92.582 GiB free. D: is CDROM () E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP165: 2/23/2012 6:32:07 AM - Windows Update RP166: 3/2/2012 7:48:13 PM - Scheduled Checkpoint RP167: 3/11/2012 10:24:49 AM - Scheduled Checkpoint RP169: 3/14/2012 7:16:45 AM - Windows Modules Installer RP171: 3/22/2012 7:47:33 PM - Scheduled Checkpoint RP172: 3/30/2012 10:44:19 PM - Scheduled Checkpoint RP173: 4/7/2012 11:38:49 AM - Restore Operation . ==== Installed Programs ====================== . µTorrent Adobe AIR Adobe Digital Editions Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.1) Advanced Audio FX Engine Amazon MP3 Downloader 1.0.12 American Module for Microsoft Dynamics NAV Classic Client American Module for Microsoft Dynamics NAV Documentation American Module for Microsoft Dynamics NAV Outlook Add-In American Module for Microsoft Dynamics NAV Role Tailored Client American Module for Microsoft Dynamics NAV Server Apple Application Support Apple Mobile Device Support Apple Software Update AVG 2012 Bonjour Canadian Module for Microsoft Dynamics NAV Classic Client Canadian Module for Microsoft Dynamics NAV Documentation Canadian Module for Microsoft Dynamics NAV Outlook Add-In Canadian Module for Microsoft Dynamics NAV Role Tailored Client Canadian Module for Microsoft Dynamics NAV Server Citrix online plug-in - web Citrix online plug-in (DV) Citrix online plug-in (HDX) Citrix online plug-in (USB) Citrix online plug-in (Web) Counter-Strike Coupon Printer for Windows Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell Driver Download Manager Dell Touchpad Documentation Dropbox ESET Online Scanner v3 Facebook Video Calling 1.2.0.159 FLV Player GMATPrep iTunes Java Auto Updater Java 6 Update 26 Java 7 Live! Cam Avatar Creator Magic ISO Maker v5.5 (build 0281) MagicDisc 2.7.106 Malwarebytes Anti-Malware version 1.60.1.1000 MediaMonkey 3.2 Mexican Module for Microsoft Dynamics NAV Classic Client Mexican Module for Microsoft Dynamics NAV Documentation Mexican Module for Microsoft Dynamics NAV Outlook Add-In Mexican Module for Microsoft Dynamics NAV Role Tailored Client Mexican Module for Microsoft Dynamics NAV Server Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) Microsoft Dynamics NAV 2009 Classic Microsoft Dynamics NAV 2009 Outlook Add-in Microsoft Dynamics NAV 2009 RoleTailored Client Microsoft Dynamics NAV 2009 Service Microsoft Dynamics NAV 2009 SP1 Microsoft Dynamics NAV 6-0 Database for SQL Server Microsoft Dynamics NAV 6.0 Setup Microsoft Dynamics NAV Components for Microsoft SQL Server Microsoft IntelliPoint 8.2 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Report Viewer Redistributable 2008 (KB971119) Microsoft Silverlight Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 NHL® 09 NVIDIA Install Application PHOTOfunSTUDIO 5.0 HD Edition PrimoPDF -- brought to you by Nitro PDF Software QuickTime RICOH R5C83x/84x Media Driver x86 Ver.3.34.03 Rocketfish HD Webcam (1.00.06.00) Rocketfish Live! Central Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition SILKYPIX Developer Studio 3.1 SE Skype Click to Call Skype™ 5.5 Steam Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition Update for Microsoft Outlook Social Connector (KB2583935) Windows Mobile Device Center Yahoo! BrowserPlus 2.9.8 Yahoo! Detect . ==== Event Viewer Messages From Past Week ======== . 4/8/2012 8:32:46 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143. 4/8/2012 8:32:27 AM, Error: Service Control Manager [7023] - The srv1A8 service terminated with the following error: The specified module could not be found. 4/8/2012 8:32:27 AM, Error: Service Control Manager [7023] - The Avgio service terminated with the following error: The specified module could not be found. 4/8/2012 8:32:27 AM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed. 4/8/2012 8:31:56 AM, Error: Service Control Manager [7023] - The WavxDMgr service terminated with the following error: The specified module could not be found. 4/8/2012 8:31:56 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 4/7/2012 2:48:46 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 4/7/2012 2:48:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 4/7/2012 2:48:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 4/7/2012 2:48:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 4/7/2012 2:48:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 4/7/2012 2:47:43 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 4/7/2012 2:39:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 ctxusbm discache spldr Wanarpv6 4/7/2012 12:43:40 PM, Error: Microsoft-Windows-Eventlog [22] - The event logging service encountered an error while initializing publishing resources for channel DebugChannel. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well. 4/7/2012 11:50:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 4/7/2012 11:42:25 AM, Error: Service Control Manager [7023] - The WavxDMgr service terminated with the following error: Access is denied. 4/7/2012 11:41:29 AM, Error: Service Control Manager [7023] - The Avgio service terminated with the following error: Access is denied. 4/7/2012 11:34:56 AM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: Access is denied. 4/7/2012 11:34:56 AM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: Access is denied. 4/7/2012 11:34:56 AM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80070005. 4/7/2012 11:34:53 AM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service. 4/7/2012 11:33:56 AM, Error: Service Control Manager [7023] - The Sdcplh service terminated with the following error: Access is denied. 4/7/2012 11:33:47 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xc0461398, 0xc000000e, 0x90d35860, 0x8c273fda). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040712-69904-01. 4/7/2012 11:12:53 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 4/7/2012 11:12:53 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running. 4/7/2012 11:12:53 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running. 4/7/2012 11:12:53 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 4/7/2012 11:12:53 AM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 4/7/2012 11:11:53 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running. 4/7/2012 11:11:53 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Application Experience service, but this action failed with the following error: An instance of the service is already running. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s). 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/7/2012 1:47:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} 4/7/2012 1:38:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 4/7/2012 1:38:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 4/5/2012 8:05:25 PM, Error: Schannel [36887] - The following fatal alert was received: 40. 4/5/2012 8:03:55 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance. 4/5/2012 7:35:50 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance. 4/5/2012 7:30:49 PM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance. 4/5/2012 10:01:20 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running. . ==== End Of File ===========================

I downloaded the Sp1 installer and ran it. After 15 minutes it failes - error_sxs_assembly _missing (0x80073701). Any other ideas to get the SP1 to install? Thanks for all your help by the way.