sunnyd53

Unhide by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2012 BleepingComputer.com More Information about Unhide.exe can be found at this link: http://www.bleepingcomputer.com/forums/topic405109.html Program started at: 04/14/2012 10:21:24 AM Windows Version: Windows 7 Please be patient while your files are made visible again. Processing the C:\ drive Finished processing the C:\ drive. 200586 files processed. The C:\Users\Shane\AppData\Local\Temp\smtmp\ folder does not exist!! Unhide cannot restore your missing shortcuts!! Please see this topic in order to learn how to restore default Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html Searching for Windows Registry changes made by FakeHDD rogues. - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced No registry changes detected. Restarting Explorer.exe in order to apply changes. Program finished at: 04/14/2012 10:23:41 AM Execution time: 0 hours(s), 2 minute(s), and 16 seconds(s)

OK - but I don't see %TEMP% to move everything back. I found C:\ProgramData\Microsoft\Windows\Start Menu but every folder is actually empty even after changing my pref's to show all (known types and system are shown too) - Can I use that find utility to look for some other program that should be in one of those folders?

It isn't a huge issue, but my start menu is empty - every folder shows as empty in the actual start menu, and in users/myname/startmenu (or whatever the exact dir. is).

Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.12.01 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Shane :: SHANES-LAPTOP [administrator] Protection: Enabled 4/11/2012 10:42:27 PM mbam-log-2012-04-11 (22-42-27).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 205607 Time elapsed: 9 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

SystemLook 30.07.11 by jpshortstuff Log created at 22:22 on 11/04/2012 by Shane Administrator - Elevation successful ========== Filefind ========== Searching for "i8042prt.sys" C:\Windows\System32\drivers\i8042prt.sys --ah--- 80896 bytes [23:11 13/07/2009] [23:11 13/07/2009] F151F0BDC47F4A28B1B20A0818EA36D6 C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_0c4a1880f2aa5a72\i8042prt.sys --ah--- 80896 bytes [23:11 13/07/2009] [23:11 13/07/2009] F151F0BDC47F4A28B1B20A0818EA36D6 C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_x86_neutral_7a9084e0177406eb\i8042prt.sys --ah--- 80896 bytes [23:11 13/07/2009] [23:11 13/07/2009] F151F0BDC47F4A28B1B20A0818EA36D6 C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_9724c3fc3a4c81ef\i8042prt.sys --ah--- 80896 bytes [23:11 13/07/2009] [23:11 13/07/2009] F151F0BDC47F4A28B1B20A0818EA36D6 C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_9955d7c4373b0589\i8042prt.sys --ah--- 80896 bytes [23:11 13/07/2009] [23:11 13/07/2009] F151F0BDC47F4A28B1B20A0818EA36D6 C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_4e0a61a033aec8c3\i8042prt.sys --ah--- 80896 bytes [23:11 13/07/2009] [23:11 13/07/2009] F151F0BDC47F4A28B1B20A0818EA36D6 Searching for "Calc.exe" C:\Windows\System32\calc.exe --a---- 776192 bytes [23:41 13/07/2009] [01:14 14/07/2009] 4884DA7754823B44CCC2B2106F21146E C:\Windows\winsxs\x86_microsoft-windows-calc_31bf3856ad364e35_6.1.7600.16385_none_a994575e7c0f8d6e\calc.exe --a---- 776192 bytes [23:41 13/07/2009] [01:14 14/07/2009] 4884DA7754823B44CCC2B2106F21146E C:\Windows\winsxs\x86_microsoft-windows-calc_31bf3856ad364e35_6.1.7601.17514_none_abc56b2678fe1108\calc.exe --a---- 776192 bytes [14:08 26/05/2011] [12:16 20/11/2010] 60B7C0FEAD45F2066E5B805A91F4F0FC -= EOF =-

Nope - Smart HDD popped back up as an icon on my desktop after a restart, and my start menu folders are all "empty".

Ok - and another issue - my mouse driver is gone so my touchpad auto scroll - all that fun stuff is missing...

Smart HDD still has a folder with a smart HDD exe and an uninstall app... should I delete that?

Seems better... it changed my task bar a bit and my start menu isn't auto populated with recent files / programs and I can't find my calculator... but it seems better.

Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.04.10.01 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Shane :: SHANES-LAPTOP [administrator] Protection: Disabled 4/9/2012 10:24:23 PM mbam-log-2012-04-09 (22-24-23).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 202565 Time elapsed: 7 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

ComboFix 12-04-09.05 - Shane 04/09/2012 20:27:57.5.2 - x86 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3582.2661 [GMT -4:00] Running from: c:\users\Shane\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2012-03-10 to 2012-04-10 ))))))))))))))))))))))))))))))) . . 2012-04-10 00:33 . 2012-04-10 00:33 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-04-10 00:33 . 2012-04-10 00:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-07 18:48 . 2012-04-10 00:40 -------- d-----w- c:\users\Shane\AppData\Local\temp 2012-04-07 17:22 . 2012-04-07 17:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-07 17:22 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-07 16:42 . 2012-04-10 00:04 -------- d-----w- C:\TDSSKiller_Quarantine 2012-04-05 23:24 . 2012-04-05 23:24 117760 ----a-w- c:\programdata\Microsoft\Windows\DRM\D5C6.tmp 2012-03-29 02:10 . 2012-03-29 02:10 -------- d-----w- c:\users\Shane\AppData\Roaming\NVIDIA 2012-03-14 11:17 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-14 11:17 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-13 22:36 . 2012-02-03 04:01 2341376 ----a-w- c:\windows\system32\win32k.sys 2012-03-13 22:36 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\system32\DWrite.dll 2012-03-13 22:36 . 2012-02-10 05:41 218624 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-03-13 22:36 . 2012-02-10 05:41 161792 ----a-w- c:\windows\system32\d3d10_1.dll 2012-03-13 22:36 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\system32\d3d10warp.dll 2012-03-13 22:36 . 2012-02-10 05:41 739840 ----a-w- c:\windows\system32\d2d1.dll 2012-03-13 22:36 . 2012-01-25 05:44 57856 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-13 22:36 . 2012-01-25 05:44 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-13 22:36 . 2012-01-25 05:40 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-13 22:36 . 2012-02-15 05:44 826368 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-13 22:36 . 2012-02-15 04:22 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-13 22:36 . 2012-02-15 04:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-07 16:43 . 2009-07-13 23:15 387584 ----a-w- c:\windows\system32\drivers\csc.sys 2012-03-02 23:04 . 2011-08-24 00:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\users\Shane\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-28 137536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160] "V0650Mon.exe"="c:\windows\V0650Mon.exe" [2010-02-23 28672] "Rocket Live! Central 2"="c:\program files\Rocketfish HD Webcam\Live! Central\RFLVCentral2.exe" [2010-02-24 430247] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . c:\users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Shane\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216] MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-3-10 576000] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srv1A8] @="service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 srv1A8;srv1A8;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-03-26 144640] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 MicrosoftDynamicsNavWS;Microsoft Dynamics NAV Business Web Services;c:\program files\Microsoft Dynamics NAV\60\Service\Microsoft.Dynamics.Nav.Server.exe [2009-08-14 141184] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] R3 V0650Vid;Rocketfish HD Webcam Driver;c:\windows\system32\DRIVERS\V0650Vid.sys [2010-03-31 322176] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-25 1343400] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 MicrosoftDynamicsNavServer;Microsoft Dynamics NAV Server;c:\program files\Microsoft Dynamics NAV\60\Service\Microsoft.Dynamics.Nav.Server.exe [2009-08-14 141184] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs srv1A8 sonicstagemonitoring ndasscsi susbser aracpi AtcL002 Dell1100_FUService cachemgr . Contents of the 'Scheduled Tasks' folder . 2012-04-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-6052232-4208316721-2272119812-1000Core.job - c:\users\Shane\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-28 00:02] . 2012-04-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-6052232-4208316721-2272119812-1000UA.job - c:\users\Shane\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-28 00:02] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105 Trusted Zone: caplugs.com\citrix TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv1A8] "servicedll"="\\?\globalroot\Device\HarddiskVolume2\Windows\Temp\srv1A8.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(800) c:\users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . ------------------------ Other Running Processes ------------------------ . c:\progra~1\AVG\AVG2012\avgrsx.exe c:\program files\AVG\AVG2012\avgcsrvx.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\System32\bgsvcgen.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\AVG\AVG2012\avgnsx.exe c:\program files\AVG\AVG2012\avgemcx.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe . ************************************************************************** . Completion time: 2012-04-09 20:44:54 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-10 00:44 ComboFix2.txt 2012-04-07 18:48 ComboFix3.txt 2011-08-21 21:10 ComboFix4.txt 2011-08-19 00:16 ComboFix5.txt 2012-04-10 00:26 . Pre-Run: 98,348,232,704 bytes free Post-Run: 98,071,592,960 bytes free . - - End Of File - - D7848785C67A83D1668FE348E839DA8D

20:01:25.0267 2108 TDSS rootkit removing tool 2.7.27.0 Apr 9 2012 09:53:37 20:01:25.0907 2108 ============================================================ 20:01:25.0907 2108 Current date / time: 2012/04/09 20:01:25.0907 20:01:25.0907 2108 SystemInfo: 20:01:25.0907 2108 20:01:25.0907 2108 OS Version: 6.1.7600 ServicePack: 0.0 20:01:25.0907 2108 Product type: Workstation 20:01:25.0907 2108 ComputerName: SHANES-LAPTOP 20:01:25.0907 2108 UserName: Shane 20:01:25.0907 2108 Windows directory: C:\Windows 20:01:25.0907 2108 System windows directory: C:\Windows 20:01:25.0907 2108 Processor architecture: Intel x86 20:01:25.0907 2108 Number of processors: 2 20:01:25.0907 2108 Page size: 0x1000 20:01:25.0907 2108 Boot type: Normal boot 20:01:25.0907 2108 ============================================================ 20:01:26.0997 2108 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 20:01:26.0997 2108 \Device\Harddisk0\DR0: 20:01:26.0997 2108 MBR used 20:01:26.0997 2108 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x1D192000 20:01:27.0027 2108 Initialize success 20:01:27.0027 2108 ============================================================ 20:01:51.0665 7648 ============================================================ 20:01:51.0665 7648 Scan started 20:01:51.0665 7648 Mode: Manual; SigCheck; TDLFS; 20:01:51.0665 7648 ============================================================ 20:01:53.0954 7648 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys 20:01:54.0094 7648 1394ohci - ok 20:01:54.0124 7648 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 20:01:54.0144 7648 ACPI - ok 20:01:54.0154 7648 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 20:01:54.0224 7648 AcpiPmi - ok 20:01:54.0324 7648 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 20:01:54.0344 7648 AdobeARMservice - ok 20:01:54.0454 7648 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 20:01:54.0474 7648 adp94xx - ok 20:01:54.0524 7648 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 20:01:54.0544 7648 adpahci - ok 20:01:54.0564 7648 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 20:01:54.0574 7648 adpu320 - ok 20:01:54.0604 7648 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll 20:01:54.0644 7648 AeLookupSvc - ok 20:01:54.0804 7648 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys 20:01:54.0854 7648 AFD - ok 20:01:54.0884 7648 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 20:01:54.0894 7648 agp440 - ok 20:01:54.0924 7648 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 20:01:54.0934 7648 aic78xx - ok 20:01:54.0984 7648 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe 20:01:55.0014 7648 ALG - ok 20:01:55.0124 7648 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 20:01:55.0134 7648 aliide - ok 20:01:55.0144 7648 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 20:01:55.0154 7648 amdagp - ok 20:01:55.0174 7648 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 20:01:55.0184 7648 amdide - ok 20:01:55.0224 7648 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 20:01:55.0254 7648 AmdK8 - ok 20:01:55.0284 7648 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 20:01:55.0314 7648 AmdPPM - ok 20:01:55.0434 7648 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys 20:01:55.0444 7648 amdsata - ok 20:01:55.0484 7648 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 20:01:55.0494 7648 amdsbs - ok 20:01:55.0564 7648 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys 20:01:55.0574 7648 amdxata - ok 20:01:55.0604 7648 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 20:01:55.0644 7648 AppID - ok 20:01:55.0684 7648 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll 20:01:55.0744 7648 AppIDSvc - ok 20:01:55.0784 7648 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll 20:01:55.0844 7648 Appinfo - ok 20:01:55.0974 7648 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 20:01:55.0984 7648 Apple Mobile Device - ok 20:01:56.0074 7648 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll 20:01:56.0114 7648 AppMgmt - ok 20:01:56.0174 7648 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 20:01:56.0184 7648 arc - ok 20:01:56.0214 7648 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 20:01:56.0224 7648 arcsas - ok 20:01:56.0274 7648 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 20:01:56.0374 7648 AsyncMac - ok 20:01:56.0504 7648 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 20:01:56.0514 7648 atapi - ok 20:01:56.0564 7648 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll 20:01:56.0634 7648 AudioEndpointBuilder - ok 20:01:56.0644 7648 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll 20:01:56.0674 7648 Audiosrv - ok 20:01:56.0894 7648 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe 20:01:56.0994 7648 AVGIDSAgent - ok 20:01:57.0124 7648 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 20:01:57.0154 7648 AVGIDSDriver - ok 20:01:57.0184 7648 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 20:01:57.0194 7648 AVGIDSEH - ok 20:01:57.0214 7648 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 20:01:57.0224 7648 AVGIDSFilter - ok 20:01:57.0264 7648 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys 20:01:57.0274 7648 AVGIDSShim - ok 20:01:57.0374 7648 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys 20:01:57.0384 7648 Avgldx86 - ok 20:01:57.0424 7648 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys 20:01:57.0434 7648 Avgmfx86 - ok 20:01:57.0504 7648 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys 20:01:57.0504 7648 Avgrkx86 - ok 20:01:57.0574 7648 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys 20:01:57.0584 7648 Avgtdix - ok 20:01:57.0724 7648 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe 20:01:57.0774 7648 avgwd - ok 20:01:57.0824 7648 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll 20:01:57.0904 7648 AxInstSV - ok 20:01:57.0984 7648 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 20:01:58.0034 7648 b06bdrv - ok 20:01:58.0094 7648 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 20:01:58.0144 7648 b57nd60x - ok 20:01:58.0194 7648 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll 20:01:58.0224 7648 BDESVC - ok 20:01:58.0284 7648 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 20:01:58.0334 7648 Beep - ok 20:01:58.0414 7648 bgsvcgen (acc9c8c560c567fad6f79c977ab2ea09) C:\Windows\System32\bgsvcgen.exe 20:01:58.0424 7648 bgsvcgen - ok 20:01:58.0474 7648 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll 20:01:58.0534 7648 BITS - ok 20:01:58.0574 7648 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 20:01:58.0604 7648 blbdrive - ok 20:01:58.0744 7648 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe 20:01:58.0754 7648 Bonjour Service - ok 20:01:58.0914 7648 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys 20:01:58.0984 7648 bowser - ok 20:01:59.0004 7648 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 20:01:59.0044 7648 BrFiltLo - ok 20:01:59.0074 7648 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 20:01:59.0104 7648 BrFiltUp - ok 20:01:59.0214 7648 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys 20:01:59.0264 7648 BridgeMP - ok 20:01:59.0304 7648 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll 20:01:59.0344 7648 Browser - ok 20:01:59.0394 7648 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 20:01:59.0444 7648 Brserid - ok 20:01:59.0544 7648 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 20:01:59.0574 7648 BrSerWdm - ok 20:01:59.0604 7648 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 20:01:59.0644 7648 BrUsbMdm - ok 20:01:59.0674 7648 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 20:01:59.0704 7648 BrUsbSer - ok 20:01:59.0744 7648 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 20:01:59.0774 7648 BTHMODEM - ok 20:01:59.0854 7648 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll 20:01:59.0904 7648 bthserv - ok 20:02:00.0004 7648 catchme - ok 20:02:00.0054 7648 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 20:02:00.0104 7648 cdfs - ok 20:02:00.0174 7648 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys 20:02:00.0214 7648 cdrom - ok 20:02:00.0294 7648 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll 20:02:00.0354 7648 CertPropSvc - ok 20:02:00.0394 7648 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 20:02:00.0414 7648 circlass - ok 20:02:00.0474 7648 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 20:02:00.0494 7648 CLFS - ok 20:02:00.0584 7648 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:02:00.0624 7648 clr_optimization_v2.0.50727_32 - ok 20:02:00.0754 7648 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:02:00.0774 7648 clr_optimization_v4.0.30319_32 - ok 20:02:00.0854 7648 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 20:02:00.0904 7648 CmBatt - ok 20:02:00.0934 7648 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 20:02:00.0944 7648 cmdide - ok 20:02:01.0004 7648 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys 20:02:01.0024 7648 CNG - ok 20:02:01.0064 7648 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 20:02:01.0074 7648 Compbatt - ok 20:02:01.0084 7648 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 20:02:01.0094 7648 CompositeBus - ok 20:02:01.0144 7648 COMSysApp - ok 20:02:01.0204 7648 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 20:02:01.0214 7648 crcdisk - ok 20:02:01.0244 7648 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll 20:02:01.0294 7648 CryptSvc - ok 20:02:01.0354 7648 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys 20:02:01.0404 7648 CSC - ok 20:02:01.0474 7648 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll 20:02:01.0514 7648 CscService - ok 20:02:01.0634 7648 CtClsFlt (d7d3bb3a3df1193ec0fdbb24d4540fb5) C:\Windows\system32\DRIVERS\CtClsFlt.sys 20:02:01.0664 7648 CtClsFlt - ok 20:02:01.0764 7648 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys 20:02:01.0774 7648 ctxusbm - ok 20:02:01.0854 7648 dc3d (7caaf4af453ef3582fef65dd72caa0aa) C:\Windows\system32\DRIVERS\dc3d.sys 20:02:01.0924 7648 dc3d - ok 20:02:01.0964 7648 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll 20:02:02.0054 7648 DcomLaunch - ok 20:02:02.0114 7648 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll 20:02:02.0164 7648 defragsvc - ok 20:02:02.0224 7648 Dell1100_FUService - ok 20:02:02.0304 7648 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys 20:02:02.0324 7648 DfsC - ok 20:02:02.0374 7648 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll 20:02:02.0444 7648 Dhcp - ok 20:02:02.0494 7648 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 20:02:02.0544 7648 discache - ok 20:02:02.0654 7648 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 20:02:02.0664 7648 Disk - ok 20:02:02.0714 7648 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll 20:02:02.0744 7648 Dnscache - ok 20:02:02.0794 7648 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll 20:02:02.0844 7648 dot3svc - ok 20:02:02.0874 7648 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll 20:02:02.0914 7648 DPS - ok 20:02:03.0034 7648 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 20:02:03.0084 7648 drmkaud - ok 20:02:03.0174 7648 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys 20:02:03.0194 7648 DXGKrnl - ok 20:02:03.0274 7648 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll 20:02:03.0324 7648 EapHost - ok 20:02:03.0434 7648 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 20:02:03.0494 7648 ebdrv - ok 20:02:03.0604 7648 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe 20:02:03.0644 7648 EFS - ok 20:02:03.0714 7648 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe 20:02:03.0764 7648 ehRecvr - ok 20:02:03.0794 7648 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe 20:02:03.0824 7648 ehSched - ok 20:02:03.0894 7648 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 20:02:03.0904 7648 elxstor - ok 20:02:03.0984 7648 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 20:02:04.0034 7648 ErrDev - ok 20:02:04.0134 7648 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll 20:02:04.0194 7648 EventSystem - ok 20:02:04.0214 7648 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 20:02:04.0244 7648 exfat - ok 20:02:04.0274 7648 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 20:02:04.0294 7648 fastfat - ok 20:02:04.0334 7648 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe 20:02:04.0384 7648 Fax - ok 20:02:04.0494 7648 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 20:02:04.0524 7648 fdc - ok 20:02:04.0564 7648 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll 20:02:04.0604 7648 fdPHost - ok 20:02:04.0634 7648 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll 20:02:04.0684 7648 FDResPub - ok 20:02:04.0714 7648 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 20:02:04.0724 7648 FileInfo - ok 20:02:04.0844 7648 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 20:02:04.0874 7648 Filetrace - ok 20:02:04.0894 7648 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 20:02:04.0924 7648 flpydisk - ok 20:02:04.0974 7648 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 20:02:04.0984 7648 FltMgr - ok 20:02:05.0044 7648 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll 20:02:05.0094 7648 FontCache - ok 20:02:05.0194 7648 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 20:02:05.0194 7648 FontCache3.0.0.0 - ok 20:02:05.0274 7648 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 20:02:05.0284 7648 FsDepends - ok 20:02:05.0294 7648 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 20:02:05.0304 7648 Fs_Rec - ok 20:02:05.0344 7648 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys 20:02:05.0354 7648 fvevol - ok 20:02:05.0394 7648 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 20:02:05.0404 7648 gagp30kx - ok 20:02:05.0494 7648 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 20:02:05.0504 7648 GEARAspiWDM - ok 20:02:05.0554 7648 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll 20:02:05.0604 7648 gpsvc - ok 20:02:05.0694 7648 guardian2 (f058c5f64dff28a2c8d7d1d04171e604) C:\Windows\system32\Drivers\oz776.sys 20:02:05.0704 7648 guardian2 - ok 20:02:05.0734 7648 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 20:02:05.0774 7648 hcw85cir - ok 20:02:05.0844 7648 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 20:02:05.0874 7648 HdAudAddService - ok 20:02:05.0964 7648 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 20:02:06.0004 7648 HDAudBus - ok 20:02:06.0044 7648 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 20:02:06.0074 7648 HidBatt - ok 20:02:06.0104 7648 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 20:02:06.0134 7648 HidBth - ok 20:02:06.0184 7648 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 20:02:06.0224 7648 HidIr - ok 20:02:06.0264 7648 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll 20:02:06.0314 7648 hidserv - ok 20:02:06.0364 7648 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 20:02:06.0404 7648 HidUsb - ok 20:02:06.0434 7648 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll 20:02:06.0484 7648 hkmsvc - ok 20:02:06.0514 7648 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll 20:02:06.0554 7648 HomeGroupListener - ok 20:02:06.0614 7648 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll 20:02:06.0654 7648 HomeGroupProvider - ok 20:02:06.0754 7648 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 20:02:06.0764 7648 HpSAMD - ok 20:02:06.0804 7648 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 20:02:06.0854 7648 HTTP - ok 20:02:06.0904 7648 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 20:02:06.0914 7648 hwpolicy - ok 20:02:07.0004 7648 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 20:02:07.0044 7648 i8042prt - ok 20:02:07.0114 7648 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys 20:02:07.0124 7648 iaStorV - ok 20:02:07.0234 7648 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe 20:02:07.0274 7648 IDriverT ( UnsignedFile.Multi.Generic ) - warning 20:02:07.0274 7648 IDriverT - detected UnsignedFile.Multi.Generic (1) 20:02:07.0394 7648 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 20:02:07.0414 7648 idsvc - ok 20:02:07.0514 7648 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 20:02:07.0534 7648 iirsp - ok 20:02:07.0604 7648 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll 20:02:07.0654 7648 IKEEXT - ok 20:02:07.0744 7648 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 20:02:07.0754 7648 intelide - ok 20:02:07.0784 7648 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 20:02:07.0824 7648 intelppm - ok 20:02:07.0874 7648 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll 20:02:07.0934 7648 IPBusEnum - ok 20:02:07.0954 7648 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:02:08.0014 7648 IpFilterDriver - ok 20:02:08.0084 7648 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll 20:02:08.0144 7648 iphlpsvc - ok 20:02:08.0214 7648 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 20:02:08.0254 7648 IPMIDRV - ok 20:02:08.0284 7648 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 20:02:08.0334 7648 IPNAT - ok 20:02:08.0424 7648 iPod Service (6e27978a4755f4789f912f5f49392f7c) C:\Program Files\iPod\bin\iPodService.exe 20:02:08.0474 7648 iPod Service - ok 20:02:08.0564 7648 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 20:02:08.0574 7648 IRENUM - ok 20:02:08.0614 7648 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 20:02:08.0624 7648 isapnp - ok 20:02:08.0644 7648 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 20:02:08.0664 7648 iScsiPrt - ok 20:02:08.0694 7648 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 20:02:08.0704 7648 kbdclass - ok 20:02:08.0734 7648 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 20:02:08.0764 7648 kbdhid - ok 20:02:08.0804 7648 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe 20:02:08.0814 7648 KeyIso - ok 20:02:08.0864 7648 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys 20:02:08.0874 7648 KSecDD - ok 20:02:08.0974 7648 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys 20:02:08.0984 7648 KSecPkg - ok 20:02:09.0024 7648 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll 20:02:09.0074 7648 KtmRm - ok 20:02:09.0184 7648 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll 20:02:09.0224 7648 LanmanServer - ok 20:02:09.0294 7648 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll 20:02:09.0344 7648 LanmanWorkstation - ok 20:02:09.0494 7648 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 20:02:09.0534 7648 lltdio - ok 20:02:09.0574 7648 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll 20:02:09.0634 7648 lltdsvc - ok 20:02:09.0654 7648 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll 20:02:09.0714 7648 lmhosts - ok 20:02:09.0784 7648 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 20:02:09.0794 7648 LSI_FC - ok 20:02:09.0834 7648 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 20:02:09.0854 7648 LSI_SAS - ok 20:02:09.0874 7648 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 20:02:09.0884 7648 LSI_SAS2 - ok 20:02:09.0914 7648 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 20:02:09.0934 7648 LSI_SCSI - ok 20:02:09.0964 7648 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 20:02:10.0014 7648 luafv - ok 20:02:10.0054 7648 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys 20:02:10.0074 7648 MBAMProtector - ok 20:02:10.0164 7648 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 20:02:10.0184 7648 MBAMService - ok 20:02:10.0314 7648 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys 20:02:10.0344 7648 mcdbus ( UnsignedFile.Multi.Generic ) - warning 20:02:10.0344 7648 mcdbus - detected UnsignedFile.Multi.Generic (1) 20:02:10.0384 7648 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll 20:02:10.0424 7648 Mcx2Svc - ok 20:02:10.0464 7648 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 20:02:10.0474 7648 megasas - ok 20:02:10.0584 7648 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 20:02:10.0604 7648 MegaSR - ok 20:02:10.0684 7648 Microsoft SharePoint Workspace Audit Service - ok 20:02:10.0764 7648 MicrosoftDynamicsNavServer (5da917ccfcceed280cfddbe94aae9b3f) C:\Program Files\Microsoft Dynamics NAV\60\Service\Microsoft.Dynamics.Nav.Server.exe 20:02:10.0774 7648 MicrosoftDynamicsNavServer - ok 20:02:10.0774 7648 MicrosoftDynamicsNavWS (5da917ccfcceed280cfddbe94aae9b3f) C:\Program Files\Microsoft Dynamics NAV\60\Service\Microsoft.Dynamics.Nav.Server.exe 20:02:10.0784 7648 MicrosoftDynamicsNavWS - ok 20:02:10.0854 7648 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 20:02:10.0904 7648 MMCSS - ok 20:02:10.0954 7648 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 20:02:11.0004 7648 Modem - ok 20:02:11.0044 7648 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 20:02:11.0074 7648 monitor - ok 20:02:11.0114 7648 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 20:02:11.0124 7648 mouclass - ok 20:02:11.0164 7648 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 20:02:11.0194 7648 mouhid - ok 20:02:11.0294 7648 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 20:02:11.0304 7648 mountmgr - ok 20:02:11.0324 7648 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 20:02:11.0344 7648 mpio - ok 20:02:11.0364 7648 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 20:02:11.0434 7648 mpsdrv - ok 20:02:11.0474 7648 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 20:02:11.0494 7648 MRxDAV - ok 20:02:11.0544 7648 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys 20:02:11.0594 7648 mrxsmb - ok 20:02:11.0714 7648 mrxsmb10 (c108952d3660375dcb716b222912e868) C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:02:11.0744 7648 mrxsmb10 - ok 20:02:11.0764 7648 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:02:11.0784 7648 mrxsmb20 - ok 20:02:11.0824 7648 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys 20:02:11.0834 7648 msahci - ok 20:02:11.0864 7648 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 20:02:11.0874 7648 msdsm - ok 20:02:11.0914 7648 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe 20:02:11.0954 7648 MSDTC - ok 20:02:12.0034 7648 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 20:02:12.0064 7648 Msfs - ok 20:02:12.0074 7648 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 20:02:12.0124 7648 mshidkmdf - ok 20:02:12.0174 7648 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 20:02:12.0184 7648 msisadrv - ok 20:02:12.0214 7648 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll 20:02:12.0244 7648 MSiSCSI - ok 20:02:12.0254 7648 msiserver - ok 20:02:12.0294 7648 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 20:02:12.0334 7648 MSKSSRV - ok 20:02:12.0424 7648 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 20:02:12.0474 7648 MSPCLOCK - ok 20:02:12.0524 7648 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 20:02:12.0554 7648 MSPQM - ok 20:02:12.0574 7648 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 20:02:12.0584 7648 MsRPC - ok 20:02:12.0604 7648 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 20:02:12.0614 7648 mssmbios - ok 20:02:12.0764 7648 MSSQLSERVER - ok 20:02:12.0844 7648 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe 20:02:12.0854 7648 MSSQLServerADHelper - ok 20:02:12.0944 7648 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 20:02:12.0974 7648 MSTEE - ok 20:02:13.0004 7648 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 20:02:13.0044 7648 MTConfig - ok 20:02:13.0074 7648 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 20:02:13.0084 7648 Mup - ok 20:02:13.0114 7648 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll 20:02:13.0164 7648 napagent - ok 20:02:13.0204 7648 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 20:02:13.0244 7648 NativeWifiP - ok 20:02:13.0284 7648 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys 20:02:13.0314 7648 NDIS - ok 20:02:13.0414 7648 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 20:02:13.0464 7648 NdisCap - ok 20:02:13.0504 7648 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 20:02:13.0544 7648 NdisTapi - ok 20:02:13.0584 7648 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 20:02:13.0634 7648 Ndisuio - ok 20:02:13.0744 7648 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 20:02:13.0774 7648 NdisWan - ok 20:02:13.0794 7648 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 20:02:13.0824 7648 NDProxy - ok 20:02:13.0844 7648 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 20:02:13.0894 7648 NetBIOS - ok 20:02:13.0924 7648 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 20:02:13.0974 7648 NetBT - ok 20:02:14.0014 7648 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe 20:02:14.0034 7648 Netlogon - ok 20:02:14.0094 7648 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll 20:02:14.0144 7648 Netman - ok 20:02:14.0194 7648 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll 20:02:14.0244 7648 netprofm - ok 20:02:14.0314 7648 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:02:14.0324 7648 NetTcpPortSharing - ok 20:02:14.0434 7648 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys 20:02:14.0554 7648 netw5v32 - ok 20:02:14.0684 7648 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 20:02:14.0694 7648 nfrd960 - ok 20:02:14.0734 7648 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll 20:02:14.0794 7648 NlaSvc - ok 20:02:14.0814 7648 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 20:02:14.0854 7648 Npfs - ok 20:02:14.0874 7648 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll 20:02:14.0904 7648 nsi - ok 20:02:14.0924 7648 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 20:02:14.0974 7648 nsiproxy - ok 20:02:15.0124 7648 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys 20:02:15.0164 7648 Ntfs - ok 20:02:15.0174 7648 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 20:02:15.0214 7648 Null - ok 20:02:15.0534 7648 nvlddmkm (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys 20:02:15.0824 7648 nvlddmkm - ok 20:02:15.0994 7648 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys 20:02:16.0014 7648 nvraid - ok 20:02:16.0024 7648 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys 20:02:16.0034 7648 nvstor - ok 20:02:16.0084 7648 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 20:02:16.0104 7648 nv_agp - ok 20:02:16.0124 7648 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 20:02:16.0164 7648 ohci1394 - ok 20:02:16.0224 7648 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:02:16.0234 7648 ose - ok 20:02:16.0404 7648 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 20:02:16.0524 7648 osppsvc - ok 20:02:16.0604 7648 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 20:02:16.0644 7648 p2pimsvc - ok 20:02:16.0684 7648 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll 20:02:16.0724 7648 p2psvc - ok 20:02:16.0774 7648 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 20:02:16.0815 7648 Parport - ok 20:02:16.0831 7648 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 20:02:16.0846 7648 partmgr - ok 20:02:16.0862 7648 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 20:02:16.0919 7648 Parvdm - ok 20:02:16.0999 7648 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll 20:02:17.0019 7648 PcaSvc - ok 20:02:17.0039 7648 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 20:02:17.0049 7648 pci - ok 20:02:17.0069 7648 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 20:02:17.0079 7648 pciide - ok 20:02:17.0109 7648 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 20:02:17.0119 7648 pcmcia - ok 20:02:17.0139 7648 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 20:02:17.0159 7648 pcw - ok 20:02:17.0209 7648 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 20:02:17.0279 7648 PEAUTH - ok 20:02:17.0369 7648 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll 20:02:17.0419 7648 PeerDistSvc - ok 20:02:17.0489 7648 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll 20:02:17.0559 7648 pla - ok 20:02:17.0679 7648 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll 20:02:17.0729 7648 PlugPlay - ok 20:02:17.0819 7648 Pml Driver HPZ12 (13fbe33e8ab8284c6a3c6ce86fa59ea0) C:\Windows\system32\HPZipm12.dll 20:02:17.0859 7648 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 20:02:17.0859 7648 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 20:02:17.0899 7648 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll 20:02:17.0939 7648 PNRPAutoReg - ok 20:02:17.0969 7648 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 20:02:17.0989 7648 PNRPsvc - ok 20:02:18.0109 7648 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys 20:02:18.0119 7648 Point32 - ok 20:02:18.0149 7648 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll 20:02:18.0209 7648 PolicyAgent - ok 20:02:18.0249 7648 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll 20:02:18.0289 7648 Power - ok 20:02:18.0379 7648 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 20:02:18.0439 7648 PptpMiniport - ok 20:02:18.0549 7648 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 20:02:18.0589 7648 Processor - ok 20:02:18.0649 7648 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll 20:02:18.0709 7648 ProfSvc - ok 20:02:18.0779 7648 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe 20:02:18.0799 7648 ProtectedStorage - ok 20:02:18.0889 7648 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 20:02:18.0939 7648 Psched - ok 20:02:18.0985 7648 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 20:02:19.0017 7648 ql2300 - ok 20:02:19.0126 7648 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 20:02:19.0141 7648 ql40xx - ok 20:02:19.0173 7648 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll 20:02:19.0219 7648 QWAVE - ok 20:02:19.0235 7648 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 20:02:19.0266 7648 QWAVEdrv - ok 20:02:19.0329 7648 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll 20:02:19.0344 7648 RapiMgr - ok 20:02:19.0360 7648 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 20:02:19.0407 7648 RasAcd - ok 20:02:19.0563 7648 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 20:02:19.0594 7648 RasAgileVpn - ok 20:02:19.0609 7648 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll 20:02:19.0641 7648 RasAuto - ok 20:02:19.0672 7648 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 20:02:19.0719 7648 Rasl2tp - ok 20:02:19.0765 7648 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll 20:02:19.0828 7648 RasMan - ok 20:02:19.0953 7648 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 20:02:19.0999 7648 RasPppoe - ok 20:02:20.0046 7648 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 20:02:20.0077 7648 RasSstp - ok 20:02:20.0093 7648 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 20:02:20.0124 7648 rdbss - ok 20:02:20.0140 7648 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 20:02:20.0155 7648 rdpbus - ok 20:02:20.0187 7648 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 20:02:20.0218 7648 RDPCDD - ok 20:02:20.0311 7648 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys 20:02:20.0343 7648 RDPDR - ok 20:02:20.0405 7648 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 20:02:20.0436 7648 RDPENCDD - ok 20:02:20.0467 7648 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 20:02:20.0530 7648 RDPREFMP - ok 20:02:20.0561 7648 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys 20:02:20.0577 7648 RDPWD - ok 20:02:20.0608 7648 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 20:02:20.0623 7648 rdyboost - ok 20:02:20.0686 7648 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll 20:02:20.0717 7648 RemoteAccess - ok 20:02:20.0764 7648 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll 20:02:20.0811 7648 RemoteRegistry - ok 20:02:20.0873 7648 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys 20:02:20.0935 7648 rimmptsk - ok 20:02:20.0951 7648 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys 20:02:20.0967 7648 rimsptsk - ok 20:02:20.0982 7648 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys 20:02:20.0998 7648 rismxdp - ok 20:02:21.0013 7648 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll 20:02:21.0076 7648 RpcEptMapper - ok 20:02:21.0154 7648 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe 20:02:21.0185 7648 RpcLocator - ok 20:02:21.0232 7648 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll 20:02:21.0263 7648 RpcSs - ok 20:02:21.0310 7648 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 20:02:21.0372 7648 rspndr - ok 20:02:21.0403 7648 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys 20:02:21.0450 7648 s3cap - ok 20:02:21.0481 7648 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe 20:02:21.0497 7648 SamSs - ok 20:02:21.0575 7648 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 20:02:21.0591 7648 sbp2port - ok 20:02:21.0637 7648 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll 20:02:21.0684 7648 SCardSvr - ok 20:02:21.0731 7648 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 20:02:21.0793 7648 scfilter - ok 20:02:21.0840 7648 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll 20:02:21.0903 7648 Schedule - ok 20:02:21.0965 7648 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll 20:02:21.0996 7648 SCPolicySvc - ok 20:02:22.0074 7648 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\drivers\sdbus.sys 20:02:22.0137 7648 sdbus - ok 20:02:22.0168 7648 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll 20:02:22.0199 7648 SDRSVC - ok 20:02:22.0293 7648 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 20:02:22.0324 7648 secdrv - ok 20:02:22.0386 7648 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll 20:02:22.0433 7648 seclogon - ok 20:02:22.0464 7648 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll 20:02:22.0511 7648 SENS - ok 20:02:22.0558 7648 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll 20:02:22.0620 7648 SensrSvc - ok 20:02:22.0667 7648 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 20:02:22.0683 7648 Serenum - ok 20:02:22.0698 7648 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 20:02:22.0714 7648 Serial - ok 20:02:22.0761 7648 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 20:02:22.0792 7648 sermouse - ok 20:02:22.0839 7648 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll 20:02:22.0885 7648 SessionEnv - ok 20:02:22.0932 7648 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 20:02:22.0963 7648 sffdisk - ok 20:02:22.0995 7648 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 20:02:22.0995 7648 sffp_mmc - ok 20:02:23.0041 7648 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\drivers\sffp_sd.sys 20:02:23.0073 7648 sffp_sd - ok 20:02:23.0104 7648 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 20:02:23.0135 7648 sfloppy - ok 20:02:23.0213 7648 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll 20:02:23.0275 7648 SharedAccess - ok 20:02:23.0322 7648 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll 20:02:23.0369 7648 ShellHWDetection - ok 20:02:23.0400 7648 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 20:02:23.0400 7648 sisagp - ok 20:02:23.0463 7648 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 20:02:23.0478 7648 SiSRaid2 - ok 20:02:23.0494 7648 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 20:02:23.0509 7648 SiSRaid4 - ok 20:02:23.0572 7648 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 20:02:23.0619 7648 Smb - ok 20:02:23.0650 7648 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe 20:02:23.0681 7648 SNMPTRAP - ok 20:02:23.0697 7648 sonicstagemonitoring - ok 20:02:23.0728 7648 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 20:02:23.0743 7648 spldr - ok 20:02:23.0775 7648 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe 20:02:23.0821 7648 Spooler - ok 20:02:23.0915 7648 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe 20:02:24.0009 7648 sppsvc - ok 20:02:24.0087 7648 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll 20:02:24.0133 7648 sppuinotify - ok 20:02:24.0284 7648 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 20:02:24.0299 7648 SQLBrowser - ok 20:02:24.0346 7648 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 20:02:24.0362 7648 SQLWriter - ok 20:02:24.0409 7648 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys 20:02:24.0471 7648 srv - ok 20:02:24.0502 7648 srv1A8 - ok 20:02:24.0549 7648 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys 20:02:24.0580 7648 srv2 - ok 20:02:24.0611 7648 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 20:02:24.0658 7648 SrvHsfHDA - ok 20:02:24.0689 7648 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 20:02:24.0736 7648 SrvHsfV92 - ok 20:02:24.0767 7648 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 20:02:24.0799 7648 SrvHsfWinac - ok 20:02:24.0892 7648 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys 20:02:24.0923 7648 srvnet - ok 20:02:24.0970 7648 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll 20:02:25.0001 7648 SSDPSRV - ok 20:02:25.0017 7648 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll 20:02:25.0079 7648 SstpSvc - ok 20:02:25.0142 7648 Steam Client Service - ok 20:02:25.0173 7648 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 20:02:25.0189 7648 stexstor - ok 20:02:25.0267 7648 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll 20:02:25.0313 7648 StiSvc - ok 20:02:25.0345 7648 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys 20:02:25.0360 7648 storflt - ok 20:02:25.0376 7648 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll 20:02:25.0391 7648 StorSvc - ok 20:02:25.0423 7648 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys 20:02:25.0423 7648 storvsc - ok 20:02:25.0454 7648 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 20:02:25.0454 7648 swenum - ok 20:02:25.0501 7648 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll 20:02:25.0547 7648 swprv - ok 20:02:25.0672 7648 SynTP (451e8037e2eb6da6bdf0a66f65d1810b) C:\Windows\system32\DRIVERS\SynTP.sys 20:02:25.0688 7648 SynTP - ok 20:02:25.0750 7648 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll 20:02:25.0813 7648 SysMain - ok 20:02:25.0891 7648 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll 20:02:25.0937 7648 TabletInputService - ok 20:02:25.0969 7648 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll 20:02:26.0000 7648 TapiSrv - ok 20:02:26.0015 7648 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll 20:02:26.0062 7648 TBS - ok 20:02:26.0156 7648 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys 20:02:26.0203 7648 Tcpip - ok 20:02:26.0265 7648 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys 20:02:26.0312 7648 TCPIP6 - ok 20:02:26.0343 7648 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 20:02:26.0374 7648 tcpipreg - ok 20:02:26.0405 7648 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 20:02:26.0437 7648 TDPIPE - ok 20:02:26.0483 7648 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys 20:02:26.0515 7648 TDTCP - ok 20:02:26.0561 7648 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 20:02:26.0624 7648 tdx - ok 20:02:26.0702 7648 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 20:02:26.0702 7648 TermDD - ok 20:02:26.0749 7648 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll 20:02:26.0800 7648 TermService - ok 20:02:26.0830 7648 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll 20:02:26.0850 7648 Themes - ok 20:02:26.0880 7648 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 20:02:26.0910 7648 THREADORDER - ok 20:02:26.0940 7648 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll 20:02:26.0990 7648 TrkWks - ok 20:02:27.0060 7648 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe 20:02:27.0080 7648 TrustedInstaller - ok 20:02:27.0160 7648 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 20:02:27.0220 7648 tssecsrv - ok 20:02:27.0250 7648 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 20:02:27.0290 7648 tunnel - ok 20:02:27.0310 7648 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 20:02:27.0320 7648 uagp35 - ok 20:02:27.0370 7648 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys 20:02:27.0430 7648 udfs - ok 20:02:27.0490 7648 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe 20:02:27.0530 7648 UI0Detect - ok 20:02:27.0590 7648 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 20:02:27.0600 7648 uliagpkx - ok 20:02:27.0630 7648 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys 20:02:27.0670 7648 umbus - ok 20:02:27.0710 7648 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 20:02:27.0750 7648 UmPass - ok 20:02:27.0810 7648 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll 20:02:27.0840 7648 UmRdpService - ok 20:02:27.0910 7648 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll 20:02:27.0950 7648 upnphost - ok 20:02:28.0010 7648 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys 20:02:28.0020 7648 USBAAPL - ok 20:02:28.0080 7648 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys 20:02:28.0120 7648 usbaudio - ok 20:02:28.0160 7648 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys 20:02:28.0200 7648 usbccgp - ok 20:02:28.0320 7648 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 20:02:28.0350 7648 usbcir - ok 20:02:28.0380 7648 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys 20:02:28.0400 7648 usbehci - ok 20:02:28.0440 7648 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys 20:02:28.0470 7648 usbhub - ok 20:02:28.0510 7648 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys 20:02:28.0550 7648 usbohci - ok 20:02:28.0580 7648 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 20:02:28.0630 7648 usbprint - ok 20:02:28.0760 7648 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:02:28.0790 7648 USBSTOR - ok 20:02:28.0810 7648 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys 20:02:28.0851 7648 usbuhci - ok 20:02:28.0929 7648 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys 20:02:28.0945 7648 usb_rndisx - ok 20:02:28.0976 7648 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll 20:02:29.0038 7648 UxSms - ok 20:02:29.0179 7648 V0650Vid (d52dfef8e9c947369e46c24b4fa70e9a) C:\Windows\system32\DRIVERS\V0650Vid.sys 20:02:29.0210 7648 V0650Vid - ok 20:02:29.0257 7648 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe 20:02:29.0257 7648 VaultSvc - ok 20:02:29.0288 7648 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 20:02:29.0303 7648 vdrvroot - ok 20:02:29.0319 7648 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe 20:02:29.0366 7648 vds - ok 20:02:29.0491 7648 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 20:02:29.0506 7648 vga - ok 20:02:29.0537 7648 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 20:02:29.0569 7648 VgaSave - ok 20:02:29.0600 7648 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 20:02:29.0615 7648 vhdmp - ok 20:02:29.0647 7648 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 20:02:29.0647 7648 viaagp - ok 20:02:29.0678 7648 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 20:02:29.0709 7648 ViaC7 - ok 20:02:29.0740 7648 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 20:02:29.0756 7648 viaide - ok 20:02:29.0865 7648 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys 20:02:29.0881 7648 vmbus - ok 20:02:29.0912 7648 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys 20:02:29.0927 7648 VMBusHID - ok 20:02:29.0959 7648 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 20:02:29.0974 7648 volmgr - ok 20:02:29.0990 7648 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 20:02:30.0005 7648 volmgrx - ok 20:02:30.0037 7648 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys 20:02:30.0052 7648 volsnap - ok 20:02:30.0146 7648 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 20:02:30.0161 7648 vsmraid - ok 20:02:30.0208 7648 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe 20:02:30.0255 7648 VSS - ok 20:02:30.0380 7648 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 20:02:30.0411 7648 vwifibus - ok 20:02:30.0442 7648 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll 20:02:30.0505 7648 W32Time - ok 20:02:30.0536 7648 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 20:02:30.0551 7648 WacomPen - ok 20:02:30.0583 7648 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 20:02:30.0614 7648 WANARP - ok 20:02:30.0614 7648 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 20:02:30.0661 7648 Wanarpv6 - ok 20:02:30.0754 7648 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe 20:02:30.0817 7648 WatAdminSvc - ok 20:02:30.0863 7648 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe 20:02:30.0910 7648 wbengine - ok 20:02:30.0957 7648 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll 20:02:31.0004 7648 WbioSrvc - ok 20:02:31.0082 7648 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll 20:02:31.0097 7648 WcesComm - ok 20:02:31.0160 7648 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll 20:02:31.0191 7648 wcncsvc - ok 20:02:31.0222 7648 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll 20:02:31.0253 7648 WcsPlugInService - ok 20:02:31.0285 7648 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 20:02:31.0300 7648 Wd - ok 20:02:31.0316 7648 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 20:02:31.0347 7648 Wdf01000 - ok 20:02:31.0407 7648 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 20:02:31.0447 7648 WdiServiceHost - ok 20:02:31.0457 7648 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 20:02:31.0477 7648 WdiSystemHost - ok 20:02:31.0517 7648 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll 20:02:31.0557 7648 WebClient - ok 20:02:31.0587 7648 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll 20:02:31.0627 7648 Wecsvc - ok 20:02:31.0657 7648 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll 20:02:31.0697 7648 wercplsupport - ok 20:02:31.0717 7648 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll 20:02:31.0757 7648 WerSvc - ok 20:02:31.0807 7648 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 20:02:31.0847 7648 WfpLwf - ok 20:02:31.0897 7648 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 20:02:31.0907 7648 WIMMount - ok 20:02:31.0967 7648 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll 20:02:32.0007 7648 WinDefend - ok 20:02:32.0017 7648 WinHttpAutoProxySvc - ok 20:02:32.0067 7648 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll 20:02:32.0117 7648 Winmgmt - ok 20:02:32.0207 7648 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll 20:02:32.0257 7648 WinRM - ok 20:02:32.0307 7648 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys 20:02:32.0337 7648 WinUsb - ok 20:02:32.0377 7648 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll 20:02:32.0437 7648 Wlansvc - ok 20:02:32.0567 7648 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 20:02:32.0617 7648 WmiAcpi - ok 20:02:32.0687 7648 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe 20:02:32.0737 7648 wmiApSrv - ok 20:02:32.0837 7648 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe 20:02:32.0897 7648 WMPNetworkSvc - ok 20:02:32.0977 7648 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll 20:02:32.0997 7648 WPCSvc - ok 20:02:33.0017 7648 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll 20:02:33.0047 7648 WPDBusEnum - ok 20:02:33.0097 7648 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 20:02:33.0147 7648 ws2ifsl - ok 20:02:33.0227 7648 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll 20:02:33.0277 7648 wscsvc - ok 20:02:33.0287 7648 WSearch - ok 20:02:33.0347 7648 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll 20:02:33.0417 7648 wuauserv - ok 20:02:33.0547 7648 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 20:02:33.0597 7648 WudfPf - ok 20:02:33.0617 7648 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 20:02:33.0657 7648 WUDFRd - ok 20:02:33.0697 7648 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll 20:02:33.0757 7648 wudfsvc - ok 20:02:33.0797 7648 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll 20:02:33.0837 7648 WwanSvc - ok 20:02:33.0967 7648 xusb21 (c26c68bcbac1f33f890c226769759209) C:\Windows\system32\DRIVERS\xusb21.sys 20:02:34.0007 7648 xusb21 - ok 20:02:34.0047 7648 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 20:02:34.0154 7648 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 20:02:34.0154 7648 \Device\Harddisk0\DR0 - detected TDSS File System (1) 20:02:34.0154 7648 Boot (0x1200) (8e88f1c300f2dc34334438e92109adcd) \Device\Harddisk0\DR0\Partition0 20:02:34.0154 7648 \Device\Harddisk0\DR0\Partition0 - ok 20:02:34.0154 7648 ============================================================ 20:02:34.0154 7648 Scan finished 20:02:34.0154 7648 ============================================================ 20:02:34.0169 6608 Detected object count: 4 20:02:34.0169 6608 Actual detected object count: 4 20:04:06.0428 6608 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 20:04:06.0428 6608 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:04:06.0428 6608 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user 20:04:06.0428 6608 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:04:06.0428 6608 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 20:04:06.0428 6608 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:04:06.0524 6608 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 20:04:06.0534 6608 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 20:04:06.0574 6608 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine 20:04:06.0574 6608 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 20:04:06.0574 6608 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 20:04:06.0584 6608 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 20:04:06.0594 6608 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine 20:04:06.0594 6608 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 20:04:06.0604 6608 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 20:04:06.0604 6608 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 20:04:06.0604 6608 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 20:04:06.0614 6608 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine 20:04:06.0614 6608 \Device\Harddisk0\DR0\TDLFS - deleted 20:04:06.0614 6608 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete 20:04:31.0736 5256 Deinitialize success Unhide restored most everything except the items when I first pop open my start menu - like the recently used programs and files...

RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User: Shane [Admin rights] Mode: Scan -- Date: 04/09/2012 19:16:29 ¤¤¤ Bad processes: 1 ¤¤¤ [sUSP PATH] V0650Mon.exe -- C:\Windows\V0650Mon.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 10 ¤¤¤ [sUSP PATH] HKLM\[...]\Run : V0650Mon.exe (C:\Windows\V0650Mon.exe) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS723225L9A362 ATA Device +++++ --- User --- [MBR] be9661f0a67815957b5bf46d56ce0152 [bSP] e7a4d88e39462edee4d9ce59ade9badd : Windows 7 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 238372 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt As requested. S

OK, so my cable company stopped carrying my local hockey team. Watching them on pirate websites has taken it's toll on my rig (again)... Her are the logs and thanks in advance for your help. . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Shane at 8:48:11 on 2012-04-08 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3582.2099 [GMT -4:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Windows\System32\bgsvcgen.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Microsoft Dynamics NAV\60\Service\Microsoft.Dynamics.Nav.Server.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\V0650Mon.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Citrix\ICA Client\wfcrun32.exe C:\Program Files\AVG\AVG2012\avgemcx.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Users\Shane\AppData\Roaming\Dropbox\bin\Dropbox.exe c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Windows\System32\svchost.exe -k HPZ12 c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local mURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll uRun: [Facebook Update] "c:\users\shane\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [V0650Mon.exe] c:\windows\V0650Mon.exe mRun: [Rocket Live! Central 2] "c:\program files\rocketfish hd webcam\live! central\RFLVCentral2.exe" /mode2 mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\users\shane\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\shane\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\users\shane\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Trusted Zone: caplugs.com\citrix DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{09E9C12D-B854-4F27-BBA9-0425849B4188} : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{C1EEF202-5EBC-4682-A820-E45D6359DE9B} : DhcpNameServer = 10.1.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248] R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-7 652360] R2 MicrosoftDynamicsNavServer;Microsoft Dynamics NAV Server;c:\program files\microsoft dynamics nav\60\service\Microsoft.Dynamics.Nav.Server.exe [2009-8-14 141184] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-7 20464] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 srv1A8;srv1A8;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2011-1-20 144640] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880] S3 MicrosoftDynamicsNavWS;Microsoft Dynamics NAV Business Web Services;c:\program files\microsoft dynamics nav\60\service\Microsoft.Dynamics.Nav.Server.exe [2009-8-14 141184] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 V0650Vid;Rocketfish HD Webcam Driver;c:\windows\system32\drivers\V0650Vid.sys [2011-1-16 322176] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-25 1343400] . =============== Created Last 30 ================ . 2012-04-07 18:48:38 -------- d-sh--w- C:\$RECYCLE.BIN 2012-04-07 18:48:36 -------- d-----w- c:\users\shane\appdata\local\temp 2012-04-07 17:47:33 98816 ----a-w- c:\windows\sed.exe 2012-04-07 17:47:33 518144 ----a-w- c:\windows\SWREG.exe 2012-04-07 17:47:33 256000 ----a-w- c:\windows\PEV.exe 2012-04-07 17:47:33 208896 ----a-w- c:\windows\MBR.exe 2012-04-07 17:22:29 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-07 17:22:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-07 16:42:38 -------- d-----w- C:\TDSSKiller_Quarantine 2012-04-05 23:24:50 117760 ----a-w- c:\programdata\microsoft\windows\drm\D5C6.tmp 2012-03-29 02:10:17 -------- d-----w- c:\users\shane\appdata\roaming\NVIDIA 2012-03-14 11:17:10 3957616 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-14 11:17:08 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-13 22:36:22 2341376 ----a-w- c:\windows\system32\win32k.sys 2012-03-13 22:36:21 739840 ----a-w- c:\windows\system32\d2d1.dll 2012-03-13 22:36:21 218624 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-03-13 22:36:21 161792 ----a-w- c:\windows\system32\d3d10_1.dll 2012-03-13 22:36:21 1170944 ----a-w- c:\windows\system32\d3d10warp.dll 2012-03-13 22:36:21 1074176 ----a-w- c:\windows\system32\DWrite.dll 2012-03-13 22:36:02 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-13 22:36:02 57856 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-13 22:36:02 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-13 22:36:00 826368 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-13 22:36:00 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-13 22:36:00 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys . ==================== Find3M ==================== . 2012-04-07 16:43:26 387584 ----a-w- c:\windows\system32\drivers\csc.sys 2012-03-02 23:04:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ============= FINISH: 8:50:29.70 =============== ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-06-23.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 9/24/2010 9:20:35 PM System Uptime: 4/8/2012 8:31:08 AM (0 hours ago) . Motherboard: Dell Inc. | | 0JM680 Processor: Intel® Core2 Duo CPU T9300 @ 2.50GHz | Microprocessor | 2501/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 233 GiB total, 92.582 GiB free. D: is CDROM () E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP165: 2/23/2012 6:32:07 AM - Windows Update RP166: 3/2/2012 7:48:13 PM - Scheduled Checkpoint RP167: 3/11/2012 10:24:49 AM - Scheduled Checkpoint RP169: 3/14/2012 7:16:45 AM - Windows Modules Installer RP171: 3/22/2012 7:47:33 PM - Scheduled Checkpoint RP172: 3/30/2012 10:44:19 PM - Scheduled Checkpoint RP173: 4/7/2012 11:38:49 AM - Restore Operation . ==== Installed Programs ====================== . µTorrent Adobe AIR Adobe Digital Editions Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.1) Advanced Audio FX Engine Amazon MP3 Downloader 1.0.12 American Module for Microsoft Dynamics NAV Classic Client American Module for Microsoft Dynamics NAV Documentation American Module for Microsoft Dynamics NAV Outlook Add-In American Module for Microsoft Dynamics NAV Role Tailored Client American Module for Microsoft Dynamics NAV Server Apple Application Support Apple Mobile Device Support Apple Software Update AVG 2012 Bonjour Canadian Module for Microsoft Dynamics NAV Classic Client Canadian Module for Microsoft Dynamics NAV Documentation Canadian Module for Microsoft Dynamics NAV Outlook Add-In Canadian Module for Microsoft Dynamics NAV Role Tailored Client Canadian Module for Microsoft Dynamics NAV Server Citrix online plug-in - web Citrix online plug-in (DV) Citrix online plug-in (HDX) Citrix online plug-in (USB) Citrix online plug-in (Web) Counter-Strike Coupon Printer for Windows Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell Driver Download Manager Dell Touchpad Documentation Dropbox ESET Online Scanner v3 Facebook Video Calling 1.2.0.159 FLV Player GMATPrep iTunes Java Auto Updater Java 6 Update 26 Java 7 Live! Cam Avatar Creator Magic ISO Maker v5.5 (build 0281) MagicDisc 2.7.106 Malwarebytes Anti-Malware version 1.60.1.1000 MediaMonkey 3.2 Mexican Module for Microsoft Dynamics NAV Classic Client Mexican Module for Microsoft Dynamics NAV Documentation Mexican Module for Microsoft Dynamics NAV Outlook Add-In Mexican Module for Microsoft Dynamics NAV Role Tailored Client Mexican Module for Microsoft Dynamics NAV Server Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) Microsoft Dynamics NAV 2009 Classic Microsoft Dynamics NAV 2009 Outlook Add-in Microsoft Dynamics NAV 2009 RoleTailored Client Microsoft Dynamics NAV 2009 Service Microsoft Dynamics NAV 2009 SP1 Microsoft Dynamics NAV 6-0 Database for SQL Server Microsoft Dynamics NAV 6.0 Setup Microsoft Dynamics NAV Components for Microsoft SQL Server Microsoft IntelliPoint 8.2 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Report Viewer Redistributable 2008 (KB971119) Microsoft Silverlight Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 NHL® 09 NVIDIA Install Application PHOTOfunSTUDIO 5.0 HD Edition PrimoPDF -- brought to you by Nitro PDF Software QuickTime RICOH R5C83x/84x Media Driver x86 Ver.3.34.03 Rocketfish HD Webcam (1.00.06.00) Rocketfish Live! Central Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition SILKYPIX Developer Studio 3.1 SE Skype Click to Call Skype™ 5.5 Steam Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition Update for Microsoft Outlook Social Connector (KB2583935) Windows Mobile Device Center Yahoo! BrowserPlus 2.9.8 Yahoo! Detect . ==== Event Viewer Messages From Past Week ======== . 4/8/2012 8:32:46 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143. 4/8/2012 8:32:27 AM, Error: Service Control Manager [7023] - The srv1A8 service terminated with the following error: The specified module could not be found. 4/8/2012 8:32:27 AM, Error: Service Control Manager [7023] - The Avgio service terminated with the following error: The specified module could not be found. 4/8/2012 8:32:27 AM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed. 4/8/2012 8:31:56 AM, Error: Service Control Manager [7023] - The WavxDMgr service terminated with the following error: The specified module could not be found. 4/8/2012 8:31:56 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 4/7/2012 2:48:46 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 4/7/2012 2:48:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 4/7/2012 2:48:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 4/7/2012 2:48:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 4/7/2012 2:48:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 4/7/2012 2:47:43 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 4/7/2012 2:39:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 ctxusbm discache spldr Wanarpv6 4/7/2012 12:43:40 PM, Error: Microsoft-Windows-Eventlog [22] - The event logging service encountered an error while initializing publishing resources for channel DebugChannel. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well. 4/7/2012 11:50:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 4/7/2012 11:42:25 AM, Error: Service Control Manager [7023] - The WavxDMgr service terminated with the following error: Access is denied. 4/7/2012 11:41:29 AM, Error: Service Control Manager [7023] - The Avgio service terminated with the following error: Access is denied. 4/7/2012 11:34:56 AM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: Access is denied. 4/7/2012 11:34:56 AM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: Access is denied. 4/7/2012 11:34:56 AM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80070005. 4/7/2012 11:34:53 AM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service. 4/7/2012 11:33:56 AM, Error: Service Control Manager [7023] - The Sdcplh service terminated with the following error: Access is denied. 4/7/2012 11:33:47 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xc0461398, 0xc000000e, 0x90d35860, 0x8c273fda). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040712-69904-01. 4/7/2012 11:12:53 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 4/7/2012 11:12:53 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running. 4/7/2012 11:12:53 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running. 4/7/2012 11:12:53 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 4/7/2012 11:12:53 AM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 4/7/2012 11:11:53 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running. 4/7/2012 11:11:53 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Application Experience service, but this action failed with the following error: An instance of the service is already running. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s). 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/7/2012 11:10:53 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/7/2012 1:47:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} 4/7/2012 1:38:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 4/7/2012 1:38:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 4/5/2012 8:05:25 PM, Error: Schannel [36887] - The following fatal alert was received: 40. 4/5/2012 8:03:55 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance. 4/5/2012 7:35:50 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance. 4/5/2012 7:30:49 PM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance. 4/5/2012 10:01:20 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running. . ==== End Of File ===========================

I downloaded the Sp1 installer and ran it. After 15 minutes it failes - error_sxs_assembly _missing (0x80073701). Any other ideas to get the SP1 to install? Thanks for all your help by the way.

Updated Adobe, Java, IE, and tried to install SP1 for windows 7 but I get this - Windows 7 SP1 Updates fails with error 80073701 C:\Qoobox\Quarantine\C\ProgramData\C5C7.tmp.vir a variant of Win32/Kryptik.RST trojan cleaned by deleting - quarantined C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\5767092-11286bc6 a variant of Java/TrojanDownloader.OpenStream.NCI trojan cleaned by deleting - quarantined C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\5767092-1795d424 a variant of Java/TrojanDownloader.OpenStream.NCI trojan cleaned by deleting - quarantined C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\5767092-17f0f4cb a variant of Java/TrojanDownloader.OpenStream.NCI trojan cleaned by deleting - quarantined C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\5767092-21c8f7d7 a variant of Java/TrojanDownloader.OpenStream.NCI trojan cleaned by deleting - quarantined C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\5767092-5497d9ed a variant of Java/TrojanDownloader.OpenStream.NCI trojan cleaned by deleting - quarantined C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\5767092-6d987f30 a variant of Java/TrojanDownloader.OpenStream.NCI trojan cleaned by deleting - quarantined

. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-06-23.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 9/24/2010 9:20:35 PM System Uptime: 8/22/2011 6:55:30 PM (3 hours ago) . Motherboard: Dell Inc. | | 0JM680 Processor: Intel® Core2 Duo CPU T9300 @ 2.50GHz | Microprocessor | 775/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 233 GiB total, 132.937 GiB free. D: is CDROM () E: is CDROM (CDFS) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP122: 8/22/2011 6:19:56 AM - Windows 7 Service Pack 1 . ==== Installed Programs ====================== . µTorrent Adobe AIR Adobe Digital Editions Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.4.0 Advanced Audio FX Engine Amazon MP3 Downloader 1.0.12 American Module for Microsoft Dynamics NAV Classic Client American Module for Microsoft Dynamics NAV Documentation American Module for Microsoft Dynamics NAV Outlook Add-In American Module for Microsoft Dynamics NAV Role Tailored Client American Module for Microsoft Dynamics NAV Server Apple Application Support Apple Mobile Device Support Apple Software Update AVG Free 9.0 Bonjour Canadian Module for Microsoft Dynamics NAV Classic Client Canadian Module for Microsoft Dynamics NAV Documentation Canadian Module for Microsoft Dynamics NAV Outlook Add-In Canadian Module for Microsoft Dynamics NAV Role Tailored Client Canadian Module for Microsoft Dynamics NAV Server Citrix online plug-in - web Citrix online plug-in (DV) Citrix online plug-in (HDX) Citrix online plug-in (USB) Citrix online plug-in (Web) Counter-Strike Coupon Printer for Windows Definition update for Microsoft Office 2010 (KB982726) Dell Driver Download Manager Dell Touchpad Documentation FLV Player GMATPrep iTunes Java Auto Updater Java 6 Update 26 Live! Cam Avatar Creator Magic ISO Maker v5.5 (build 0281) MagicDisc 2.7.106 Malwarebytes' Anti-Malware version 1.51.1.1800 MediaMonkey 3.2 Mexican Module for Microsoft Dynamics NAV Classic Client Mexican Module for Microsoft Dynamics NAV Documentation Mexican Module for Microsoft Dynamics NAV Outlook Add-In Mexican Module for Microsoft Dynamics NAV Role Tailored Client Mexican Module for Microsoft Dynamics NAV Server Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) Microsoft Dynamics NAV 2009 Classic Microsoft Dynamics NAV 2009 Outlook Add-in Microsoft Dynamics NAV 2009 RoleTailored Client Microsoft Dynamics NAV 2009 Service Microsoft Dynamics NAV 2009 SP1 Microsoft Dynamics NAV 6-0 Database for SQL Server Microsoft Dynamics NAV 6.0 Setup Microsoft Dynamics NAV Components for Microsoft SQL Server Microsoft IntelliPoint 8.0 Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Report Viewer Redistributable 2008 (KB971119) Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 NHL® 09 NVIDIA 3D Vision Driver 266.58 NVIDIA Control Panel 266.58 NVIDIA Graphics Driver 266.58 NVIDIA Install Application NVIDIA nView 135.50 NVIDIA nView Desktop Manager NVIDIA PhysX NVIDIA PhysX System Software 9.10.0514 NVIDIA Stereoscopic 3D Driver PHOTOfunSTUDIO 5.0 HD Edition PrimoPDF -- brought to you by Nitro PDF Software QuickTime RICOH R5C83x/84x Media Driver x86 Ver.3.34.03 Rocketfish HD Webcam (1.00.06.00) Rocketfish Live! Central Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft Excel 2010 (KB2523021) Security Update for Microsoft InfoPath 2010 (KB2510065) Security Update for Microsoft Office 2010 (KB2289078) Security Update for Microsoft Office 2010 (KB2289161) Security Update for Microsoft PowerPoint 2010 (KB2519975) Security Update for Microsoft Publisher 2010 (KB2409055) Security Update for Microsoft Word 2010 (KB2345000) SILKYPIX Developer Studio 3.1 SE Skype Toolbars Skype™ 5.1 Steam Update for Microsoft Office 2010 (KB2202188) Update for Microsoft Office 2010 (KB2413186) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2523113) Update for Microsoft OneNote 2010 (KB2493983) Update for Microsoft Outlook Social Connector (KB2441641) Windows Mobile Device Center Yahoo! BrowserPlus 2.9.8 Yahoo! Detect . ==== Event Viewer Messages From Past Week ======== . 8/22/2011 6:38:59 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Windows 7 Service Pack 1 (KB976932). 8/22/2011 6:35:35 AM, Error: Service Control Manager [7023] - The srv1A8 service terminated with the following error: The specified module could not be found. 8/22/2011 6:26:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 9 for Windows 7. 8/21/2011 5:10:14 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 8/21/2011 5:08:54 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 8/21/2011 5:08:22 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 8/21/2011 5:01:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} 8/21/2011 3:09:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 8/21/2011 3:09:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 8/21/2011 3:09:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 8/21/2011 3:09:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 8/21/2011 3:09:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 ctxusbm discache spldr Wanarpv6 8/19/2011 8:04:34 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83347487, 0xaab4cf7c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081911-18969-01. 8/19/2011 8:00:34 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x833d2487, 0xab314f7c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081911-18314-01. 8/19/2011 7:56:08 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83206487, 0xab714f7c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081911-19531-01. 8/19/2011 7:51:44 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83352487, 0xaaf50f7c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081911-18704-01. 8/19/2011 7:47:14 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x833e3487, 0xa9d84f7c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081911-19203-01. 8/19/2011 7:42:45 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x833db487, 0xaacf4f7c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081911-18782-01. 8/19/2011 7:38:18 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x833d2487, 0xa8510f7c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081911-19359-02. 8/19/2011 7:33:52 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x831b0487, 0xaa8b8f7c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081911-18033-01. 8/19/2011 7:29:27 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x833d4487, 0xa8ffaf7c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081911-19063-01. 8/19/2011 7:25:04 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x833e3487, 0xab8a8f7c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081911-19016-01. 8/19/2011 7:20:38 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x833d1487, 0xaae74f7c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081911-19328-01. 8/19/2011 7:16:10 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83206487, 0xa65cef7c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081911-20186-01. 8/19/2011 7:11:35 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83206487, 0xa7296f7c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081911-22042-01. 8/19/2011 7:06:55 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83206487, 0x8217af7c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081911-20685-01. 8/19/2011 7:02:42 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service has not been started. 8/19/2011 7:02:31 AM, Error: Service Control Manager [7023] - The Server service terminated with the following error: Not enough storage is available to complete this operation. 8/19/2011 7:02:16 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x833d5487, 0xae4a2f7c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081911-30529-01. 8/18/2011 8:27:37 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x831ab487, 0xaa1bff7c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081811-21902-01. 8/18/2011 8:24:23 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83368487, 0xac12ef7c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081811-25911-01. 8/18/2011 7:29:16 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x833c7487, 0xa8d14f7c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081811-23571-01. 8/18/2011 6:46:05 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x833e3487, 0xa8252f7c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081811-28782-01. 8/18/2011 6:32:07 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83206487, 0x9fb66f7c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081811-29390-01. 8/18/2011 10:24:09 PM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'O2 O2Micro CCID SC Reader 0' rejected IOCTL GET_STATE: The handle is invalid. If this error persists, your smart card or reader may not be functioning correctly. Command Header: XX XX XX XX 8/17/2011 9:36:06 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83206487, 0x8ff8cf7c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081711-26691-01. 8/17/2011 9:31:55 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x833d1487, 0xace96f7c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081711-29359-01. 8/17/2011 8:30:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C} 8/17/2011 8:15:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 (KB2556532). 8/17/2011 8:01:46 PM, Error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s). 8/17/2011 8:00:16 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 8/17/2011 7:58:26 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 8/17/2011 10:32:20 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8334f487, 0xa9b2cf7c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081711-26956-01. 8/16/2011 9:29:36 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control. . ==== End Of File ===========================

Ok - I will post this when I get home, around 6:30PM EST.

. DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.7600.16385 Run by Shane at 21:54:29 on 2011-08-22 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3582.2326 [GMT -4:00] . AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Windows\System32\bgsvcgen.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Microsoft Dynamics NAV\60\Service\Microsoft.Dynamics.Nav.Server.exe c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\V0650Mon.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Citrix\ICA Client\wfcrun32.exe C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [V0650Mon.exe] c:\windows\V0650Mon.exe mRun: [Rocket Live! Central 2] "c:\program files\rocketfish hd webcam\live! central\RFLVCentral2.exe" /mode2 mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\users\shane\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\photof~1.lnk - c:\program files\common files\panasonic\photofunstudio autostart\AutoStartupService.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{09E9C12D-B854-4F27-BBA9-0425849B4188} : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{C1EEF202-5EBC-4682-A820-E45D6359DE9B} : DhcpNameServer = 10.1.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL AppInit_DLLs: c:\windows\system32\avgrsstx.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-24 216400] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-24 29584] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-24 243152] R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-9-24 921952] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-24 308136] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-17 366640] R2 MicrosoftDynamicsNavServer;Microsoft Dynamics NAV Server;c:\program files\microsoft dynamics nav\60\service\Microsoft.Dynamics.Nav.Server.exe [2009-8-14 141184] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-7 378984] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-17 22712] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 srv1A8;srv1A8;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 947528] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2011-1-20 144640] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208] S3 MicrosoftDynamicsNavWS;Microsoft Dynamics NAV Business Web Services;c:\program files\microsoft dynamics nav\60\service\Microsoft.Dynamics.Nav.Server.exe [2009-8-14 141184] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 V0650Vid;Rocketfish HD Webcam Driver;c:\windows\system32\drivers\V0650Vid.sys [2011-1-16 322176] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-25 1343400] . =============== Created Last 30 ================ . 2011-08-22 10:20:06 -------- d-----w- c:\windows\system32\SPReview 2011-08-22 10:18:01 -------- d-----w- c:\windows\system32\EventProviders 2011-08-21 21:10:08 -------- d-sh--w- C:\$RECYCLE.BIN 2011-08-21 21:10:05 -------- d-----w- c:\users\shane\appdata\local\temp 2011-08-19 10:55:21 -------- d-----w- c:\programdata\dH01602LlDmA01602 2011-08-19 02:35:54 -------- d-----w- c:\users\shane\appdata\local\ElevatedDiagnostics 2011-08-18 23:46:12 98816 ----a-w- c:\windows\sed.exe 2011-08-18 23:46:12 518144 ----a-w- c:\windows\SWREG.exe 2011-08-18 23:46:12 256000 ----a-w- c:\windows\PEV.exe 2011-08-18 23:46:12 208896 ----a-w- c:\windows\MBR.exe 2011-08-18 01:25:37 -------- d-----w- c:\programdata\gA01602KhDgC01602 2011-08-18 00:35:52 -------- d-----w- c:\users\shane\appdata\roaming\Malwarebytes 2011-08-18 00:35:47 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-18 00:35:46 -------- d-----w- c:\programdata\Malwarebytes 2011-08-18 00:35:43 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-18 00:35:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-08-17 01:42:58 86016 ----a-w- c:\windows\system32\odbccu32.dll 2011-08-17 01:42:58 81920 ----a-w- c:\windows\system32\odbccr32.dll 2011-08-17 01:42:58 122880 ----a-w- c:\windows\system32\odbccp32.dll 2011-08-09 22:40:53 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll 2011-08-09 22:40:53 319488 ----a-w- c:\windows\system32\odbcjt32.dll 2011-08-09 22:40:53 163840 ----a-w- c:\windows\system32\odbctrac.dll . ==================== Find3M ==================== . 2011-06-30 01:51:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-11 02:37:19 2332672 ----a-w- c:\windows\system32\win32k.sys 2011-06-02 05:59:55 169984 ----a-w- c:\windows\system32\winsrv.dll 2011-06-02 05:58:05 290816 ----a-w- c:\windows\system32\KernelBase.dll 2011-06-02 05:55:31 271872 ----a-w- c:\windows\system32\conhost.exe 2011-06-02 03:45:49 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2011-06-02 03:45:49 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2011-06-02 03:45:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2011-06-02 03:45:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2011-05-28 03:00:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb . ============= FINISH: 21:55:01.20 ===============

MBAM Log Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7534 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 8/22/2011 7:52:08 AM mbam-log-2011-08-22 (07-52-08).txt Scan type: Full scan (C:\|) Objects scanned: 296414 Time elapsed: 1 hour(s), 13 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Ok, Malwarebytes full scan is taking longer than I thought outside of Safe Mode. No more Blue Screen or Google Redirects or blocked IP's, so that is good. My full scan is still running. 2 times during this scan AVG detected trojans: "Trojan horse BackDoor.Generic14.YFX";"c:\Windows\System32\chglutil.dll";"Moved to Virus Vault";"8/22/2011, 6:22:44 AM";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" "Trojan horse BackDoor.Generic14.YGO";"c:\Windows\System32\fingdate.dll";"Moved to Virus Vault";"8/22/2011, 7:24:27 AM";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" I'm thinking I should have AVG off while I do this scan... Anyway, I have to head to work. Can you give me a list of things to do in normal mode? (Not Safe Mode) to ensure I am good to go? I won't be home until 10pm EST.

2011/08/22 06:06:32.0011 2124 TDSS rootkit removing tool 2.5.16.0 Aug 19 2011 17:48:17 2011/08/22 06:06:32.0323 2124 ================================================================================ 2011/08/22 06:06:32.0323 2124 SystemInfo: 2011/08/22 06:06:32.0323 2124 2011/08/22 06:06:32.0323 2124 OS Version: 6.1.7600 ServicePack: 0.0 2011/08/22 06:06:32.0323 2124 Product type: Workstation 2011/08/22 06:06:32.0323 2124 ComputerName: SHANES-LAPTOP 2011/08/22 06:06:32.0323 2124 UserName: Shane 2011/08/22 06:06:32.0323 2124 Windows directory: C:\Windows 2011/08/22 06:06:32.0323 2124 System windows directory: C:\Windows 2011/08/22 06:06:32.0323 2124 Processor architecture: Intel x86 2011/08/22 06:06:32.0323 2124 Number of processors: 2 2011/08/22 06:06:32.0323 2124 Page size: 0x1000 2011/08/22 06:06:32.0323 2124 Boot type: Safe boot with network 2011/08/22 06:06:32.0323 2124 ================================================================================ 2011/08/22 06:06:33.0415 2124 Initialize success 2011/08/22 06:06:37.0284 2332 ================================================================================ 2011/08/22 06:06:37.0299 2332 Scan started 2011/08/22 06:06:37.0299 2332 Mode: Manual; 2011/08/22 06:06:37.0299 2332 ================================================================================ 2011/08/22 06:06:38.0095 2332 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/08/22 06:06:38.0173 2332 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 2011/08/22 06:06:38.0235 2332 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 2011/08/22 06:06:38.0313 2332 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/08/22 06:06:38.0438 2332 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 2011/08/22 06:06:38.0501 2332 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 2011/08/22 06:06:38.0610 2332 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys 2011/08/22 06:06:38.0641 2332 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 2011/08/22 06:06:38.0781 2332 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 2011/08/22 06:06:38.0859 2332 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 2011/08/22 06:06:38.0906 2332 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 2011/08/22 06:06:38.0953 2332 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 2011/08/22 06:06:39.0015 2332 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 2011/08/22 06:06:39.0093 2332 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 2011/08/22 06:06:39.0171 2332 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys 2011/08/22 06:06:39.0218 2332 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/08/22 06:06:39.0296 2332 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys 2011/08/22 06:06:39.0437 2332 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 2011/08/22 06:06:39.0577 2332 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 2011/08/22 06:06:39.0608 2332 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 2011/08/22 06:06:39.0749 2332 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/08/22 06:06:39.0764 2332 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 2011/08/22 06:06:39.0889 2332 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\system32\Drivers\avgldx86.sys 2011/08/22 06:06:40.0045 2332 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\system32\Drivers\avgmfx86.sys 2011/08/22 06:06:40.0092 2332 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\Windows\system32\Drivers\avgtdix.sys 2011/08/22 06:06:40.0201 2332 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 2011/08/22 06:06:40.0341 2332 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/08/22 06:06:40.0404 2332 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2011/08/22 06:06:40.0529 2332 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/08/22 06:06:40.0607 2332 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys 2011/08/22 06:06:40.0700 2332 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/08/22 06:06:40.0747 2332 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/08/22 06:06:40.0778 2332 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2011/08/22 06:06:40.0825 2332 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/08/22 06:06:40.0856 2332 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/08/22 06:06:40.0872 2332 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/08/22 06:06:40.0903 2332 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/08/22 06:06:41.0199 2332 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2011/08/22 06:06:41.0309 2332 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys 2011/08/22 06:06:41.0371 2332 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 2011/08/22 06:06:41.0418 2332 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2011/08/22 06:06:41.0527 2332 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/08/22 06:06:41.0574 2332 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 2011/08/22 06:06:41.0605 2332 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2011/08/22 06:06:41.0667 2332 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 2011/08/22 06:06:41.0745 2332 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/08/22 06:06:41.0823 2332 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/08/22 06:06:41.0979 2332 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys 2011/08/22 06:06:42.0245 2332 CtClsFlt (d7d3bb3a3df1193ec0fdbb24d4540fb5) C:\Windows\system32\DRIVERS\CtClsFlt.sys 2011/08/22 06:06:42.0385 2332 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys 2011/08/22 06:06:42.0479 2332 dc3d (91c1736e77cff029302728b431d0eedb) C:\Windows\system32\DRIVERS\dc3d.sys 2011/08/22 06:06:42.0588 2332 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys 2011/08/22 06:06:42.0681 2332 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2011/08/22 06:06:42.0837 2332 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 2011/08/22 06:06:42.0931 2332 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2011/08/22 06:06:43.0025 2332 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys 2011/08/22 06:06:43.0259 2332 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 2011/08/22 06:06:43.0477 2332 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 2011/08/22 06:06:43.0539 2332 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 2011/08/22 06:06:43.0617 2332 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2011/08/22 06:06:43.0742 2332 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2011/08/22 06:06:43.0805 2332 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 2011/08/22 06:06:43.0851 2332 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2011/08/22 06:06:43.0883 2332 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2011/08/22 06:06:43.0914 2332 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/08/22 06:06:44.0054 2332 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2011/08/22 06:06:44.0101 2332 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2011/08/22 06:06:44.0163 2332 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2011/08/22 06:06:44.0210 2332 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys 2011/08/22 06:06:44.0273 2332 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/08/22 06:06:44.0397 2332 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/08/22 06:06:44.0444 2332 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2011/08/22 06:06:44.0538 2332 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 2011/08/22 06:06:44.0569 2332 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/08/22 06:06:44.0600 2332 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/08/22 06:06:44.0694 2332 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 2011/08/22 06:06:44.0756 2332 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 2011/08/22 06:06:44.0834 2332 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 2011/08/22 06:06:44.0928 2332 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 2011/08/22 06:06:45.0053 2332 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 2011/08/22 06:06:45.0099 2332 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 2011/08/22 06:06:45.0240 2332 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/08/22 06:06:45.0333 2332 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys 2011/08/22 06:06:45.0427 2332 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 2011/08/22 06:06:45.0474 2332 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 2011/08/22 06:06:45.0630 2332 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2011/08/22 06:06:45.0661 2332 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/08/22 06:06:45.0692 2332 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2011/08/22 06:06:45.0723 2332 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2011/08/22 06:06:45.0801 2332 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2011/08/22 06:06:45.0848 2332 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 2011/08/22 06:06:45.0957 2332 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/08/22 06:06:46.0020 2332 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/08/22 06:06:46.0082 2332 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/08/22 06:06:46.0129 2332 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys 2011/08/22 06:06:46.0176 2332 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys 2011/08/22 06:06:46.0347 2332 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/08/22 06:06:46.0457 2332 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/08/22 06:06:46.0488 2332 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/08/22 06:06:46.0519 2332 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/08/22 06:06:46.0550 2332 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/08/22 06:06:46.0628 2332 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2011/08/22 06:06:46.0784 2332 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys 2011/08/22 06:06:46.0878 2332 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys 2011/08/22 06:06:46.0925 2332 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 2011/08/22 06:06:47.0003 2332 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/08/22 06:06:47.0159 2332 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2011/08/22 06:06:47.0252 2332 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2011/08/22 06:06:47.0283 2332 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 2011/08/22 06:06:47.0315 2332 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2011/08/22 06:06:47.0377 2332 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 2011/08/22 06:06:47.0408 2332 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 2011/08/22 06:06:47.0502 2332 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2011/08/22 06:06:47.0533 2332 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 2011/08/22 06:06:47.0595 2332 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/08/22 06:06:47.0673 2332 mrxsmb10 (c108952d3660375dcb716b222912e868) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/08/22 06:06:47.0736 2332 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/08/22 06:06:47.0783 2332 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys 2011/08/22 06:06:47.0876 2332 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 2011/08/22 06:06:47.0954 2332 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2011/08/22 06:06:47.0985 2332 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2011/08/22 06:06:48.0048 2332 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 2011/08/22 06:06:48.0141 2332 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2011/08/22 06:06:48.0219 2332 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/08/22 06:06:48.0251 2332 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2011/08/22 06:06:48.0282 2332 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2011/08/22 06:06:48.0329 2332 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/08/22 06:06:48.0438 2332 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2011/08/22 06:06:48.0516 2332 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/08/22 06:06:48.0563 2332 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2011/08/22 06:06:48.0641 2332 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2011/08/22 06:06:48.0719 2332 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys 2011/08/22 06:06:48.0859 2332 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/08/22 06:06:48.0875 2332 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/08/22 06:06:48.0953 2332 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/08/22 06:06:48.0984 2332 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/08/22 06:06:49.0015 2332 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 2011/08/22 06:06:49.0202 2332 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2011/08/22 06:06:49.0233 2332 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 2011/08/22 06:06:49.0436 2332 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys 2011/08/22 06:06:49.0592 2332 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/08/22 06:06:49.0670 2332 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2011/08/22 06:06:49.0701 2332 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2011/08/22 06:06:49.0795 2332 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys 2011/08/22 06:06:49.0920 2332 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2011/08/22 06:06:50.0232 2332 nvlddmkm (73a70f1d89c942eedd99a3f10459b051) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/08/22 06:06:50.0513 2332 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys 2011/08/22 06:06:50.0544 2332 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys 2011/08/22 06:06:50.0622 2332 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 2011/08/22 06:06:50.0653 2332 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/08/22 06:06:50.0809 2332 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 2011/08/22 06:06:50.0840 2332 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 2011/08/22 06:06:50.0871 2332 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 2011/08/22 06:06:50.0918 2332 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 2011/08/22 06:06:50.0949 2332 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 2011/08/22 06:06:50.0996 2332 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/08/22 06:06:51.0105 2332 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2011/08/22 06:06:51.0152 2332 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2011/08/22 06:06:51.0417 2332 Point32 (60a044879c4fa76314494f5fddc43b93) C:\Windows\system32\DRIVERS\point32.sys 2011/08/22 06:06:51.0495 2332 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2011/08/22 06:06:51.0527 2332 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 2011/08/22 06:06:51.0589 2332 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2011/08/22 06:06:51.0761 2332 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 2011/08/22 06:06:51.0807 2332 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/08/22 06:06:51.0917 2332 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2011/08/22 06:06:51.0979 2332 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2011/08/22 06:06:52.0026 2332 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/08/22 06:06:52.0073 2332 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/08/22 06:06:52.0135 2332 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/08/22 06:06:52.0291 2332 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2011/08/22 06:06:52.0556 2332 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 2011/08/22 06:06:52.0619 2332 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/08/22 06:06:52.0650 2332 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/08/22 06:06:52.0712 2332 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys 2011/08/22 06:06:52.0853 2332 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2011/08/22 06:06:52.0884 2332 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2011/08/22 06:06:52.0931 2332 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys 2011/08/22 06:06:53.0009 2332 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 2011/08/22 06:06:53.0071 2332 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys 2011/08/22 06:06:53.0118 2332 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys 2011/08/22 06:06:53.0149 2332 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys 2011/08/22 06:06:53.0305 2332 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2011/08/22 06:06:53.0336 2332 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys 2011/08/22 06:06:53.0430 2332 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 2011/08/22 06:06:53.0461 2332 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 2011/08/22 06:06:53.0586 2332 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys 2011/08/22 06:06:53.0711 2332 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/08/22 06:06:53.0804 2332 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2011/08/22 06:06:53.0835 2332 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 2011/08/22 06:06:53.0882 2332 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 2011/08/22 06:06:53.0960 2332 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/08/22 06:06:54.0007 2332 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2011/08/22 06:06:54.0069 2332 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/08/22 06:06:54.0116 2332 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/08/22 06:06:54.0163 2332 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 2011/08/22 06:06:54.0241 2332 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/08/22 06:06:54.0272 2332 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/08/22 06:06:54.0319 2332 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2011/08/22 06:06:54.0444 2332 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2011/08/22 06:06:54.0600 2332 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys 2011/08/22 06:06:54.0709 2332 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys 2011/08/22 06:06:54.0818 2332 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 2011/08/22 06:06:54.0865 2332 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 2011/08/22 06:06:54.0943 2332 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 2011/08/22 06:06:55.0052 2332 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys 2011/08/22 06:06:55.0177 2332 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 2011/08/22 06:06:55.0255 2332 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys 2011/08/22 06:06:55.0333 2332 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys 2011/08/22 06:06:55.0364 2332 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 2011/08/22 06:06:55.0458 2332 SynTP (451e8037e2eb6da6bdf0a66f65d1810b) C:\Windows\system32\DRIVERS\SynTP.sys 2011/08/22 06:06:55.0614 2332 Tcpip (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\drivers\tcpip.sys 2011/08/22 06:06:55.0739 2332 TCPIP6 (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\DRIVERS\tcpip.sys 2011/08/22 06:06:55.0801 2332 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 2011/08/22 06:06:55.0863 2332 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 2011/08/22 06:06:55.0879 2332 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 2011/08/22 06:06:55.0926 2332 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 2011/08/22 06:06:55.0941 2332 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 2011/08/22 06:06:56.0066 2332 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/08/22 06:06:56.0175 2332 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 2011/08/22 06:06:56.0207 2332 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 2011/08/22 06:06:56.0285 2332 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys 2011/08/22 06:06:56.0378 2332 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 2011/08/22 06:06:56.0409 2332 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys 2011/08/22 06:06:56.0441 2332 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 2011/08/22 06:06:56.0581 2332 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys 2011/08/22 06:06:56.0721 2332 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys 2011/08/22 06:06:56.0784 2332 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/08/22 06:06:56.0831 2332 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 2011/08/22 06:06:56.0909 2332 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys 2011/08/22 06:06:56.0940 2332 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys 2011/08/22 06:06:57.0002 2332 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys 2011/08/22 06:06:57.0033 2332 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 2011/08/22 06:06:57.0080 2332 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/08/22 06:06:57.0158 2332 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/08/22 06:06:57.0299 2332 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys 2011/08/22 06:06:57.0423 2332 V0650Vid (d52dfef8e9c947369e46c24b4fa70e9a) C:\Windows\system32\DRIVERS\V0650Vid.sys 2011/08/22 06:06:57.0486 2332 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 2011/08/22 06:06:57.0548 2332 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/08/22 06:06:57.0673 2332 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2011/08/22 06:06:57.0704 2332 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 2011/08/22 06:06:57.0751 2332 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 2011/08/22 06:06:57.0798 2332 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 2011/08/22 06:06:57.0813 2332 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 2011/08/22 06:06:57.0860 2332 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys 2011/08/22 06:06:57.0938 2332 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys 2011/08/22 06:06:57.0954 2332 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 2011/08/22 06:06:58.0032 2332 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2011/08/22 06:06:58.0079 2332 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys 2011/08/22 06:06:58.0157 2332 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/08/22 06:06:58.0188 2332 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 2011/08/22 06:06:58.0297 2332 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 2011/08/22 06:06:58.0391 2332 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/08/22 06:06:58.0422 2332 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/08/22 06:06:58.0531 2332 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 2011/08/22 06:06:58.0562 2332 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/08/22 06:06:58.0734 2332 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/08/22 06:06:58.0796 2332 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2011/08/22 06:06:58.0937 2332 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys 2011/08/22 06:06:58.0952 2332 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/08/22 06:06:59.0046 2332 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/08/22 06:06:59.0139 2332 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 2011/08/22 06:06:59.0217 2332 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/08/22 06:06:59.0327 2332 xusb21 (c26c68bcbac1f33f890c226769759209) C:\Windows\system32\DRIVERS\xusb21.sys 2011/08/22 06:06:59.0420 2332 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 2011/08/22 06:06:59.0436 2332 Boot (0x1200) (43407d2717bd19ae07d1d16086f48444) \Device\Harddisk0\DR0\Partition0 2011/08/22 06:06:59.0451 2332 ================================================================================ 2011/08/22 06:06:59.0451 2332 Scan finished 2011/08/22 06:06:59.0451 2332 ================================================================================ 2011/08/22 06:06:59.0498 1896 Detected object count: 0 2011/08/22 06:06:59.0498 1896 Actual detected object count: 0 ****Looks good. Let me reboot not in safe mode and see what happens.

ComboFix 11-08-21.01 - Shane 08/21/2011 17:02:11.3.2 - x86 NETWORK Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3582.3007 [GMT -4:00] Running from: c:\users\Shane\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Public\Desktop\Security Protection.lnk . . ((((((((((((((((((((((((( Files Created from 2011-07-21 to 2011-08-21 ))))))))))))))))))))))))))))))) . . 2011-08-21 21:08 . 2011-08-21 21:08 -------- d-----w- c:\users\Shane\AppData\Local\temp 2011-08-21 21:08 . 2011-08-21 21:08 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-19 10:55 . 2011-08-19 14:01 -------- d-----w- c:\programdata\dH01602LlDmA01602 2011-08-19 02:35 . 2011-08-19 02:35 -------- d-----w- c:\users\Shane\AppData\Local\ElevatedDiagnostics 2011-08-18 01:26 . 2011-08-18 01:26 50176 ---ha-w- c:\windows\system32\fingdate.dll 2011-08-18 01:25 . 2011-08-18 02:18 -------- d-----w- c:\programdata\gA01602KhDgC01602 2011-08-18 00:35 . 2011-08-18 00:35 -------- d-----w- c:\users\Shane\AppData\Roaming\Malwarebytes 2011-08-18 00:35 . 2011-07-08 11:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-18 00:35 . 2011-08-18 00:35 -------- d-----w- c:\programdata\Malwarebytes 2011-08-18 00:35 . 2011-08-18 00:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-08-18 00:35 . 2011-07-08 11:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-17 01:42 . 2011-06-15 09:04 86016 ----a-w- c:\windows\system32\odbccu32.dll 2011-08-17 01:42 . 2011-06-15 09:04 81920 ----a-w- c:\windows\system32\odbccr32.dll 2011-08-17 01:42 . 2011-06-15 09:04 122880 ----a-w- c:\windows\system32\odbccp32.dll 2011-08-17 01:21 . 2011-08-17 23:54 53248 ---ha-w- c:\windows\system32\chglutil.dll 2011-08-17 01:09 . 2011-08-17 01:09 -------- d-----w- c:\windows\Sun 2011-08-09 22:40 . 2011-06-15 09:04 319488 ----a-w- c:\windows\system32\odbcjt32.dll 2011-08-09 22:40 . 2011-06-15 09:04 163840 ----a-w- c:\windows\system32\odbctrac.dll 2011-08-09 22:40 . 2011-06-15 09:04 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-30 01:51 . 2011-06-24 04:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-11 02:37 . 2011-07-13 01:54 2332672 ----a-w- c:\windows\system32\win32k.sys 2011-06-02 05:59 . 2011-07-13 01:54 169984 ----a-w- c:\windows\system32\winsrv.dll 2011-06-02 05:58 . 2011-07-13 01:54 290816 ----a-w- c:\windows\system32\KernelBase.dll 2011-06-02 05:55 . 2011-07-13 01:54 271872 ----a-w- c:\windows\system32\conhost.exe 2011-06-02 05:45 . 2011-07-13 01:54 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2011-06-02 05:45 . 2011-07-13 01:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2011-06-02 05:45 . 2011-07-13 01:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2011-06-02 05:45 . 2011-07-13 01:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2011-06-02 05:45 . 2011-07-13 01:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2011-06-02 05:45 . 2011-07-13 01:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2011-06-02 05:45 . 2011-07-13 01:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2011-06-02 05:45 . 2011-07-13 01:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2011-06-02 05:45 . 2011-07-13 01:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2011-06-02 05:45 . 2011-07-13 01:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2011-06-02 05:45 . 2011-07-13 01:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2011-06-02 05:45 . 2011-07-13 01:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2011-06-02 05:45 . 2011-07-13 01:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2011-06-02 05:45 . 2011-07-13 01:54 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2011-06-02 05:45 . 2011-07-13 01:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2011-06-02 05:45 . 2011-07-13 01:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2011-06-02 05:45 . 2011-07-13 01:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2011-06-02 05:45 . 2011-07-13 01:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2011-06-02 05:45 . 2011-07-13 01:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2011-06-02 05:45 . 2011-07-13 01:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2011-06-02 05:45 . 2011-07-13 01:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2011-06-02 05:45 . 2011-07-13 01:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2011-06-02 05:45 . 2011-07-13 01:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2011-06-02 05:45 . 2011-07-13 01:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2011-06-02 03:45 . 2011-07-13 01:54 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2011-06-02 03:45 . 2011-07-13 01:54 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2011-06-02 03:45 . 2011-07-13 01:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2011-06-02 03:45 . 2011-07-13 01:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2011-05-28 03:00 . 2011-06-16 23:33 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-05-24 10:35 . 2011-06-28 22:07 294912 ----a-w- c:\windows\system32\umpnpmgr.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2011-03-18 12:11 2471240 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-03-14 2071904] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160] "V0650Mon.exe"="c:\windows\V0650Mon.exe" [2010-02-23 28672] "Rocket Live! Central 2"="c:\program files\Rocketfish HD Webcam\Live! Central\RFLVCentral2.exe" [2010-02-24 430247] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-01-08 288872] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-08 1047656] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-08 449584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] . c:\users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-3-10 576000] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ PHOTOfunSTUDIO 5.0 HD Edition.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2010-12-25 172544] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srv1A8] @="service" . R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-09-25 216400] R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-09-25 921952] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-09-25 308136] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-08 366640] R2 MicrosoftDynamicsNavServer;Microsoft Dynamics NAV Server;c:\program files\Microsoft Dynamics NAV\60\Service\Microsoft.Dynamics.Nav.Server.exe [2009-08-14 141184] R2 srv1A8;srv1A8;c:\windows\system32\svchost.exe [2009-07-14 20992] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2011-03-18 947528] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-03-26 144640] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 44432] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-08 22712] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R3 MicrosoftDynamicsNavWS;Microsoft Dynamics NAV Business Web Services;c:\program files\Microsoft Dynamics NAV\60\Service\Microsoft.Dynamics.Nav.Server.exe [2009-08-14 141184] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] R3 V0650Vid;Rocketfish HD Webcam Driver;c:\windows\system32\DRIVERS\V0650Vid.sys [2010-03-31 322176] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-25 1343400] S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2011-05-06 243152] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs srv1A8 . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv1A8] "servicedll"="\\?\globalroot\Device\HarddiskVolume2\Windows\Temp\srv1A8.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-08-21 17:10:03 ComboFix-quarantined-files.txt 2011-08-21 21:10 ComboFix2.txt 2011-08-19 00:16 ComboFix3.txt 2011-08-18 23:53 . Pre-Run: 134,453,186,560 bytes free Post-Run: 134,462,140,416 bytes free . - - End Of File - - CB543F8FD12F0D2245EF86DE7A2D5624 **apparently it put it back on my desktop while I wasn't looking! LOL.

Please stop posting on peoples logs - the modirators look at the last post and post count when they offer assistance. Wait patiently and they will deal with your post.

Ok, ran it - her is the log: 2011/08/21 15:07:19.0561 0512 TDSS rootkit removing tool 2.5.16.0 Aug 19 2011 17:48:17 2011/08/21 15:07:19.0951 0512 ================================================================================ 2011/08/21 15:07:19.0951 0512 SystemInfo: 2011/08/21 15:07:19.0951 0512 2011/08/21 15:07:19.0951 0512 OS Version: 6.1.7600 ServicePack: 0.0 2011/08/21 15:07:19.0951 0512 Product type: Workstation 2011/08/21 15:07:19.0951 0512 ComputerName: SHANES-LAPTOP 2011/08/21 15:07:19.0951 0512 UserName: Shane 2011/08/21 15:07:19.0951 0512 Windows directory: C:\Windows 2011/08/21 15:07:19.0951 0512 System windows directory: C:\Windows 2011/08/21 15:07:19.0951 0512 Processor architecture: Intel x86 2011/08/21 15:07:19.0951 0512 Number of processors: 2 2011/08/21 15:07:19.0951 0512 Page size: 0x1000 2011/08/21 15:07:19.0951 0512 Boot type: Safe boot with network 2011/08/21 15:07:19.0951 0512 ================================================================================ 2011/08/21 15:07:21.0105 0512 Initialize success 2011/08/21 15:07:32.0571 1884 ================================================================================ 2011/08/21 15:07:32.0571 1884 Scan started 2011/08/21 15:07:32.0571 1884 Mode: Manual; 2011/08/21 15:07:32.0571 1884 ================================================================================ 2011/08/21 15:07:33.0507 1884 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/08/21 15:07:33.0585 1884 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 2011/08/21 15:07:33.0632 1884 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 2011/08/21 15:07:33.0850 1884 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/08/21 15:07:33.0975 1884 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 2011/08/21 15:07:34.0053 1884 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 2011/08/21 15:07:34.0162 1884 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys 2011/08/21 15:07:34.0209 1884 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 2011/08/21 15:07:34.0365 1884 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 2011/08/21 15:07:34.0412 1884 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 2011/08/21 15:07:34.0474 1884 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 2011/08/21 15:07:34.0521 1884 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 2011/08/21 15:07:34.0584 1884 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 2011/08/21 15:07:34.0693 1884 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 2011/08/21 15:07:34.0771 1884 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys 2011/08/21 15:07:34.0786 1884 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/08/21 15:07:34.0864 1884 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys 2011/08/21 15:07:34.0927 1884 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 2011/08/21 15:07:35.0130 1884 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 2011/08/21 15:07:35.0161 1884 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 2011/08/21 15:07:35.0239 1884 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/08/21 15:07:35.0270 1884 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 2011/08/21 15:07:35.0457 1884 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\system32\Drivers\avgldx86.sys 2011/08/21 15:07:35.0535 1884 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\system32\Drivers\avgmfx86.sys 2011/08/21 15:07:35.0598 1884 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\Windows\system32\Drivers\avgtdix.sys 2011/08/21 15:07:35.0691 1884 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 2011/08/21 15:07:35.0847 1884 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/08/21 15:07:35.0910 1884 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2011/08/21 15:07:35.0988 1884 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/08/21 15:07:36.0081 1884 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys 2011/08/21 15:07:36.0190 1884 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/08/21 15:07:36.0222 1884 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/08/21 15:07:36.0268 1884 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2011/08/21 15:07:36.0300 1884 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/08/21 15:07:36.0331 1884 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/08/21 15:07:36.0346 1884 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/08/21 15:07:36.0393 1884 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/08/21 15:07:36.0690 1884 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2011/08/21 15:07:36.0768 1884 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys 2011/08/21 15:07:36.0861 1884 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 2011/08/21 15:07:36.0908 1884 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2011/08/21 15:07:37.0048 1884 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/08/21 15:07:37.0080 1884 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 2011/08/21 15:07:37.0095 1884 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2011/08/21 15:07:37.0189 1884 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 2011/08/21 15:07:37.0236 1884 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/08/21 15:07:37.0298 1884 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/08/21 15:07:37.0454 1884 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys 2011/08/21 15:07:37.0610 1884 CtClsFlt (d7d3bb3a3df1193ec0fdbb24d4540fb5) C:\Windows\system32\DRIVERS\CtClsFlt.sys 2011/08/21 15:07:37.0719 1884 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys 2011/08/21 15:07:37.0844 1884 dc3d (91c1736e77cff029302728b431d0eedb) C:\Windows\system32\DRIVERS\dc3d.sys 2011/08/21 15:07:38.0016 1884 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys 2011/08/21 15:07:38.0062 1884 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2011/08/21 15:07:38.0187 1884 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 2011/08/21 15:07:38.0281 1884 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2011/08/21 15:07:38.0359 1884 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys 2011/08/21 15:07:38.0499 1884 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 2011/08/21 15:07:38.0733 1884 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 2011/08/21 15:07:38.0764 1884 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 2011/08/21 15:07:38.0827 1884 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2011/08/21 15:07:39.0030 1884 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2011/08/21 15:07:39.0186 1884 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 2011/08/21 15:07:39.0217 1884 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2011/08/21 15:07:39.0264 1884 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2011/08/21 15:07:39.0279 1884 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/08/21 15:07:39.0326 1884 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2011/08/21 15:07:39.0373 1884 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2011/08/21 15:07:39.0404 1884 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2011/08/21 15:07:39.0451 1884 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys 2011/08/21 15:07:39.0607 1884 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/08/21 15:07:39.0669 1884 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/08/21 15:07:39.0716 1884 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2011/08/21 15:07:39.0794 1884 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 2011/08/21 15:07:39.0950 1884 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/08/21 15:07:39.0966 1884 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/08/21 15:07:40.0012 1884 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 2011/08/21 15:07:40.0059 1884 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 2011/08/21 15:07:40.0137 1884 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 2011/08/21 15:07:40.0231 1884 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 2011/08/21 15:07:40.0387 1884 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 2011/08/21 15:07:40.0434 1884 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 2011/08/21 15:07:40.0590 1884 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/08/21 15:07:40.0699 1884 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys 2011/08/21 15:07:40.0777 1884 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 2011/08/21 15:07:40.0824 1884 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 2011/08/21 15:07:40.0917 1884 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2011/08/21 15:07:41.0011 1884 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/08/21 15:07:41.0026 1884 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2011/08/21 15:07:41.0073 1884 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2011/08/21 15:07:41.0136 1884 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2011/08/21 15:07:41.0182 1884 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 2011/08/21 15:07:41.0214 1884 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/08/21 15:07:41.0307 1884 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/08/21 15:07:41.0401 1884 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/08/21 15:07:41.0432 1884 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys 2011/08/21 15:07:41.0494 1884 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys 2011/08/21 15:07:41.0588 1884 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/08/21 15:07:41.0682 1884 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/08/21 15:07:41.0713 1884 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/08/21 15:07:41.0760 1884 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/08/21 15:07:41.0838 1884 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/08/21 15:07:41.0931 1884 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2011/08/21 15:07:42.0009 1884 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys 2011/08/21 15:07:42.0181 1884 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys 2011/08/21 15:07:42.0259 1884 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys 2011/08/21 15:07:42.0306 1884 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 2011/08/21 15:07:42.0384 1884 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/08/21 15:07:42.0555 1884 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2011/08/21 15:07:42.0633 1884 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2011/08/21 15:07:42.0696 1884 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 2011/08/21 15:07:42.0758 1884 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2011/08/21 15:07:42.0789 1884 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 2011/08/21 15:07:42.0898 1884 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 2011/08/21 15:07:42.0930 1884 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2011/08/21 15:07:42.0976 1884 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 2011/08/21 15:07:43.0070 1884 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/08/21 15:07:43.0132 1884 mrxsmb10 (c108952d3660375dcb716b222912e868) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/08/21 15:07:43.0257 1884 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/08/21 15:07:43.0288 1884 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys 2011/08/21 15:07:43.0320 1884 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 2011/08/21 15:07:43.0413 1884 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2011/08/21 15:07:43.0476 1884 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2011/08/21 15:07:43.0522 1884 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 2011/08/21 15:07:43.0710 1884 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2011/08/21 15:07:43.0741 1884 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/08/21 15:07:43.0772 1884 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2011/08/21 15:07:43.0819 1884 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2011/08/21 15:07:43.0850 1884 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/08/21 15:07:44.0053 1884 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2011/08/21 15:07:44.0068 1884 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/08/21 15:07:44.0084 1884 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2011/08/21 15:07:44.0193 1884 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2011/08/21 15:07:44.0271 1884 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys 2011/08/21 15:07:44.0412 1884 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/08/21 15:07:44.0474 1884 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/08/21 15:07:44.0552 1884 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/08/21 15:07:44.0583 1884 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/08/21 15:07:44.0614 1884 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 2011/08/21 15:07:44.0755 1884 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2011/08/21 15:07:44.0802 1884 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 2011/08/21 15:07:45.0020 1884 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys 2011/08/21 15:07:45.0207 1884 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/08/21 15:07:45.0285 1884 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2011/08/21 15:07:45.0316 1884 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2011/08/21 15:07:45.0410 1884 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys 2011/08/21 15:07:45.0519 1884 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2011/08/21 15:07:45.0847 1884 nvlddmkm (73a70f1d89c942eedd99a3f10459b051) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/08/21 15:07:46.0159 1884 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys 2011/08/21 15:07:46.0206 1884 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys 2011/08/21 15:07:46.0299 1884 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 2011/08/21 15:07:46.0393 1884 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/08/21 15:07:46.0518 1884 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 2011/08/21 15:07:46.0564 1884 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 2011/08/21 15:07:46.0580 1884 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 2011/08/21 15:07:46.0674 1884 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 2011/08/21 15:07:46.0783 1884 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 2011/08/21 15:07:46.0814 1884 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/08/21 15:07:46.0830 1884 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2011/08/21 15:07:46.0876 1884 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2011/08/21 15:07:47.0142 1884 Point32 (60a044879c4fa76314494f5fddc43b93) C:\Windows\system32\DRIVERS\point32.sys 2011/08/21 15:07:47.0266 1884 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2011/08/21 15:07:47.0298 1884 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 2011/08/21 15:07:47.0376 1884 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2011/08/21 15:07:47.0438 1884 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 2011/08/21 15:07:47.0532 1884 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/08/21 15:07:47.0563 1884 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2011/08/21 15:07:47.0641 1884 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2011/08/21 15:07:47.0703 1884 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/08/21 15:07:47.0750 1884 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/08/21 15:07:47.0828 1884 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/08/21 15:07:47.0844 1884 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2011/08/21 15:07:47.0890 1884 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 2011/08/21 15:07:48.0000 1884 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/08/21 15:07:48.0031 1884 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/08/21 15:07:48.0093 1884 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys 2011/08/21 15:07:48.0140 1884 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2011/08/21 15:07:48.0187 1884 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2011/08/21 15:07:48.0234 1884 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys 2011/08/21 15:07:48.0296 1884 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 2011/08/21 15:07:48.0421 1884 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys 2011/08/21 15:07:48.0452 1884 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys 2011/08/21 15:07:48.0468 1884 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys 2011/08/21 15:07:48.0561 1884 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2011/08/21 15:07:48.0592 1884 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys 2011/08/21 15:07:48.0686 1884 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 2011/08/21 15:07:48.0717 1884 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 2011/08/21 15:07:48.0904 1884 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys 2011/08/21 15:07:48.0998 1884 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/08/21 15:07:49.0060 1884 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2011/08/21 15:07:49.0107 1884 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 2011/08/21 15:07:49.0138 1884 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 2011/08/21 15:07:49.0201 1884 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/08/21 15:07:49.0294 1884 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2011/08/21 15:07:49.0326 1884 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/08/21 15:07:49.0341 1884 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/08/21 15:07:49.0419 1884 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 2011/08/21 15:07:49.0482 1884 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/08/21 15:07:49.0513 1884 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/08/21 15:07:49.0653 1884 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2011/08/21 15:07:49.0762 1884 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2011/08/21 15:07:49.0903 1884 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys 2011/08/21 15:07:50.0012 1884 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys 2011/08/21 15:07:50.0152 1884 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 2011/08/21 15:07:50.0199 1884 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 2011/08/21 15:07:50.0262 1884 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 2011/08/21 15:07:50.0402 1884 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys 2011/08/21 15:07:50.0527 1884 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 2011/08/21 15:07:50.0620 1884 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys 2011/08/21 15:07:50.0745 1884 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys 2011/08/21 15:07:50.0761 1884 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 2011/08/21 15:07:50.0823 1884 SynTP (451e8037e2eb6da6bdf0a66f65d1810b) C:\Windows\system32\DRIVERS\SynTP.sys 2011/08/21 15:07:50.0979 1884 Tcpip (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\drivers\tcpip.sys 2011/08/21 15:07:51.0120 1884 TCPIP6 (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\DRIVERS\tcpip.sys 2011/08/21 15:07:51.0166 1884 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 2011/08/21 15:07:51.0229 1884 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 2011/08/21 15:07:51.0244 1884 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 2011/08/21 15:07:51.0276 1884 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 2011/08/21 15:07:51.0322 1884 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 2011/08/21 15:07:51.0400 1884 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/08/21 15:07:51.0494 1884 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 2011/08/21 15:07:51.0588 1884 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 2011/08/21 15:07:51.0619 1884 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys 2011/08/21 15:07:51.0681 1884 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 2011/08/21 15:07:51.0759 1884 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys 2011/08/21 15:07:51.0837 1884 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 2011/08/21 15:07:52.0024 1884 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys 2011/08/21 15:07:52.0134 1884 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys 2011/08/21 15:07:52.0196 1884 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/08/21 15:07:52.0290 1884 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 2011/08/21 15:07:52.0383 1884 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys 2011/08/21 15:07:52.0461 1884 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys 2011/08/21 15:07:52.0508 1884 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys 2011/08/21 15:07:52.0539 1884 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 2011/08/21 15:07:52.0602 1884 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/08/21 15:07:52.0664 1884 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/08/21 15:07:52.0820 1884 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys 2011/08/21 15:07:52.0914 1884 utddalc (e6d35f3aa51a65eb35c1f2340154a25e) C:\Windows\system32\drivers\tkvpnqr.sys 2011/08/21 15:07:53.0007 1884 V0650Vid (d52dfef8e9c947369e46c24b4fa70e9a) C:\Windows\system32\DRIVERS\V0650Vid.sys 2011/08/21 15:07:53.0070 1884 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 2011/08/21 15:07:53.0194 1884 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/08/21 15:07:53.0241 1884 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2011/08/21 15:07:53.0272 1884 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 2011/08/21 15:07:53.0335 1884 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 2011/08/21 15:07:53.0444 1884 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 2011/08/21 15:07:53.0506 1884 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 2011/08/21 15:07:53.0569 1884 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys 2011/08/21 15:07:53.0600 1884 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys 2011/08/21 15:07:53.0631 1884 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 2011/08/21 15:07:53.0662 1884 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2011/08/21 15:07:53.0725 1884 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys 2011/08/21 15:07:53.0818 1884 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/08/21 15:07:53.0850 1884 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 2011/08/21 15:07:53.0912 1884 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 2011/08/21 15:07:53.0990 1884 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/08/21 15:07:54.0006 1884 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/08/21 15:07:54.0146 1884 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 2011/08/21 15:07:54.0193 1884 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/08/21 15:07:54.0427 1884 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/08/21 15:07:54.0458 1884 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2011/08/21 15:07:54.0598 1884 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys 2011/08/21 15:07:54.0630 1884 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/08/21 15:07:54.0708 1884 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/08/21 15:07:54.0864 1884 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 2011/08/21 15:07:54.0895 1884 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/08/21 15:07:54.0988 1884 xusb21 (c26c68bcbac1f33f890c226769759209) C:\Windows\system32\DRIVERS\xusb21.sys 2011/08/21 15:07:55.0051 1884 MBR (0x1B8) (d8f98fa929a3ce2707b66f8b212f5858) \Device\Harddisk0\DR0 2011/08/21 15:07:55.0066 1884 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.a (0) 2011/08/21 15:07:55.0098 1884 Boot (0x1200) (43407d2717bd19ae07d1d16086f48444) \Device\Harddisk0\DR0\Partition0 2011/08/21 15:07:55.0113 1884 ================================================================================ 2011/08/21 15:07:55.0113 1884 Scan finished 2011/08/21 15:07:55.0113 1884 ================================================================================ 2011/08/21 15:07:55.0144 2480 Detected object count: 1 2011/08/21 15:07:55.0144 2480 Actual detected object count: 1 2011/08/21 15:08:13.0849 2480 \Device\Harddisk0\DR0 (Rootkit.Boot.Pihar.a) - will be cured after reboot 2011/08/21 15:08:13.0849 2480 \Device\Harddisk0\DR0 - ok 2011/08/21 15:08:13.0849 2480 Rootkit.Boot.Pihar.a(\Device\Harddisk0\DR0) - User select action: Cure 2011/08/21 15:08:21.0072 1468 Deinitialize success