[Trojan] Trojan.Agent Trouble

Author	All Replies
Michele @comcast.net	[Trojan] Trojan.Agent Trouble Hi~ I recently began getting email from xfinity (my internet provider) that one of my computers may have a bot. As far as I knew all our computers were working normally. After checking over each, I realized my son's laptop was not running our av program, TrendMicro Titanium. So I immediately got that back working and it found TROJ_SPNR.16HL12 which the log says it removed. It also found TDSS which says needs additional cleaning. I then realized that there were several windows updates that needed installing, which I tried. All but one (a security update) installed. The one said failed. Going through some forums related to xfinity I found information on Malwarebytes which I downloaded and ran a quick scan. That showed finding Trojan.Agent which it would remove on reboot. After rebooting, I was continually receiving notifications of blocks and quarantines (one right after the other). That's when I began another internet search and found your forum. I've followed all the mandatory steps you've listed which I will copy and paste. The MBAM log is the second time I ran MBAM, but that time I did the full scan as directed. The last step, the ESET online scan ran for 53 minutes and finished by saying no threat found, but I cannot find any log left. Except for not being able to update Windows, and my isp sending the notices, the computer shows no visible trouble. This computer is mainly used for internet surfing, checking email, writing compositions in Word, and accessing his community college blackboard. Thank you for any help you can offer.
	to forum · permalink · 2013-02-14 10:50:50 ·

Michele @comcast.net	Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.02.13.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Josh :: JOSH-HP [administrator] Protection: Enabled 2/13/2013 10:56:54 AM mbam-log-2013-02-13 (10-56-54).txt Scan type: Full scan (C:\\|D:\\|E:\\|) Scan options enabled: Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken \| PUP \| PUM Scan options disabled: P2P Objects scanned: 356469 Time elapsed: 1 hour(s), 4 minute(s), 45 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
	to forum · permalink · 2013-02-14 21:58:21 ·
Michele @comcast.net	reply to Michele OTL Extras logfile created on: 2/13/2013 12:13:48 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Josh\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 5.95 Gb Total Physical Memory \| 3.94 Gb Available Physical Memory \| 66.18% Memory free 11.90 Gb Paging File \| 9.67 Gb Available in Paging File \| 81.24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 684.13 Gb Total Space \| 631.18 Gb Free Space \| 92.26% Space Free \| Partition Type: NTFS Drive D: \| 14.21 Gb Total Space \| 1.58 Gb Free Space \| 11.13% Space Free \| Partition Type: NTFS Computer Name: JOSH-HP \| User Name: Josh \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [color=#E56717]========== Shell Spawning ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A275B04-6204-4230-81A3-DB62F3B1E514}" = lport=138 \| protocol=17 \| dir=in \| app=system \| "{279F1F3E-1CFB-4B9E-BA28-27EE19B6A435}" = lport=5355 \| protocol=17 \| dir=in \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| "{33D301B6-DA63-4AFF-B4E0-77D20CAA9A14}" = rport=445 \| protocol=6 \| dir=out \| app=system \| "{3A027150-1368-4FE4-A8B8-9B6AF833E2C2}" = lport=2869 \| protocol=6 \| dir=in \| name=windows live communications platform (upnp) \| "{425141DF-9033-4BB1-BD50-4F933A0D1319}" = lport=445 \| protocol=6 \| dir=in \| app=system \| "{45798799-E434-4D73-975A-26455E96631E}" = rport=5355 \| protocol=17 \| dir=out \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| "{539382D2-0A4A-449F-9294-632D99085647}" = rport=5355 \| protocol=17 \| dir=out \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| "{5B805E75-D97D-4D68-89B9-977A4BE561B9}" = lport=5355 \| protocol=17 \| dir=in \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| "{659DBD5D-F2A5-4C56-9E12-01323928447D}" = lport=137 \| protocol=17 \| dir=in \| app=system \| "{680E9635-4757-40BF-9DC9-8989E94EF478}" = lport=rpc-epmap \| protocol=6 \| dir=in \| svc=rpcss \| name=@firewallapi.dll,-28539 \| "{89DEBB19-A6AE-4059-AA5A-AD7DB6559B6B}" = rport=139 \| protocol=6 \| dir=out \| app=system \| "{9A6D5048-8D94-4DE2-901A-2C7B7B0021FA}" = rport=138 \| protocol=17 \| dir=out \| app=system \| "{A4434578-0F65-4073-9D0D-96CF7A796ADF}" = lport=1900 \| protocol=17 \| dir=in \| name=windows live communications platform (ssdp) \| "{BD78AA70-6CDB-4F40-B233-B90F3F3F61CD}" = lport=139 \| protocol=6 \| dir=in \| app=system \| "{DCB746BE-F483-4A62-9AEF-931B573405CE}" = rport=137 \| protocol=17 \| dir=out \| app=system \| "{FCEDC5A4-D310-4C3E-8B6F-84F88F088917}" = lport=rpc \| protocol=6 \| dir=in \| svc=spooler \| app=%systemroot%\system32\spoolsv.exe \| [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0BF2BDEE-DBED-4918-8EE0-CB19057ADF18}" = protocol=1 \| dir=out \| name=@firewallapi.dll,-28544 \| "{54E8B167-0B45-44C1-8DF3-9500776B81A0}" = dir=in \| app=c:\program files (x86)\windows live\mesh\moe.exe \| "{5929FF5F-4B6B-4A8C-82F3-2F9906C18102}" = dir=in \| app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe \| "{77D7C794-AE1D-4E44-95B4-A6DFBA3D7E63}" = protocol=6 \| dir=in \| app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe \| "{78CCDCE7-7F78-480E-866C-DECB2FA8ADD8}" = protocol=1 \| dir=in \| name=@firewallapi.dll,-28543 \| "{9E1DFB1A-A28E-4ACF-9A4F-B32A96AF882A}" = protocol=17 \| dir=in \| app=c:\program files (x86)\microsoft office\office14\onenote.exe \| "{9EDA278D-1263-47F1-AC93-0AE70F780010}" = protocol=17 \| dir=in \| app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe \| "{A7F90F8F-4D4B-4C64-B173-1E41E5EA6503}" = protocol=6 \| dir=in \| app=c:\program files (x86)\microsoft office\office14\onenote.exe \| "{B6C41B51-01B8-47FD-9C46-16B192AF65E6}" = protocol=58 \| dir=in \| name=@firewallapi.dll,-28545 \| "{BCDBA20C-BEE8-453C-B9DB-B37B8B4E90A6}" = dir=in \| app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe \| "{D1BA018C-64C0-4226-8FC6-F170A6D6C48A}" = protocol=58 \| dir=out \| name=@firewallapi.dll,-28546 \| "{D2EE4647-263B-4861-8645-C6F1E0EFCB42}" = dir=in \| app=c:\program files (x86)\windows live\messenger\msnmsgr.exe \| "{D7776677-CD4C-465A-8017-7F99230EFD62}" = dir=in \| app=c:\program files (x86)\windows live\contacts\wlcomm.exe \| "{E248442D-ACB2-4DE2-B52E-625F57627040}" = dir=in \| app=c:\windows\system32\ezsharedsvchost.exe \| "{E8E4F810-9E4B-4680-9169-7CC3E414DE06}" = dir=in \| app=c:\program files (x86)\easybits for kids\ezdesktop.exe \| "{F81DB3FF-48CF-4B03-9E61-EA74B9BCE4E9}" = protocol=17 \| dir=in \| app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe \| "{F8B78281-12B8-49C5-8520-4AAFE4DF75F5}" = dir=in \| app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe \| "{F9C300F8-DF28-4FE0-AFFE-718F8E01D2AC}" = protocol=6 \| dir=in \| app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe \| [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit) "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5601F151-A69F-4E30-8C60-37928124CD07}" = HP 3D DriveGuard "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{79174AF2-6CB1-42F5-981E-66DCA49391D0}" = Validity WBF DDK "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security "{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E6459059-B943-4770-9EE4-180F70B765F4}" = Canon D460-490 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "SynTPDeinstKey" = Synaptics TouchPad Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216039FF}" = Java(TM) 6 Update 39 "{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}" = HP Quick Launch "{28FE073B-1230-4BF6-830C-7434FD0C0069}" = HP Software Framework "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7 "{3C5AB11A-2DDB-49E6-9FC0-CFD88A7DDFE4}" = HP Documentation "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0 "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{795AADBF-58C2-42D0-B779-E730702A247E}" = HP Connection Manager "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.5) MUI "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager "{BCFAA37D-A6DB-43BF-A351-43F183E52D07}" = HP SimplePass 2011 "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "EasyBits Magic Desktop" = Magic Desktop "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD "Lizard Safeguard - PDF Viewer_is1" = Lizard Safeguard - PDF Viewer 2.6.9 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100 "Office14.SingleImage" = Microsoft Office Home and Student 2010 "Professor Teaches Excel 2010" = Professor Teaches Excel 2010 "Professor Teaches PowerPoint 2010" = Professor Teaches PowerPoint 2010 "Professor Teaches Word 2010" = Professor Teaches Word 2010 "WildTangent hp Master Uninstall" = HP Games "WinLiveSuite" = Windows Live Essentials "WT087328" = Blackhawk Striker 2 "WT087330" = Bounce Symphony "WT087335" = Build-a-lot 2 "WT087343" = Dora's World Adventure "WT087393" = Mah Jong Medley "WT087394" = Penguins! "WT087395" = Poker Superstars III "WT087396" = Polar Bowler "WT087397" = Polar Golfer "WT087415" = Wheel of Fortune 2 "WT087536" = Diner Dash 2 Restaurant Rescue "WT089307" = Virtual Villagers 4 - The Tree of Life "WT089308" = Blasterball 3 "WT089328" = Farm Frenzy "WT089359" = Cake Mania "WT089362" = Agatha Christie - Peril at End House "WT089453" = Bejeweled 2 Deluxe "WT089454" = Chuzzle Deluxe "WT089455" = Zuma Deluxe "WT089457" = Slingo Supreme "WT089458" = Plants vs. Zombies - Game of the Year "WT089470" = FATE - The Traitor Soul "WT089484" = Namco All-Stars PAC-MAN "WT089496" = Mystery P.I. - Stolen in San Francisco "WT089498" = Bejeweled 3 "Year 4 Curriculum" = Year 4 Curriculum "Year 4 Government" = Year 4 Government "Year 4 Interface" = Year 4 Interface "Year 4 MapAids" = Year 4 MapAids [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 12/19/2012 7:31:36 PM \| Computer Name = Josh-HP \| Source = Application Error \| ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16457, time stamp: 0x50a30507 Exception code: 0xc0000005 Fault offset: 0x00364924 Faulting process id: 0x1d2c Faulting application start time: 0x01cdda23f3c56158 Faulting application path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll Report Id: 3ab9d8e7-4a34-11e2-99bd-101f7419c42a Error - 12/19/2012 9:40:47 PM \| Computer Name = Josh-HP \| Source = Application Error \| ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x72506d35 Faulting process id: 0x21d4 Faulting application start time: 0x01cdde41278e0eb6 Faulting application path: \\.\globalroot\systemroot\svchost.exe Faulting module path: unknown Report Id: 46a39463-4a46-11e2-99bd-101f7419c42a Error - 12/19/2012 10:04:00 PM \| Computer Name = Josh-HP \| Source = Application Error \| ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5 Faulting module name: Flash11e.ocx, version: 11.1.102.55, time stamp: 0x4eaf89fc Exception code: 0xc0000005 Fault offset: 0x004053e8 Faulting process id: 0x1138 Faulting application start time: 0x01cdde5324aceb54 Faulting application path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx Report Id: 84a9458c-4a49-11e2-99bd-101f7419c42a Error - 12/19/2012 11:05:54 PM \| Computer Name = Josh-HP \| Source = Application Error \| ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000002 Fault offset: 0x00013ce2 Faulting process id: 0x4cd0 Faulting application start time: 0x01cdde5673439c5b Faulting application path: \\.\globalroot\systemroot\svchost.exe Faulting module path: unknown Report Id: 2a8efdf8-4a52-11e2-99bd-101f7419c42a Error - 12/31/2012 5:50:32 PM \| Computer Name = Josh-HP \| Source = WinMgmt \| ID = 10 Description = Error - 12/31/2012 6:00:40 PM \| Computer Name = Josh-HP \| Source = Application Error \| ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5 Faulting module name: Flash11e.ocx, version: 11.1.102.55, time stamp: 0x4eaf89fc Exception code: 0xc0000005 Fault offset: 0x0016cdc1 Faulting process id: 0x1428 Faulting application start time: 0x01cde7a0f1de0454 Faulting application path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx Report Id: 832534a6-5395-11e2-9491-101f7419c42a Error - 12/31/2012 6:31:21 PM \| Computer Name = Josh-HP \| Source = WinMgmt \| ID = 10 Description = Error - 12/31/2012 7:19:32 PM \| Computer Name = Josh-HP \| Source = Application Error \| ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0xcde7ac8b Faulting process id: 0x10f4 Faulting application start time: 0x01cde7a69b820619 Faulting application path: \\.\globalroot\systemroot\svchost.exe Faulting module path: unknown Report Id: 8836b235-53a0-11e2-8de6-101f7419c42a Error - 12/31/2012 8:08:02 PM \| Computer Name = Josh-HP \| Source = Application Error \| ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x8a7d6bf0 Faulting process id: 0xe8c Faulting application start time: 0x01cde7ad8ee7628f Faulting application path: \\.\globalroot\systemroot\svchost.exe Faulting module path: unknown Report Id: 4e531522-53a7-11e2-8de6-101f7419c42a Error - 1/3/2013 8:16:43 PM \| Computer Name = Josh-HP \| Source = WinMgmt \| ID = 10 Description = [ Hewlett-Packard Events ] Error - 6/8/2012 8:30:41 PM \| Computer Name = Josh-HP \| Source = HPSFMsgr.exe \| ID = 2000 Description = Error - 6/18/2012 6:06:37 PM \| Computer Name = Josh-HP \| Source = HPSF.exe \| ID = 4000 Description = Error - 7/18/2012 3:58:18 PM \| Computer Name = Josh-HP \| Source = HPSF.exe \| ID = 4000 Description = Error - 9/19/2012 6:28:36 PM \| Computer Name = Josh-HP \| Source = HPSF.exe \| ID = 4000 Description = [ HP Connection Manager Events ] Error - 2/12/2013 10:06:26 PM \| Computer Name = Josh-HP \| Source = hpMobile \| ID = 5 Description = 2013/02/12 20:06:26.880\|00001DB4\|Error \|[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+c,string,string,string,string,string)}\|HP Software framework Failed from popup: e_INVALID_HP_SIGNATURE Error - 2/12/2013 10:50:03 PM \| Computer Name = Josh-HP \| Source = hpMobile \| ID = 5 Description = 2013/02/12 20:50:03.018\|0000045C\|Error \|[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+c,string,string,string,string,string)}\|HP Software framework Failed from popup: e_INVALID_HP_SIGNATURE Error - 2/12/2013 11:22:09 PM \| Computer Name = Josh-HP \| Source = hpCMSrv \| ID = 5 Description = 2013/02/12 21:22:09.978\|00001510\|Error \|CWLAN::SignalStrengthChanged\|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 2/13/2013 11:32:47 AM \| Computer Name = Josh-HP \| Source = hpMobile \| ID = 5 Description = 2013/02/13 09:32:47.398\|00000A08\|Error \|[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+c,string,string,string,string,string)}\|HP Software framework Failed from popup: e_INVALID_HP_SIGNATURE Error - 2/13/2013 11:48:22 AM \| Computer Name = Josh-HP \| Source = hpCMSrv \| ID = 5 Description = 2013/02/13 09:48:22.132\|0000088C\|Error \|CWLAN::SignalStrengthChanged\|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 2/13/2013 11:48:23 AM \| Computer Name = Josh-HP \| Source = hpCMSrv \| ID = 5 Description = 2013/02/13 09:48:23.380\|0000088C\|Error \|CWLAN::SignalStrengthChanged\|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 2/13/2013 11:48:33 AM \| Computer Name = Josh-HP \| Source = hpCMSrv \| ID = 5 Description = 2013/02/13 09:48:33.379\|0000088C\|Error \|CWLAN::SignalStrengthChanged\|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 2/13/2013 11:53:03 AM \| Computer Name = Josh-HP \| Source = hpMobile \| ID = 5 Description = 2013/02/13 09:53:03.367\|000017A4\|Error \|[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+c,string,string,string,string,string)}\|HP Software framework Failed from popup: e_INVALID_HP_SIGNATURE Error - 2/13/2013 12:55:34 PM \| Computer Name = Josh-HP \| Source = hpMobile \| ID = 5 Description = 2013/02/13 10:55:34.342\|00001144\|Error \|[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+c,string,string,string,string,string)}\|HP Software framework Failed from popup: e_INVALID_HP_SIGNATURE Error - 2/13/2013 2:07:17 PM \| Computer Name = Josh-HP \| Source = hpMobile \| ID = 5 Description = 2013/02/13 12:07:17.223\|00001144\|Error \|[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+c,string,string,string,string,string)}\|HP Software framework Failed from popup: e_INVALID_HP_SIGNATURE [ HP Software Framework Events ] Error - 2/6/2013 1:00:50 AM \| Computer Name = Josh-HP \| Source = CaslWmi \| ID = 5 Description = 2013/02/05 23:00:50.616\|00001514\|Error \|[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}\|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 2/6/2013 1:08:33 AM \| Computer Name = Josh-HP \| Source = CaslWmi \| ID = 5 Description = 2013/02/05 23:08:33.240\|00001578\|Error \|[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}\|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 2/6/2013 1:08:33 AM \| Computer Name = Josh-HP \| Source = hpCasl \| ID = 5 Description = 2013/02/05 23:08:33.468\|00001578\|Error \|[hpcasl]Global::CheckforValidSignature{bool()}\|Calling process C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\Resource.exe does not have a valid signature. HP CASL loading aborted Error - 2/11/2013 6:15:16 PM \| Computer Name = Josh-HP \| Source = CaslWmi \| ID = 5 Description = 2013/02/11 16:15:16.693\|00001918\|Error \|[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}\|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 2/11/2013 11:10:36 PM \| Computer Name = Josh-HP \| Source = CaslWmi \| ID = 5 Description = 2013/02/11 21:10:36.114\|00001F58\|Error \|[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}\|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 2/12/2013 1:07:37 PM \| Computer Name = Josh-HP \| Source = CaslWmi \| ID = 5 Description = 2013/02/12 11:07:37.827\|000019F4\|Error \|[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}\|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 2/12/2013 1:54:02 PM \| Computer Name = Josh-HP \| Source = CaslWmi \| ID = 5 Description = 2013/02/12 11:54:02.658\|00001DB4\|Error \|[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}\|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 2/12/2013 10:49:56 PM \| Computer Name = Josh-HP \| Source = CaslWmi \| ID = 5 Description = 2013/02/12 20:49:56.014\|0000045C\|Error \|[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}\|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 2/13/2013 11:32:39 AM \| Computer Name = Josh-HP \| Source = CaslWmi \| ID = 5 Description = 2013/02/13 09:32:39.895\|00000A08\|Error \|[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}\|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 2/13/2013 11:52:56 AM \| Computer Name = Josh-HP \| Source = CaslWmi \| ID = 5 Description = 2013/02/13 09:52:56.254\|000017A4\|Error \|[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}\|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state [ System Events ] Error - 1/18/2013 8:47:00 PM \| Computer Name = Josh-HP \| Source = DCOM \| ID = 10016 Description = Error - 1/19/2013 12:57:13 PM \| Computer Name = Josh-HP \| Source = Microsoft-Windows-WindowsUpdateClient \| ID = 20 Description = Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2724197). Error - 1/19/2013 1:08:57 PM \| Computer Name = Josh-HP \| Source = EventLog \| ID = 6008 Description = The previous system shutdown at 11:07:54 AM on ?1/?19/?2013 was unexpected. Error - 1/19/2013 3:25:43 PM \| Computer Name = Josh-HP \| Source = Service Control Manager \| ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HP Support Assistant Service service. Error - 1/19/2013 3:26:13 PM \| Computer Name = Josh-HP \| Source = Service Control Manager \| ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service. Error - 1/19/2013 3:26:43 PM \| Computer Name = Josh-HP \| Source = Service Control Manager \| ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service. Error - 1/19/2013 3:27:13 PM \| Computer Name = Josh-HP \| Source = Service Control Manager \| ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service. Error - 1/31/2013 8:19:37 PM \| Computer Name = Josh-HP \| Source = Service Control Manager \| ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service. Error - 2/1/2013 6:55:29 PM \| Computer Name = Josh-HP \| Source = Microsoft-Windows-WindowsUpdateClient \| ID = 20 Description = Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2724197). Error - 2/2/2013 5:00:29 AM \| Computer Name = Josh-HP \| Source = Microsoft-Windows-WindowsUpdateClient \| ID = 20 Description = Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2724197).
	to forum · permalink · 2013-02-14 21:58:36 ·
Michele @comcast.net	reply to Michele OTL logfile created on: 2/13/2013 12:13:48 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Josh\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 5.95 Gb Total Physical Memory \| 3.94 Gb Available Physical Memory \| 66.18% Memory free 11.90 Gb Paging File \| 9.67 Gb Available in Paging File \| 81.24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 684.13 Gb Total Space \| 631.18 Gb Free Space \| 92.26% Space Free \| Partition Type: NTFS Drive D: \| 14.21 Gb Total Space \| 1.58 Gb Free Space \| 11.13% Space Free \| Partition Type: NTFS Computer Name: JOSH-HP \| User Name: Josh \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/02/13 12:11:51 \| 000,602,112 \| ---- \| M] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe PRC - [2012/12/18 06:28:08 \| 000,065,192 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/12/14 16:49:28 \| 000,682,344 \| ---- \| M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/12/14 16:49:28 \| 000,512,360 \| ---- \| M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/12/14 16:49:28 \| 000,398,184 \| ---- \| M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/06/11 15:22:16 \| 000,240,208 \| ---- \| M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE PRC - [2012/03/01 10:50:23 \| 000,075,048 \| ---- \| M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe PRC - [2012/03/01 10:44:58 \| 000,113,288 \| ---- \| M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2011/09/01 17:06:50 \| 000,227,896 \| ---- \| M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011/08/19 14:48:44 \| 000,379,960 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe PRC - [2011/07/11 14:04:44 \| 000,574,008 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2011/07/11 14:04:44 \| 000,026,680 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2011/05/20 10:10:26 \| 000,013,592 \| ---- \| M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011/05/20 10:10:12 \| 000,284,440 \| ---- \| M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011/03/30 14:01:10 \| 000,087,336 \| ---- \| M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe PRC - [2011/03/08 13:21:10 \| 000,136,488 \| ---- \| M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2011/02/17 23:48:24 \| 000,265,544 \| ---- \| M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe PRC - [2011/02/17 23:48:12 \| 000,642,888 \| ---- \| M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe PRC - [2011/02/17 23:47:58 \| 000,142,664 \| ---- \| M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe PRC - [2011/02/15 16:48:52 \| 001,071,160 \| ---- \| M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe PRC - [2010/12/22 14:25:02 \| 002,656,280 \| ---- \| M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010/12/22 14:24:58 \| 000,325,656 \| ---- \| M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010/11/26 08:09:12 \| 000,399,344 \| ---- \| M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe PRC - [2010/04/23 13:00:00 \| 000,514,232 \| ---- \| M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/04/23 13:00:00 \| 000,514,232 \| ---- \| M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/04/23 13:00:00 \| 000,514,232 \| ---- \| M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013/02/13 09:51:51 \| 011,833,344 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll MOD - [2013/02/13 09:51:32 \| 012,436,480 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013/01/18 18:55:20 \| 000,014,336 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\500a8ae2a5d27132d87ccac9f97b0069\IAStorCommon.ni.dll MOD - [2013/01/18 18:55:19 \| 000,491,520 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\346a7a67978cead8e2ff52c6d80bbeb7\IAStorUtil.ni.dll MOD - [2013/01/18 18:52:21 \| 000,771,584 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013/01/18 18:51:31 \| 001,592,832 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/01/18 18:51:15 \| 003,347,968 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013/01/18 18:51:07 \| 005,452,800 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\520a80ddcdd1084993516f4d42a73e05\System.Xml.ni.dll MOD - [2013/01/18 18:51:04 \| 000,971,264 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013/01/18 18:51:02 \| 007,989,760 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/01/18 18:50:55 \| 011,493,376 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:64bit: - File not found [Auto \| Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp) SRV:64bit: - [2012/03/01 10:47:27 \| 000,301,568 \| ---- \| M] (IDT, Inc.) [Auto \| Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:64bit: - [2012/03/01 10:47:26 \| 000,089,600 \| ---- \| M] (Andrea Electronics Corporation) [Auto \| Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV:64bit: - [2011/05/27 11:20:12 \| 000,030,520 \| ---- \| M] (Hewlett-Packard Company) [Auto \| Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2010/10/11 03:48:14 \| 000,346,168 \| ---- \| M] (Hewlett-Packard Company) [Auto \| Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV:64bit: - [2010/09/22 19:10:10 \| 000,057,184 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/13 19:41:27 \| 001,011,712 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/12/18 06:28:08 \| 000,065,192 \| ---- \| M] (Adobe Systems Incorporated) [Auto \| Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/12/14 16:49:28 \| 000,682,344 \| ---- \| M] (Malwarebytes Corporation) [Auto \| Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/12/14 16:49:28 \| 000,398,184 \| ---- \| M] (Malwarebytes Corporation) [Auto \| Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/06/11 15:22:16 \| 000,240,208 \| ---- \| M] (Microsoft Corporation.) [On_Demand \| Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate) SRV - [2012/06/11 15:22:16 \| 000,193,616 \| ---- \| M] (Microsoft Corporation.) [Auto \| Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc) SRV - [2012/03/01 10:46:03 \| 002,413,056 \| ---- \| M] (Realsil Microelectronics Inc.) [Auto \| Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2011/09/09 17:10:28 \| 000,086,072 \| ---- \| M] (Hewlett-Packard Company) [Auto \| Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011/09/01 17:06:50 \| 000,227,896 \| ---- \| M] (Hewlett-Packard Company) [Auto \| Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011/07/11 14:04:44 \| 000,026,680 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) [Auto \| Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2011/05/20 10:10:26 \| 000,013,592 \| ---- \| M] (Intel Corporation) [Auto \| Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011/02/24 21:34:42 \| 000,241,648 \| ---- \| M] (CyberLink) [Auto \| Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56) SRV - [2011/02/17 23:48:24 \| 000,265,544 \| ---- \| M] (HP) [Auto \| Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService) SRV - [2011/02/15 16:48:52 \| 001,071,160 \| ---- \| M] (Hewlett-Packard Development Company L.P.) [On_Demand \| Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2010/12/22 14:25:02 \| 002,656,280 \| ---- \| M] (Intel Corporation) [Auto \| Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/12/22 14:24:58 \| 000,325,656 \| ---- \| M] (Intel Corporation) [Auto \| Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/11/26 08:09:12 \| 000,399,344 \| ---- \| M] (Roxio) [Auto \| Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service) SRV - [2010/10/12 11:59:12 \| 000,206,072 \| ---- \| M] (WildTangent, Inc.) [On_Demand \| Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/03/18 13:16:28 \| 000,130,384 \| ---- \| M] (Microsoft Corporation) [Auto \| Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 15:23:09 \| 000,066,384 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:64bit: - [2012/12/14 16:49:28 \| 000,024,176 \| ---- \| M] (Malwarebytes Corporation) [File_System \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/08/24 07:07:14 \| 000,046,392 \| ---- \| M] (Trend Micro Inc.) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\TMEBC64.sys -- (TMEBC) DRV:64bit: - [2012/08/23 08:10:20 \| 000,019,456 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 08:08:26 \| 000,030,208 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/08/23 08:07:35 \| 000,057,856 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/07/12 04:29:40 \| 000,106,000 \| ---- \| M] (Trend Micro Inc.) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon) DRV:64bit: - [2012/07/12 04:29:26 \| 000,076,672 \| ---- \| M] (Trend Micro Inc.) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr) DRV:64bit: - [2012/07/12 04:29:04 \| 000,173,504 \| ---- \| M] (Trend Micro Inc.) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm) DRV:64bit: - [2012/05/02 13:27:22 \| 000,105,744 \| ---- \| M] (Trend Micro Inc.) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi) DRV:64bit: - [2012/03/01 10:47:27 \| 000,528,384 \| ---- \| M] (IDT, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2012/03/01 10:46:03 \| 000,338,536 \| ---- \| M] (Realtek Semiconductor Corp.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2012/03/01 10:44:58 \| 000,208,896 \| ---- \| M] (Renesas Electronics Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2012/03/01 10:44:58 \| 000,091,648 \| ---- \| M] (Renesas Electronics Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2012/03/01 00:46:16 \| 000,023,408 \| ---- \| M] (Microsoft Corporation) [Recognizer \| Boot \| Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/10/14 04:37:44 \| 000,396,848 \| ---- \| M] (Synaptics Incorporated) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011/09/21 14:31:59 \| 003,065,408 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2011/05/27 11:20:12 \| 000,043,320 \| ---- \| M] (Hewlett-Packard Company) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2011/05/27 11:20:12 \| 000,030,008 \| ---- \| M] (Hewlett-Packard Company) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2011/05/20 09:53:44 \| 000,557,848 \| ---- \| M] (Intel Corporation) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011/04/15 18:08:28 \| 012,228,128 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/03/11 00:41:12 \| 000,107,904 \| ---- \| M] (Advanced Micro Devices) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 00:41:12 \| 000,027,008 \| ---- \| M] (Advanced Micro Devices) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/16 19:11:08 \| 000,428,136 \| ---- \| M] (Realtek ) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/11/20 21:23:47 \| 000,109,056 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/11/20 21:23:47 \| 000,078,720 \| ---- \| M] (Hewlett-Packard Company) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/10/19 18:34:26 \| 000,056,344 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/10/15 02:28:16 \| 000,317,440 \| ---- \| M] (Intel(R) Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010/07/28 10:13:50 \| 000,031,088 \| ---- \| M] (CyberLink Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2009/07/13 19:52:20 \| 000,194,128 \| ---- \| M] (AMD Technologies Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 19:48:04 \| 000,065,600 \| ---- \| M] (LSI Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 19:45:55 \| 000,024,656 \| ---- \| M] (Promise Technology) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 18:39:20 \| 000,023,040 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/06/10 15:01:11 \| 001,485,312 \| ---- \| M] (Conexant Systems, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 15:01:11 \| 000,740,864 \| ---- \| M] (Conexant Systems, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 15:01:11 \| 000,292,864 \| ---- \| M] (Conexant Systems, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 14:35:35 \| 000,408,960 \| ---- \| M] (NVIDIA Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009/06/10 14:34:33 \| 003,286,016 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 14:34:28 \| 000,468,480 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 14:34:23 \| 000,270,848 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 14:31:59 \| 000,031,232 \| ---- \| M] (Hauppauge Computer Works, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/13 19:19:10 \| 000,019,008 \| ---- \| M] (Microsoft Corporation) [File_System \| On_Demand \| Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »g.msn.com/HPNOT/1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »www.bing.com/search?q={searchTer···earchBox IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = »search.ask.com/web?q={searchterm···o=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = »www.google.com/search?q={searchT···ceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = »search.yahoo.com/search?p={searc···e=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = »en.wikipedia.org/wiki/Special:Se···chTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = »rover.ebay.com/rover/1/711-30572···chTerms} IE:64bit: - HKLM\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = »www.amazon.com/s/ref=azs_osd_iea···chTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »g.msn.com/HPNOT/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »www.bing.com/search?q={searchTer···earchBox IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = »search.ask.com/web?q={searchterm···o=HPNTDF IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = »www.google.com/search?q={searchT···ceid=ie7 IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = »search.yahoo.com/search?p={searc···e=HPNTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = »en.wikipedia.org/wiki/Special:Se···chTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = »rover.ebay.com/rover/1/711-30572···chTerms} IE - HKLM\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = »www.amazon.com/s/ref=azs_osd_iea···chTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »g.msn.com/HPNOT/1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »espn.com/ IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »www.bing.com/search?q={searchTer···earchBox IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = »search.ask.com/web?q={searchterm···o=HPNTDF IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = »www.google.com/search?q={searchT···_enUS523 IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = »search.yahoo.com/search?p={searc···e=HPNTDF IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = »en.wikipedia.org/wiki/Special:Se···chTerms} IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = »rover.ebay.com/rover/1/711-30572···chTerms} IE - HKCU\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = »www.amazon.com/s/ref=azs_osd_iea···chTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\tmbepff-7.5@trendmicro.com: C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20002\7.5.1125\7.5.1125\FIREFOXEXTENSION [2013/02/11 16:37:00 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\tmbepff-7.5@trendmicro.com: C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1125\7.5.1125\firefoxextension [2013/02/11 16:37:00 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2013/02/11 16:24:04 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2013/02/11 16:37:08 \| 000,000,000 \| ---D \| M] O1 HOSTS File: ([2009/06/10 15:00:26 \| 000,000,824 \| ---- \| M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.) O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1125\7.5.1125\TmBpIe64.dll (Trend Micro Inc.) O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1125\7.5.1125\TmBpIe32.dll (Trend Micro Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D95E79B9-29C3-4D50-8309-6DB75FBF57C5}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1125\7.5.1125\TmBpIe64.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1125\7.5.1125\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk ) O35:64bit:* - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/02/13 12:11:50 \| 000,602,112 \| ---- \| C] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe [2013/02/13 10:48:08 \| 000,448,512 \| ---- \| C] (OldTimer Tools) -- C:\Users\Josh\Desktop\TFC.exe [2013/02/13 09:40:10 \| 000,176,640 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/02/13 09:40:10 \| 000,096,768 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/02/13 09:40:10 \| 000,073,216 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/02/13 09:40:09 \| 000,248,320 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/02/13 09:40:09 \| 000,237,056 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/02/13 09:40:09 \| 000,231,936 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/02/13 09:40:09 \| 000,173,056 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/02/13 09:40:09 \| 000,142,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/02/13 09:40:08 \| 002,312,704 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/02/13 09:40:08 \| 001,494,528 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/02/13 09:40:08 \| 001,427,968 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/02/13 09:40:08 \| 000,729,088 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/02/13 09:40:05 \| 000,717,824 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/02/13 09:40:04 \| 000,816,640 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/02/13 09:40:04 \| 000,599,040 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/02/13 09:39:30 \| 000,215,040 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013/02/13 09:39:30 \| 000,025,600 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/02/13 09:39:30 \| 000,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/02/13 09:39:30 \| 000,007,680 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/02/13 09:39:30 \| 000,005,120 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/02/13 09:39:30 \| 000,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013/02/13 09:38:59 \| 000,288,088 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013/02/12 20:38:42 \| 000,000,000 \| ---D \| C] -- C:\Users\Josh\AppData\Roaming\Malwarebytes [2013/02/12 20:38:24 \| 000,024,176 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/02/12 20:38:24 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/02/12 20:38:24 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/02/12 20:38:24 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2013/02/12 20:35:49 \| 000,000,000 \| ---D \| C] -- C:\Users\Josh\AppData\Local\Programs [2013/02/12 20:14:41 \| 067,823,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe [2013/02/12 11:45:12 \| 000,013,312 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2013/02/12 11:45:11 \| 000,015,360 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2013/02/12 11:45:11 \| 000,013,312 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2013/02/12 11:45:09 \| 000,057,856 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2013/02/12 11:45:09 \| 000,030,208 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys [2013/02/12 11:45:09 \| 000,019,456 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2013/02/12 11:45:07 \| 003,174,912 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2013/02/12 11:45:07 \| 001,123,840 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2013/02/12 11:45:07 \| 001,048,064 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2013/02/12 11:45:07 \| 000,384,000 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2013/02/12 11:45:07 \| 000,322,560 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013/02/12 11:45:07 \| 000,269,312 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013/02/12 11:45:07 \| 000,243,200 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2013/02/12 11:45:07 \| 000,228,864 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2013/02/12 11:45:07 \| 000,192,000 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2013/02/12 11:45:07 \| 000,062,976 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2013/02/12 11:45:07 \| 000,054,272 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2013/02/12 11:45:07 \| 000,046,592 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2013/02/12 11:45:07 \| 000,044,032 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013/02/12 11:45:07 \| 000,043,520 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2013/02/12 11:45:07 \| 000,037,376 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013/02/12 11:45:07 \| 000,018,432 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2013/02/12 11:45:07 \| 000,016,896 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2013/02/12 11:45:06 \| 005,773,824 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013/02/12 11:45:06 \| 004,916,224 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013/02/12 11:41:58 \| 001,448,448 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2013/02/12 11:17:36 \| 000,000,000 \| ---D \| C] -- C:\Users\Josh\AppData\Roaming\Google [2013/02/12 11:16:47 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Google [2013/02/12 11:16:24 \| 000,000,000 \| ---D \| C] -- C:\Users\Josh\AppData\Local\Google [2013/02/12 11:16:19 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Google [2013/02/12 11:16:19 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Google [2013/02/11 17:15:05 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Common Files\Java [2013/02/11 17:14:46 \| 000,477,616 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll [2013/02/11 17:14:46 \| 000,158,128 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2013/02/11 17:14:46 \| 000,149,936 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2013/02/11 17:14:46 \| 000,149,936 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2013/02/11 17:14:06 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Java [2013/02/11 17:12:28 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\McAfee [2013/02/11 17:03:34 \| 000,000,000 \| -H-D \| C] -- C:\Windows\SysNative\CanonMF Uninstaller Information [2013/02/11 17:03:34 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon [2013/02/11 17:03:32 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Canon [2013/02/11 17:02:55 \| 000,066,048 \| ---- \| C] (Canon Inc.) -- C:\Windows\SysNative\CNAS0MMK.DLL [2013/02/11 16:29:17 \| 000,000,000 \| -H-D \| C] -- C:\TMRescueDisk [2013/02/11 16:26:12 \| 000,000,000 \| ---D \| C] -- C:\Users\Josh\AppData\Local\Trend Micro [2013/02/11 16:26:04 \| 000,000,000 \| ---D \| C] -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security [2013/02/11 16:25:06 \| 000,105,744 \| ---- \| C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys [2013/02/11 16:24:59 \| 000,173,504 \| ---- \| C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys [2013/02/11 16:24:59 \| 000,106,000 \| ---- \| C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmactmon.sys [2013/02/11 16:24:59 \| 000,076,672 \| ---- \| C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmevtmgr.sys [2013/02/11 16:24:59 \| 000,046,392 \| ---- \| C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\TMEBC64.sys [2013/02/11 16:22:33 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Trend Micro [2013/02/11 16:22:22 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Trend Micro [2013/02/11 16:17:05 \| 100,309,176 \| ---- \| C] (Trend Micro Inc.) -- C:\Users\Public\Desktop\Trend_Micro.exe [2013/02/11 16:16:47 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Trend Micro [2013/02/11 16:13:26 \| 000,697,712 \| ---- \| C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/02/11 16:13:23 \| 000,000,000 \| ---D \| C] -- C:\Windows\SysNative\Macromed [2013/01/15 16:48:08 \| 000,750,592 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013/01/15 16:48:08 \| 000,492,032 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013/01/15 16:48:00 \| 000,307,200 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013/01/15 16:47:59 \| 000,800,768 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013/01/15 16:47:57 \| 002,746,368 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013/01/15 16:47:57 \| 002,576,384 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013/01/15 16:47:57 \| 000,441,856 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013/01/15 16:47:57 \| 000,308,736 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013/01/15 16:47:57 \| 000,055,296 \| ---- \| C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013/01/15 16:47:57 \| 000,055,296 \| ---- \| C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013/01/15 16:47:57 \| 000,051,712 \| ---- \| C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013/01/15 16:47:57 \| 000,051,712 \| ---- \| C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013/01/15 16:47:57 \| 000,046,592 \| ---- \| C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013/01/15 16:47:57 \| 000,046,592 \| ---- \| C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013/01/15 16:47:57 \| 000,045,568 \| ---- \| C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013/01/15 16:47:57 \| 000,045,568 \| ---- \| C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013/01/15 16:47:57 \| 000,044,544 \| ---- \| C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013/01/15 16:47:57 \| 000,044,544 \| ---- \| C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013/01/15 16:47:57 \| 000,043,520 \| ---- \| C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013/01/15 16:47:57 \| 000,043,520 \| ---- \| C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013/01/15 16:47:57 \| 000,040,960 \| ---- \| C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013/01/15 16:47:57 \| 000,040,960 \| ---- \| C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013/01/15 16:47:57 \| 000,030,720 \| ---- \| C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013/01/15 16:47:57 \| 000,030,720 \| ---- \| C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013/01/15 16:47:57 \| 000,023,552 \| ---- \| C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013/01/15 16:47:57 \| 000,023,552 \| ---- \| C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013/01/15 16:47:57 \| 000,021,504 \| ---- \| C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013/01/15 16:47:57 \| 000,021,504 \| ---- \| C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013/01/15 16:47:57 \| 000,020,480 \| ---- \| C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013/01/15 16:47:57 \| 000,020,480 \| ---- \| C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013/01/15 16:47:57 \| 000,020,480 \| ---- \| C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013/01/15 16:47:57 \| 000,020,480 \| ---- \| C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013/01/15 16:47:57 \| 000,020,480 \| ---- \| C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013/01/15 16:47:57 \| 000,020,480 \| ---- \| C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013/01/15 16:47:57 \| 000,015,360 \| ---- \| C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013/01/15 16:47:57 \| 000,015,360 \| ---- \| C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013/01/15 16:47:39 \| 001,161,216 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013/01/15 16:47:39 \| 000,424,448 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013/01/15 16:47:39 \| 000,362,496 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013/01/15 16:47:39 \| 000,338,432 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013/01/15 16:47:39 \| 000,243,200 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013/01/15 16:47:39 \| 000,016,384 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013/01/15 16:47:39 \| 000,013,312 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013/01/15 16:47:39 \| 000,006,144 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013/01/15 16:47:39 \| 000,005,120 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013/01/15 16:47:39 \| 000,005,120 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013/01/15 16:47:39 \| 000,004,608 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013/01/15 16:47:39 \| 000,004,608 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013/01/15 16:47:39 \| 000,004,608 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013/01/15 16:47:39 \| 000,004,096 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013/01/15 16:47:39 \| 000,004,096 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013/01/15 16:47:39 \| 000,004,096 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013/01/15 16:47:39 \| 000,004,096 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013/01/15 16:47:39 \| 000,004,096 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013/01/15 16:47:39 \| 000,004,096 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013/01/15 16:47:39 \| 000,004,096 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013/01/15 16:47:39 \| 000,003,584 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/01/15 16:47:39 \| 000,003,584 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013/01/15 16:47:39 \| 000,003,584 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013/01/15 16:47:39 \| 000,003,584 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013/01/15 16:47:39 \| 000,003,584 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013/01/15 16:47:39 \| 000,003,584 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013/01/15 16:47:39 \| 000,003,584 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013/01/15 16:47:39 \| 000,003,584 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013/01/15 16:47:39 \| 000,003,584 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013/01/15 16:47:39 \| 000,003,584 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013/01/15 16:47:39 \| 000,003,584 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013/01/15 16:47:39 \| 000,003,584 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013/01/15 16:47:39 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013/01/15 16:47:39 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013/01/15 16:47:39 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013/01/15 16:47:39 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013/01/15 16:47:39 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013/01/15 16:47:39 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013/01/15 16:47:39 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013/01/15 16:47:39 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013/01/15 16:47:39 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013/01/15 16:47:39 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013/01/15 16:47:39 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013/01/15 16:47:39 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013/01/15 16:47:38 \| 000,006,144 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013/01/15 16:47:38 \| 000,004,608 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013/01/15 16:47:38 \| 000,004,096 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013/01/15 16:47:38 \| 000,004,096 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013/01/15 16:47:38 \| 000,003,584 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013/01/15 16:47:38 \| 000,003,584 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013/01/15 16:47:38 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013/01/15 16:47:38 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/01/15 16:47:38 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013/01/15 16:47:38 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013/01/15 16:47:38 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013/01/15 16:47:38 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013/01/15 16:47:38 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013/01/15 16:47:38 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013/01/15 16:47:38 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013/01/15 16:47:38 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013/01/15 16:47:38 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013/01/15 16:47:38 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013/01/15 16:47:38 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013/01/15 16:47:29 \| 000,068,608 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2 C:\Program Files (x86)\.tmp files -> C:\Program Files (x86)\.tmp -> ] [1 C:\Windows\SysNative\.tmp files -> C:\Windows\SysNative\.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/02/13 12:11:51 \| 000,602,112 \| ---- \| M] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe [2013/02/13 12:07:15 \| 000,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2013/02/13 12:02:02 \| 000,000,894 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/02/13 11:00:48 \| 000,032,064 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/13 11:00:48 \| 000,032,064 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/13 11:00:38 \| 000,624,412 \| ---- \| M] () -- C:\Windows\SysNative\perfh009.dat [2013/02/13 11:00:38 \| 000,106,756 \| ---- \| M] () -- C:\Windows\SysNative\perfc009.dat [2013/02/13 10:53:12 \| 000,000,890 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/02/13 10:52:55 \| 495,865,855 \| -HS- \| M] () -- C:\hiberfil.sys [2013/02/13 10:48:08 \| 000,448,512 \| ---- \| M] (OldTimer Tools) -- C:\Users\Josh\Desktop\TFC.exe [2013/02/13 09:57:31 \| 000,726,444 \| ---- \| M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/02/13 09:49:59 \| 000,343,728 \| ---- \| M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/02/13 09:47:04 \| 000,000,129 \| ---- \| M] () -- C:\Windows\SysNative\MRT.INI [2013/02/12 20:47:33 \| 000,000,258 \| RHS- \| M] () -- C:\ProgramData\ntuser.pol [2013/02/12 20:38:25 \| 000,001,109 \| ---- \| M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/02/11 17:29:43 \| 000,234,544 \| ---- \| M] () -- C:\Windows\RegBootClean64.exe [2013/02/11 17:14:17 \| 000,158,128 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2013/02/11 17:14:17 \| 000,149,936 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2013/02/11 17:14:16 \| 000,477,616 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll [2013/02/11 17:14:16 \| 000,473,520 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2013/02/11 17:14:16 \| 000,149,936 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2013/02/11 17:08:38 \| 000,001,371 \| ---- \| M] () -- C:\Windows\SysWow64\logFile.xml [2013/02/11 16:39:58 \| 001,195,069 \| ---- \| M] () -- C:\Users\Josh\Documents\Trend Micro Removal instructions.pdf [2013/02/11 16:23:49 \| 000,000,059 \| ---- \| M] () -- C:\Windows\SysNative\SupportTool.exe.bat [2013/02/11 16:20:46 \| 000,000,036 \| ---- \| M] () -- C:\Users\Josh\AppData\Local\housecall.guid.cache [2013/02/11 16:19:32 \| 100,309,176 \| ---- \| M] (Trend Micro Inc.) -- C:\Users\Public\Desktop\Trend_Micro.exe [2013/02/11 16:13:26 \| 000,697,712 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/02/11 16:13:26 \| 000,074,096 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/02/11 16:12:34 \| 000,000,328 \| ---- \| M] () -- C:\Windows\tasks\HPCeeScheduleForJosh.job [2013/02/04 22:29:08 \| 067,823,584 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe [2013/01/15 16:37:16 \| 519,044,482 \| ---- \| M] () -- C:\Windows\MEMORY.DMP [2 C:\Program Files (x86)\.tmp files -> C:\Program Files (x86)\.tmp -> ] [1 C:\Windows\SysNative\.tmp files -> C:\Windows\SysNative\.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/02/12 20:38:25 \| 000,001,109 \| ---- \| C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/02/12 11:16:28 \| 000,000,894 \| ---- \| C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/02/12 11:16:25 \| 000,000,890 \| ---- \| C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/02/11 17:29:38 \| 000,234,544 \| ---- \| C] () -- C:\Windows\RegBootClean64.exe [2013/02/11 17:08:33 \| 000,001,371 \| ---- \| C] () -- C:\Windows\SysWow64\logFile.xml [2013/02/11 16:39:58 \| 001,195,069 \| ---- \| C] () -- C:\Users\Josh\Documents\Trend Micro Removal instructions.pdf [2013/02/11 16:23:49 \| 000,000,258 \| RHS- \| C] () -- C:\ProgramData\ntuser.pol [2013/02/11 16:23:49 \| 000,000,059 \| ---- \| C] () -- C:\Windows\SysNative\SupportTool.exe.bat [2013/02/11 16:20:46 \| 000,000,036 \| ---- \| C] () -- C:\Users\Josh\AppData\Local\housecall.guid.cache [2011/09/21 14:28:25 \| 000,145,804 \| ---- \| C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011/09/21 14:24:46 \| 000,000,056 \| -H-- \| C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011/06/21 13:43:27 \| 000,000,068 \| ---- \| C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2011/04/15 18:05:52 \| 000,218,304 \| ---- \| C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011/04/15 18:05:50 \| 000,963,116 \| ---- \| C] () -- C:\Windows\SysWow64\igkrng600.bin [2011/04/15 17:59:50 \| 000,056,832 \| ---- \| C] () -- C:\Windows\SysWow64\igdde32.dll [2011/04/15 17:33:42 \| 013,359,616 \| ---- \| C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011/02/22 17:40:34 \| 000,007,736 \| ---- \| C] () -- C:\Windows\hpDSTRES.DLL [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/13 22:55:00 \| 000,000,227 \| RHS- \| M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 \| 014,172,672 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 \| 012,873,728 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 \| 000,909,312 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 \| 000,606,208 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 \| 000,505,856 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2012/03/05 09:56:51 \| 000,000,000 \| ---D \| M] -- C:\Users\Josh\AppData\Roaming\Individual Software [2012/04/11 10:05:34 \| 000,000,000 \| ---D \| M] -- C:\Users\Josh\AppData\Roaming\LockLizard [2011/12/26 12:23:33 \| 000,000,000 \| ---D \| M] -- C:\Users\Josh\AppData\Roaming\Synaptics [2013/02/06 00:55:59 \| 000,000,000 \| ---D \| M] -- C:\Users\Josh\AppData\Roaming\WebApp [2012/05/10 15:46:54 \| 000,000,000 \| ---D \| M] -- C:\Users\Josh\AppData\Roaming\Windows Live Writer [color=#E56717]========== Purity Check ==========[/color]
	to forum · permalink · 2013-02-14 21:59:48 ·
Michele @comcast.net	reply to Michele Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 [u]``````````````Antivirus/Firewall Check:``````````````[/u] Windows Firewall Enabled! Trend Micro Titanium Internet Security Antivirus up to date! [u]`````````Anti-malware/Other Utilities Check:`````````[/u] Malwarebytes Anti-Malware version 1.70.0.1100 Java(TM) 6 Update 39 [color=red]Java version out of Date![/color] Adobe Reader 10.1.5 [color=red]Adobe Reader out of Date![/color] [u]````````Process Check: objlist.exe by Laurent````````[/u] Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe Trend Micro AMSP coreServiceShell.exe Trend Micro UniClient UiFrmWrk uiWatchDog.exe Trend Micro AMSP coreFrameworkHost.exe Trend Micro UniClient UiFrmWrk uiSeAgnt.exe Trend Micro AMSP AMSP_LogServer.exe [u]`````````````````System Health check`````````````````[/u] Total Fragmentation on Drive C: 2% [u]````````````````````End of Log``````````````````````[/u]
	to forum · permalink · 2013-02-14 22:05:28 ·
Michele @comcast.net	reply to Michele I found the ESET log: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=8 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=0a9ea24cab739640bddb0cdb938037cb # engine=13149 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2013-02-13 08:17:14 # local_time=2013-02-13 02:17:14 (-0600, Central Standard Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 257234 112330084 0 0 # scanned=157041 # found=0 # cleaned=0 # scan_time=3207
	to forum · permalink · 2013-02-14 22:12:59 ·
TheJoker Premium,VIP,MVM join:2001-04-26 Ruckersville, VA kudos:5	reply to Michele Hi Michele I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier. Please follow the directions in the order listed and for now please refrain from using any other utilities to try to clean your system. Please download AdwCleaner by Xplode onto your desktop: `http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner` - Close all open programs and internet browsers. - Double click on AdwCleaner.exe to run the tool. - Click on Delete. - Follow the prompts to reboot the computer. A text file will open after the restart. - Please post the content of that logfile with your next answer. - You can find the logfile at C:\AdwCleaner[S1].txt as well. Download TDSSKiller from here and save it to your Desktop: `http://support.kaspersky.com/downloads/utils/tdsskiller.exe` Go here for information: `http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller` - Right-click on TDSSKiller.exe and select "Run as administrator". - Choose "Change Parameters" -- Check "Detect TDLFS file system" -- Hit OK - Click on the Start Scan button and wait for the scan and disinfection process to be over. - If an infected file is detected, the default action will be Cure, click on Continue - If a suspicious file is detected, the default action will be Skip, click on Continue - If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here. - If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply. - Please post the log from TDSSkiller.log in your next reply. Please check to see if anything was cut off by the maximum post length, and if it was, look for where it was cut off and post the remainder. It may take multiple replies to post the entire log. Please download Malwarebytes Anti-Rootkit here: `downloads.malwarebytes.org/file/mbar` - Unzip the contents to a folder on the Desktop. - Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7). - Follow the instructions in the wizard to update and allow the program to scan your computer for threats. - Click on the Cleanup button to remove any threats and reboot if prompted to do so. - Wait while the system shuts down and the cleanup process is performed. - Please post the two logs produced. Please note: This tool is still in BETA mode, so please ensure you have backed up any important files. Please post the logs from AdwCleaner, TDSSKiller, and MBAR, and note any errors encountered. -- Proud ASAP member since 2005 Microsoft MVP/Consumer Security 2009-2010
	to forum · permalink · 2013-02-14 23:28:00 ·
Michele @comcast.net	Hi Here is the 1st logfile # AdwCleaner v2.112 - Logfile created 02/16/2013 at 09:35:09 # Updated 10/02/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Josh - JOSH-HP # Boot Mode : Normal # Running from : C:\Users\Josh\Desktop\adwcleaner0.exe # Option [Delete] *** [Services] * * [Files / Folders] * * [Registry] * Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} * [Internet Browsers] * -\\ Internet Explorer v9.0.8112.16464 [OK] Registry is clean. -\\ Mozilla Firefox v18.0.2 (en-US) File : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\p4uzfvdd.default\prefs.js [OK] File is clean. *********************** AdwCleaner[S1].txt - [1009 octets] - [16/02/2013 09:35:09] ########## EOF - C:\AdwCleaner[S1].txt - [1069 octets] ##########
	to forum · permalink · 2013-02-16 11:11:09 ·
Michele @comcast.net	reply to TheJoker There were 3 logfiles generated by TDSSKiller. Here is the 1st: 09:46:12.0501 4552 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 09:46:13.0109 4552 ============================================================ 09:46:13.0109 4552 Current date / time: 2013/02/16 09:46:13.0109 09:46:13.0109 4552 SystemInfo: 09:46:13.0109 4552 09:46:13.0109 4552 OS Version: 6.1.7601 ServicePack: 1.0 09:46:13.0109 4552 Product type: Workstation 09:46:13.0109 4552 ComputerName: JOSH-HP 09:46:13.0109 4552 UserName: Josh 09:46:13.0109 4552 Windows directory: C:\Windows 09:46:13.0109 4552 System windows directory: C:\Windows 09:46:13.0109 4552 Running under WOW64 09:46:13.0109 4552 Processor architecture: Intel x64 09:46:13.0109 4552 Number of processors: 4 09:46:13.0109 4552 Page size: 0x1000 09:46:13.0109 4552 Boot type: Normal boot 09:46:13.0109 4552 ============================================================ 09:46:13.0733 4552 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 09:46:18.0834 4552 ============================================================ 09:46:18.0834 4552 \Device\Harddisk0\DR0: 09:46:18.0834 4552 MBR partitions: 09:46:18.0834 4552 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800 09:46:18.0834 4552 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x55840800 09:46:18.0834 4552 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x558A4800, BlocksNum 0x1C6E000 09:46:18.0834 4552 ============================================================ 09:46:18.0866 4552 C: \Device\Harddisk0\DR0\Partition2 09:46:18.0975 4552 D: \Device\Harddisk0\DR0\Partition3 09:46:18.0975 4552 ============================================================ 09:46:18.0975 4552 Initialize success 09:46:18.0975 4552 ============================================================ 09:46:24.0700 3892 Deinitialize success
	to forum · permalink · 2013-02-16 11:11:55 ·
Michele @comcast.net	reply to TheJoker Here is part of the 2nd logfile from TDSSKiller: 09:46:33.0364 4716 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 09:46:33.0770 4716 ============================================================ 09:46:33.0770 4716 Current date / time: 2013/02/16 09:46:33.0770 09:46:33.0770 4716 SystemInfo: 09:46:33.0770 4716 09:46:33.0770 4716 OS Version: 6.1.7601 ServicePack: 1.0 09:46:33.0770 4716 Product type: Workstation 09:46:33.0770 4716 ComputerName: JOSH-HP 09:46:33.0770 4716 UserName: Josh 09:46:33.0770 4716 Windows directory: C:\Windows 09:46:33.0770 4716 System windows directory: C:\Windows 09:46:33.0770 4716 Running under WOW64 09:46:33.0770 4716 Processor architecture: Intel x64 09:46:33.0770 4716 Number of processors: 4 09:46:33.0770 4716 Page size: 0x1000 09:46:33.0770 4716 Boot type: Normal boot 09:46:33.0770 4716 ============================================================ 09:46:34.0144 4716 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 09:46:34.0534 4716 ============================================================ 09:46:34.0534 4716 \Device\Harddisk0\DR0: 09:46:34.0550 4716 MBR partitions: 09:46:34.0550 4716 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800 09:46:34.0550 4716 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x55840800 09:46:34.0550 4716 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x558A4800, BlocksNum 0x1C6E000 09:46:34.0550 4716 ============================================================ 09:46:34.0581 4716 C: \Device\Harddisk0\DR0\Partition2 09:46:34.0628 4716 D: \Device\Harddisk0\DR0\Partition3 09:46:34.0628 4716 ============================================================ 09:46:34.0628 4716 Initialize success 09:46:34.0628 4716 ============================================================ 09:48:03.0757 3972 ============================================================ 09:48:03.0757 3972 Scan started 09:48:03.0757 3972 Mode: Manual; TDLFS; 09:48:03.0757 3972 ============================================================ 09:48:04.0662 3972 ================ Scan system memory ======================== 09:48:04.0662 3972 System memory - ok 09:48:04.0678 3972 ================ Scan services ============================= 09:48:04.0865 3972 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 09:48:04.0881 3972 1394ohci - ok 09:48:04.0912 3972 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys 09:48:04.0912 3972 Accelerometer - ok 09:48:04.0959 3972 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 09:48:04.0959 3972 ACPI - ok 09:48:05.0005 3972 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 09:48:05.0005 3972 AcpiPmi - ok 09:48:05.0146 3972 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 09:48:05.0146 3972 AdobeARMservice - ok 09:48:05.0208 3972 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 09:48:05.0224 3972 adp94xx - ok 09:48:05.0271 3972 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 09:48:05.0286 3972 adpahci - ok 09:48:05.0302 3972 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 09:48:05.0317 3972 adpu320 - ok 09:48:05.0333 3972 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 09:48:05.0349 3972 AeLookupSvc - ok 09:48:05.0427 3972 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe 09:48:05.0427 3972 AESTFilters - ok 09:48:05.0489 3972 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 09:48:05.0489 3972 AFD - ok 09:48:05.0536 3972 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 09:48:05.0551 3972 agp440 - ok 09:48:05.0567 3972 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 09:48:05.0583 3972 ALG - ok 09:48:05.0614 3972 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 09:48:05.0614 3972 aliide - ok 09:48:05.0645 3972 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 09:48:05.0645 3972 amdide - ok 09:48:05.0676 3972 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 09:48:05.0676 3972 AmdK8 - ok 09:48:05.0707 3972 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 09:48:05.0707 3972 AmdPPM - ok 09:48:05.0754 3972 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 09:48:05.0754 3972 amdsata - ok 09:48:05.0801 3972 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 09:48:05.0817 3972 amdsbs - ok 09:48:05.0848 3972 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 09:48:05.0848 3972 amdxata - ok 09:48:05.0941 3972 [ 1E7B61301E75B734BC2D60DB0E15183B ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe 09:48:05.0941 3972 Amsp - ok 09:48:05.0988 3972 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 09:48:05.0988 3972 AppID - ok 09:48:06.0019 3972 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 09:48:06.0019 3972 AppIDSvc - ok 09:48:06.0051 3972 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 09:48:06.0066 3972 Appinfo - ok 09:48:06.0097 3972 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 09:48:06.0097 3972 arc - ok 09:48:06.0113 3972 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 09:48:06.0129 3972 arcsas - ok 09:48:06.0160 3972 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 09:48:06.0160 3972 AsyncMac - ok 09:48:06.0191 3972 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 09:48:06.0191 3972 atapi - ok 09:48:06.0238 3972 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 09:48:06.0253 3972 AudioEndpointBuilder - ok 09:48:06.0269 3972 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 09:48:06.0285 3972 AudioSrv - ok 09:48:06.0331 3972 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 09:48:06.0347 3972 AxInstSV - ok 09:48:06.0378 3972 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 09:48:06.0378 3972 b06bdrv - ok 09:48:06.0409 3972 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 09:48:06.0409 3972 b57nd60a - ok 09:48:06.0487 3972 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe 09:48:06.0487 3972 BBSvc - ok 09:48:06.0519 3972 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe 09:48:06.0519 3972 BBUpdate - ok 09:48:06.0612 3972 [ 0E7A9264576B40638A3FBC804DE1FF76 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys 09:48:06.0628 3972 BCM43XX - ok 09:48:06.0659 3972 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 09:48:06.0659 3972 BDESVC - ok 09:48:06.0690 3972 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 09:48:06.0706 3972 Beep - ok 09:48:06.0753 3972 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 09:48:06.0768 3972 BFE - ok 09:48:06.0815 3972 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 09:48:06.0831 3972 BITS - ok 09:48:06.0877 3972 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 09:48:06.0877 3972 blbdrive - ok 09:48:06.0924 3972 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 09:48:06.0924 3972 bowser - ok 09:48:06.0971 3972 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 09:48:06.0971 3972 BrFiltLo - ok 09:48:07.0002 3972 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 09:48:07.0002 3972 BrFiltUp - ok 09:48:07.0033 3972 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 09:48:07.0033 3972 Browser - ok 09:48:07.0080 3972 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 09:48:07.0096 3972 Brserid - ok 09:48:07.0111 3972 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 09:48:07.0111 3972 BrSerWdm - ok 09:48:07.0143 3972 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 09:48:07.0143 3972 BrUsbMdm - ok 09:48:07.0158 3972 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 09:48:07.0158 3972 BrUsbSer - ok 09:48:07.0189 3972 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 09:48:07.0189 3972 BTHMODEM - ok 09:48:07.0221 3972 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 09:48:07.0221 3972 bthserv - ok 09:48:07.0267 3972 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 09:48:07.0267 3972 cdfs - ok 09:48:07.0283 3972 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 09:48:07.0299 3972 cdrom - ok 09:48:07.0314 3972 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 09:48:07.0314 3972 CertPropSvc - ok 09:48:07.0361 3972 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 09:48:07.0361 3972 circlass - ok 09:48:07.0392 3972 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 09:48:07.0392 3972 CLFS - ok 09:48:07.0470 3972 [ 524DC3807CB1746225F9D26ADD19C319 ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe 09:48:07.0470 3972 CLKMSVC10_38F51D56 - ok 09:48:07.0533 3972 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 09:48:07.0533 3972 clr_optimization_v2.0.50727_32 - ok 09:48:07.0595 3972 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 09:48:07.0595 3972 clr_optimization_v2.0.50727_64 - ok 09:48:07.0657 3972 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 09:48:07.0657 3972 clr_optimization_v4.0.30319_32 - ok 09:48:07.0689 3972 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 09:48:07.0689 3972 clr_optimization_v4.0.30319_64 - ok 09:48:07.0720 3972 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys 09:48:07.0720 3972 clwvd - ok 09:48:07.0751 3972 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 09:48:07.0751 3972 CmBatt - ok 09:48:07.0767 3972 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 09:48:07.0767 3972 cmdide - ok 09:48:07.0813 3972 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys 09:48:07.0829 3972 CNG - ok 09:48:07.0860 3972 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 09:48:07.0860 3972 Compbatt - ok 09:48:07.0891 3972 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 09:48:07.0891 3972 CompositeBus - ok 09:48:07.0907 3972 COMSysApp - ok 09:48:07.0938 3972 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 09:48:07.0938 3972 crcdisk - ok 09:48:07.0969 3972 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 09:48:07.0969 3972 CryptSvc - ok 09:48:08.0001 3972 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 09:48:08.0016 3972 DcomLaunch - ok 09:48:08.0047 3972 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 09:48:08.0063 3972 defragsvc - ok 09:48:08.0110 3972 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 09:48:08.0110 3972 DfsC - ok 09:48:08.0141 3972 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 09:48:08.0141 3972 Dhcp - ok 09:48:08.0172 3972 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 09:48:08.0172 3972 discache - ok 09:48:08.0203 3972 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 09:48:08.0203 3972 Disk - ok 09:48:08.0235 3972 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 09:48:08.0235 3972 Dnscache - ok 09:48:08.0266 3972 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 09:48:08.0266 3972 dot3svc - ok 09:48:08.0297 3972 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 09:48:08.0297 3972 DPS - ok 09:48:08.0328 3972 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 09:48:08.0328 3972 drmkaud - ok 09:48:08.0344 3972 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 09:48:08.0359 3972 DXGKrnl - ok 09:48:08.0375 3972 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 09:48:08.0375 3972 EapHost - ok 09:48:08.0469 3972 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 09:48:08.0500 3972 ebdrv - ok 09:48:08.0531 3972 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 09:48:08.0531 3972 EFS - ok 09:48:08.0609 3972 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 09:48:08.0625 3972 ehRecvr - ok 09:48:08.0656 3972 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 09:48:08.0656 3972 ehSched - ok 09:48:08.0703 3972 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 09:48:08.0718 3972 elxstor - ok 09:48:08.0734 3972 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 09:48:08.0734 3972 ErrDev - ok 09:48:08.0827 3972 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 09:48:08.0843 3972 EventSystem - ok 09:48:08.0905 3972 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 09:48:08.0905 3972 exfat - ok 09:48:08.0937 3972 ezSharedSvc - ok 09:48:08.0968 3972 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 09:48:08.0968 3972 fastfat - ok
	to forum · permalink · 2013-02-16 11:20:42 ·
Michele @comcast.net	reply to TheJoker Here is the 2nd part of the 2nd logfile of TDSSKiller: 09:48:09.0046 3972 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 09:48:09.0046 3972 Fax - ok 09:48:09.0093 3972 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 09:48:09.0093 3972 fdc - ok 09:48:09.0155 3972 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 09:48:09.0155 3972 fdPHost - ok 09:48:09.0171 3972 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 09:48:09.0171 3972 FDResPub - ok 09:48:09.0202 3972 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 09:48:09.0202 3972 FileInfo - ok 09:48:09.0217 3972 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 09:48:09.0217 3972 Filetrace - ok 09:48:09.0249 3972 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 09:48:09.0249 3972 flpydisk - ok 09:48:09.0264 3972 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 09:48:09.0280 3972 FltMgr - ok 09:48:09.0311 3972 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 09:48:09.0327 3972 FontCache - ok 09:48:09.0405 3972 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 09:48:09.0405 3972 FontCache3.0.0.0 - ok 09:48:09.0483 3972 [ 2074A85A6B8F84A5A9C60B915B465FAF ] FPLService C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe 09:48:09.0483 3972 FPLService - ok 09:48:09.0514 3972 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 09:48:09.0514 3972 FsDepends - ok 09:48:09.0545 3972 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 09:48:09.0545 3972 Fs_Rec - ok 09:48:09.0576 3972 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 09:48:09.0576 3972 fvevol - ok 09:48:09.0607 3972 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 09:48:09.0607 3972 gagp30kx - ok 09:48:09.0701 3972 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 09:48:09.0701 3972 GamesAppService - ok 09:48:09.0779 3972 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 09:48:09.0795 3972 gpsvc - ok 09:48:09.0888 3972 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 09:48:09.0888 3972 gupdate - ok 09:48:09.0904 3972 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 09:48:09.0904 3972 gupdatem - ok 09:48:09.0951 3972 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 09:48:09.0951 3972 gusvc - ok 09:48:09.0966 3972 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 09:48:09.0982 3972 hcw85cir - ok 09:48:10.0029 3972 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 09:48:10.0029 3972 HdAudAddService - ok 09:48:10.0075 3972 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 09:48:10.0075 3972 HDAudBus - ok 09:48:10.0091 3972 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 09:48:10.0091 3972 HidBatt - ok 09:48:10.0107 3972 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 09:48:10.0107 3972 HidBth - ok 09:48:10.0138 3972 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 09:48:10.0138 3972 HidIr - ok 09:48:10.0185 3972 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 09:48:10.0185 3972 hidserv - ok 09:48:10.0216 3972 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys 09:48:10.0216 3972 HidUsb - ok 09:48:10.0231 3972 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 09:48:10.0231 3972 hkmsvc - ok 09:48:10.0263 3972 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 09:48:10.0263 3972 HomeGroupListener - ok 09:48:10.0309 3972 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 09:48:10.0309 3972 HomeGroupProvider - ok 09:48:10.0403 3972 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 09:48:10.0403 3972 HP Support Assistant Service - ok 09:48:10.0450 3972 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe 09:48:10.0450 3972 HPClientSvc - ok 09:48:10.0559 3972 [ E040F0064D39F73BB4995D494F3DCBB8 ] hpCMSrv C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe 09:48:10.0590 3972 hpCMSrv - ok 09:48:10.0668 3972 [ B19FF523B533A3F198B9239E1749C940 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 09:48:10.0668 3972 HPDrvMntSvc.exe - ok 09:48:10.0699 3972 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys 09:48:10.0699 3972 hpdskflt - ok 09:48:10.0777 3972 [ 01091B900E15878B4434F9C726C4541D ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 09:48:10.0777 3972 hpqwmiex - ok 09:48:10.0793 3972 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 09:48:10.0809 3972 HpSAMD - ok 09:48:10.0824 3972 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe 09:48:10.0824 3972 hpsrv - ok 09:48:10.0902 3972 [ 491CE9B6321FB74E4B37AF2C47F98434 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe 09:48:10.0902 3972 HPWMISVC - ok 09:48:10.0949 3972 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 09:48:10.0965 3972 HTTP - ok 09:48:10.0980 3972 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 09:48:10.0996 3972 hwpolicy - ok 09:48:11.0027 3972 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 09:48:11.0027 3972 i8042prt - ok 09:48:11.0074 3972 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 09:48:11.0089 3972 iaStor - ok 09:48:11.0167 3972 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 09:48:11.0167 3972 IAStorDataMgrSvc - ok 09:48:11.0214 3972 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 09:48:11.0214 3972 iaStorV - ok 09:48:11.0339 3972 [ D72BF0AE484F88399E8343E821C10D6A ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe 09:48:11.0355 3972 IconMan_R - ok 09:48:11.0401 3972 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 09:48:11.0417 3972 idsvc - ok 09:48:11.0745 3972 [ 6383899C5F964D71B0F96B81FBE59BB8 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 09:48:11.0963 3972 igfx - ok 09:48:11.0994 3972 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 09:48:11.0994 3972 iirsp - ok 09:48:12.0041 3972 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 09:48:12.0057 3972 IKEEXT - ok 09:48:12.0088 3972 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 09:48:12.0103 3972 IntcDAud - ok 09:48:12.0119 3972 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 09:48:12.0119 3972 intelide - ok 09:48:12.0135 3972 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 09:48:12.0150 3972 intelppm - ok 09:48:12.0197 3972 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 09:48:12.0213 3972 IPBusEnum - ok 09:48:12.0228 3972 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 09:48:12.0244 3972 IpFilterDriver - ok 09:48:12.0291 3972 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 09:48:12.0291 3972 iphlpsvc - ok 09:48:12.0337 3972 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 09:48:12.0353 3972 IPMIDRV - ok 09:48:12.0384 3972 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 09:48:12.0384 3972 IPNAT - ok 09:48:12.0431 3972 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 09:48:12.0431 3972 IRENUM - ok 09:48:12.0447 3972 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 09:48:12.0447 3972 isapnp - ok 09:48:12.0478 3972 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 09:48:12.0493 3972 iScsiPrt - ok 09:48:12.0525 3972 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 09:48:12.0525 3972 kbdclass - ok 09:48:12.0540 3972 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 09:48:12.0556 3972 kbdhid - ok 09:48:12.0571 3972 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 09:48:12.0571 3972 KeyIso - ok 09:48:12.0603 3972 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 09:48:12.0618 3972 KSecDD - ok 09:48:12.0649 3972 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 09:48:12.0649 3972 KSecPkg - ok 09:48:12.0681 3972 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 09:48:12.0681 3972 ksthunk - ok 09:48:12.0727 3972 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 09:48:12.0727 3972 KtmRm - ok 09:48:12.0790 3972 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 09:48:12.0790 3972 LanmanServer - ok 09:48:12.0805 3972 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 09:48:12.0805 3972 LanmanWorkstation - ok 09:48:12.0837 3972 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 09:48:12.0852 3972 lltdio - ok 09:48:12.0883 3972 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 09:48:12.0899 3972 lltdsvc - ok 09:48:12.0930 3972 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 09:48:12.0930 3972 lmhosts - ok 09:48:13.0008 3972 [ D7E0BED3EA21D7BDDD410ADE51708D90 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 09:48:13.0024 3972 LMS - ok 09:48:13.0055 3972 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 09:48:13.0055 3972 LSI_FC - ok 09:48:13.0086 3972 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 09:48:13.0086 3972 LSI_SAS - ok 09:48:13.0102 3972 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 09:48:13.0102 3972 LSI_SAS2 - ok 09:48:13.0117 3972 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 09:48:13.0117 3972 LSI_SCSI - ok 09:48:13.0133 3972 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 09:48:13.0133 3972 luafv - ok 09:48:13.0164 3972 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 09:48:13.0164 3972 MBAMProtector - ok 09:48:13.0242 3972 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 09:48:13.0258 3972 MBAMScheduler - ok 09:48:13.0273 3972 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 09:48:13.0289 3972 MBAMService - ok 09:48:13.0305 3972 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 09:48:13.0320 3972 Mcx2Svc - ok 09:48:13.0336 3972 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 09:48:13.0351 3972 megasas - ok 09:48:13.0429 3972 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 09:48:13.0429 3972 MegaSR - ok 09:48:13.0507 3972 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 09:48:13.0507 3972 MEIx64 - ok 09:48:13.0539 3972 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 09:48:13.0539 3972 MMCSS - ok 09:48:13.0554 3972 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 09:48:13.0554 3972 Modem - ok 09:48:13.0570 3972 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 09:48:13.0570 3972 monitor - ok 09:48:13.0617 3972 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 09:48:13.0617 3972 mouclass - ok 09:48:13.0617 3972 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\drivers\mouhid.sys 09:48:13.0617 3972 mouhid - ok 09:48:13.0663 3972 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 09:48:13.0663 3972 mountmgr - ok 09:48:13.0710 3972 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 09:48:13.0710 3972 MozillaMaintenance - ok 09:48:13.0741 3972 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 09:48:13.0741 3972 mpio - ok 09:48:13.0788 3972 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 09:48:13.0788 3972 mpsdrv - ok 09:48:13.0866 3972 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 09:48:13.0882 3972 MpsSvc - ok 09:48:13.0913 3972 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 09:48:13.0913 3972 MRxDAV - ok 09:48:13.0929 3972 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 09:48:13.0944 3972 mrxsmb - ok 09:48:14.0022 3972 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 09:48:14.0022 3972 mrxsmb10 - ok 09:48:14.0053 3972 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 09:48:14.0053 3972 mrxsmb20 - ok 09:48:14.0069 3972 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 09:48:14.0069 3972 msahci - ok 09:48:14.0163 3972 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 09:48:14.0178 3972 msdsm - ok 09:48:14.0225 3972 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 09:48:14.0225 3972 MSDTC - ok 09:48:14.0303 3972 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 09:48:14.0303 3972 Msfs - ok 09:48:14.0365 3972 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 09:48:14.0365 3972 mshidkmdf - ok 09:48:14.0397 3972 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 09:48:14.0397 3972 msisadrv - ok 09:48:14.0428 3972 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 09:48:14.0443 3972 MSiSCSI - ok 09:48:14.0443 3972 msiserver - ok 09:48:14.0490 3972 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 09:48:14.0490 3972 MSKSSRV - ok 09:48:14.0506 3972 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 09:48:14.0506 3972 MSPCLOCK - ok 09:48:14.0506 3972 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 09:48:14.0506 3972 MSPQM - ok 09:48:14.0568 3972 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 09:48:14.0568 3972 MsRPC - ok 09:48:14.0615 3972 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 09:48:14.0615 3972 mssmbios - ok 09:48:14.0662 3972 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 09:48:14.0662 3972 MSTEE - ok 09:48:14.0677 3972 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 09:48:14.0677 3972 MTConfig - ok 09:48:14.0709 3972 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 09:48:14.0709 3972 Mup - ok 09:48:14.0771 3972 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 09:48:14.0787 3972 napagent - ok 09:48:14.0833 3972 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 09:48:14.0833 3972 NativeWifiP - ok 09:48:14.0927 3972 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 09:48:14.0943 3972 NDIS - ok 09:48:14.0974 3972 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 09:48:14.0974 3972 NdisCap - ok 09:48:15.0021 3972 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 09:48:15.0021 3972 NdisTapi - ok 09:48:15.0052 3972 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 09:48:15.0052 3972 Ndisuio - ok 09:48:15.0067 3972 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 09:48:15.0067 3972 NdisWan - ok 09:48:15.0083 3972 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 09:48:15.0083 3972 NDProxy - ok 09:48:15.0114 3972 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 09:48:15.0114 3972 NetBIOS - ok 09:48:15.0130 3972 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 09:48:15.0145 3972 NetBT - ok 09:48:15.0208 3972 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 09:48:15.0208 3972 Netlogon - ok 09:48:15.0286 3972 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 09:48:15.0301 3972 Netman - ok 09:48:15.0317 3972 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 09:48:15.0333 3972 netprofm - ok 09:48:15.0348 3972 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 09:48:15.0364 3972 NetTcpPortSharing - ok 09:48:15.0379 3972 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 09:48:15.0395 3972 nfrd960 - ok 09:48:15.0442 3972 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 09:48:15.0442 3972 NlaSvc - ok 09:48:15.0457 3972 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 09:48:15.0473 3972 Npfs - ok 09:48:15.0489 3972 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 09:48:15.0489 3972 nsi - ok 09:48:15.0504 3972 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 09:48:15.0504 3972 nsiproxy - ok 09:48:15.0567 3972 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 09:48:15.0582 3972 Ntfs - ok 09:48:15.0613 3972 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 09:48:15.0613 3972 Null - ok 09:48:15.0645 3972 [ 9A33100AC62A0463C49E47EE8E77083A ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys 09:48:15.0660 3972 nusb3hub - ok 09:48:15.0691 3972 [ 87C321F7BEE646B7EC6EEDD6EB725741 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys 09:48:15.0691 3972 nusb3xhc - ok 09:48:15.0723 3972 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys 09:48:15.0723 3972 NVENETFD - ok 09:48:15.0754 3972 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 09:48:15.0754 3972 nvraid - ok 09:48:15.0769 3972 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 09:48:15.0769 3972 nvstor - ok 09:48:15.0801 3972 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 09:48:15.0801 3972 nv_agp - ok 09:48:15.0816 3972 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 09:48:15.0832 3972 ohci1394 - ok 09:48:15.0894 3972 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 09:48:15.0894 3972 ose - ok 09:48:16.0113 3972 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 09:48:16.0206 3972 osppsvc - ok 09:48:16.0253 3972 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 09:48:16.0253 3972 p2pimsvc - ok 09:48:16.0269 3972 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 09:48:16.0269 3972 p2psvc - ok 09:48:16.0300 3972 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 09:48:16.0300 3972 Parport - ok 09:48:16.0315 3972 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 09:48:16.0331 3972 partmgr - ok 09:48:16.0331 3972 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 09:48:16.0331 3972 PcaSvc - ok 09:48:16.0362 3972 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 09:48:16.0362 3972 pci - ok 09:48:16.0362 3972 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 09:48:16.0362 3972 pciide - ok 09:48:16.0393 3972 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 09:48:16.0393 3972 pcmcia - ok 09:48:16.0425 3972 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 09:48:16.0425 3972 pcw - ok 09:48:16.0440 3972 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 09:48:16.0456 3972 PEAUTH - ok 09:48:16.0549 3972 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 09:48:16.0565 3972 PerfHost - ok 09:48:16.0627 3972 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 09:48:16.0643 3972 pla - ok 09:48:16.0705 3972 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 09:48:16.0705 3972 PlugPlay - ok 09:48:16.0737 3972 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 09:48:16.0752 3972 PNRPAutoReg - ok 09:48:16.0768 3972 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 09:48:16.0768 3972 PNRPsvc - ok 09:48:16.0815 3972 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 09:48:16.0815 3972 PolicyAgent - ok 09:48:16.0846 3972 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 09:48:16.0846 3972 Power - ok 09:48:16.0877 3972 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 09:48:16.0877 3972 PptpMiniport - ok 09:48:16.0908 3972 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 09:48:16.0908 3972 Processor - ok 09:48:16.0939 3972 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 09:48:16.0939 3972 ProfSvc - ok 09:48:16.0955 3972 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 09:48:16.0955 3972 ProtectedStorage - ok 09:48:16.0986 3972 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 09:48:16.0986 3972 Psched - ok 09:48:17.0049 3972 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 09:48:17.0064 3972 ql2300 - ok 09:48:17.0080 3972 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 09:48:17.0080 3972 ql40xx - ok 09:48:17.0111 3972 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 09:48:17.0111 3972 QWAVE - ok 09:48:17.0158 3972 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 09:48:17.0158 3972 QWAVEdrv - ok 09:48:17.0173 3972 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 09:48:17.0173 3972 RasAcd - ok 09:48:17.0205 3972 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 09:48:17.0205 3972 RasAgileVpn - ok 09:48:17.0236 3972 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 09:48:17.0236 3972 RasAuto - ok 09:48:17.0251 3972 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 09:48:17.0251 3972 Rasl2tp - ok 09:48:17.0267 3972 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 09:48:17.0267 3972 RasMan - ok 09:48:17.0298 3972 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 09:48:17.0298 3972 RasPppoe - ok 09:48:17.0314 3972 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 09:48:17.0314 3972 RasSstp - ok 09:48:17.0329 3972 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 09:48:17.0329 3972 rdbss - ok 09:48:17.0345 3972 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 09:48:17.0345 3972 rdpbus - ok 09:48:17.0361 3972 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 09:48:17.0376 3972 RDPCDD - ok 09:48:17.0376 3972 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 09:48:17.0376 3972 RDPENCDD - ok 09:48:17.0376 3972 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 09:48:17.0376 3972 RDPREFMP - ok 09:48:17.0439 3972 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 09:48:17.0439 3972 RdpVideoMiniport - ok 09:48:17.0485 3972 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 09:48:17.0485 3972 RDPWD - ok 09:48:17.0532 3972 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 09:48:17.0532 3972 rdyboost - ok 09:48:17.0579 3972 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 09:48:17.0579 3972 RemoteAccess - ok 09:48:17.0610 3972 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 09:48:17.0626 3972 RemoteRegistry - ok 09:48:17.0673 3972 [ 085D18C71AB2611A3D61528132B6501E ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe 09:48:17.0688 3972 RoxioNow Service - ok 09:48:17.0704 3972 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 09:48:17.0719 3972 RpcEptMapper - ok 09:48:17.0735 3972 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 09:48:17.0751 3972 RpcLocator - ok 09:48:17.0766 3972 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 09:48:17.0782 3972 RpcSs - ok 09:48:17.0829 3972 [ 1F5E7AF59B390261A85F5BEDB1BB88B3 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys 09:48:17.0829 3972 RSPCIESTOR - ok 09:48:17.0860 3972 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 09:48:17.0875 3972 rspndr - ok 09:48:17.0891 3972 [ ED5873F7DFB2F96D37F13322211B6BDC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 09:48:17.0907 3972 RTL8167 - ok 09:48:17.0907 3972 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 09:48:17.0907 3972 SamSs - ok 09:48:17.0938 3972 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 09:48:17.0938 3972 sbp2port - ok 09:48:17.0953 3972 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 09:48:17.0953 3972 SCardSvr - ok 09:48:17.0969 3972 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 09:48:17.0985 3972 scfilter - ok 09:48:18.0016 3972 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 09:48:18.0031 3972 Schedule - ok 09:48:18.0047 3972 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 09:48:18.0047 3972 SCPolicySvc - ok 09:48:18.0094 3972 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 09:48:18.0109 3972 sdbus - ok 09:48:18.0125 3972 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 09:48:18.0141 3972 SDRSVC - ok 09:48:18.0172 3972 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 09:48:18.0172 3972 secdrv - ok 09:48:18.0187 3972 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 09:48:18.0187 3972 seclogon - ok 09:48:18.0219 3972 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 09:48:18.0219 3972 SENS - ok 09:48:18.0250 3972 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 09:48:18.0250 3972 SensrSvc - ok 09:48:18.0281 3972 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 09:48:18.0281 3972 Serenum - ok 09:48:18.0312 3972 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 09:48:18.0312 3972 Serial - ok 09:48:18.0359 3972 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 09:48:18.0359 3972 sermouse - ok 09:48:18.0406 3972 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 09:48:18.0406 3972 SessionEnv - ok 09:48:18.0437 3972 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 09:48:18.0437 3972 sffdisk - ok 09:48:18.0453 3972 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 09:48:18.0453 3972 sffp_mmc - ok 09:48:18.0468 3972 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 09:48:18.0468 3972 sffp_sd - ok 09:48:18.0515 3972 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 09:48:18.0515 3972 sfloppy - ok 09:48:18.0562 3972 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 09:48:18.0577 3972 SharedAccess - ok 09:48:18.0609 3972 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 09:48:18.0609 3972 ShellHWDetection - ok 09:48:18.0655 3972 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 09:48:18.0655 3972 SiSRaid2 - ok 09:48:18.0671 3972 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 09:48:18.0671 3972 SiSRaid4 - ok 09:48:18.0718 3972 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 09:48:18.0718 3972 Smb - ok 09:48:18.0780 3972 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 09:48:18.0780 3972 SNMPTRAP - ok 09:48:18.0811 3972 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 09:48:18.0811 3972 spldr - ok 09:48:18.0858 3972 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 09:48:18.0874 3972 Spooler - ok 09:48:18.0967 3972 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 09:48:18.0983 3972 sppsvc - ok 09:48:19.0014 3972 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 09:48:19.0014 3972 sppuinotify - ok 09:48:19.0061 3972 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 09:48:19.0061 3972 srv - ok 09:48:19.0108 3972 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 09:48:19.0108 3972 srv2 - ok 09:48:19.0155 3972 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS 09:48:19.0170 3972 SrvHsfHDA - ok 09:48:19.0201 3972 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS 09:48:19.0217 3972 SrvHsfV92 - ok 09:48:19.0233 3972 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 09:48:19.0248 3972 SrvHsfWinac - ok 09:48:19.0264 3972 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 09:48:19.0264 3972 srvnet - ok 09:48:19.0295 3972 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 09:48:19.0295 3972 SSDPSRV - ok 09:48:19.0311 3972 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 09:48:19.0311 3972 SstpSvc - ok 09:48:19.0373 3972 [ 20E27AA5BCC01C2149830C05FE22F675 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe 09:48:19.0389 3972 STacSV - ok 09:48:19.0420 3972 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 09:48:19.0420 3972 stexstor - ok 09:48:19.0467 3972 [ BEB37CE4E7456F5EFA52D783D1E06D8C ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys 09:48:19.0467 3972 STHDA - ok 09:48:19.0513 3972 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 09:48:19.0529 3972 stisvc - ok 09:48:19.0545 3972 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 09:48:19.0545 3972 swenum - ok 09:48:19.0576 3972 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 09:48:19.0576 3972 swprv - ok 09:48:19.0638 3972 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 09:48:19.0638 3972 SynTP - ok 09:48:19.0685 3972 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 09:48:19.0701 3972 SysMain - ok 09:48:19.0732 3972 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 09:48:19.0732 3972 TabletInputService - ok 09:48:19.0763 3972 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 09:48:19.0763 3972 TapiSrv - ok 09:48:19.0779 3972 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 09:48:19.0779 3972 TBS - ok 09:48:19.0857 3972 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 09:48:19.0872 3972 Tcpip - ok 09:48:19.0919 3972 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 09:48:19.0935 3972 TCPIP6 - ok 09:48:19.0950 3972 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 09:48:19.0966 3972 tcpipreg - ok 09:48:19.0981 3972 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 09:48:19.0981 3972 TDPIPE - ok 09:48:20.0013 3972 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 09:48:20.0013 3972 TDTCP - ok 09:48:20.0044 3972 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 09:48:20.0059 3972 tdx - ok 09:48:20.0075 3972 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 09:48:20.0075 3972 TermDD - ok 09:48:20.0122 3972 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 09:48:20.0137 3972 TermService - ok 09:48:20.0137 3972 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 09:48:20.0153 3972 Themes - ok 09:48:20.0153 3972 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 09:48:20.0169 3972 THREADORDER - ok 09:48:20.0215 3972 [ 6642C9F15CCC7859CAEEA159E711EB21 ] tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys 09:48:20.0215 3972 tmactmon - ok 09:48:20.0247 3972 [ 0BD205E00C93B8CF828301F43164AA51 ] tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys 09:48:20.0247 3972 tmcomm - ok 09:48:20.0278 3972 [ 9D86A57FB83E39A967CD8D3AAE8A170A ] TMEBC C:\Windows\system32\DRIVERS\TMEBC64.sys 09:48:20.0278 3972 TMEBC - ok 09:48:20.0293 3972 [ C27DAE25484C205F3CCF7260E1B045DD ] tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys 09:48:20.0293 3972 tmevtmgr - ok 09:48:20.0356 3972 [ 48951FBFFFCAE52FADFCDFB76ED19749 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys 09:48:20.0356 3972 tmtdi - ok 09:48:20.0387 3972 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 09:48:20.0403 3972 TrkWks - ok 09:48:20.0465 3972 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 09:48:20.0465 3972 TrustedInstaller - ok 09:48:20.0496 3972 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 09:48:20.0496 3972 tssecsrv - ok 09:48:20.0543 3972 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 09:48:20.0543 3972 TsUsbFlt - ok 09:48:20.0574 3972 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 09:48:20.0574 3972 TsUsbGD - ok 09:48:20.0621 3972 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 09:48:20.0621 3972 tunnel - ok 09:48:20.0652 3972 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 09:48:20.0652 3972 uagp35 - ok 09:48:20.0668 3972 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 09:48:20.0683 3972 udfs - ok 09:48:20.0715 3972 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 09:48:20.0715 3972 UI0Detect - ok 09:48:20.0746 3972 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 09:48:20.0746 3972 uliagpkx - ok 09:48:20.0777 3972 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 09:48:20.0777 3972 umbus - ok 09:48:20.0808 3972 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 09:48:20.0824 3972 UmPass - ok 09:48:20.0949 3972 [ A678E5DDD974903DD71F503BDCACA218 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 09:48:20.0980 3972 UNS - ok 09:48:21.0011 3972 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 09:48:21.0011 3972 upnphost - ok 09:48:21.0042 3972 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 09:48:21.0042 3972 usbccgp - ok 09:48:21.0089 3972 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 09:48:21.0089 3972 usbcir - ok 09:48:21.0089 3972 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 09:48:21.0089 3972 usbehci - ok 09:48:21.0105 3972 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 09:48:21.0105 3972 usbhub - ok 09:48:21.0120 3972 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 09:48:21.0120 3972 usbohci - ok 09:48:21.0136 3972 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys 09:48:21.0136 3972 usbprint - ok 09:48:21.0167 3972 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS 09:48:21.0167 3972 USBSTOR - ok 09:48:21.0183 3972 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 09:48:21.0198 3972 usbuhci - ok 09:48:21.0245 3972 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 09:48:21.0245 3972 usbvideo - ok 09:48:21.0276 3972 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 09:48:21.0276 3972 UxSms - ok 09:48:21.0292 3972 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 09:48:21.0307 3972 VaultSvc - ok 09:48:21.0323 3972 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 09:48:21.0323 3972 vdrvroot - ok 09:48:21.0354 3972 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 09:48:21.0354 3972 vds - ok 09:48:21.0370 3972 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 09:48:21.0385 3972 vga - ok 09:48:21.0401 3972 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 09:48:21.0401 3972 VgaSave - ok 09:48:21.0432 3972 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 09:48:21.0432 3972 vhdmp - ok 09:48:21.0432 3972 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 09:48:21.0448 3972 viaide - ok 09:48:21.0463 3972 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 09:48:21.0463 3972 volmgr - ok 09:48:21.0479 3972 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 09:48:21.0495 3972 volmgrx - ok 09:48:21.0526 3972 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 09:48:21.0526 3972 volsnap - ok 09:48:21.0541 3972 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 09:48:21.0541 3972 vsmraid - ok 09:48:21.0604 3972 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 09:48:21.0619 3972 VSS - ok 09:48:21.0635 3972 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 09:48:21.0635 3972 vwifibus - ok 09:48:21.0651 3972 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 09:48:21.0651 3972 vwififlt - ok 09:48:21.0682 3972 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 09:48:21.0682 3972 vwifimp - ok 09:48:21.0713 3972 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 09:48:21.0729 3972 W32Time - ok 09:48:21.0744 3972 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 09:48:21.0760 3972 WacomPen - ok 09:48:21.0791 3972 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 09:48:21.0807 3972 WANARP - ok 09:48:21.0807 3972 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 09:48:21.0807 3972 Wanarpv6 - ok 09:48:21.0869 3972 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 09:48:21.0885 3972 WatAdminSvc - ok 09:48:21.0947 3972 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 09:48:21.0963 3972 wbengine - ok 09:48:21.0978 3972 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 09:48:21.0978 3972 WbioSrvc - ok 09:48:21.0994 3972 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 09:48:22.0009 3972 wcncsvc - ok 09:48:22.0025 3972 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 09:48:22.0025 3972 WcsPlugInService - ok 09:48:22.0056 3972 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 09:48:22.0056 3972 Wd - ok 09:48:22.0103 3972 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 09:48:22.0119 3972 Wdf01000 - ok 09:48:22.0150 3972 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 09:48:22.0150 3972 WdiServiceHost - ok 09:48:22.0150 3972 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 09:48:22.0150 3972 WdiSystemHost - ok 09:48:22.0181 3972 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 09:48:22.0181 3972 WebClient - ok 09:48:22.0212 3972 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 09:48:22.0228 3972 Wecsvc - ok 09:48:22.0243 3972 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 09:48:22.0243 3972 wercplsupport - ok 09:48:22.0275 3972 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 09:48:22.0275 3972 WerSvc - ok 09:48:22.0321 3972 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 09:48:22.0321 3972 WfpLwf - ok 09:48:22.0337 3972 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 09:48:22.0337 3972 WIMMount - ok 09:48:22.0353 3972 WinDefend - ok 09:48:22.0353 3972 WinHttpAutoProxySvc - ok 09:48:22.0415 3972 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 09:48:22.0431 3972 Winmgmt - ok 09:48:22.0540 3972 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 09:48:22.0555 3972 WinRM - ok 09:48:22.0618 3972 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys 09:48:22.0633 3972 WinUsb - ok 09:48:22.0680 3972 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 09:48:22.0696 3972 Wlansvc - ok 09:48:22.0758 3972 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 09:48:22.0758 3972 wlcrasvc - ok 09:48:22.0930 3972 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 09:48:22.0930 3972 wlidsvc - ok 09:48:22.0961 3972 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 09:48:22.0961 3972 WmiAcpi - ok 09:48:22.0992 3972 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 09:48:22.0992 3972 wmiApSrv - ok 09:48:23.0023 3972 WMPNetworkSvc - ok 09:48:23.0055 3972 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 09:48:23.0070 3972 WPCSvc - ok 09:48:23.0086 3972 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 09:48:23.0086 3972 WPDBusEnum - ok 09:48:23.0117 3972 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 09:48:23.0117 3972 ws2ifsl - ok 09:48:23.0148 3972 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 09:48:23.0148 3972 wscsvc - ok 09:48:23.0179 3972 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys 09:48:23.0179 3972 WSDPrintDevice - ok 09:48:23.0195 3972 WSearch - ok 09:48:23.0289 3972 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 09:48:23.0304 3972 wuauserv - ok 09:48:23.0335 3972 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 09:48:23.0335 3972 WudfPf - ok 09:48:23.0351 3972 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 09:48:23.0351 3972 WUDFRd - ok 09:48:23.0367 3972 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 09:48:23.0367 3972 wudfsvc - ok 09:48:23.0382 3972 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 09:48:23.0382 3972 WwanSvc - ok 09:48:23.0413 3972 ================ Scan global =============================== 09:48:23.0429 3972 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 09:48:23.0460 3972 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 09:48:23.0476 3972 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 09:48:23.0507 3972 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 09:48:23.0538 3972 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 09:48:23.0554 3972 [Global] - ok 09:48:23.0554 3972 ================ Scan MBR ================================== 09:48:23.0569 3972 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 09:48:23.0569 3972 Suspicious mbr (Forged): \Device\Harddisk0\DR0 09:48:23.0632 3972 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected 09:48:23.0632 3972 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0) 09:48:23.0694 3972 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 09:48:23.0710 3972 \Device\Harddisk0\DR0 - detected TDSS File System (1) 09:48:23.0710 3972 ================ Scan VBR ================================== 09:48:23.0710 3972 [ A0C0CBB37A0DF7A0835AEC3B7F9EA1A2 ] \Device\Harddisk0\DR0\Partition1 09:48:23.0710 3972 \Device\Harddisk0\DR0\Partition1 - ok 09:48:23.0741 3972 [ 82A069933D0D1048A8329F59749FF3A7 ] \Device\Harddisk0\DR0\Partition2 09:48:23.0741 3972 \Device\Harddisk0\DR0\Partition2 - ok 09:48:23.0772 3972 [ E6F8FAE94618C1B50D06E655DC7D3612 ] \Device\Harddisk0\DR0\Partition3 09:48:23.0772 3972 \Device\Harddisk0\DR0\Partition3 - ok 09:48:23.0772 3972 ============================================================ 09:48:23.0772 3972 Scan finished 09:48:23.0772 3972 ============================================================ 09:48:23.0788 2856 Detected object count: 2 09:48:23.0788 2856 Actual detected object count: 2 09:49:24.0238 2856 \Device\Harddisk0\DR0\# - copied to quarantine 09:49:24.0238 2856 \Device\Harddisk0\DR0 - copied to quarantine 09:49:24.0269 2856 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 09:49:24.0285 2856 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 09:49:24.0285 2856 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 09:49:24.0285 2856 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 09:49:24.0300 2856 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 09:49:24.0300 2856 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 09:49:24.0316 2856 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 09:49:24.0316 2856 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 09:49:24.0316 2856 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 09:49:24.0316 2856 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 09:49:24.0332 2856 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 09:49:24.0332 2856 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 09:49:24.0332 2856 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 09:49:24.0332 2856 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine 09:49:24.0347 2856 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 09:49:24.0378 2856 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot 09:49:24.0410 2856 \Device\Harddisk0\DR0 - ok 09:49:25.0049 2856 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 09:49:25.0049 2856 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 09:49:25.0049 2856 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 09:50:04.0548 1300 Deinitialize success
	to forum · permalink · 2013-02-16 11:26:10 ·
Michele @comcast.net	reply to TheJoker Thi09:51:43.0277 1164 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 09:51:43.0823 1164 ============================================================ 09:51:43.0823 1164 Current date / time: 2013/02/16 09:51:43.0823 09:51:43.0823 1164 SystemInfo: 09:51:43.0823 1164 09:51:43.0823 1164 OS Version: 6.1.7601 ServicePack: 1.0 09:51:43.0823 1164 Product type: Workstation 09:51:43.0823 1164 ComputerName: JOSH-HP 09:51:43.0823 1164 UserName: Josh 09:51:43.0823 1164 Windows directory: C:\Windows 09:51:43.0823 1164 System windows directory: C:\Windows 09:51:43.0823 1164 Running under WOW64 09:51:43.0823 1164 Processor architecture: Intel x64 09:51:43.0823 1164 Number of processors: 4 09:51:43.0823 1164 Page size: 0x1000 09:51:43.0823 1164 Boot type: Normal boot 09:51:43.0823 1164 ============================================================ 09:51:44.0728 1164 BG loaded 09:51:45.0212 1164 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 09:51:45.0212 1164 ============================================================ 09:51:45.0212 1164 \Device\Harddisk0\DR0: 09:51:45.0212 1164 MBR partitions: 09:51:45.0212 1164 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800 09:51:45.0212 1164 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x55840800 09:51:45.0212 1164 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x558A4800, BlocksNum 0x1C6E000 09:51:45.0212 1164 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x57512800, BlocksNum 0x336F0 09:51:45.0212 1164 ============================================================ 09:51:45.0243 1164 C: \Device\Harddisk0\DR0\Partition2 09:51:45.0352 1164 D: \Device\Harddisk0\DR0\Partition3 09:51:45.0414 1164 F: \Device\Harddisk0\DR0\Partition4 09:51:45.0414 1164 ============================================================ 09:51:45.0430 1164 Initialize success 09:51:45.0430 1164 ============================================================ 09:52:18.0488 3212 Deinitialize success s is the 3rd (and final) report generated by TDSSKiller:
	to forum · permalink · 2013-02-16 11:26:24 ·
Michele @comcast.net	reply to TheJoker I only see one log produced from MBAR: --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1020 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_39 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED CPU speed: 2.394000 GHz Memory total: 6387777536, free: 4178944000 ------------ Kernel report ------------ 02/16/2013 11:07:47 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\89540133.sys \SystemRoot\system32\DRIVERS\TMEBC64.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\compbatt.sys \SystemRoot\system32\drivers\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\tmcomm.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\system32\DRIVERS\hpdskflt.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\tmevtmgr.sys \SystemRoot\system32\DRIVERS\tmactmon.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\tmtdi.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\drivers\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\bcmwl664.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\RtsPStor.sys \SystemRoot\system32\DRIVERS\nusb3xhc.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\drivers\CmBatt.sys \SystemRoot\system32\DRIVERS\Accelerometer.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\clwvd.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\stwrt64.sys \SystemRoot\system32\DRIVERS\portcls.sys \SystemRoot\system32\DRIVERS\drmk.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\system32\DRIVERS\nusb3hub.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WinUSB.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Windows\system32\Drivers\rikvm_38F51D56.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\user32.dll \Windows\System32\lpk.dll \Windows\System32\clbcatq.dll \Windows\System32\comdlg32.dll \Windows\System32\urlmon.dll \Windows\System32\ws2_32.dll \Windows\System32\shlwapi.dll \Windows\System32\iertutil.dll \Windows\System32\msvcrt.dll \Windows\System32\imm32.dll \Windows\System32\sechost.dll \Windows\System32\gdi32.dll \Windows\System32\nsi.dll ----------- End ----------- >> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8008b04060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa8006252050 Lower Device Driver Name: \Driver\iaStor\ Driver name found: iaStor Initialization returned 0x0 Load Function returned 0x0 Downloaded database version: v2013.02.16.04 Initializing... Done! >> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8008b04060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8008b04b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8008b04060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8008afa2b0, DeviceName: Unknown, DriverName: \Driver\hpdskflt\ DevicePointer: 0xfffffa8006252050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a00cdd7b40, 0xfffffa8008b04060, 0xfffffa800c3b4090 Lower DeviceData: 0xfffff8a00ae475e0, 0xfffffa8006252050, 0xfffffa800c03e710 >> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... >> Device number: 0, partition: 2 >> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 7ADEB7CE Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 1434716160 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1435125760 Numsec = 29810688 Partition 3 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 1464936448 Numsec = 210672 Disk Size: 750156374016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)... Done! Performing system, memory and registry scan... Infected: c:\Windows\svchost.exe --> [Trojan.Agent] Done! Scan finished Creating System Restore point... Scheduling clean up... >> Device number: 0, partition: 2 >> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1020 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_39 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED CPU speed: 2.394000 GHz Memory total: 6387777536, free: 5005590528 Removal queue found; removal started Removing c:\Windows\svchost.exe... Removal finished ======================================= Thank you very much for helping ~m
	to forum · permalink · 2013-02-16 12:44:53 ·
Michele @comcast.net	reply to TheJoker Sorry - on closer look, found this as well - 2nd log from MBAR: Malwarebytes Anti-Rootkit BETA 1.01.0.1020 www.malwarebytes.org Database version: v2013.02.16.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Josh :: JOSH-HP [administrator] 2/16/2013 11:20:36 AM mbar-log-2013-02-16 (11-20-36).txt Scan type: Quick scan Scan options enabled: Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken \| PUP \| PUM \| P2P Scan options disabled: Objects scanned: 29495 Time elapsed: 9 minute(s), 28 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 c:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot. (end)
	to forum · permalink · 2013-02-16 12:59:31 ·
TheJoker Premium,VIP,MVM join:2001-04-26 Ruckersville, VA kudos:5	It looks like you may have skipped "curing" the TDSS file system. - Delete the current TDSSKiller logs. - Right-click on TDSSKiller.exe and select "Run as administrator". - Choose "Change Parameters" -- Check "Detect TDLFS file system" -- Hit OK - Click on the Start Scan button and wait for the scan and disinfection process to be over. - If an infected file is detected, the default action will be Cure, click on Continue - If a suspicious file is detected, the default action will be Skip, click on Continue - If the TDSS File System is detected, select Cure, then Continue - If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here. - If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply. - Please post the log from TDSSkiller.log in your next reply. Download RogueKiller (by tigzy) and save it to your the desktop. - Quit all programs - Start RogueKiller.exe. - Wait until Prescan has finished ... - Click on Scan. Click on Report and copy/paste the content of the notepad Please post the new log from TDSSKiller, the log from RogueKiller, and note any errors encountered. -- Proud ASAP member since 2005 Microsoft MVP/Consumer Security 2009-2010
	to forum · permalink · 2013-02-16 15:16:54 ·
Michele @comcast.net	The first time I ran TDSSKiller, this morning, there were 2 results: the 1st was an infected file and Cure was the default action; the 2nd was a suspicious file and skip was also the default. At the bottom of that page there was one continue button, which I selected and then it instructed me to reboot, which I did. After you wrote back, I tried to delete the TDSSKiller logs, as you requested, but could not get rid of them. I ran TDSSKiller again. It resulted in 1 suspicious object found. The default action was skip, so I clicked continue. It didn't require a reboot. I do see the report button, which I can open and select all, but there is not an option to copy. When I right-click in the selected text, nothing happens. So I'm not sure how to post that log. Any suggestions? Should I continue to run Roguekiller now or wait?
	to forum · permalink · 2013-02-16 16:47:01 ·
TheJoker Premium,VIP,MVM join:2001-04-26 Ruckersville, VA kudos:5 1 edit	Do you see the new log in C:\ ? If so, please post it. If not, and you still have the Report window in TDSSKiller open, select all the text and use the Windows shortcut keys to copy it. After you highlight the text you want to copy, hit CTRL-C (while the Control button is depressed, hit C to copy). Then if you don't get a menu to paste in the board reply window, click the mouse in the window where you want to past it and hit CTRL-V (while the Control button is depressed, hit V to paste). The Windows shortcut keys work in most Windows applications. You can past the text into a new Notepad window and save the log and post it. If you have already closed TSDDKiller, please re-run it selecting "Change parameters" and then select "Detect TDLFS File System", click OK, and re-run the scan and post the new log. If the log did't automatically save, use the Windows shortcut keys to save the text and paste it into a new Notepad windows, save it, and post the contents. -- Proud ASAP member since 2005 Microsoft MVP/Consumer Security 2009-2010
	to forum · permalink · 2013-02-16 18:14:55 ·
Michele @comcast.net	Great! Thanks - Here is the first part: 15:22:06.0880 5268 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 15:22:07.0457 5268 ============================================================ 15:22:07.0457 5268 Current date / time: 2013/02/16 15:22:07.0457 15:22:07.0457 5268 SystemInfo: 15:22:07.0457 5268 15:22:07.0457 5268 OS Version: 6.1.7601 ServicePack: 1.0 15:22:07.0457 5268 Product type: Workstation 15:22:07.0457 5268 ComputerName: JOSH-HP 15:22:07.0457 5268 UserName: Josh 15:22:07.0457 5268 Windows directory: C:\Windows 15:22:07.0457 5268 System windows directory: C:\Windows 15:22:07.0457 5268 Running under WOW64 15:22:07.0457 5268 Processor architecture: Intel x64 15:22:07.0457 5268 Number of processors: 4 15:22:07.0457 5268 Page size: 0x1000 15:22:07.0457 5268 Boot type: Normal boot 15:22:07.0457 5268 ============================================================ 15:22:08.0066 5268 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 15:22:08.0721 5268 ============================================================ 15:22:08.0721 5268 \Device\Harddisk0\DR0: 15:22:08.0721 5268 MBR partitions: 15:22:08.0721 5268 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800 15:22:08.0721 5268 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x55840800 15:22:08.0721 5268 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x558A4800, BlocksNum 0x1C6E000 15:22:08.0721 5268 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x57512800, BlocksNum 0x336F0 15:22:08.0721 5268 ============================================================ 15:22:08.0768 5268 C: \Device\Harddisk0\DR0\Partition2 15:22:08.0814 5268 D: \Device\Harddisk0\DR0\Partition3 15:22:08.0830 5268 F: \Device\Harddisk0\DR0\Partition4 15:22:08.0830 5268 ============================================================ 15:22:08.0830 5268 Initialize success 15:22:08.0830 5268 ============================================================ 15:22:36.0021 4716 ============================================================ 15:22:36.0021 4716 Scan started 15:22:36.0021 4716 Mode: Manual; TDLFS; 15:22:36.0021 4716 ============================================================ 15:22:36.0364 4716 ================ Scan system memory ======================== 15:22:36.0364 4716 System memory - ok 15:22:36.0364 4716 ================ Scan services ============================= 15:22:36.0567 4716 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 15:22:36.0598 4716 1394ohci - ok 15:22:36.0645 4716 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys 15:22:36.0660 4716 Accelerometer - ok 15:22:36.0692 4716 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 15:22:36.0707 4716 ACPI - ok 15:22:36.0738 4716 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 15:22:36.0754 4716 AcpiPmi - ok 15:22:36.0848 4716 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 15:22:36.0848 4716 AdobeARMservice - ok 15:22:36.0910 4716 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 15:22:36.0941 4716 adp94xx - ok 15:22:36.0988 4716 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 15:22:37.0004 4716 adpahci - ok 15:22:37.0050 4716 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 15:22:37.0082 4716 adpu320 - ok 15:22:37.0113 4716 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 15:22:37.0113 4716 AeLookupSvc - ok 15:22:37.0175 4716 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe 15:22:37.0191 4716 AESTFilters - ok 15:22:37.0253 4716 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 15:22:37.0284 4716 AFD - ok 15:22:37.0316 4716 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 15:22:37.0331 4716 agp440 - ok 15:22:37.0362 4716 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 15:22:37.0378 4716 ALG - ok 15:22:37.0425 4716 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 15:22:37.0425 4716 aliide - ok 15:22:37.0440 4716 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 15:22:37.0456 4716 amdide - ok 15:22:37.0518 4716 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 15:22:37.0534 4716 AmdK8 - ok 15:22:37.0565 4716 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 15:22:37.0565 4716 AmdPPM - ok 15:22:37.0612 4716 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 15:22:37.0628 4716 amdsata - ok 15:22:37.0659 4716 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 15:22:37.0674 4716 amdsbs - ok 15:22:37.0690 4716 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 15:22:37.0690 4716 amdxata - ok 15:22:37.0768 4716 [ 1E7B61301E75B734BC2D60DB0E15183B ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe 15:22:37.0784 4716 Amsp - ok 15:22:37.0846 4716 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 15:22:37.0862 4716 AppID - ok 15:22:37.0893 4716 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 15:22:37.0893 4716 AppIDSvc - ok 15:22:37.0908 4716 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 15:22:37.0924 4716 Appinfo - ok 15:22:37.0955 4716 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 15:22:37.0971 4716 arc - ok 15:22:38.0002 4716 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 15:22:38.0018 4716 arcsas - ok 15:22:38.0033 4716 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 15:22:38.0033 4716 AsyncMac - ok 15:22:38.0049 4716 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 15:22:38.0049 4716 atapi - ok 15:22:38.0096 4716 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 15:22:38.0111 4716 AudioEndpointBuilder - ok 15:22:38.0127 4716 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 15:22:38.0127 4716 AudioSrv - ok 15:22:38.0158 4716 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 15:22:38.0158 4716 AxInstSV - ok 15:22:38.0189 4716 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 15:22:38.0220 4716 b06bdrv - ok 15:22:38.0236 4716 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 15:22:38.0252 4716 b57nd60a - ok 15:22:38.0330 4716 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe 15:22:38.0361 4716 BBSvc - ok 15:22:38.0376 4716 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe 15:22:38.0376 4716 BBUpdate - ok 15:22:38.0454 4716 [ 0E7A9264576B40638A3FBC804DE1FF76 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys 15:22:38.0486 4716 BCM43XX - ok 15:22:38.0532 4716 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 15:22:38.0532 4716 BDESVC - ok 15:22:38.0579 4716 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 15:22:38.0595 4716 Beep - ok 15:22:38.0626 4716 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 15:22:38.0642 4716 BFE - ok 15:22:38.0673 4716 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 15:22:38.0688 4716 BITS - ok 15:22:38.0720 4716 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 15:22:38.0735 4716 blbdrive - ok 15:22:38.0766 4716 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 15:22:38.0782 4716 bowser - ok 15:22:38.0813 4716 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 15:22:38.0829 4716 BrFiltLo - ok 15:22:38.0844 4716 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 15:22:38.0860 4716 BrFiltUp - ok 15:22:38.0907 4716 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 15:22:38.0907 4716 Browser - ok 15:22:38.0938 4716 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 15:22:38.0969 4716 Brserid - ok 15:22:38.0985 4716 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 15:22:39.0000 4716 BrSerWdm - ok 15:22:39.0032 4716 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 15:22:39.0047 4716 BrUsbMdm - ok 15:22:39.0063 4716 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 15:22:39.0078 4716 BrUsbSer - ok 15:22:39.0094 4716 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 15:22:39.0110 4716 BTHMODEM - ok 15:22:39.0141 4716 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 15:22:39.0156 4716 bthserv - ok 15:22:39.0188 4716 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 15:22:39.0219 4716 cdfs - ok 15:22:39.0250 4716 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 15:22:39.0250 4716 cdrom - ok 15:22:39.0281 4716 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 15:22:39.0281 4716 CertPropSvc - ok 15:22:39.0328 4716 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 15:22:39.0344 4716 circlass - ok 15:22:39.0359 4716 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 15:22:39.0375 4716 CLFS - ok 15:22:39.0437 4716 [ 524DC3807CB1746225F9D26ADD19C319 ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe 15:22:39.0437 4716 CLKMSVC10_38F51D56 - ok 15:22:39.0515 4716 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:22:39.0546 4716 clr_optimization_v2.0.50727_32 - ok 15:22:39.0609 4716 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 15:22:39.0640 4716 clr_optimization_v2.0.50727_64 - ok 15:22:39.0702 4716 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:22:39.0702 4716 clr_optimization_v4.0.30319_32 - ok 15:22:39.0734 4716 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 15:22:39.0734 4716 clr_optimization_v4.0.30319_64 - ok 15:22:39.0765 4716 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys 15:22:39.0780 4716 clwvd - ok 15:22:39.0827 4716 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 15:22:39.0843 4716 CmBatt - ok 15:22:39.0858 4716 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 15:22:39.0874 4716 cmdide - ok 15:22:39.0921 4716 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys 15:22:39.0921 4716 CNG - ok 15:22:39.0952 4716 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 15:22:39.0952 4716 Compbatt - ok 15:22:39.0983 4716 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 15:22:39.0999 4716 CompositeBus - ok 15:22:39.0999 4716 COMSysApp - ok 15:22:40.0030 4716 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 15:22:40.0030 4716 crcdisk - ok 15:22:40.0077 4716 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 15:22:40.0108 4716 CryptSvc - ok 15:22:40.0139 4716 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 15:22:40.0139 4716 DcomLaunch - ok 15:22:40.0170 4716 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 15:22:40.0186 4716 defragsvc - ok 15:22:40.0217 4716 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 15:22:40.0217 4716 DfsC - ok 15:22:40.0248 4716 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 15:22:40.0280 4716 Dhcp - ok 15:22:40.0295 4716 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 15:22:40.0295 4716 discache - ok 15:22:40.0326 4716 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 15:22:40.0326 4716 Disk - ok 15:22:40.0358 4716 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 15:22:40.0358 4716 Dnscache - ok 15:22:40.0420 4716 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 15:22:40.0436 4716 dot3svc - ok 15:22:40.0451 4716 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 15:22:40.0451 4716 DPS - ok 15:22:40.0482 4716 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 15:22:40.0498 4716 drmkaud - ok 15:22:40.0529 4716 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 15:22:40.0560 4716 DXGKrnl - ok 15:22:40.0576 4716 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 15:22:40.0592 4716 EapHost - ok 15:22:40.0670 4716 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 15:22:40.0701 4716 ebdrv - ok 15:22:40.0748 4716 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 15:22:40.0748 4716 EFS - ok 15:22:40.0810 4716 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 15:22:40.0841 4716 ehRecvr - ok 15:22:40.0857 4716 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 15:22:40.0857 4716 ehSched - ok 15:22:40.0904 4716 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 15:22:40.0935 4716 elxstor - ok 15:22:40.0966 4716 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 15:22:40.0982 4716 ErrDev - ok 15:22:41.0028 4716 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 15:22:41.0028 4716 EventSystem - ok 15:22:41.0075 4716 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 15:22:41.0091 4716 exfat - ok 15:22:41.0106 4716 ezSharedSvc - ok 15:22:41.0122 4716 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 15:22:41.0138 4716 fastfat - ok 15:22:41.0169 4716 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 15:22:41.0184 4716 Fax - ok 15:22:41.0231 4716 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 15:22:41.0247 4716 fdc - ok 15:22:41.0278 4716 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 15:22:41.0278 4716 fdPHost - ok 15:22:41.0294 4716 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 15:22:41.0294 4716 FDResPub - ok 15:22:41.0325 4716 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 15:22:41.0325 4716 FileInfo - ok 15:22:41.0340 4716 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 15:22:41.0356 4716 Filetrace - ok 15:22:41.0387 4716 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 15:22:41.0387 4716 flpydisk - ok 15:22:41.0418 4716 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 15:22:41.0434 4716 FltMgr - ok 15:22:41.0496 4716 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 15:22:41.0512 4716 FontCache - ok 15:22:41.0574 4716 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 15:22:41.0574 4716 FontCache3.0.0.0 - ok 15:22:41.0652 4716 [ 2074A85A6B8F84A5A9C60B915B465FAF ] FPLService C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe 15:22:41.0668 4716 FPLService - ok 15:22:41.0699 4716 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 15:22:41.0715 4716 FsDepends - ok 15:22:41.0746 4716 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 15:22:41.0746 4716 Fs_Rec - ok 15:22:41.0777 4716 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 15:22:41.0777 4716 fvevol - ok 15:22:41.0808 4716 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 15:22:41.0824 4716 gagp30kx - ok 15:22:41.0902 4716 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 15:22:41.0933 4716 GamesAppService - ok 15:22:41.0964 4716 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 15:22:41.0980 4716 gpsvc - ok 15:22:42.0058 4716 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 15:22:42.0058 4716 gupdate - ok 15:22:42.0058 4716 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 15:22:42.0074 4716 gupdatem - ok 15:22:42.0105 4716 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 15:22:42.0120 4716 gusvc - ok 15:22:42.0136 4716 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 15:22:42.0167 4716 hcw85cir - ok 15:22:42.0214 4716 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 15:22:42.0230 4716 HdAudAddService - ok 15:22:42.0261 4716 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 15:22:42.0276 4716 HDAudBus - ok 15:22:42.0276 4716 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 15:22:42.0292 4716 HidBatt - ok 15:22:42.0308 4716 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 15:22:42.0323 4716 HidBth - ok 15:22:42.0339 4716 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 15:22:42.0354 4716 HidIr - ok 15:22:42.0386 4716 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 15:22:42.0386 4716 hidserv - ok 15:22:42.0417 4716 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys 15:22:42.0417 4716 HidUsb - ok 15:22:42.0432 4716 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 15:22:42.0432 4716 hkmsvc - ok 15:22:42.0464 4716 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 15:22:42.0495 4716 HomeGroupListener - ok 15:22:42.0526 4716 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 15:22:42.0526 4716 HomeGroupProvider - ok 15:22:42.0620 4716 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 15:22:42.0620 4716 HP Support Assistant Service - ok 15:22:42.0666 4716 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe 15:22:42.0682 4716 HPClientSvc - ok 15:22:42.0760 4716 [ E040F0064D39F73BB4995D494F3DCBB8 ] hpCMSrv C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe 15:22:42.0776 4716 hpCMSrv - ok 15:22:42.0854 4716 [ B19FF523B533A3F198B9239E1749C940 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 15:22:42.0854 4716 HPDrvMntSvc.exe - ok 15:22:42.0885 4716 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys 15:22:42.0885 4716 hpdskflt - ok 15:22:42.0963 4716 [ 01091B900E15878B4434F9C726C4541D ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 15:22:42.0978 4716 hpqwmiex - ok 15:22:42.0994 4716 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 15:22:43.0025 4716 HpSAMD - ok 15:22:43.0056 4716 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe 15:22:43.0056 4716 hpsrv - ok 15:22:43.0103 4716 [ 491CE9B6321FB74E4B37AF2C47F98434 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe 15:22:43.0103 4716 HPWMISVC - ok 15:22:43.0166 4716 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 15:22:43.0212 4716 HTTP - ok 15:22:43.0228 4716 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 15:22:43.0228 4716 hwpolicy - ok 15:22:43.0259 4716 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 15:22:43.0290 4716 i8042prt - ok 15:22:43.0322 4716 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 15:22:43.0322 4716 iaStor - ok 15:22:43.0415 4716 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 15:22:43.0415 4716 IAStorDataMgrSvc - ok 15:22:43.0462 4716 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 15:22:43.0493 4716 iaStorV - ok 15:22:43.0602 4716 [ D72BF0AE484F88399E8343E821C10D6A ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe 15:22:43.0618 4716 IconMan_R - ok 15:22:43.0665 4716 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 15:22:43.0680 4716 idsvc - ok 15:22:43.0946 4716 [ 6383899C5F964D71B0F96B81FBE59BB8 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 15:22:44.0211 4716 igfx - ok 15:22:44.0258 4716 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 15:22:44.0258 4716 iirsp - ok 15:22:44.0304 4716 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 15:22:44.0320 4716 IKEEXT - ok 15:22:44.0382 4716 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 15:22:44.0398 4716 IntcDAud - ok 15:22:44.0414 4716 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 15:22:44.0429 4716 intelide - ok 15:22:44.0445 4716 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 15:22:44.0445 4716 intelppm - ok 15:22:44.0492 4716 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 15:22:44.0492 4716 IPBusEnum - ok 15:22:44.0523 4716 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:22:44.0538 4716 IpFilterDriver - ok 15:22:44.0585 4716 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 15:22:44.0585 4716 iphlpsvc - ok 15:22:44.0616 4716 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 15:22:44.0632 4716 IPMIDRV - ok 15:22:44.0648 4716 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 15:22:44.0663 4716 IPNAT - ok 15:22:44.0694 4716 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 15:22:44.0710 4716 IRENUM - ok 15:22:44.0726 4716 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 15:22:44.0741 4716 isapnp - ok 15:22:44.0757 4716 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 15:22:44.0788 4716 iScsiPrt - ok 15:22:44.0804 4716 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 15:22:44.0819 4716 kbdclass - ok 15:22:44.0850 4716 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 15:22:44.0866 4716 kbdhid - ok 15:22:44.0882 4716 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 15:22:44.0897 4716 KeyIso - ok 15:22:44.0928 4716 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 15:22:44.0928 4716 KSecDD - ok 15:22:44.0960 4716 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 15:22:44.0975 4716 KSecPkg - ok 15:22:44.0991 4716 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 15:22:45.0006 4716 ksthunk - ok 15:22:45.0038 4716 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 15:22:45.0069 4716 KtmRm - ok 15:22:45.0100 4716 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 15:22:45.0116 4716 LanmanServer - ok 15:22:45.0116 4716 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 15:22:45.0116 4716 LanmanWorkstation - ok 15:22:45.0147 4716 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 15:22:45.0162 4716 lltdio - ok 15:22:45.0194 4716 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 15:22:45.0225 4716 lltdsvc - ok 15:22:45.0256 4716 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 15:22:45.0256 4716 lmhosts - ok 15:22:45.0334 4716 [ D7E0BED3EA21D7BDDD410ADE51708D90 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 15:22:45.0334 4716 LMS - ok 15:22:45.0381 4716 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 15:22:45.0412 4716 LSI_FC - ok 15:22:45.0428 4716 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 15:22:45.0443 4716 LSI_SAS - ok 15:22:45.0459 4716 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 15:22:45.0474 4716 LSI_SAS2 - ok 15:22:45.0474 4716 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 15:22:45.0490 4716 LSI_SCSI - ok 15:22:45.0521 4716 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 15:22:45.0521 4716 luafv - ok 15:22:45.0552 4716 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 15:22:45.0568 4716 MBAMProtector - ok 15:22:45.0630 4716 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 15:22:45.0646 4716 MBAMScheduler - ok 15:22:45.0677 4716 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 15:22:45.0677 4716 MBAMService - ok 15:22:45.0708 4716 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 15:22:45.0724 4716 Mcx2Svc - ok 15:22:45.0755 4716 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 15:22:45.0771 4716 megasas - ok 15:22:45.0786 4716 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 15:22:45.0818 4716 MegaSR - ok 15:22:45.0849 4716 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 15:22:45.0849 4716 MEIx64 - ok 15:22:45.0896 4716 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 15:22:45.0896 4716 MMCSS - ok 15:22:45.0927 4716 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 15:22:45.0958 4716 Modem - ok 15:22:45.0958 4716 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 15:22:45.0958 4716 monitor - ok 15:22:46.0005 4716 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 15:22:46.0020 4716 mouclass - ok 15:22:46.0052 4716 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\drivers\mouhid.sys 15:22:46.0052 4716 mouhid - ok 15:22:46.0098 4716 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 15:22:46.0098 4716 mountmgr - ok 15:22:46.0145 4716 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
	to forum · permalink · 2013-02-16 19:15:42 ·
Michele @comcast.net	reply to TheJoker Here is the log from RogueKiller: RogueKiller V8.5.1 _x64_ [Feb 12 2013] by Tigzy mail : tigzyRKgmailcom Feedback : »www.geekstogo.com/forum/files/fi···ekiller/ Website : »tigzy.geekstogo.com/roguekiller.php Blog : »tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Josh [Admin rights] Mode : Scan -- Date : 02/16/2013 17:50:26 \| ARK \|\| FAK \|\| MBR \| ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK7575GSX +++++ --- User --- [MBR] dc0799f80bf9194671277811d3f39ba7 [BSP] 139f9342507d5f69d78b8d4d1cc64ad7 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 \| Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 \| Size: 700545 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1435125760 \| Size: 14556 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1464936448 \| Size: 102 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] e9db50b585bb6053fe928f1845a2075a [BSP] 139f9342507d5f69d78b8d4d1cc64ad7 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 \| Size: 77824 Mo 1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 159793152 \| Size: 400 Mo Finished : > RKreport[1]_S_02162013_02d1750.txt
	to forum · permalink · 2013-02-16 19:15:56 ·
Michele @comcast.net	reply to TheJoker And here is the 2nd part: 15:22:46.0145 4716 MozillaMaintenance - ok 15:22:46.0176 4716 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 15:22:46.0208 4716 mpio - ok 15:22:46.0239 4716 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 15:22:46.0254 4716 mpsdrv - ok 15:22:46.0270 4716 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 15:22:46.0286 4716 MpsSvc - ok 15:22:46.0301 4716 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 15:22:46.0317 4716 MRxDAV - ok 15:22:46.0332 4716 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 15:22:46.0332 4716 mrxsmb - ok 15:22:46.0364 4716 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:22:46.0364 4716 mrxsmb10 - ok 15:22:46.0379 4716 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:22:46.0379 4716 mrxsmb20 - ok 15:22:46.0395 4716 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 15:22:46.0395 4716 msahci - ok 15:22:46.0426 4716 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 15:22:46.0426 4716 msdsm - ok 15:22:46.0457 4716 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 15:22:46.0488 4716 MSDTC - ok 15:22:46.0520 4716 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 15:22:46.0520 4716 Msfs - ok 15:22:46.0535 4716 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 15:22:46.0551 4716 mshidkmdf - ok 15:22:46.0566 4716 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 15:22:46.0566 4716 msisadrv - ok 15:22:46.0582 4716 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 15:22:46.0598 4716 MSiSCSI - ok 15:22:46.0613 4716 msiserver - ok 15:22:46.0644 4716 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 15:22:46.0660 4716 MSKSSRV - ok 15:22:46.0676 4716 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 15:22:46.0676 4716 MSPCLOCK - ok 15:22:46.0691 4716 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 15:22:46.0707 4716 MSPQM - ok 15:22:46.0722 4716 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 15:22:46.0722 4716 MsRPC - ok 15:22:46.0754 4716 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 15:22:46.0754 4716 mssmbios - ok 15:22:46.0800 4716 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 15:22:46.0816 4716 MSTEE - ok 15:22:46.0832 4716 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 15:22:46.0832 4716 MTConfig - ok 15:22:46.0847 4716 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 15:22:46.0847 4716 Mup - ok 15:22:46.0878 4716 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 15:22:46.0878 4716 napagent - ok 15:22:46.0925 4716 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 15:22:46.0972 4716 NativeWifiP - ok 15:22:47.0019 4716 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 15:22:47.0034 4716 NDIS - ok 15:22:47.0066 4716 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 15:22:47.0081 4716 NdisCap - ok 15:22:47.0097 4716 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 15:22:47.0112 4716 NdisTapi - ok 15:22:47.0128 4716 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 15:22:47.0128 4716 Ndisuio - ok 15:22:47.0144 4716 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 15:22:47.0159 4716 NdisWan - ok 15:22:47.0175 4716 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 15:22:47.0190 4716 NDProxy - ok 15:22:47.0190 4716 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 15:22:47.0190 4716 NetBIOS - ok 15:22:47.0222 4716 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 15:22:47.0222 4716 NetBT - ok 15:22:47.0253 4716 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 15:22:47.0253 4716 Netlogon - ok 15:22:47.0300 4716 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 15:22:47.0315 4716 Netman - ok 15:22:47.0346 4716 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 15:22:47.0346 4716 netprofm - ok 15:22:47.0378 4716 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:22:47.0393 4716 NetTcpPortSharing - ok 15:22:47.0440 4716 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 15:22:47.0440 4716 nfrd960 - ok 15:22:47.0487 4716 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 15:22:47.0487 4716 NlaSvc - ok 15:22:47.0518 4716 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 15:22:47.0518 4716 Npfs - ok 15:22:47.0549 4716 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 15:22:47.0549 4716 nsi - ok 15:22:47.0565 4716 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 15:22:47.0580 4716 nsiproxy - ok 15:22:47.0658 4716 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 15:22:47.0674 4716 Ntfs - ok 15:22:47.0721 4716 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 15:22:47.0736 4716 Null - ok 15:22:47.0783 4716 [ 9A33100AC62A0463C49E47EE8E77083A ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys 15:22:47.0814 4716 nusb3hub - ok 15:22:47.0861 4716 [ 87C321F7BEE646B7EC6EEDD6EB725741 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys 15:22:47.0892 4716 nusb3xhc - ok 15:22:47.0924 4716 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys 15:22:47.0970 4716 NVENETFD - ok 15:22:47.0986 4716 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 15:22:48.0017 4716 nvraid - ok 15:22:48.0033 4716 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 15:22:48.0048 4716 nvstor - ok 15:22:48.0080 4716 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 15:22:48.0095 4716 nv_agp - ok 15:22:48.0111 4716 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 15:22:48.0126 4716 ohci1394 - ok 15:22:48.0173 4716 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:22:48.0189 4716 ose - ok 15:22:48.0360 4716 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 15:22:48.0392 4716 osppsvc - ok 15:22:48.0423 4716 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 15:22:48.0454 4716 p2pimsvc - ok 15:22:48.0470 4716 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 15:22:48.0485 4716 p2psvc - ok 15:22:48.0501 4716 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 15:22:48.0516 4716 Parport - ok 15:22:48.0548 4716 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 15:22:48.0548 4716 partmgr - ok 15:22:48.0579 4716 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 15:22:48.0579 4716 PcaSvc - ok 15:22:48.0594 4716 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 15:22:48.0610 4716 pci - ok 15:22:48.0610 4716 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 15:22:48.0626 4716 pciide - ok 15:22:48.0657 4716 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 15:22:48.0672 4716 pcmcia - ok 15:22:48.0688 4716 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 15:22:48.0688 4716 pcw - ok 15:22:48.0704 4716 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 15:22:48.0750 4716 PEAUTH - ok 15:22:48.0797 4716 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 15:22:48.0828 4716 PerfHost - ok 15:22:48.0891 4716 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 15:22:48.0922 4716 pla - ok 15:22:48.0984 4716 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 15:22:48.0984 4716 PlugPlay - ok 15:22:49.0016 4716 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 15:22:49.0031 4716 PNRPAutoReg - ok 15:22:49.0047 4716 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 15:22:49.0047 4716 PNRPsvc - ok 15:22:49.0094 4716 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 15:22:49.0094 4716 PolicyAgent - ok 15:22:49.0109 4716 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 15:22:49.0125 4716 Power - ok 15:22:49.0140 4716 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 15:22:49.0156 4716 PptpMiniport - ok 15:22:49.0187 4716 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 15:22:49.0203 4716 Processor - ok 15:22:49.0234 4716 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 15:22:49.0250 4716 ProfSvc - ok 15:22:49.0265 4716 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 15:22:49.0265 4716 ProtectedStorage - ok 15:22:49.0296 4716 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 15:22:49.0312 4716 Psched - ok 15:22:49.0390 4716 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 15:22:49.0437 4716 ql2300 - ok 15:22:49.0452 4716 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 15:22:49.0468 4716 ql40xx - ok 15:22:49.0484 4716 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 15:22:49.0515 4716 QWAVE - ok 15:22:49.0546 4716 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 15:22:49.0562 4716 QWAVEdrv - ok 15:22:49.0577 4716 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 15:22:49.0577 4716 RasAcd - ok 15:22:49.0608 4716 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 15:22:49.0624 4716 RasAgileVpn - ok 15:22:49.0640 4716 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 15:22:49.0655 4716 RasAuto - ok 15:22:49.0671 4716 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 15:22:49.0686 4716 Rasl2tp - ok 15:22:49.0702 4716 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 15:22:49.0702 4716 RasMan - ok 15:22:49.0718 4716 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 15:22:49.0733 4716 RasPppoe - ok 15:22:49.0764 4716 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 15:22:49.0780 4716 RasSstp - ok 15:22:49.0796 4716 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 15:22:49.0796 4716 rdbss - ok 15:22:49.0811 4716 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 15:22:49.0811 4716 rdpbus - ok 15:22:49.0842 4716 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 15:22:49.0858 4716 RDPCDD - ok 15:22:49.0874 4716 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 15:22:49.0889 4716 RDPENCDD - ok 15:22:49.0889 4716 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 15:22:49.0905 4716 RDPREFMP - ok 15:22:49.0952 4716 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 15:22:49.0967 4716 RdpVideoMiniport - ok 15:22:49.0998 4716 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 15:22:50.0014 4716 RDPWD - ok 15:22:50.0061 4716 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 15:22:50.0061 4716 rdyboost - ok 15:22:50.0092 4716 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 15:22:50.0108 4716 RemoteAccess - ok 15:22:50.0139 4716 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 15:22:50.0154 4716 RemoteRegistry - ok 15:22:50.0217 4716 [ 085D18C71AB2611A3D61528132B6501E ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe 15:22:50.0217 4716 RoxioNow Service - ok 15:22:50.0232 4716 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 15:22:50.0248 4716 RpcEptMapper - ok 15:22:50.0264 4716 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 15:22:50.0279 4716 RpcLocator - ok 15:22:50.0310 4716 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 15:22:50.0310 4716 RpcSs - ok 15:22:50.0357 4716 [ 1F5E7AF59B390261A85F5BEDB1BB88B3 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys 15:22:50.0373 4716 RSPCIESTOR - ok 15:22:50.0388 4716 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 15:22:50.0420 4716 rspndr - ok 15:22:50.0435 4716 [ ED5873F7DFB2F96D37F13322211B6BDC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 15:22:50.0466 4716 RTL8167 - ok 15:22:50.0482 4716 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 15:22:50.0482 4716 SamSs - ok 15:22:50.0498 4716 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 15:22:50.0513 4716 sbp2port - ok 15:22:50.0544 4716 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 15:22:50.0560 4716 SCardSvr - ok 15:22:50.0591 4716 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 15:22:50.0607 4716 scfilter - ok 15:22:50.0638 4716 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 15:22:50.0654 4716 Schedule - ok 15:22:50.0669 4716 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 15:22:50.0685 4716 SCPolicySvc - ok 15:22:50.0700 4716 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 15:22:50.0732 4716 sdbus - ok 15:22:50.0747 4716 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 15:22:50.0763 4716 SDRSVC - ok 15:22:50.0794 4716 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 15:22:50.0825 4716 secdrv - ok 15:22:50.0825 4716 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 15:22:50.0841 4716 seclogon - ok 15:22:50.0872 4716 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 15:22:50.0872 4716 SENS - ok 15:22:50.0903 4716 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 15:22:50.0919 4716 SensrSvc - ok 15:22:50.0934 4716 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 15:22:50.0950 4716 Serenum - ok 15:22:50.0966 4716 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 15:22:50.0981 4716 Serial - ok 15:22:51.0012 4716 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 15:22:51.0012 4716 sermouse - ok 15:22:51.0044 4716 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 15:22:51.0059 4716 SessionEnv - ok 15:22:51.0090 4716 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 15:22:51.0106 4716 sffdisk - ok 15:22:51.0122 4716 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 15:22:51.0122 4716 sffp_mmc - ok 15:22:51.0137 4716 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 15:22:51.0137 4716 sffp_sd - ok 15:22:51.0168 4716 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 15:22:51.0184 4716 sfloppy - ok 15:22:51.0215 4716 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 15:22:51.0231 4716 SharedAccess - ok 15:22:51.0246 4716 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 15:22:51.0278 4716 ShellHWDetection - ok 15:22:51.0324 4716 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 15:22:51.0340 4716 SiSRaid2 - ok 15:22:51.0356 4716 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 15:22:51.0371 4716 SiSRaid4 - ok 15:22:51.0418 4716 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 15:22:51.0434 4716 Smb - ok 15:22:51.0496 4716 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 15:22:51.0512 4716 SNMPTRAP - ok 15:22:51.0527 4716 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 15:22:51.0527 4716 spldr - ok 15:22:51.0558 4716 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 15:22:51.0558 4716 Spooler - ok 15:22:51.0652 4716 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 15:22:51.0683 4716 sppsvc - ok 15:22:51.0699 4716 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 15:22:51.0714 4716 sppuinotify - ok 15:22:51.0746 4716 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 15:22:51.0761 4716 srv - ok 15:22:51.0777 4716 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 15:22:51.0792 4716 srv2 - ok 15:22:51.0839 4716 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS 15:22:51.0870 4716 SrvHsfHDA - ok 15:22:51.0917 4716 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS 15:22:51.0948 4716 SrvHsfV92 - ok 15:22:51.0964 4716 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 15:22:51.0995 4716 SrvHsfWinac - ok 15:22:52.0011 4716 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 15:22:52.0011 4716 srvnet - ok 15:22:52.0042 4716 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 15:22:52.0058 4716 SSDPSRV - ok 15:22:52.0073 4716 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 15:22:52.0073 4716 SstpSvc - ok 15:22:52.0136 4716 [ 20E27AA5BCC01C2149830C05FE22F675 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe 15:22:52.0136 4716 STacSV - ok 15:22:52.0167 4716 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 15:22:52.0182 4716 stexstor - ok 15:22:52.0245 4716 [ BEB37CE4E7456F5EFA52D783D1E06D8C ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys 15:22:52.0276 4716 STHDA - ok 15:22:52.0323 4716 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 15:22:52.0338 4716 stisvc - ok 15:22:52.0370 4716 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 15:22:52.0385 4716 swenum - ok 15:22:52.0416 4716 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 15:22:52.0432 4716 swprv - ok 15:22:52.0494 4716 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 15:22:52.0526 4716 SynTP - ok 15:22:52.0572 4716 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 15:22:52.0588 4716 SysMain - ok 15:22:52.0604 4716 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 15:22:52.0604 4716 TabletInputService - ok 15:22:52.0619 4716 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 15:22:52.0635 4716 TapiSrv - ok 15:22:52.0635 4716 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 15:22:52.0650 4716 TBS - ok 15:22:52.0728 4716 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 15:22:52.0760 4716 Tcpip - ok 15:22:52.0775 4716 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 15:22:52.0791 4716 TCPIP6 - ok 15:22:52.0822 4716 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 15:22:52.0838 4716 tcpipreg - ok 15:22:52.0869 4716 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 15:22:52.0869 4716 TDPIPE - ok 15:22:52.0884 4716 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 15:22:52.0900 4716 TDTCP - ok 15:22:52.0916 4716 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 15:22:52.0931 4716 tdx - ok 15:22:52.0947 4716 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 15:22:52.0962 4716 TermDD - ok 15:22:52.0994 4716 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 15:22:53.0009 4716 TermService - ok 15:22:53.0025 4716 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 15:22:53.0025 4716 Themes - ok 15:22:53.0056 4716 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 15:22:53.0056 4716 THREADORDER - ok 15:22:53.0103 4716 [ 6642C9F15CCC7859CAEEA159E711EB21 ] tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys 15:22:53.0118 4716 tmactmon - ok 15:22:53.0134 4716 [ 0BD205E00C93B8CF828301F43164AA51 ] tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys 15:22:53.0134 4716 tmcomm - ok 15:22:53.0165 4716 [ 9D86A57FB83E39A967CD8D3AAE8A170A ] TMEBC C:\Windows\system32\DRIVERS\TMEBC64.sys 15:22:53.0165 4716 TMEBC - ok 15:22:53.0181 4716 [ C27DAE25484C205F3CCF7260E1B045DD ] tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys 15:22:53.0196 4716 tmevtmgr - ok 15:22:53.0259 4716 [ 48951FBFFFCAE52FADFCDFB76ED19749 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys 15:22:53.0290 4716 tmtdi - ok 15:22:53.0321 4716 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 15:22:53.0337 4716 TrkWks - ok 15:22:53.0399 4716 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 15:22:53.0399 4716 TrustedInstaller - ok 15:22:53.0446 4716 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 15:22:53.0462 4716 tssecsrv - ok 15:22:53.0508 4716 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 15:22:53.0540 4716 TsUsbFlt - ok 15:22:53.0555 4716 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 15:22:53.0571 4716 TsUsbGD - ok 15:22:53.0618 4716 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 15:22:53.0633 4716 tunnel - ok 15:22:53.0649 4716 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 15:22:53.0664 4716 uagp35 - ok 15:22:53.0680 4716 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 15:22:53.0711 4716 udfs - ok 15:22:53.0727 4716 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 15:22:53.0742 4716 UI0Detect - ok 15:22:53.0758 4716 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 15:22:53.0774 4716 uliagpkx - ok 15:22:53.0805 4716 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 15:22:53.0805 4716 umbus - ok 15:22:53.0836 4716 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 15:22:53.0836 4716 UmPass - ok 15:22:53.0976 4716 [ A678E5DDD974903DD71F503BDCACA218 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 15:22:53.0992 4716 UNS - ok 15:22:54.0023 4716 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 15:22:54.0023 4716 upnphost - ok 15:22:54.0054 4716 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 15:22:54.0070 4716 usbccgp - ok 15:22:54.0101 4716 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 15:22:54.0101 4716 usbcir - ok 15:22:54.0117 4716 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 15:22:54.0117 4716 usbehci - ok 15:22:54.0132 4716 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 15:22:54.0148 4716 usbhub - ok 15:22:54.0164 4716 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 15:22:54.0179 4716 usbohci - ok 15:22:54.0195 4716 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys 15:22:54.0195 4716 usbprint - ok 15:22:54.0210 4716 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS 15:22:54.0226 4716 USBSTOR - ok 15:22:54.0242 4716 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 15:22:54.0242 4716 usbuhci - ok 15:22:54.0288 4716 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 15:22:54.0335 4716 usbvideo - ok 15:22:54.0366 4716 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 15:22:54.0366 4716 UxSms - ok 15:22:54.0382 4716 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 15:22:54.0398 4716 VaultSvc - ok 15:22:54.0413 4716 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 15:22:54.0413 4716 vdrvroot - ok 15:22:54.0444 4716 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 15:22:54.0444 4716 vds - ok 15:22:54.0476 4716 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 15:22:54.0476 4716 vga - ok 15:22:54.0491 4716 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 15:22:54.0507 4716 VgaSave - ok 15:22:54.0538 4716 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 15:22:54.0554 4716 vhdmp - ok 15:22:54.0569 4716 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 15:22:54.0585 4716 viaide - ok 15:22:54.0600 4716 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 15:22:54.0600 4716 volmgr - ok 15:22:54.0616 4716 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 15:22:54.0616 4716 volmgrx - ok 15:22:54.0663 4716 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 15:22:54.0663 4716 volsnap - ok 15:22:54.0710 4716 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 15:22:54.0725 4716 vsmraid - ok 15:22:54.0788 4716 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 15:22:54.0803 4716 VSS - ok 15:22:54.0834 4716 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 15:22:54.0834 4716 vwifibus - ok 15:22:54.0866 4716 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 15:22:54.0881 4716 vwififlt - ok 15:22:54.0897 4716 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 15:22:54.0897 4716 vwifimp - ok 15:22:54.0944 4716 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 15:22:54.0944 4716 W32Time - ok 15:22:54.0959 4716 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 15:22:54.0975 4716 WacomPen - ok 15:22:55.0022 4716 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 15:22:55.0053 4716 WANARP - ok 15:22:55.0053 4716 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 15:22:55.0068 4716 Wanarpv6 - ok 15:22:55.0131 4716 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 15:22:55.0162 4716 WatAdminSvc - ok 15:22:55.0224 4716 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 15:22:55.0271 4716 wbengine - ok 15:22:55.0287 4716 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 15:22:55.0302 4716 WbioSrvc - ok 15:22:55.0318 4716 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 15:22:55.0318 4716 wcncsvc - ok 15:22:55.0349 4716 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 15:22:55.0365 4716 WcsPlugInService - ok 15:22:55.0380 4716 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 15:22:55.0396 4716 Wd - ok 15:22:55.0458 4716 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 15:22:55.0458 4716 Wdf01000 - ok 15:22:55.0474 4716 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 15:22:55.0490 4716 WdiServiceHost - ok 15:22:55.0505 4716 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 15:22:55.0505 4716 WdiSystemHost - ok 15:22:55.0521 4716 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 15:22:55.0536 4716 WebClient - ok 15:22:55.0552 4716 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 15:22:55.0568 4716 Wecsvc - ok 15:22:55.0568 4716 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 15:22:55.0583 4716 wercplsupport - ok 15:22:55.0599 4716 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 15:22:55.0614 4716 WerSvc - ok 15:22:55.0630 4716 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 15:22:55.0646 4716 WfpLwf - ok 15:22:55.0646 4716 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 15:22:55.0661 4716 WIMMount - ok 15:22:55.0661 4716 WinDefend - ok 15:22:55.0677 4716 WinHttpAutoProxySvc - ok 15:22:55.0724 4716 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 15:22:55.0724 4716 Winmgmt - ok 15:22:55.0802 4716 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 15:22:55.0848 4716 WinRM - ok 15:22:55.0911 4716 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys 15:22:55.0911 4716 WinUsb - ok 15:22:55.0958 4716 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 15:22:55.0958 4716 Wlansvc - ok 15:22:56.0004 4716 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 15:22:56.0004 4716 wlcrasvc - ok 15:22:56.0114 4716 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 15:22:56.0129 4716 wlidsvc - ok 15:22:56.0145 4716 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 15:22:56.0145 4716 WmiAcpi - ok 15:22:56.0176 4716 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 15:22:56.0207 4716 wmiApSrv - ok 15:22:56.0223 4716 WMPNetworkSvc - ok 15:22:56.0254 4716 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 15:22:56.0254 4716 WPCSvc - ok 15:22:56.0270 4716 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 15:22:56.0270 4716 WPDBusEnum - ok 15:22:56.0301 4716 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 15:22:56.0301 4716 ws2ifsl - ok 15:22:56.0316 4716 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 15:22:56.0316 4716 wscsvc - ok 15:22:56.0348 4716 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys 15:22:56.0348 4716 WSDPrintDevice - ok 15:22:56.0348 4716 WSearch - ok 15:22:56.0426 4716 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 15:22:56.0457 4716 wuauserv - ok 15:22:56.0473 4716 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 15:22:56.0488 4716 WudfPf - ok 15:22:56.0504 4716 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 15:22:56.0519 4716 WUDFRd - ok 15:22:56.0535 4716 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 15:22:56.0535 4716 wudfsvc - ok 15:22:56.0551 4716 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 15:22:56.0566 4716 WwanSvc - ok 15:22:56.0597 4716 ================ Scan global =============================== 15:22:56.0613 4716 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 15:22:56.0644 4716 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 15:22:56.0660 4716 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 15:22:56.0691 4716 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 15:22:56.0722 4716 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 15:22:56.0738 4716 [Global] - ok 15:22:56.0738 4716 ================ Scan MBR ================================== 15:22:56.0738 4716 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 15:22:57.0721 4716 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 15:22:57.0721 4716 \Device\Harddisk0\DR0 - detected TDSS File System (1) 15:22:57.0721 4716 ================ Scan VBR ================================== 15:22:57.0752 4716 [ A0C0CBB37A0DF7A0835AEC3B7F9EA1A2 ] \Device\Harddisk0\DR0\Partition1 15:22:57.0752 4716 \Device\Harddisk0\DR0\Partition1 - ok 15:22:57.0767 4716 [ 82A069933D0D1048A8329F59749FF3A7 ] \Device\Harddisk0\DR0\Partition2 15:22:57.0767 4716 \Device\Harddisk0\DR0\Partition2 - ok 15:22:57.0799 4716 [ E6F8FAE94618C1B50D06E655DC7D3612 ] \Device\Harddisk0\DR0\Partition3 15:22:57.0799 4716 \Device\Harddisk0\DR0\Partition3 - ok 15:22:57.0814 4716 [ 38F36BC6900AC0CE4F4BF57A69F404A4 ] \Device\Harddisk0\DR0\Partition4 15:22:57.0814 4716 \Device\Harddisk0\DR0\Partition4 - ok 15:22:57.0830 4716 ============================================================ 15:22:57.0830 4716 Scan finished 15:22:57.0830 4716 ============================================================ 15:22:57.0845 0848 Detected object count: 1 15:22:57.0845 0848 Actual detected object count: 1 15:23:44.0302 0848 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 15:23:44.0302 0848 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
	to forum · permalink · 2013-02-16 19:16:11 ·

Broadband Tech > Security > Security Cleanup > [Trojan] Trojan.Agent Trouble