Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

No internet access, software/hardware not recognised... [Closed]

Started by Crouchy , Jun 04 2012 11:29 AM

  • This topic is locked This topic is locked

#1
Crouchy
Posted 04 June 2012 - 11:29 AM

Crouchy

    Member

  • Member
  • PipPip
  • 17 posts
Hello,

I was wondering if someone would please be able to help!

My gf's laptop will not access the internet, it works on other computers in our flat (wireless and wired).

The computer is failing to recognise a lot of installed software and hardware (e.g. memory sticks and the internal graphics), stating 'it does not exist as an installed service'. Even things such as opening the registry from the search bar are not recognised. Strangely if you open a program such as Word we are able to access files from memory sticks even though they don't appear in the 'Computer' folder.

We are also unable to unistall programs due to the above issue, they are not recognised properly.

I have tried Malwarebytes anti malware (which recognised a trojan) and Comodo (which is unable to run fully as it needs to access the internet as part of its scan). For the same reason AVG won't install. The issue is still ongoing though.

The firewall (mcafee) says that it is on but when you go into the firewall section it says that it is off. When you click 'turn on' it flicks on for a split second and then back off.

Is this due to malware? Or is the computer itself messing up? It's only a year old (just out of warranty sadly!) Is there a way of sorting it?

Safe mode is the only way in which I could get OTL and the other antivirus related software to run.

Here is the log:


OTL logfile created on: 6/4/2012 6:06:28 PM - Run 1
OTL by OldTimer - Version 3.2.46.0 Folder = C:\Users\Laura\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.80 Gb Total Physical Memory | 5.26 Gb Available Physical Memory | 90.60% Memory free
11.60 Gb Paging File | 11.07 Gb Available in Paging File | 95.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 445.26 Gb Total Space | 362.52 Gb Free Space | 81.42% Space Free | Partition Type: NTFS
Drive D: | 20.20 Gb Total Space | 2.94 Gb Free Space | 14.54% Space Free | Partition Type: NTFS
Drive F: | 99.02 Mb Total Space | 88.39 Mb Free Space | 89.26% Space Free | Partition Type: FAT32

Computer Name: LAURA-HP | User Name: Laura | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/04 17:41:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Laura\Desktop\OTL.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/22 19:30:56 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012/03/20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/03/20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/03/20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/09/16 09:54:35 | 001,028,096 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/06/29 19:52:12 | 004,181,256 | ---- | M] (Motorola, Inc.) [On_Demand | Stopped] -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)
SRV:64bit: - [2010/06/22 06:57:44 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/19 00:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/18 06:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/05/20 21:28:14 | 000,677,128 | ---- | M] (Motorola, Inc.) [Auto | Stopped] -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV:64bit: - [2010/05/20 21:28:12 | 001,096,968 | ---- | M] (Motorola, Inc.) [On_Demand | Stopped] -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)
SRV:64bit: - [2010/04/24 02:42:40 | 000,445,192 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2010/02/23 15:38:54 | 002,192,176 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009/07/14 02:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009/07/14 02:41:21 | 000,084,480 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (WPDBusEnum)
SRV:64bit: - [2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (WebClient)
SRV:64bit: - [2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (SensrSvc)
SRV:64bit: - [2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (RasMan)
SRV:64bit: - [2009/07/08 20:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/03/03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/05/05 09:28:35 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/05/21 16:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/09/16 09:54:34 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/30 04:51:12 | 000,245,232 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe -- (CLKMSVC10_C6F09094)
SRV - [2010/05/01 02:21:14 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/05/01 02:21:14 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/04/04 00:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/23 15:19:02 | 001,799,472 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2009/07/14 02:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 21:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/02/22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/02/22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/21 17:46:54 | 001,360,960 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/03/11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/25 19:14:16 | 000,013,168 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SMARTMouseFilterx64.sys -- (SMARTMouseFilterx64)
DRV:64bit: - [2011/01/25 19:14:02 | 000,024,944 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SMARTVTabletPCx64.sys -- (SMARTVTabletPCx64)
DRV:64bit: - [2011/01/25 19:14:00 | 000,016,368 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SMARTVHidMiniVistaAmd64.sys -- (SMARTVHidMiniVistaAmd64)
DRV:64bit: - [2010/07/23 14:35:16 | 000,327,680 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010/06/29 18:12:26 | 003,232,768 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmusb.sys -- (BTMUSB)
DRV:64bit: - [2010/06/25 06:32:52 | 000,032,880 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/06/22 08:17:52 | 006,856,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/06/22 06:28:32 | 010,342,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010/06/22 06:28:32 | 010,342,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/22 06:24:12 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/06/18 06:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/05/28 00:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/05/06 14:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/05/01 02:21:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2010/04/13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/10 00:53:04 | 000,052,736 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmcom.sys -- (BTMCOM)
DRV:64bit: - [2010/03/05 06:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/01/11 23:31:04 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/10/26 21:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009/07/14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/14 00:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009/07/08 20:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 20:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {1465584F-264B-46E6-8DF8-09396C4BA092}
IE:64bit: - HKLM\..\SearchScopes\{1465584F-264B-46E6-8DF8-09396C4BA092}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{566CDDC4-92CC-49DA-9CE5-99E95E4C3FBF}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{58245B88-AD40-43C3-9488-9DED54638ECC}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2
IE - HKLM\..\SearchScopes,DefaultScope = {1465584F-264B-46E6-8DF8-09396C4BA092}
IE - HKLM\..\SearchScopes\{1465584F-264B-46E6-8DF8-09396C4BA092}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{566CDDC4-92CC-49DA-9CE5-99E95E4C3FBF}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{58245B88-AD40-43C3-9488-9DED54638ECC}: "URL" = http://en.wikipedia....h={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {A736982C-065E-45E2-9822-28C665028BCA}
IE - HKCU\..\SearchScopes\{1465584F-264B-46E6-8DF8-09396C4BA092}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{566CDDC4-92CC-49DA-9CE5-99E95E4C3FBF}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{58245B88-AD40-43C3-9488-9DED54638ECC}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{A736982C-065E-45E2-9822-28C665028BCA}: "URL" = http://www.google.co...1I7ADRA_enGB448
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/09/16 10:14:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/06/07 11:05:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/03/12 19:33:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/05/01 17:30:37 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120429191607.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120429191608.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (@c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] DLL32.EXE "C:\PROGRAM FILES\MOTOROLA\BLUETOOTH\BTMSHELL.DLL",TRAYAPP File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE File not found
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] .EXE /HIDDEN File not found
O4:64bit: - HKLM..\Run: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE File not found
O4:64bit: - HKLM..\Run: [IntelliPoint] T.EXE" File not found
O4:64bit: - HKLM..\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE File not found
O4:64bit: - HKLM..\Run: [SmartMenu] D File not found
O4:64bit: - HKLM..\Run: [SynTPEnh] H.EXE File not found
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B956E34E-A87F-4AAB-82AD-9CEC55F654E9}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/04 18:04:03 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Laura\Desktop\OTL.exe
[2012/06/04 17:12:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/06/04 17:11:58 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/06/04 16:40:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/06/04 16:00:36 | 000,000,000 | ---D | C] -- C:\Users\Laura\Desktop\cce_1.6.183539.73_x64
[2012/06/04 15:00:17 | 007,557,128 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Laura\Desktop\mbam-rules.exe
[2012/06/04 14:59:34 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/04 14:59:12 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Laura\Desktop\mbam-setup-1.50.1.1100.exe
[2012/05/27 15:10:08 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Roaming\Malwarebytes
[2012/05/27 15:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/11 23:17:34 | 000,000,000 | ---D | C] -- C:\Users\Laura\Desktop\LITERACY
[2012/05/10 20:04:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/10 18:41:54 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/05/10 18:41:54 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/05/10 18:41:53 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/10 18:41:52 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/05/10 18:41:52 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll

========== Files - Modified Within 30 Days ==========

[2012/06/04 18:05:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/04 18:05:20 | 377,901,055 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/04 18:04:42 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/04 18:04:42 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/04 18:01:12 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/04 17:41:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Laura\Desktop\OTL.exe
[2012/06/04 16:40:54 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2012/06/04 16:11:10 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/27 15:39:58 | 007,557,128 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Laura\Desktop\mbam-rules.exe
[2012/05/18 23:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/15 17:57:56 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLaura.job
[2012/05/11 20:46:27 | 688,795,059 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/05/10 20:12:19 | 000,732,070 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/10 20:12:19 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/10 20:12:19 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2011/12/04 10:47:42 | 000,000,000 | ---- | C] () -- C:\Users\Laura\AppData\Local\{E4EFA95F-B99C-4290-8C08-7787A035BDAC}
[2011/07/11 19:57:48 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2010/09/16 09:56:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/16 09:50:19 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010/09/16 09:48:59 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/09/16 09:48:59 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/09/16 09:48:59 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/09/16 09:48:59 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/09/16 09:48:58 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/09/16 09:48:56 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/09/16 09:48:36 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/09/16 09:48:36 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/09/16 09:45:31 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/07/23 16:57:52 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/07/23 16:06:16 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010/07/23 15:55:53 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\HP Documentation.ini

< End of report >
  • 0

Advertisements

#2
Nedklaw
Posted 04 June 2012 - 11:34 AM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello, Crouchy! :wave:

:welcome: I'm Nedklaw and I'll be glad to help you with your malware issues. :)

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for Crouchy only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:
  • Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
  • Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
  • Be patient with me, logs can take some time to research and my life can mean that I'm busy.
  • Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
  • Refrain from running any other tools apart from the ones I tell you to.
Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.

First, we will get some other logs from some different tools:


Step 1

Download aswMBR.exe (4.5MB) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.
If Avast asks to download definitions, please say Yes.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image


Step 2

Please download Farbar Service Scanner and transfer it to the computer with the internet issue. Double click the file to run it.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    Posted Image
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Things I want to see in your next reply

  • aswMBR.txt
  • FSS.txt
  • 0

#3
Crouchy
Posted 04 June 2012 - 02:04 PM

Crouchy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi Nedklaw, thanks for your help!

Although it asked me to use Avast it was unable to as internet access is still unavailable.

Here is the first log:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-04 20:56:15
-----------------------------
20:56:15.525 OS Version: Windows x64 6.1.7600
20:56:15.525 Number of processors: 4 586 0x2505
20:56:15.525 ComputerName: LAURA-HP UserName: Laura
20:56:15.993 Initialize success
20:56:21.515 AVAST engine download error: 0
20:56:25.867 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:56:25.867 Disk 0 Vendor: SAMSUNG_ 2AK1 Size: 476940MB BusType: 3
20:56:25.883 Device \Driver\iaStor -> MajorFunction fffffa8007c9b5c4
20:56:25.883 Disk 0 MBR read successfully
20:56:25.883 Disk 0 MBR scan
20:56:25.883 Disk 0 unknown MBR code
20:56:25.883 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
20:56:25.899 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 455951 MB offset 409600
20:56:25.914 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 20685 MB offset 934197248
20:56:25.945 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
20:56:25.977 Disk 0 scanning C:\Windows\system32\drivers
20:56:31.655 Service scanning
20:56:45.040 Modules scanning
20:56:45.040 Disk 0 trace - called modules:
20:56:45.040 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys >>UNKNOWN [0xfffffa8007c9b5c4]<<
20:56:45.040 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006ae8060]
20:56:45.056 3 CLASSPNP.SYS[fffff880017cb43f] -> nt!IofCallDriver -> [0xfffffa80069c5b10]
20:56:45.056 5 hpdskflt.sys[fffff8800182d289] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006838050]
20:56:45.056 \Driver\iaStor[0xfffffa8007f69910] -> IRP_MJ_CREATE -> 0xfffffa8007c9b5c4
20:56:45.056 Scan finished successfully
20:57:09.204 Disk 0 MBR has been saved successfully to "H:\Fix Dobbin Comp\MBR.dat"
20:57:09.236 The log file has been saved successfully to "H:\Fix Dobbin Comp\aswMBR log.txt"


Here is the 2nd:

Farbar Service Scanner Version: 05-06-2012
Ran by Laura (administrator) on 04-06-2012 at 20:58:35
Running from "C:\Users\Laura\Desktop"
Windows 7 Home Premium (X64)
Boot Mode: Nerwork
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Nsi Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blokked: Other errors
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

PlugPlay Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open PlugPlay registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open PlugPlay registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-03-11 19:28] - [2011-12-28 04:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-10 18:38] - [2012-03-30 12:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-14 01:09] - [2009-07-14 02:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-14 00:36] - [2009-07-14 02:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-14 01:36] - [2009-07-14 02:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#4
Nedklaw
Posted 05 June 2012 - 08:33 AM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Double-click on TDSSKiller.exe to run the application, then click on Change Parameters.

    Posted Image

  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image

  • Click the Start Scan button.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image

  • If malicious objects are found, they will show in the Scan results and offer 3 options.
  • Ensure Cure is selected, then click Continue --> Reboot Computer to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents in your next reply.


Step 2

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry

  • Download ERUNT.
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed).
  • Install ERUNT by following the prompts.
    (Use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later).
  • Start ERUNT.
    (Either by double clicking on the desktop icon or choosing to start the program at the end of the setup).
  • Choose a location for the backup.
    (The default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked.
  • Press OK.
  • Press YES to create the folder.
Posted Image


Step 3

  • Download and extract the following files to your desktop: Attached File  Services.zip   3.76KB   89 downloads
  • Double-click services.reg and start_services.bat and confirm the prompts.

Step 4

Please run Farbar Service Scanner again.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    Posted Image
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Things I want to see in your next reply

  • TDSSKiller.[Version]_[Date]_[Time]_log.txt
  • FSS.txt
  • 0

#5
Crouchy
Posted 05 June 2012 - 02:01 PM

Crouchy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi, thanks for your reply!

I followed all the steps. There was one malware object found by the first program.

The only thing that didn't work exactly was when I opened the services file I received the following error message: 'cannot import C:...etc...reg Not all data was successfully written to the registry. Some keys are open by the system or other processes.'

Here is the TDSSKiller log:

20:41:16.0306 0928 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
20:41:16.0337 0928 ============================================================
20:41:16.0337 0928 Current date / time: 2012/06/05 20:41:16.0337
20:41:16.0337 0928 SystemInfo:
20:41:16.0337 0928
20:41:16.0337 0928 OS Version: 6.1.7600 ServicePack: 0.0
20:41:16.0337 0928 Product type: Workstation
20:41:16.0337 0928 ComputerName: LAURA-HP
20:41:16.0337 0928 UserName: Laura
20:41:16.0337 0928 Windows directory: C:\Windows
20:41:16.0337 0928 System windows directory: C:\Windows
20:41:16.0337 0928 Running under WOW64
20:41:16.0337 0928 Processor architecture: Intel x64
20:41:16.0337 0928 Number of processors: 4
20:41:16.0337 0928 Page size: 0x1000
20:41:16.0337 0928 Boot type: Safe boot with network
20:41:16.0337 0928 ============================================================
20:41:16.0774 0928 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:41:16.0774 0928 Drive \Device\Harddisk1\DR1 - Size: 0x3A2360000 (14.53 Gb), SectorSize: 0x200, Cylinders: 0x769, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:41:16.0774 0928 ============================================================
20:41:16.0774 0928 \Device\Harddisk0\DR0:
20:41:16.0774 0928 MBR partitions:
20:41:16.0774 0928 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
20:41:16.0774 0928 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37A87800
20:41:16.0774 0928 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x37AEB800, BlocksNum 0x2866800
20:41:16.0774 0928 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
20:41:16.0774 0928 \Device\Harddisk1\DR1:
20:41:16.0774 0928 MBR partitions:
20:41:16.0774 0928 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x1D0FB80
20:41:16.0774 0928 ============================================================
20:41:16.0821 0928 C: <-> \Device\Harddisk0\DR0\Partition1
20:41:16.0868 0928 D: <-> \Device\Harddisk0\DR0\Partition2
20:41:16.0868 0928 F: <-> \Device\Harddisk0\DR0\Partition3
20:41:16.0868 0928 ============================================================
20:41:16.0868 0928 Initialize success
20:41:16.0868 0928 ============================================================
20:41:56.0507 0128 ============================================================
20:41:56.0507 0128 Scan started
20:41:56.0507 0128 Mode: Manual; SigCheck; TDLFS;
20:41:56.0507 0128 ============================================================
20:41:56.0694 0128 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
20:41:56.0991 0128 1394ohci - ok
20:41:57.0038 0128 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
20:41:57.0334 0128 Accelerometer - ok
20:41:57.0396 0128 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
20:41:57.0412 0128 ACPI - ok
20:41:57.0428 0128 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
20:41:57.0490 0128 AcpiPmi - ok
20:41:57.0599 0128 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:41:57.0615 0128 AdobeARMservice - ok
20:41:57.0724 0128 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:41:57.0724 0128 AdobeFlashPlayerUpdateSvc - ok
20:41:57.0786 0128 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:41:57.0802 0128 adp94xx - ok
20:41:57.0864 0128 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:41:57.0880 0128 adpahci - ok
20:41:57.0911 0128 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:41:57.0927 0128 adpu320 - ok
20:41:57.0942 0128 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:41:58.0083 0128 AeLookupSvc - ok
20:41:58.0192 0128 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
20:41:58.0254 0128 AESTFilters - ok
20:41:58.0301 0128 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
20:41:58.0348 0128 AFD - ok
20:41:58.0410 0128 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
20:41:58.0410 0128 agp440 - ok
20:41:58.0442 0128 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:41:58.0473 0128 ALG - ok
20:41:58.0535 0128 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
20:41:58.0535 0128 aliide - ok
20:41:58.0613 0128 AMD External Events Utility (cc180e1e0700995340c838bc1a729577) C:\Windows\system32\atiesrxx.exe
20:41:58.0660 0128 AMD External Events Utility - ok
20:41:58.0691 0128 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
20:41:58.0707 0128 amdide - ok
20:41:58.0738 0128 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:41:58.0769 0128 AmdK8 - ok
20:41:58.0988 0128 amdkmdag (8155ea1864d1fa8b168c46c41ed97a76) C:\Windows\system32\DRIVERS\atikmdag.sys
20:41:59.0128 0128 amdkmdag - ok
20:41:59.0253 0128 amdkmdap (4841c7af2bac05ae23955d65b4336446) C:\Windows\system32\DRIVERS\atikmpag.sys
20:41:59.0253 0128 amdkmdap - ok
20:41:59.0284 0128 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:41:59.0315 0128 AmdPPM - ok
20:41:59.0346 0128 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
20:41:59.0362 0128 amdsata - ok
20:41:59.0409 0128 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:41:59.0424 0128 amdsbs - ok
20:41:59.0440 0128 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
20:41:59.0440 0128 amdxata - ok
20:41:59.0502 0128 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
20:41:59.0534 0128 AppID - ok
20:41:59.0565 0128 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:41:59.0643 0128 AppIDSvc - ok
20:41:59.0752 0128 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:41:59.0768 0128 Apple Mobile Device - ok
20:41:59.0783 0128 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:41:59.0799 0128 arc - ok
20:41:59.0814 0128 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:41:59.0830 0128 arcsas - ok
20:41:59.0861 0128 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:41:59.0908 0128 AsyncMac - ok
20:41:59.0955 0128 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
20:41:59.0970 0128 atapi - ok
20:42:00.0033 0128 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
20:42:00.0033 0128 AtiHdmiService - ok
20:42:00.0080 0128 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
20:42:00.0142 0128 AudioEndpointBuilder - ok
20:42:00.0142 0128 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
20:42:00.0173 0128 AudioSrv - ok
20:42:00.0220 0128 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:42:00.0251 0128 b06bdrv - ok
20:42:00.0282 0128 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:42:00.0298 0128 b57nd60a - ok
20:42:00.0345 0128 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:42:00.0376 0128 BDESVC - ok
20:42:00.0407 0128 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:42:00.0454 0128 Beep - ok
20:42:00.0501 0128 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
20:42:00.0594 0128 BITS - ok
20:42:00.0641 0128 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:42:00.0657 0128 blbdrive - ok
20:42:00.0797 0128 Bluetooth Device Manager (2bbd2ab07d779278114ba6a694972f1a) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
20:42:00.0891 0128 Bluetooth Device Manager - ok
20:42:00.0922 0128 Bluetooth Media Service (87d6a02028e47ca696c4294c658e3ee6) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
20:42:00.0938 0128 Bluetooth Media Service - ok
20:42:00.0969 0128 Bluetooth OBEX Service (9af4b2cf2f98cf6157cdfd917ae5785b) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
20:42:01.0000 0128 Bluetooth OBEX Service - ok
20:42:01.0094 0128 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:42:01.0109 0128 Bonjour Service - ok
20:42:01.0218 0128 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
20:42:01.0265 0128 bowser - ok
20:42:01.0312 0128 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:42:01.0343 0128 BrFiltLo - ok
20:42:01.0390 0128 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:42:01.0406 0128 BrFiltUp - ok
20:42:01.0437 0128 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
20:42:01.0484 0128 Browser - ok
20:42:01.0499 0128 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:42:01.0530 0128 Brserid - ok
20:42:01.0562 0128 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:42:01.0577 0128 BrSerWdm - ok
20:42:01.0624 0128 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:42:01.0624 0128 BrUsbMdm - ok
20:42:01.0671 0128 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:42:01.0686 0128 BrUsbSer - ok
20:42:01.0718 0128 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
20:42:01.0749 0128 BthEnum - ok
20:42:01.0780 0128 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:42:01.0796 0128 BTHMODEM - ok
20:42:01.0858 0128 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
20:42:01.0889 0128 BthPan - ok
20:42:01.0905 0128 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
20:42:01.0952 0128 BTHPORT - ok
20:42:01.0998 0128 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:42:02.0061 0128 bthserv - ok
20:42:02.0092 0128 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
20:42:02.0092 0128 BTHUSB - ok
20:42:02.0139 0128 BTMCOM (e588420b950dac5ac397f76660bce520) C:\Windows\system32\Drivers\btmcom.sys
20:42:02.0139 0128 BTMCOM - ok
20:42:02.0248 0128 BTMUSB (4eef6b894e05fc245640dcee9190a053) C:\Windows\system32\Drivers\btmusb.sys
20:42:02.0326 0128 BTMUSB - ok
20:42:02.0420 0128 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:42:02.0466 0128 cdfs - ok
20:42:02.0513 0128 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
20:42:02.0529 0128 cdrom - ok
20:42:02.0560 0128 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
20:42:02.0607 0128 CertPropSvc - ok
20:42:02.0685 0128 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
20:42:02.0700 0128 cfwids - ok
20:42:02.0763 0128 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:42:02.0794 0128 circlass - ok
20:42:02.0825 0128 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:42:02.0841 0128 CLFS - ok
20:42:02.0966 0128 CLKMSVC10_C6F09094 (dede5ec7dc09d840d5d74e06ff4de127) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe
20:42:02.0981 0128 CLKMSVC10_C6F09094 - ok
20:42:03.0044 0128 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:42:03.0059 0128 clr_optimization_v2.0.50727_32 - ok
20:42:03.0122 0128 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:42:03.0122 0128 clr_optimization_v2.0.50727_64 - ok
20:42:03.0215 0128 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:42:03.0262 0128 clr_optimization_v4.0.30319_32 - ok
20:42:03.0278 0128 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:42:03.0293 0128 clr_optimization_v4.0.30319_64 - ok
20:42:03.0356 0128 clwvd (9573e8c7c3b3d1625fd941841fd0859c) C:\Windows\system32\DRIVERS\clwvd.sys
20:42:03.0371 0128 clwvd - ok
20:42:03.0402 0128 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:42:03.0434 0128 CmBatt - ok
20:42:03.0480 0128 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
20:42:03.0480 0128 cmdide - ok
20:42:03.0543 0128 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
20:42:03.0605 0128 CNG - ok
20:42:03.0621 0128 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:42:03.0636 0128 Compbatt - ok
20:42:03.0636 0128 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:42:03.0668 0128 CompositeBus - ok
20:42:03.0683 0128 COMSysApp - ok
20:42:03.0714 0128 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:42:03.0730 0128 crcdisk - ok
20:42:03.0777 0128 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
20:42:03.0824 0128 CryptSvc - ok
20:42:03.0886 0128 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
20:42:03.0933 0128 DcomLaunch - ok
20:42:03.0980 0128 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:42:04.0042 0128 defragsvc - ok
20:42:04.0073 0128 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
20:42:04.0120 0128 DfsC - ok
20:42:04.0151 0128 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
20:42:04.0214 0128 Dhcp - ok
20:42:04.0245 0128 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:42:04.0292 0128 discache - ok
20:42:04.0338 0128 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:42:04.0354 0128 Disk - ok
20:42:04.0401 0128 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
20:42:04.0432 0128 Dnscache - ok
20:42:04.0479 0128 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
20:42:04.0541 0128 dot3svc - ok
20:42:04.0619 0128 DpHost (3e6b2753a09d46958f5d0df8e1b650ca) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
20:42:04.0635 0128 DpHost - ok
20:42:04.0635 0128 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
20:42:04.0697 0128 DPS - ok
20:42:04.0760 0128 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:42:04.0775 0128 drmkaud - ok
20:42:04.0806 0128 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
20:42:04.0838 0128 DXGKrnl - ok
20:42:04.0853 0128 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:42:04.0900 0128 EapHost - ok
20:42:04.0994 0128 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:42:05.0072 0128 ebdrv - ok
20:42:05.0134 0128 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
20:42:05.0165 0128 EFS - ok
20:42:05.0259 0128 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
20:42:05.0290 0128 ehRecvr - ok
20:42:05.0352 0128 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:42:05.0352 0128 ehSched - ok
20:42:05.0446 0128 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:42:05.0462 0128 elxstor - ok
20:42:05.0477 0128 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
20:42:05.0493 0128 ErrDev - ok
20:42:05.0555 0128 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:42:05.0618 0128 EventSystem - ok
20:42:05.0664 0128 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:42:05.0711 0128 exfat - ok
20:42:05.0742 0128 ezSharedSvc - ok
20:42:05.0758 0128 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:42:05.0805 0128 fastfat - ok
20:42:05.0852 0128 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
20:42:05.0883 0128 Fax - ok
20:42:05.0930 0128 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:42:05.0945 0128 fdc - ok
20:42:05.0976 0128 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:42:06.0023 0128 fdPHost - ok
20:42:06.0039 0128 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:42:06.0070 0128 FDResPub - ok
20:42:06.0086 0128 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:42:06.0101 0128 FileInfo - ok
20:42:06.0101 0128 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:42:06.0148 0128 Filetrace - ok
20:42:06.0242 0128 FLEXnet Licensing Service (3d9b36631032fde0ffea0dc0260e4e35) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:42:06.0257 0128 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
20:42:06.0257 0128 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
20:42:06.0320 0128 FLEXnet Licensing Service 64 (52c0312ab35eb7187015fb6a99136bb5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
20:42:06.0366 0128 FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - warning
20:42:06.0366 0128 FLEXnet Licensing Service 64 - detected UnsignedFile.Multi.Generic (1)
20:42:06.0476 0128 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:42:06.0491 0128 flpydisk - ok
20:42:06.0522 0128 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
20:42:06.0522 0128 FltMgr - ok
20:42:06.0600 0128 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:42:06.0600 0128 FontCache3.0.0.0 - ok
20:42:06.0632 0128 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:42:06.0632 0128 FsDepends - ok
20:42:06.0663 0128 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
20:42:06.0678 0128 Fs_Rec - ok
20:42:06.0741 0128 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:42:06.0772 0128 fvevol - ok
20:42:06.0834 0128 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:42:06.0850 0128 gagp30kx - ok
20:42:06.0928 0128 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
20:42:06.0928 0128 GameConsoleService - ok
20:42:06.0975 0128 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:42:06.0990 0128 GEARAspiWDM - ok
20:42:07.0022 0128 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
20:42:07.0068 0128 gpsvc - ok
20:42:07.0162 0128 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:42:07.0178 0128 gupdate - ok
20:42:07.0178 0128 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:42:07.0193 0128 gupdatem - ok
20:42:07.0240 0128 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:42:07.0256 0128 gusvc - ok
20:42:07.0287 0128 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:42:07.0318 0128 hcw85cir - ok
20:42:07.0349 0128 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
20:42:07.0380 0128 HdAudAddService - ok
20:42:07.0396 0128 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:42:07.0427 0128 HDAudBus - ok
20:42:07.0474 0128 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
20:42:07.0490 0128 HECIx64 - ok
20:42:07.0505 0128 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:42:07.0521 0128 HidBatt - ok
20:42:07.0552 0128 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:42:07.0583 0128 HidBth - ok
20:42:07.0614 0128 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:42:07.0630 0128 HidIr - ok
20:42:07.0661 0128 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:42:07.0708 0128 hidserv - ok
20:42:07.0755 0128 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
20:42:07.0770 0128 HidUsb - ok
20:42:07.0786 0128 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
20:42:07.0848 0128 hkmsvc - ok
20:42:07.0880 0128 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
20:42:07.0895 0128 HomeGroupListener - ok
20:42:07.0942 0128 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
20:42:07.0942 0128 HomeGroupProvider - ok
20:42:08.0036 0128 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
20:42:08.0051 0128 HP Support Assistant Service - ok
20:42:08.0145 0128 HP Wireless Assistant Service (3a09322a8aa8b0c79036686a0ebe7b4c) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
20:42:08.0160 0128 HP Wireless Assistant Service - ok
20:42:08.0223 0128 HPDrvMntSvc.exe (c958976c7daaf47084a33ebbc6e28b84) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
20:42:08.0238 0128 HPDrvMntSvc.exe - ok
20:42:08.0254 0128 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
20:42:08.0270 0128 hpdskflt - ok
20:42:08.0332 0128 hpqwmiex (09fbd4c4db2fd84b9ab1c5bfdcc95559) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
20:42:08.0348 0128 hpqwmiex - ok
20:42:08.0394 0128 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:42:08.0410 0128 HpSAMD - ok
20:42:08.0410 0128 hpsrv (aa036cc5f5221d9b915f4d4dce74ba9a) C:\Windows\system32\Hpservice.exe
20:42:08.0426 0128 hpsrv - ok
20:42:08.0488 0128 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
20:42:08.0504 0128 HPWMISVC - ok
20:42:08.0550 0128 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
20:42:08.0582 0128 HTTP - ok
20:42:08.0597 0128 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
20:42:08.0613 0128 hwpolicy - ok
20:42:08.0644 0128 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:42:08.0660 0128 i8042prt - ok
20:42:08.0675 0128 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
20:42:08.0691 0128 iaStor - ok
20:42:08.0769 0128 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
20:42:08.0784 0128 iaStorV - ok
20:42:08.0894 0128 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:42:08.0909 0128 idsvc - ok
20:42:09.0143 0128 igfx (fbacbed7a37b3223822470ff1d8ea00f) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:42:09.0315 0128 igfx - ok
20:42:09.0424 0128 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:42:09.0424 0128 iirsp - ok
20:42:09.0471 0128 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
20:42:09.0533 0128 IKEEXT - ok
20:42:09.0580 0128 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
20:42:09.0611 0128 Impcd - ok
20:42:09.0627 0128 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
20:42:09.0642 0128 intelide - ok
20:42:09.0892 0128 intelkmd (fbacbed7a37b3223822470ff1d8ea00f) C:\Windows\system32\DRIVERS\igdpmd64.sys
20:42:10.0064 0128 intelkmd - ok
20:42:10.0142 0128 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:42:10.0173 0128 intelppm - ok
20:42:10.0204 0128 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:42:10.0235 0128 IpFilterDriver - ok
20:42:10.0266 0128 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:42:10.0266 0128 IPMIDRV - ok
20:42:10.0298 0128 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:42:10.0344 0128 IPNAT - ok
20:42:10.0438 0128 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
20:42:10.0454 0128 iPod Service - ok
20:42:10.0485 0128 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:42:10.0532 0128 IRENUM - ok
20:42:10.0563 0128 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
20:42:10.0578 0128 isapnp - ok
20:42:10.0610 0128 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
20:42:10.0625 0128 iScsiPrt - ok
20:42:10.0656 0128 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:42:10.0672 0128 kbdclass - ok
20:42:10.0703 0128 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
20:42:10.0734 0128 kbdhid - ok
20:42:10.0781 0128 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:42:10.0781 0128 KeyIso - ok
20:42:10.0828 0128 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
20:42:10.0844 0128 KSecDD - ok
20:42:10.0859 0128 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
20:42:10.0859 0128 KSecPkg - ok
20:42:10.0890 0128 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:42:10.0937 0128 ksthunk - ok
20:42:11.0000 0128 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:42:11.0046 0128 KtmRm - ok
20:42:11.0109 0128 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
20:42:11.0140 0128 LanmanServer - ok
20:42:11.0171 0128 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
20:42:11.0218 0128 LanmanWorkstation - ok
20:42:11.0312 0128 LightScribeService (07b1888209c54b675ffccbde9f06d2c6) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:42:11.0312 0128 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
20:42:11.0312 0128 LightScribeService - detected UnsignedFile.Multi.Generic (1)
20:42:11.0343 0128 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:42:11.0374 0128 lltdio - ok
20:42:11.0421 0128 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:42:11.0468 0128 lltdsvc - ok
20:42:11.0483 0128 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:42:11.0530 0128 lmhosts - ok
20:42:11.0624 0128 LMS (6d515466ab8bfe61184092b635ae6eb4) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:42:11.0639 0128 LMS - ok
20:42:11.0686 0128 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:42:11.0702 0128 LSI_FC - ok
20:42:11.0733 0128 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:42:11.0748 0128 LSI_SAS - ok
20:42:11.0780 0128 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:42:11.0780 0128 LSI_SAS2 - ok
20:42:11.0795 0128 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:42:11.0811 0128 LSI_SCSI - ok
20:42:11.0873 0128 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:42:11.0936 0128 luafv - ok
20:42:12.0154 0128 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:42:12.0170 0128 McAfee SiteAdvisor Service - ok
20:42:12.0201 0128 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:42:12.0216 0128 McMPFSvc - ok
20:42:12.0232 0128 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:42:12.0248 0128 mcmscsvc - ok
20:42:12.0263 0128 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:42:12.0279 0128 McNaiAnn - ok
20:42:12.0326 0128 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:42:12.0357 0128 McNASvc - ok
20:42:12.0700 0128 McODS (dd01bf24dd6bf70a90549f9a7bb2d1eb) C:\Program Files\McAfee\VirusScan\mcods.exe
20:42:12.0747 0128 McODS - ok
20:42:12.0762 0128 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:42:12.0778 0128 McProxy - ok
20:42:13.0574 0128 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
20:42:13.0605 0128 McShield - ok
20:42:13.0854 0128 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
20:42:13.0901 0128 Mcx2Svc - ok
20:42:14.0042 0128 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:42:14.0073 0128 megasas - ok
20:42:14.0619 0128 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:42:14.0650 0128 MegaSR - ok
20:42:15.0009 0128 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
20:42:15.0040 0128 mfeapfk - ok
20:42:15.0758 0128 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
20:42:15.0773 0128 mfeavfk - ok
20:42:16.0132 0128 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
20:42:16.0132 0128 mfefire - ok
20:42:17.0364 0128 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
20:42:17.0380 0128 mfefirek - ok
20:42:17.0832 0128 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
20:42:17.0864 0128 mfehidk - ok
20:42:18.0020 0128 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
20:42:18.0035 0128 mfenlfk - ok
20:42:18.0363 0128 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
20:42:18.0378 0128 mferkdet - ok
20:42:18.0472 0128 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe
20:42:18.0488 0128 mfevtp - ok
20:42:18.0722 0128 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
20:42:18.0737 0128 mfewfpk - ok
20:42:18.0768 0128 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:42:18.0815 0128 MMCSS - ok
20:42:18.0878 0128 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:42:18.0956 0128 Modem - ok
20:42:19.0049 0128 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:42:19.0080 0128 monitor - ok
20:42:19.0112 0128 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:42:19.0112 0128 mouclass - ok
20:42:19.0252 0128 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:42:19.0283 0128 mouhid - ok
20:42:19.0361 0128 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
20:42:19.0377 0128 mountmgr - ok
20:42:19.0392 0128 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
20:42:19.0408 0128 mpio - ok
20:42:19.0424 0128 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:42:19.0470 0128 mpsdrv - ok
20:42:19.0486 0128 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
20:42:19.0517 0128 MRxDAV - ok
20:42:19.0548 0128 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:42:19.0580 0128 mrxsmb - ok
20:42:19.0611 0128 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:42:19.0642 0128 mrxsmb10 - ok
20:42:19.0673 0128 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:42:19.0689 0128 mrxsmb20 - ok
20:42:19.0845 0128 msahci (5e939cf91ea4a841dbafe4627e0292bb) C:\Windows\system32\DRIVERS\msahci.sys
20:42:19.0860 0128 msahci - ok
20:42:19.0938 0128 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
20:42:19.0970 0128 msdsm - ok
20:42:20.0375 0128 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:42:20.0406 0128 MSDTC - ok
20:42:20.0469 0128 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:42:20.0500 0128 Msfs - ok
20:42:20.0547 0128 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:42:20.0625 0128 mshidkmdf - ok
20:42:20.0734 0128 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
20:42:20.0750 0128 msisadrv - ok
20:42:21.0015 0128 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:42:21.0077 0128 MSiSCSI - ok
20:42:21.0077 0128 msiserver - ok
20:42:21.0233 0128 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:42:21.0249 0128 MSK80Service - ok
20:42:21.0327 0128 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:42:21.0374 0128 MSKSSRV - ok
20:42:21.0389 0128 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:42:21.0420 0128 MSPCLOCK - ok
20:42:21.0420 0128 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:42:21.0467 0128 MSPQM - ok
20:42:21.0498 0128 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
20:42:21.0514 0128 MsRPC - ok
20:42:21.0545 0128 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:42:21.0561 0128 mssmbios - ok
20:42:21.0592 0128 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:42:21.0639 0128 MSTEE - ok
20:42:21.0670 0128 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:42:21.0701 0128 MTConfig - ok
20:42:21.0717 0128 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:42:21.0717 0128 Mup - ok
20:42:21.0764 0128 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
20:42:21.0810 0128 napagent - ok
20:42:21.0857 0128 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:42:21.0888 0128 NativeWifiP - ok
20:42:21.0935 0128 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
20:42:21.0951 0128 NDIS - ok
20:42:21.0982 0128 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:42:22.0029 0128 NdisCap - ok
20:42:22.0060 0128 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:42:22.0107 0128 NdisTapi - ok
20:42:22.0138 0128 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
20:42:22.0200 0128 Ndisuio - ok
20:42:22.0232 0128 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:42:22.0263 0128 NdisWan - ok
20:42:22.0278 0128 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
20:42:22.0310 0128 NDProxy - ok
20:42:22.0325 0128 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:42:22.0372 0128 NetBIOS - ok
20:42:22.0403 0128 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
20:42:22.0450 0128 NetBT - ok
20:42:22.0481 0128 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:42:22.0497 0128 Netlogon - ok
20:42:22.0575 0128 netr28x (8b5d2d7cb0ef5b1967860b8ab742a46c) C:\Windows\system32\DRIVERS\netr28x.sys
20:42:22.0606 0128 netr28x - ok
20:42:22.0715 0128 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:42:22.0715 0128 NetTcpPortSharing - ok
20:42:22.0887 0128 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
20:42:22.0996 0128 netw5v64 - ok
20:42:23.0043 0128 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:42:23.0058 0128 nfrd960 - ok
20:42:23.0105 0128 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
20:42:23.0183 0128 NlaSvc - ok
20:42:23.0199 0128 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:42:23.0246 0128 Npfs - ok
20:42:23.0277 0128 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:42:23.0324 0128 nsiproxy - ok
20:42:23.0386 0128 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
20:42:23.0417 0128 Ntfs - ok
20:42:23.0448 0128 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:42:23.0495 0128 Null - ok
20:42:23.0558 0128 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
20:42:23.0558 0128 nvraid - ok
20:42:23.0589 0128 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
20:42:23.0604 0128 nvstor - ok
20:42:23.0636 0128 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
20:42:23.0651 0128 nv_agp - ok
20:42:23.0729 0128 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:42:23.0745 0128 odserv - ok
20:42:23.0776 0128 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
20:42:23.0792 0128 ohci1394 - ok
20:42:23.0838 0128 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:42:23.0854 0128 ose - ok
20:42:23.0885 0128 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:42:23.0916 0128 p2pimsvc - ok
20:42:23.0948 0128 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:42:23.0948 0128 p2psvc - ok
20:42:23.0963 0128 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:42:23.0979 0128 Parport - ok
20:42:24.0026 0128 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
20:42:24.0026 0128 partmgr - ok
20:42:24.0057 0128 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:42:24.0088 0128 PcaSvc - ok
20:42:24.0119 0128 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
20:42:24.0135 0128 pci - ok
20:42:24.0166 0128 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
20:42:24.0166 0128 pciide - ok
20:42:24.0197 0128 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:42:24.0213 0128 pcmcia - ok
20:42:24.0228 0128 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:42:24.0244 0128 pcw - ok
20:42:24.0260 0128 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:42:24.0322 0128 PEAUTH - ok
20:42:24.0384 0128 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:42:24.0431 0128 PerfHost - ok
20:42:24.0494 0128 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
20:42:24.0556 0128 pla - ok
20:42:24.0572 0128 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:42:24.0603 0128 PNRPAutoReg - ok
20:42:24.0665 0128 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
20:42:24.0665 0128 Point64 - ok
20:42:24.0712 0128 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
20:42:24.0759 0128 PolicyAgent - ok
20:42:24.0790 0128 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:42:24.0837 0128 Power - ok
20:42:24.0884 0128 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
20:42:24.0930 0128 PptpMiniport - ok
20:42:24.0962 0128 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:42:24.0993 0128 Processor - ok
20:42:25.0024 0128 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
20:42:25.0071 0128 ProfSvc - ok
20:42:25.0102 0128 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:42:25.0118 0128 ProtectedStorage - ok
20:42:25.0164 0128 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
20:42:25.0211 0128 Psched - ok
20:42:25.0305 0128 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:42:25.0336 0128 ql2300 - ok
20:42:25.0430 0128 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:42:25.0430 0128 ql40xx - ok
20:42:25.0476 0128 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:42:25.0492 0128 QWAVEdrv - ok
20:42:25.0508 0128 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:42:25.0570 0128 RasAcd - ok
20:42:25.0617 0128 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:42:25.0648 0128 RasAgileVpn - ok
20:42:25.0679 0128 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:42:25.0726 0128 RasAuto - ok
20:42:25.0757 0128 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:42:25.0788 0128 Rasl2tp - ok
20:42:25.0835 0128 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:42:25.0882 0128 RasPppoe - ok
20:42:25.0913 0128 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:42:25.0960 0128 RasSstp - ok
20:42:25.0991 0128 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
20:42:26.0054 0128 rdbss - ok
20:42:26.0069 0128 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:42:26.0085 0128 rdpbus - ok
20:42:26.0100 0128 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:42:26.0132 0128 RDPCDD - ok
20:42:26.0163 0128 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:42:26.0210 0128 RDPENCDD - ok
20:42:26.0241 0128 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:42:26.0272 0128 RDPREFMP - ok
20:42:26.0319 0128 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
20:42:26.0334 0128 RDPWD - ok
20:42:26.0366 0128 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
20:42:26.0381 0128 rdyboost - ok
20:42:26.0397 0128 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:42:26.0459 0128 RemoteAccess - ok
20:42:26.0475 0128 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:42:26.0537 0128 RemoteRegistry - ok
20:42:26.0584 0128 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
20:42:26.0615 0128 RFCOMM - ok
20:42:26.0646 0128 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:42:26.0693 0128 RpcEptMapper - ok
20:42:26.0709 0128 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:42:26.0740 0128 RpcLocator - ok
20:42:26.0787 0128 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
20:42:26.0818 0128 RpcSs - ok
20:42:26.0849 0128 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:42:26.0912 0128 rspndr - ok
20:42:26.0958 0128 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys
20:42:26.0974 0128 RSUSBSTOR - ok
20:42:27.0005 0128 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:42:27.0021 0128 RTL8167 - ok
20:42:27.0052 0128 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:42:27.0052 0128 SamSs - ok
20:42:27.0083 0128 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
20:42:27.0099 0128 sbp2port - ok
20:42:27.0130 0128 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:42:27.0177 0128 SCardSvr - ok
20:42:27.0208 0128 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
20:42:27.0255 0128 scfilter - ok
20:42:27.0317 0128 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
20:42:27.0364 0128 Schedule - ok
20:42:27.0395 0128 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
20:42:27.0426 0128 SCPolicySvc - ok
20:42:27.0458 0128 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
20:42:27.0473 0128 sdbus - ok
20:42:27.0551 0128 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
20:42:27.0582 0128 SDRSVC - ok
20:42:27.0629 0128 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:42:27.0660 0128 secdrv - ok
20:42:27.0707 0128 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:42:27.0723 0128 Serenum - ok
20:42:27.0754 0128 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:42:27.0770 0128 Serial - ok
20:42:27.0785 0128 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:42:27.0801 0128 sermouse - ok
20:42:27.0848 0128 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
20:42:27.0863 0128 sffdisk - ok
20:42:27.0910 0128 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:42:27.0926 0128 sffp_mmc - ok
20:42:27.0957 0128 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:42:27.0988 0128 sffp_sd - ok
20:42:28.0035 0128 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:42:28.0050 0128 sfloppy - ok
20:42:28.0082 0128 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
20:42:28.0128 0128 ShellHWDetection - ok
20:42:28.0160 0128 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:42:28.0175 0128 SiSRaid2 - ok
20:42:28.0206 0128 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:42:28.0222 0128 SiSRaid4 - ok
20:42:28.0269 0128 SMARTMouseFilterx64 (078fd5f4cc92699643beb7efc5c2b64f) C:\Windows\system32\DRIVERS\SMARTMouseFilterx64.sys
20:42:28.0284 0128 SMARTMouseFilterx64 - ok
20:42:28.0316 0128 SMARTVHidMiniVistaAmd64 (f7989516e1f2ea5f010345887dbf662f) C:\Windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys
20:42:28.0331 0128 SMARTVHidMiniVistaAmd64 - ok
20:42:28.0378 0128 SMARTVTabletPCx64 (539e31cdc10927153972cedd83a3d121) C:\Windows\system32\DRIVERS\SMARTVTabletPCx64.sys
20:42:28.0378 0128 SMARTVTabletPCx64 - ok
20:42:28.0409 0128 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:42:28.0456 0128 Smb - ok
20:42:28.0487 0128 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:42:28.0503 0128 SNMPTRAP - ok
20:42:28.0503 0128 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:42:28.0518 0128 spldr - ok
20:42:28.0550 0128 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
20:42:28.0581 0128 Spooler - ok
20:42:28.0690 0128 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
20:42:28.0768 0128 sppsvc - ok
20:42:28.0877 0128 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
20:42:28.0924 0128 srv - ok
20:42:28.0955 0128 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
20:42:28.0986 0128 srv2 - ok
20:42:29.0033 0128 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:42:29.0049 0128 SrvHsfHDA - ok
20:42:29.0096 0128 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:42:29.0127 0128 SrvHsfV92 - ok
20:42:29.0174 0128 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:42:29.0189 0128 SrvHsfWinac - ok
20:42:29.0236 0128 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
20:42:29.0252 0128 srvnet - ok
20:42:29.0298 0128 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:42:29.0345 0128 SSDPSRV - ok
20:42:29.0361 0128 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:42:29.0392 0128 SstpSvc - ok
20:42:29.0486 0128 STacSV (463e33b1ea7af1e6eb87b66b831db41a) C:\Program Files\IDT\WDM\STacSV64.exe
20:42:29.0517 0128 STacSV - ok
20:42:29.0564 0128 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:42:29.0564 0128 stexstor - ok
20:42:29.0610 0128 STHDA (4304b75094e106fb5423a290c95841e5) C:\Windows\system32\DRIVERS\stwrt64.sys
20:42:29.0642 0128 STHDA - ok
20:42:29.0720 0128 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
20:42:29.0751 0128 stisvc - ok
20:42:29.0782 0128 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:42:29.0798 0128 swenum - ok
20:42:29.0829 0128 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:42:29.0891 0128 swprv - ok
20:42:29.0954 0128 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
20:42:29.0969 0128 SynTP - ok
20:42:29.0985 0128 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
20:42:30.0016 0128 TabletInputService - ok
20:42:30.0047 0128 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
20:42:30.0110 0128 TapiSrv - ok
20:42:30.0125 0128 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:42:30.0156 0128 TBS - ok
20:42:30.0234 0128 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
20:42:30.0281 0128 Tcpip - ok
20:42:30.0406 0128 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
20:42:30.0437 0128 TCPIP6 - ok
20:42:30.0484 0128 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
20:42:30.0515 0128 tcpipreg - ok
20:42:30.0578 0128 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:42:30.0624 0128 TDPIPE - ok
20:42:30.0656 0128 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
20:42:30.0671 0128 TDTCP - ok
20:42:30.0702 0128 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
20:42:30.0749 0128 tdx - ok
20:42:30.0765 0128 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
20:42:30.0780 0128 TermDD - ok
20:42:30.0812 0128 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
20:42:30.0874 0128 TermService - ok
20:42:30.0905 0128 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:42:30.0921 0128 Themes - ok
20:42:30.0952 0128 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:42:30.0983 0128 THREADORDER - ok
20:42:30.0999 0128 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:42:31.0046 0128 TrkWks - ok
20:42:31.0108 0128 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
20:42:31.0108 0128 TrustedInstaller - ok
20:42:31.0139 0128 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:42:31.0186 0128 tssecsrv - ok
20:42:31.0217 0128 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
20:42:31.0264 0128 tunnel - ok
20:42:31.0295 0128 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:42:31.0311 0128 uagp35 - ok
20:42:31.0342 0128 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys
20:42:31.0358 0128 udfs - ok
20:42:31.0389 0128 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:42:31.0404 0128 UI0Detect - ok
20:42:31.0420 0128 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:42:31.0436 0128 uliagpkx - ok
20:42:31.0451 0128 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
20:42:31.0467 0128 umbus - ok
20:42:31.0498 0128 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:42:31.0529 0128 UmPass - ok
20:42:31.0685 0128 UNS (0fadd949576a164b4e51e716f46b6c33) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:42:31.0748 0128 UNS - ok
20:42:31.0857 0128 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
20:42:31.0857 0128 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
20:42:31.0857 0128 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
20:42:31.0888 0128 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
20:42:31.0888 0128 usbccgp - ok
20:42:31.0935 0128 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
20:42:31.0966 0128 usbcir - ok
20:42:31.0997 0128 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
20:42:31.0997 0128 usbehci - ok
20:42:32.0028 0128 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
20:42:32.0044 0128 usbhub - ok
20:42:32.0060 0128 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
20:42:32.0091 0128 usbohci - ok
20:42:32.0122 0128 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:42:32.0153 0128 usbprint - ok
20:42:32.0184 0128 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:42:32.0216 0128 USBSTOR - ok
20:42:32.0231 0128 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
20:42:32.0262 0128 usbuhci - ok
20:42:32.0325 0128 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
20:42:32.0340 0128 usbvideo - ok
20:42:32.0387 0128 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:42:32.0418 0128 UxSms - ok
20:42:32.0450 0128 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:42:32.0465 0128 VaultSvc - ok
20:42:32.0528 0128 vcsFPService (2662f24c7aee2a32cebdec907a5366f1) C:\Windows\system32\vcsFPService.exe
20:42:32.0574 0128 vcsFPService - ok
20:42:32.0668 0128 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:42:32.0684 0128 vdrvroot - ok
20:42:32.0699 0128 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
20:42:32.0715 0128 vds - ok
20:42:32.0730 0128 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:42:32.0746 0128 vga - ok
20:42:32.0762 0128 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:42:32.0824 0128 VgaSave - ok
20:42:32.0855 0128 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
20:42:32.0871 0128 vhdmp - ok
20:42:32.0886 0128 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
20:42:32.0886 0128 viaide - ok
20:42:32.0918 0128 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
20:42:32.0933 0128 volmgr - ok
20:42:32.0949 0128 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
20:42:32.0964 0128 volmgrx - ok
20:42:32.0996 0128 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
20:42:33.0011 0128 volsnap - ok
20:42:33.0074 0128 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:42:33.0089 0128 vsmraid - ok
20:42:33.0136 0128 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
20:42:33.0183 0128 VSS - ok
20:42:33.0276 0128 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:42:33.0276 0128 vwifibus - ok
20:42:33.0308 0128 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:42:33.0354 0128 vwififlt - ok
20:42:33.0386 0128 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:42:33.0432 0128 W32Time - ok
20:42:33.0448 0128 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:42:33.0479 0128 WacomPen - ok
20:42:33.0542 0128 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:42:33.0588 0128 WANARP - ok
20:42:33.0604 0128 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:42:33.0635 0128 Wanarpv6 - ok
20:42:33.0713 0128 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:42:33.0744 0128 WatAdminSvc - ok
20:42:33.0807 0128 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
20:42:33.0838 0128 wbengine - ok
20:42:33.0900 0128 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:42:33.0916 0128 WbioSrvc - ok
20:42:33.0947 0128 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:42:33.0963 0128 Wd - ok
20:42:33.0994 0128 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:42:34.0010 0128 Wdf01000 - ok
20:42:34.0025 0128 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:42:34.0056 0128 WdiServiceHost - ok
20:42:34.0072 0128 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:42:34.0088 0128 WdiSystemHost - ok
20:42:34.0119 0128 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:42:34.0166 0128 Wecsvc - ok
20:42:34.0181 0128 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:42:34.0244 0128 wercplsupport - ok
20:42:34.0275 0128 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:42:34.0306 0128 WerSvc - ok
20:42:34.0353 0128 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:42:34.0384 0128 WfpLwf - ok
20:42:34.0400 0128 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:42:34.0400 0128 WIMMount - ok
20:42:34.0446 0128 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:42:34.0509 0128 Winmgmt - ok
20:42:34.0587 0128 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
20:42:34.0665 0128 WinRM - ok
20:42:34.0790 0128 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
20:42:34.0805 0128 WinUSB - ok
20:42:34.0836 0128 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:42:34.0883 0128 Wlansvc - ok
20:42:34.0992 0128 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:42:35.0055 0128 wlidsvc - ok
20:42:35.0086 0128 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:42:35.0102 0128 WmiAcpi - ok
20:42:35.0148 0128 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:42:35.0164 0128 wmiApSrv - ok
20:42:35.0242 0128 WMPNetworkSvc - ok
20:42:35.0273 0128 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:42:35.0289 0128 WPCSvc - ok
20:42:35.0304 0128 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:42:35.0336 0128 ws2ifsl - ok
20:42:35.0336 0128 WSearch - ok
20:42:35.0367 0128 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
20:42:35.0414 0128 WudfPf - ok
20:42:35.0445 0128 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:42:35.0507 0128 WUDFRd - ok
20:42:35.0554 0128 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
20:42:35.0616 0128 wudfsvc - ok
20:42:35.0663 0128 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
20:42:35.0694 0128 yukonw7 - ok
20:42:35.0741 0128 MBR (0x1B8) (e3e91e98346c8b0475259c238728e9e3) \Device\Harddisk0\DR0
20:42:35.0772 0128 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
20:42:35.0772 0128 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
20:42:35.0804 0128 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:42:35.0804 0128 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:42:35.0804 0128 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
20:42:37.0738 0128 \Device\Harddisk1\DR1 - ok
20:42:37.0754 0128 Boot (0x1200) (33ced632a184b647baa7372dcabbe4f6) \Device\Harddisk0\DR0\Partition0
20:42:37.0754 0128 \Device\Harddisk0\DR0\Partition0 - ok
20:42:37.0754 0128 Boot (0x1200) (7d88943849f5b119122a49b2257016a9) \Device\Harddisk0\DR0\Partition1
20:42:37.0754 0128 \Device\Harddisk0\DR0\Partition1 - ok
20:42:37.0785 0128 Boot (0x1200) (9fe8f1deabe014a88233fddb7caeea01) \Device\Harddisk0\DR0\Partition2
20:42:37.0785 0128 \Device\Harddisk0\DR0\Partition2 - ok
20:42:37.0800 0128 Boot (0x1200) (d53dd264394bf8f562c4cffd1f3dd641) \Device\Harddisk0\DR0\Partition3
20:42:37.0800 0128 \Device\Harddisk0\DR0\Partition3 - ok
20:42:37.0816 0128 Boot (0x1200) (cfb69120f0e6b360e17a6830c5523cb3) \Device\Harddisk1\DR1\Partition0
20:42:37.0816 0128 \Device\Harddisk1\DR1\Partition0 - ok
20:42:37.0816 0128 ============================================================
20:42:37.0816 0128 Scan finished
20:42:37.0816 0128 ============================================================
20:42:37.0832 0228 Detected object count: 6
20:42:37.0832 0228 Actual detected object count: 6
20:43:47.0548 0228 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:43:47.0548 0228 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:43:47.0564 0228 FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - skipped by user
20:43:47.0564 0228 FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:43:47.0579 0228 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
20:43:47.0579 0228 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:43:47.0595 0228 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
20:43:47.0595 0228 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:43:48.0063 0228 \Device\Harddisk0\DR0\# - copied to quarantine
20:43:48.0063 0228 \Device\Harddisk0\DR0 - copied to quarantine
20:43:48.0079 0228 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
20:43:48.0094 0228 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
20:43:48.0094 0228 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
20:43:48.0110 0228 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
20:43:48.0110 0228 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
20:43:48.0110 0228 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
20:43:48.0110 0228 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
20:43:48.0110 0228 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
20:43:48.0110 0228 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
20:43:48.0110 0228 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
20:43:48.0110 0228 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
20:43:48.0110 0228 \Device\Harddisk0\DR0 - ok
20:43:48.0359 0228 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
20:43:48.0359 0228 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:43:48.0359 0228 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
20:43:51.0464 0924 Deinitialize success


Here is the new FSS log:

Farbar Service Scanner Version: 05-06-2012
Ran by Laura (administrator) on 05-06-2012 at 20:55:34
Running from "C:\Users\Laura\Desktop"
Windows 7 Home Premium (X64)
Boot Mode: Nerwork
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Nsi Service is not running. Checking service configuration:
The start type of Nsi service is OK.
The ImagePath of Nsi service is OK.
The ServiceDll of Nsi service is OK.


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blokked: Other errors
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

PlugPlay Service is not running. Checking service configuration:
The start type of PlugPlay service is OK.
The ImagePath of PlugPlay service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-03-11 19:28] - [2011-12-28 04:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-10 18:38] - [2012-03-30 12:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-14 01:09] - [2009-07-14 02:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-14 00:36] - [2009-07-14 02:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-14 01:36] - [2009-07-14 02:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#6
Nedklaw
Posted 07 June 2012 - 12:00 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

Run TDSSKiller using the same instructions as before and when you get to the following screen, the TDSS File System needs to be changed from Skip to Delete. You must leave all of the other items as Skip and then click Continue to remove the TDSS File System.

Posted Image

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents in your next reply.


Step 2

  • Type services.msc into the search box and click OK.
  • Click on the WinDefend service.
  • Under startup type select Automatic.
  • Click Apply then OK.

Step 3

Click the Start button and type cmd.exe into the search box. Click on the program in the list.
Copy and paste the following commands into the black box and press Enter:

net start Dnscache
net start Dhcp
net start Nsi
net start Mpsdrv
net start MpsSvc
net start BFE
net start SDRSVC
net start VSS
net start wscsvc
net start wuauserv
net start BITS
net start EventSystem
net start WinDefend
net start PlugPlay

Step 4

  • Download and extract the following file to your desktop: Attached File  WinDefend.zip   294bytes   89 downloads
  • Double-click on the file and say yes to the prompt that appears.

Step 5

Please run Farbar Service Scanner again.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    Posted Image
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Things I want to see in your next reply

  • TDSSKiller.[Version]_[Date]_[Time]_log.txt
  • FSS.txt
  • 0

#7
Crouchy
Posted 08 June 2012 - 04:50 AM

Crouchy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hello,

All the steps worked successfully, except when opening the registry file the same error message appeared.

Here are the logs:

11:33:51.0439 2044 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
11:33:51.0829 2044 ============================================================
11:33:51.0829 2044 Current date / time: 2012/06/08 11:33:51.0829
11:33:51.0829 2044 SystemInfo:
11:33:51.0829 2044
11:33:51.0829 2044 OS Version: 6.1.7600 ServicePack: 0.0
11:33:51.0829 2044 Product type: Workstation
11:33:51.0829 2044 ComputerName: LAURA-HP
11:33:51.0829 2044 UserName: Laura
11:33:51.0829 2044 Windows directory: C:\Windows
11:33:51.0829 2044 System windows directory: C:\Windows
11:33:51.0829 2044 Running under WOW64
11:33:51.0829 2044 Processor architecture: Intel x64
11:33:51.0829 2044 Number of processors: 4
11:33:51.0829 2044 Page size: 0x1000
11:33:51.0829 2044 Boot type: Safe boot with network
11:33:51.0829 2044 ============================================================
11:33:52.0297 2044 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:33:52.0297 2044 Drive \Device\Harddisk1\DR1 - Size: 0x3A2360000 (14.53 Gb), SectorSize: 0x200, Cylinders: 0x769, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:33:52.0297 2044 ============================================================
11:33:52.0297 2044 \Device\Harddisk0\DR0:
11:33:52.0297 2044 MBR partitions:
11:33:52.0297 2044 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
11:33:52.0297 2044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37A87800
11:33:52.0297 2044 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x37AEB800, BlocksNum 0x2866800
11:33:52.0297 2044 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
11:33:52.0297 2044 \Device\Harddisk1\DR1:
11:33:52.0297 2044 MBR partitions:
11:33:52.0297 2044 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x1D0FB80
11:33:52.0297 2044 ============================================================
11:33:52.0344 2044 C: <-> \Device\Harddisk0\DR0\Partition1
11:33:52.0391 2044 D: <-> \Device\Harddisk0\DR0\Partition2
11:33:52.0406 2044 F: <-> \Device\Harddisk0\DR0\Partition3
11:33:52.0406 2044 ============================================================
11:33:52.0406 2044 Initialize success
11:33:52.0406 2044 ============================================================
11:34:25.0822 1268 ============================================================
11:34:25.0822 1268 Scan started
11:34:25.0822 1268 Mode: Manual; SigCheck; TDLFS;
11:34:25.0822 1268 ============================================================
11:34:26.0025 1268 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
11:34:26.0383 1268 1394ohci - ok
11:34:26.0446 1268 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
11:34:26.0695 1268 Accelerometer - ok
11:34:26.0727 1268 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
11:34:26.0742 1268 ACPI - ok
11:34:26.0773 1268 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
11:34:26.0836 1268 AcpiPmi - ok
11:34:26.0945 1268 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:34:26.0945 1268 AdobeARMservice - ok
11:34:27.0054 1268 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:34:27.0070 1268 AdobeFlashPlayerUpdateSvc - ok
11:34:27.0148 1268 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:34:27.0163 1268 adp94xx - ok
11:34:27.0210 1268 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:34:27.0226 1268 adpahci - ok
11:34:27.0241 1268 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:34:27.0257 1268 adpu320 - ok
11:34:27.0288 1268 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:34:27.0429 1268 AeLookupSvc - ok
11:34:27.0522 1268 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
11:34:27.0585 1268 AESTFilters - ok
11:34:27.0647 1268 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
11:34:27.0694 1268 AFD - ok
11:34:27.0741 1268 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
11:34:27.0756 1268 agp440 - ok
11:34:27.0772 1268 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:34:27.0819 1268 ALG - ok
11:34:27.0881 1268 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
11:34:27.0881 1268 aliide - ok
11:34:27.0975 1268 AMD External Events Utility (cc180e1e0700995340c838bc1a729577) C:\Windows\system32\atiesrxx.exe
11:34:28.0021 1268 AMD External Events Utility - ok
11:34:28.0037 1268 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
11:34:28.0053 1268 amdide - ok
11:34:28.0068 1268 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:34:28.0099 1268 AmdK8 - ok
11:34:28.0333 1268 amdkmdag (8155ea1864d1fa8b168c46c41ed97a76) C:\Windows\system32\DRIVERS\atikmdag.sys
11:34:28.0458 1268 amdkmdag - ok
11:34:28.0583 1268 amdkmdap (4841c7af2bac05ae23955d65b4336446) C:\Windows\system32\DRIVERS\atikmpag.sys
11:34:28.0583 1268 amdkmdap - ok
11:34:28.0630 1268 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:34:28.0645 1268 AmdPPM - ok
11:34:28.0692 1268 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
11:34:28.0708 1268 amdsata - ok
11:34:28.0739 1268 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:34:28.0755 1268 amdsbs - ok
11:34:28.0786 1268 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
11:34:28.0786 1268 amdxata - ok
11:34:28.0848 1268 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
11:34:28.0926 1268 AppID - ok
11:34:28.0942 1268 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:34:29.0004 1268 AppIDSvc - ok
11:34:29.0098 1268 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:34:29.0113 1268 Apple Mobile Device - ok
11:34:29.0176 1268 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:34:29.0176 1268 arc - ok
11:34:29.0207 1268 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:34:29.0207 1268 arcsas - ok
11:34:29.0269 1268 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:34:29.0316 1268 AsyncMac - ok
11:34:29.0347 1268 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
11:34:29.0363 1268 atapi - ok
11:34:29.0425 1268 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
11:34:29.0441 1268 AtiHdmiService - ok
11:34:29.0503 1268 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
11:34:29.0550 1268 AudioEndpointBuilder - ok
11:34:29.0566 1268 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
11:34:29.0597 1268 AudioSrv - ok
11:34:29.0675 1268 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:34:29.0722 1268 b06bdrv - ok
11:34:29.0737 1268 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:34:29.0769 1268 b57nd60a - ok
11:34:29.0815 1268 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:34:29.0847 1268 BDESVC - ok
11:34:29.0878 1268 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:34:29.0925 1268 Beep - ok
11:34:29.0987 1268 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
11:34:30.0049 1268 BFE - ok
11:34:30.0112 1268 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
11:34:30.0190 1268 BITS - ok
11:34:30.0268 1268 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:34:30.0268 1268 blbdrive - ok
11:34:30.0424 1268 Bluetooth Device Manager (2bbd2ab07d779278114ba6a694972f1a) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
11:34:30.0502 1268 Bluetooth Device Manager - ok
11:34:30.0549 1268 Bluetooth Media Service (87d6a02028e47ca696c4294c658e3ee6) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
11:34:30.0564 1268 Bluetooth Media Service - ok
11:34:30.0611 1268 Bluetooth OBEX Service (9af4b2cf2f98cf6157cdfd917ae5785b) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
11:34:30.0627 1268 Bluetooth OBEX Service - ok
11:34:30.0767 1268 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:34:30.0767 1268 Bonjour Service - ok
11:34:30.0876 1268 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
11:34:30.0923 1268 bowser - ok
11:34:30.0954 1268 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:34:30.0985 1268 BrFiltLo - ok
11:34:31.0032 1268 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:34:31.0032 1268 BrFiltUp - ok
11:34:31.0063 1268 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
11:34:31.0110 1268 Browser - ok
11:34:31.0141 1268 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:34:31.0173 1268 Brserid - ok
11:34:31.0188 1268 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:34:31.0204 1268 BrSerWdm - ok
11:34:31.0219 1268 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:34:31.0235 1268 BrUsbMdm - ok
11:34:31.0251 1268 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:34:31.0266 1268 BrUsbSer - ok
11:34:31.0297 1268 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
11:34:31.0344 1268 BthEnum - ok
11:34:31.0391 1268 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:34:31.0407 1268 BTHMODEM - ok
11:34:31.0438 1268 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
11:34:31.0485 1268 BthPan - ok
11:34:31.0516 1268 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
11:34:31.0563 1268 BTHPORT - ok
11:34:31.0641 1268 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:34:31.0703 1268 bthserv - ok
11:34:31.0734 1268 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
11:34:31.0750 1268 BTHUSB - ok
11:34:31.0781 1268 BTMCOM (e588420b950dac5ac397f76660bce520) C:\Windows\system32\Drivers\btmcom.sys
11:34:31.0797 1268 BTMCOM - ok
11:34:31.0906 1268 BTMUSB (4eef6b894e05fc245640dcee9190a053) C:\Windows\system32\Drivers\btmusb.sys
11:34:31.0984 1268 BTMUSB - ok
11:34:32.0093 1268 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:34:32.0140 1268 cdfs - ok
11:34:32.0187 1268 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
11:34:32.0187 1268 cdrom - ok
11:34:32.0233 1268 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
11:34:32.0280 1268 CertPropSvc - ok
11:34:32.0327 1268 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
11:34:32.0343 1268 cfwids - ok
11:34:32.0374 1268 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:34:32.0389 1268 circlass - ok
11:34:32.0421 1268 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:34:32.0436 1268 CLFS - ok
11:34:32.0545 1268 CLKMSVC10_C6F09094 (dede5ec7dc09d840d5d74e06ff4de127) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe
11:34:32.0561 1268 CLKMSVC10_C6F09094 - ok
11:34:32.0623 1268 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:34:32.0623 1268 clr_optimization_v2.0.50727_32 - ok
11:34:32.0701 1268 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:34:32.0701 1268 clr_optimization_v2.0.50727_64 - ok
11:34:32.0795 1268 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:34:32.0857 1268 clr_optimization_v4.0.30319_32 - ok
11:34:32.0889 1268 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:34:32.0904 1268 clr_optimization_v4.0.30319_64 - ok
11:34:32.0982 1268 clwvd (9573e8c7c3b3d1625fd941841fd0859c) C:\Windows\system32\DRIVERS\clwvd.sys
11:34:32.0982 1268 clwvd - ok
11:34:33.0029 1268 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:34:33.0045 1268 CmBatt - ok
11:34:33.0076 1268 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
11:34:33.0091 1268 cmdide - ok
11:34:33.0123 1268 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
11:34:33.0169 1268 CNG - ok
11:34:33.0185 1268 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:34:33.0201 1268 Compbatt - ok
11:34:33.0216 1268 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:34:33.0232 1268 CompositeBus - ok
11:34:33.0247 1268 COMSysApp - ok
11:34:33.0279 1268 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:34:33.0279 1268 crcdisk - ok
11:34:33.0310 1268 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
11:34:33.0357 1268 CryptSvc - ok
11:34:33.0403 1268 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
11:34:33.0466 1268 DcomLaunch - ok
11:34:33.0497 1268 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:34:33.0559 1268 defragsvc - ok
11:34:33.0606 1268 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
11:34:33.0637 1268 DfsC - ok
11:34:33.0653 1268 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
11:34:33.0715 1268 Dhcp - ok
11:34:33.0747 1268 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:34:33.0793 1268 discache - ok
11:34:33.0840 1268 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:34:33.0856 1268 Disk - ok
11:34:33.0887 1268 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
11:34:33.0934 1268 Dnscache - ok
11:34:33.0965 1268 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
11:34:34.0012 1268 dot3svc - ok
11:34:34.0105 1268 DpHost (3e6b2753a09d46958f5d0df8e1b650ca) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
11:34:34.0121 1268 DpHost - ok
11:34:34.0121 1268 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
11:34:34.0183 1268 DPS - ok
11:34:34.0215 1268 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:34:34.0215 1268 drmkaud - ok
11:34:34.0261 1268 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
11:34:34.0293 1268 DXGKrnl - ok
11:34:34.0308 1268 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:34:34.0355 1268 EapHost - ok
11:34:34.0449 1268 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:34:34.0527 1268 ebdrv - ok
11:34:34.0605 1268 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
11:34:34.0651 1268 EFS - ok
11:34:34.0745 1268 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
11:34:34.0792 1268 ehRecvr - ok
11:34:34.0854 1268 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:34:34.0885 1268 ehSched - ok
11:34:34.0963 1268 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:34:34.0979 1268 elxstor - ok
11:34:34.0995 1268 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
11:34:35.0026 1268 ErrDev - ok
11:34:35.0057 1268 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:34:35.0119 1268 EventSystem - ok
11:34:35.0151 1268 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:34:35.0213 1268 exfat - ok
11:34:35.0213 1268 ezSharedSvc - ok
11:34:35.0260 1268 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:34:35.0307 1268 fastfat - ok
11:34:35.0353 1268 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
11:34:35.0400 1268 Fax - ok
11:34:35.0431 1268 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:34:35.0447 1268 fdc - ok
11:34:35.0463 1268 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:34:35.0525 1268 fdPHost - ok
11:34:35.0556 1268 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:34:35.0587 1268 FDResPub - ok
11:34:35.0603 1268 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:34:35.0619 1268 FileInfo - ok
11:34:35.0634 1268 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:34:35.0681 1268 Filetrace - ok
11:34:35.0806 1268 FLEXnet Licensing Service (3d9b36631032fde0ffea0dc0260e4e35) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:34:35.0821 1268 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
11:34:35.0821 1268 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
11:34:35.0884 1268 FLEXnet Licensing Service 64 (52c0312ab35eb7187015fb6a99136bb5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
11:34:35.0915 1268 FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - warning
11:34:35.0915 1268 FLEXnet Licensing Service 64 - detected UnsignedFile.Multi.Generic (1)
11:34:36.0024 1268 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:34:36.0040 1268 flpydisk - ok
11:34:36.0071 1268 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
11:34:36.0087 1268 FltMgr - ok
11:34:36.0149 1268 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:34:36.0149 1268 FontCache3.0.0.0 - ok
11:34:36.0180 1268 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:34:36.0180 1268 FsDepends - ok
11:34:36.0211 1268 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
11:34:36.0227 1268 Fs_Rec - ok
11:34:36.0289 1268 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:34:36.0305 1268 fvevol - ok
11:34:36.0336 1268 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:34:36.0352 1268 gagp30kx - ok
11:34:36.0430 1268 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
11:34:36.0430 1268 GameConsoleService - ok
11:34:36.0477 1268 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:34:36.0477 1268 GEARAspiWDM - ok
11:34:36.0523 1268 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
11:34:36.0570 1268 gpsvc - ok
11:34:36.0664 1268 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:34:36.0679 1268 gupdate - ok
11:34:36.0695 1268 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:34:36.0695 1268 gupdatem - ok
11:34:36.0742 1268 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:34:36.0757 1268 gusvc - ok
11:34:36.0804 1268 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:34:36.0851 1268 hcw85cir - ok
11:34:36.0867 1268 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
11:34:36.0898 1268 HdAudAddService - ok
11:34:36.0929 1268 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:34:36.0960 1268 HDAudBus - ok
11:34:37.0007 1268 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
11:34:37.0023 1268 HECIx64 - ok
11:34:37.0038 1268 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:34:37.0069 1268 HidBatt - ok
11:34:37.0116 1268 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:34:37.0132 1268 HidBth - ok
11:34:37.0147 1268 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:34:37.0179 1268 HidIr - ok
11:34:37.0210 1268 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
11:34:37.0257 1268 hidserv - ok
11:34:37.0303 1268 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
11:34:37.0303 1268 HidUsb - ok
11:34:37.0335 1268 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
11:34:37.0381 1268 hkmsvc - ok
11:34:37.0413 1268 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
11:34:37.0459 1268 HomeGroupListener - ok
11:34:37.0491 1268 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
11:34:37.0506 1268 HomeGroupProvider - ok
11:34:37.0615 1268 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
11:34:37.0615 1268 HP Support Assistant Service - ok
11:34:37.0709 1268 HP Wireless Assistant Service (3a09322a8aa8b0c79036686a0ebe7b4c) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
11:34:37.0725 1268 HP Wireless Assistant Service - ok
11:34:37.0787 1268 HPDrvMntSvc.exe (c958976c7daaf47084a33ebbc6e28b84) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
11:34:37.0803 1268 HPDrvMntSvc.exe - ok
11:34:37.0818 1268 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
11:34:37.0834 1268 hpdskflt - ok
11:34:37.0881 1268 hpqwmiex (09fbd4c4db2fd84b9ab1c5bfdcc95559) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
11:34:37.0912 1268 hpqwmiex - ok
11:34:37.0959 1268 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
11:34:37.0974 1268 HpSAMD - ok
11:34:37.0974 1268 hpsrv (aa036cc5f5221d9b915f4d4dce74ba9a) C:\Windows\system32\Hpservice.exe
11:34:37.0990 1268 hpsrv - ok
11:34:38.0037 1268 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
11:34:38.0052 1268 HPWMISVC - ok
11:34:38.0130 1268 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
11:34:38.0161 1268 HTTP - ok
11:34:38.0177 1268 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
11:34:38.0193 1268 hwpolicy - ok
11:34:38.0224 1268 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:34:38.0239 1268 i8042prt - ok
11:34:38.0271 1268 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
11:34:38.0286 1268 iaStor - ok
11:34:38.0349 1268 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
11:34:38.0364 1268 iaStorV - ok
11:34:38.0473 1268 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:34:38.0489 1268 idsvc - ok
11:34:38.0739 1268 igfx (fbacbed7a37b3223822470ff1d8ea00f) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:34:38.0895 1268 igfx - ok
11:34:39.0019 1268 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:34:39.0035 1268 iirsp - ok
11:34:39.0097 1268 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
11:34:39.0160 1268 IKEEXT - ok
11:34:39.0191 1268 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
11:34:39.0207 1268 Impcd - ok
11:34:39.0238 1268 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
11:34:39.0238 1268 intelide - ok
11:34:39.0503 1268 intelkmd (fbacbed7a37b3223822470ff1d8ea00f) C:\Windows\system32\DRIVERS\igdpmd64.sys
11:34:39.0659 1268 intelkmd - ok
11:34:39.0753 1268 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:34:39.0784 1268 intelppm - ok
11:34:39.0815 1268 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:34:39.0846 1268 IpFilterDriver - ok
11:34:39.0877 1268 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
11:34:39.0893 1268 IPMIDRV - ok
11:34:39.0909 1268 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:34:39.0955 1268 IPNAT - ok
11:34:40.0065 1268 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
11:34:40.0080 1268 iPod Service - ok
11:34:40.0111 1268 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:34:40.0158 1268 IRENUM - ok
11:34:40.0205 1268 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
11:34:40.0221 1268 isapnp - ok
11:34:40.0236 1268 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
11:34:40.0252 1268 iScsiPrt - ok
11:34:40.0283 1268 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:34:40.0299 1268 kbdclass - ok
11:34:40.0330 1268 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
11:34:40.0361 1268 kbdhid - ok
11:34:40.0392 1268 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:34:40.0392 1268 KeyIso - ok
11:34:40.0423 1268 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
11:34:40.0423 1268 KSecDD - ok
11:34:40.0455 1268 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
11:34:40.0470 1268 KSecPkg - ok
11:34:40.0501 1268 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:34:40.0548 1268 ksthunk - ok
11:34:40.0611 1268 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:34:40.0657 1268 KtmRm - ok
11:34:40.0720 1268 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
11:34:40.0751 1268 LanmanServer - ok
11:34:40.0798 1268 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
11:34:40.0845 1268 LanmanWorkstation - ok
11:34:40.0938 1268 LightScribeService (07b1888209c54b675ffccbde9f06d2c6) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
11:34:40.0938 1268 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
11:34:40.0938 1268 LightScribeService - detected UnsignedFile.Multi.Generic (1)
11:34:40.0985 1268 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:34:41.0016 1268 lltdio - ok
11:34:41.0047 1268 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:34:41.0094 1268 lltdsvc - ok
11:34:41.0110 1268 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:34:41.0141 1268 lmhosts - ok
11:34:41.0235 1268 LMS (6d515466ab8bfe61184092b635ae6eb4) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
11:34:41.0250 1268 LMS - ok
11:34:41.0297 1268 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:34:41.0313 1268 LSI_FC - ok
11:34:41.0359 1268 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:34:41.0359 1268 LSI_SAS - ok
11:34:41.0375 1268 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:34:41.0391 1268 LSI_SAS2 - ok
11:34:41.0422 1268 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:34:41.0422 1268 LSI_SCSI - ok
11:34:41.0453 1268 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:34:41.0515 1268 luafv - ok
11:34:41.0593 1268 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
11:34:41.0609 1268 McAfee SiteAdvisor Service - ok
11:34:41.0640 1268 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
11:34:41.0640 1268 McMPFSvc - ok
11:34:41.0656 1268 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
11:34:41.0687 1268 mcmscsvc - ok
11:34:41.0687 1268 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
11:34:41.0703 1268 McNaiAnn - ok
11:34:41.0718 1268 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
11:34:41.0734 1268 McNASvc - ok
11:34:41.0859 1268 McODS (dd01bf24dd6bf70a90549f9a7bb2d1eb) C:\Program Files\McAfee\VirusScan\mcods.exe
11:34:41.0874 1268 McODS - ok
11:34:41.0874 1268 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
11:34:41.0890 1268 McProxy - ok
11:34:41.0968 1268 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
11:34:41.0983 1268 McShield - ok
11:34:41.0999 1268 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
11:34:42.0030 1268 Mcx2Svc - ok
11:34:42.0061 1268 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:34:42.0061 1268 megasas - ok
11:34:42.0108 1268 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:34:42.0124 1268 MegaSR - ok
11:34:42.0171 1268 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
11:34:42.0171 1268 mfeapfk - ok
11:34:42.0217 1268 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
11:34:42.0233 1268 mfeavfk - ok
11:34:42.0280 1268 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
11:34:42.0295 1268 mfefire - ok
11:34:42.0358 1268 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
11:34:42.0373 1268 mfefirek - ok
11:34:42.0436 1268 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
11:34:42.0467 1268 mfehidk - ok
11:34:42.0483 1268 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
11:34:42.0498 1268 mfenlfk - ok
11:34:42.0514 1268 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
11:34:42.0529 1268 mferkdet - ok
11:34:42.0592 1268 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe
11:34:42.0607 1268 mfevtp - ok
11:34:42.0685 1268 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
11:34:42.0701 1268 mfewfpk - ok
11:34:42.0717 1268 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:34:42.0763 1268 MMCSS - ok
11:34:42.0795 1268 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:34:42.0841 1268 Modem - ok
11:34:42.0873 1268 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:34:42.0904 1268 monitor - ok
11:34:42.0919 1268 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:34:42.0935 1268 mouclass - ok
11:34:42.0951 1268 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:34:42.0951 1268 mouhid - ok
11:34:42.0966 1268 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
11:34:42.0982 1268 mountmgr - ok
11:34:42.0997 1268 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
11:34:43.0013 1268 mpio - ok
11:34:43.0029 1268 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:34:43.0060 1268 mpsdrv - ok
11:34:43.0138 1268 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
11:34:43.0185 1268 MpsSvc - ok
11:34:43.0200 1268 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
11:34:43.0247 1268 MRxDAV - ok
11:34:43.0278 1268 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:34:43.0309 1268 mrxsmb - ok
11:34:43.0325 1268 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:34:43.0356 1268 mrxsmb10 - ok
11:34:43.0387 1268 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:34:43.0403 1268 mrxsmb20 - ok
11:34:43.0434 1268 msahci (5e939cf91ea4a841dbafe4627e0292bb) C:\Windows\system32\DRIVERS\msahci.sys
11:34:43.0450 1268 msahci - ok
11:34:43.0465 1268 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
11:34:43.0481 1268 msdsm - ok
11:34:43.0497 1268 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:34:43.0512 1268 MSDTC - ok
11:34:43.0543 1268 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:34:43.0575 1268 Msfs - ok
11:34:43.0590 1268 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:34:43.0637 1268 mshidkmdf - ok
11:34:43.0653 1268 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
11:34:43.0668 1268 msisadrv - ok
11:34:43.0715 1268 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:34:43.0777 1268 MSiSCSI - ok
11:34:43.0777 1268 msiserver - ok
11:34:43.0855 1268 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
11:34:43.0871 1268 MSK80Service - ok
11:34:43.0902 1268 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:34:43.0965 1268 MSKSSRV - ok
11:34:43.0980 1268 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:34:44.0011 1268 MSPCLOCK - ok
11:34:44.0058 1268 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:34:44.0105 1268 MSPQM - ok
11:34:44.0136 1268 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
11:34:44.0152 1268 MsRPC - ok
11:34:44.0183 1268 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
11:34:44.0183 1268 mssmbios - ok
11:34:44.0214 1268 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:34:44.0261 1268 MSTEE - ok
11:34:44.0308 1268 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:34:44.0323 1268 MTConfig - ok
11:34:44.0355 1268 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:34:44.0370 1268 Mup - ok
11:34:44.0401 1268 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
11:34:44.0464 1268 napagent - ok
11:34:44.0479 1268 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:34:44.0511 1268 NativeWifiP - ok
11:34:44.0557 1268 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
11:34:44.0573 1268 NDIS - ok
11:34:44.0604 1268 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:34:44.0635 1268 NdisCap - ok
11:34:44.0667 1268 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:34:44.0729 1268 NdisTapi - ok
11:34:44.0745 1268 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
11:34:44.0791 1268 Ndisuio - ok
11:34:44.0823 1268 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:34:44.0854 1268 NdisWan - ok
11:34:44.0869 1268 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
11:34:44.0901 1268 NDProxy - ok
11:34:44.0932 1268 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:34:44.0979 1268 NetBIOS - ok
11:34:45.0010 1268 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
11:34:45.0057 1268 NetBT - ok
11:34:45.0088 1268 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:34:45.0103 1268 Netlogon - ok
11:34:45.0181 1268 netr28x (8b5d2d7cb0ef5b1967860b8ab742a46c) C:\Windows\system32\DRIVERS\netr28x.sys
11:34:45.0213 1268 netr28x - ok
11:34:45.0306 1268 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:34:45.0306 1268 NetTcpPortSharing - ok
11:34:45.0493 1268 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
11:34:45.0603 1268 netw5v64 - ok
11:34:45.0649 1268 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:34:45.0665 1268 nfrd960 - ok
11:34:45.0712 1268 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
11:34:45.0759 1268 NlaSvc - ok
11:34:45.0790 1268 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:34:45.0837 1268 Npfs - ok
11:34:45.0883 1268 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:34:45.0930 1268 nsi - ok
11:34:45.0961 1268 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:34:46.0008 1268 nsiproxy - ok
11:34:46.0071 1268 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
11:34:46.0117 1268 Ntfs - ok
11:34:46.0211 1268 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:34:46.0242 1268 Null - ok
11:34:46.0273 1268 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
11:34:46.0289 1268 nvraid - ok
11:34:46.0320 1268 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
11:34:46.0336 1268 nvstor - ok
11:34:46.0367 1268 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
11:34:46.0383 1268 nv_agp - ok
11:34:46.0476 1268 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:34:46.0492 1268 odserv - ok
11:34:46.0523 1268 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
11:34:46.0539 1268 ohci1394 - ok
11:34:46.0601 1268 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:34:46.0601 1268 ose - ok
11:34:46.0632 1268 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:34:46.0679 1268 p2pimsvc - ok
11:34:46.0710 1268 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:34:46.0726 1268 p2psvc - ok
11:34:46.0726 1268 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:34:46.0741 1268 Parport - ok
11:34:46.0773 1268 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
11:34:46.0788 1268 partmgr - ok
11:34:46.0804 1268 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:34:46.0835 1268 PcaSvc - ok
11:34:46.0882 1268 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
11:34:46.0897 1268 pci - ok
11:34:46.0913 1268 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
11:34:46.0929 1268 pciide - ok
11:34:46.0944 1268 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:34:46.0960 1268 pcmcia - ok
11:34:46.0975 1268 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:34:46.0975 1268 pcw - ok
11:34:47.0007 1268 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:34:47.0053 1268 PEAUTH - ok
11:34:47.0116 1268 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:34:47.0163 1268 PerfHost - ok
11:34:47.0241 1268 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
11:34:47.0319 1268 pla - ok
11:34:47.0365 1268 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
11:34:47.0397 1268 PlugPlay - ok
11:34:47.0412 1268 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:34:47.0428 1268 PNRPAutoReg - ok
11:34:47.0506 1268 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
11:34:47.0521 1268 Point64 - ok
11:34:47.0553 1268 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
11:34:47.0615 1268 PolicyAgent - ok
11:34:47.0646 1268 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:34:47.0693 1268 Power - ok
11:34:47.0740 1268 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
11:34:47.0787 1268 PptpMiniport - ok
11:34:47.0818 1268 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:34:47.0849 1268 Processor - ok
11:34:47.0896 1268 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
11:34:47.0943 1268 ProfSvc - ok
11:34:47.0974 1268 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:34:47.0989 1268 ProtectedStorage - ok
11:34:48.0036 1268 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
11:34:48.0083 1268 Psched - ok
11:34:48.0177 1268 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:34:48.0208 1268 ql2300 - ok
11:34:48.0301 1268 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:34:48.0301 1268 ql40xx - ok
11:34:48.0333 1268 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:34:48.0348 1268 QWAVEdrv - ok
11:34:48.0364 1268 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:34:48.0411 1268 RasAcd - ok
11:34:48.0442 1268 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:34:48.0473 1268 RasAgileVpn - ok
11:34:48.0504 1268 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:34:48.0551 1268 RasAuto - ok
11:34:48.0582 1268 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:34:48.0613 1268 Rasl2tp - ok
11:34:48.0660 1268 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:34:48.0707 1268 RasPppoe - ok
11:34:48.0723 1268 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:34:48.0769 1268 RasSstp - ok
11:34:48.0801 1268 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
11:34:48.0847 1268 rdbss - ok
11:34:48.0879 1268 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:34:48.0894 1268 rdpbus - ok
11:34:48.0894 1268 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:34:48.0925 1268 RDPCDD - ok
11:34:48.0972 1268 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:34:49.0019 1268 RDPENCDD - ok
11:34:49.0050 1268 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:34:49.0081 1268 RDPREFMP - ok
11:34:49.0128 1268 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
11:34:49.0159 1268 RDPWD - ok
11:34:49.0191 1268 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
11:34:49.0206 1268 rdyboost - ok
11:34:49.0222 1268 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:34:49.0284 1268 RemoteAccess - ok
11:34:49.0300 1268 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:34:49.0362 1268 RemoteRegistry - ok
11:34:49.0409 1268 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
11:34:49.0456 1268 RFCOMM - ok
11:34:49.0471 1268 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:34:49.0518 1268 RpcEptMapper - ok
11:34:49.0534 1268 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:34:49.0565 1268 RpcLocator - ok
11:34:49.0596 1268 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
11:34:49.0627 1268 RpcSs - ok
11:34:49.0674 1268 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:34:49.0721 1268 rspndr - ok
11:34:49.0768 1268 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys
11:34:49.0783 1268 RSUSBSTOR - ok
11:34:49.0815 1268 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:34:49.0830 1268 RTL8167 - ok
11:34:49.0861 1268 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:34:49.0861 1268 SamSs - ok
11:34:49.0893 1268 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
11:34:49.0908 1268 sbp2port - ok
11:34:49.0924 1268 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:34:49.0986 1268 SCardSvr - ok
11:34:50.0002 1268 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
11:34:50.0049 1268 scfilter - ok
11:34:50.0111 1268 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
11:34:50.0158 1268 Schedule - ok
11:34:50.0189 1268 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
11:34:50.0220 1268 SCPolicySvc - ok
11:34:50.0236 1268 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
11:34:50.0267 1268 sdbus - ok
11:34:50.0298 1268 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
11:34:50.0345 1268 SDRSVC - ok
11:34:50.0376 1268 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:34:50.0423 1268 secdrv - ok
11:34:50.0470 1268 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:34:50.0485 1268 Serenum - ok
11:34:50.0517 1268 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:34:50.0532 1268 Serial - ok
11:34:50.0532 1268 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:34:50.0563 1268 sermouse - ok
11:34:50.0595 1268 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
11:34:50.0641 1268 sffdisk - ok
11:34:50.0657 1268 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
11:34:50.0688 1268 sffp_mmc - ok
11:34:50.0704 1268 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
11:34:50.0719 1268 sffp_sd - ok
11:34:50.0751 1268 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:34:50.0751 1268 sfloppy - ok
11:34:50.0782 1268 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
11:34:50.0829 1268 ShellHWDetection - ok
11:34:50.0875 1268 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:34:50.0875 1268 SiSRaid2 - ok
11:34:50.0907 1268 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:34:50.0907 1268 SiSRaid4 - ok
11:34:50.0953 1268 SMARTMouseFilterx64 (078fd5f4cc92699643beb7efc5c2b64f) C:\Windows\system32\DRIVERS\SMARTMouseFilterx64.sys
11:34:50.0953 1268 SMARTMouseFilterx64 - ok
11:34:51.0000 1268 SMARTVHidMiniVistaAmd64 (f7989516e1f2ea5f010345887dbf662f) C:\Windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys
11:34:51.0016 1268 SMARTVHidMiniVistaAmd64 - ok
11:34:51.0063 1268 SMARTVTabletPCx64 (539e31cdc10927153972cedd83a3d121) C:\Windows\system32\DRIVERS\SMARTVTabletPCx64.sys
11:34:51.0063 1268 SMARTVTabletPCx64 - ok
11:34:51.0094 1268 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:34:51.0141 1268 Smb - ok
11:34:51.0172 1268 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:34:51.0187 1268 SNMPTRAP - ok
11:34:51.0203 1268 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:34:51.0219 1268 spldr - ok
11:34:51.0265 1268 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
11:34:51.0312 1268 Spooler - ok
11:34:51.0406 1268 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
11:34:51.0484 1268 sppsvc - ok
11:34:51.0609 1268 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
11:34:51.0655 1268 srv - ok
11:34:51.0671 1268 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
11:34:51.0702 1268 srv2 - ok
11:34:51.0796 1268 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:34:51.0811 1268 SrvHsfHDA - ok
11:34:51.0858 1268 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:34:51.0889 1268 SrvHsfV92 - ok
11:34:51.0952 1268 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:34:51.0967 1268 SrvHsfWinac - ok
11:34:52.0014 1268 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
11:34:52.0030 1268 srvnet - ok
11:34:52.0092 1268 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:34:52.0139 1268 SSDPSRV - ok
11:34:52.0155 1268 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:34:52.0186 1268 SstpSvc - ok
11:34:52.0279 1268 STacSV (463e33b1ea7af1e6eb87b66b831db41a) C:\Program Files\IDT\WDM\STacSV64.exe
11:34:52.0311 1268 STacSV - ok
11:34:52.0357 1268 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:34:52.0357 1268 stexstor - ok
11:34:52.0420 1268 STHDA (4304b75094e106fb5423a290c95841e5) C:\Windows\system32\DRIVERS\stwrt64.sys
11:34:52.0451 1268 STHDA - ok
11:34:52.0513 1268 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
11:34:52.0545 1268 stisvc - ok
11:34:52.0576 1268 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
11:34:52.0591 1268 swenum - ok
11:34:52.0623 1268 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:34:52.0685 1268 swprv - ok
11:34:52.0732 1268 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
11:34:52.0747 1268 SynTP - ok
11:34:52.0763 1268 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
11:34:52.0794 1268 TabletInputService - ok
11:34:52.0825 1268 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
11:34:52.0872 1268 TapiSrv - ok
11:34:52.0903 1268 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:34:52.0935 1268 TBS - ok
11:34:53.0028 1268 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
11:34:53.0075 1268 Tcpip - ok
11:34:53.0200 1268 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
11:34:53.0231 1268 TCPIP6 - ok
11:34:53.0278 1268 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
11:34:53.0309 1268 tcpipreg - ok
11:34:53.0340 1268 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:34:53.0371 1268 TDPIPE - ok
11:34:53.0403 1268 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
11:34:53.0418 1268 TDTCP - ok
11:34:53.0449 1268 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
11:34:53.0496 1268 tdx - ok
11:34:53.0512 1268 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
11:34:53.0527 1268 TermDD - ok
11:34:53.0574 1268 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
11:34:53.0637 1268 TermService - ok
11:34:53.0652 1268 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:34:53.0668 1268 Themes - ok
11:34:53.0699 1268 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:34:53.0730 1268 THREADORDER - ok
11:34:53.0730 1268 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:34:53.0793 1268 TrkWks - ok
11:34:53.0839 1268 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
11:34:53.0839 1268 TrustedInstaller - ok
11:34:53.0871 1268 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:34:53.0917 1268 tssecsrv - ok
11:34:53.0964 1268 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
11:34:54.0011 1268 tunnel - ok
11:34:54.0042 1268 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:34:54.0042 1268 uagp35 - ok
11:34:54.0073 1268 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys
11:34:54.0105 1268 udfs - ok
11:34:54.0136 1268 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:34:54.0136 1268 UI0Detect - ok
11:34:54.0183 1268 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
11:34:54.0183 1268 uliagpkx - ok
11:34:54.0198 1268 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
11:34:54.0229 1268 umbus - ok
11:34:54.0261 1268 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:34:54.0292 1268 UmPass - ok
11:34:54.0448 1268 UNS (0fadd949576a164b4e51e716f46b6c33) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
11:34:54.0510 1268 UNS - ok
11:34:54.0619 1268 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
11:34:54.0619 1268 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
11:34:54.0619 1268 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
11:34:54.0651 1268 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
11:34:54.0666 1268 usbccgp - ok
11:34:54.0713 1268 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
11:34:54.0744 1268 usbcir - ok
11:34:54.0775 1268 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
11:34:54.0775 1268 usbehci - ok
11:34:54.0822 1268 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
11:34:54.0822 1268 usbhub - ok
11:34:54.0869 1268 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
11:34:54.0885 1268 usbohci - ok
11:34:54.0916 1268 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:34:54.0947 1268 usbprint - ok
11:34:54.0978 1268 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:34:55.0025 1268 USBSTOR - ok
11:34:55.0041 1268 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
11:34:55.0056 1268 usbuhci - ok
11:34:55.0103 1268 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
11:34:55.0134 1268 usbvideo - ok
11:34:55.0165 1268 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:34:55.0197 1268 UxSms - ok
11:34:55.0228 1268 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:34:55.0228 1268 VaultSvc - ok
11:34:55.0306 1268 vcsFPService (2662f24c7aee2a32cebdec907a5366f1) C:\Windows\system32\vcsFPService.exe
11:34:55.0353 1268 vcsFPService - ok
11:34:55.0446 1268 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
11:34:55.0446 1268 vdrvroot - ok
11:34:55.0493 1268 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
11:34:55.0509 1268 vds - ok
11:34:55.0524 1268 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:34:55.0540 1268 vga - ok
11:34:55.0571 1268 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:34:55.0618 1268 VgaSave - ok
11:34:55.0665 1268 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
11:34:55.0665 1268 vhdmp - ok
11:34:55.0696 1268 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
11:34:55.0711 1268 viaide - ok
11:34:55.0727 1268 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
11:34:55.0743 1268 volmgr - ok
11:34:55.0758 1268 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
11:34:55.0774 1268 volmgrx - ok
11:34:55.0821 1268 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
11:34:55.0836 1268 volsnap - ok
11:34:55.0883 1268 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:34:55.0883 1268 vsmraid - ok
11:34:55.0930 1268 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
11:34:55.0992 1268 VSS - ok
11:34:56.0086 1268 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:34:56.0101 1268 vwifibus - ok
11:34:56.0133 1268 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:34:56.0164 1268 vwififlt - ok
11:34:56.0211 1268 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:34:56.0242 1268 W32Time - ok
11:34:56.0257 1268 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:34:56.0289 1268 WacomPen - ok
11:34:56.0335 1268 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:34:56.0382 1268 WANARP - ok
11:34:56.0398 1268 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:34:56.0429 1268 Wanarpv6 - ok
11:34:56.0507 1268 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:34:56.0538 1268 WatAdminSvc - ok
11:34:56.0601 1268 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
11:34:56.0647 1268 wbengine - ok
11:34:56.0710 1268 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:34:56.0725 1268 WbioSrvc - ok
11:34:56.0788 1268 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:34:56.0803 1268 Wd - ok
11:34:56.0819 1268 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:34:56.0835 1268 Wdf01000 - ok
11:34:56.0866 1268 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:34:56.0897 1268 WdiServiceHost - ok
11:34:56.0897 1268 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:34:56.0913 1268 WdiSystemHost - ok
11:34:56.0959 1268 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:34:57.0006 1268 Wecsvc - ok
11:34:57.0022 1268 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:34:57.0069 1268 wercplsupport - ok
11:34:57.0100 1268 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:34:57.0147 1268 WerSvc - ok
11:34:57.0193 1268 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:34:57.0225 1268 WfpLwf - ok
11:34:57.0256 1268 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:34:57.0256 1268 WIMMount - ok
11:34:57.0318 1268 WinDefend - ok
11:34:57.0365 1268 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:34:57.0412 1268 Winmgmt - ok
11:34:57.0490 1268 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
11:34:57.0568 1268 WinRM - ok
11:34:57.0677 1268 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
11:34:57.0693 1268 WinUSB - ok
11:34:57.0724 1268 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:34:57.0755 1268 Wlansvc - ok
11:34:57.0880 1268 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:34:57.0927 1268 wlidsvc - ok
11:34:57.0958 1268 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:34:57.0973 1268 WmiAcpi - ok
11:34:58.0020 1268 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:34:58.0036 1268 wmiApSrv - ok
11:34:58.0098 1268 WMPNetworkSvc - ok
11:34:58.0145 1268 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:34:58.0161 1268 WPCSvc - ok
11:34:58.0176 1268 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:34:58.0207 1268 ws2ifsl - ok
11:34:58.0270 1268 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
11:34:58.0285 1268 wscsvc - ok
11:34:58.0285 1268 WSearch - ok
11:34:58.0410 1268 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
11:34:58.0488 1268 wuauserv - ok
11:34:58.0582 1268 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
11:34:58.0629 1268 WudfPf - ok
11:34:58.0644 1268 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:34:58.0707 1268 WUDFRd - ok
11:34:58.0722 1268 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
11:34:58.0769 1268 wudfsvc - ok
11:34:58.0816 1268 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
11:34:58.0831 1268 yukonw7 - ok
11:34:58.0894 1268 MBR (0x1B8) (90a28cb727f4411b4e68fa392179eab5) \Device\Harddisk0\DR0
11:34:59.0034 1268 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:34:59.0050 1268 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:34:59.0050 1268 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
11:35:00.0984 1268 \Device\Harddisk1\DR1 - ok
11:35:00.0984 1268 Boot (0x1200) (33ced632a184b647baa7372dcabbe4f6) \Device\Harddisk0\DR0\Partition0
11:35:00.0984 1268 \Device\Harddisk0\DR0\Partition0 - ok
11:35:01.0015 1268 Boot (0x1200) (7d88943849f5b119122a49b2257016a9) \Device\Harddisk0\DR0\Partition1
11:35:01.0015 1268 \Device\Harddisk0\DR0\Partition1 - ok
11:35:01.0047 1268 Boot (0x1200) (9fe8f1deabe014a88233fddb7caeea01) \Device\Harddisk0\DR0\Partition2
11:35:01.0047 1268 \Device\Harddisk0\DR0\Partition2 - ok
11:35:01.0047 1268 Boot (0x1200) (d53dd264394bf8f562c4cffd1f3dd641) \Device\Harddisk0\DR0\Partition3
11:35:01.0062 1268 \Device\Harddisk0\DR0\Partition3 - ok
11:35:01.0062 1268 Boot (0x1200) (f7d38fe9f25c988114b04c6c267a79e7) \Device\Harddisk1\DR1\Partition0
11:35:01.0062 1268 \Device\Harddisk1\DR1\Partition0 - ok
11:35:01.0062 1268 ============================================================
11:35:01.0062 1268 Scan finished
11:35:01.0062 1268 ============================================================
11:35:01.0093 1068 Detected object count: 5
11:35:01.0093 1068 Actual detected object count: 5
11:35:48.0923 1068 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:35:48.0923 1068 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:35:48.0923 1068 FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - skipped by user
11:35:48.0923 1068 FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:35:48.0939 1068 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
11:35:48.0939 1068 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:35:48.0954 1068 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
11:35:48.0954 1068 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:35:49.0157 1068 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
11:35:49.0157 1068 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
11:35:49.0219 1068 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
11:35:49.0219 1068 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
11:35:49.0251 1068 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
11:35:49.0251 1068 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
11:35:49.0251 1068 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
11:35:49.0251 1068 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
11:35:49.0251 1068 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
11:35:49.0251 1068 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
11:35:49.0251 1068 \Device\Harddisk0\DR0\TDLFS - deleted
11:35:49.0251 1068 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
11:36:03.0353 1148 Deinitialize success


and


Farbar Service Scanner Version: 05-06-2012
Ran by Laura (administrator) on 08-06-2012 at 11:47:13
Running from "C:\Users\Laura\Desktop"
Windows 7 Home Premium (X64)
Boot Mode: Nerwork
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-03-11 19:28] - [2011-12-28 04:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-10 18:38] - [2012-03-30 12:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-14 01:09] - [2009-07-14 02:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-14 00:36] - [2009-07-14 02:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-14 01:36] - [2009-07-14 02:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#8
Nedklaw
Posted 10 June 2012 - 09:44 AM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

It looks like the WinDefend service has been set to Demand. Please set it to Automatic by doing the following:

  • Type services.msc into the search box and click OK.
  • Click on the WinDefend service.
  • Under startup type select Automatic.
  • Click Apply then OK.

Step 2

Download Windows Repair (all in one) from this site.

Install the program then let it run.

Go to Step 2 and allow it to run Disc Check.

Posted Image


Once that is done then go to Step 3 and allow it to run System File Checker.

Posted Image


On the Start Repairs tab select Advanced Mode and click Start.

Posted Image


Select the items in the red surround (remove the ticks from the rest). Also select Repair MSI (Windows Installer) and Set Windows Services to Default Startup.
Tick Restart System When Finished then click Start.

Posted Image


Step 3

Please run Farbar Service Scanner again.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    Posted Image
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step 4

  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Things I want to see in your next reply

  • FSS.txt
  • OTL.txt
  • 0

#9
Crouchy
Posted 10 June 2012 - 11:57 AM

Crouchy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi,

It looks as though the windows defender is switching itself from automatic to manual each time it attempts to run.

Farbar Service Scanner Version: 05-06-2012
Ran by Laura (administrator) on 10-06-2012 at 18:50:31
Running from "C:\Users\Laura\Desktop"
Windows 7 Home Premium (X64)
Boot Mode: Nerwork
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-03-11 19:28] - [2011-12-28 04:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-10 18:38] - [2012-03-30 12:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-14 01:09] - [2009-07-14 02:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-14 00:36] - [2009-07-14 02:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-14 01:36] - [2009-07-14 02:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

OTL logfile created on: 6/10/2012 6:51:28 PM - Run 2
OTL by OldTimer - Version 3.2.46.0 Folder = C:\Users\Laura\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.80 Gb Total Physical Memory | 5.17 Gb Available Physical Memory | 89.18% Memory free
11.60 Gb Paging File | 10.98 Gb Available in Paging File | 94.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 445.26 Gb Total Space | 362.62 Gb Free Space | 81.44% Space Free | Partition Type: NTFS
Drive D: | 20.20 Gb Total Space | 2.94 Gb Free Space | 14.54% Space Free | Partition Type: NTFS
Drive F: | 99.02 Mb Total Space | 88.39 Mb Free Space | 89.26% Space Free | Partition Type: FAT32
Drive H: | 14.53 Gb Total Space | 9.52 Gb Free Space | 65.51% Space Free | Partition Type: FAT32

Computer Name: LAURA-HP | User Name: Laura | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/04 17:41:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Laura\Desktop\OTL.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/22 19:30:56 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012/03/20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/03/20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/03/20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/09/16 09:54:35 | 001,028,096 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/06/29 19:52:12 | 004,181,256 | ---- | M] (Motorola, Inc.) [On_Demand | Stopped] -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)
SRV:64bit: - [2010/06/22 06:57:44 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/19 00:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/18 06:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/05/20 21:28:14 | 000,677,128 | ---- | M] (Motorola, Inc.) [Auto | Stopped] -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV:64bit: - [2010/05/20 21:28:12 | 001,096,968 | ---- | M] (Motorola, Inc.) [On_Demand | Stopped] -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)
SRV:64bit: - [2010/04/24 02:42:40 | 000,445,192 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2010/02/23 15:38:54 | 002,192,176 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009/07/14 02:41:21 | 000,084,480 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (WPDBusEnum)
SRV:64bit: - [2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (WebClient)
SRV:64bit: - [2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (SensrSvc)
SRV:64bit: - [2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (RasMan)
SRV:64bit: - [2009/07/08 20:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/03/03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/05/05 09:28:35 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/05/21 16:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/09/16 09:54:34 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/30 04:51:12 | 000,245,232 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe -- (CLKMSVC10_C6F09094)
SRV - [2010/05/01 02:21:14 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/05/01 02:21:14 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/04/04 00:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/23 15:19:02 | 001,799,472 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2009/07/14 02:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 21:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/02/22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/02/22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/21 17:46:54 | 001,360,960 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/03/11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/25 19:14:16 | 000,013,168 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SMARTMouseFilterx64.sys -- (SMARTMouseFilterx64)
DRV:64bit: - [2011/01/25 19:14:02 | 000,024,944 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SMARTVTabletPCx64.sys -- (SMARTVTabletPCx64)
DRV:64bit: - [2011/01/25 19:14:00 | 000,016,368 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SMARTVHidMiniVistaAmd64.sys -- (SMARTVHidMiniVistaAmd64)
DRV:64bit: - [2010/07/23 14:35:16 | 000,327,680 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010/06/29 18:12:26 | 003,232,768 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmusb.sys -- (BTMUSB)
DRV:64bit: - [2010/06/25 06:32:52 | 000,032,880 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/06/22 08:17:52 | 006,856,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/06/22 06:28:32 | 010,342,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010/06/22 06:28:32 | 010,342,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/22 06:24:12 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/06/18 06:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/05/28 00:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/05/06 14:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/05/01 02:21:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2010/04/13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/10 00:53:04 | 000,052,736 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmcom.sys -- (BTMCOM)
DRV:64bit: - [2010/03/05 06:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/01/11 23:31:04 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/10/26 21:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009/07/14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/14 00:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009/07/08 20:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 20:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {1465584F-264B-46E6-8DF8-09396C4BA092}
IE:64bit: - HKLM\..\SearchScopes\{1465584F-264B-46E6-8DF8-09396C4BA092}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{566CDDC4-92CC-49DA-9CE5-99E95E4C3FBF}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{58245B88-AD40-43C3-9488-9DED54638ECC}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2
IE - HKLM\..\SearchScopes,DefaultScope = {1465584F-264B-46E6-8DF8-09396C4BA092}
IE - HKLM\..\SearchScopes\{1465584F-264B-46E6-8DF8-09396C4BA092}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{566CDDC4-92CC-49DA-9CE5-99E95E4C3FBF}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{58245B88-AD40-43C3-9488-9DED54638ECC}: "URL" = http://en.wikipedia....h={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-2001048911-2494770368-3296622909-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
IE - HKU\S-1-5-21-2001048911-2494770368-3296622909-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-2001048911-2494770368-3296622909-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-2001048911-2494770368-3296622909-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2001048911-2494770368-3296622909-1000\..\SearchScopes,DefaultScope = {A736982C-065E-45E2-9822-28C665028BCA}
IE - HKU\S-1-5-21-2001048911-2494770368-3296622909-1000\..\SearchScopes\{1465584F-264B-46E6-8DF8-09396C4BA092}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2001048911-2494770368-3296622909-1000\..\SearchScopes\{566CDDC4-92CC-49DA-9CE5-99E95E4C3FBF}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE - HKU\S-1-5-21-2001048911-2494770368-3296622909-1000\..\SearchScopes\{58245B88-AD40-43C3-9488-9DED54638ECC}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-2001048911-2494770368-3296622909-1000\..\SearchScopes\{A736982C-065E-45E2-9822-28C665028BCA}: "URL" = http://www.google.co...1I7ADRA_enGB448
IE - HKU\S-1-5-21-2001048911-2494770368-3296622909-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/09/16 10:14:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/06/07 11:05:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/03/12 19:33:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/05/01 17:30:37 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120429191607.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120429191608.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (@c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKU\S-1-5-21-2001048911-2494770368-3296622909-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] DLL32.EXE "C:\PROGRAM FILES\MOTOROLA\BLUETOOTH\BTMSHELL.DLL",TRAYAPP File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE File not found
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] .EXE /HIDDEN File not found
O4:64bit: - HKLM..\Run: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE File not found
O4:64bit: - HKLM..\Run: [IntelliPoint] T.EXE" File not found
O4:64bit: - HKLM..\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE File not found
O4:64bit: - HKLM..\Run: [SmartMenu] D File not found
O4:64bit: - HKLM..\Run: [SynTPEnh] H.EXE File not found
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2001048911-2494770368-3296622909-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9:64bit: - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B956E34E-A87F-4AAB-82AD-9CEC55F654E9}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/10 18:44:33 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/06/10 18:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/06/10 18:15:27 | 000,000,000 | ---D | C] -- C:\Reg_Backup
[2012/06/10 17:54:34 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/06/10 17:54:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2012/06/10 17:54:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2012/06/05 20:54:17 | 000,000,000 | ---D | C] -- C:\Users\Laura\Desktop\Services
[2012/06/05 20:52:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/05 20:51:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/06/05 20:51:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/06/05 20:51:21 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Laura\Desktop\erunt_setup.exe
[2012/06/05 20:43:47 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/05 20:41:00 | 002,127,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Laura\Desktop\tdsskiller.exe
[2012/06/04 20:55:50 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Laura\Desktop\aswMBR.exe
[2012/06/04 18:04:03 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Laura\Desktop\OTL.exe
[2012/06/04 17:12:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/06/04 17:11:58 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/06/04 16:00:36 | 000,000,000 | ---D | C] -- C:\Users\Laura\Desktop\cce_1.6.183539.73_x64
[2012/06/04 15:00:17 | 007,557,128 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Laura\Desktop\mbam-rules.exe
[2012/06/04 14:59:34 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/04 14:59:12 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Laura\Desktop\mbam-setup-1.50.1.1100.exe
[2012/05/27 15:10:08 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Roaming\Malwarebytes
[2012/05/27 15:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/11 23:17:34 | 000,000,000 | ---D | C] -- C:\Users\Laura\Desktop\LITERACY

========== Files - Modified Within 30 Days ==========

[2012/06/10 18:47:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/10 18:47:12 | 377,901,055 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/10 18:46:37 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/10 18:46:37 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/10 18:44:21 | 000,331,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/10 18:44:06 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/10 18:42:16 | 000,000,042 | ---- | M] () -- C:\repairs_running.dat
[2012/06/10 18:40:51 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/10 18:40:51 | 000,612,342 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/10 18:40:51 | 000,102,530 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/10 18:20:54 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2012/06/10 18:01:05 | 000,003,408 | ---- | M] () -- C:\bootsqm.dat
[2012/06/10 17:54:27 | 000,002,271 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/06/10 17:50:42 | 004,484,304 | ---- | M] () -- C:\Users\Laura\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2012/06/07 02:24:42 | 000,000,272 | ---- | M] () -- C:\Users\Laura\Desktop\WinDefend.reg
[2012/06/06 11:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/06 10:11:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/05 20:51:46 | 000,000,928 | ---- | M] () -- C:\Users\Laura\Desktop\NTREGOPT.lnk
[2012/06/05 20:51:46 | 000,000,909 | ---- | M] () -- C:\Users\Laura\Desktop\ERUNT.lnk
[2012/06/05 20:38:34 | 000,003,848 | ---- | M] () -- C:\Users\Laura\Desktop\Services.zip
[2012/06/05 20:37:06 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Laura\Desktop\erunt_setup.exe
[2012/06/05 20:36:02 | 002,127,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Laura\Desktop\tdsskiller.exe
[2012/06/04 20:46:34 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Laura\Desktop\aswMBR.exe
[2012/06/04 20:46:28 | 000,338,059 | ---- | M] () -- C:\Users\Laura\Desktop\FSS.exe
[2012/06/04 17:41:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Laura\Desktop\OTL.exe
[2012/05/27 15:39:58 | 007,557,128 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Laura\Desktop\mbam-rules.exe
[2012/05/15 17:57:56 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLaura.job
[2012/05/11 20:46:27 | 688,795,059 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2012/06/10 18:01:05 | 000,003,408 | ---- | C] () -- C:\bootsqm.dat
[2012/06/10 17:55:40 | 000,000,042 | ---- | C] () -- C:\repairs_running.dat
[2012/06/10 17:54:27 | 000,002,271 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/06/10 17:53:56 | 004,484,304 | ---- | C] () -- C:\Users\Laura\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2012/06/08 11:41:12 | 000,000,272 | ---- | C] () -- C:\Users\Laura\Desktop\WinDefend.reg
[2012/06/05 20:53:23 | 000,003,848 | ---- | C] () -- C:\Users\Laura\Desktop\Services.zip
[2012/06/05 20:51:46 | 000,000,928 | ---- | C] () -- C:\Users\Laura\Desktop\NTREGOPT.lnk
[2012/06/05 20:51:46 | 000,000,909 | ---- | C] () -- C:\Users\Laura\Desktop\ERUNT.lnk
[2012/06/04 20:56:13 | 000,338,059 | ---- | C] () -- C:\Users\Laura\Desktop\FSS.exe
[2011/12/04 10:47:42 | 000,000,000 | ---- | C] () -- C:\Users\Laura\AppData\Local\{E4EFA95F-B99C-4290-8C08-7787A035BDAC}
[2011/07/11 19:57:48 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2010/09/16 09:56:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/16 09:50:19 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010/09/16 09:48:59 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/09/16 09:48:59 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/09/16 09:48:59 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/09/16 09:48:59 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/09/16 09:48:58 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/09/16 09:48:56 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/09/16 09:48:36 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/09/16 09:48:36 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/09/16 09:45:31 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/07/23 16:57:52 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/07/23 16:06:16 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010/07/23 15:55:53 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\HP Documentation.ini

========== LOP Check ==========

[2011/06/02 04:22:56 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\DigitalPersona
[2011/11/15 09:54:22 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\SMART Technologies
[2011/11/14 17:46:06 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\SMART Technologies Inc
[2011/06/02 17:42:01 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\WildTangent
[2012/05/16 21:01:30 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#10
Nedklaw
Posted 10 June 2012 - 03:16 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

  • Type services.msc into the search box and click OK.
  • Click on the Remote Procedure Call (RPC) service.
  • Under startup type select Automatic.
  • Under status click Start.
  • Click Apply then OK.

Step 2

Could you do the following:

  • Start Device Manager.
  • Click View, and then click Show hidden devices.
  • In the right pane of Device Manager, click Non-Plug and Play Drivers.
  • Double-click AFD Networking Support Environment.
  • Under Device usage, select the Use this device (enable) check box, and then click OK.

  • 0

Advertisements

#11
Crouchy
Posted 11 June 2012 - 10:19 AM

Crouchy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi

For step 1 it was already set on automatic and the potion was greyed out.

For step 2 there was not an option for AFD Networking Support... so I was unable to complete the step.

Thanks
  • 0

#12
Nedklaw
Posted 12 June 2012 - 01:32 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

  • Click Start.
  • Select All Programs.
  • Select Accessories.
  • Right click Command Prompt and select Run as Administrator.
  • Type in the black box sfc /scannow and press Enter.
  • Once done reboot and let me know of the result.

Step 2

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Things I want to see in your next reply

  • Result of sfc /scannow
  • Result.txt
  • 0

#13
Crouchy
Posted 14 June 2012 - 12:38 PM

Crouchy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi,

For step 1, the scan completed and did not highlight any problems.

Step 2:

MiniToolBox by Farbar Version: 09-06-2012
Ran by Laura (administrator) on 14-06-2012 at 19:35:50
Windows 7 Home Premium (X64)
Boot Mode: Nerwork
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================



# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Laura-HP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : lan
Description . . . . . . . . . . . : Ralink RT3090 802.11b/g/n WiFi Adapter
Physical Address. . . . . . . . . : E0-2A-82-5C-D9-EE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.lan:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...e0 2a 82 5c d9 ee ......Ralink RT3090 802.11b/g/n WiFi Adapter
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [35840] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [46592] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/14/2012 07:33:25 PM) (Source: WinMgmt) (User: )
Description: 0x8007007e

Error: (06/14/2012 07:17:03 PM) (Source: WinMgmt) (User: )
Description: 0x8007007e

Error: (06/14/2012 07:15:35 PM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

Error: (06/14/2012 07:15:35 PM) (Source: WinMgmt) (User: )
Description: 0x8007007e

Error: (06/11/2012 05:10:44 PM) (Source: Application Error) (User: )
Description: Faulting application name: HPWMISVC.exe, version: 2.3.1.0, time stamp: 0x4cd8eed3
Faulting module name: HPWMISVC.exe, version: 2.3.1.0, time stamp: 0x4cd8eed3
Exception code: 0xc0000005
Fault offset: 0x000016d1
Faulting process id: 0x874
Faulting application start time: 0xHPWMISVC.exe0
Faulting application path: HPWMISVC.exe1
Faulting module path: HPWMISVC.exe2
Report Id: HPWMISVC.exe3

Error: (06/11/2012 05:10:08 PM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

Error: (06/11/2012 05:10:08 PM) (Source: WinMgmt) (User: )
Description: 0x8007007e

Error: (06/11/2012 05:08:50 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (06/11/2012 04:53:22 PM) (Source: WinMgmt) (User: )
Description: 0x8007007e

Error: (06/11/2012 04:51:58 PM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.


System errors:
=============
Error: (06/14/2012 07:34:24 PM) (Source: DCOM) (User: )
Description: 1084Bluetooth Device Manager{3428CA47-50B8-48C2-8839-48D3C4C59B23}

Error: (06/14/2012 07:33:41 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (06/14/2012 07:33:41 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (06/14/2012 07:33:37 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/14/2012 07:33:37 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/14/2012 07:33:37 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/14/2012 07:33:37 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/14/2012 07:33:25 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
discache
spldr
Wanarpv6

Error: (06/14/2012 07:33:26 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/14/2012 07:33:19 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (05/11/2012 07:09:52 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 324 seconds with 300 seconds of active time. This session ended with a crash.

Error: (05/11/2012 07:03:47 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3758 seconds with 2280 seconds of active time. This session ended with a crash.

Error: (06/27/2011 08:21:58 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2033 seconds with 1440 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.235)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.5 (Version: 11.5.7.609)
Agatha Christie - Death on the Nile (Version: 2.2.0.95)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.778.0)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bing Bar (Version: 6.3.2380.0)
Bing Bar Platform (Version: 6.3.2380.0)
Blackhawk Striker 2 (Version: 2.2.0.95)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2010.0621.2137.36973)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0621.2137.36973)
Catalyst Control Center InstallProxy (Version: 2010.0621.2137.36973)
Catalyst Control Center Localization All (Version: 2010.0621.2137.36973)
ccc-core-static (Version: 2010.0621.2137.36973)
ccc-utility64 (Version: 2010.0621.2137.36973)
CCC Help Chinese Standard (Version: 2010.0621.2136.36973)
CCC Help Chinese Traditional (Version: 2010.0621.2136.36973)
CCC Help Czech (Version: 2010.0621.2136.36973)
CCC Help Danish (Version: 2010.0621.2136.36973)
CCC Help Dutch (Version: 2010.0621.2136.36973)
CCC Help English (Version: 2010.0621.2136.36973)
CCC Help Finnish (Version: 2010.0621.2136.36973)
CCC Help French (Version: 2010.0621.2136.36973)
CCC Help German (Version: 2010.0621.2136.36973)
CCC Help Greek (Version: 2010.0621.2136.36973)
CCC Help Hungarian (Version: 2010.0621.2136.36973)
CCC Help Italian (Version: 2010.0621.2136.36973)
CCC Help Japanese (Version: 2010.0621.2136.36973)
CCC Help Korean (Version: 2010.0621.2136.36973)
CCC Help Norwegian (Version: 2010.0621.2136.36973)
CCC Help Polish (Version: 2010.0621.2136.36973)
CCC Help Portuguese (Version: 2010.0621.2136.36973)
CCC Help Russian (Version: 2010.0621.2136.36973)
CCC Help Spanish (Version: 2010.0621.2136.36973)
CCC Help Swedish (Version: 2010.0621.2136.36973)
CCC Help Thai (Version: 2010.0621.2136.36973)
CCC Help Turkish (Version: 2010.0621.2136.36973)
Chuzzle Deluxe (Version: 2.2.0.95)
CyberLink DVD Suite (Version: 7.0.3003)
Dora's Carnival Adventure (Version: 2.2.0.95)
DVD Menu Pack for HP MediaSmart Video (Version: 4.1.4121)
Energy Star Digital Logo (Version: 1.0.1)
ERUNT 1.1j
Escape Rosecliff Island (Version: 2.2.0.95)
ESU for Microsoft Windows 7 (Version: 1.0.0)
FATE (Version: 2.2.0.95)
Final Drive Nitro (Version: 2.2.0.95)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000)
HP 3D DriveGuard (Version: 4.0.5.1)
HP Advisor (Version: 3.4.10262.3295)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Documentation (Version: 1.1.1.0)
HP DVB-T TV Tuner 8.0.64.43 (Version: 8.0.64.43)
HP Game Console
HP Games (Version: 1.0.1.3)
HP MediaSmart DVD (Version: 4.1.4229)
HP MediaSmart Movies and TV (Version: 1.0.0.10)
HP MediaSmart Music (Version: 4.1.4215)
HP MediaSmart Photo (Version: 4.1.4211)
HP MediaSmart SmartMenu (Version: 3.1.1.12)
HP MediaSmart Video (Version: 4.1.4214)
HP MediaSmart Webcam (Version: 4.1.3024)
HP Photo Creations (Version: 1.0.0.3611)
HP Power Manager (Version: 1.2.3)
HP Quick Launch (Version: 2.3.6)
HP Setup (Version: 8.1.4186.3400)
HP SimplePass Identity Protection (Version: 5.10.175)
HP Software Framework (Version: 4.1.6.1)
HP Support Assistant (Version: 6.1.12.1)
HP Wireless Assistant (Version: 4.0.9.0)
IDT Audio (Version: 1.0.6289.0)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Rapid Storage Technology (Version: 9.6.2.1001)
Intel® Turbo Boost Technology Driver (Version: 01.00.01.1002)
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 20 (64-bit) (Version: 6.0.200)
Java™ 6 Update 31 (Version: 6.0.310)
Jewel Quest - Heritage (Version: 2.2.0.95)
Junk Mail filter update (Version: 14.0.8117.416)
LabelPrint (Version: 2.5.2907)
LightScribe System Software (Version: 1.18.16.1)
Magic Desktop
McAfee Total Protection (Version: 11.0.669)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Movie Theme Pack for HP MediaSmart Video (Version: 4.1.4030)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Penguins! (Version: 2.2.0.95)
PhotoNow! (Version: 1.1.6904)
Plants vs. Zombies (Version: 2.2.0.95)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Power2Go (Version: 6.1.4204)
PowerDirector (Version: 8.0.3003)
PX Profile Update (Version: 1.00.1.)
QuickTime (Version: 7.71.80.42)
Ralink Motorola BC4 Bluetooth 3.0+HS Adapter (Version: 3.0.41.258)
Ralink RT3090 802.11b/g/n WiFi Adapter (Version: 3.01.18.0)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.17.304.2010)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30111)
Recovery Manager (Version: 5.5.3023)
Synaptics Pointing Device Driver (Version: 15.0.17.4)
Tweaking.com - Windows Repair (All in One) (Version: 1.7.3)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Validity Sensors DDK (Version: 4.1.139.0)
Virtual Villagers - The Secret City (Version: 2.2.0.95)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Zuma Deluxe (Version: 2.2.0.95)

========================= Devices: ================================

Could not list devices.

========================= Memory info: ===================================

Percentage of memory in use: 10%
Total physical RAM: 5941.86 MB
Available physical RAM: 5306.16 MB
Total Pagefile: 11881.86 MB
Available Pagefile: 11266.53 MB
Total Virtual: 4095.88 MB
Available Virtual: 3978.37 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:445.26 GB) (Free:362.58 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:20.2 GB) (Free:2.94 GB) NTFS
4 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive g: () (Removable) (Total:1.87 GB) (Free:0.19 GB) FAT

========================= Users: ========================================

User accounts for \\LAURA-HP

Administrator Guest Laura

========================= Minidump Files ==================================

No minidump file found


**** End of log ****
  • 0

#14
Nedklaw
Posted 14 June 2012 - 02:24 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)

Click the Start button and type cmd.exe into the search box. Click on the program in the list.
Copy and paste the following command into the black box and press Enter:

regedit.exe /e C:\afd.txt HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD
Please post the contents of C:\afd.txt in your next reply.
  • 0

#15
Essexboy
Posted 18 June 2012 - 02:55 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP