Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Blue Screen every time I log in


  • This topic is locked This topic is locked

#1
elliotjung

elliotjung

    Member

  • Member
  • PipPip
  • 14 posts
Recently, my computer has been experiencing the "blue screen of death". It would happen sparsely and after an hour or two of computer use. However, more recently, the blue screen began to appear even more frequently until it began to appear every time I logged into my account. Thus, I booted my computer into safe mode after one of the blue screen restarts and began to run a series of malware scans (Avast, Superspyware, and Malwarebytes). A few cookies and trojans came up but I didn't think too much of them. I rebooted and this time, after I login, the computer fails to even boot and maintains a black screen with only my mouse (which is still able to move). I originally thought it to be a malware considering that I've never had this problem before, but I guess it could have been a hardware/software problem and I messed up my machine with the scans. I am running from safe mode.

The important bits of text on the blue screen are
"IRQL_NOT_LESS_OR_EQUAL"
"Technical information:
*** STOP: 0x0000000A (0X0409001d, 0X00000002, 0x00000001, 0x82CD4253)"

I can type out the full blue screen message if needed and I also have the image on my phone.

I've have not run the AVG rescue CD as my CD drive is broken.

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-06-2012
Ran by SYSTEM at 21-06-2012 22:46:49
Running from F:\
Windows 7 Professional (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-09-23] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2009-09-23] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2009-09-23] (Intel Corporation)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [] [x]
HKLM\...\Run: [QuickTime Plugin Install] C:\Program Files\QuickTime\Plugins\DeleteMe1.exe [86016 2011-08-22] ()
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4241512 2012-03-06] (AVAST Software)
HKU\Elliot\...\Run: [Google Update] "C:\Users\Elliot\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-08-23] (Google Inc.)
HKU\Elliot\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Elliot\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
HKU\Elliot\...\Run: [Spotify Web Helper] "C:\Users\Elliot\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [932528 2012-05-23] ()
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [462408 2012-04-04] (Malwarebytes Corporation)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

================================ Services (Whitelisted) ==================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [116608 2011-08-11] (SUPERAntiSpyware.com)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2012-03-06] (AVAST Software)
3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [556544 2010-11-20] (Microsoft Corporation)
3 ehSched; C:\Windows\ehome\ehsched.exe [94720 2009-07-13] (Microsoft Corporation)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
3 Fax; C:\Windows\System32\fxssvc.exe [523264 2010-11-20] (Microsoft Corporation)
3 Microsoft SharePoint Workspace Audit Service; "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice [31125880 2011-06-12] (Microsoft Corporation)
3 msiserver; C:\Windows\System32\msiexec.exe /V [73216 2010-11-20] (Microsoft Corporation)
4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [124240 2010-03-18] (Microsoft Corporation)
4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
3 SstpSvc; C:\Windows\System32\sstpsvc.dll [90112 2009-07-13] (Microsoft Corporation)
3 StorSvc; C:\Windows\System32\storsvc.dll [16384 2009-07-13] (Microsoft Corporation)
3 UI0Detect; C:\Windows\System32\UI0Detect.exe [35840 2009-07-13] (Microsoft Corporation)
3 wbengine; "C:\Windows\system32\wbengine.exe" [1203200 2010-11-20] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [20696 2012-03-06] (AVAST Software)
2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [57688 2012-03-06] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [44376 2012-03-06] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [612184 2012-03-06] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337880 2012-03-06] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [53848 2012-03-06] (AVAST Software)
3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-10] (Hewlett-Packard Development Company, L.P.)
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-06-21] (Malwarebytes Corporation)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 smserial; C:\Windows\System32\DRIVERS\smserial.sys [1095936 2009-10-26] (Motorola Inc.)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [477240 2012-05-18] (Duplex Secure Ltd.)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-21 22:46 - 2012-06-21 22:47 - 00000000 ____D C:\FRST
2012-06-21 12:54 - 2012-06-21 12:54 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-06-21 01:39 - 2012-06-21 01:39 - 00001998 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-06-21 01:39 - 2012-03-06 15:03 - 00612184 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-06-21 01:39 - 2012-03-06 15:03 - 00337880 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-06-21 01:39 - 2012-03-06 15:02 - 00044376 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-06-21 01:39 - 2012-03-06 15:01 - 00057688 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-06-21 01:39 - 2012-03-06 15:01 - 00053848 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-06-21 01:39 - 2012-03-06 15:01 - 00020696 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-06-21 01:38 - 2012-03-06 15:15 - 00201352 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-06-21 01:38 - 2012-03-06 15:15 - 00041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-06-21 00:46 - 2012-06-21 01:09 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-06-21 00:45 - 2012-06-21 00:45 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-06-21 00:45 - 2012-04-04 11:56 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-18 23:10 - 2012-06-18 23:17 - 07943563 ____A C:\Users\Elliot\Downloads\Gotye - Don't Worry We'll Be Watching You.mp3
2012-06-18 23:08 - 2012-06-18 23:09 - 03201206 ____A C:\Users\Elliot\Downloads\Dash Berlin - California Love.mp3
2012-06-18 02:12 - 2012-06-18 02:18 - 06320882 ____A C:\Users\Elliot\Downloads\Zedd Feat. Matthew Koma – Spectrum (Radio Mix) (www.FlowElectro.net).mp3
2012-06-18 02:12 - 2012-06-18 02:17 - 14554202 ____A C:\Users\Elliot\Downloads\Zedd feat. Matthew Koma - Spectrum (Extended Mix) www.whitemusic.mx.mp3
2012-06-18 02:11 - 2012-06-18 02:19 - 14835302 ____A C:\Users\Elliot\Downloads\The Spectrum Of Language (Miami Life Bootleg).mp3
2012-06-17 23:53 - 2012-06-17 23:56 - 12363576 ____A C:\Users\Elliot\Downloads\Slik_D_-_Dont_Know_What_To_Do_Right_Now.mp3
2012-06-15 23:23 - 2012-06-15 23:23 - 00000000 ____D C:\Users\Elliot\AppData\Local\Macromedia
2012-06-12 23:03 - 2012-04-27 19:17 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-12 23:02 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-12 23:02 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-12 23:02 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-12 23:02 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-12 23:02 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-12 23:02 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-12 23:02 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-12 23:02 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-12 23:02 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-12 23:02 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-12 23:02 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-12 23:02 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-12 23:02 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-12 23:02 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-12 23:02 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-12 23:01 - 2012-05-14 17:05 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 23:01 - 2012-04-30 20:44 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-12 23:01 - 2012-04-25 20:45 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-12 23:01 - 2012-04-25 20:45 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-12 23:01 - 2012-04-25 20:41 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-02 11:10 - 2012-06-02 11:10 - 00000000 ____D C:\Users\Elliot\AppData\Local\Irrational Games

============ 3 Months Modified Files and Folders ===============

2012-06-21 22:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles
2012-06-21 18:34 - 2011-03-01 07:54 - 00000000 ____D C:\Windows\Minidump
2012-06-21 18:28 - 2011-02-01 10:20 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-21 17:55 - 2011-02-01 13:10 - 00000000 ____D C:\Users\Elliot\AppData\Roaming\vlc
2012-06-21 17:54 - 2011-02-01 10:31 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-06-21 17:47 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-21 17:13 - 2011-08-23 20:31 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950457622-4220880081-2362249784-1000UA.job
2012-06-21 16:34 - 2012-04-26 00:02 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-21 12:54 - 2012-06-21 12:54 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-06-21 01:39 - 2012-06-21 01:39 - 00001998 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-06-21 01:39 - 2009-07-13 18:04 - 00002577 ____A C:\Windows\System32\config.nt
2012-06-21 01:38 - 2012-04-18 05:38 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-06-21 01:38 - 2012-04-18 05:38 - 00000000 ____D C:\Program Files\AVAST Software
2012-06-21 01:09 - 2012-06-21 00:46 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-06-21 00:45 - 2012-06-21 00:45 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-06-21 00:41 - 2009-07-13 20:34 - 00013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-21 00:41 - 2009-07-13 20:34 - 00013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-21 00:04 - 2011-02-01 13:07 - 00000000 ____D C:\Users\Elliot\AppData\Roaming\Azureus
2012-06-20 23:45 - 2011-02-01 12:36 - 00000000 ____D C:\Program Files\CCleaner
2012-06-20 09:17 - 2011-08-23 20:31 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950457622-4220880081-2362249784-1000Core.job
2012-06-20 00:28 - 2011-02-05 09:49 - 00000000 ____D C:\Users\Elliot\Downloads\Vuze
2012-06-19 23:44 - 2011-02-01 12:40 - 00000000 ____D C:\Users\Elliot\AppData\Roaming\Audacity
2012-06-19 21:22 - 2011-02-01 10:31 - 00000000 ____D C:\Users\Elliot\AppData\Roaming\Mozilla
2012-06-19 01:11 - 2009-07-13 20:53 - 00032624 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-18 23:17 - 2012-06-18 23:10 - 07943563 ____A C:\Users\Elliot\Downloads\Gotye - Don't Worry We'll Be Watching You.mp3
2012-06-18 23:09 - 2012-06-18 23:08 - 03201206 ____A C:\Users\Elliot\Downloads\Dash Berlin - California Love.mp3
2012-06-18 02:19 - 2012-06-18 02:11 - 14835302 ____A C:\Users\Elliot\Downloads\The Spectrum Of Language (Miami Life Bootleg).mp3
2012-06-18 02:18 - 2012-06-18 02:12 - 06320882 ____A C:\Users\Elliot\Downloads\Zedd Feat. Matthew Koma – Spectrum (Radio Mix) (www.FlowElectro.net).mp3
2012-06-18 02:17 - 2012-06-18 02:12 - 14554202 ____A C:\Users\Elliot\Downloads\Zedd feat. Matthew Koma - Spectrum (Extended Mix) www.whitemusic.mx.mp3
2012-06-17 23:56 - 2012-06-17 23:53 - 12363576 ____A C:\Users\Elliot\Downloads\Slik_D_-_Dont_Know_What_To_Do_Right_Now.mp3
2012-06-16 02:05 - 2011-02-01 11:21 - 00000240 ____A C:\Users\Elliot\Documents\Manga.txt
2012-06-16 01:34 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
2012-06-15 23:23 - 2012-06-15 23:23 - 00000000 ____D C:\Users\Elliot\AppData\Local\Macromedia
2012-06-15 22:13 - 2012-04-26 00:02 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-15 22:13 - 2011-05-29 07:20 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-15 21:20 - 2011-05-05 07:25 - 00000000 ____D C:\Users\Elliot\Downloads\Games
2012-06-15 18:13 - 2011-06-16 16:10 - 00002807 ____A C:\Users\All Users\hpzinstall.log
2012-06-13 08:11 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2012-06-13 01:19 - 2009-07-13 20:33 - 00408408 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-12 23:20 - 2011-02-01 16:28 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-12 23:11 - 2011-02-01 18:31 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-02 11:10 - 2012-06-02 11:10 - 00000000 ____D C:\Users\Elliot\AppData\Local\Irrational Games
2012-05-29 22:11 - 2011-05-05 07:42 - 00000000 ____D C:\Users\Elliot\AppData\Roaming\DAEMON Tools Lite
2012-05-23 17:44 - 2011-08-14 18:25 - 00000000 ____D C:\Users\Elliot\AppData\Roaming\Spotify
2012-05-23 17:44 - 2011-08-14 18:25 - 00000000 ____D C:\Users\Elliot\AppData\Local\Spotify
2012-05-18 18:28 - 2011-05-05 07:43 - 00477240 ____A (Duplex Secure Ltd.) C:\Windows\System32\Drivers\sptd.sys
2012-05-18 18:27 - 2012-05-18 18:27 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2012-05-18 18:22 - 2011-02-01 13:17 - 00000000 ____D C:\Users\Elliot\AppData\Roaming\Apple Computer
2012-05-17 15:11 - 2012-06-12 23:02 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 14:48 - 2012-06-12 23:02 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 14:45 - 2012-06-12 23:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 14:36 - 2012-06-12 23:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 14:35 - 2012-06-12 23:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 14:35 - 2012-06-12 23:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 14:33 - 2012-06-12 23:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 14:31 - 2012-06-12 23:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 14:29 - 2012-06-12 23:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 14:29 - 2012-06-12 23:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 14:27 - 2012-06-12 23:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 14:25 - 2012-06-12 23:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 14:24 - 2012-06-12 23:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 14:20 - 2012-06-12 23:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-16 07:28 - 2011-04-05 11:08 - 00000000 ____D C:\Program Files\Safari
2012-05-16 07:27 - 2012-05-16 07:26 - 00000000 ____D C:\Program Files\iTunes
2012-05-16 07:26 - 2012-05-16 07:26 - 00000000 ____D C:\Program Files\iPod
2012-05-16 07:26 - 2011-02-01 13:12 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-05-16 07:24 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
2012-05-16 07:22 - 2011-02-01 13:13 - 00000000 ____D C:\Program Files\QuickTime
2012-05-15 17:43 - 2011-05-14 10:28 - 00000000 ____D C:\Program Files\Call of Duty
2012-05-15 17:15 - 2011-05-13 17:15 - 00000766 ____A C:\Windows\CoD.INI
2012-05-14 17:05 - 2012-06-12 23:01 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-12 08:08 - 2011-02-01 12:51 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2012-05-12 08:03 - 2011-02-01 17:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-12 08:03 - 2009-07-13 23:50 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-09 13:34 - 2012-04-26 00:34 - 04140192 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2012-05-03 20:47 - 2009-07-13 23:49 - 00000000 ___RD C:\Users\Public\Recorded TV
2012-05-03 13:12 - 2011-02-01 13:04 - 00000000 ____D C:\Users\Elliot\AppData\Local\Paint.NET
2012-05-02 20:51 - 2012-05-02 20:51 - 00000000 ____D C:\Users\All Users\Mozilla
2012-05-02 20:51 - 2012-05-02 20:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-05-02 07:45 - 2012-02-26 19:12 - 00000000 ____D C:\Users\Elliot\Documents\MATLAB
2012-04-30 20:44 - 2012-06-12 23:01 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-29 11:10 - 2012-04-29 07:35 - 00000000 ____D C:\Users\Elliot\AppData\Local\Unity
2012-04-29 10:56 - 2012-04-29 09:31 - 00000000 ____D C:\Users\Elliot\AppData\Local\SCE
2012-04-29 09:30 - 2012-04-29 09:30 - 00000000 ____D C:\Users\Public\Sony Online Entertainment
2012-04-29 09:30 - 2009-07-13 18:37 - 00000000 ___RD C:\users\Public
2012-04-29 07:36 - 2012-04-29 07:36 - 00000000 ____D C:\Users\Elliot\AppData\Roaming\Unity
2012-04-27 19:17 - 2012-06-12 23:03 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 16:08 - 2012-02-21 20:38 - 00000000 ____D C:\Users\Elliot\Documents\Spring 2012
2012-04-25 20:45 - 2012-06-12 23:01 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 20:45 - 2012-06-12 23:01 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 20:41 - 2012-06-12 23:01 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-22 03:31 - 2012-04-19 14:30 - 00000000 ___AD C:\Users\Elliot\Desktop\Fillers
2012-04-18 16:56 - 2012-04-18 16:56 - 00094208 ____A (Apple Inc.) C:\Windows\System32\QuickTimeVR.qtx
2012-04-18 16:56 - 2012-04-18 16:56 - 00069632 ____A (Apple Inc.) C:\Windows\System32\QuickTime.qts
2012-04-18 05:45 - 2012-04-18 05:43 - 00000000 ____D C:\Users\Elliot\AppData\Roaming\IObit
2012-04-18 05:43 - 2012-04-18 05:43 - 00000000 ____D C:\Users\All Users\IObit
2012-04-18 05:43 - 2012-04-18 05:43 - 00000000 ____D C:\Program Files\IObit
2012-04-18 05:41 - 2012-03-17 14:11 - 00000000 ____D C:\Program Files\Hero Editor
2012-04-18 05:40 - 2011-02-01 12:39 - 00000000 ____D C:\Program Files\Audacity 1.3 Beta (Unicode)
2012-04-18 05:38 - 2012-04-18 05:37 - 00000000 ____D C:\Program Files\Audacity
2012-04-17 20:05 - 2011-02-01 13:17 - 00000000 ____D C:\Users\Elliot\AppData\Local\Apple Computer
2012-04-13 07:35 - 2011-06-29 06:26 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-04-12 13:09 - 2009-07-13 18:04 - 00000513 ____A C:\Windows\win.ini
2012-04-12 13:03 - 2012-04-12 13:03 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-04-12 13:03 - 2012-04-12 13:03 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-04-07 03:26 - 2012-06-12 23:02 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-04 11:56 - 2012-06-21 00:45 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-30 20:39 - 2012-05-11 10:13 - 03968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-11 10:13 - 03913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 02:23 - 2012-05-11 10:13 - 01291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-27 20:03 - 2012-01-26 16:40 - 00000000 ____D C:\Program Files\EA GAMES
2012-03-26 22:19 - 2012-03-26 22:19 - 00000000 ____D C:\Users\Elliot\AppData\Local\DDMSettings
2012-03-26 22:17 - 2012-03-26 22:15 - 00000000 ____D C:\Program Files\DivX
2012-03-26 22:17 - 2011-04-26 21:33 - 00000000 ____D C:\Users\All Users\DivX
2012-03-26 22:16 - 2012-03-26 22:16 - 00000000 ____D C:\Users\Elliot\AppData\Roaming\DivX
2012-03-26 22:16 - 2012-03-26 22:16 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine
2012-03-26 22:16 - 2012-03-26 22:16 - 00000000 ____D C:\Program Files\Common Files\DivX Shared


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 4086.41 MB
Available physical RAM: 3579.59 MB
Total Pagefile: 4084.69 MB
Available Pagefile: 3588.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.7 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:117.8 GB) NTFS
3 Drive f: (TRAVELDRIVE) (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 246 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 465 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 465 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 245 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F TRAVELDRIVE FAT Removable 245 MB Healthy

======================================================================================================
==========================================================
TDL4: custom:26000022 <===== ATTENTION!


==========================================================

Last Boot: 2012-06-18 21:49

======================= End Of Log ==========================

Any ideas?

Thank you for your time.

Edited by elliotjung, 21 June 2012 - 09:10 PM.

  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
:welcome:

Download the enclosed file.

Save it next to FRST in the USB drive.

Run FRST as you did before. This time click on the Fix button and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Restart in Normal mode.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
  • 0

#3
elliotjung

elliotjung

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here's the fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-06-2012
Ran by SYSTEM at 2012-06-22 14:04:03 Run:1
Running from F:\

==============================================


The operation completed successfully.
The operation completed successfully.

==== End of Fixlog ====


I couldn't get my computer to start in normal mode. Should I still try to run ComboFix?
  • 0

#4
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
No. Unless you are able to boot in Safe Mode, Combofix wont work in FRST.

If unable to boot in Safe mode, lets check the Master Boot Record:

Download MBRFix from here.

Save and extract its contents to the working computer's desktop. There are three files in the MBRFix folder. From these, only copy the MBRFix.exe to the USB drive next to FRST.

Also download the enclosed file and save it in the USB drive next to FRST.

Insert the USB drive into the ailing computer.

Now please enter System Recovery Options and run FRST64 as you did before, except that this time around, press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt). It will also create a file labeled MBRDUMP.txt. Copy and Paste the contents of the Fixlog.txt in your next reply, but attach the MBRDUMP.txt as it is a hex file.
  • 0

#5
elliotjung

elliotjung

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Oh, safe mode boots and works just fine. I just can't boot my system normally (which I thought you wanted me to do). Should I use Safe Mode or Safe Mode with Networking?

Or am I completely misinterpreting your reply and run the MBRFix?

Edited by elliotjung, 22 June 2012 - 01:59 PM.

  • 0

#6
elliotjung

elliotjung

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Oh, safe mode boots and works just fine. I just can't boot my system normally (which I thought you wanted me to do). Should I use Safe Mode or Safe Mode with Networking?

Or am I completely misinterpreting your reply and run the MBRFix?

Edited by elliotjung, 22 June 2012 - 01:57 PM.

  • 0

#7
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Boot in Safe Mode.

Open an Administrator's command prompt (Click on the Start button, type CMD, right click on the CMD.exe on top of the Start Menu and select "Run as an administrator".

At the command prompt copy and paste the following command and press Enter:

bcdedit /enum all /v >"%Userprofile%\Desktop\Report.txt"

Type Exit and press Enter to return to Windows. A Report.txt file should have been created on your desktop. Please copy and paste its contents in a reply.

Download and run Combofix as suggested above and post its report.
  • 0

#8
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
In addition, right click on the C:\Windows\Minidump folder and select "Send to", select "Compressed, zipped folder". That should create a Minidump.zip folder within the Windows folder.

Please attach this zipped folder to your reply.
  • 0

#9
elliotjung

elliotjung

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Report.txt:

Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {5b799f62-2e47-11e0-8fb1-ab6c0d8edc3a}
resumeobject {5b799f61-2e47-11e0-8fb1-ab6c0d8edc3a}
displayorder {5b799f62-2e47-11e0-8fb1-ab6c0d8edc3a}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30

Windows Boot Loader
-------------------
identifier {5b799f62-2e47-11e0-8fb1-ab6c0d8edc3a}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {5b799f63-2e47-11e0-8fb1-ab6c0d8edc3a}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {5b799f61-2e47-11e0-8fb1-ab6c0d8edc3a}
nx OptIn
bootlog No

Windows Boot Loader
-------------------
identifier {5b799f63-2e47-11e0-8fb1-ab6c0d8edc3a}
device ramdisk=[C:]\Recovery\5b799f63-2e47-11e0-8fb1-ab6c0d8edc3a\Winre.wim,{5b799f64-2e47-11e0-8fb1-ab6c0d8edc3a}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[C:]\Recovery\5b799f63-2e47-11e0-8fb1-ab6c0d8edc3a\Winre.wim,{5b799f64-2e47-11e0-8fb1-ab6c0d8edc3a}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Resume from Hibernate
---------------------
identifier {5b799f61-2e47-11e0-8fb1-ab6c0d8edc3a}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Device options
--------------
identifier {5b799f64-2e47-11e0-8fb1-ab6c0d8edc3a}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\5b799f63-2e47-11e0-8fb1-ab6c0d8edc3a\boot.sdi


I have the ComboFix log but a couple things happened when I ran the program.

1. It warned me that my Anti-Virus: McAffee VirusScan Enterprise and my Anti-Malware: McAffee VirusScan Enterprise Anti-Malware Module were still one. However, I disabled/uninstalled these a long time ago. The only sticking point is that I have been unable to remove it from the programs list because it always says it's still running. I've removed its files from Program Files and stopped in Services but I still couldn't get rid of it and, therefore, didn't worry about it. I'm not sure if it affected the scan, but it might have.

2. I ran ComboFix twice, and during the first run, my computer crashed in the typical manner (blue screen). However, it ran seamlessly the second time (despite the McAffee issue).


ComboFix 12-06-21.03 - Elliot 06/22/2012 21:38:52.2.2 - x86 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3062.2644 [GMT -4:00]
Running from: c:\users\Elliot\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
/wow section - STAGE 3
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Elliot\AppData\Local\{2DCFB58F-97C6-41B4-9336-E3031527C629}
c:\users\Elliot\AppData\Local\{2DCFB58F-97C6-41B4-9336-E3031527C629}\chrome.manifest
c:\users\Elliot\AppData\Local\{2DCFB58F-97C6-41B4-9336-E3031527C629}\chrome\content\_cfg.js
c:\users\Elliot\AppData\Local\{2DCFB58F-97C6-41B4-9336-E3031527C629}\chrome\content\overlay.xul
c:\users\Elliot\AppData\Local\{2DCFB58F-97C6-41B4-9336-E3031527C629}\install.rdf
c:\users\Elliot\AppData\Local\qhp.exe
c:\users\Elliot\AppData\Local\vmw.exe
c:\users\Elliot\AppData\Roaming\Adobe\plugs
c:\users\Elliot\AppData\Roaming\Adobe\shed
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 01:49 . 2012-06-23 01:49 -------- d-----w- c:\users\Elliot\AppData\Local\temp
2012-06-23 01:49 . 2012-06-23 01:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-22 06:46 . 2012-06-22 06:47 -------- d-----w- C:\FRST
2012-06-21 20:54 . 2012-06-21 20:54 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-21 09:39 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-06-21 09:39 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-06-21 09:39 . 2012-03-06 23:02 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-06-21 09:39 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-06-21 09:39 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-21 09:39 . 2012-03-06 23:01 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-06-21 09:38 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-06-21 09:38 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-21 08:46 . 2012-06-21 09:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-21 08:45 . 2012-06-21 08:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-21 08:45 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-16 07:23 . 2012-06-16 07:23 -------- d-----w- c:\users\Elliot\AppData\Local\Macromedia
2012-06-13 07:03 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 07:01 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 07:01 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 07:01 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 07:01 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 07:01 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-02 19:10 . 2012-06-02 19:10 -------- d-----w- c:\users\Elliot\AppData\Local\Irrational Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-16 06:13 . 2012-04-26 08:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-16 06:13 . 2011-05-29 15:20 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-19 02:28 . 2011-05-05 15:43 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-05-09 21:34 . 2012-04-26 08:34 4140192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-03-31 04:39 . 2012-05-11 18:13 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-11 18:13 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-11 18:13 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-03 04:51 . 2011-05-06 01:09 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-03 175400]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-03 15:16 175400 ----a-w- c:\program files\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-03 175400]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-03 175400]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Spotify Web Helper"="c:\users\Elliot\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-24 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Plugin Install"="c:\program files\QuickTime\Plugins\DeleteMe1.exe" [2011-08-23 86016]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2009-07-14 01:14 8704 ----a-w- c:\windows\System32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-04-17 15:19 3671872 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2009-11-18 20:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Download Assistant]
2010-11-04 02:50 1246544 ----a-w- c:\windows\System32\LogiLDA.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-04-04 19:56 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 257224]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-06-21 40776]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-03 129976]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-02 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 06:13]
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950457622-4220880081-2362249784-1000Core.job
- c:\users\Elliot\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-24 04:31]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950457622-4220880081-2362249784-1000UA.job
- c:\users\Elliot\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-24 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=14196&l=dis
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
FF - ProfilePath - c:\users\Elliot\AppData\Roaming\Mozilla\Firefox\Profiles\gr7gzygh.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
MSConfigStartUp-Bing Bar - c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
MSConfigStartUp-Boingo Wi-Fi - c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk
MSConfigStartUp-F - c:\users\Elliot\Local Settings\Apps\F.lux\flux.exe
MSConfigStartUp-McAfeeUpdaterUI - c:\program files\McAfee\Common Framework\udaterui.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-22 21:53:56
ComboFix-quarantined-files.txt 2012-06-23 01:53
.
Pre-Run: 126,117,498,880 bytes free
Post-Run: 126,030,589,952 bytes free
.
- - End Of File - - 061486FEFE4D0AE626F02EFA8FDBCA9B

Minidump.zip is attached.

Attached Files


  • 0

#10
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Lets continue.

Download the enclosed file.

Save it next to Combofix.

Posted Image

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

Download aswMBR ( 4.5 mb ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • If you can have an open Internet connection, allow it to download the latest Avast engine detections.
  • If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

In addition, aswMBR will produce a copy of the boot sector, MBR.dat, on your desktop. Upload that file here.
  • 0

Advertisements


#11
elliotjung

elliotjung

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
ComboFix.txt

ComboFix 12-06-21.03 - Elliot 06/23/2012 2:29.4.2 - x86 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3062.2092 [GMT -4:00]
Running from: c:\users\Elliot\Desktop\ComboFix.exe
Command switches used :: c:\users\Elliot\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 06:40 . 2012-06-23 06:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-23 01:53 . 2012-06-23 06:40 -------- d-----w- c:\users\Elliot\AppData\Local\temp
2012-06-22 06:46 . 2012-06-22 06:47 -------- d-----w- C:\FRST
2012-06-21 20:54 . 2012-06-21 20:54 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-21 09:39 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-06-21 09:39 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-06-21 09:39 . 2012-03-06 23:02 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-06-21 09:39 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-06-21 09:39 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-21 09:39 . 2012-03-06 23:01 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-06-21 09:38 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-06-21 09:38 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-21 08:46 . 2012-06-21 09:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-21 08:45 . 2012-06-21 08:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-21 08:45 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-16 07:23 . 2012-06-16 07:23 -------- d-----w- c:\users\Elliot\AppData\Local\Macromedia
2012-06-13 07:03 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 07:01 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 07:01 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 07:01 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 07:01 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 07:01 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-02 19:10 . 2012-06-02 19:10 -------- d-----w- c:\users\Elliot\AppData\Local\Irrational Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-16 06:13 . 2012-04-26 08:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-16 06:13 . 2011-05-29 15:20 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-19 02:28 . 2011-05-05 15:43 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-05-09 21:34 . 2012-04-26 08:34 4140192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-03-31 04:39 . 2012-05-11 18:13 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-11 18:13 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-11 18:13 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-03 04:51 . 2011-05-06 01:09 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-03 175400]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-03 15:16 175400 ----a-w- c:\program files\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-03 175400]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-03 175400]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Spotify Web Helper"="c:\users\Elliot\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-24 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Plugin Install"="c:\program files\QuickTime\Plugins\DeleteMe1.exe" [2011-08-23 86016]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2009-07-14 01:14 8704 ----a-w- c:\windows\System32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-04-17 15:19 3671872 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2009-11-18 20:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Download Assistant]
2010-11-04 02:50 1246544 ----a-w- c:\windows\System32\LogiLDA.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-04-04 19:56 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 257224]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-06-21 40776]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-03 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-02 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 06:13]
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950457622-4220880081-2362249784-1000Core.job
- c:\users\Elliot\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-24 04:31]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950457622-4220880081-2362249784-1000UA.job
- c:\users\Elliot\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-24 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=14196&l=dis
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Elliot\AppData\Roaming\Mozilla\Firefox\Profiles\gr7gzygh.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-23 02:43:14
ComboFix-quarantined-files.txt 2012-06-23 06:43
ComboFix2.txt 2012-06-23 01:53
.
Pre-Run: 125,738,749,952 bytes free
Post-Run: 125,684,727,808 bytes free
.
- - End Of File - - 8AA88D94E82CF216127779AD34BAFAEB

I tried to update my avast! definitions but they would not update so I just ran aswMBR as it was.

aswMBR.txt

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-23 02:49:36
-----------------------------
02:49:36.027 OS Version: Windows 6.1.7601 Service Pack 1
02:49:36.027 Number of processors: 2 586 0xF0D
02:49:36.043 ComputerName: ELLIOT-PC UserName: Elliot
02:49:55.277 Initialize success
02:49:56.525 AVAST engine defs: 12030600
02:53:07.268 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
02:53:07.268 Disk 0 Vendor: WDC_WD5000BEVT-00A0RT0 01.01A01 Size: 476940MB BusType: 11
02:53:07.315 Disk 0 MBR read successfully
02:53:07.330 Disk 0 MBR scan
02:53:07.923 Disk 0 Windows 7 default MBR code
02:53:07.939 Disk 0 MBR hidden
02:53:07.970 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
02:53:08.734 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
02:53:08.781 Disk 0 scanning sectors +976771072
02:53:09.296 Disk 0 scanning C:\Windows\system32\drivers
02:53:33.585 Service scanning
02:55:10.368 Modules scanning
02:56:04.438 Disk 0 trace - called modules:
02:56:04.469 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85be84b1]<<
02:56:04.469 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8575e030]
02:56:04.469 3 CLASSPNP.SYS[8ace859e] -> nt!IofCallDriver -> [0x85c579b0]
02:56:04.484 \Driver\atapi[0x84937030] -> IRP_MJ_CREATE -> 0x85be84b1
02:56:08.244 AVAST engine scan C:\Windows
02:56:12.440 AVAST engine scan C:\Windows\system32
02:59:58.734 AVAST engine scan C:\Windows\system32\drivers
03:00:15.801 AVAST engine scan C:\Users\Elliot
03:20:33.267 AVAST engine scan C:\ProgramData
03:22:06.681 Scan finished successfully
03:23:20.688 Disk 0 MBR has been saved successfully to "C:\Users\Elliot\Desktop\MBR.dat"
03:23:20.704 The log file has been saved successfully to "C:\Users\Elliot\Desktop\aswMBR.txt"
  • 0

#12
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Still unable to boot in Normal mode?

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#13
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
An analysis of the MBR submitted shows a suspicious partition. Lets take a look at it.

For x86 (x32) bit systems please download Listparts
For x64 bit systems please download Listparts64
and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\ListParts.exe (for x64 bit version type e:\ListParts64.exe) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Put check mark on List BCD.
  • Press Scan button.
  • It will make a log (Result.txt) in the flash drive. Please copy and paste it to your reply.

  • 0

#14
elliotjung

elliotjung

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Normal mode seems to be booting just fine now.

TDSSKiller log
11:52:45.0724 3584 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
11:52:46.0194 3584 ============================================================
11:52:46.0194 3584 Current date / time: 2012/06/23 11:52:46.0194
11:52:46.0194 3584 SystemInfo:
11:52:46.0194 3584
11:52:46.0194 3584 OS Version: 6.1.7601 ServicePack: 1.0
11:52:46.0194 3584 Product type: Workstation
11:52:46.0194 3584 ComputerName: ELLIOT-PC
11:52:46.0194 3584 UserName: Elliot
11:52:46.0194 3584 Windows directory: C:\Windows
11:52:46.0194 3584 System windows directory: C:\Windows
11:52:46.0194 3584 Processor architecture: Intel x86
11:52:46.0194 3584 Number of processors: 2
11:52:46.0194 3584 Page size: 0x1000
11:52:46.0194 3584 Boot type: Safe boot with network
11:52:46.0194 3584 ============================================================
11:52:47.0364 3584 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:52:47.0374 3584 Drive \Device\Harddisk1\DR1 - Size: 0xF600000 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x1F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:52:47.0374 3584 ============================================================
11:52:47.0374 3584 \Device\Harddisk0\DR0:
11:52:47.0374 3584 MBR partitions:
11:52:47.0374 3584 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:52:47.0374 3584 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
11:52:47.0374 3584 \Device\Harddisk1\DR1:
11:52:47.0374 3584 MBR partitions:
11:52:47.0374 3584 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x7AFE0
11:52:47.0374 3584 ============================================================
11:52:47.0404 3584 C: <-> \Device\Harddisk0\DR0\Partition1
11:52:47.0404 3584 ============================================================
11:52:47.0404 3584 Initialize success
11:52:47.0404 3584 ============================================================
11:54:02.0114 3720 ============================================================
11:54:02.0114 3720 Scan started
11:54:02.0114 3720 Mode: Manual; SigCheck; TDLFS;
11:54:02.0114 3720 ============================================================
11:54:03.0584 3720 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
11:54:03.0634 3720 !SASCORE - ok
11:54:03.0804 3720 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
11:54:03.0914 3720 1394ohci - ok
11:54:03.0974 3720 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
11:54:03.0994 3720 ACPI - ok
11:54:04.0044 3720 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
11:54:04.0104 3720 AcpiPmi - ok
11:54:04.0244 3720 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:54:04.0254 3720 AdobeARMservice - ok
11:54:04.0364 3720 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:54:04.0384 3720 AdobeFlashPlayerUpdateSvc - ok
11:54:04.0454 3720 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
11:54:04.0484 3720 adp94xx - ok
11:54:04.0524 3720 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
11:54:04.0544 3720 adpahci - ok
11:54:04.0564 3720 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
11:54:04.0584 3720 adpu320 - ok
11:54:04.0624 3720 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
11:54:04.0674 3720 AeLookupSvc - ok
11:54:04.0774 3720 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
11:54:04.0854 3720 AFD - ok
11:54:04.0924 3720 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
11:54:04.0944 3720 agp440 - ok
11:54:05.0014 3720 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
11:54:05.0034 3720 aic78xx - ok
11:54:05.0094 3720 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
11:54:05.0134 3720 ALG - ok
11:54:05.0194 3720 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
11:54:05.0204 3720 aliide - ok
11:54:05.0234 3720 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
11:54:05.0244 3720 amdagp - ok
11:54:05.0264 3720 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
11:54:05.0274 3720 amdide - ok
11:54:05.0324 3720 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
11:54:05.0384 3720 AmdK8 - ok
11:54:05.0404 3720 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
11:54:05.0454 3720 AmdPPM - ok
11:54:05.0544 3720 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
11:54:05.0564 3720 amdsata - ok
11:54:05.0604 3720 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
11:54:05.0624 3720 amdsbs - ok
11:54:05.0744 3720 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
11:54:05.0764 3720 amdxata - ok
11:54:05.0844 3720 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
11:54:05.0964 3720 AppID - ok
11:54:05.0994 3720 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
11:54:06.0044 3720 AppIDSvc - ok
11:54:06.0084 3720 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
11:54:06.0124 3720 Appinfo - ok
11:54:06.0214 3720 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:54:06.0224 3720 Apple Mobile Device - ok
11:54:06.0274 3720 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
11:54:06.0304 3720 AppMgmt - ok
11:54:06.0354 3720 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
11:54:06.0364 3720 arc - ok
11:54:06.0394 3720 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
11:54:06.0404 3720 arcsas - ok
11:54:06.0554 3720 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:54:06.0654 3720 aspnet_state - ok
11:54:06.0704 3720 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys
11:54:06.0724 3720 aswFsBlk - ok
11:54:06.0804 3720 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
11:54:06.0814 3720 aswMonFlt - ok
11:54:06.0874 3720 aswRdr (225013c16fe096714d71649ad7a20e8b) C:\Windows\System32\Drivers\aswrdr2.sys
11:54:06.0884 3720 aswRdr - ok
11:54:06.0974 3720 aswSnx (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys
11:54:07.0004 3720 aswSnx - ok
11:54:07.0084 3720 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys
11:54:07.0104 3720 aswSP - ok
11:54:07.0144 3720 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys
11:54:07.0154 3720 aswTdi - ok
11:54:07.0204 3720 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
11:54:07.0294 3720 AsyncMac - ok
11:54:07.0334 3720 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
11:54:07.0344 3720 atapi - ok
11:54:07.0414 3720 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
11:54:07.0454 3720 AudioEndpointBuilder - ok
11:54:07.0454 3720 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
11:54:07.0494 3720 Audiosrv - ok
11:54:07.0614 3720 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:54:07.0634 3720 avast! Antivirus - ok
11:54:07.0694 3720 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
11:54:07.0744 3720 AxInstSV - ok
11:54:07.0814 3720 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
11:54:07.0854 3720 b06bdrv - ok
11:54:07.0904 3720 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
11:54:07.0954 3720 b57nd60x - ok
11:54:08.0024 3720 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
11:54:08.0064 3720 BDESVC - ok
11:54:08.0094 3720 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
11:54:08.0134 3720 Beep - ok
11:54:08.0244 3720 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
11:54:08.0294 3720 BFE - ok
11:54:08.0364 3720 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
11:54:08.0534 3720 BITS - ok
11:54:08.0564 3720 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
11:54:08.0584 3720 blbdrive - ok
11:54:08.0714 3720 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
11:54:08.0734 3720 Bonjour Service - ok
11:54:08.0784 3720 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
11:54:08.0814 3720 bowser - ok
11:54:08.0834 3720 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:54:08.0924 3720 BrFiltLo - ok
11:54:08.0944 3720 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:54:09.0004 3720 BrFiltUp - ok
11:54:09.0044 3720 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
11:54:09.0084 3720 BridgeMP - ok
11:54:09.0144 3720 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
11:54:09.0194 3720 Browser - ok
11:54:09.0244 3720 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
11:54:09.0264 3720 Brserid - ok
11:54:09.0284 3720 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
11:54:09.0324 3720 BrSerWdm - ok
11:54:09.0344 3720 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:54:09.0384 3720 BrUsbMdm - ok
11:54:09.0394 3720 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
11:54:09.0444 3720 BrUsbSer - ok
11:54:09.0464 3720 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
11:54:09.0504 3720 BTHMODEM - ok
11:54:09.0544 3720 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
11:54:09.0584 3720 bthserv - ok
11:54:09.0664 3720 catchme - ok
11:54:09.0694 3720 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
11:54:09.0744 3720 cdfs - ok
11:54:09.0814 3720 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
11:54:09.0834 3720 cdrom - ok
11:54:09.0894 3720 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
11:54:09.0934 3720 CertPropSvc - ok
11:54:10.0004 3720 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
11:54:10.0044 3720 circlass - ok
11:54:10.0074 3720 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
11:54:10.0104 3720 CLFS - ok
11:54:10.0184 3720 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:54:10.0194 3720 clr_optimization_v2.0.50727_32 - ok
11:54:10.0294 3720 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:54:10.0444 3720 clr_optimization_v4.0.30319_32 - ok
11:54:10.0464 3720 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
11:54:10.0484 3720 CmBatt - ok
11:54:10.0524 3720 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
11:54:10.0544 3720 cmdide - ok
11:54:10.0604 3720 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
11:54:10.0644 3720 CNG - ok
11:54:10.0674 3720 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
11:54:10.0694 3720 Compbatt - ok
11:54:10.0754 3720 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
11:54:10.0784 3720 CompositeBus - ok
11:54:10.0814 3720 COMSysApp - ok
11:54:10.0864 3720 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
11:54:10.0874 3720 crcdisk - ok
11:54:10.0944 3720 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
11:54:10.0984 3720 CryptSvc - ok
11:54:11.0044 3720 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
11:54:11.0094 3720 CSC - ok
11:54:11.0164 3720 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
11:54:11.0204 3720 CscService - ok
11:54:11.0244 3720 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
11:54:11.0294 3720 DcomLaunch - ok
11:54:11.0344 3720 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
11:54:11.0404 3720 defragsvc - ok
11:54:11.0494 3720 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
11:54:11.0544 3720 DfsC - ok
11:54:11.0654 3720 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
11:54:11.0704 3720 Dhcp - ok
11:54:11.0724 3720 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
11:54:11.0774 3720 discache - ok
11:54:11.0804 3720 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
11:54:11.0824 3720 Disk - ok
11:54:11.0854 3720 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
11:54:11.0884 3720 Dnscache - ok
11:54:11.0944 3720 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
11:54:12.0004 3720 dot3svc - ok
11:54:12.0054 3720 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
11:54:12.0104 3720 DPS - ok
11:54:12.0134 3720 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
11:54:12.0174 3720 drmkaud - ok
11:54:12.0254 3720 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
11:54:12.0294 3720 DXGKrnl - ok
11:54:12.0334 3720 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
11:54:12.0384 3720 EapHost - ok
11:54:12.0594 3720 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
11:54:12.0714 3720 ebdrv - ok
11:54:12.0824 3720 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
11:54:12.0854 3720 EFS - ok
11:54:12.0954 3720 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
11:54:12.0984 3720 ehRecvr - ok
11:54:13.0014 3720 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
11:54:13.0054 3720 ehSched - ok
11:54:13.0184 3720 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
11:54:13.0214 3720 elxstor - ok
11:54:13.0254 3720 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
11:54:13.0284 3720 ErrDev - ok
11:54:13.0344 3720 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
11:54:13.0394 3720 EventSystem - ok
11:54:13.0424 3720 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
11:54:13.0454 3720 exfat - ok
11:54:13.0494 3720 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
11:54:13.0534 3720 fastfat - ok
11:54:13.0614 3720 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
11:54:13.0654 3720 Fax - ok
11:54:13.0674 3720 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
11:54:13.0694 3720 fdc - ok
11:54:13.0714 3720 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
11:54:13.0764 3720 fdPHost - ok
11:54:13.0794 3720 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
11:54:13.0834 3720 FDResPub - ok
11:54:13.0894 3720 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
11:54:13.0904 3720 FileInfo - ok
11:54:13.0914 3720 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
11:54:13.0944 3720 Filetrace - ok
11:54:13.0964 3720 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
11:54:13.0994 3720 flpydisk - ok
11:54:14.0034 3720 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
11:54:14.0054 3720 FltMgr - ok
11:54:14.0134 3720 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
11:54:14.0184 3720 FontCache - ok
11:54:14.0264 3720 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:54:14.0274 3720 FontCache3.0.0.0 - ok
11:54:14.0304 3720 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
11:54:14.0314 3720 FsDepends - ok
11:54:14.0354 3720 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
11:54:14.0364 3720 fssfltr - ok
11:54:14.0584 3720 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
11:54:14.0654 3720 fsssvc - ok
11:54:14.0794 3720 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
11:54:14.0804 3720 Fs_Rec - ok
11:54:14.0874 3720 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
11:54:14.0894 3720 fvevol - ok
11:54:14.0944 3720 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:54:14.0964 3720 gagp30kx - ok
11:54:14.0994 3720 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:54:15.0004 3720 GEARAspiWDM - ok
11:54:15.0074 3720 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
11:54:15.0144 3720 gpsvc - ok
11:54:15.0174 3720 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
11:54:15.0204 3720 hcw85cir - ok
11:54:15.0284 3720 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
11:54:15.0324 3720 HdAudAddService - ok
11:54:15.0364 3720 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
11:54:15.0394 3720 HDAudBus - ok
11:54:15.0434 3720 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
11:54:15.0444 3720 HidBatt - ok
11:54:15.0474 3720 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
11:54:15.0504 3720 HidBth - ok
11:54:15.0554 3720 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
11:54:15.0614 3720 HidIr - ok
11:54:15.0654 3720 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
11:54:15.0684 3720 hidserv - ok
11:54:15.0744 3720 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
11:54:15.0784 3720 HidUsb - ok
11:54:15.0824 3720 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
11:54:15.0874 3720 hkmsvc - ok
11:54:15.0934 3720 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
11:54:15.0974 3720 HomeGroupListener - ok
11:54:16.0024 3720 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
11:54:16.0064 3720 HomeGroupProvider - ok
11:54:16.0274 3720 hpqcxs08 (97aac45a375168c6a2297beeb9692e31) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
11:54:16.0304 3720 hpqcxs08 - ok
11:54:16.0364 3720 hpqddsvc (19a4fb67b1c97ea18edff44340973cd9) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
11:54:16.0374 3720 hpqddsvc - ok
11:54:16.0414 3720 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
11:54:16.0454 3720 HpqRemHid - ok
11:54:16.0514 3720 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
11:54:16.0524 3720 HpSAMD - ok
11:54:16.0634 3720 HPSLPSVC (56fc98f1014ea8dc51b92839c32759ec) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
11:54:16.0684 3720 HPSLPSVC - ok
11:54:16.0764 3720 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
11:54:16.0804 3720 HTTP - ok
11:54:16.0814 3720 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
11:54:16.0824 3720 hwpolicy - ok
11:54:16.0884 3720 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
11:54:16.0924 3720 i8042prt - ok
11:54:17.0004 3720 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
11:54:17.0034 3720 iaStorV - ok
11:54:17.0184 3720 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:54:17.0224 3720 idsvc - ok
11:54:17.0474 3720 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
11:54:17.0654 3720 igfx - ok
11:54:17.0774 3720 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
11:54:17.0794 3720 iirsp - ok
11:54:17.0884 3720 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
11:54:17.0944 3720 IKEEXT - ok
11:54:18.0114 3720 IntcAzAudAddService (edc37b918e583a5a813c53d4f5588255) C:\Windows\system32\drivers\RTKVHDA.sys
11:54:18.0194 3720 IntcAzAudAddService - ok
11:54:18.0334 3720 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
11:54:18.0344 3720 intelide - ok
11:54:18.0384 3720 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
11:54:18.0394 3720 intelppm - ok
11:54:18.0434 3720 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
11:54:18.0484 3720 IPBusEnum - ok
11:54:18.0504 3720 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:54:18.0554 3720 IpFilterDriver - ok
11:54:18.0634 3720 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
11:54:18.0694 3720 iphlpsvc - ok
11:54:18.0744 3720 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
11:54:18.0774 3720 IPMIDRV - ok
11:54:18.0804 3720 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
11:54:18.0834 3720 IPNAT - ok
11:54:18.0954 3720 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
11:54:19.0004 3720 iPod Service - ok
11:54:19.0034 3720 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
11:54:19.0094 3720 IRENUM - ok
11:54:19.0144 3720 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
11:54:19.0154 3720 isapnp - ok
11:54:19.0224 3720 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
11:54:19.0244 3720 iScsiPrt - ok
11:54:19.0294 3720 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:54:19.0314 3720 kbdclass - ok
11:54:19.0364 3720 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
11:54:19.0394 3720 kbdhid - ok
11:54:19.0424 3720 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:54:19.0444 3720 KeyIso - ok
11:54:19.0454 3720 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
11:54:19.0474 3720 KSecDD - ok
11:54:19.0494 3720 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
11:54:19.0504 3720 KSecPkg - ok
11:54:19.0614 3720 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
11:54:19.0674 3720 KtmRm - ok
11:54:19.0744 3720 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
11:54:19.0784 3720 LanmanServer - ok
11:54:19.0824 3720 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
11:54:19.0914 3720 LanmanWorkstation - ok
11:54:19.0974 3720 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
11:54:20.0014 3720 lltdio - ok
11:54:20.0064 3720 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
11:54:20.0144 3720 lltdsvc - ok
11:54:20.0174 3720 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
11:54:20.0214 3720 lmhosts - ok
11:54:20.0254 3720 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:54:20.0274 3720 LSI_FC - ok
11:54:20.0314 3720 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:54:20.0324 3720 LSI_SAS - ok
11:54:20.0344 3720 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:54:20.0354 3720 LSI_SAS2 - ok
11:54:20.0364 3720 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:54:20.0384 3720 LSI_SCSI - ok
11:54:20.0404 3720 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
11:54:20.0454 3720 luafv - ok
11:54:20.0534 3720 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
11:54:20.0544 3720 MBAMSwissArmy - ok
11:54:20.0604 3720 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
11:54:20.0634 3720 Mcx2Svc - ok
11:54:20.0664 3720 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
11:54:20.0674 3720 megasas - ok
11:54:20.0724 3720 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
11:54:20.0744 3720 MegaSR - ok
11:54:20.0814 3720 Microsoft SharePoint Workspace Audit Service - ok
11:54:20.0844 3720 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
11:54:20.0884 3720 MMCSS - ok
11:54:20.0904 3720 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
11:54:20.0964 3720 Modem - ok
11:54:21.0024 3720 MODEMCSA (25483f9d590d5f00bd951e1181453ec2) C:\Windows\system32\drivers\MODEMCSA.sys
11:54:21.0054 3720 MODEMCSA - ok
11:54:21.0094 3720 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
11:54:21.0114 3720 monitor - ok
11:54:21.0174 3720 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
11:54:21.0184 3720 mouclass - ok
11:54:21.0204 3720 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
11:54:21.0234 3720 mouhid - ok
11:54:21.0264 3720 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
11:54:21.0284 3720 mountmgr - ok
11:54:21.0364 3720 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:54:21.0384 3720 MozillaMaintenance - ok
11:54:21.0424 3720 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
11:54:21.0434 3720 mpio - ok
11:54:21.0474 3720 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
11:54:21.0504 3720 mpsdrv - ok
11:54:21.0574 3720 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
11:54:21.0634 3720 MpsSvc - ok
11:54:21.0684 3720 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
11:54:21.0714 3720 MRxDAV - ok
11:54:21.0774 3720 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:54:21.0824 3720 mrxsmb - ok
11:54:21.0884 3720 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:54:21.0904 3720 mrxsmb10 - ok
11:54:21.0914 3720 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:54:21.0944 3720 mrxsmb20 - ok
11:54:21.0994 3720 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
11:54:22.0014 3720 msahci - ok
11:54:22.0064 3720 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
11:54:22.0074 3720 msdsm - ok
11:54:22.0114 3720 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
11:54:22.0134 3720 MSDTC - ok
11:54:22.0174 3720 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
11:54:22.0204 3720 Msfs - ok
11:54:22.0224 3720 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
11:54:22.0264 3720 mshidkmdf - ok
11:54:22.0304 3720 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
11:54:22.0314 3720 msisadrv - ok
11:54:22.0354 3720 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
11:54:22.0394 3720 MSiSCSI - ok
11:54:22.0404 3720 msiserver - ok
11:54:22.0444 3720 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
11:54:22.0494 3720 MSKSSRV - ok
11:54:22.0504 3720 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
11:54:22.0544 3720 MSPCLOCK - ok
11:54:22.0564 3720 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
11:54:22.0614 3720 MSPQM - ok
11:54:22.0634 3720 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
11:54:22.0644 3720 MsRPC - ok
11:54:22.0684 3720 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
11:54:22.0704 3720 mssmbios - ok
11:54:22.0734 3720 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
11:54:22.0764 3720 MSTEE - ok
11:54:22.0784 3720 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
11:54:22.0804 3720 MTConfig - ok
11:54:22.0814 3720 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
11:54:22.0834 3720 Mup - ok
11:54:22.0894 3720 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
11:54:22.0944 3720 napagent - ok
11:54:23.0014 3720 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
11:54:23.0034 3720 NativeWifiP - ok
11:54:23.0124 3720 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
11:54:23.0154 3720 NDIS - ok
11:54:23.0184 3720 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
11:54:23.0214 3720 NdisCap - ok
11:54:23.0244 3720 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
11:54:23.0274 3720 NdisTapi - ok
11:54:23.0334 3720 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
11:54:23.0384 3720 Ndisuio - ok
11:54:23.0424 3720 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
11:54:23.0454 3720 NdisWan - ok
11:54:23.0494 3720 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
11:54:23.0514 3720 NDProxy - ok
11:54:23.0604 3720 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\Windows\system32\HPZinw12.dll
11:54:23.0614 3720 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:54:23.0614 3720 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:54:23.0634 3720 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
11:54:23.0674 3720 NetBIOS - ok
11:54:23.0734 3720 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
11:54:23.0794 3720 NetBT - ok
11:54:23.0824 3720 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:54:23.0844 3720 Netlogon - ok
11:54:23.0894 3720 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
11:54:23.0934 3720 Netman - ok
11:54:24.0064 3720 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:54:24.0094 3720 NetMsmqActivator - ok
11:54:24.0124 3720 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:54:24.0134 3720 NetPipeActivator - ok
11:54:24.0194 3720 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
11:54:24.0244 3720 netprofm - ok
11:54:24.0274 3720 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:54:24.0284 3720 NetTcpActivator - ok
11:54:24.0294 3720 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:54:24.0304 3720 NetTcpPortSharing - ok
11:54:24.0544 3720 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
11:54:24.0684 3720 netw5v32 - ok
11:54:24.0814 3720 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
11:54:24.0824 3720 nfrd960 - ok
11:54:24.0874 3720 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
11:54:24.0924 3720 NlaSvc - ok
11:54:24.0944 3720 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
11:54:24.0974 3720 Npfs - ok
11:54:24.0994 3720 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
11:54:25.0034 3720 nsi - ok
11:54:25.0044 3720 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
11:54:25.0094 3720 nsiproxy - ok
11:54:25.0194 3720 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
11:54:25.0244 3720 Ntfs - ok
11:54:25.0264 3720 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
11:54:25.0304 3720 Null - ok
11:54:25.0354 3720 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
11:54:25.0374 3720 nvraid - ok
11:54:25.0394 3720 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
11:54:25.0414 3720 nvstor - ok
11:54:25.0444 3720 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
11:54:25.0454 3720 nv_agp - ok
11:54:25.0484 3720 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
11:54:25.0514 3720 ohci1394 - ok
11:54:25.0584 3720 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:54:25.0604 3720 ose - ok
11:54:25.0864 3720 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:54:26.0024 3720 osppsvc - ok
11:54:26.0154 3720 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
11:54:26.0174 3720 p2pimsvc - ok
11:54:26.0204 3720 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
11:54:26.0234 3720 p2psvc - ok
11:54:26.0284 3720 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
11:54:26.0294 3720 Parport - ok
11:54:26.0334 3720 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
11:54:26.0344 3720 partmgr - ok
11:54:26.0354 3720 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
11:54:26.0384 3720 Parvdm - ok
11:54:26.0434 3720 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
11:54:26.0454 3720 PcaSvc - ok
11:54:26.0494 3720 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
11:54:26.0514 3720 pci - ok
11:54:26.0534 3720 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
11:54:26.0544 3720 pciide - ok
11:54:26.0574 3720 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
11:54:26.0604 3720 pcmcia - ok
11:54:26.0614 3720 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
11:54:26.0634 3720 pcw - ok
11:54:26.0704 3720 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
11:54:26.0744 3720 PEAUTH - ok
11:54:26.0824 3720 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
11:54:26.0874 3720 PeerDistSvc - ok
11:54:27.0024 3720 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
11:54:27.0114 3720 pla - ok
11:54:27.0264 3720 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
11:54:27.0304 3720 PlugPlay - ok
11:54:27.0394 3720 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\Windows\system32\HPZipm12.dll
11:54:27.0394 3720 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:54:27.0394 3720 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:54:27.0424 3720 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
11:54:27.0464 3720 PNRPAutoReg - ok
11:54:27.0504 3720 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
11:54:27.0524 3720 PNRPsvc - ok
11:54:27.0574 3720 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
11:54:27.0634 3720 PolicyAgent - ok
11:54:27.0684 3720 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
11:54:27.0724 3720 Power - ok
11:54:27.0794 3720 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
11:54:27.0834 3720 PptpMiniport - ok
11:54:27.0854 3720 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
11:54:27.0894 3720 Processor - ok
11:54:27.0974 3720 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
11:54:28.0014 3720 ProfSvc - ok
11:54:28.0044 3720 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:54:28.0054 3720 ProtectedStorage - ok
11:54:28.0094 3720 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
11:54:28.0134 3720 Psched - ok
11:54:28.0234 3720 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
11:54:28.0274 3720 ql2300 - ok
11:54:28.0414 3720 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
11:54:28.0424 3720 ql40xx - ok
11:54:28.0474 3720 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
11:54:28.0514 3720 QWAVE - ok
11:54:28.0544 3720 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
11:54:28.0554 3720 QWAVEdrv - ok
11:54:28.0584 3720 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
11:54:28.0634 3720 RasAcd - ok
11:54:28.0674 3720 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:54:28.0724 3720 RasAgileVpn - ok
11:54:28.0764 3720 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
11:54:28.0794 3720 RasAuto - ok
11:54:28.0814 3720 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:54:28.0854 3720 Rasl2tp - ok
11:54:28.0914 3720 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
11:54:28.0974 3720 RasMan - ok
11:54:29.0024 3720 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
11:54:29.0054 3720 RasPppoe - ok
11:54:29.0084 3720 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
11:54:29.0124 3720 RasSstp - ok
11:54:29.0184 3720 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
11:54:29.0224 3720 rdbss - ok
11:54:29.0254 3720 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
11:54:29.0264 3720 rdpbus - ok
11:54:29.0324 3720 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:54:29.0374 3720 RDPCDD - ok
11:54:29.0414 3720 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
11:54:29.0454 3720 RDPDR - ok
11:54:29.0494 3720 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
11:54:29.0534 3720 RDPENCDD - ok
11:54:29.0554 3720 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
11:54:29.0594 3720 RDPREFMP - ok
11:54:29.0644 3720 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
11:54:29.0684 3720 RDPWD - ok
11:54:29.0744 3720 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
11:54:29.0764 3720 rdyboost - ok
11:54:29.0784 3720 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
11:54:29.0824 3720 RemoteAccess - ok
11:54:29.0864 3720 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
11:54:29.0914 3720 RemoteRegistry - ok
11:54:29.0974 3720 rimmptsk (c35ca13d3627ebd9dd12a23ce781bc3d) C:\Windows\system32\DRIVERS\rimmptsk.sys
11:54:29.0994 3720 rimmptsk - ok
11:54:30.0024 3720 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
11:54:30.0044 3720 rimsptsk - ok
11:54:30.0084 3720 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
11:54:30.0114 3720 RimUsb - ok
11:54:30.0144 3720 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
11:54:30.0174 3720 rismxdp - ok
11:54:30.0204 3720 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
11:54:30.0264 3720 RpcEptMapper - ok
11:54:30.0294 3720 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
11:54:30.0324 3720 RpcLocator - ok
11:54:30.0384 3720 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
11:54:30.0414 3720 RpcSs - ok
11:54:30.0464 3720 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
11:54:30.0494 3720 rspndr - ok
11:54:30.0534 3720 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
11:54:30.0574 3720 RTL8167 - ok
11:54:30.0604 3720 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
11:54:30.0634 3720 s3cap - ok
11:54:30.0674 3720 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:54:30.0684 3720 SamSs - ok
11:54:30.0794 3720 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:54:30.0804 3720 SASDIFSV - ok
11:54:30.0844 3720 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
11:54:30.0854 3720 SASKUTIL - ok
11:54:30.0904 3720 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
11:54:30.0924 3720 sbp2port - ok
11:54:30.0954 3720 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
11:54:31.0004 3720 SCardSvr - ok
11:54:31.0044 3720 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
11:54:31.0074 3720 scfilter - ok
11:54:31.0164 3720 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
11:54:31.0214 3720 Schedule - ok
11:54:31.0274 3720 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
11:54:31.0304 3720 SCPolicySvc - ok
11:54:31.0364 3720 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
11:54:31.0394 3720 sdbus - ok
11:54:31.0444 3720 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
11:54:31.0474 3720 SDRSVC - ok
11:54:31.0504 3720 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:54:31.0554 3720 secdrv - ok
11:54:31.0594 3720 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
11:54:31.0634 3720 seclogon - ok
11:54:31.0664 3720 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
11:54:31.0724 3720 SENS - ok
11:54:31.0754 3720 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
11:54:31.0784 3720 SensrSvc - ok
11:54:31.0814 3720 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
11:54:31.0844 3720 Serenum - ok
11:54:31.0874 3720 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
11:54:31.0894 3720 Serial - ok
11:54:31.0924 3720 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
11:54:31.0944 3720 sermouse - ok
11:54:31.0994 3720 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
11:54:32.0034 3720 SessionEnv - ok
11:54:32.0084 3720 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
11:54:32.0104 3720 sffdisk - ok
11:54:32.0124 3720 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
11:54:32.0164 3720 sffp_mmc - ok
11:54:32.0184 3720 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys
11:54:32.0224 3720 sffp_sd - ok
11:54:32.0264 3720 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
11:54:32.0294 3720 sfloppy - ok
11:54:32.0354 3720 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
11:54:32.0394 3720 SharedAccess - ok
11:54:32.0454 3720 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
11:54:32.0504 3720 ShellHWDetection - ok
11:54:32.0554 3720 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
11:54:32.0574 3720 sisagp - ok
11:54:32.0604 3720 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:54:32.0614 3720 SiSRaid2 - ok
11:54:32.0644 3720 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
11:54:32.0664 3720 SiSRaid4 - ok
11:54:32.0694 3720 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
11:54:32.0724 3720 Smb - ok
11:54:32.0814 3720 smserial (859e3adc59d1c89a66aa6492c14d379e) C:\Windows\system32\DRIVERS\smserial.sys
11:54:32.0884 3720 smserial - ok
11:54:32.0924 3720 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
11:54:32.0944 3720 SNMPTRAP - ok
11:54:32.0954 3720 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
11:54:32.0974 3720 spldr - ok
11:54:33.0034 3720 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
11:54:33.0094 3720 Spooler - ok
11:54:33.0284 3720 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
11:54:33.0414 3720 sppsvc - ok
11:54:33.0534 3720 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
11:54:33.0564 3720 sppuinotify - ok
11:54:33.0694 3720 sptd (0022cfff1a41e5ce3a764050a7ddf22a) C:\Windows\System32\Drivers\sptd.sys
11:54:33.0724 3720 sptd - ok
11:54:33.0794 3720 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
11:54:33.0834 3720 srv - ok
11:54:33.0864 3720 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
11:54:33.0914 3720 srv2 - ok
11:54:33.0944 3720 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
11:54:33.0964 3720 srvnet - ok
11:54:33.0994 3720 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
11:54:34.0044 3720 SSDPSRV - ok
11:54:34.0054 3720 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
11:54:34.0084 3720 SstpSvc - ok
11:54:34.0114 3720 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
11:54:34.0134 3720 stexstor - ok
11:54:34.0174 3720 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
11:54:34.0214 3720 StillCam - ok
11:54:34.0264 3720 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
11:54:34.0304 3720 StiSvc - ok
11:54:34.0354 3720 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
11:54:34.0364 3720 storflt - ok
11:54:34.0394 3720 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
11:54:34.0404 3720 StorSvc - ok
11:54:34.0434 3720 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
11:54:34.0444 3720 storvsc - ok
11:54:34.0474 3720 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
11:54:34.0484 3720 swenum - ok
11:54:34.0534 3720 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
11:54:34.0604 3720 swprv - ok
11:54:34.0684 3720 SynTP (6dd49e1a5fa0f01824652f1a0a8866fb) C:\Windows\system32\DRIVERS\SynTP.sys
11:54:34.0704 3720 SynTP - ok
11:54:34.0804 3720 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
11:54:34.0854 3720 SysMain - ok
11:54:34.0894 3720 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
11:54:34.0914 3720 TabletInputService - ok
11:54:34.0964 3720 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
11:54:35.0024 3720 TapiSrv - ok
11:54:35.0074 3720 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
11:54:35.0114 3720 TBS - ok
11:54:35.0264 3720 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
11:54:35.0324 3720 Tcpip - ok
11:54:35.0334 3720 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
11:54:35.0374 3720 TCPIP6 - ok
11:54:35.0404 3720 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
11:54:35.0444 3720 tcpipreg - ok
11:54:35.0494 3720 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
11:54:35.0514 3720 TDPIPE - ok
11:54:35.0534 3720 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
11:54:35.0544 3720 TDTCP - ok
11:54:35.0584 3720 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
11:54:35.0624 3720 tdx - ok
11:54:35.0654 3720 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
11:54:35.0674 3720 TermDD - ok
11:54:35.0744 3720 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
11:54:35.0804 3720 TermService - ok
11:54:35.0834 3720 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
11:54:35.0874 3720 Themes - ok
11:54:35.0914 3720 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
11:54:35.0944 3720 THREADORDER - ok
11:54:35.0964 3720 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
11:54:36.0004 3720 TrkWks - ok
11:54:36.0084 3720 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
11:54:36.0144 3720 TrustedInstaller - ok
11:54:36.0164 3720 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:54:36.0224 3720 tssecsrv - ok
11:54:36.0264 3720 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
11:54:36.0294 3720 TsUsbFlt - ok
11:54:36.0364 3720 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
11:54:36.0424 3720 tunnel - ok
11:54:36.0454 3720 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
11:54:36.0474 3720 uagp35 - ok
11:54:36.0534 3720 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
11:54:36.0574 3720 udfs - ok
11:54:36.0594 3720 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
11:54:36.0624 3720 UI0Detect - ok
11:54:36.0654 3720 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
11:54:36.0674 3720 uliagpkx - ok
11:54:36.0724 3720 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
11:54:36.0754 3720 umbus - ok
11:54:36.0774 3720 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
11:54:36.0804 3720 UmPass - ok
11:54:36.0854 3720 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
11:54:36.0904 3720 UmRdpService - ok
11:54:36.0944 3720 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
11:54:36.0984 3720 upnphost - ok
11:54:37.0034 3720 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
11:54:37.0044 3720 USBAAPL - ok
11:54:37.0084 3720 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
11:54:37.0144 3720 usbccgp - ok
11:54:37.0204 3720 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
11:54:37.0214 3720 usbcir - ok
11:54:37.0264 3720 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
11:54:37.0284 3720 usbehci - ok
11:54:37.0334 3720 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
11:54:37.0384 3720 usbhub - ok
11:54:37.0394 3720 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
11:54:37.0424 3720 usbohci - ok
11:54:37.0444 3720 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
11:54:37.0464 3720 usbprint - ok
11:54:37.0484 3720 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:54:37.0514 3720 USBSTOR - ok
11:54:37.0554 3720 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
11:54:37.0564 3720 usbuhci - ok
11:54:37.0624 3720 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
11:54:37.0634 3720 usbvideo - ok
11:54:37.0664 3720 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
11:54:37.0694 3720 UxSms - ok
11:54:37.0724 3720 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:54:37.0744 3720 VaultSvc - ok
11:54:37.0784 3720 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
11:54:37.0794 3720 vdrvroot - ok
11:54:37.0864 3720 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
11:54:37.0904 3720 vds - ok
11:54:37.0944 3720 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
11:54:37.0964 3720 vga - ok
11:54:37.0984 3720 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
11:54:38.0014 3720 VgaSave - ok
11:54:38.0064 3720 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
11:54:38.0084 3720 vhdmp - ok
11:54:38.0144 3720 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
11:54:38.0154 3720 viaagp - ok
11:54:38.0184 3720 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
11:54:38.0214 3720 ViaC7 - ok
11:54:38.0234 3720 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
11:54:38.0244 3720 viaide - ok
11:54:38.0294 3720 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
11:54:38.0314 3720 vmbus - ok
11:54:38.0354 3720 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
11:54:38.0384 3720 VMBusHID - ok
11:54:38.0404 3720 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
11:54:38.0424 3720 volmgr - ok
11:54:38.0474 3720 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
11:54:38.0504 3720 volmgrx - ok
11:54:38.0564 3720 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
11:54:38.0584 3720 volsnap - ok
11:54:38.0614 3720 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
11:54:38.0634 3720 vsmraid - ok
11:54:38.0714 3720 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
11:54:38.0784 3720 VSS - ok
11:54:38.0814 3720 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
11:54:38.0834 3720 vwifibus - ok
11:54:38.0874 3720 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
11:54:38.0914 3720 W32Time - ok
11:54:38.0954 3720 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
11:54:38.0984 3720 WacomPen - ok
11:54:39.0024 3720 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:54:39.0074 3720 WANARP - ok
11:54:39.0074 3720 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:54:39.0104 3720 Wanarpv6 - ok
11:54:39.0244 3720 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
11:54:39.0304 3720 WatAdminSvc - ok
11:54:39.0414 3720 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
11:54:39.0474 3720 wbengine - ok
11:54:39.0504 3720 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
11:54:39.0544 3720 WbioSrvc - ok
11:54:39.0614 3720 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
11:54:39.0654 3720 wcncsvc - ok
11:54:39.0674 3720 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
11:54:39.0694 3720 WcsPlugInService - ok
11:54:39.0774 3720 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
11:54:39.0784 3720 Wd - ok
11:54:39.0834 3720 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
11:54:39.0844 3720 WDC_SAM - ok
11:54:39.0894 3720 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
11:54:39.0914 3720 Wdf01000 - ok
11:54:39.0954 3720 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
11:54:39.0974 3720 WdiServiceHost - ok
11:54:39.0984 3720 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
11:54:40.0004 3720 WdiSystemHost - ok
11:54:40.0054 3720 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
11:54:40.0094 3720 WebClient - ok
11:54:40.0114 3720 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
11:54:40.0144 3720 Wecsvc - ok
11:54:40.0164 3720 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
11:54:40.0194 3720 wercplsupport - ok
11:54:40.0234 3720 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
11:54:40.0264 3720 WerSvc - ok
11:54:40.0294 3720 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
11:54:40.0324 3720 WfpLwf - ok
11:54:40.0344 3720 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
11:54:40.0364 3720 WIMMount - ok
11:54:40.0474 3720 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
11:54:40.0524 3720 WinDefend - ok
11:54:40.0524 3720 WinHttpAutoProxySvc - ok
11:54:40.0594 3720 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
11:54:40.0634 3720 Winmgmt - ok
11:54:40.0734 3720 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
11:54:40.0794 3720 WinRM - ok
11:54:40.0884 3720 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
11:54:40.0914 3720 WinUsb - ok
11:54:40.0984 3720 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
11:54:41.0044 3720 Wlansvc - ok
11:54:41.0144 3720 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:54:41.0154 3720 wlcrasvc - ok
11:54:41.0314 3720 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:54:41.0374 3720 wlidsvc - ok
11:54:41.0504 3720 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
11:54:41.0514 3720 WmiAcpi - ok
11:54:41.0594 3720 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
11:54:41.0624 3720 wmiApSrv - ok
11:54:41.0764 3720 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
11:54:41.0834 3720 WMPNetworkSvc - ok
11:54:41.0874 3720 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
11:54:41.0904 3720 WPCSvc - ok
11:54:41.0944 3720 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
11:54:41.0994 3720 WPDBusEnum - ok
11:54:42.0054 3720 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
11:54:42.0084 3720 ws2ifsl - ok
11:54:42.0124 3720 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
11:54:42.0144 3720 wscsvc - ok
11:54:42.0154 3720 WSearch - ok
11:54:42.0304 3720 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
11:54:42.0384 3720 wuauserv - ok
11:54:42.0504 3720 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
11:54:42.0554 3720 WudfPf - ok
11:54:42.0594 3720 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:54:42.0624 3720 WUDFRd - ok
11:54:42.0684 3720 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
11:54:42.0744 3720 wudfsvc - ok
11:54:42.0804 3720 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
11:54:42.0834 3720 WwanSvc - ok
11:54:42.0844 3720 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:54:42.0884 3720 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
11:54:42.0884 3720 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
11:54:42.0924 3720 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:54:42.0924 3720 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:54:42.0934 3720 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1
11:54:46.0614 3720 \Device\Harddisk1\DR1 - ok
11:54:46.0634 3720 Boot (0x1200) (fa7c0260670251b2c6ba3afcf6d2616f) \Device\Harddisk0\DR0\Partition0
11:54:46.0634 3720 \Device\Harddisk0\DR0\Partition0 - ok
11:54:46.0654 3720 Boot (0x1200) (bdbccf6eb6c2488b4f8d71062451bbbc) \Device\Harddisk0\DR0\Partition1
11:54:46.0654 3720 \Device\Harddisk0\DR0\Partition1 - ok
11:54:46.0654 3720 Boot (0x1200) (3adbee21177d58e88adcb8920cf1d741) \Device\Harddisk1\DR1\Partition0
11:54:46.0654 3720 \Device\Harddisk1\DR1\Partition0 - ok
11:54:46.0654 3720 ============================================================
11:54:46.0654 3720 Scan finished
11:54:46.0654 3720 ============================================================
11:54:46.0684 3712 Detected object count: 4
11:54:46.0684 3712 Actual detected object count: 4
11:55:03.0454 3712 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:55:03.0454 3712 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:55:03.0464 3712 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:55:03.0464 3712 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:55:04.0274 3712 \Device\Harddisk0\DR0\# - copied to quarantine
11:55:04.0274 3712 \Device\Harddisk0\DR0 - copied to quarantine
11:55:04.0304 3712 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
11:55:04.0314 3712 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
11:55:04.0324 3712 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
11:55:04.0334 3712 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
11:55:04.0344 3712 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
11:55:04.0344 3712 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
11:55:04.0344 3712 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
11:55:04.0354 3712 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
11:55:04.0424 3712 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
11:55:04.0424 3712 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
11:55:04.0424 3712 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
11:55:04.0434 3712 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
11:55:04.0434 3712 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
11:55:04.0464 3712 \Device\Harddisk0\DR0 - ok
11:55:04.0474 3712 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
11:55:04.0474 3712 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:55:04.0474 3712 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
11:56:41.0394 3576 Deinitialize success


Result.txt
ListParts by Farbar Version: 23-06-2012
Ran by SYSTEM (administrator) on 23-06-2012 at 12:33:28
Windows 7 (X86)
Running From: F:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 4086.43 MB
Available physical RAM: 3700.18 MB
Total Pagefile: 4084.71 MB
Available Pagefile: 3692.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.54 MB

======================= Partitions =========================

1 Drive c: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Fixed) (Total:465.66 GB) (Free:116.74 GB) NTFS
4 Drive f: (TRAVELDRIVE) (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 246 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 465 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D NTFS Partition 465 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 245 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F TRAVELDRIVE FAT Removable 245 MB Healthy

======================================================================================================

Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {5b799f62-2e47-11e0-8fb1-ab6c0d8edc3a}
resumeobject {5b799f61-2e47-11e0-8fb1-ab6c0d8edc3a}
displayorder {5b799f62-2e47-11e0-8fb1-ab6c0d8edc3a}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30

Windows Boot Loader
-------------------
identifier {5b799f62-2e47-11e0-8fb1-ab6c0d8edc3a}
device partition=D:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {5b799f63-2e47-11e0-8fb1-ab6c0d8edc3a}
recoveryenabled Yes
osdevice partition=D:
systemroot \Windows
resumeobject {5b799f61-2e47-11e0-8fb1-ab6c0d8edc3a}
nx OptIn
bootlog No

Windows Boot Loader
-------------------
identifier {5b799f63-2e47-11e0-8fb1-ab6c0d8edc3a}
device ramdisk=[D:]\Recovery\5b799f63-2e47-11e0-8fb1-ab6c0d8edc3a\Winre.wim,{5b799f64-2e47-11e0-8fb1-ab6c0d8edc3a}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[D:]\Recovery\5b799f63-2e47-11e0-8fb1-ab6c0d8edc3a\Winre.wim,{5b799f64-2e47-11e0-8fb1-ab6c0d8edc3a}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Resume from Hibernate
---------------------
identifier {5b799f61-2e47-11e0-8fb1-ab6c0d8edc3a}
device partition=D:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=D:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Device options
--------------
identifier {5b799f64-2e47-11e0-8fb1-ab6c0d8edc3a}
description Ramdisk Options
ramdisksdidevice partition=D:
ramdisksdipath \Recovery\5b799f63-2e47-11e0-8fb1-ab6c0d8edc3a\boot.sdi


****** End Of Log ******
  • 0

#15
elliotjung

elliotjung

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Also, I was wondering if you knew how to remove McAffee Enterprise from my system completely.

I have been working on uninstalling it and have removed nearly all of it. However, McAffee Agent seems to persist in my Programs and Features and when I try to uninstall it I receive the message that "McAffee Agent cannot be removed while it is managed mode."

I understand if this is not within your jurisdiction and I should possibly start a new topic for it.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP