TechSpot

[A] Reinstall.exe/System Check removal

Inactive
By bradbackalsh
Mar 22, 2012
  1. I run windows 7 64 bit.
    I was just surfing the internet when I got the reinstall.exe prompt.

    I kept clicking no and it kept popping up.

    Now I have the System Check virus.

    I am currently scanning with Comodo.

    What do to remove?
     
  2. bradbackalsh

    bradbackalsh TS Rookie Topic Starter Posts: 20

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.22.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Brad :: SOWELL [administrator]

    Protection: Enabled

    3/22/2012 6:12:31 PM
    mbam-log-2012-03-22 (18-12-31).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 231299
    Time elapsed: 16 minute(s), 41 second(s)

    Memory Processes Detected: 1
    C:\ProgramData\BGNKveQAbc.exe (Rogue.FakeHDD) -> 3892 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BGNKveQAbc.exe (Rogue.FakeHDD) -> Data: C:\ProgramData\BGNKveQAbc.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 3
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\ProgramData\BGNKveQAbc.exe (Rogue.FakeHDD) -> Delete on reboot.
    C:\Users\Brad\AppData\Local\Temp\MexjDILKLs8KTN.exe.tmp (Rogue.FakeHDD) -> Quarantined and deleted successfully.
    C:\Users\Brad\AppData\Local\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)
     
  3. bradbackalsh

    bradbackalsh TS Rookie Topic Starter Posts: 20

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-03-22 19:10:31
    Windows 6.1.7601 Service Pack 1
    Running: 9s29g9c5.exe


    ---- Files - GMER 1.0.15 ----

    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1072457D-BBC5-4470-8705-C64F8F91D7C3.data 907824 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1072457D-BBC5-4470-8705-C64F8F91D7C3.data.info 202 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1CDF2B92-9786-49B7-9A75-A89E204D21E4.data 352768 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1CDF2B92-9786-49B7-9A75-A89E204D21E4.data.info 140 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\2A2711AF-3FCF-41C7-976D-B1E748A1D9A0.data 800768 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\2A2711AF-3FCF-41C7-976D-B1E748A1D9A0.data.info 170 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\31ACD07D-999A-494C-BEF2-E9C6B12934CF.data 10348 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\8B4B9D09-C524-4F35-9899-D0B7D52219BE.data 194848 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\8B4B9D09-C524-4F35-9899-D0B7D52219BE.data.info 146 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\9D48F868-3C77-4E30-B975-9D5E4F702AAD.data 194848 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\9D48F868-3C77-4E30-B975-9D5E4F702AAD.data.info 152 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A816EADC-0D0E-4D13-9C8C-6B7F1115646E.data 620527 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A816EADC-0D0E-4D13-9C8C-6B7F1115646E.data.info 134 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\B7EAE528-B829-426B-93DF-8A842E612871.data 40 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\B7EAE528-B829-426B-93DF-8A842E612871.data.info 110 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\BC9BEB46-A766-498D-811B-F62FAEE029E4.data 176 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\DC9A0719-7A90-444A-80F1-59CA2EE7BB4B.data 9982 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\DC9A0719-7A90-444A-80F1-59CA2EE7BB4B.data.info 214 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\DD5DA6F4-04DB-4BEA-B01A-8D2A8F990EA1.data 780344 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\DD5DA6F4-04DB-4BEA-B01A-8D2A8F990EA1.data.info 170 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E95AE954-0F82-4DFB-B6C7-B4EC4C2A89B6.data 620527 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E95AE954-0F82-4DFB-B6C7-B4EC4C2A89B6.data.info 144 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E9C6E8A6-5C3D-488E-820F-241EE8B9960D.data 10656 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\CA88598C-7071-4161-9033-4F6838DD6D1C.data 176 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\CA88598C-7071-4161-9033-4F6838DD6D1C.data.info 112 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\D15F0FD1-4024-413A-B793-9FF5016E50D9.data 165735 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\D15F0FD1-4024-413A-B793-9FF5016E50D9.data.info 168 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\DC416627-8576-4F60-87F5-1B016CC5D0CA.data 264 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\DC416627-8576-4F60-87F5-1B016CC5D0CA.data.info 110 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\3EEC8AFC-A19B-47FB-970E-625171D7E32C.data 382976 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\3EEC8AFC-A19B-47FB-970E-625171D7E32C.data.info 212 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\5C58115B-B6CB-4967-BC56-65466F19C394.data 352768 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\5C58115B-B6CB-4967-BC56-65466F19C394.data.info 140 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\6AEFF85D-5DD9-430F-8F04-12DCBAAFDD27.data 13056 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\6AEFF85D-5DD9-430F-8F04-12DCBAAFDD27.data.info 134 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\7422ECD9-1153-4A54-97EA-4E4DCEDAF913.data 352768 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\7422ECD9-1153-4A54-97EA-4E4DCEDAF913.data.info 140 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\31ACD07D-999A-494C-BEF2-E9C6B12934CF.data.info 214 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\BC9BEB46-A766-498D-811B-F62FAEE029E4.data.info 112 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E9C6E8A6-5C3D-488E-820F-241EE8B9960D.data.info 214 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\EC0AF0CF-A224-4D2A-870E-39B8D517F8D6.data 352768 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\EC0AF0CF-A224-4D2A-870E-39B8D517F8D6.data.info 140 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\EC73E0BB-A1DC-4623-89F1-44ECFAF1C0B4.data 264 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\EC73E0BB-A1DC-4623-89F1-44ECFAF1C0B4.data.info 110 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F28E74CB-DEAC-4496-9E10-02818CED7780.data 176 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F28E74CB-DEAC-4496-9E10-02818CED7780.data.info 112 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes

    ---- EOF - GMER 1.0.15 ----
     
  4. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  5. bradbackalsh

    bradbackalsh TS Rookie Topic Starter Posts: 20

    I cannot see any of my files.

    My entire folder from the Users is gone.

    Other than that, everything runs fine.
     
  6. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Let's see, if we can recover your missing features.
    Download and run UnHide
    Let me know, if it worked.

    And again....

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
     
  7. bradbackalsh

    bradbackalsh TS Rookie Topic Starter Posts: 20

    Comodo says that the DDS is suspicious and possibly malware.

    Is this normal?
     
  8. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Disregard Comodo warning.
     
  9. bradbackalsh

    bradbackalsh TS Rookie Topic Starter Posts: 20

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
    Run by Brad at 15:16:52 on 2012-03-23
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.1967 [GMT -4:00]
    .
    AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
    SP: Spy Emergency *Disabled/Updated* {545CA291-8AC9-FEF7-AB96-14A4BDB62AFD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
    FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\SysWOW64\ezSharedSvcHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local;192.168.*.*
    uURLSearchHooks: Viral Tube Toolbar: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - C:\Program Files (x86)\Viral_Tube\prxtbVira.dll
    mURLSearchHooks: Viral Tube Toolbar: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - C:\Program Files (x86)\Viral_Tube\prxtbVira.dll
    BHO: Shop to Win: {0095c290-a428-4bdd-b98c-e0a116f1c702} - C:\Program Files (x86)\Shop to Win 9\Shop to Win 9.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Viral Tube Toolbar: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - C:\Program Files (x86)\Viral_Tube\prxtbVira.dll
    BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: Viral Tube Toolbar: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - C:\Program Files (x86)\Viral_Tube\prxtbVira.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    uRun: [Google Update] "C:\Users\Brad\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
    mRun: [<NO NAME>]
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
    mRun: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
    mRun: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WI-FIM~1.LNK - C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: HideFastUserSwitching = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
    TCP: Interfaces\{18013080-1FF7-4266-80AA-13E71D79432A} : DhcpNameServer = 192.168.1.1 71.252.0.12
    TCP: Interfaces\{18013080-1FF7-4266-80AA-13E71D79432A}\1557965647758616C656D27657563747 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{18013080-1FF7-4266-80AA-13E71D79432A}\2375942554432383 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{18013080-1FF7-4266-80AA-13E71D79432A}\2496760245 : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    TCP: Interfaces\{18013080-1FF7-4266-80AA-13E71D79432A}\461667964607C6F657274656 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{18013080-1FF7-4266-80AA-13E71D79432A}\6524340535348616E6E656C6 : DhcpNameServer = 10.90.85.90 10.90.94.90 10.240.66.68
    TCP: Interfaces\{18013080-1FF7-4266-80AA-13E71D79432A}\851667965627D2E456B6F636F6E6 : DhcpNameServer = 192.168.2.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
    SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Shop to Win: {0095C290-A428-4BDD-B98C-E0A116F1C702} - C:\Program Files (x86)\Shop to Win 9\Shop to Win 9.dll
    BHO-X64: Freecause Shopping BHO - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Viral Tube Toolbar: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - C:\Program Files (x86)\Viral_Tube\prxtbVira.dll
    BHO-X64: Viral Tube - No File
    BHO-X64: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll
    BHO-X64: DCA - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64: Ask Toolbar BHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    BHO-X64: Yontoo Layers - No File
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB-X64: Viral Tube Toolbar: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - C:\Program Files (x86)\Viral_Tube\prxtbVira.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
    mRun-x64: [(Default)]
    mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
    mRun-x64: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
    mRun-x64: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
    SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\zgzt9k5d.default\
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Brad\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Users\Brad\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extentions.y2layers.installId - bda145ed-2def-4b21-be8d-cc2ea0f8aba2
    FF - user.js: extentions.y2layers.defaultEnableAppsList - PageRage,PageRageGlobal,PageRageTeases,Buzzdock,BuzzdockTease,PageRage,PageRageGlobal,
    FF - user.js: extensions.autoDisableScopes - 14
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
    R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
    R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\system32\DRIVERS\cmderd.sys --> C:\Windows\system32\DRIVERS\cmderd.sys [?]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
    R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
    R1 SpyEmrg;Spy Emergency Driver;C:\Windows\system32\Drivers\spyemrg.sys --> C:\Windows\system32\Drivers\spyemrg.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]
    R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;C:\Windows\system32\Drivers\spyemrg_guard.sys --> C:\Windows\system32\Drivers\spyemrg_guard.sys [?]
    R3 WFMC_VAD;WFMCVAD (WDM);C:\Windows\system32\DRIVERS\wfmcvad.sys --> C:\Windows\system32\DRIVERS\wfmcvad.sys [?]
    S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
    S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
    S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
    S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
    S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?]
    S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;C:\Windows\system32\Drivers\spyemrg_access.sys --> C:\Windows\system32\Drivers\spyemrg_access.sys [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;C:\Windows\system32\DRIVERS\gtkdrv.sys --> C:\Windows\system32\DRIVERS\gtkdrv.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-03-22 23:24:17 -------- d-----w- C:\Program Files (x86)\GridinSoft Trojan Killer
    2012-03-22 22:42:51 -------- d-----w- C:\HP_TOOLS_mountHPSF
    2012-03-22 22:11:16 -------- d-----w- C:\Users\Brad\AppData\Roaming\Malwarebytes
    2012-03-22 22:11:04 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-03-22 22:11:02 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-03-22 22:11:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-03-22 20:31:57 -------- d-----w- C:\ProgramData\CPA_VA
    2012-03-22 20:29:58 -------- d-----w- C:\VritualRoot
    2012-03-22 20:23:05 -------- d-----w- C:\ProgramData\Comodo
    2012-03-22 20:23:01 -------- d-----w- C:\Program Files\COMODO
    2012-03-22 20:22:39 -------- d-----w- C:\Program Files (x86)\Comodo
    2012-03-22 20:22:35 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
    2012-03-22 19:18:51 -------- d-----w- C:\Users\Brad\AppData\Roaming\Spy Emergency
    2012-03-22 19:18:47 24408 ----a-w- C:\Windows\System32\drivers\spyemrg_access.sys
    2012-03-22 19:18:47 18776 ----a-w- C:\Windows\System32\drivers\spyemrg_guard.sys
    2012-03-22 19:18:47 17240 ----a-w- C:\Windows\System32\drivers\spyemrg.sys
    2012-03-22 19:18:42 -------- d-----w- C:\ProgramData\NETGATE
    2012-03-22 19:18:41 -------- d-----w- C:\Program Files\NETGATE
    2012-03-21 01:44:42 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{78ED4704-C308-4C14-9A4C-89196AFFDCF1}\mpengine.dll
    2012-03-14 07:02:03 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-03-14 07:02:01 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-03-14 07:02:00 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-03-13 22:29:36 3145728 ----a-w- C:\Windows\System32\win32k.sys
    2012-03-13 22:29:31 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2012-03-13 22:29:31 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-03-13 22:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-03-13 22:28:32 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-03-13 22:28:32 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-03-13 22:28:29 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-03-13 22:28:29 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-03-13 22:28:29 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-03-13 22:28:29 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-03-12 01:13:42 577824 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
    2012-03-12 01:13:42 43248 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
    2012-03-12 01:13:40 22696 ----a-w- C:\Windows\System32\drivers\cmderd.sys
    2012-03-12 01:13:22 41200 ----a-w- C:\Windows\System32\cmdcsr.dll
    2012-03-12 01:13:20 301224 ----a-w- C:\Windows\SysWow64\guard32.dll
    2012-03-12 01:13:18 389840 ----a-w- C:\Windows\System32\guard64.dll
    2012-03-07 05:32:45 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2012-03-07 05:32:31 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-03-07 05:32:17 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-03-07 05:32:09 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-03-06 01:05:40 -------- d-----w- C:\Users\Brad\AppData\Local\{3EE9E587-BD5F-4322-8D42-0B6AEDE41D04}
    2012-03-04 07:37:55 -------- d-----w- C:\Program Files (x86)\fbphotozoom
    2012-03-04 05:25:38 -------- d-----w- C:\Users\Brad\AppData\Local\{1AB9B534-054C-4F44-BE00-221AD8920FB0}
    2012-03-04 04:03:14 125376 ----a-w- C:\Windows\System32\drivers\scdemu.sys
    2012-03-04 04:03:13 -------- d-----w- C:\Program Files (x86)\PowerISO
    2012-02-27 03:27:45 -------- d-----w- C:\Users\Brad\AppData\Local\{B7AFDB63-DABB-4564-85C0-A80D825726E3}
    2012-02-23 03:26:50 -------- d-----w- C:\Program Files (x86)\1ClickDownload
    .
    ==================== Find3M ====================
    .
    2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-01-04 14:28:36 16640 ----a-w- C:\Windows\System32\drivers\gtkdrv.sys
    2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
    2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
    2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
    2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
    2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
    .
    ============= FINISH: 15:20:14.53 ===============
     
  10. bradbackalsh

    bradbackalsh TS Rookie Topic Starter Posts: 20

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/10/2011 7:11:11 PM
    System Uptime: 3/23/2012 2:56:59 PM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 3568
    Processor: AMD A4-3300M APU with Radeon(tm) HD Graphics | Socket FS1 | 798/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 452 GiB total, 45.285 GiB free.
    D: is FIXED (NTFS) - 14 GiB total, 1.554 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    1ClickDownload
    7-Zip 9.20
    ActiveCheck component for HP Active Support Library
    Adobe Flash Player 10 ActiveX
    Adobe Reader X (10.1.1) MUI
    Adobe Shockwave Player 11.5
    Agatha Christie - Peril at End House
    AMD System Monitor
    AMD VISION Engine Control Center
    Apple Application Support
    Apple Software Update
    ArcSoft MediaImpression for Kodak
    ASIO4ALL
    Bejeweled 2 Deluxe
    Bejeweled 3
    Bing Bar
    BitTorrent
    Blackhawk Striker 2
    Blasterball 3
    Blio
    Bounce Symphony
    Build-a-lot 2
    Cake Mania
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Celtx (2.9.1)
    Chuzzle Deluxe
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Comodo Dragon
    COMODO GeekBuddy
    CyberLink YouCam
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Diner Dash 2 Restaurant Rescue
    DivX Setup
    Dora's World Adventure
    DVD Architect Studio 5.0
    Energy Star Digital Logo
    ESU for Microsoft Windows 7
    Evernote v. 4.2.2
    Facebook Video Calling 1.2.0.159
    Farm Frenzy
    FATE - The Traitor Soul
    Google Chrome
    Google Earth
    Google Update Helper
    HP Connection Manager
    HP Customer Experience Enhancements
    HP Documentation
    HP Games
    HP MovieStore
    HP On Screen Display
    HP Power Manager
    HP Quick Launch
    HP Setup
    HP Setup Manager
    HP Software Framework
    HP Support Assistant
    HPAsset component for HP Active Support Library
    IDT Audio
    Java Auto Updater
    Java(TM) 6 Update 29
    Junk Mail filter update
    jZip
    K-Lite Codec Pack 8.3.2 (Standard)
    Live 8.2.7
    Magic Desktop
    Mah Jong Medley
    Malwarebytes Anti-Malware version 1.60.1.1000
    McAfee Security Scan Plus
    Mesh Runtime
    Microsoft Office 2010
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft WSE 3.0 Runtime
    MotoHelper 2.0.49 Driver
    MotoHelper MergeModules
    Mozilla Firefox 10.0.2 (x86 en-US)
    MSVCRT
    MSVCRT Redists
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery P.I. - Stolen in San Francisco
    Namco All-Stars PAC-MAN
    Native Instruments Skanner
    NewBlue VideoFX for Sony Vegas MSPPS
    OnLive
    ooVoo
    ooVoo toolbar, powered by Ask.com
    ooVoo toolbar, powered by Ask.com Updater
    Penguins!
    Plants vs. Zombies - Game of the Year
    PlayReady PC Runtime x86
    Points2Shop Points Multiplier 2012 version 2012
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    PowerISO
    Psycle 1.10.0 32 bits
    QuickTime
    Realtek Ethernet Controller Driver
    Realtek PCIE Card Reader
    REALTEK Wireless LAN Driver
    Recovery Manager
    RoxioNow Player
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
    Shop To Win
    Skype™ 5.1
    Slingo Supreme
    Sony Vocal Eraser
    Sound Forge Audio Studio 10.0
    Spotify
    Trojan Killer
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
    Update for Microsoft Outlook Social Connector (KB2583935)
    Update Installer for WildTangent Games App
    VC80CRTRedist - 8.0.50727.6195
    Vegas Movie Studio HD Platinum 11.0
    Viral Tube Toolbar
    Virtual Villagers 4 - The Tree of Life
    VirtualDJ Home FREE
    Wheel of Fortune 2
    Wi-Fi MediaConnect
    WildTangent Games App (HP Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/22/2012 6:11:10 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    3/22/2012 4:25:04 PM, Error: Service Control Manager [7030] - The COMODO Internet Security Helper Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    3/22/2012 3:30:25 PM, Error: Service Control Manager [7023] - The Block Level Backup Engine Service service terminated with the following error: %%-2147024891
    3/22/2012 3:13:25 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
    3/22/2012 3:04:34 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    3/22/2012 3:04:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    3/22/2012 3:04:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    3/22/2012 3:04:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    3/22/2012 3:04:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    3/22/2012 3:04:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/22/2012 3:04:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    3/22/2012 3:04:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf
    3/22/2012 3:04:17 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/22/2012 3:04:17 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/22/2012 3:04:17 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    3/22/2012 3:04:17 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/22/2012 3:04:17 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/22/2012 3:04:17 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    3/22/2012 3:04:17 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/22/2012 3:04:17 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/22/2012 3:04:17 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/22/2012 3:04:17 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/20/2012 5:32:20 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpqwmiex service.
    .
    ==== End Of File ===========================
     
  11. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    You didn't say if UnHide worked for you.

    [​IMG]
     
     
  12. bradbackalsh

    bradbackalsh TS Rookie Topic Starter Posts: 20

    Oh! Unhide worked great! All my files have been unhidden.
     
  13. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Good :)

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ===============================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  14. bradbackalsh

    bradbackalsh TS Rookie Topic Starter Posts: 20

    Everytime I click on the MBR to open it, it deletes itself
     
  15. bradbackalsh

    bradbackalsh TS Rookie Topic Starter Posts: 20

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
    , 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`0c800000

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
     
  16. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Disable Comodo and try again.
     
  17. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    We posted at the same time.
     
  18. bradbackalsh

    bradbackalsh TS Rookie Topic Starter Posts: 20

    Comodo has been disabled and it still deletes itself.
     
  19. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Please download and run ListParts by Farbar (for 32-bit system) to your desktop.

    Please download and run ListParts64 by Farbar (for 64-bit system) to your desktop.

    Click on Scan button.

    Scan result will open in Notepad.
    Post it in your next reply.
     
  20. bradbackalsh

    bradbackalsh TS Rookie Topic Starter Posts: 20

    ListParts by Farbar Version: 12-03-2012 03
    Ran by Brad (administrator) on 23-03-2012 at 16:31:38
    Windows 7 (X64)
    Running From: C:\Users\Brad\Desktop
    Language: 0409
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 68%
    Total physical RAM: 3562.9 MB
    Available physical RAM: 1128.54 MB
    Total Pagefile: 7124 MB
    Available Pagefile: 4065.86 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:451.54 GB) (Free:44.73 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: (RECOVERY) (Fixed) (Total:13.92 GB) (Free:1.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 199 MB 1024 KB
    Partition 2 Primary 451 GB 200 MB
    Partition 3 Primary 13 GB 451 GB
    Partition 4 Primary 103 MB 465 GB

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 SYSTEM NTFS Partition 199 MB Healthy System (partition with boot components)

    ======================================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 451 GB Healthy Boot

    ======================================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D RECOVERY NTFS Partition 13 GB Healthy

    ======================================================================================================

    Disk: 0
    Partition 4
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 HP_TOOLS FAT32 Partition 103 MB Healthy

    ======================================================================================================

    ****** End Of Log ******
     
  21. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  22. bradbackalsh

    bradbackalsh TS Rookie Topic Starter Posts: 20

    16:38:35.0701 4164 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
    16:38:36.0116 4164 ============================================================
    16:38:36.0116 4164 Current date / time: 2012/03/23 16:38:36.0116
    16:38:36.0116 4164 SystemInfo:
    16:38:36.0116 4164
    16:38:36.0116 4164 OS Version: 6.1.7601 ServicePack: 1.0
    16:38:36.0116 4164 Product type: Workstation
    16:38:36.0117 4164 ComputerName: SOWELL
    16:38:36.0117 4164 UserName: Brad
    16:38:36.0117 4164 Windows directory: C:\Windows
    16:38:36.0117 4164 System windows directory: C:\Windows
    16:38:36.0117 4164 Running under WOW64
    16:38:36.0117 4164 Processor architecture: Intel x64
    16:38:36.0117 4164 Number of processors: 2
    16:38:36.0117 4164 Page size: 0x1000
    16:38:36.0117 4164 Boot type: Normal boot
    16:38:36.0117 4164 ============================================================
    16:38:37.0358 4164 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    16:38:37.0369 4164 \Device\Harddisk0\DR0:
    16:38:37.0370 4164 MBR used
    16:38:37.0370 4164 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
    16:38:37.0370 4164 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38715000
    16:38:37.0370 4164 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38779000, BlocksNum 0x1BD9000
    16:38:37.0370 4164 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
    16:38:37.0453 4164 Initialize success
    16:38:37.0453 4164 ============================================================
    16:38:39.0113 4480 ============================================================
    16:38:39.0113 4480 Scan started
    16:38:39.0114 4480 Mode: Manual;
    16:38:39.0114 4480 ============================================================
    16:38:40.0263 4480 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    16:38:40.0269 4480 1394ohci - ok
    16:38:40.0580 4480 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    16:38:40.0584 4480 ACDaemon - ok
    16:38:41.0221 4480 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    16:38:41.0228 4480 ACPI - ok
    16:38:41.0596 4480 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    16:38:41.0599 4480 AcpiPmi - ok
    16:38:41.0794 4480 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    16:38:41.0798 4480 AdobeARMservice - ok
    16:38:42.0592 4480 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
    16:38:42.0603 4480 adp94xx - ok
    16:38:43.0010 4480 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
    16:38:43.0018 4480 adpahci - ok
    16:38:43.0433 4480 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
    16:38:43.0438 4480 adpu320 - ok
    16:38:43.0714 4480 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    16:38:43.0717 4480 AeLookupSvc - ok
    16:38:44.0132 4480 Afc (6ccd1135320109d6b219f1a6e04ad9f6) C:\Windows\syswow64\drivers\Afc.sys
    16:38:44.0134 4480 Afc - ok
    16:38:44.0587 4480 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    16:38:44.0599 4480 AFD - ok
    16:38:45.0097 4480 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    16:38:45.0101 4480 agp440 - ok
    16:38:45.0493 4480 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    16:38:45.0496 4480 ALG - ok
    16:38:45.0905 4480 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    16:38:45.0907 4480 aliide - ok
    16:38:46.0242 4480 AMD External Events Utility (3a2fc4017a0b7e4e9ae43027b0ba9a13) C:\Windows\system32\atiesrxx.exe
    16:38:46.0263 4480 AMD External Events Utility - ok
    16:38:46.0404 4480 AMD FUEL Service - ok
    16:38:46.0801 4480 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    16:38:46.0803 4480 amdide - ok
    16:38:47.0241 4480 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
    16:38:47.0245 4480 amdiox64 - ok
    16:38:47.0680 4480 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
    16:38:47.0682 4480 AmdK8 - ok
    16:38:48.0419 4480 amdkmdag (7eb312d17601c8a1375e32547303e51f) C:\Windows\system32\DRIVERS\atikmdag.sys
    16:38:48.0727 4480 amdkmdag - ok
    16:38:49.0109 4480 amdkmdap (678febf2d50f87056fa6b2cdca21a711) C:\Windows\system32\DRIVERS\atikmpag.sys
    16:38:49.0116 4480 amdkmdap - ok
    16:38:49.0623 4480 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    16:38:49.0626 4480 AmdPPM - ok
    16:38:50.0067 4480 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    16:38:50.0071 4480 amdsata - ok
    16:38:50.0463 4480 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
    16:38:50.0469 4480 amdsbs - ok
    16:38:51.0018 4480 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    16:38:51.0020 4480 amdxata - ok
    16:38:51.0358 4480 amd_sata (2fbb00a7616106b95104574c6cd640c2) C:\Windows\system32\DRIVERS\amd_sata.sys
    16:38:51.0360 4480 amd_sata - ok
    16:38:51.0886 4480 amd_xata (87d0d7645cb0d53220649bd5fe15d93e) C:\Windows\system32\DRIVERS\amd_xata.sys
    16:38:51.0888 4480 amd_xata - ok
    16:38:52.0503 4480 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    16:38:52.0506 4480 AppID - ok
    16:38:52.0762 4480 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    16:38:52.0764 4480 AppIDSvc - ok
    16:38:53.0142 4480 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    16:38:53.0145 4480 Appinfo - ok
    16:38:53.0439 4480 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    16:38:53.0443 4480 Apple Mobile Device - ok
    16:38:53.0820 4480 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
    16:38:53.0823 4480 arc - ok
    16:38:54.0334 4480 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
    16:38:54.0338 4480 arcsas - ok
    16:38:54.0760 4480 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    16:38:54.0802 4480 aspnet_state - ok
    16:38:55.0231 4480 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    16:38:55.0233 4480 AsyncMac - ok
    16:38:55.0767 4480 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    16:38:55.0770 4480 atapi - ok
    16:38:56.0183 4480 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
    16:38:56.0187 4480 AtiHDAudioService - ok
    16:38:56.0578 4480 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    16:38:56.0593 4480 AudioEndpointBuilder - ok
    16:38:56.0621 4480 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    16:38:56.0632 4480 AudioSrv - ok
    16:38:57.0087 4480 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    16:38:57.0092 4480 AxInstSV - ok
    16:38:57.0908 4480 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
    16:38:57.0918 4480 b06bdrv - ok
    16:38:58.0311 4480 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    16:38:58.0319 4480 b57nd60a - ok
    16:38:58.0482 4480 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
    16:38:58.0487 4480 BBSvc - ok
    16:38:58.0889 4480 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
    16:38:58.0916 4480 BCM43XX - ok
    16:38:59.0187 4480 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    16:38:59.0191 4480 BDESVC - ok
    16:38:59.0761 4480 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    16:38:59.0763 4480 Beep - ok
    16:39:00.0085 4480 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    16:39:00.0101 4480 BFE - ok
    16:39:00.0421 4480 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
    16:39:00.0505 4480 BITS - ok
    16:39:01.0129 4480 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
    16:39:01.0138 4480 blbdrive - ok
    16:39:01.0296 4480 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    16:39:01.0306 4480 Bonjour Service - ok
    16:39:01.0806 4480 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    16:39:01.0810 4480 bowser - ok
    16:39:02.0161 4480 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
    16:39:02.0164 4480 BrFiltLo - ok
    16:39:02.0527 4480 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
    16:39:02.0529 4480 BrFiltUp - ok
    16:39:02.0791 4480 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    16:39:02.0796 4480 Browser - ok
    16:39:03.0287 4480 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    16:39:03.0307 4480 Brserid - ok
    16:39:03.0848 4480 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    16:39:03.0851 4480 BrSerWdm - ok
    16:39:04.0212 4480 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    16:39:04.0214 4480 BrUsbMdm - ok
    16:39:04.0682 4480 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    16:39:04.0684 4480 BrUsbSer - ok
    16:39:05.0062 4480 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
    16:39:05.0064 4480 BTCFilterService - ok
    16:39:05.0419 4480 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
    16:39:05.0423 4480 BTHMODEM - ok
    16:39:05.0761 4480 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    16:39:05.0764 4480 bthserv - ok
    16:39:06.0248 4480 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    16:39:06.0251 4480 cdfs - ok
    16:39:06.0675 4480 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    16:39:06.0680 4480 cdrom - ok
    16:39:07.0005 4480 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    16:39:07.0008 4480 CertPropSvc - ok
    16:39:07.0603 4480 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
    16:39:07.0606 4480 circlass - ok
    16:39:07.0898 4480 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    16:39:07.0907 4480 CLFS - ok
    16:39:08.0086 4480 CLPSLS (882e3973505c441ce000133c821d0edd) C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
    16:39:08.0113 4480 CLPSLS - ok
    16:39:08.0330 4480 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    16:39:08.0336 4480 clr_optimization_v2.0.50727_32 - ok
    16:39:08.0668 4480 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    16:39:08.0675 4480 clr_optimization_v2.0.50727_64 - ok
    16:39:09.0131 4480 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    16:39:09.0354 4480 clr_optimization_v4.0.30319_32 - ok
    16:39:09.0679 4480 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    16:39:09.0709 4480 clr_optimization_v4.0.30319_64 - ok
    16:39:10.0086 4480 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
    16:39:10.0089 4480 clwvd - ok
    16:39:10.0567 4480 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
    16:39:10.0569 4480 CmBatt - ok
    16:39:10.0781 4480 cmdAgent (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    16:39:10.0838 4480 cmdAgent - ok
    16:39:11.0229 4480 cmderd (7eac5e62f0b93262984d450e0d497b61) C:\Windows\system32\DRIVERS\cmderd.sys
    16:39:11.0232 4480 cmderd - ok
    16:39:11.0677 4480 cmdGuard (0599d5a458d4e0e37ab84e9d1c5c73e5) C:\Windows\system32\DRIVERS\cmdguard.sys
    16:39:11.0697 4480 cmdGuard - ok
    16:39:12.0051 4480 cmdHlp (2d3e08c7106f748f9eff3dec14142d3e) C:\Windows\system32\DRIVERS\cmdhlp.sys
    16:39:12.0054 4480 cmdHlp - ok
    16:39:12.0405 4480 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    16:39:12.0407 4480 cmdide - ok
    16:39:13.0107 4480 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    16:39:13.0117 4480 CNG - ok
    16:39:13.0490 4480 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
    16:39:13.0492 4480 Compbatt - ok
    16:39:14.0010 4480 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    16:39:14.0012 4480 CompositeBus - ok
    16:39:14.0273 4480 COMSysApp - ok
    16:39:14.0697 4480 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
    16:39:14.0714 4480 crcdisk - ok
    16:39:15.0031 4480 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
    16:39:15.0036 4480 CryptSvc - ok
    16:39:15.0343 4480 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    16:39:15.0358 4480 DcomLaunch - ok
    16:39:15.0642 4480 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    16:39:15.0650 4480 defragsvc - ok
    16:39:16.0205 4480 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    16:39:16.0209 4480 DfsC - ok
    16:39:16.0511 4480 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    16:39:16.0519 4480 Dhcp - ok
    16:39:16.0972 4480 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    16:39:16.0974 4480 discache - ok
    16:39:17.0395 4480 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
    16:39:17.0398 4480 Disk - ok
    16:39:17.0664 4480 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    16:39:17.0670 4480 Dnscache - ok
    16:39:18.0085 4480 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    16:39:18.0093 4480 dot3svc - ok
    16:39:18.0554 4480 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    16:39:18.0560 4480 DPS - ok
    16:39:19.0000 4480 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    16:39:19.0002 4480 drmkaud - ok
    16:39:19.0405 4480 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    16:39:19.0425 4480 DXGKrnl - ok
    16:39:19.0711 4480 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    16:39:19.0715 4480 EapHost - ok
    16:39:20.0274 4480 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
    16:39:20.0372 4480 ebdrv - ok
    16:39:20.0653 4480 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    16:39:20.0657 4480 EFS - ok
    16:39:20.0822 4480 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    16:39:20.0837 4480 ehRecvr - ok
    16:39:21.0050 4480 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    16:39:21.0054 4480 ehSched - ok
    16:39:21.0625 4480 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
    16:39:21.0637 4480 elxstor - ok
    16:39:21.0983 4480 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    16:39:21.0985 4480 ErrDev - ok
    16:39:22.0399 4480 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    16:39:22.0410 4480 EventSystem - ok
    16:39:23.0062 4480 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    16:39:23.0067 4480 exfat - ok
    16:39:23.0329 4480 ezSharedSvc - ok
    16:39:23.0810 4480 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    16:39:23.0816 4480 fastfat - ok
    16:39:24.0110 4480 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    16:39:24.0126 4480 Fax - ok
    16:39:24.0525 4480 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
    16:39:24.0527 4480 fdc - ok
    16:39:24.0885 4480 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    16:39:24.0887 4480 fdPHost - ok
    16:39:25.0178 4480 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    16:39:25.0182 4480 FDResPub - ok
    16:39:25.0578 4480 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    16:39:25.0581 4480 FileInfo - ok
    16:39:25.0989 4480 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    16:39:25.0991 4480 Filetrace - ok
    16:39:26.0340 4480 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
    16:39:26.0343 4480 flpydisk - ok
    16:39:26.0867 4480 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    16:39:26.0874 4480 FltMgr - ok
    16:39:27.0171 4480 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    16:39:27.0197 4480 FontCache - ok
    16:39:27.0345 4480 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    16:39:27.0347 4480 FontCache3.0.0.0 - ok
    16:39:27.0698 4480 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    16:39:27.0726 4480 FsDepends - ok
    16:39:28.0210 4480 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    16:39:28.0212 4480 Fs_Rec - ok
    16:39:28.0614 4480 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    16:39:28.0620 4480 fvevol - ok
    16:39:29.0109 4480 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
    16:39:29.0112 4480 gagp30kx - ok
    16:39:29.0276 4480 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    16:39:29.0279 4480 GamesAppService - ok
    16:39:29.0655 4480 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    16:39:29.0658 4480 GEARAspiWDM - ok
    16:39:30.0121 4480 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    16:39:30.0139 4480 gpsvc - ok
    16:39:30.0315 4480 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    16:39:30.0319 4480 gupdate - ok
    16:39:30.0353 4480 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    16:39:30.0356 4480 gupdatem - ok
    16:39:30.0753 4480 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    16:39:30.0756 4480 hcw85cir - ok
    16:39:31.0307 4480 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    16:39:31.0316 4480 HdAudAddService - ok
    16:39:31.0703 4480 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    16:39:31.0707 4480 HDAudBus - ok
    16:39:32.0152 4480 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
    16:39:32.0155 4480 HidBatt - ok
    16:39:32.0496 4480 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
    16:39:32.0501 4480 HidBth - ok
    16:39:33.0268 4480 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
    16:39:33.0271 4480 HidIr - ok
    16:39:33.0588 4480 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    16:39:33.0591 4480 hidserv - ok
    16:39:34.0031 4480 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
    16:39:34.0034 4480 HidUsb - ok
    16:39:34.0454 4480 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    16:39:34.0458 4480 hkmsvc - ok
    16:39:34.0876 4480 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    16:39:34.0884 4480 HomeGroupListener - ok
    16:39:35.0305 4480 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    16:39:35.0312 4480 HomeGroupProvider - ok
    16:39:35.0595 4480 HP Health Check Service (45a12cacb97b4f15858fcfd59355a1e9) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    16:39:35.0599 4480 HP Health Check Service - ok
    16:39:35.0720 4480 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    16:39:35.0727 4480 HPClientSvc - ok
    16:39:35.0976 4480 hpCMSrv (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
    16:39:35.0999 4480 hpCMSrv - ok
    16:39:36.0191 4480 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    16:39:36.0216 4480 HPDrvMntSvc.exe - ok
    16:39:36.0275 4480 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    16:39:36.0292 4480 hpqwmiex - ok
    16:39:36.0775 4480 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    16:39:36.0778 4480 HpSAMD - ok
    16:39:36.0961 4480 HPWMISVC (ead185acdcfd81bf2172cd6f36277d50) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    16:39:36.0963 4480 HPWMISVC - ok
    16:39:37.0420 4480 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    16:39:37.0444 4480 HTTP - ok
    16:39:38.0057 4480 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    16:39:38.0059 4480 hwpolicy - ok
    16:39:38.0528 4480 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    16:39:38.0543 4480 i8042prt - ok
    16:39:39.0024 4480 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    16:39:39.0033 4480 iaStorV - ok
    16:39:39.0293 4480 IconMan_R (2c3cc41fefcb77e2826886e6b7ef93ae) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    16:39:39.0329 4480 IconMan_R - ok
    16:39:39.0531 4480 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    16:39:39.0551 4480 idsvc - ok
    16:39:40.0056 4480 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
    16:39:40.0059 4480 iirsp - ok
    16:39:40.0341 4480 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    16:39:40.0360 4480 IKEEXT - ok
    16:39:40.0858 4480 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
    16:39:40.0862 4480 inspect - ok
    16:39:41.0214 4480 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    16:39:41.0217 4480 intelide - ok
    16:39:41.0637 4480 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
    16:39:41.0640 4480 intelppm - ok
    16:39:41.0929 4480 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    16:39:41.0934 4480 IPBusEnum - ok
    16:39:42.0374 4480 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    16:39:42.0402 4480 IpFilterDriver - ok
    16:39:42.0790 4480 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    16:39:42.0803 4480 iphlpsvc - ok
    16:39:43.0308 4480 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    16:39:43.0311 4480 IPMIDRV - ok
    16:39:43.0788 4480 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    16:39:43.0792 4480 IPNAT - ok
    16:39:43.0920 4480 iPod Service (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe
    16:39:43.0939 4480 iPod Service - ok
    16:39:44.0333 4480 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    16:39:44.0336 4480 IRENUM - ok
    16:39:44.0808 4480 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    16:39:44.0819 4480 isapnp - ok
    16:39:45.0201 4480 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    16:39:45.0209 4480 iScsiPrt - ok
    16:39:45.0611 4480 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    16:39:45.0614 4480 kbdclass - ok
    16:39:46.0069 4480 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    16:39:46.0072 4480 kbdhid - ok
    16:39:46.0343 4480 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    16:39:46.0346 4480 KeyIso - ok
    16:39:46.0730 4480 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    16:39:46.0733 4480 KSecDD - ok
    16:39:47.0134 4480 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    16:39:47.0139 4480 KSecPkg - ok
    16:39:47.0559 4480 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    16:39:47.0562 4480 ksthunk - ok
    16:39:47.0872 4480 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    16:39:47.0883 4480 KtmRm - ok
    16:39:48.0293 4480 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
    16:39:48.0302 4480 LanmanServer - ok
    16:39:48.0620 4480 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    16:39:48.0627 4480 LanmanWorkstation - ok
    16:39:49.0117 4480 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    16:39:49.0134 4480 lltdio - ok
    16:39:49.0428 4480 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    16:39:49.0437 4480 lltdsvc - ok
    16:39:49.0714 4480 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    16:39:49.0717 4480 lmhosts - ok
    16:39:50.0347 4480 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
    16:39:50.0351 4480 LSI_FC - ok
    16:39:50.0754 4480 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
    16:39:50.0758 4480 LSI_SAS - ok
    16:39:51.0284 4480 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
    16:39:51.0287 4480 LSI_SAS2 - ok
    16:39:51.0742 4480 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
    16:39:51.0746 4480 LSI_SCSI - ok
    16:39:52.0141 4480 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    16:39:52.0145 4480 luafv - ok
    16:39:52.0594 4480 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
    16:39:52.0596 4480 MBAMProtector - ok
    16:39:52.0794 4480 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    16:39:52.0808 4480 MBAMService - ok
    16:39:53.0164 4480 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
    16:39:53.0171 4480 McComponentHostService - ok
    16:39:53.0501 4480 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    16:39:53.0507 4480 Mcx2Svc - ok
    16:39:53.0986 4480 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
    16:39:53.0989 4480 megasas - ok
    16:39:54.0378 4480 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
    16:39:54.0386 4480 MegaSR - ok
    16:39:54.0858 4480 Microsoft SharePoint Workspace Audit Service - ok
    16:39:55.0187 4480 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    16:39:55.0192 4480 MMCSS - ok
    16:39:55.0542 4480 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    16:39:55.0545 4480 Modem - ok
    16:39:56.0019 4480 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    16:39:56.0022 4480 monitor - ok
    16:39:56.0414 4480 motccgp (5d1080dbd8ec5f2d6e550e01398e17cf) C:\Windows\system32\DRIVERS\motccgp.sys
    16:39:56.0417 4480 motccgp - ok
    16:39:57.0042 4480 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
    16:39:57.0045 4480 motccgpfl - ok
    16:39:57.0429 4480 motmodem (6cbc0f4005593c96c9aecad39f0690fc) C:\Windows\system32\DRIVERS\motmodem.sys
    16:39:57.0432 4480 motmodem - ok
    16:39:57.0659 4480 MotoHelper (fa073bf55e99f21cfe3afb023cfd81dc) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    16:39:57.0666 4480 MotoHelper - ok
    16:39:58.0592 4480 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
    16:39:58.0596 4480 MotoSwitchService - ok
    16:39:59.0169 4480 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
    16:39:59.0172 4480 Motousbnet - ok
    16:39:59.0747 4480 motusbdevice (307727f9829fb46ff4be0e4d1dac5002) C:\Windows\system32\DRIVERS\motusbdevice.sys
    16:39:59.0750 4480 motusbdevice - ok
    16:40:00.0111 4480 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    16:40:00.0115 4480 mouclass - ok
    16:40:00.0846 4480 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
    16:40:00.0850 4480 mouhid - ok
    16:40:01.0234 4480 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    16:40:01.0237 4480 mountmgr - ok
    16:40:01.0624 4480 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    16:40:01.0641 4480 mpio - ok
    16:40:02.0038 4480 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    16:40:02.0042 4480 mpsdrv - ok
    16:40:02.0360 4480 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    16:40:02.0379 4480 MpsSvc - ok
    16:40:02.0874 4480 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    16:40:02.0878 4480 MRxDAV - ok
    16:40:03.0270 4480 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    16:40:03.0274 4480 mrxsmb - ok
    16:40:03.0624 4480 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    16:40:03.0631 4480 mrxsmb10 - ok
    16:40:04.0078 4480 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    16:40:04.0083 4480 mrxsmb20 - ok
    16:40:04.0430 4480 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    16:40:04.0433 4480 msahci - ok
    16:40:04.0872 4480 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    16:40:04.0890 4480 msdsm - ok
    16:40:05.0244 4480 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    16:40:05.0250 4480 MSDTC - ok
    16:40:05.0653 4480 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    16:40:05.0656 4480 Msfs - ok
    16:40:06.0030 4480 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    16:40:06.0033 4480 mshidkmdf - ok
    16:40:06.0443 4480 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    16:40:06.0445 4480 msisadrv - ok
    16:40:06.0827 4480 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    16:40:06.0834 4480 MSiSCSI - ok
    16:40:07.0164 4480 msiserver - ok
    16:40:07.0683 4480 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    16:40:07.0685 4480 MSKSSRV - ok
    16:40:08.0150 4480 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    16:40:08.0152 4480 MSPCLOCK - ok
    16:40:08.0639 4480 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    16:40:08.0653 4480 MSPQM - ok
    16:40:09.0319 4480 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    16:40:09.0347 4480 MsRPC - ok
    16:40:10.0072 4480 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    16:40:10.0075 4480 mssmbios - ok
    16:40:10.0460 4480 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    16:40:10.0462 4480 MSTEE - ok
    16:40:11.0037 4480 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
    16:40:11.0039 4480 MTConfig - ok
    16:40:11.0473 4480 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    16:40:11.0476 4480 Mup - ok
    16:40:11.0812 4480 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    16:40:11.0831 4480 napagent - ok
    16:40:12.0256 4480 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    16:40:12.0264 4480 NativeWifiP - ok
    16:40:12.0716 4480 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
    16:40:12.0743 4480 NDIS - ok
    16:40:13.0230 4480 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    16:40:13.0233 4480 NdisCap - ok
    16:40:13.0631 4480 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    16:40:13.0633 4480 NdisTapi - ok
    16:40:14.0132 4480 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    16:40:14.0135 4480 Ndisuio - ok
    16:40:14.0525 4480 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    16:40:14.0531 4480 NdisWan - ok
    16:40:14.0970 4480 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    16:40:14.0973 4480 NDProxy - ok
    16:40:15.0415 4480 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    16:40:15.0418 4480 NetBIOS - ok
    16:40:15.0792 4480 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    16:40:15.0799 4480 NetBT - ok
    16:40:16.0178 4480 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    16:40:16.0181 4480 Netlogon - ok
    16:40:16.0488 4480 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    16:40:16.0499 4480 Netman - ok
    16:40:16.0827 4480 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:40:16.0854 4480 NetMsmqActivator - ok
    16:40:16.0883 4480 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:40:16.0886 4480 NetPipeActivator - ok
    16:40:17.0259 4480 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    16:40:17.0272 4480 netprofm - ok
    16:40:17.0616 4480 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:40:17.0619 4480 NetTcpActivator - ok
    16:40:17.0629 4480 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:40:17.0632 4480 NetTcpPortSharing - ok
    16:40:18.0221 4480 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
    16:40:18.0248 4480 nfrd960 - ok
    16:40:18.0598 4480 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    16:40:18.0607 4480 NlaSvc - ok
    16:40:19.0300 4480 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    16:40:19.0311 4480 Npfs - ok
    16:40:19.0595 4480 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    16:40:19.0600 4480 nsi - ok
    16:40:19.0967 4480 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    16:40:19.0970 4480 nsiproxy - ok
    16:40:20.0407 4480 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    16:40:20.0444 4480 Ntfs - ok
    16:40:20.0840 4480 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    16:40:20.0855 4480 Null - ok
    16:40:21.0342 4480 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
    16:40:21.0352 4480 NVENETFD - ok
    16:40:21.0764 4480 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    16:40:21.0768 4480 nvraid - ok
    16:40:22.0168 4480 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    16:40:22.0173 4480 nvstor - ok
    16:40:22.0543 4480 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    16:40:22.0547 4480 nv_agp - ok
    16:40:22.0912 4480 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    16:40:22.0916 4480 ohci1394 - ok
    16:40:23.0093 4480 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    16:40:23.0097 4480 ose - ok
    16:40:23.0386 4480 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    16:40:23.0461 4480 osppsvc - ok
    16:40:23.0811 4480 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    16:40:23.0826 4480 p2pimsvc - ok
    16:40:24.0245 4480 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    16:40:24.0258 4480 p2psvc - ok
    16:40:24.0777 4480 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
    16:40:24.0781 4480 Parport - ok
    16:40:25.0306 4480 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    16:40:25.0310 4480 partmgr - ok
    16:40:25.0592 4480 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    16:40:25.0599 4480 PcaSvc - ok
    16:40:25.0974 4480 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    16:40:25.0980 4480 pci - ok
    16:40:26.0415 4480 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    16:40:26.0418 4480 pciide - ok
    16:40:26.0792 4480 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
    16:40:26.0798 4480 pcmcia - ok
    16:40:27.0196 4480 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    16:40:27.0199 4480 pcw - ok
    16:40:27.0567 4480 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    16:40:27.0581 4480 PEAUTH - ok
    16:40:27.0897 4480 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    16:40:27.0901 4480 PerfHost - ok
    16:40:28.0265 4480 pla (c7cf6a6e137463219e1259e3f0f0dd6c)
     
  23. bradbackalsh

    bradbackalsh TS Rookie Topic Starter Posts: 20

    C:\Windows\system32\pla.dll
    16:40:28.0296 4480 pla - ok
    16:40:28.0621 4480 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    16:40:28.0634 4480 PlugPlay - ok
    16:40:29.0135 4480 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    16:40:29.0140 4480 PNRPAutoReg - ok
    16:40:29.0444 4480 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    16:40:29.0452 4480 PNRPsvc - ok
    16:40:29.0875 4480 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    16:40:29.0886 4480 PolicyAgent - ok
    16:40:30.0154 4480 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    16:40:30.0162 4480 Power - ok
    16:40:30.0594 4480 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    16:40:30.0602 4480 PptpMiniport - ok
    16:40:31.0115 4480 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
    16:40:31.0118 4480 Processor - ok
    16:40:31.0415 4480 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
    16:40:31.0423 4480 ProfSvc - ok
    16:40:31.0712 4480 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    16:40:31.0715 4480 ProtectedStorage - ok
    16:40:32.0226 4480 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    16:40:32.0231 4480 Psched - ok
    16:40:32.0640 4480 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
    16:40:32.0672 4480 ql2300 - ok
    16:40:33.0192 4480 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
    16:40:33.0197 4480 ql40xx - ok
    16:40:33.0480 4480 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    16:40:33.0489 4480 QWAVE - ok
    16:40:33.0908 4480 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    16:40:33.0912 4480 QWAVEdrv - ok
    16:40:34.0308 4480 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    16:40:34.0311 4480 RasAcd - ok
    16:40:34.0771 4480 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    16:40:34.0782 4480 RasAgileVpn - ok
    16:40:35.0077 4480 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    16:40:35.0083 4480 RasAuto - ok
    16:40:35.0479 4480 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    16:40:35.0484 4480 Rasl2tp - ok
    16:40:35.0879 4480 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    16:40:35.0890 4480 RasMan - ok
    16:40:36.0281 4480 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    16:40:36.0285 4480 RasPppoe - ok
    16:40:36.0695 4480 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    16:40:36.0699 4480 RasSstp - ok
    16:40:37.0084 4480 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    16:40:37.0092 4480 rdbss - ok
    16:40:37.0482 4480 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
    16:40:37.0485 4480 rdpbus - ok
    16:40:37.0880 4480 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    16:40:37.0883 4480 RDPCDD - ok
    16:40:38.0281 4480 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    16:40:38.0283 4480 RDPENCDD - ok
    16:40:38.0681 4480 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    16:40:38.0684 4480 RDPREFMP - ok
    16:40:39.0297 4480 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
    16:40:39.0304 4480 RDPWD - ok
    16:40:39.0832 4480 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    16:40:39.0838 4480 rdyboost - ok
    16:40:40.0116 4480 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    16:40:40.0121 4480 RemoteAccess - ok
    16:40:40.0548 4480 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    16:40:40.0556 4480 RemoteRegistry - ok
    16:40:40.0690 4480 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    16:40:40.0699 4480 RoxioNow Service - ok
    16:40:41.0022 4480 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    16:40:41.0027 4480 RpcEptMapper - ok
    16:40:41.0303 4480 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    16:40:41.0307 4480 RpcLocator - ok
    16:40:41.0614 4480 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    16:40:41.0626 4480 RpcSs - ok
    16:40:42.0098 4480 RSPCIESTOR (d5c3e1629a3f7f0857d27949252b94ce) C:\Windows\system32\DRIVERS\RtsPStor.sys
    16:40:42.0119 4480 RSPCIESTOR - ok
    16:40:42.0592 4480 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    16:40:42.0596 4480 rspndr - ok
    16:40:43.0027 4480 RTL8167 (a73ed14670220307874ad6bc2f279349) C:\Windows\system32\DRIVERS\Rt64win7.sys
    16:40:43.0037 4480 RTL8167 - ok
    16:40:43.0524 4480 RTL8192Ce (5fa2f4f658fca7816a5ff6980b95c5f9) C:\Windows\system32\DRIVERS\rtl8192Ce.sys
    16:40:43.0549 4480 RTL8192Ce - ok
    16:40:43.0823 4480 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    16:40:43.0826 4480 SamSs - ok
    16:40:44.0188 4480 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    16:40:44.0192 4480 sbp2port - ok
    16:40:44.0462 4480 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    16:40:44.0471 4480 SCardSvr - ok
    16:40:45.0094 4480 SCDEmu (c81eb41e9ffc35560e5025891dc01a6e) C:\Windows\system32\drivers\SCDEmu.sys
    16:40:45.0098 4480 SCDEmu - ok
    16:40:45.0461 4480 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    16:40:45.0464 4480 scfilter - ok
    16:40:45.0766 4480 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    16:40:45.0794 4480 Schedule - ok
    16:40:46.0075 4480 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    16:40:46.0077 4480 SCPolicySvc - ok
    16:40:46.0582 4480 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
    16:40:46.0587 4480 sdbus - ok
    16:40:46.0890 4480 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    16:40:46.0898 4480 SDRSVC - ok
    16:40:47.0037 4480 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    16:40:47.0043 4480 SeaPort - ok
    16:40:47.0427 4480 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    16:40:47.0430 4480 secdrv - ok
    16:40:47.0720 4480 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    16:40:47.0726 4480 seclogon - ok
    16:40:48.0010 4480 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    16:40:48.0016 4480 SENS - ok
    16:40:48.0424 4480 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    16:40:48.0438 4480 SensrSvc - ok
    16:40:48.0871 4480 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
    16:40:48.0873 4480 Serenum - ok
    16:40:49.0436 4480 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
    16:40:49.0441 4480 Serial - ok
    16:40:49.0781 4480 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
    16:40:49.0783 4480 sermouse - ok
    16:40:50.0153 4480 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    16:40:50.0167 4480 SessionEnv - ok
    16:40:50.0551 4480 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    16:40:50.0553 4480 sffdisk - ok
    16:40:50.0984 4480 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    16:40:50.0987 4480 sffp_mmc - ok
    16:40:51.0442 4480 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    16:40:51.0445 4480 sffp_sd - ok
    16:40:51.0811 4480 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
    16:40:51.0813 4480 sfloppy - ok
    16:40:52.0150 4480 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    16:40:52.0160 4480 SharedAccess - ok
    16:40:52.0467 4480 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    16:40:52.0479 4480 ShellHWDetection - ok
    16:40:52.0877 4480 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
    16:40:52.0880 4480 SiSRaid2 - ok
    16:40:53.0256 4480 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
    16:40:53.0260 4480 SiSRaid4 - ok
    16:40:53.0725 4480 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    16:40:53.0739 4480 Smb - ok
    16:40:54.0124 4480 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    16:40:54.0129 4480 SNMPTRAP - ok
    16:40:54.0503 4480 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    16:40:54.0505 4480 spldr - ok
    16:40:54.0939 4480 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    16:40:54.0955 4480 Spooler - ok
    16:40:55.0716 4480 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    16:40:55.0793 4480 sppsvc - ok
    16:40:56.0096 4480 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    16:40:56.0102 4480 sppuinotify - ok
    16:40:56.0609 4480 SpyEmrg (7812faa01daf3e3ce9e8a2a7c4abcdf0) C:\Windows\system32\Drivers\spyemrg.sys
    16:40:56.0612 4480 SpyEmrg - ok
    16:40:57.0021 4480 SpyEmrgAccess (70b90b8f3733194a72a7fedc8567eb3d) C:\Windows\system32\Drivers\spyemrg_access.sys
    16:40:57.0023 4480 SpyEmrgAccess - ok
    16:40:57.0594 4480 SpyEmrgGuard (3f87ad9594bbae33215014c794c95b42) C:\Windows\system32\Drivers\spyemrg_guard.sys
    16:40:57.0596 4480 SpyEmrgGuard - ok
    16:40:57.0875 4480 SpyEmrgSrv (a12b5104f5f5fd6c1dc6427762d0118d) C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
    16:40:58.0020 4480 SpyEmrgSrv - ok
    16:40:58.0540 4480 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    16:40:58.0551 4480 srv - ok
    16:40:59.0018 4480 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    16:40:59.0027 4480 srv2 - ok
    16:40:59.0571 4480 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    16:40:59.0580 4480 SrvHsfHDA - ok
    16:40:59.0983 4480 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    16:41:00.0023 4480 SrvHsfV92 - ok
    16:41:00.0462 4480 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    16:41:00.0481 4480 SrvHsfWinac - ok
    16:41:00.0927 4480 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    16:41:00.0934 4480 srvnet - ok
    16:41:01.0233 4480 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    16:41:01.0240 4480 SSDPSRV - ok
    16:41:01.0633 4480 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    16:41:01.0640 4480 SstpSvc - ok
    16:41:01.0829 4480 STacSV (293a556e04f815477ae93e07b35065e6) C:\Program Files\IDT\WDM\STacSV64.exe
    16:41:01.0835 4480 STacSV - ok
    16:41:02.0192 4480 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
    16:41:02.0195 4480 stexstor - ok
    16:41:02.0729 4480 STHDA (aa3c0336514c239a171f00a6902b59b8) C:\Windows\system32\DRIVERS\stwrt64.sys
    16:41:02.0741 4480 STHDA - ok
    16:41:03.0062 4480 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    16:41:03.0078 4480 stisvc - ok
    16:41:03.0477 4480 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    16:41:03.0491 4480 swenum - ok
    16:41:03.0841 4480 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    16:41:03.0856 4480 swprv - ok
    16:41:04.0368 4480 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
    16:41:04.0400 4480 SynTP - ok
    16:41:05.0073 4480 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    16:41:05.0113 4480 SysMain - ok
    16:41:05.0400 4480 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    16:41:05.0407 4480 TabletInputService - ok
    16:41:05.0750 4480 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    16:41:05.0768 4480 TapiSrv - ok
    16:41:06.0067 4480 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    16:41:06.0074 4480 TBS - ok
    16:41:06.0543 4480 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    16:41:06.0585 4480 Tcpip - ok
    16:41:07.0064 4480 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    16:41:07.0094 4480 TCPIP6 - ok
    16:41:07.0475 4480 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    16:41:07.0478 4480 tcpipreg - ok
    16:41:07.0924 4480 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    16:41:07.0926 4480 TDPIPE - ok
    16:41:08.0298 4480 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    16:41:08.0301 4480 TDTCP - ok
    16:41:08.0869 4480 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    16:41:08.0874 4480 tdx - ok
    16:41:09.0453 4480 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    16:41:09.0457 4480 TermDD - ok
    16:41:09.0764 4480 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    16:41:09.0783 4480 TermService - ok
    16:41:10.0114 4480 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    16:41:10.0119 4480 Themes - ok
    16:41:10.0412 4480 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    16:41:10.0416 4480 THREADORDER - ok
    16:41:10.0834 4480 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    16:41:10.0841 4480 TrkWks - ok
    16:41:11.0366 4480 TrojanKillerDriver (9bf9e809fbb2d5d0403b32b15abe5f30) C:\Windows\system32\DRIVERS\gtkdrv.sys
    16:41:11.0368 4480 TrojanKillerDriver - ok
    16:41:11.0477 4480 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    16:41:11.0482 4480 TrustedInstaller - ok
    16:41:11.0814 4480 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    16:41:11.0817 4480 tssecsrv - ok
    16:41:12.0203 4480 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    16:41:12.0207 4480 TsUsbFlt - ok
    16:41:12.0577 4480 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
    16:41:12.0580 4480 TsUsbGD - ok
    16:41:13.0076 4480 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    16:41:13.0080 4480 tunnel - ok
    16:41:13.0451 4480 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
    16:41:13.0455 4480 uagp35 - ok
    16:41:13.0942 4480 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    16:41:13.0950 4480 udfs - ok
    16:41:14.0274 4480 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    16:41:14.0281 4480 UI0Detect - ok
    16:41:14.0917 4480 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    16:41:14.0921 4480 uliagpkx - ok
    16:41:15.0340 4480 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    16:41:15.0343 4480 umbus - ok
    16:41:15.0723 4480 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
    16:41:15.0725 4480 UmPass - ok
    16:41:16.0077 4480 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    16:41:16.0089 4480 upnphost - ok
    16:41:16.0471 4480 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    16:41:16.0475 4480 USBAAPL64 - ok
    16:41:16.0920 4480 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    16:41:16.0939 4480 usbaudio - ok
    16:41:17.0342 4480 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    16:41:17.0346 4480 usbccgp - ok
    16:41:17.0755 4480 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    16:41:17.0759 4480 usbcir - ok
    16:41:18.0416 4480 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    16:41:18.0423 4480 usbehci - ok
    16:41:19.0037 4480 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    16:41:19.0047 4480 usbhub - ok
    16:41:19.0547 4480 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
    16:41:19.0550 4480 usbohci - ok
    16:41:19.0949 4480 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    16:41:19.0952 4480 usbprint - ok
    16:41:20.0445 4480 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    16:41:20.0448 4480 usbscan - ok
    16:41:20.0833 4480 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    16:41:20.0837 4480 USBSTOR - ok
    16:41:21.0273 4480 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    16:41:21.0276 4480 usbuhci - ok
    16:41:21.0700 4480 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
    16:41:21.0706 4480 usbvideo - ok
    16:41:21.0972 4480 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    16:41:21.0978 4480 UxSms - ok
    16:41:22.0381 4480 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    16:41:22.0384 4480 VaultSvc - ok
    16:41:22.0821 4480 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    16:41:22.0824 4480 vdrvroot - ok
    16:41:23.0149 4480 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    16:41:23.0162 4480 vds - ok
    16:41:23.0570 4480 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    16:41:23.0573 4480 vga - ok
    16:41:24.0035 4480 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    16:41:24.0038 4480 VgaSave - ok
    16:41:24.0509 4480 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    16:41:24.0519 4480 vhdmp - ok
    16:41:25.0106 4480 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    16:41:25.0109 4480 viaide - ok
    16:41:25.0489 4480 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    16:41:25.0493 4480 volmgr - ok
    16:41:26.0013 4480 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    16:41:26.0022 4480 volmgrx - ok
    16:41:26.0410 4480 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    16:41:26.0417 4480 volsnap - ok
    16:41:26.0857 4480 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
    16:41:26.0862 4480 vsmraid - ok
    16:41:27.0177 4480 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    16:41:27.0214 4480 VSS - ok
    16:41:27.0625 4480 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    16:41:27.0628 4480 vwifibus - ok
    16:41:28.0015 4480 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    16:41:28.0019 4480 vwififlt - ok
    16:41:28.0403 4480 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    16:41:28.0416 4480 W32Time - ok
    16:41:28.0824 4480 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
    16:41:28.0827 4480 WacomPen - ok
    16:41:29.0296 4480 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    16:41:29.0310 4480 WANARP - ok
    16:41:29.0361 4480 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    16:41:29.0364 4480 Wanarpv6 - ok
    16:41:29.0793 4480 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    16:41:29.0818 4480 WatAdminSvc - ok
    16:41:30.0131 4480 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    16:41:30.0165 4480 wbengine - ok
    16:41:30.0542 4480 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    16:41:30.0558 4480 WbioSrvc - ok
    16:41:30.0839 4480 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    16:41:30.0851 4480 wcncsvc - ok
    16:41:31.0127 4480 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    16:41:31.0133 4480 WcsPlugInService - ok
    16:41:31.0558 4480 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
    16:41:31.0561 4480 Wd - ok
    16:41:31.0968 4480 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    16:41:31.0983 4480 Wdf01000 - ok
    16:41:32.0256 4480 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    16:41:32.0262 4480 WdiServiceHost - ok
    16:41:32.0277 4480 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    16:41:32.0283 4480 WdiSystemHost - ok
    16:41:32.0678 4480 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    16:41:32.0688 4480 WebClient - ok
    16:41:32.0991 4480 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    16:41:33.0000 4480 Wecsvc - ok
    16:41:33.0340 4480 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    16:41:33.0347 4480 wercplsupport - ok
    16:41:33.0738 4480 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    16:41:33.0744 4480 WerSvc - ok
    16:41:34.0168 4480 WFMC_VAD (c48ca80fdc6926a9fc2f520379bdb635) C:\Windows\system32\DRIVERS\wfmcvad.sys
    16:41:34.0170 4480 WFMC_VAD - ok
    16:41:34.0594 4480 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    16:41:34.0596 4480 WfpLwf - ok
    16:41:35.0139 4480 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    16:41:35.0142 4480 WIMMount - ok
    16:41:35.0243 4480 WinDefend - ok
    16:41:35.0294 4480 WinHttpAutoProxySvc - ok
    16:41:35.0649 4480 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    16:41:35.0656 4480 Winmgmt - ok
    16:41:36.0099 4480 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    16:41:36.0166 4480 WinRM - ok
    16:41:36.0700 4480 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    16:41:36.0703 4480 WinUsb - ok
    16:41:37.0055 4480 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    16:41:37.0077 4480 Wlansvc - ok
    16:41:37.0193 4480 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    16:41:37.0195 4480 wlcrasvc - ok
    16:41:37.0379 4480 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    16:41:37.0426 4480 wlidsvc - ok
    16:41:37.0821 4480 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    16:41:37.0824 4480 WmiAcpi - ok
    16:41:38.0293 4480 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    16:41:38.0300 4480 wmiApSrv - ok
    16:41:38.0410 4480 WMPNetworkSvc - ok
    16:41:38.0741 4480 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    16:41:38.0748 4480 WPCSvc - ok
    16:41:39.0068 4480 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    16:41:39.0075 4480 WPDBusEnum - ok
    16:41:39.0473 4480 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    16:41:39.0476 4480 ws2ifsl - ok
    16:41:39.0772 4480 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
    16:41:39.0779 4480 wscsvc - ok
    16:41:40.0102 4480 WSearch - ok
    16:41:40.0505 4480 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
    16:41:40.0561 4480 wuauserv - ok
    16:41:40.0943 4480 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    16:41:40.0948 4480 WudfPf - ok
    16:41:41.0479 4480 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    16:41:41.0484 4480 WUDFRd - ok
    16:41:41.0770 4480 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    16:41:41.0777 4480 wudfsvc - ok
    16:41:42.0093 4480 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    16:41:42.0104 4480 WwanSvc - ok
    16:41:42.0200 4480 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    16:41:42.0290 4480 \Device\Harddisk0\DR0 - ok
    16:41:42.0307 4480 Boot (0x1200) (f762b3bd794b7469b0d1e9cd5b57b695) \Device\Harddisk0\DR0\Partition0
    16:41:42.0309 4480 \Device\Harddisk0\DR0\Partition0 - ok
    16:41:42.0332 4480 Boot (0x1200) (c61e32c0b3f7ba1abefaadeb69a1844c) \Device\Harddisk0\DR0\Partition1
    16:41:42.0335 4480 \Device\Harddisk0\DR0\Partition1 - ok
    16:41:42.0368 4480 Boot (0x1200) (27ff6bd7c05aff264d4d7808cb4be055) \Device\Harddisk0\DR0\Partition2
    16:41:42.0370 4480 \Device\Harddisk0\DR0\Partition2 - ok
    16:41:42.0388 4480 Boot (0x1200) (259bd720a40481d0874aa0addb491d0f) \Device\Harddisk0\DR0\Partition3
    16:41:42.0389 4480 \Device\Harddisk0\DR0\Partition3 - ok
    16:41:42.0390 4480 ============================================================
    16:41:42.0390 4480 Scan finished
    16:41:42.0390 4480 ============================================================
    16:41:42.0423 2728 Detected object count: 0
    16:41:42.0423 2728 Actual detected object count: 0
     
  24. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Download the FixTDSS.exe

    Save the file to your Windows desktop.
    Close all running programs.
    If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
    Double-click the FixTDSS.exe file to start the removal tool.
    Click Start to begin the process, and then allow the tool to run.
    OK any security prompts.
    Restart the computer when prompted by the tool.
    After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
    If you are running Windows XP, re-enable System Restore.
     
  25. bradbackalsh

    bradbackalsh TS Rookie Topic Starter Posts: 20

    No infections were found.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.