Inactive C:\Windows\svchost.exe.Trojan.Agent causing blue screen andrandom crashes/restarts.

superfox3740

Posts: 33   +0
For awhile now, my laptop (running Windows 7) will randomly blue screen or restart itself, and also fails to start occasionally.
I eventually resorted to reformatting my hard drive, but the Trojan is still found by Malwarebytes Anti-Malware and my computer is still having these issues.
When I run a scan with MBAM it still finds the same Trojan, says it has fixed it, but upon a restart or another scan, it's still there. I've run out of ideas and am now seeking help.
Any assitance would be greatly appreciated!
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Thank you for the reply, sorry for the lack of logs, I seem to have posted this in the wrong forum orriginally, so checked the wrong pre-post thread. Here they are:

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org
Database version: v2012.10.25.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Eric :: ERIC-PC [administrator]
Protection: Enabled
10/26/2012 2:50:04 AM
mbam-log-2012-10-26 (02-50-04).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193606
Time elapsed: 55 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
(end)

GMER Found no modifications.

DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by Eric at 3:56:23 on 2012-10-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2130 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
uRun: [WirelessManager] C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{2C43DCF6-A860-43EC-AAF9-27E7DD42A86D} : DHCPNameServer = 75.75.75.75 75.75.76.76
SSODL: WebCheck - <orphaned>
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\3u5f01qr.default\
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R1 MpKsl588d509c;MpKsl588d509c;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EAAF1FB5-E4E5-4418-8FA6-9A4A89CEDD18}\MpKsl588d509c.sys [2012-10-25 35664]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-10-25 202752]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-25 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-25 676936]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
R2 WMCoreService;Mobile Broadband Service;C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode --> C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-25 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-25 250808]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-26 115168]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
.
=============== Created Last 30 ================
.
2012-10-26 09:50:53 -------- d-----w- C:\Users\Eric\AppData\Local\Mozilla
2012-10-26 09:50:00 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-10-26 01:59:41 -------- d-----w- C:\Program Files\Ventrilo
2012-10-26 01:58:51 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-10-26 00:22:20 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-26 00:22:20 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-25 23:48:35 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2012-10-25 23:48:35 -------- d-----w- C:\Program Files (x86)\World of Warcraft
2012-10-25 23:48:35 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-10-25 23:48:00 -------- d-----w- C:\ProgramData\Battle.net
2012-10-25 23:23:21 20480 ----a-w- C:\Windows\svchost.exe
2012-10-25 23:22:36 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EAAF1FB5-E4E5-4418-8FA6-9A4A89CEDD18}\offreg.dll
2012-10-25 23:22:30 35664 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EAAF1FB5-E4E5-4418-8FA6-9A4A89CEDD18}\MpKsl588d509c.sys
2012-10-25 23:18:48 -------- d-----w- C:\Users\Eric\AppData\Roaming\Malwarebytes
2012-10-25 23:18:28 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-25 23:18:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-10-25 23:18:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-25 23:11:29 -------- d-----w- C:\Users\Eric\AppData\Roaming\WMCore
2012-10-25 23:11:17 -------- d-----w- C:\Users\Eric\AppData\Roaming\WirelessManager
2012-10-25 23:06:54 -------- d-----w- C:\Users\Eric\AppData\Local\ATI
2012-10-25 23:05:38 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2012-10-25 23:04:55 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2012-10-25 23:04:26 -------- d-----w- C:\Program Files\ATI Technologies
2012-10-25 23:04:21 -------- d-----w- C:\Program Files\ATI
2012-10-25 23:02:59 6171136 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-10-25 23:02:58 53248 ----a-w- C:\Windows\System32\atimpc64.dll
2012-10-25 23:02:58 53248 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-10-25 23:02:58 4675584 ----a-w- C:\Windows\System32\atiumd64.dll
2012-10-25 23:02:58 446976 ----a-w- C:\Windows\System32\atieclxx.exe
2012-10-25 23:02:58 446464 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-10-25 23:02:58 43008 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-10-25 23:02:58 13422080 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-10-25 23:02:58 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-10-25 23:01:34 -------- d-----w- C:\Program Files\Synaptics
2012-10-25 23:01:13 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2012-10-25 23:01:12 285744 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2012-10-25 23:01:12 204584 ----a-w- C:\Windows\System32\SynTPAPI.dll
2012-10-25 23:01:12 147752 ----a-w- C:\Windows\System32\SynTPCo4.dll
2012-10-25 23:01:12 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
2012-10-25 23:01:11 395048 ----a-w- C:\Windows\System32\SynCOM.dll
2012-10-25 23:01:11 261928 ----a-w- C:\Windows\System32\SynCtrl.dll
2012-10-25 23:01:11 206120 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
2012-10-25 23:01:11 169256 ----a-w- C:\Windows\SysWow64\SynCOM.dll
2012-10-25 22:56:40 972192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BE75DF4B-D74D-4263-BCEE-92D2035BE2B7}\gapaengine.dll
2012-10-25 22:56:36 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EAAF1FB5-E4E5-4418-8FA6-9A4A89CEDD18}\mpengine.dll
2012-10-25 22:54:42 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-10-25 22:54:35 -------- d-sh--w- C:\Windows\Installer
2012-10-25 22:54:35 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-10-25 22:54:26 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-10-25 22:54:26 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-10-25 22:54:26 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-10-25 22:54:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-10-25 22:51:21 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-10-25 22:51:07 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-10-25 22:50:57 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-10-25 22:50:57 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-10-25 22:49:04 -------- d-----w- C:\Program Files (x86)\Dell
2012-10-25 22:34:44 -------- d-----w- C:\Users\Eric\AppData\Local\Diagnostics
2012-10-25 22:25:10 -------- d-----w- C:\Users\Eric\AppData\Local\VirtualStore
2012-10-25 21:52:30 0 ----a-w- C:\Windows\ativpsrm.bin
2012-10-25 19:48:50 -------- d-----w- C:\Windows\Panther
2012-10-25 19:31:15 -------- d-----w- C:\Windows.old
2012-10-15 17:44:07 -------- d-s---w- C:\ComboFix
2012-10-05 07:03:56 -------- d-----w- C:\cdd8b12598fa55eea8e90b4b73c0
2012-10-05 07:03:36 -------- d-----w- C:\b9d856b6daa916948513
2012-10-05 07:03:23 -------- d-----w- C:\b16fdd46f39c184260aa
2012-10-05 07:03:16 -------- d-----w- C:\dc3923389ab5c9821937d7d73d
2012-10-05 07:03:08 -------- d-----w- C:\10054997f9b1ee5329
2012-10-05 07:02:57 -------- d-----w- C:\bd61725626cab5f185e1944d957a
2012-10-05 01:54:05 -------- d-----w- C:\eaa2b5fe843b0c1de81288
2012-10-05 00:57:07 -------- d-----w- C:\7e57bb66a1eb7a7f8ac348e4300898
.
==================== Find3M ====================
.
2012-08-31 05:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 05:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
.
============= FINISH: 3:57:28.42 ===============

.
 
And would you also like the attatch log dds created? The instruction in your link as for it to only be attached, but you asked for everything to be pasted and not attatched, so I'm unsure of what to do with it.
 
Yes, please paste Attach.txt log.

Next....

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Here is the atttach log.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/25/2012 3:24:48 PM
System Uptime: 10/25/2012 4:21:57 PM (11 hours ago)
.
Motherboard: Dell Inc. | | 0NJWJR
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz | U2E1 | 2266/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 101.849 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\SMO8800\1
Manufacturer:
Name:
PNP Device ID: ACPI\SMO8800\1
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_E852&SUBSYS_04131028&REV_01\4&339CFF4&0&02E4
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_E852&SUBSYS_04131028&REV_01\4&339CFF4&0&02E4
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_E230&SUBSYS_04131028&REV_01\4&339CFF4&0&01E4
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_E230&SUBSYS_04131028&REV_01\4&339CFF4&0&01E4
Service:
.
==== System Restore Points ===================
.
RP3: 10/25/2012 3:48:52 PM - Installed Dell Wireless HSPA Mini-Card Drivers
RP4: 10/25/2012 3:50:45 PM - Windows Update
RP5: 10/25/2012 3:52:14 PM - Installed Dell Wireless HSPA Mini-Card Drivers
RP6: 10/25/2012 3:54:28 PM - Windows Update
RP7: 10/25/2012 3:57:56 PM - Installed RICOH R5U8xx Media Driver ver.3.62.02
RP8: 10/25/2012 3:59:09 PM - Installed Dell Mobile Broadband Manager.
RP9: 10/25/2012 6:59:10 PM - Installed Ventrilo Client for Windows x64
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
ATI AVIVO64 Codecs
ATI Catalyst Install Manager
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
Dell Mobile Broadband Manager
Dell Touchpad
Dell Wireless HSPA Mini-Card Drivers
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
RICOH R5U8xx Media Driver ver.3.62.02
Ventrilo Client for Windows x64
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
10/25/2012 3:56:10 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
10/25/2012 3:56:10 PM, Error: atikmdag [43029] - Display is not active
10/25/2012 2:50:27 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002e6b117, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102512-50419-01.
.
==== End Of File ===========================
 
12:56:08.0504 4740 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
12:56:08.0738 4740 ============================================================
12:56:08.0738 4740 Current date / time: 2012/10/26 12:56:08.0738
12:56:08.0738 4740 SystemInfo:
12:56:08.0738 4740
12:56:08.0738 4740 OS Version: 6.1.7601 ServicePack: 1.0
12:56:08.0738 4740 Product type: Workstation
12:56:08.0738 4740 ComputerName: ERIC-PC
12:56:08.0738 4740 UserName: Eric
12:56:08.0738 4740 Windows directory: C:\Windows
12:56:08.0738 4740 System windows directory: C:\Windows
12:56:08.0738 4740 Running under WOW64
12:56:08.0738 4740 Processor architecture: Intel x64
12:56:08.0738 4740 Number of processors: 4
12:56:08.0738 4740 Page size: 0x1000
12:56:08.0738 4740 Boot type: Normal boot
12:56:08.0738 4740 ============================================================
12:56:11.0109 4740 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:56:11.0125 4740 ============================================================
12:56:11.0125 4740 \Device\Harddisk0\DR0:
12:56:11.0125 4740 MBR partitions:
12:56:11.0125 4740 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
12:56:11.0125 4740 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x38625E6B
12:56:11.0125 4740 ============================================================
12:56:11.0156 4740 C: <-> \Device\Harddisk0\DR0\Partition2
12:56:11.0156 4740 ============================================================
12:56:11.0156 4740 Initialize success
12:56:11.0156 4740 ============================================================
12:56:14.0042 3256 ============================================================
12:56:14.0042 3256 Scan started
12:56:14.0042 3256 Mode: Manual;
12:56:14.0042 3256 ============================================================
12:56:14.0994 3256 ================ Scan system memory ========================
12:56:14.0994 3256 System memory - ok
12:56:14.0994 3256 ================ Scan services =============================
12:56:15.0150 3256 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
12:56:15.0165 3256 1394ohci - ok
12:56:15.0181 3256 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:56:15.0197 3256 ACPI - ok
12:56:15.0197 3256 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:56:15.0197 3256 AcpiPmi - ok
12:56:15.0353 3256 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:56:15.0353 3256 AdobeFlashPlayerUpdateSvc - ok
12:56:15.0384 3256 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:56:15.0384 3256 adp94xx - ok
12:56:15.0399 3256 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:56:15.0415 3256 adpahci - ok
12:56:15.0431 3256 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:56:15.0431 3256 adpu320 - ok
12:56:15.0477 3256 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:56:15.0477 3256 AeLookupSvc - ok
12:56:15.0509 3256 [ D31DC7A16DEA4A9BAF179F3D6FBDB38C ] AFD C:\Windows\system32\drivers\afd.sys
12:56:15.0524 3256 AFD - ok
12:56:15.0540 3256 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:56:15.0540 3256 agp440 - ok
12:56:15.0571 3256 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:56:15.0571 3256 ALG - ok
12:56:15.0587 3256 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:56:15.0587 3256 aliide - ok
12:56:15.0618 3256 [ 5989D711769200F0F3E145319250472B ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:56:15.0618 3256 AMD External Events Utility - ok
12:56:15.0649 3256 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:56:15.0649 3256 amdide - ok
12:56:15.0665 3256 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:56:15.0665 3256 AmdK8 - ok
12:56:15.0680 3256 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
12:56:15.0680 3256 AmdPPM - ok
12:56:15.0696 3256 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:56:15.0696 3256 amdsata - ok
12:56:15.0711 3256 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
12:56:15.0727 3256 amdsbs - ok
12:56:15.0743 3256 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:56:15.0743 3256 amdxata - ok
12:56:15.0758 3256 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:56:15.0758 3256 AppID - ok
12:56:15.0774 3256 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:56:15.0774 3256 AppIDSvc - ok
12:56:15.0789 3256 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
12:56:15.0789 3256 Appinfo - ok
12:56:15.0805 3256 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
12:56:15.0821 3256 arc - ok
12:56:15.0836 3256 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:56:15.0836 3256 arcsas - ok
12:56:15.0867 3256 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:56:15.0867 3256 AsyncMac - ok
12:56:15.0883 3256 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:56:15.0883 3256 atapi - ok
12:56:15.0945 3256 [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
12:56:15.0945 3256 AtiHdmiService - ok
12:56:16.0101 3256 [ B5FB227A09A9EC28163FA4B45487C3C7 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:56:16.0242 3256 atikmdag - ok
12:56:16.0273 3256 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:56:16.0289 3256 AudioEndpointBuilder - ok
12:56:16.0320 3256 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:56:16.0320 3256 AudioSrv - ok
12:56:16.0382 3256 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:56:16.0382 3256 AxInstSV - ok
12:56:16.0445 3256 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
12:56:16.0445 3256 b06bdrv - ok
12:56:16.0523 3256 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:56:16.0523 3256 b57nd60a - ok
12:56:16.0663 3256 [ 43AD3D3E7674833FCA9A7C4E7180AD54 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
12:56:16.0757 3256 BCM43XX - ok
12:56:16.0772 3256 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:56:16.0788 3256 BDESVC - ok
12:56:16.0803 3256 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:56:16.0803 3256 Beep - ok
12:56:16.0850 3256 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:56:16.0866 3256 BFE - ok
12:56:16.0913 3256 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
12:56:16.0928 3256 BITS - ok
12:56:16.0959 3256 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:56:16.0959 3256 blbdrive - ok
12:56:16.0975 3256 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:56:16.0975 3256 bowser - ok
12:56:16.0991 3256 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
12:56:16.0991 3256 BrFiltLo - ok
12:56:17.0006 3256 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
12:56:17.0006 3256 BrFiltUp - ok
12:56:17.0037 3256 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
12:56:17.0037 3256 Browser - ok
12:56:17.0053 3256 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:56:17.0053 3256 Brserid - ok
12:56:17.0069 3256 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:56:17.0069 3256 BrSerWdm - ok
12:56:17.0084 3256 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:56:17.0100 3256 BrUsbMdm - ok
12:56:17.0115 3256 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:56:17.0115 3256 BrUsbSer - ok
12:56:17.0147 3256 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:56:17.0147 3256 BTHMODEM - ok
12:56:17.0162 3256 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:56:17.0178 3256 bthserv - ok
12:56:17.0193 3256 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:56:17.0193 3256 cdfs - ok
12:56:17.0240 3256 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:56:17.0240 3256 cdrom - ok
12:56:17.0256 3256 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:56:17.0271 3256 CertPropSvc - ok
12:56:17.0271 3256 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
12:56:17.0271 3256 circlass - ok
12:56:17.0318 3256 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:56:17.0318 3256 CLFS - ok
12:56:17.0427 3256 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:56:17.0443 3256 clr_optimization_v2.0.50727_32 - ok
12:56:17.0537 3256 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:56:17.0537 3256 clr_optimization_v2.0.50727_64 - ok
12:56:17.0568 3256 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:56:17.0568 3256 CmBatt - ok
12:56:17.0568 3256 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:56:17.0583 3256 cmdide - ok
12:56:17.0615 3256 [ D5FEA92400F12412B3922087C09DA6A5 ] CNG C:\Windows\system32\Drivers\cng.sys
12:56:17.0615 3256 CNG - ok
12:56:17.0630 3256 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:56:17.0646 3256 Compbatt - ok
12:56:17.0661 3256 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
12:56:17.0661 3256 CompositeBus - ok
12:56:17.0677 3256 COMSysApp - ok
12:56:17.0693 3256 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:56:17.0693 3256 crcdisk - ok
12:56:17.0739 3256 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:56:17.0755 3256 CryptSvc - ok
12:56:17.0849 3256 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:56:17.0864 3256 DcomLaunch - ok
12:56:18.0005 3256 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:56:18.0005 3256 defragsvc - ok
12:56:18.0036 3256 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:56:18.0036 3256 DfsC - ok
12:56:18.0051 3256 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:56:18.0067 3256 Dhcp - ok
12:56:18.0083 3256 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:56:18.0083 3256 discache - ok
12:56:18.0098 3256 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
12:56:18.0114 3256 Disk - ok
12:56:18.0114 3256 [ CD55F5355D8F55D44C9F4ED875705BD6 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:56:18.0129 3256 Dnscache - ok
12:56:18.0145 3256 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:56:18.0145 3256 dot3svc - ok
12:56:18.0161 3256 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:56:18.0161 3256 DPS - ok
12:56:18.0207 3256 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:56:18.0207 3256 drmkaud - ok
12:56:18.0239 3256 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:56:18.0270 3256 DXGKrnl - ok
12:56:18.0285 3256 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:56:18.0285 3256 EapHost - ok
12:56:18.0348 3256 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
12:56:18.0410 3256 ebdrv - ok
12:56:18.0426 3256 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
12:56:18.0441 3256 EFS - ok
12:56:18.0551 3256 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:56:18.0566 3256 ehRecvr - ok
12:56:18.0582 3256 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:56:18.0582 3256 ehSched - ok
12:56:18.0613 3256 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:56:18.0629 3256 elxstor - ok
12:56:18.0644 3256 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:56:18.0644 3256 ErrDev - ok
12:56:18.0675 3256 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:56:18.0675 3256 EventSystem - ok
12:56:18.0722 3256 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:56:18.0722 3256 exfat - ok
12:56:18.0738 3256 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:56:18.0738 3256 fastfat - ok
12:56:18.0769 3256 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:56:18.0785 3256 Fax - ok
12:56:18.0800 3256 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
12:56:18.0800 3256 fdc - ok
12:56:18.0816 3256 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:56:18.0816 3256 fdPHost - ok
12:56:18.0831 3256 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:56:18.0831 3256 FDResPub - ok
12:56:18.0863 3256 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:56:18.0863 3256 FileInfo - ok
12:56:18.0863 3256 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:56:18.0863 3256 Filetrace - ok
12:56:18.0909 3256 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
12:56:18.0909 3256 flpydisk - ok
12:56:18.0941 3256 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:56:18.0941 3256 FltMgr - ok
12:56:18.0987 3256 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
12:56:19.0019 3256 FontCache - ok
12:56:19.0081 3256 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:56:19.0081 3256 FontCache3.0.0.0 - ok
12:56:19.0097 3256 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:56:19.0097 3256 FsDepends - ok
12:56:19.0112 3256 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:56:19.0112 3256 Fs_Rec - ok
12:56:19.0143 3256 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:56:19.0143 3256 fvevol - ok
12:56:19.0159 3256 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:56:19.0159 3256 gagp30kx - ok
12:56:19.0190 3256 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:56:19.0221 3256 gpsvc - ok
12:56:19.0221 3256 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:56:19.0237 3256 hcw85cir - ok
12:56:19.0284 3256 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:56:19.0299 3256 HdAudAddService - ok
12:56:19.0331 3256 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:56:19.0331 3256 HDAudBus - ok
12:56:19.0362 3256 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
12:56:19.0362 3256 HECIx64 - ok
12:56:19.0377 3256 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
12:56:19.0377 3256 HidBatt - ok
12:56:19.0393 3256 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:56:19.0393 3256 HidBth - ok
12:56:19.0424 3256 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
12:56:19.0424 3256 HidIr - ok
12:56:19.0455 3256 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
12:56:19.0455 3256 hidserv - ok
12:56:19.0487 3256 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:56:19.0487 3256 HidUsb - ok
12:56:19.0502 3256 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:56:19.0518 3256 hkmsvc - ok
12:56:19.0533 3256 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:56:19.0533 3256 HomeGroupListener - ok
12:56:19.0580 3256 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:56:19.0580 3256 HomeGroupProvider - ok
12:56:19.0596 3256 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:56:19.0596 3256 HpSAMD - ok
12:56:19.0627 3256 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:56:19.0643 3256 HTTP - ok
12:56:19.0658 3256 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:56:19.0658 3256 hwpolicy - ok
12:56:19.0689 3256 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:56:19.0689 3256 i8042prt - ok
12:56:19.0705 3256 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:56:19.0705 3256 iaStorV - ok
12:56:19.0783 3256 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:56:19.0814 3256 idsvc - ok
12:56:19.0830 3256 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:56:19.0830 3256 iirsp - ok
12:56:19.0861 3256 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:56:19.0892 3256 IKEEXT - ok
12:56:19.0908 3256 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:56:19.0908 3256 intelide - ok
12:56:19.0939 3256 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:56:19.0939 3256 intelppm - ok
12:56:19.0955 3256 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:56:19.0955 3256 IPBusEnum - ok
12:56:19.0986 3256 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:56:19.0986 3256 IpFilterDriver - ok
12:56:20.0001 3256 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:56:20.0017 3256 iphlpsvc - ok
12:56:20.0033 3256 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:56:20.0033 3256 IPMIDRV - ok
12:56:20.0064 3256 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:56:20.0064 3256 IPNAT - ok
12:56:20.0095 3256 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:56:20.0095 3256 IRENUM - ok
12:56:20.0111 3256 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:56:20.0111 3256 isapnp - ok
12:56:20.0126 3256 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:56:20.0142 3256 iScsiPrt - ok
12:56:20.0157 3256 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:56:20.0157 3256 kbdclass - ok
12:56:20.0157 3256 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:56:20.0157 3256 kbdhid - ok
12:56:20.0189 3256 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
12:56:20.0189 3256 KeyIso - ok
12:56:20.0189 3256 [ CCD53B5BD33CE0C889E830D839C8B66E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:56:20.0204 3256 KSecDD - ok
12:56:20.0220 3256 [ 9FF918A261752C12639E8AD4208D2C2F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:56:20.0220 3256 KSecPkg - ok
12:56:20.0235 3256 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:56:20.0235 3256 ksthunk - ok
12:56:20.0251 3256 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:56:20.0267 3256 KtmRm - ok
12:56:20.0298 3256 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:56:20.0298 3256 LanmanServer - ok
12:56:20.0345 3256 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:56:20.0345 3256 LanmanWorkstation - ok
12:56:20.0360 3256 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:56:20.0360 3256 lltdio - ok
12:56:20.0391 3256 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:56:20.0391 3256 lltdsvc - ok
12:56:20.0407 3256 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:56:20.0407 3256 lmhosts - ok
12:56:20.0438 3256 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:56:20.0454 3256 LSI_FC - ok
12:56:20.0485 3256 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:56:20.0485 3256 LSI_SAS - ok
12:56:20.0516 3256 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
12:56:20.0516 3256 LSI_SAS2 - ok
12:56:20.0532 3256 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:56:20.0532 3256 LSI_SCSI - ok
12:56:20.0547 3256 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:56:20.0547 3256 luafv - ok
12:56:20.0594 3256 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:56:20.0594 3256 MBAMProtector - ok
12:56:20.0672 3256 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:56:20.0688 3256 MBAMScheduler - ok
12:56:20.0703 3256 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:56:20.0719 3256 MBAMService - ok
12:56:20.0750 3256 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:56:20.0766 3256 Mcx2Svc - ok
12:56:20.0781 3256 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
12:56:20.0781 3256 megasas - ok
12:56:20.0813 3256 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
12:56:20.0813 3256 MegaSR - ok
12:56:20.0859 3256 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:56:20.0859 3256 MMCSS - ok
12:56:20.0859 3256 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:56:20.0875 3256 Modem - ok
12:56:20.0891 3256 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:56:20.0891 3256 monitor - ok
12:56:20.0891 3256 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:56:20.0891 3256 mouclass - ok
12:56:20.0906 3256 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:56:20.0906 3256 mouhid - ok
12:56:20.0922 3256 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:56:20.0922 3256 mountmgr - ok
12:56:20.0984 3256 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:56:20.0984 3256 MozillaMaintenance - ok
12:56:21.0078 3256 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
12:56:21.0093 3256 MpFilter - ok
12:56:21.0109 3256 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:56:21.0109 3256 mpio - ok
12:56:21.0296 3256 [ 0EBB390B7AEEC45EC061D9870A34FD42 ] MpKsl588d509c c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EAAF1FB5-E4E5-4418-8FA6-9A4A89CEDD18}\MpKsl588d509c.sys
12:56:21.0296 3256 MpKsl588d509c - ok
12:56:21.0312 3256 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:56:21.0312 3256 mpsdrv - ok
12:56:21.0374 3256 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:56:21.0405 3256 MpsSvc - ok
12:56:21.0421 3256 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:56:21.0421 3256 MRxDAV - ok
12:56:21.0452 3256 [ FAF015B07E3A2874A790A39B7D2C579F ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:56:21.0452 3256 mrxsmb - ok
12:56:21.0483 3256 [ 08E2345DF129082BCDFFDC1440F9C00D ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:56:21.0483 3256 mrxsmb10 - ok
12:56:21.0515 3256 [ 108D87409C5812EF47D81E22843E8C9D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:56:21.0530 3256 mrxsmb20 - ok
12:56:21.0546 3256 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:56:21.0546 3256 msahci - ok
12:56:21.0546 3256 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:56:21.0561 3256 msdsm - ok
12:56:21.0577 3256 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:56:21.0577 3256 MSDTC - ok
12:56:21.0593 3256 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:56:21.0593 3256 Msfs - ok
12:56:21.0608 3256 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:56:21.0624 3256 mshidkmdf - ok
12:56:21.0639 3256 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:56:21.0639 3256 msisadrv - ok
12:56:21.0671 3256 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:56:21.0686 3256 MSiSCSI - ok
12:56:21.0686 3256 msiserver - ok
12:56:21.0717 3256 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:56:21.0717 3256 MSKSSRV - ok
12:56:21.0842 3256 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:56:21.0842 3256 MsMpSvc - ok
12:56:21.0858 3256 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:56:21.0858 3256 MSPCLOCK - ok
12:56:21.0873 3256 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:56:21.0873 3256 MSPQM - ok
12:56:21.0889 3256 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:56:21.0905 3256 MsRPC - ok
12:56:21.0905 3256 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:56:21.0905 3256 mssmbios - ok
12:56:21.0951 3256 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:56:21.0951 3256 MSTEE - ok
12:56:21.0951 3256 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
12:56:21.0967 3256 MTConfig - ok
12:56:21.0983 3256 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:56:21.0983 3256 Mup - ok
12:56:22.0029 3256 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:56:22.0029 3256 napagent - ok
12:56:22.0061 3256 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:56:22.0076 3256 NativeWifiP - ok
12:56:22.0107 3256 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
12:56:22.0139 3256 NDIS - ok
12:56:22.0170 3256 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:56:22.0170 3256 NdisCap - ok
12:56:22.0185 3256 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:56:22.0185 3256 NdisTapi - ok
12:56:22.0217 3256 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:56:22.0217 3256 Ndisuio - ok
12:56:22.0232 3256 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:56:22.0232 3256 NdisWan - ok
12:56:22.0248 3256 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:56:22.0248 3256 NDProxy - ok
12:56:22.0248 3256 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:56:22.0248 3256 NetBIOS - ok
12:56:22.0263 3256 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:56:22.0279 3256 NetBT - ok
12:56:22.0295 3256 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
12:56:22.0295 3256 Netlogon - ok
12:56:22.0341 3256 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:56:22.0357 3256 Netman - ok
12:56:22.0373 3256 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:56:22.0373 3256 netprofm - ok
12:56:22.0404 3256 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:56:22.0419 3256 NetTcpPortSharing - ok
12:56:22.0419 3256 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:56:22.0419 3256 nfrd960 - ok
12:56:22.0497 3256 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:56:22.0497 3256 NisDrv - ok
12:56:22.0560 3256 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
12:56:22.0560 3256 NisSrv - ok
12:56:22.0591 3256 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:56:22.0591 3256 NlaSvc - ok
12:56:22.0607 3256 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:56:22.0607 3256 Npfs - ok
12:56:22.0638 3256 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:56:22.0638 3256 nsi - ok
12:56:22.0653 3256 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:56:22.0653 3256 nsiproxy - ok
12:56:22.0731 3256 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:56:22.0778 3256 Ntfs - ok
12:56:22.0778 3256 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:56:22.0794 3256 Null - ok
12:56:22.0794 3256 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:56:22.0809 3256 nvraid - ok
12:56:22.0825 3256 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:56:22.0825 3256 nvstor - ok
12:56:22.0841 3256 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:56:22.0841 3256 nv_agp - ok
12:56:22.0872 3256 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:56:22.0872 3256 ohci1394 - ok
12:56:22.0887 3256 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:56:22.0887 3256 p2pimsvc - ok
12:56:22.0903 3256 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:56:22.0919 3256 p2psvc - ok
12:56:22.0934 3256 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
12:56:22.0934 3256 Parport - ok
12:56:22.0950 3256 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:56:22.0950 3256 partmgr - ok
12:56:22.0981 3256 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:56:22.0981 3256 PcaSvc - ok
12:56:23.0028 3256 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:56:23.0043 3256 pci - ok
12:56:23.0059 3256 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:56:23.0059 3256 pciide - ok
12:56:23.0075 3256 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:56:23.0075 3256 pcmcia - ok
12:56:23.0090 3256 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:56:23.0090 3256 pcw - ok
12:56:23.0121 3256 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:56:23.0121 3256 PEAUTH - ok
12:56:23.0231 3256 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:56:23.0246 3256 PerfHost - ok
12:56:23.0293 3256 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:56:23.0355 3256 pla - ok
12:56:23.0418 3256 [ B806E50427511BCF4AD8E8239C3E25FA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:56:23.0433 3256 PlugPlay - ok
12:56:23.0449 3256 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:56:23.0449 3256 PNRPAutoReg - ok
12:56:23.0465 3256 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:56:23.0465 3256 PNRPsvc - ok
12:56:23.0511 3256 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:56:23.0527 3256 PolicyAgent - ok
12:56:23.0589 3256 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:56:23.0589 3256 Power - ok
12:56:23.0636 3256 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:56:23.0636 3256 PptpMiniport - ok
12:56:23.0652 3256 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
12:56:23.0667 3256 Processor - ok
12:56:23.0683 3256 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
12:56:23.0683 3256 ProfSvc - ok
12:56:23.0699 3256 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
12:56:23.0699 3256 ProtectedStorage - ok
12:56:23.0745 3256 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:56:23.0745 3256 Psched - ok
12:56:23.0792 3256 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:56:23.0855 3256 ql2300 - ok
12:56:23.0855 3256 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:56:23.0870 3256 ql40xx - ok
12:56:23.0886 3256 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:56:23.0886 3256 QWAVE - ok
12:56:23.0901 3256 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:56:23.0901 3256 QWAVEdrv - ok
12:56:23.0917 3256 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:56:23.0917 3256 RasAcd - ok
12:56:23.0964 3256 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:56:23.0979 3256 RasAgileVpn - ok
12:56:23.0995 3256 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:56:23.0995 3256 RasAuto - ok
12:56:24.0026 3256 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:56:24.0026 3256 Rasl2tp - ok
12:56:24.0073 3256 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:56:24.0073 3256 RasMan - ok
12:56:24.0089 3256 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:56:24.0089 3256 RasPppoe - ok
12:56:24.0120 3256 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:56:24.0120 3256 RasSstp - ok
12:56:24.0151 3256 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:56:24.0151 3256 rdbss - ok
12:56:24.0167 3256 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
12:56:24.0167 3256 rdpbus - ok
12:56:24.0182 3256 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:56:24.0182 3256 RDPCDD - ok
12:56:24.0213 3256 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:56:24.0213 3256 RDPENCDD - ok
12:56:24.0229 3256 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
 
12:56:24.0229 3256 RDPREFMP - ok
12:56:24.0276 3256 [ 6D76E6433574B058ADCB0C50DF834492 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:56:24.0276 3256 RDPWD - ok
12:56:24.0291 3256 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:56:24.0307 3256 rdyboost - ok
12:56:24.0354 3256 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:56:24.0369 3256 RemoteAccess - ok
12:56:24.0385 3256 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:56:24.0385 3256 RemoteRegistry - ok
12:56:24.0416 3256 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:56:24.0416 3256 RpcEptMapper - ok
12:56:24.0432 3256 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:56:24.0432 3256 RpcLocator - ok
12:56:24.0463 3256 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
12:56:24.0463 3256 RpcSs - ok
12:56:24.0479 3256 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:56:24.0494 3256 rspndr - ok
12:56:24.0510 3256 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
12:56:24.0525 3256 RTL8167 - ok
12:56:24.0541 3256 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
12:56:24.0541 3256 SamSs - ok
12:56:24.0557 3256 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:56:24.0557 3256 sbp2port - ok
12:56:24.0572 3256 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:56:24.0572 3256 SCardSvr - ok
12:56:24.0603 3256 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:56:24.0603 3256 scfilter - ok
12:56:24.0650 3256 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:56:24.0681 3256 Schedule - ok
12:56:24.0713 3256 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:56:24.0713 3256 SCPolicySvc - ok
12:56:24.0728 3256 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
12:56:24.0728 3256 sdbus - ok
12:56:24.0744 3256 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:56:24.0744 3256 SDRSVC - ok
12:56:24.0775 3256 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:56:24.0775 3256 secdrv - ok
12:56:24.0791 3256 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:56:24.0791 3256 seclogon - ok
12:56:24.0822 3256 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
12:56:24.0837 3256 SENS - ok
12:56:24.0853 3256 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:56:24.0853 3256 SensrSvc - ok
12:56:24.0853 3256 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
12:56:24.0869 3256 Serenum - ok
12:56:24.0900 3256 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
12:56:24.0900 3256 Serial - ok
12:56:24.0915 3256 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:56:24.0915 3256 sermouse - ok
12:56:24.0962 3256 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:56:24.0962 3256 SessionEnv - ok
12:56:24.0978 3256 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:56:24.0978 3256 sffdisk - ok
12:56:24.0993 3256 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:56:24.0993 3256 sffp_mmc - ok
12:56:25.0009 3256 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:56:25.0009 3256 sffp_sd - ok
12:56:25.0025 3256 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:56:25.0025 3256 sfloppy - ok
12:56:25.0040 3256 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:56:25.0040 3256 SharedAccess - ok
12:56:25.0056 3256 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:56:25.0071 3256 ShellHWDetection - ok
12:56:25.0087 3256 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
12:56:25.0087 3256 SiSRaid2 - ok
12:56:25.0103 3256 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:56:25.0103 3256 SiSRaid4 - ok
12:56:25.0134 3256 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:56:25.0134 3256 Smb - ok
12:56:25.0149 3256 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:56:25.0149 3256 SNMPTRAP - ok
12:56:25.0165 3256 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:56:25.0165 3256 spldr - ok
12:56:25.0181 3256 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
12:56:25.0196 3256 Spooler - ok
12:56:25.0259 3256 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:56:25.0352 3256 sppsvc - ok
12:56:25.0383 3256 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:56:25.0383 3256 sppuinotify - ok
12:56:25.0399 3256 [ 2098B8556D1CEC2ACA9A29CD479E3692 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:56:25.0415 3256 srv - ok
12:56:25.0430 3256 [ D0F73A42040F21F92FD314B42AC5C9E7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:56:25.0430 3256 srv2 - ok
12:56:25.0446 3256 [ 2BA8F3250828CCDB4204ECF2C6F40B6A ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:56:25.0446 3256 srvnet - ok
12:56:25.0493 3256 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:56:25.0493 3256 SSDPSRV - ok
12:56:25.0508 3256 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:56:25.0524 3256 SstpSvc - ok
12:56:25.0539 3256 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
12:56:25.0539 3256 stexstor - ok
12:56:25.0571 3256 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:56:25.0586 3256 stisvc - ok
12:56:25.0586 3256 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:56:25.0602 3256 swenum - ok
12:56:25.0633 3256 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:56:25.0649 3256 swprv - ok
12:56:25.0695 3256 [ 639B57DC871BE4B86283027FAF1F4E30 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
12:56:25.0695 3256 SynTP - ok
12:56:25.0742 3256 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:56:25.0820 3256 SysMain - ok
12:56:25.0836 3256 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:56:25.0836 3256 TabletInputService - ok
12:56:25.0867 3256 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:56:25.0867 3256 TapiSrv - ok
12:56:25.0883 3256 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:56:25.0898 3256 TBS - ok
12:56:25.0961 3256 [ 509383E505C973ED7534A06B3D19688D ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:56:25.0992 3256 Tcpip - ok
12:56:26.0054 3256 [ 509383E505C973ED7534A06B3D19688D ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:56:26.0070 3256 TCPIP6 - ok
12:56:26.0085 3256 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:56:26.0085 3256 tcpipreg - ok
12:56:26.0117 3256 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:56:26.0117 3256 TDPIPE - ok
12:56:26.0148 3256 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:56:26.0148 3256 TDTCP - ok
12:56:26.0163 3256 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:56:26.0163 3256 tdx - ok
12:56:26.0195 3256 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:56:26.0195 3256 TermDD - ok
12:56:26.0210 3256 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:56:26.0241 3256 TermService - ok
12:56:26.0257 3256 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:56:26.0257 3256 Themes - ok
12:56:26.0273 3256 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:56:26.0273 3256 THREADORDER - ok
12:56:26.0288 3256 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:56:26.0288 3256 TrkWks - ok
12:56:26.0366 3256 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:56:26.0366 3256 TrustedInstaller - ok
12:56:26.0382 3256 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:56:26.0382 3256 tssecsrv - ok
12:56:26.0382 3256 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:56:26.0382 3256 TsUsbFlt - ok
12:56:26.0413 3256 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
12:56:26.0413 3256 TsUsbGD - ok
12:56:26.0444 3256 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:56:26.0444 3256 tunnel - ok
12:56:26.0460 3256 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:56:26.0460 3256 uagp35 - ok
12:56:26.0491 3256 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:56:26.0491 3256 udfs - ok
12:56:26.0507 3256 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:56:26.0507 3256 UI0Detect - ok
12:56:26.0538 3256 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:56:26.0538 3256 uliagpkx - ok
12:56:26.0553 3256 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:56:26.0553 3256 umbus - ok
12:56:26.0585 3256 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
12:56:26.0585 3256 UmPass - ok
12:56:26.0616 3256 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:56:26.0616 3256 upnphost - ok
12:56:26.0678 3256 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:56:26.0678 3256 usbaudio - ok
12:56:26.0694 3256 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:56:26.0709 3256 usbccgp - ok
12:56:26.0725 3256 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:56:26.0725 3256 usbcir - ok
12:56:26.0725 3256 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:56:26.0725 3256 usbehci - ok
12:56:26.0756 3256 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:56:26.0756 3256 usbhub - ok
12:56:26.0772 3256 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:56:26.0787 3256 usbohci - ok
12:56:26.0803 3256 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
12:56:26.0803 3256 usbprint - ok
12:56:26.0803 3256 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:56:26.0819 3256 USBSTOR - ok
12:56:26.0819 3256 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:56:26.0819 3256 usbuhci - ok
12:56:26.0865 3256 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
12:56:26.0865 3256 usbvideo - ok
12:56:26.0881 3256 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:56:26.0881 3256 UxSms - ok
12:56:26.0912 3256 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
12:56:26.0912 3256 VaultSvc - ok
12:56:26.0928 3256 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:56:26.0928 3256 vdrvroot - ok
12:56:26.0959 3256 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:56:26.0959 3256 vds - ok
12:56:26.0959 3256 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:56:26.0959 3256 vga - ok
12:56:26.0975 3256 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:56:26.0975 3256 VgaSave - ok
12:56:26.0990 3256 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:56:26.0990 3256 vhdmp - ok
12:56:27.0006 3256 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:56:27.0006 3256 viaide - ok
12:56:27.0021 3256 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:56:27.0021 3256 volmgr - ok
12:56:27.0053 3256 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:56:27.0053 3256 volmgrx - ok
12:56:27.0068 3256 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:56:27.0068 3256 volsnap - ok
12:56:27.0099 3256 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:56:27.0099 3256 vsmraid - ok
12:56:27.0146 3256 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:56:27.0177 3256 VSS - ok
12:56:27.0193 3256 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:56:27.0193 3256 vwifibus - ok
12:56:27.0224 3256 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:56:27.0224 3256 W32Time - ok
12:56:27.0240 3256 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:56:27.0240 3256 WacomPen - ok
12:56:27.0255 3256 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:56:27.0255 3256 WANARP - ok
12:56:27.0271 3256 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:56:27.0271 3256 Wanarpv6 - ok
12:56:27.0318 3256 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:56:27.0349 3256 wbengine - ok
12:56:27.0365 3256 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:56:27.0380 3256 WbioSrvc - ok
12:56:27.0396 3256 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:56:27.0396 3256 wcncsvc - ok
12:56:27.0411 3256 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:56:27.0411 3256 WcsPlugInService - ok
12:56:27.0427 3256 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
12:56:27.0427 3256 Wd - ok
12:56:27.0458 3256 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:56:27.0458 3256 Wdf01000 - ok
12:56:27.0474 3256 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:56:27.0474 3256 WdiServiceHost - ok
12:56:27.0489 3256 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:56:27.0489 3256 WdiSystemHost - ok
12:56:27.0505 3256 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:56:27.0521 3256 WebClient - ok
12:56:27.0536 3256 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:56:27.0536 3256 Wecsvc - ok
12:56:27.0552 3256 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:56:27.0552 3256 wercplsupport - ok
12:56:27.0599 3256 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:56:27.0599 3256 WerSvc - ok
12:56:27.0645 3256 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:56:27.0645 3256 WfpLwf - ok
12:56:27.0692 3256 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:56:27.0692 3256 WIMMount - ok
12:56:27.0708 3256 WinDefend - ok
12:56:27.0708 3256 WinHttpAutoProxySvc - ok
12:56:27.0801 3256 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:56:27.0801 3256 Winmgmt - ok
12:56:27.0895 3256 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:56:27.0957 3256 WinRM - ok
12:56:28.0020 3256 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:56:28.0051 3256 Wlansvc - ok
12:56:28.0113 3256 WMCoreService - ok
12:56:28.0129 3256 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
12:56:28.0129 3256 WmiAcpi - ok
12:56:28.0176 3256 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:56:28.0176 3256 wmiApSrv - ok
12:56:28.0207 3256 WMPNetworkSvc - ok
12:56:28.0223 3256 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:56:28.0223 3256 WPCSvc - ok
12:56:28.0223 3256 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:56:28.0238 3256 WPDBusEnum - ok
12:56:28.0254 3256 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:56:28.0254 3256 ws2ifsl - ok
12:56:28.0269 3256 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
12:56:28.0269 3256 wscsvc - ok
12:56:28.0269 3256 WSearch - ok
12:56:28.0347 3256 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:56:28.0410 3256 wuauserv - ok
12:56:28.0441 3256 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:56:28.0441 3256 WudfPf - ok
12:56:28.0457 3256 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:56:28.0457 3256 wudfsvc - ok
12:56:28.0472 3256 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:56:28.0472 3256 WwanSvc - ok
12:56:28.0503 3256 ================ Scan global ===============================
12:56:28.0535 3256 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:56:28.0550 3256 [ E0406AEF04B088D1C49FC78D0546F689 ] C:\Windows\system32\winsrv.dll
12:56:28.0566 3256 [ E0406AEF04B088D1C49FC78D0546F689 ] C:\Windows\system32\winsrv.dll
12:56:28.0613 3256 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:56:28.0644 3256 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:56:28.0644 3256 [Global] - ok
12:56:28.0644 3256 ================ Scan MBR ==================================
12:56:28.0675 3256 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:56:28.0675 3256 Suspicious mbr (Forged): \Device\Harddisk0\DR0
12:56:28.0737 3256 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
12:56:28.0737 3256 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
12:56:28.0737 3256 ================ Scan VBR ==================================
12:56:28.0737 3256 [ 7C6C2584DD646B0F7C992B6CFDB37AAF ] \Device\Harddisk0\DR0\Partition1
12:56:28.0737 3256 \Device\Harddisk0\DR0\Partition1 - ok
12:56:28.0753 3256 [ 5806B080C40C6CD2BF0775127E9433CA ] \Device\Harddisk0\DR0\Partition2
12:56:28.0753 3256 \Device\Harddisk0\DR0\Partition2 - ok
12:56:28.0753 3256 ============================================================
12:56:28.0753 3256 Scan finished
12:56:28.0753 3256 ============================================================
12:56:28.0769 0332 Detected object count: 1
12:56:28.0769 0332 Actual detected object count: 1
12:56:47.0504 0332 \Device\Harddisk0\DR0\# - copied to quarantine
12:56:47.0629 0332 \Device\Harddisk0\DR0 - copied to quarantine
12:56:49.0017 0332 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
12:56:49.0080 0332 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
12:56:49.0127 0332 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
12:56:50.0047 0332 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
12:56:50.0109 0332 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
12:56:50.0109 0332 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
12:56:50.0109 0332 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
12:56:50.0281 0332 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
12:56:50.0312 0332 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
12:56:50.0328 0332 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
12:56:50.0328 0332 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
12:56:50.0328 0332 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
12:56:50.0359 0332 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
12:56:50.0468 0332 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
12:56:50.0468 0332 \Device\Harddisk0\DR0 - ok
12:56:50.0499 0332 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
12:57:30.0551 4424 Deinitialize success
 
Upon rebooting the tool also re-ran. So here is that log as well

12:59:41.0834 0708 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
12:59:41.0974 0708 ============================================================
12:59:41.0974 0708 Current date / time: 2012/10/26 12:59:41.0974
12:59:41.0974 0708 SystemInfo:
12:59:41.0974 0708
12:59:41.0974 0708 OS Version: 6.1.7601 ServicePack: 1.0
12:59:41.0974 0708 Product type: Workstation
12:59:41.0974 0708 ComputerName: ERIC-PC
12:59:41.0974 0708 UserName: Eric
12:59:41.0974 0708 Windows directory: C:\Windows
12:59:41.0974 0708 System windows directory: C:\Windows
12:59:41.0974 0708 Running under WOW64
12:59:41.0974 0708 Processor architecture: Intel x64
12:59:41.0974 0708 Number of processors: 4
12:59:41.0974 0708 Page size: 0x1000
12:59:41.0974 0708 Boot type: Normal boot
12:59:41.0974 0708 ============================================================
12:59:48.0370 0708 BG loaded
12:59:49.0727 0708 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:59:49.0743 0708 ============================================================
12:59:49.0743 0708 \Device\Harddisk0\DR0:
12:59:49.0743 0708 MBR partitions:
12:59:49.0743 0708 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
12:59:49.0743 0708 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x38625E6B
12:59:49.0743 0708 ============================================================
12:59:49.0977 0708 C: <-> \Device\Harddisk0\DR0\Partition2
12:59:49.0977 0708 ============================================================
12:59:49.0977 0708 Initialize success
12:59:49.0977 0708 ============================================================
12:59:56.0232 2624 ============================================================
12:59:56.0232 2624 Scan started
12:59:56.0232 2624 Mode: Manual;
12:59:56.0232 2624 ============================================================
12:59:57.0933 2624 ================ Scan system memory ========================
12:59:57.0933 2624 System memory - ok
12:59:57.0933 2624 ================ Scan services =============================
12:59:59.0384 2624 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
12:59:59.0384 2624 1394ohci - ok
12:59:59.0446 2624 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:59:59.0462 2624 ACPI - ok
12:59:59.0508 2624 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:59:59.0524 2624 AcpiPmi - ok
13:00:00.0632 2624 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:00:00.0663 2624 AdobeFlashPlayerUpdateSvc - ok
13:00:00.0710 2624 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:00:00.0725 2624 adp94xx - ok
13:00:00.0803 2624 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:00:00.0803 2624 adpahci - ok
13:00:00.0834 2624 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:00:00.0834 2624 adpu320 - ok
13:00:00.0897 2624 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:00:00.0912 2624 AeLookupSvc - ok
13:00:00.0990 2624 [ D31DC7A16DEA4A9BAF179F3D6FBDB38C ] AFD C:\Windows\system32\drivers\afd.sys
13:00:00.0990 2624 AFD - ok
13:00:01.0022 2624 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:00:01.0022 2624 agp440 - ok
13:00:01.0053 2624 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:00:01.0053 2624 ALG - ok
13:00:01.0100 2624 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:00:01.0100 2624 aliide - ok
13:00:01.0146 2624 [ 5989D711769200F0F3E145319250472B ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:00:01.0146 2624 AMD External Events Utility - ok
13:00:01.0162 2624 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:00:01.0178 2624 amdide - ok
13:00:01.0193 2624 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:00:01.0193 2624 AmdK8 - ok
13:00:01.0209 2624 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
13:00:01.0224 2624 AmdPPM - ok
13:00:01.0240 2624 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:00:01.0240 2624 amdsata - ok
13:00:01.0271 2624 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
13:00:01.0365 2624 amdsbs - ok
13:00:01.0365 2624 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:00:01.0380 2624 amdxata - ok
13:00:01.0412 2624 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:00:01.0412 2624 AppID - ok
13:00:01.0521 2624 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:00:01.0521 2624 AppIDSvc - ok
13:00:01.0583 2624 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:00:01.0583 2624 Appinfo - ok
13:00:01.0614 2624 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
13:00:01.0630 2624 arc - ok
13:00:01.0661 2624 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:00:01.0661 2624 arcsas - ok
13:00:01.0708 2624 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:00:01.0708 2624 AsyncMac - ok
13:00:01.0755 2624 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:00:01.0755 2624 atapi - ok
13:00:01.0864 2624 [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
13:00:01.0864 2624 AtiHdmiService - ok
13:00:02.0535 2624 [ B5FB227A09A9EC28163FA4B45487C3C7 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:00:02.0566 2624 atikmdag - ok
13:00:02.0800 2624 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:00:02.0816 2624 AudioEndpointBuilder - ok
13:00:02.0925 2624 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:00:02.0925 2624 AudioSrv - ok
13:00:03.0034 2624 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:00:03.0034 2624 AxInstSV - ok
13:00:03.0159 2624 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
13:00:03.0174 2624 b06bdrv - ok
13:00:03.0252 2624 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:00:03.0268 2624 b57nd60a - ok
13:00:03.0845 2624 [ 43AD3D3E7674833FCA9A7C4E7180AD54 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
13:00:03.0861 2624 BCM43XX - ok
13:00:03.0923 2624 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:00:03.0923 2624 BDESVC - ok
13:00:03.0986 2624 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:00:03.0986 2624 Beep - ok
13:00:04.0157 2624 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:00:04.0173 2624 BFE - ok
13:00:04.0329 2624 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
13:00:04.0360 2624 BITS - ok
13:00:04.0422 2624 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:00:04.0422 2624 blbdrive - ok
13:00:04.0469 2624 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:00:04.0469 2624 bowser - ok
13:00:04.0516 2624 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
13:00:04.0532 2624 BrFiltLo - ok
13:00:04.0547 2624 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
13:00:04.0547 2624 BrFiltUp - ok
13:00:04.0594 2624 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
13:00:04.0594 2624 Browser - ok
13:00:04.0641 2624 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:00:04.0656 2624 Brserid - ok
13:00:04.0672 2624 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:00:04.0672 2624 BrSerWdm - ok
13:00:04.0703 2624 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:00:04.0703 2624 BrUsbMdm - ok
13:00:04.0719 2624 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:00:04.0734 2624 BrUsbSer - ok
13:00:04.0750 2624 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:00:04.0750 2624 BTHMODEM - ok
13:00:04.0781 2624 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:00:04.0797 2624 bthserv - ok
13:00:04.0812 2624 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:00:04.0812 2624 cdfs - ok
13:00:04.0859 2624 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:00:04.0859 2624 cdrom - ok
13:00:04.0890 2624 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:00:04.0906 2624 CertPropSvc - ok
13:00:04.0906 2624 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
13:00:04.0922 2624 circlass - ok
13:00:04.0984 2624 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:00:05.0000 2624 CLFS - ok
13:00:05.0670 2624 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:00:05.0686 2624 clr_optimization_v2.0.50727_32 - ok
13:00:05.0904 2624 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:00:05.0920 2624 clr_optimization_v2.0.50727_64 - ok
13:00:05.0967 2624 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:00:05.0967 2624 CmBatt - ok
13:00:05.0998 2624 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:00:05.0998 2624 cmdide - ok
13:00:06.0076 2624 [ D5FEA92400F12412B3922087C09DA6A5 ] CNG C:\Windows\system32\Drivers\cng.sys
13:00:06.0107 2624 CNG - ok
13:00:06.0154 2624 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:00:06.0170 2624 Compbatt - ok
13:00:06.0185 2624 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
13:00:06.0185 2624 CompositeBus - ok
13:00:06.0185 2624 COMSysApp - ok
13:00:06.0216 2624 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:00:06.0216 2624 crcdisk - ok
13:00:06.0279 2624 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:00:06.0279 2624 CryptSvc - ok
13:00:06.0404 2624 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:00:06.0404 2624 DcomLaunch - ok
13:00:06.0497 2624 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:00:06.0513 2624 defragsvc - ok
13:00:06.0544 2624 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:00:06.0544 2624 DfsC - ok
13:00:06.0606 2624 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:00:06.0622 2624 Dhcp - ok
13:00:06.0669 2624 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:00:06.0669 2624 discache - ok
13:00:06.0716 2624 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
13:00:06.0716 2624 Disk - ok
13:00:06.0747 2624 [ CD55F5355D8F55D44C9F4ED875705BD6 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:00:06.0747 2624 Dnscache - ok
13:00:06.0809 2624 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:00:06.0825 2624 dot3svc - ok
13:00:06.0856 2624 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:00:06.0856 2624 DPS - ok
13:00:06.0903 2624 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:00:06.0903 2624 drmkaud - ok
13:00:06.0996 2624 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:00:07.0012 2624 DXGKrnl - ok
13:00:07.0043 2624 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:00:07.0043 2624 EapHost - ok
13:00:07.0324 2624 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
13:00:07.0418 2624 ebdrv - ok
13:00:07.0464 2624 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
13:00:07.0464 2624 EFS - ok
13:00:07.0698 2624 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:00:07.0714 2624 ehRecvr - ok
13:00:07.0730 2624 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:00:07.0730 2624 ehSched - ok
13:00:07.0823 2624 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:00:07.0839 2624 elxstor - ok
13:00:07.0854 2624 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:00:07.0854 2624 ErrDev - ok
13:00:07.0964 2624 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:00:07.0979 2624 EventSystem - ok
13:00:08.0026 2624 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:00:08.0026 2624 exfat - ok
13:00:08.0057 2624 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:00:08.0057 2624 fastfat - ok
13:00:08.0151 2624 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:00:08.0182 2624 Fax - ok
13:00:08.0198 2624 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
13:00:08.0198 2624 fdc - ok
13:00:08.0244 2624 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:00:08.0244 2624 fdPHost - ok
13:00:08.0260 2624 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:00:08.0276 2624 FDResPub - ok
13:00:08.0322 2624 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:00:08.0322 2624 FileInfo - ok
13:00:08.0338 2624 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:00:08.0338 2624 Filetrace - ok
13:00:08.0369 2624 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
13:00:08.0369 2624 flpydisk - ok
13:00:08.0416 2624 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:00:08.0416 2624 FltMgr - ok
13:00:08.0556 2624 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
13:00:08.0588 2624 FontCache - ok
13:00:08.0697 2624 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:00:08.0697 2624 FontCache3.0.0.0 - ok
13:00:08.0712 2624 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:00:08.0712 2624 FsDepends - ok
13:00:08.0744 2624 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:00:08.0806 2624 Fs_Rec - ok
13:00:08.0900 2624 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:00:08.0900 2624 fvevol - ok
13:00:08.0962 2624 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:00:09.0040 2624 gagp30kx - ok
13:00:09.0212 2624 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:00:09.0227 2624 gpsvc - ok
13:00:09.0243 2624 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:00:09.0243 2624 hcw85cir - ok
13:00:09.0648 2624 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:00:09.0664 2624 HdAudAddService - ok
13:00:09.0758 2624 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:00:09.0758 2624 HDAudBus - ok
13:00:09.0851 2624 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
13:00:09.0851 2624 HECIx64 - ok
13:00:09.0960 2624 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
13:00:09.0960 2624 HidBatt - ok
13:00:10.0007 2624 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:00:10.0007 2624 HidBth - ok
13:00:10.0054 2624 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
13:00:10.0070 2624 HidIr - ok
13:00:10.0382 2624 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
13:00:10.0475 2624 hidserv - ok
13:00:10.0538 2624 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:00:10.0538 2624 HidUsb - ok
13:00:10.0772 2624 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:00:10.0772 2624 hkmsvc - ok
13:00:10.0819 2624 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:00:10.0819 2624 HomeGroupListener - ok
13:00:10.0928 2624 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:00:10.0928 2624 HomeGroupProvider - ok
13:00:11.0006 2624 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:00:11.0006 2624 HpSAMD - ok
13:00:11.0177 2624 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:00:11.0177 2624 HTTP - ok
13:00:11.0224 2624 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:00:11.0240 2624 hwpolicy - ok
13:00:11.0365 2624 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:00:11.0365 2624 i8042prt - ok
13:00:11.0411 2624 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:00:11.0411 2624 iaStorV - ok
13:00:11.0567 2624 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:00:11.0630 2624 idsvc - ok
13:00:11.0661 2624 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:00:11.0661 2624 iirsp - ok
13:00:11.0786 2624 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:00:11.0833 2624 IKEEXT - ok
13:00:11.0848 2624 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:00:11.0848 2624 intelide - ok
13:00:11.0879 2624 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:00:11.0879 2624 intelppm - ok
13:00:11.0911 2624 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:00:11.0911 2624 IPBusEnum - ok
13:00:11.0957 2624 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:00:11.0957 2624 IpFilterDriver - ok
13:00:12.0067 2624 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:00:12.0067 2624 iphlpsvc - ok
13:00:12.0082 2624 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:00:12.0098 2624 IPMIDRV - ok
13:00:12.0113 2624 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:00:12.0113 2624 IPNAT - ok
13:00:12.0160 2624 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:00:12.0160 2624 IRENUM - ok
13:00:12.0176 2624 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:00:12.0191 2624 isapnp - ok
13:00:12.0223 2624 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:00:12.0223 2624 iScsiPrt - ok
13:00:12.0238 2624 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:00:12.0238 2624 kbdclass - ok
13:00:12.0254 2624 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:00:12.0254 2624 kbdhid - ok
13:00:12.0301 2624 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
13:00:12.0301 2624 KeyIso - ok
13:00:12.0316 2624 [ CCD53B5BD33CE0C889E830D839C8B66E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:00:12.0316 2624 KSecDD - ok
13:00:12.0347 2624 [ 9FF918A261752C12639E8AD4208D2C2F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:00:12.0347 2624 KSecPkg - ok
13:00:12.0363 2624 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:00:12.0363 2624 ksthunk - ok
13:00:12.0425 2624 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:00:12.0457 2624 KtmRm - ok
13:00:12.0503 2624 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:00:12.0519 2624 LanmanServer - ok
13:00:12.0550 2624 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:00:12.0566 2624 LanmanWorkstation - ok
13:00:12.0597 2624 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:00:12.0597 2624 lltdio - ok
13:00:12.0628 2624 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:00:12.0628 2624 lltdsvc - ok
13:00:12.0644 2624 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:00:12.0644 2624 lmhosts - ok
13:00:12.0691 2624 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:00:12.0691 2624 LSI_FC - ok
13:00:12.0706 2624 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:00:12.0722 2624 LSI_SAS - ok
13:00:12.0737 2624 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
13:00:12.0737 2624 LSI_SAS2 - ok
13:00:12.0753 2624 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:00:12.0753 2624 LSI_SCSI - ok
13:00:12.0784 2624 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:00:12.0784 2624 luafv - ok
13:00:12.0862 2624 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:00:12.0862 2624 MBAMProtector - ok
13:00:12.0987 2624 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:00:13.0003 2624 MBAMScheduler - ok
13:00:13.0143 2624 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:00:13.0159 2624 MBAMService - ok
13:00:13.0190 2624 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:00:13.0205 2624 Mcx2Svc - ok
13:00:13.0221 2624 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
13:00:13.0221 2624 megasas - ok
13:00:13.0252 2624 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
13:00:13.0252 2624 MegaSR - ok
13:00:13.0315 2624 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:00:13.0315 2624 MMCSS - ok
13:00:13.0315 2624 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:00:13.0315 2624 Modem - ok
13:00:13.0330 2624 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:00:13.0330 2624 monitor - ok
13:00:13.0346 2624 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:00:13.0346 2624 mouclass - ok
13:00:13.0346 2624 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:00:13.0361 2624 mouhid - ok
13:00:13.0393 2624 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:00:13.0408 2624 mountmgr - ok
13:00:13.0486 2624 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:00:13.0486 2624 MozillaMaintenance - ok
13:00:13.0564 2624 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
13:00:13.0564 2624 MpFilter - ok
13:00:13.0595 2624 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:00:13.0611 2624 mpio - ok
13:00:13.0658 2624 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:00:13.0658 2624 mpsdrv - ok
13:00:13.0736 2624 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:00:13.0736 2624 MpsSvc - ok
13:00:13.0783 2624 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:00:13.0798 2624 MRxDAV - ok
13:00:13.0845 2624 [ FAF015B07E3A2874A790A39B7D2C579F ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:00:13.0845 2624 mrxsmb - ok
13:00:13.0892 2624 [ 08E2345DF129082BCDFFDC1440F9C00D ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:00:13.0907 2624 mrxsmb10 - ok
 
13:00:13.0923 2624 [ 108D87409C5812EF47D81E22843E8C9D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:00:13.0923 2624 mrxsmb20 - ok
13:00:13.0970 2624 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:00:13.0970 2624 msahci - ok
13:00:14.0032 2624 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:00:14.0048 2624 msdsm - ok
13:00:14.0079 2624 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:00:14.0095 2624 MSDTC - ok
13:00:14.0157 2624 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:00:14.0157 2624 Msfs - ok
13:00:14.0235 2624 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:00:14.0235 2624 mshidkmdf - ok
13:00:14.0282 2624 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:00:14.0282 2624 msisadrv - ok
13:00:14.0344 2624 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:00:14.0344 2624 MSiSCSI - ok
13:00:14.0344 2624 msiserver - ok
13:00:14.0422 2624 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:00:14.0422 2624 MSKSSRV - ok
13:00:15.0467 2624 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:00:15.0467 2624 MsMpSvc - ok
13:00:15.0608 2624 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:00:15.0623 2624 MSPCLOCK - ok
13:00:15.0639 2624 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:00:15.0655 2624 MSPQM - ok
13:00:15.0686 2624 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:00:15.0701 2624 MsRPC - ok
13:00:15.0733 2624 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:00:15.0733 2624 mssmbios - ok
13:00:15.0764 2624 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:00:15.0764 2624 MSTEE - ok
13:00:15.0795 2624 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
13:00:15.0795 2624 MTConfig - ok
13:00:15.0826 2624 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:00:15.0826 2624 Mup - ok
13:00:15.0951 2624 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:00:15.0951 2624 napagent - ok
13:00:16.0029 2624 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:00:16.0029 2624 NativeWifiP - ok
13:00:16.0232 2624 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
13:00:16.0310 2624 NDIS - ok
13:00:16.0325 2624 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:00:16.0341 2624 NdisCap - ok
13:00:16.0466 2624 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:00:16.0466 2624 NdisTapi - ok
13:00:16.0513 2624 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:00:16.0513 2624 Ndisuio - ok
13:00:16.0606 2624 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:00:16.0606 2624 NdisWan - ok
13:00:16.0637 2624 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:00:16.0637 2624 NDProxy - ok
13:00:16.0653 2624 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:00:16.0653 2624 NetBIOS - ok
13:00:16.0669 2624 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:00:16.0669 2624 NetBT - ok
13:00:16.0700 2624 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
13:00:16.0700 2624 Netlogon - ok
13:00:16.0778 2624 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:00:16.0793 2624 Netman - ok
13:00:16.0856 2624 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:00:16.0856 2624 netprofm - ok
13:00:16.0903 2624 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:00:16.0918 2624 NetTcpPortSharing - ok
13:00:16.0934 2624 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:00:16.0934 2624 nfrd960 - ok
13:00:16.0996 2624 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:00:17.0012 2624 NisDrv - ok
13:00:17.0059 2624 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
13:00:17.0059 2624 NisSrv - ok
13:00:17.0105 2624 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:00:17.0105 2624 NlaSvc - ok
13:00:17.0137 2624 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:00:17.0137 2624 Npfs - ok
13:00:17.0183 2624 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:00:17.0183 2624 nsi - ok
13:00:17.0215 2624 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:00:17.0215 2624 nsiproxy - ok
13:00:17.0308 2624 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:00:17.0371 2624 Ntfs - ok
13:00:17.0386 2624 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:00:17.0386 2624 Null - ok
13:00:17.0433 2624 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:00:17.0433 2624 nvraid - ok
13:00:17.0464 2624 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:00:17.0464 2624 nvstor - ok
13:00:17.0495 2624 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:00:17.0511 2624 nv_agp - ok
13:00:17.0527 2624 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:00:17.0527 2624 ohci1394 - ok
13:00:17.0589 2624 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:00:17.0605 2624 p2pimsvc - ok
13:00:17.0667 2624 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:00:17.0698 2624 p2psvc - ok
13:00:17.0714 2624 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
13:00:17.0714 2624 Parport - ok
13:00:17.0761 2624 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:00:17.0761 2624 partmgr - ok
13:00:17.0792 2624 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:00:17.0792 2624 PcaSvc - ok
13:00:17.0823 2624 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:00:17.0823 2624 pci - ok
13:00:17.0839 2624 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:00:17.0839 2624 pciide - ok
13:00:17.0854 2624 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:00:17.0870 2624 pcmcia - ok
13:00:17.0901 2624 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:00:17.0901 2624 pcw - ok
13:00:17.0932 2624 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:00:17.0932 2624 PEAUTH - ok
13:00:19.0742 2624 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:00:19.0742 2624 PerfHost - ok
13:00:19.0898 2624 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:00:19.0929 2624 pla - ok
13:00:20.0007 2624 [ B806E50427511BCF4AD8E8239C3E25FA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:00:20.0007 2624 PlugPlay - ok
13:00:20.0054 2624 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:00:20.0069 2624 PNRPAutoReg - ok
13:00:20.0132 2624 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:00:20.0132 2624 PNRPsvc - ok
13:00:20.0210 2624 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:00:20.0241 2624 PolicyAgent - ok
13:00:20.0303 2624 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:00:20.0319 2624 Power - ok
13:00:20.0381 2624 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:00:20.0381 2624 PptpMiniport - ok
13:00:20.0397 2624 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
13:00:20.0397 2624 Processor - ok
13:00:20.0444 2624 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
13:00:20.0444 2624 ProfSvc - ok
13:00:20.0475 2624 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
13:00:20.0475 2624 ProtectedStorage - ok
13:00:20.0537 2624 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:00:20.0537 2624 Psched - ok
13:00:20.0740 2624 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:00:20.0818 2624 ql2300 - ok
13:00:20.0849 2624 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:00:20.0849 2624 ql40xx - ok
13:00:20.0912 2624 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:00:20.0927 2624 QWAVE - ok
13:00:20.0943 2624 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:00:20.0943 2624 QWAVEdrv - ok
13:00:20.0959 2624 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:00:20.0974 2624 RasAcd - ok
13:00:21.0037 2624 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:00:21.0037 2624 RasAgileVpn - ok
13:00:21.0099 2624 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:00:21.0099 2624 RasAuto - ok
13:00:21.0146 2624 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:00:21.0146 2624 Rasl2tp - ok
13:00:21.0177 2624 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:00:21.0177 2624 RasMan - ok
13:00:21.0224 2624 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:00:21.0224 2624 RasPppoe - ok
13:00:21.0286 2624 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:00:21.0286 2624 RasSstp - ok
13:00:21.0317 2624 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:00:21.0333 2624 rdbss - ok
13:00:21.0364 2624 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
13:00:21.0364 2624 rdpbus - ok
13:00:21.0380 2624 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:00:21.0380 2624 RDPCDD - ok
13:00:21.0411 2624 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:00:21.0411 2624 RDPENCDD - ok
13:00:21.0442 2624 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:00:21.0442 2624 RDPREFMP - ok
13:00:21.0551 2624 [ 6D76E6433574B058ADCB0C50DF834492 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:00:21.0551 2624 RDPWD - ok
13:00:21.0598 2624 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:00:21.0614 2624 rdyboost - ok
13:00:21.0692 2624 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:00:21.0692 2624 RemoteAccess - ok
13:00:21.0754 2624 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:00:21.0754 2624 RemoteRegistry - ok
13:00:22.0066 2624 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:00:22.0066 2624 RpcEptMapper - ok
13:00:22.0378 2624 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:00:22.0394 2624 RpcLocator - ok
13:00:22.0425 2624 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:00:22.0441 2624 RpcSs - ok
13:00:22.0534 2624 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:00:22.0534 2624 rspndr - ok
13:00:22.0643 2624 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
13:00:22.0643 2624 RTL8167 - ok
13:00:22.0659 2624 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
13:00:22.0659 2624 SamSs - ok
13:00:22.0690 2624 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:00:22.0690 2624 sbp2port - ok
13:00:22.0971 2624 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:00:22.0971 2624 SCardSvr - ok
13:00:23.0002 2624 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:00:23.0002 2624 scfilter - ok
13:00:23.0299 2624 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:00:23.0314 2624 Schedule - ok
13:00:23.0345 2624 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:00:23.0345 2624 SCPolicySvc - ok
13:00:23.0423 2624 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
13:00:23.0423 2624 sdbus - ok
13:00:23.0486 2624 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:00:23.0486 2624 SDRSVC - ok
13:00:23.0548 2624 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:00:23.0564 2624 secdrv - ok
13:00:23.0579 2624 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:00:23.0579 2624 seclogon - ok
13:00:23.0642 2624 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
13:00:23.0642 2624 SENS - ok
13:00:23.0673 2624 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:00:23.0673 2624 SensrSvc - ok
13:00:23.0704 2624 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
13:00:23.0704 2624 Serenum - ok
13:00:23.0751 2624 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
13:00:23.0767 2624 Serial - ok
13:00:23.0829 2624 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:00:23.0829 2624 sermouse - ok
13:00:23.0876 2624 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:00:23.0876 2624 SessionEnv - ok
13:00:23.0907 2624 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:00:23.0907 2624 sffdisk - ok
13:00:23.0969 2624 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:00:23.0969 2624 sffp_mmc - ok
13:00:24.0016 2624 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:00:24.0032 2624 sffp_sd - ok
13:00:24.0079 2624 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:00:24.0079 2624 sfloppy - ok
13:00:24.0359 2624 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:00:24.0406 2624 SharedAccess - ok
13:00:24.0593 2624 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:00:24.0593 2624 ShellHWDetection - ok
13:00:24.0671 2624 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
13:00:24.0671 2624 SiSRaid2 - ok
13:00:24.0703 2624 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:00:24.0718 2624 SiSRaid4 - ok
13:00:24.0765 2624 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:00:24.0765 2624 Smb - ok
13:00:24.0890 2624 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:00:24.0905 2624 SNMPTRAP - ok
13:00:24.0937 2624 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:00:24.0937 2624 spldr - ok
13:00:24.0983 2624 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
13:00:24.0983 2624 Spooler - ok
13:00:25.0342 2624 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:00:25.0436 2624 sppsvc - ok
13:00:25.0451 2624 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:00:25.0451 2624 sppuinotify - ok
13:00:25.0561 2624 [ 2098B8556D1CEC2ACA9A29CD479E3692 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:00:25.0561 2624 srv - ok
13:00:25.0623 2624 [ D0F73A42040F21F92FD314B42AC5C9E7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:00:25.0623 2624 srv2 - ok
13:00:25.0654 2624 [ 2BA8F3250828CCDB4204ECF2C6F40B6A ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:00:25.0654 2624 srvnet - ok
13:00:25.0888 2624 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:00:25.0919 2624 SSDPSRV - ok
13:00:25.0951 2624 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:00:25.0951 2624 SstpSvc - ok
13:00:25.0966 2624 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
13:00:25.0985 2624 stexstor - ok
13:00:26.0140 2624 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:00:26.0170 2624 stisvc - ok
13:00:26.0250 2624 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:00:26.0250 2624 swenum - ok
13:00:26.0310 2624 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:00:26.0380 2624 swprv - ok
13:00:26.0480 2624 [ 639B57DC871BE4B86283027FAF1F4E30 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
13:00:26.0480 2624 SynTP - ok
13:00:26.0710 2624 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:00:26.0720 2624 SysMain - ok
13:00:26.0770 2624 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:00:26.0780 2624 TabletInputService - ok
13:00:26.0810 2624 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:00:26.0810 2624 TapiSrv - ok
13:00:26.0840 2624 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:00:26.0840 2624 TBS - ok
13:00:27.0170 2624 [ 509383E505C973ED7534A06B3D19688D ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:00:27.0260 2624 Tcpip - ok
13:00:27.0470 2624 [ 509383E505C973ED7534A06B3D19688D ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:00:27.0490 2624 TCPIP6 - ok
13:00:27.0510 2624 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:00:27.0510 2624 tcpipreg - ok
13:00:27.0580 2624 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:00:27.0590 2624 TDPIPE - ok
13:00:27.0650 2624 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:00:27.0650 2624 TDTCP - ok
13:00:27.0680 2624 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:00:27.0690 2624 tdx - ok
13:00:27.0720 2624 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:00:27.0720 2624 TermDD - ok
13:00:27.0840 2624 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:00:27.0870 2624 TermService - ok
13:00:27.0979 2624 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:00:27.0979 2624 Themes - ok
13:00:28.0010 2624 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:00:28.0010 2624 THREADORDER - ok
13:00:28.0041 2624 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:00:28.0041 2624 TrkWks - ok
13:00:28.0182 2624 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:00:28.0182 2624 TrustedInstaller - ok
13:00:28.0213 2624 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:00:28.0229 2624 tssecsrv - ok
13:00:28.0260 2624 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:00:28.0260 2624 TsUsbFlt - ok
13:00:28.0338 2624 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
13:00:28.0338 2624 TsUsbGD - ok
13:00:28.0385 2624 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:00:28.0385 2624 tunnel - ok
13:00:28.0400 2624 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:00:28.0416 2624 uagp35 - ok
13:00:28.0463 2624 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:00:28.0463 2624 udfs - ok
13:00:28.0494 2624 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:00:28.0494 2624 UI0Detect - ok
13:00:28.0541 2624 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:00:28.0541 2624 uliagpkx - ok
13:00:28.0541 2624 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:00:28.0556 2624 umbus - ok
13:00:28.0587 2624 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
13:00:28.0587 2624 UmPass - ok
13:00:28.0634 2624 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:00:28.0665 2624 upnphost - ok
13:00:28.0743 2624 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
13:00:28.0743 2624 usbaudio - ok
13:00:28.0775 2624 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:00:28.0775 2624 usbccgp - ok
13:00:28.0790 2624 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:00:28.0806 2624 usbcir - ok
13:00:28.0821 2624 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:00:28.0821 2624 usbehci - ok
13:00:28.0868 2624 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:00:28.0868 2624 usbhub - ok
13:00:28.0884 2624 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:00:28.0884 2624 usbohci - ok
13:00:28.0915 2624 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
13:00:28.0915 2624 usbprint - ok
13:00:28.0931 2624 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:00:28.0931 2624 USBSTOR - ok
13:00:28.0946 2624 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:00:28.0946 2624 usbuhci - ok
13:00:29.0024 2624 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
13:00:29.0040 2624 usbvideo - ok
13:00:29.0118 2624 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:00:29.0118 2624 UxSms - ok
13:00:29.0133 2624 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
13:00:29.0133 2624 VaultSvc - ok
13:00:29.0149 2624 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:00:29.0149 2624 vdrvroot - ok
13:00:29.0243 2624 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:00:29.0274 2624 vds - ok
13:00:29.0274 2624 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:00:29.0289 2624 vga - ok
13:00:29.0289 2624 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:00:29.0289 2624 VgaSave - ok
13:00:29.0321 2624 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:00:29.0321 2624 vhdmp - ok
13:00:29.0352 2624 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:00:29.0352 2624 viaide - ok
13:00:29.0383 2624 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:00:29.0383 2624 volmgr - ok
13:00:29.0477 2624 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:00:29.0492 2624 volmgrx - ok
13:00:29.0539 2624 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:00:29.0539 2624 volsnap - ok
13:00:29.0617 2624 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:00:29.0633 2624 vsmraid - ok
13:00:29.0851 2624 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:00:29.0929 2624 VSS - ok
13:00:29.0960 2624 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:00:29.0960 2624 vwifibus - ok
13:00:30.0303 2624 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:00:30.0350 2624 W32Time - ok
13:00:30.0350 2624 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:00:30.0350 2624 WacomPen - ok
13:00:30.0444 2624 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:00:30.0459 2624 WANARP - ok
13:00:30.0459 2624 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:00:30.0475 2624 Wanarpv6 - ok
13:00:30.0631 2624 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:00:30.0678 2624 wbengine - ok
13:00:30.0740 2624 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:00:30.0740 2624 WbioSrvc - ok
13:00:30.0803 2624 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:00:30.0818 2624 wcncsvc - ok
13:00:30.0834 2624 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:00:30.0849 2624 WcsPlugInService - ok
13:00:30.0927 2624 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
13:00:30.0927 2624 Wd - ok
13:00:31.0005 2624 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:00:31.0037 2624 Wdf01000 - ok
13:00:31.0052 2624 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:00:31.0052 2624 WdiServiceHost - ok
13:00:31.0052 2624 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:00:31.0052 2624 WdiSystemHost - ok
13:00:31.0130 2624 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:00:31.0161 2624 WebClient - ok
13:00:31.0208 2624 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:00:31.0224 2624 Wecsvc - ok
13:00:31.0239 2624 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:00:31.0255 2624 wercplsupport - ok
13:00:31.0286 2624 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:00:31.0286 2624 WerSvc - ok
13:00:31.0349 2624 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:00:31.0349 2624 WfpLwf - ok
13:00:31.0380 2624 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:00:31.0380 2624 WIMMount - ok
13:00:31.0395 2624 WinDefend - ok
13:00:31.0395 2624 WinHttpAutoProxySvc - ok
13:00:31.0676 2624 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:00:31.0676 2624 Winmgmt - ok
13:00:31.0863 2624 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:00:31.0926 2624 WinRM - ok
13:00:32.0051 2624 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:00:32.0082 2624 Wlansvc - ok
13:00:32.0207 2624 WMCoreService - ok
13:00:32.0253 2624 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
13:00:32.0253 2624 WmiAcpi - ok
13:00:32.0425 2624 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:00:32.0456 2624 wmiApSrv - ok
13:00:32.0862 2624 WMPNetworkSvc - ok
13:00:32.0955 2624 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:00:33.0236 2624 WPCSvc - ok
13:00:33.0252 2624 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:00:33.0252 2624 WPDBusEnum - ok
13:00:33.0361 2624 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:00:33.0361 2624 ws2ifsl - ok
13:00:33.0392 2624 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
13:00:33.0392 2624 wscsvc - ok
13:00:33.0408 2624 WSearch - ok
13:00:34.0032 2624 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:00:34.0094 2624 wuauserv - ok
13:00:34.0110 2624 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:00:34.0110 2624 WudfPf - ok
13:00:34.0203 2624 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:00:34.0203 2624 wudfsvc - ok
13:00:34.0281 2624 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:00:34.0313 2624 WwanSvc - ok
13:00:34.0328 2624 ================ Scan global ===============================
13:00:34.0406 2624 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:00:34.0453 2624 [ E0406AEF04B088D1C49FC78D0546F689 ] C:\Windows\system32\winsrv.dll
13:00:34.0453 2624 [ E0406AEF04B088D1C49FC78D0546F689 ] C:\Windows\system32\winsrv.dll
13:00:34.0531 2624 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:00:34.0656 2624 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:00:34.0656 2624 [Global] - ok
13:00:34.0656 2624 ================ Scan MBR ==================================
13:00:34.0843 2624 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
13:00:42.0643 2624 \Device\Harddisk0\DR0 - ok
13:00:42.0659 2624 ================ Scan VBR ==================================
13:00:42.0674 2624 [ 7C6C2584DD646B0F7C992B6CFDB37AAF ] \Device\Harddisk0\DR0\Partition1
13:00:42.0674 2624 \Device\Harddisk0\DR0\Partition1 - ok
13:00:42.0721 2624 [ 5806B080C40C6CD2BF0775127E9433CA ] \Device\Harddisk0\DR0\Partition2
13:00:42.0721 2624 \Device\Harddisk0\DR0\Partition2 - ok
13:00:42.0721 2624 ============================================================
13:00:42.0721 2624 Scan finished
13:00:42.0721 2624 ============================================================
13:00:42.0737 2596 Detected object count: 0
13:00:42.0737 2596 Actual detected object count: 0
13:00:57.0198 2992 Deinitialize success
 
Good :)

Re-run MBAM one more time and post new log.

Next....

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Guessing this is a good sign? Downloaded next two, will post them as soon as they're done.

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org
Database version: v2012.10.25.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Eric :: ERIC-PC [administrator]
Protection: Enabled
10/26/2012 2:58:06 PM
mbam-log-2012-10-26 (14-58-06).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192826
Time elapsed: 1 minute(s), 43 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 
RogueKiller V8.2.0 [10/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Eric [Admin rights]
Mode : Scan -- Date : 10/26/2012 15:02:03
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9500420AS ATA Device +++++
--- User ---
[MBR] 9722e55e7c645d3952cc55597a895c65
[BSP] 5ffe4d0c776024be967b5ed66ce728cf : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30800325 | Size: 461899 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
 
Report 2
RogueKiller V8.2.0 [10/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Eric [Admin rights]
Mode : Remove -- Date : 10/26/2012 15:02:48
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9500420AS ATA Device +++++
--- User ---
[MBR] 9722e55e7c645d3952cc55597a895c65
[BSP] 5ffe4d0c776024be967b5ed66ce728cf : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30800325 | Size: 461899 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
 
Perhaps I spoke too soon, recieved a blue screen on first run of aswMBR. It's running again on my laptop, just wanted to update you here on what was taking it.
 
"Scan finished successfully" Yay! :)
Here is the log it produced:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-26 15:10:44
-----------------------------
15:10:44.074 OS Version: Windows x64 6.1.7601 Service Pack 1
15:10:44.074 Number of processors: 4 586 0x2502
15:10:44.074 ComputerName: ERIC-PC UserName: Eric
15:10:46.944 Initialize success
15:10:56.632 AVAST engine defs: 12102601
15:11:04.588 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:11:04.588 Disk 0 Vendor: ST9500420AS D005SDM1 Size: 476940MB BusType: 11
15:11:04.728 Disk 0 MBR read successfully
15:11:04.744 Disk 0 MBR scan
15:11:04.744 Disk 0 Windows VISTA default MBR code
15:11:04.744 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
15:11:04.775 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
15:11:04.822 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461899 MB offset 30800325
15:11:04.869 Disk 0 scanning C:\Windows\system32\drivers
15:11:17.161 Service scanning
15:11:45.538 Modules scanning
15:11:45.538 Disk 0 trace - called modules:
15:11:45.569 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
15:11:45.569 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b79060]
15:11:45.585 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800491e060]
15:11:46.942 AVAST engine scan C:\Windows
15:11:50.109 AVAST engine scan C:\Windows\system32
15:14:51.911 AVAST engine scan C:\Windows\system32\drivers
15:15:10.179 AVAST engine scan C:\Users\Eric
15:16:57.741 AVAST engine scan C:\ProgramData
15:17:26.305 Scan finished successfully
15:18:43.806 Disk 0 MBR has been saved successfully to "C:\Users\Eric\Desktop\MBR.dat"
15:18:43.806 The log file has been saved successfully to "C:\Users\Eric\Desktop\aswMBR.txt"
 
Very good :)

Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

====================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 12-10-26.05 - Eric 10/27/2012 1:44.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2539 [GMT -7:00]
Running from: c:\users\Eric\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-27 to 2012-10-27 )))))))))))))))))))))))))))))))
.
.
2012-10-27 08:48 . 2012-10-27 08:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-26 19:58 . 2012-10-26 22:09 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EAAF1FB5-E4E5-4418-8FA6-9A4A89CEDD18}\offreg.dll
2012-10-26 19:56 . 2012-10-26 19:56 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-26 09:50 . 2012-10-26 09:50 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-10-26 01:59 . 2012-10-26 01:59 -------- d-----w- c:\program files\Ventrilo
2012-10-26 01:58 . 2012-10-26 01:58 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-10-26 00:22 . 2012-10-26 00:22 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-26 00:22 . 2012-10-26 00:22 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-26 00:22 . 2012-10-26 00:22 -------- d-----w- c:\windows\SysWow64\Macromed
2012-10-26 00:22 . 2012-10-26 00:22 -------- d-----w- c:\windows\system32\Macromed
2012-10-25 23:48 . 2012-10-26 03:02 -------- d-----w- c:\program files (x86)\World of Warcraft
2012-10-25 23:48 . 2012-10-25 23:48 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-10-25 23:48 . 2012-10-25 23:48 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-10-25 23:48 . 2012-10-25 23:48 -------- d-----w- c:\programdata\Battle.net
2012-10-25 23:18 . 2012-10-25 23:18 -------- d-----w- c:\programdata\Malwarebytes
2012-10-25 23:18 . 2012-10-25 23:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-25 23:18 . 2012-09-30 02:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-25 23:06 . 2012-10-25 23:06 -------- d-----w- c:\programdata\ATI
2012-10-25 23:05 . 2012-10-25 23:05 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-10-25 23:04 . 2012-10-25 23:04 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-10-25 23:04 . 2012-10-25 23:06 -------- d-----w- c:\program files\ATI Technologies
2012-10-25 23:04 . 2012-10-25 23:04 -------- d-----w- c:\program files\ATI
2012-10-25 23:02 . 2009-11-18 21:21 6171136 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-10-25 23:02 . 2009-11-18 20:46 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-10-25 23:02 . 2009-11-18 20:46 446976 ----a-w- c:\windows\system32\atieclxx.exe
2012-10-25 23:02 . 2009-11-18 20:44 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-10-25 23:02 . 2009-11-18 20:18 4675584 ----a-w- c:\windows\system32\atiumd64.dll
2012-10-25 23:02 . 2009-11-18 20:11 13422080 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-10-25 23:02 . 2009-11-18 19:53 53248 ----a-w- c:\windows\system32\atimpc64.dll
2012-10-25 23:02 . 2009-11-18 19:53 53248 ----a-w- c:\windows\system32\amdpcom64.dll
2012-10-25 23:02 . 2009-11-18 19:48 43008 ----a-w- c:\windows\system32\aticalrt64.dll
2012-10-25 23:01 . 2012-10-25 23:01 -------- d-----w- c:\program files\Synaptics
2012-10-25 23:01 . 2009-08-07 16:49 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-10-25 23:01 . 2009-08-24 18:20 285744 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-10-25 23:01 . 2009-08-24 18:17 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2012-10-25 23:01 . 2009-08-24 18:17 204584 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-10-25 23:01 . 2009-08-24 18:17 147752 ----a-w- c:\windows\system32\SynTPCo4.dll
2012-10-25 23:01 . 2009-08-24 18:17 206120 ----a-w- c:\windows\SysWow64\SynCtrl.dll
2012-10-25 23:01 . 2009-08-24 18:16 261928 ----a-w- c:\windows\system32\SynCtrl.dll
2012-10-25 23:01 . 2009-08-24 18:16 169256 ----a-w- c:\windows\SysWow64\SynCOM.dll
2012-10-25 23:01 . 2009-08-24 18:16 395048 ----a-w- c:\windows\system32\SynCOM.dll
2012-10-25 22:56 . 2012-10-25 22:56 972192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BE75DF4B-D74D-4263-BCEE-92D2035BE2B7}\gapaengine.dll
2012-10-25 22:56 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EAAF1FB5-E4E5-4418-8FA6-9A4A89CEDD18}\mpengine.dll
2012-10-25 22:54 . 2012-10-25 22:54 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-10-25 22:54 . 2012-10-26 01:59 -------- d-sh--w- c:\windows\Installer
2012-10-25 22:54 . 2012-10-25 22:55 -------- d-----w- c:\program files\Microsoft Security Client
2012-10-25 22:54 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-10-25 22:54 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-10-25 22:54 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-10-25 22:54 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-10-25 22:51 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-10-25 22:51 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-10-25 22:51 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-10-25 22:51 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-10-25 22:51 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-10-25 22:51 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-10-25 22:51 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-10-25 22:50 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-10-25 22:50 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-10-25 22:49 . 2012-10-25 22:59 -------- d-----w- c:\program files (x86)\Dell
2012-10-25 22:49 . 2012-10-25 22:58 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2012-10-25 22:24 . 2012-10-26 19:57 -------- d-----w- c:\users\Eric
2012-10-25 21:52 . 2012-10-25 21:52 0 ----a-w- c:\windows\ativpsrm.bin
2012-10-25 19:48 . 2012-10-25 22:24 -------- d-----w- c:\windows\Panther
2012-10-25 19:31 . 2012-10-25 19:31 -------- d-----w- C:\Windows.old
2012-10-05 07:03 . 2012-10-05 07:04 -------- d-----w- C:\cdd8b12598fa55eea8e90b4b73c0
2012-10-05 07:03 . 2012-10-05 07:03 -------- d-----w- C:\b9d856b6daa916948513
2012-10-05 07:03 . 2012-10-05 07:03 -------- d-----w- C:\b16fdd46f39c184260aa
2012-10-05 07:03 . 2012-10-05 07:03 -------- d-----w- C:\dc3923389ab5c9821937d7d73d
2012-10-05 07:03 . 2012-10-05 07:03 -------- d-----w- C:\10054997f9b1ee5329
2012-10-05 07:02 . 2012-10-05 07:02 -------- d-----w- C:\bd61725626cab5f185e1944d957a
2012-10-05 01:54 . 2012-10-05 01:54 -------- d-----w- C:\eaa2b5fe843b0c1de81288
2012-10-05 00:57 . 2012-10-05 01:00 -------- d-----w- C:\7e57bb66a1eb7a7f8ac348e4300898
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-31 05:03 . 2012-08-31 05:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 05:03 . 2012-08-31 05:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WirelessManager"="c:\program files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe" [2009-11-26 175616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-26 250808]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-11 115168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-18 202752]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-18 56344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
 
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-26 00:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\3u5f01qr.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-56476502.sys
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-27 01:49:49
ComboFix-quarantined-files.txt 2012-10-27 08:49
.
Pre-Run: 108,688,494,592 bytes free
Post-Run: 108,272,422,912 bytes free
.
- - End Of File - - 326D3B5DEABB72FDF5A1A94150155BA4
 
rKill was not needed, first link worked without flaws.
I missed MSE when first clicking the program, but ComboFix warned me about it and I was able to disable it following the instructions in your link before hitting OK and continuing the run.
 
Looks good :)

Any current issues?

============================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Yes, computer attempted to download windows updates (which I turned off during this process so I didn't accidentally change anything.) but aside from that the issue occurred when attempting to shut down. It did not shut down, nor did it crash or blue screen. It just sat at the "Shutting down..." overnight, unable to complete.
I had to hard boot it this morning, but it still seemed to update so it being unable to shut down was the worrying part.
I am unable to download at the moment (issue of placement, not the computer) so will post the logs as soon as I can.
Thanks :)
 
OTL.txt

OTL logfile created on: 10/27/2012 8:21:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Eric\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.86 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 65.30% Memory free
7.73 Gb Paging File | 6.17 Gb Available in Paging File | 79.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 99.50 Gb Free Space | 22.06% Space Free | Partition Type: NTFS

Computer Name: ERIC-PC | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/27 20:21:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
PRC - [2012/10/25 17:22:20 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2009/11/26 15:55:26 | 000,175,616 | ---- | M] (Ericsson AB) -- C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe
PRC - [2009/11/26 11:53:44 | 000,447,488 | R--- | M] () -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/23 15:35:09 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/03/21 15:32:36 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/02/10 16:31:42 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2012/02/10 16:31:41 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2012/02/10 16:31:40 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2012/01/03 19:51:03 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/01/03 19:50:59 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2010/11/20 20:25:01 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
MOD - [2010/11/20 20:24:58 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
MOD - [2010/11/20 20:24:32 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010/11/20 20:23:48 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2009/06/10 14:14:46 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
MOD - [2009/06/10 14:14:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
MOD - [2009/06/10 14:14:43 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
MOD - [2009/03/25 20:08:54 | 000,058,880 | R--- | M] () -- C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\MBMDebug.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/11/18 13:45:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/25 17:22:21 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/10 18:05:59 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2009/11/26 11:53:44 | 000,447,488 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/01 15:08:04 | 004,745,280 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/11/18 14:21:20 | 006,171,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/09/30 09:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/24 11:20:22 | 000,285,744 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1218639081-1645466866-1277852270-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1218639081-1645466866-1277852270-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1218639081-1645466866-1277852270-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE 55 A7 E7 9E B4 CD 01 [binary data]
IE - HKU\S-1-5-21-1218639081-1645466866-1277852270-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1218639081-1645466866-1277852270-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1218639081-1645466866-1277852270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 02:49:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/10/26 02:51:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions
[2012/10/26 13:09:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\3u5f01qr.default\extensions
[2012/10/26 02:49:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/10 18:06:18 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/10 18:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/10 18:05:38 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/10/27 01:48:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1218639081-1645466866-1277852270-1000..\Run: [WirelessManager] C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe (Ericsson AB)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1218639081-1645466866-1277852270-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1218639081-1645466866-1277852270-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C43DCF6-A860-43EC-AAF9-27E7DD42A86D}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/29 16:24:31 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/27 20:21:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2012/10/27 18:47:39 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Microsoft Games
[2012/10/27 16:57:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/27 08:20:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/10/27 08:20:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/10/27 01:49:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/27 01:43:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/27 01:43:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/27 01:43:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/27 01:38:59 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/27 01:35:01 | 004,989,309 | R--- | C] (Swearware) -- C:\Users\Eric\Desktop\ComboFix.exe
[2012/10/26 15:01:50 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\RK_Quarantine
[2012/10/26 14:59:32 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Eric\Desktop\aswMBR.exe
[2012/10/26 12:56:46 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/26 02:50:53 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Mozilla
[2012/10/26 02:50:53 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Mozilla
[2012/10/26 02:50:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/10/26 02:50:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/10/26 02:49:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/25 19:52:51 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Ventrilo
[2012/10/25 18:59:42 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo
[2012/10/25 18:59:41 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2012/10/25 18:58:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/10/25 17:22:33 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Macromedia
[2012/10/25 17:22:32 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Adobe
[2012/10/25 17:22:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/10/25 17:22:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/10/25 17:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/10/25 16:48:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2012/10/25 16:48:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2012/10/25 16:48:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012/10/25 16:48:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012/10/25 16:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012/10/25 16:18:48 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Malwarebytes
[2012/10/25 16:18:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/25 16:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/25 16:18:26 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/10/25 16:18:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/25 16:11:29 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\WMCore
[2012/10/25 16:11:17 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\WirelessManager
[2012/10/25 16:06:54 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\ATI
[2012/10/25 16:06:54 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\ATI
[2012/10/25 16:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/10/25 16:06:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/10/25 16:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/10/25 16:04:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012/10/25 16:04:26 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/10/25 16:04:21 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/10/25 16:03:03 | 000,012,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2012/10/25 16:03:02 | 000,202,752 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2012/10/25 16:02:58 | 000,446,976 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2012/10/25 16:02:58 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2012/10/25 16:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012/10/25 16:01:12 | 000,285,744 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys
[2012/10/25 16:01:12 | 000,204,584 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPAPI.dll
[2012/10/25 16:01:12 | 000,147,752 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo4.dll
[2012/10/25 16:01:12 | 000,107,816 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll
[2012/10/25 16:01:11 | 000,395,048 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCOM.dll
[2012/10/25 16:01:11 | 000,261,928 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCtrl.dll
[2012/10/25 16:01:11 | 000,206,120 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll
[2012/10/25 16:01:11 | 000,169,256 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll
[2012/10/25 15:59:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Wireless
[2012/10/25 15:54:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/10/25 15:54:35 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/10/25 15:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/10/25 15:49:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell
[2012/10/25 15:49:03 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/10/25 15:34:44 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Diagnostics
[2012/10/25 15:25:25 | 000,000,000 | R--D | C] -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/10/25 15:25:25 | 000,000,000 | R--D | C] -- C:\Users\Eric\Searches
[2012/10/25 15:25:25 | 000,000,000 | R--D | C] -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/10/25 15:25:25 | 000,000,000 | -H-D | C] -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/10/25 15:25:15 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Identities
[2012/10/25 15:25:12 | 000,000,000 | R--D | C] -- C:\Users\Eric\Contacts
[2012/10/25 15:25:10 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\VirtualStore
[2012/10/25 15:24:53 | 000,000,000 | --SD | C] -- C:\Users\Eric\AppData\Roaming\Microsoft
[2012/10/25 15:24:53 | 000,000,000 | R--D | C] -- C:\Users\Eric\Videos
[2012/10/25 15:24:53 | 000,000,000 | R--D | C] -- C:\Users\Eric\Saved Games
[2012/10/25 15:24:53 | 000,000,000 | R--D | C] -- C:\Users\Eric\Pictures
[2012/10/25 15:24:53 | 000,000,000 | R--D | C] -- C:\Users\Eric\Music
[2012/10/25 15:24:53 | 000,000,000 | R--D | C] -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/10/25 15:24:53 | 000,000,000 | R--D | C] -- C:\Users\Eric\Links
[2012/10/25 15:24:53 | 000,000,000 | R--D | C] -- C:\Users\Eric\Favorites
[2012/10/25 15:24:53 | 000,000,000 | R--D | C] -- C:\Users\Eric\Downloads
[2012/10/25 15:24:53 | 000,000,000 | R--D | C] -- C:\Users\Eric\Documents
[2012/10/25 15:24:53 | 000,000,000 | R--D | C] -- C:\Users\Eric\Desktop
[2012/10/25 15:24:53 | 000,000,000 | R--D | C] -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/10/25 15:24:53 | 000,000,000 | -HSD | C] -- C:\Users\Eric\AppData\Local\Temporary Internet Files
[2012/10/25 15:24:53 | 000,000,000 | -HSD | C] -- C:\Users\Eric\Templates
[2012/10/25 15:24:53 | 000,000,000 | -HSD | C] -- C:\Users\Eric\Start Menu
[2012/10/25 15:24:53 | 000,000,000 | -HSD | C] -- C:\Users\Eric\SendTo
[2012/10/25 15:24:53 | 000,000,000 | -HSD | C] -- C:\Users\Eric\Recent
[2012/10/25 15:24:53 | 000,000,000 | -HSD | C] -- C:\Users\Eric\PrintHood
[2012/10/25 15:24:53 | 000,000,000 | -HSD | C] -- C:\Users\Eric\NetHood
[2012/10/25 15:24:53 | 000,000,000 | -HSD | C] -- C:\Users\Eric\Documents\My Videos
[2012/10/25 15:24:53 | 000,000,000 | -HSD | C] -- C:\Users\Eric\Documents\My Pictures
[2012/10/25 15:24:53 | 000,000,000 | -HSD | C] -- C:\Users\Eric\Documents\My Music
[2012/10/25 15:24:53 | 000,000,000 | -HSD | C] -- C:\Users\Eric\My Documents
[2012/10/25 15:24:53 | 000,000,000 | -HSD | C] -- C:\Users\Eric\Local Settings
[2012/10/25 15:24:53 | 000,000,000 | -HSD | C] -- C:\Users\Eric\AppData\Local\History
[2012/10/25 15:24:53 | 000,000,000 | -HSD | C] -- C:\Users\Eric\Cookies
[2012/10/25 15:24:53 | 000,000,000 | -HSD | C] -- C:\Users\Eric\Application Data
[2012/10/25 15:24:53 | 000,000,000 | -HSD | C] -- C:\Users\Eric\AppData\Local\Application Data
[2012/10/25 15:24:53 | 000,000,000 | -H-D | C] -- C:\Users\Eric\AppData
[2012/10/25 15:24:53 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Temp
[2012/10/25 15:24:53 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Microsoft
[2012/10/25 15:24:53 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Media Center Programs
[2012/10/25 14:52:49 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/10/25 14:50:34 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/10/25 14:50:01 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/10/25 12:48:50 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/10/25 12:31:15 | 000,000,000 | ---D | C] -- C:\Windows.old
[2012/10/15 10:40:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/12 17:27:22 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Eric\Desktop\TDSSKiller.exe
[2012/10/05 00:03:56 | 000,000,000 | ---D | C] -- C:\cdd8b12598fa55eea8e90b4b73c0
[2012/10/05 00:03:36 | 000,000,000 | ---D | C] -- C:\b9d856b6daa916948513
[2012/10/05 00:03:23 | 000,000,000 | ---D | C] -- C:\b16fdd46f39c184260aa
[2012/10/05 00:03:16 | 000,000,000 | ---D | C] -- C:\dc3923389ab5c9821937d7d73d
[2012/10/05 00:03:08 | 000,000,000 | ---D | C] -- C:\10054997f9b1ee5329
[2012/10/05 00:02:57 | 000,000,000 | ---D | C] -- C:\bd61725626cab5f185e1944d957a
[2012/10/04 18:54:05 | 000,000,000 | ---D | C] -- C:\eaa2b5fe843b0c1de81288
[2012/10/04 17:57:07 | 000,000,000 | ---D | C] -- C:\7e57bb66a1eb7a7f8ac348e4300898

========== Files - Modified Within 30 Days ==========

[2012/10/27 20:21:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2012/10/27 20:07:02 | 000,016,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/27 20:07:02 | 000,016,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/27 19:30:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/27 18:43:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/27 17:00:16 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/27 17:00:16 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/27 17:00:16 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/27 16:57:51 | 000,001,443 | ---- | M] () -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/27 16:55:16 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/10/27 16:54:39 | 3111,534,592 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/27 03:09:26 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/10/27 03:09:23 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/10/27 01:48:24 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/10/27 01:35:47 | 004,989,309 | R--- | M] (Swearware) -- C:\Users\Eric\Desktop\ComboFix.exe
[2012/10/26 15:18:43 | 000,000,512 | ---- | M] () -- C:\Users\Eric\Desktop\MBR.dat
[2012/10/26 15:09:00 | 447,569,194 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/10/26 14:59:48 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Eric\Desktop\aswMBR.exe
[2012/10/26 14:59:18 | 001,580,544 | ---- | M] () -- C:\Users\Eric\Desktop\RogueKiller.exe
[2012/10/26 12:55:58 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Eric\Desktop\TDSSKiller.exe
[2012/10/26 02:54:29 | 000,302,592 | ---- | M] () -- C:\Users\Eric\Desktop\qie96kz1.exe
[2012/10/26 02:50:03 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/25 18:59:42 | 000,000,919 | ---- | M] () -- C:\Users\Eric\Desktop\Ventrilo.lnk
[2012/10/25 18:59:42 | 000,000,262 | ---- | M] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/10/25 16:48:44 | 000,001,293 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/10/25 16:18:33 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/25 16:01:41 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/10/25 15:55:56 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/25 14:53:56 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/10/25 14:53:56 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/10/25 14:52:30 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012/10/04 23:21:30 | 000,002,448 | ---- | M] () -- C:\{D3A8A4DA-199B-41AC-87ED-F03BC8472D31}
[2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/10/27 03:09:26 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/10/27 03:09:23 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/10/27 01:43:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/27 01:43:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/27 01:43:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/27 01:43:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/27 01:43:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/26 15:18:43 | 000,000,512 | ---- | C] () -- C:\Users\Eric\Desktop\MBR.dat
[2012/10/26 14:59:15 | 001,580,544 | ---- | C] () -- C:\Users\Eric\Desktop\RogueKiller.exe
[2012/10/26 02:54:26 | 000,302,592 | ---- | C] () -- C:\Users\Eric\Desktop\qie96kz1.exe
[2012/10/26 02:50:03 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/26 02:50:02 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/10/25 18:59:42 | 000,000,919 | ---- | C] () -- C:\Users\Eric\Desktop\Ventrilo.lnk
[2012/10/25 18:59:38 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/10/25 17:22:23 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/25 16:48:35 | 000,001,293 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/10/25 16:18:33 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/25 16:03:02 | 000,402,016 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2012/10/25 16:03:02 | 000,196,565 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2012/10/25 16:03:00 | 000,402,016 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2012/10/25 16:02:58 | 000,019,017 | ---- | C] () -- C:\Windows\atiogl.xml
[2012/10/25 16:01:41 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/10/25 15:55:56 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/10/25 15:55:30 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/10/25 15:33:51 | 000,001,443 | ---- | C] () -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/25 15:25:35 | 000,001,415 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/10/25 15:25:27 | 000,001,449 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/10/25 15:24:53 | 000,000,290 | ---- | C] () -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/10/25 15:24:53 | 000,000,272 | ---- | C] () -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/10/25 14:53:39 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/10/25 14:53:35 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/10/25 14:52:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/10/25 14:49:35 | 447,569,194 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/10/04 23:21:25 | 000,002,448 | ---- | C] () -- C:\{D3A8A4DA-199B-41AC-87ED-F03BC8472D31}

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/25 16:11:18 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\WirelessManager
[2012/10/25 16:11:29 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\WMCore

========== Purity Check ==========


< End of report >
 
Back