Isecurity.exe/Internet Security  virus

Solved
By TechFee
Mar 21, 2012
  1. Hello,

    I’m new to this site but since signing up I can tell there is a wealth of helpful information on here!.. I actually need help removing the Internet Security virus.. I found this site by actually searching for a solution to this reoccurring virus that I can’t get rid of. Ive tried MalwareBytes, SpyBot, Smitfraud, (all in Safe Mode) All of them seem to find a little of the virus but never completely removes the virus.

    I read a string that suggested a lot of steps to remove this virus. The first two steps suggested by Broni were to run aswMBR and Bootkit remover and to post the logs. I did those two steps and I’m going to post the logs before proceeding to the next step if need be. Any help would be gratefully appreciated!

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-21 15:44:27
    -----------------------------
    15:44:27.807 OS Version: Windows 6.1.7601 Service Pack 1
    15:44:27.807 Number of processors: 2 586 0x603
    15:44:27.808 ComputerName: MELB-W10 UserName: kmanney
    15:44:35.484 Initialize success
    15:48:03.426 AVAST engine defs: 12032000
    15:48:49.869 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000032
    15:48:49.870 Disk 0 Vendor: WDC_WD25 03.0 Size: 238475MB BusType: 3
    15:48:49.872 Device \Device\00000059 -> \??\SCSI#Disk&Ven_WDC_WD25&Prod_00AAJS-60Z0A#4&1b5084af&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
    15:48:49.874 Disk 0 MBR read error 0
    15:48:49.882 Disk 0 MBR scan
    15:48:49.889 Disk 0 unknown MBR code
    15:48:49.900 MBR BIOS signature not found 0
    15:48:49.902 Disk 0 scanning sectors +488394752
    15:48:49.931 Disk 0 scanning C:\Windows\system32\drivers
    15:49:01.384 Service scanning
    15:49:26.993 Modules scanning
    15:49:32.313 Disk 0 trace - called modules:
    15:49:32.318 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x84c3149f]<<
    15:49:32.322 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84a657c8]
    15:49:32.336 3 CLASSPNP.SYS[877bc59e] -> nt!IofCallDriver -> [0x843c9c10]
    15:49:32.354 5 ACPI.sys[871ad3d4] -> nt!IofCallDriver -> \00000059[0x8487f030]
    15:49:32.365 \Driver\nvstor32[0x84c5a6e8] -> IRP_MJ_CREATE -> 0x84c3149f
    15:49:42.066 AVAST engine scan C:\Windows
    15:49:43.857 AVAST engine scan C:\Windows\system32
    15:53:43.116 AVAST engine scan C:\Windows\system32\drivers
    15:54:08.608 AVAST engine scan C:\Users\kmanney
    15:55:33.202 AVAST engine scan C:\ProgramData
    15:56:03.603 Scan finished successfully
    16:02:29.799 Disk 0 MBR has been saved successfully to "C:\Users\kmanney\Desktop\Virus removers\MBR.dat"
    16:02:29.808 The log file has been saved successfully to "C:\Users\kmanney\Desktop\Virus removers\aswMBR.txt"

    ______________________________________________________

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Service Pack 1 (build 7601), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000
    ATA_Read(): DeviceIoControl() ERROR 1
    Boot sector MD5 is: 44fc2f28117897060ed64bd414ccd31e

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...
  2. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. TechFee

    TechFee Newcomer, in training Topic Starter Posts: 29

    Additional info on virus

    Malwarebytes real time protection keeps blocking this outgoing attempt:

    2012/03/21 00:00:13 -0400 MELB-W10 kmanney IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 63266, Process: svchost.exe

    Also,It found this durning a scan

    Files Detected: 2
    C:\Windows\Temp\A565.tmp (Rogue.InternetSecurity) -> Quarantined and deleted successfully.
    C:\ProgramData\isecurity.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
    _____________________________________________________

    The Avg antivirus (now un-installed) kept detecting:

    Exploit Blackhole - from a website called www.omfggossip.com**

    _________________________________________________________

    Lastly another weird thing is that I can no longer get to google.com.. I checked for proxy's, checked the HOSTS file, Flushed DNS, rebuilt the IP Stack, ran Hi-jack this to no prevail.. All other sites can be reached
  4. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Did you read my reply?

    [​IMG]
  5. TechFee

    TechFee Newcomer, in training Topic Starter Posts: 29

    Yes!

    Sorry I was in the process of writing a reply when your reply came through.. I will follow the 5 steps and post the logs!
  6. TechFee

    TechFee Newcomer, in training Topic Starter Posts: 29

    logs

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.21.07

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    kmanney :: MELB-W10 [administrator]

    Protection: Enabled

    3/21/2012 21:06:09
    mbam-log-2012-03-21 (21-06-09).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 198101
    Time elapsed: 4 minute(s), 45 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|netsvc (TrojanProxy.Agent) -> Data: SPService^-^ -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 6
    C:\Windows\Temp\0.22689564732202328.exe (Spyware.SpyEye) -> Quarantined and deleted successfully.
    C:\Windows\Temp\0.4930402528602936.exe (Spyware.SpyEye) -> Quarantined and deleted successfully.
    C:\Windows\Temp\C782.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Windows\Temp\CD6D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Windows\Temp\F8EB.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
    C:\Windows\Temp\0.2144877487000455.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

    (end)

    __________________________________________

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-03-21 22:24:44
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000032 WDC_WD25 rev.03.0
    Running: gmer.exe; Driver: C:\Users\kmanney\AppData\Local\Temp\pwdiypog.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 MBR read error
    Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

    ---- Devices - GMER 1.0.15 ----

    Device \Device\0000005b -> \??\SCSI#Disk&Ven_WDC_WD25&Prod_00AAJS-60Z0A#4&1b5084af&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- EOF - GMER 1.0.15 ----


    _____________________________________________________________


    .
    DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
    Internet Explorer: 9.0.8112.16421
    Run by kmanney at 23:06:16 on 2012-03-21
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1791.1410 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Citrix\GoToAssist Express Customer\363\g2ax_service.exe
    C:\Program Files\Citrix\GoToAssist Express Customer\363\g2ax_comm_customer.exe
    C:\Program Files\Citrix\GoToAssist Express Customer\363\g2ax_system_customer.exe
    C:\Program Files\Citrix\GoToAssist Express Customer\363\g2ax_host.exe
    C:\Windows\system32\ctfmon.exe
    C:\Program Files\Citrix\GoToAssist Express Customer\363\g2ax_user_customer.exe
    C:\Windows\system32\ctfmon.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\Citrix\GoToAssist Express Customer\363\g2ax_user_medium_customer.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.0.2282.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: @c:\program files\msn toolbar\platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.0.2282.0\npwinext.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    mRun: [hpsysdrv] c:\program files\hewlett-packard\hp odometer\hpsysdrv.exe
    mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
    mRun: [HP KEYBOARDx] "c:\program files\hewlett-packard\hp desktop keyboard\HPKEYBOARDx.EXE"
    mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    mRun: [BATINDICATOR] c:\program files\hewlett-packard\hp mainstream keyboard\BATINDICATOR.exe
    mRun: [LaunchHPOSIAPP] c:\program files\hewlett-packard\hp mainstream keyboard\LaunchApp.exe
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{50E7F8E2-F889-426E-B7F1-F582D346E46F} : DhcpNameServer = 192.168.1.254
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Notify: GoToAssist Express Customer - c:\program files\citrix\gotoassist express customer\363\g2ax_winlogon.dll
    Hosts: 87.229.126.54 www.google.com
    Hosts: 87.229.126.55 www.bing.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\citrix\gotoassist express customer\363\g2ax_service.exe [2011-12-18 609144]
    S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 HPClientSvc;HP Client Services;c:\program files\hewlett-packard\hp client services\HPClientServices.exe [2010-10-11 246840]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-1-25 92216]
    S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-19 652360]
    S2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2011-5-19 1119768]
    S2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2011-2-22 56040]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
    S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-19 20464]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
    S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 OxPPort;OxPPort;c:\windows\system32\drivers\OxPPort.sys [2011-5-19 82048]
    S3 OxSer;OxSer;c:\windows\system32\drivers\OxSer.sys [2011-5-19 83888]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\drivers\gtkdrv.sys [2012-1-4 16128]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
    S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
    .
    =============== Created Last 30 ================
    .
    2012-03-22 00:56:37 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{53dada43-7aff-4798-8133-ed6d9c93144d}\gapaengine.dll
    2012-03-22 00:56:26 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{4a60553e-d289-4815-950a-7651685911a9}\mpengine.dll
    2012-03-22 00:53:08 -------- d-----w- c:\program files\Microsoft Security Client
    2012-03-21 20:48:58 98816 ----a-w- c:\windows\sed.exe
    2012-03-21 20:48:58 518144 ----a-w- c:\windows\SWREG.exe
    2012-03-21 20:48:58 256000 ----a-w- c:\windows\PEV.exe
    2012-03-21 20:48:58 208896 ----a-w- c:\windows\MBR.exe
    2012-03-21 20:48:46 -------- d-s---w- C:\ComboFix
    2012-03-21 20:27:32 96256 ----a-w- c:\windows\system32\chgletup.dll
    2012-03-21 17:08:43 -------- d-----w- C:\Symantec Endpoint Protection 11.0.3
    2012-03-20 20:47:56 16409960 ----a-w- C:\spybotsd162.exe
    2012-03-20 20:16:41 -------- d-----w- c:\program files\GridinSoft Trojan Killer
    2012-03-20 20:16:19 24398592 ----a-w- C:\gtk2119-setup.exe
    2012-03-20 17:45:58 691 ----a-w- c:\users\kmanney\appdata\roaming\GetValue.vbs
    2012-03-20 17:45:58 35 ----a-w- c:\users\kmanney\appdata\roaming\SetValue.bat
    2012-03-20 17:41:21 2978 ----a-w- c:\windows\system32\tmp.reg
    2012-03-20 17:41:02 80384 ----a-w- c:\windows\system32\o4Patch.exe
    2012-03-20 17:41:02 78336 ----a-w- c:\windows\system32\Agent.OMZ.Fix.exe
    2012-03-20 17:25:20 82944 ----a-w- c:\windows\system32\IEDFix.exe
    2012-03-20 17:25:20 81920 ----a-w- c:\windows\system32\IEDFix.C.exe
    2012-03-20 17:25:20 53248 ----a-w- c:\windows\system32\Process.exe
    2012-03-20 17:25:20 51200 ----a-w- c:\windows\system32\dumphive.exe
    2012-03-20 17:25:20 289144 ----a-w- c:\windows\system32\VCCLSID.exe
    2012-03-20 17:25:20 288417 ----a-w- c:\windows\system32\SrchSTS.exe
    2012-03-20 17:25:20 25600 ----a-w- c:\windows\system32\WS2Fix.exe
    2012-03-19 23:15:34 123904 ----a-w- c:\windows\system32\poqexec.exe
    2012-03-19 23:14:45 -------- d-----w- c:\program files\MSXML 4.0
    2012-03-19 23:04:11 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-19 23:04:10 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-03-19 23:03:14 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-03-19 23:02:07 1288472 ----a-w- c:\windows\system32\ntdll.dll
    2012-03-19 23:02:07 -------- d--h--w- C:\RBin
    2012-03-19 21:30:38 28172738 ----a-w- C:\31912 530.reg
    2012-03-19 16:18:41 186 ----a-w- C:\new.reg
    2012-03-19 13:45:46 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-05 22:31:38 126394 ----a-w- C:\cc_20120305_173129.reg
    2012-03-02 17:59:56 -------- d-----w- c:\program files\CCleaner
    .
    ==================== Find3M ====================
    .
    2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-04 14:28:36 16128 ----a-w- c:\windows\system32\drivers\gtkdrv.sys
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.1.7601 Disk: WDC_WD25 rev.03.0 -> Harddisk0\DR0 ->
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x84BE349F]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x84bea738]; MOV EAX, [0x84bea8ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x81A7052A] -> \Device\Harddisk0\DR0[0x84A72460]
    3 CLASSPNP[0x8778659E] -> ntkrnlpa!IofCallDriver[0x81A7052A] -> [0x83AD6E00]
    5 ACPI[0x8723D3D4] -> ntkrnlpa!IofCallDriver[0x81A7052A] -> \0000005b[0x848889E0]
    \Driver\nvstor32[0x84BC3D48] -> IRP_MJ_CREATE -> 0x84BE349F
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV ES, AX; MOV DS, AX; MOV SI, SP; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; JMP FAR 0x0:0x660; }
    detected disk devices:
    \Device\0000005b -> \??\SCSI#Disk&Ven_WDC_WD25&Prod_00AAJS-60Z0A#4&1b5084af&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 23:08:06.55 ===============

    _____________________________________________________________


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/6/2011 10:21:18
    System Uptime: 3/21/2012 21:57:59 (2 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | 2A99
    Processor: AMD Athlon(tm) II X2 220 Processor | CPU 1 | 2812/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 224 GiB total, 195.748 GiB free.
    D: is FIXED (NTFS) - 9 GiB total, 1.128 GiB free.
    E: is CDROM ()
    Z: is NetworkDisk (NTFS) - 224 GiB total, 194.236 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Security Processor Loader Driver
    Device ID: ROOT\LEGACY_SPLDR\0000
    Manufacturer:
    Name: Security Processor Loader Driver
    PNP Device ID: ROOT\LEGACY_SPLDR\0000
    Service: spldr
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.2)
    Agatha Christie - Peril at End House
    Bejeweled 2 Deluxe
    Bejeweled 3
    Bing Bar
    Bing Bar Platform
    Bing Rewards Client Installer
    Blackhawk Striker 2
    Blasterball 3
    Blio
    Bounce Symphony
    Build-a-lot 2
    Cake Mania
    Chuzzle Deluxe
    Closers' Choice
    Definition update for Microsoft Office 2010 (KB982726)
    Diner Dash 2 Restaurant Rescue
    DirectX for Managed Code Update (Summer 2004)
    Dora's World Adventure
    Farm Frenzy
    FATE - The Traitor Soul
    Fort Dox
    GoToManage Customer 1.6.0.363
    GoToMeeting 4.5.0.457
    HP Auto
    HP Client Services
    HP Connect Solutions
    HP Customer Experience Enhancements
    HP Desktop Keyboard
    HP Games
    HP MAINSTREAM KEYBOARD
    HP Odometer
    HP Remote Solution
    HP Setup
    HP Setup Manager
    HP Support Assistant
    HP Support Information
    HP Vision Hardware Diagnostics
    HPAsset component for HP Active Support Library
    Java Auto Updater
    Java(TM) 6 Update 26
    Kobo
    Mah Jong Medley
    Malwarebytes Anti-Malware version 1.60.1.1000
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Antimalware
    Microsoft Default Manager
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Business 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Outlook Social Connector (KB2289116) ªº§ó·s
    Microsoft Search Enhancement Pack
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft_VC90_CRT_x86
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery P.I. - Stolen in San Francisco
    Namco All-Stars PAC-MAN
    Norton Internet Security
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA ForceWare Network Access Manager
    PDF Complete Special Edition
    Penguins!
    Plants vs. Zombies - Game of the Year
    PlayReady PC Runtime x86
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    PressReader
    Realtek High Definition Audio Driver
    Recovery Manager
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft Publisher 2010 (KB2409055)
    Security Update for Microsoft Word 2010 (KB2345000)
    SHARP PCL6 T1 Printer Driver
    Slingo Supreme
    Trojan Killer
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2413186)
    Update for Microsoft OneNote 2010 (KB2433299)
    Update Installer for WildTangent Games App
    Virtual Villagers 4 - The Tree of Life
    Wheel of Fortune 2
    WildTangent Games App (HP Games)
    Windows Live ID Sign-in Assistant
    Xobni
    Zinio Reader 4
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/21/2012 23:08:12, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    3/21/2012 23:04:48, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    3/21/2012 23:03:12, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    3/21/2012 23:03:12, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    3/21/2012 22:23:10, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
    3/21/2012 22:23:10, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    3/21/2012 22:23:10, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    3/21/2012 22:11:42, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    3/21/2012 22:11:42, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    3/21/2012 22:11:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/21/2012 22:11:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    3/21/2012 21:58:49, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr vpcvmm Wanarpv6
    3/21/2012 21:51:27, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
    3/21/2012 21:51:27, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "776" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    3/21/2012 21:51:06, Error: Service Control Manager [7000] - The Secondary Logon service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
    3/21/2012 21:51:05, Error: Service Control Manager [7000] - The Workstation service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
    3/21/2012 21:51:02, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000008e (0xc0000005, 0x833a0cb6, 0xaad4b338, 0x00000000). A dump was saved in: C:\Windows\Minidump\032112-32027-01.dmp. Report Id: 032112-32027-01.
    3/21/2012 21:34:57, Error: Service Control Manager [7000] - The Group Policy Client service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
    3/21/2012 21:34:57, Error: Service Control Manager [7000] - The Desktop Window Manager Session Manager service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
    3/21/2012 21:34:47, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000008e (0xc0000005, 0x8337fcb6, 0xaa5eb338, 0x00000000). A dump was saved in: C:\Windows\Minidump\032112-30997-01.dmp. Report Id: 032112-30997-01.
    3/21/2012 21:03:07, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    3/21/2012 18:31:18, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr vpcvmm Wanarpv6
    3/21/2012 18:28:47, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
    3/21/2012 18:28:47, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/21/2012 17:15:16, Error: Service Control Manager [7000] - The SSDP Discovery service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
    3/21/2012 17:14:58, Error: Service Control Manager [7000] - The Network Location Awareness service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
    3/21/2012 17:14:55, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007e (0xc0000005, 0x81ab6ca0, 0x88440b4c, 0x88440730). A dump was saved in: C:\Windows\Minidump\032112-57923-01.dmp. Report Id: 032112-57923-01.
    3/21/2012 16:51:25, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    3/21/2012 16:49:03, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
    3/21/2012 15:31:36, Error: Service Control Manager [7023] - The Server service terminated with the following error: A specified authentication package is unknown.
    3/21/2012 15:31:35, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: A specified authentication package is unknown.
    3/21/2012 15:31:29, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/21/2012 15:31:29, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/21/2012 15:31:29, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/21/2012 15:31:29, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    3/21/2012 15:31:29, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/21/2012 15:31:29, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/21/2012 15:31:29, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    3/21/2012 15:31:29, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    3/21/2012 15:31:29, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    3/21/2012 15:31:29, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/21/2012 15:31:23, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    3/21/2012 14:55:35, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007e (0xc0000005, 0x82ae5ca0, 0x9871fb4c, 0x9871f730). A dump was saved in: C:\Windows\Minidump\032112-73694-01.dmp. Report Id: 032112-73694-01.
    3/21/2012 14:52:47, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    3/21/2012 14:46:44, Error: Microsoft-Windows-WHEA-Logger [20] - A fatal hardware error has occurred. Component: AMD Northbridge Error Source: Machine Check Exception Error Type: Sync Error Processor ID: 0 The details view of this entry contains further information.
    3/21/2012 12:57:10, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: A thread could not be created for the service.
    3/21/2012 08:09:43, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
    3/21/2012 08:09:43, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
    3/21/2012 03:26:00, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
    3/21/2012 03:25:00, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    3/21/2012 03:24:00, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    3/21/2012 03:06:53, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
    3/21/2012 03:06:53, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/20/2012 17:23:33, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007e (0xc0000005, 0x81aa4ca0, 0x88448b4c, 0x88448730). A dump was saved in: C:\Windows\Minidump\032012-41090-01.dmp. Report Id: 032012-41090-01.
    3/20/2012 16:02:48, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 discache spldr vpcvmm Wanarpv6
    3/20/2012 15:49:39, Error: Service Control Manager [7000] - The Windows Audio service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
    3/20/2012 15:49:39, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007f (0x00000008, 0x807c8750, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\Minidump\032012-40763-01.dmp. Report Id: 032012-40763-01.
    3/20/2012 11:36:21, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
    3/20/2012 10:58:07, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the XobniService service to connect.
    3/20/2012 10:58:07, Error: Service Control Manager [7000] - The XobniService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/20/2012 10:54:47, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    3/20/2012 10:53:01, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
    3/20/2012 10:52:31, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
    3/20/2012 10:47:21, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/20/2012 10:11:45, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
    3/20/2012 10:10:45, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the seclogon service.
    3/20/2012 10:08:45, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
    3/19/2012 18:25:10, Error: Service Control Manager [7034] - The PDF Document Manager service terminated unexpectedly. It has done this 1 time(s).
    3/19/2012 17:53:44, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007e (0xc0000005, 0x82adccbd, 0x8a127b4c, 0x8a127730). A dump was saved in: C:\Windows\Minidump\031912-38501-01.dmp. Report Id: 031912-38501-01.
    3/19/2012 17:43:49, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    3/19/2012 13:33:16, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007e (0xc0000005, 0x81aaacbd, 0x88434b4c, 0x88434730). A dump was saved in: C:\Windows\Minidump\031912-42962-01.dmp. Report Id: 031912-42962-01.
    3/19/2012 13:01:34, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
    3/19/2012 12:06:11, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007f (0x0000000d, 0x00000000, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\Minidump\031912-37736-01.dmp. Report Id: 031912-37736-01.
    3/19/2012 08:47:35, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007e (0xc0000005, 0x82ae4cbd, 0x9ca47b4c, 0x9ca47730). A dump was saved in: C:\Windows\Minidump\031912-26114-01.dmp. Report Id: 031912-26114-01.
    3/19/2012 08:43:54, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007e (0xc0000005, 0x82ab5cbd, 0x9a147b4c, 0x9a147730). A dump was saved in: C:\Windows\Minidump\031912-26816-01.dmp. Report Id: 031912-26816-01.
    3/19/2012 08:39:02, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    3/19/2012 08:38:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    3/19/2012 08:38:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    3/19/2012 08:37:36, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vpcnfltr vpcvmm Wanarpv6 WfpLwf ws2ifsl
    3/19/2012 08:37:36, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    3/19/2012 08:37:36, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/19/2012 08:37:36, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/19/2012 08:37:36, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/19/2012 08:37:36, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/19/2012 08:37:32, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/19/2012 08:37:32, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/19/2012 08:37:32, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    3/19/2012 08:37:32, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/19/2012 08:37:32, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/19/2012 08:37:30, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007e (0xc0000005, 0x82ae2cbd, 0x8a127b4c, 0x8a127730). A dump was saved in: C:\Windows\Minidump\031912-19156-01.dmp. Report Id: 031912-19156-01.
    3/19/2012 08:33:18, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007e (0xc0000005, 0x82af3cbd, 0x8a127b4c, 0x8a127730). A dump was saved in: C:\Windows\Minidump\031912-26910-01.dmp. Report Id: 031912-26910-01.
    3/19/2012 08:31:26, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007e (0xc0000005, 0x82adbcbd, 0x9c395b4c, 0x9c395730). A dump was saved in: C:\Windows\Minidump\031912-52229-01.dmp. Report Id: 031912-52229-01.
    3/19/2012 08:28:52, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007e (0xc0000005, 0x82af0cbd, 0x8a123b4c, 0x8a123730). A dump was saved in: C:\Windows\Minidump\031912-33977-01.dmp. Report Id: 031912-33977-01.
    3/19/2012 03:39:53, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
    3/19/2012 03:39:53, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/19/2012 03:39:53, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/19/2012 03:39:53, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    3/19/2012 03:39:53, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    3/19/2012 03:39:53, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    3/19/2012 03:39:52, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    3/19/2012 03:39:52, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    3/19/2012 03:39:52, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    3/19/2012 03:39:52, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    3/18/2012 23:27:37, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
    3/18/2012 23:27:36, Error: Service Control Manager [7034] - The HP Client Services service terminated unexpectedly. It has done this 1 time(s).
    3/18/2012 23:27:36, Error: Service Control Manager [7031] - The GoToAssist Express Customer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    3/18/2012 23:27:35, Error: Service Control Manager [7034] - The HP Quick Synchronization Service service terminated unexpectedly. It has done this 1 time(s).
    3/18/2012 23:27:33, Error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
    3/18/2012 23:27:33, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    3/18/2012 23:27:33, Error: Service Control Manager [7031] - The HP Health Check Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/18/2012 23:27:32, Error: Service Control Manager [7034] - The ForceWare IP service service terminated unexpectedly. It has done this 1 time(s).
    3/18/2012 23:27:32, Error: Service Control Manager [7034] - The ForceWare Intelligent Application Manager (IAM) service terminated unexpectedly. It has done this 1 time(s).
    3/18/2012 23:27:28, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    3/18/2012 20:18:02, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    3/18/2012 20:18:02, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/18/2012 15:48:02, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
    3/18/2012 13:32:11, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007e (0xc0000005, 0x82aa7cbd, 0x8a123b4c, 0x8a123730). A dump was saved in: C:\Windows\Minidump\031812-42884-01.dmp. Report Id: 031812-42884-01.
    3/18/2012 11:56:51, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: Not enough storage is available to process this command.
    3/18/2012 11:56:51, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: A thread could not be created for the service.
    3/18/2012 11:49:30, Error: Microsoft-Windows-GroupPolicy [1030] - The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
    .
    ==== End Of File ===========================
  7. TechFee

    TechFee Newcomer, in training Topic Starter Posts: 29

    DDS and Attach log

    Those scans were done in Safe mode. Is that OK or should I reproduce? MalwareBytes and GMER were done in normal mode.
  8. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  9. TechFee

    TechFee Newcomer, in training Topic Starter Posts: 29

    TDSS log part 1

    23:41:33.0276 3716 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
    23:41:34.0571 3716 ============================================================
    23:41:34.0571 3716 Current date / time: 2012/03/21 23:41:34.0571
    23:41:34.0571 3716 SystemInfo:
    23:41:34.0571 3716
    23:41:34.0571 3716 OS Version: 6.1.7601 ServicePack: 1.0
    23:41:34.0571 3716 Product type: Workstation
    23:41:34.0571 3716 ComputerName: MELB-W10
    23:41:34.0571 3716 UserName: kmanney
    23:41:34.0571 3716 Windows directory: C:\Windows
    23:41:34.0571 3716 System windows directory: C:\Windows
    23:41:34.0571 3716 Processor architecture: Intel x86
    23:41:34.0571 3716 Number of processors: 2
    23:41:34.0571 3716 Page size: 0x1000
    23:41:34.0571 3716 Boot type: Safe boot with network
    23:41:34.0571 3716 ============================================================
    23:41:35.0821 3716 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    23:41:35.0830 3716 \Device\Harddisk0\DR0:
    23:41:35.0830 3716 MBR used
    23:41:35.0830 3716 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    23:41:35.0830 3716 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1BF07000
    23:41:35.0830 3716 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BF39800, BlocksNum 0x128B800
    23:41:35.0893 3716 Initialize success
    23:41:35.0893 3716 ============================================================
    23:41:39.0308 2864 ============================================================
    23:41:39.0308 2864 Scan started
    23:41:39.0308 2864 Mode: Manual;
    23:41:39.0308 2864 ============================================================
    23:41:44.0321 2864 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
    23:41:44.0523 2864 1394ohci - ok
    23:41:44.0588 2864 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
    23:41:44.0591 2864 ACPI - ok
    23:41:44.0630 2864 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
    23:41:44.0631 2864 AcpiPmi - ok
    23:41:44.0759 2864 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    23:41:44.0761 2864 AdobeARMservice - ok
    23:41:44.0811 2864 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
    23:41:44.0816 2864 adp94xx - ok
    23:41:44.0847 2864 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
    23:41:44.0850 2864 adpahci - ok
    23:41:44.0882 2864 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
    23:41:44.0884 2864 adpu320 - ok
    23:41:44.0914 2864 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
    23:41:44.0915 2864 AeLookupSvc - ok
    23:41:44.0971 2864 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys
    23:41:44.0974 2864 AFD - ok
    23:41:44.0995 2864 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
    23:41:44.0996 2864 agp440 - ok
    23:41:45.0035 2864 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
    23:41:45.0037 2864 aic78xx - ok
    23:41:45.0077 2864 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
    23:41:45.0078 2864 ALG - ok
    23:41:45.0110 2864 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
    23:41:45.0111 2864 aliide - ok
    23:41:45.0151 2864 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
    23:41:45.0152 2864 amdagp - ok
    23:41:45.0177 2864 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
    23:41:45.0178 2864 amdide - ok
    23:41:45.0206 2864 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
    23:41:45.0207 2864 AmdK8 - ok
    23:41:45.0236 2864 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
    23:41:45.0238 2864 AmdPPM - ok
    23:41:45.0270 2864 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
    23:41:45.0271 2864 amdsata - ok
    23:41:45.0289 2864 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
    23:41:45.0291 2864 amdsbs - ok
    23:41:45.0308 2864 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
    23:41:45.0309 2864 amdxata - ok
    23:41:45.0351 2864 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
    23:41:45.0352 2864 AppID - ok
    23:41:45.0377 2864 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
    23:41:45.0378 2864 AppIDSvc - ok
    23:41:45.0417 2864 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
    23:41:45.0418 2864 Appinfo - ok
    23:41:45.0455 2864 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
    23:41:45.0457 2864 AppMgmt - ok
    23:41:45.0510 2864 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
    23:41:45.0511 2864 arc - ok
    23:41:45.0528 2864 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
    23:41:45.0530 2864 arcsas - ok
    23:41:45.0616 2864 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    23:41:45.0617 2864 aspnet_state - ok
    23:41:45.0650 2864 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    23:41:45.0650 2864 AsyncMac - ok
    23:41:45.0683 2864 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
    23:41:45.0683 2864 atapi - ok
    23:41:45.0729 2864 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
    23:41:45.0744 2864 AudioEndpointBuilder - ok
    23:41:45.0752 2864 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
    23:41:45.0756 2864 Audiosrv - ok
    23:41:45.0789 2864 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
    23:41:45.0790 2864 AxInstSV - ok
    23:41:45.0841 2864 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
    23:41:45.0846 2864 b06bdrv - ok
    23:41:45.0877 2864 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    23:41:45.0880 2864 b57nd60x - ok
    23:41:45.0906 2864 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
    23:41:45.0907 2864 BDESVC - ok
    23:41:45.0924 2864 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    23:41:45.0924 2864 Beep - ok
    23:41:45.0960 2864 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
    23:41:45.0965 2864 BFE - ok
    23:41:45.0998 2864 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
    23:41:46.0015 2864 BITS - ok
    23:41:46.0067 2864 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\drivers\blbdrive.sys
    23:41:46.0068 2864 blbdrive - ok
    23:41:46.0091 2864 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
    23:41:46.0092 2864 bowser - ok
    23:41:46.0121 2864 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
    23:41:46.0138 2864 BrFiltLo - ok
    23:41:46.0146 2864 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
    23:41:46.0147 2864 BrFiltUp - ok
    23:41:46.0193 2864 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
    23:41:46.0195 2864 BridgeMP - ok
    23:41:46.0219 2864 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
    23:41:46.0221 2864 Browser - ok
    23:41:46.0259 2864 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    23:41:46.0263 2864 Brserid - ok
    23:41:46.0283 2864 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    23:41:46.0285 2864 BrSerWdm - ok
    23:41:46.0304 2864 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    23:41:46.0305 2864 BrUsbMdm - ok
    23:41:46.0320 2864 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    23:41:46.0321 2864 BrUsbSer - ok
    23:41:46.0504 2864 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
    23:41:46.0509 2864 BTHMODEM - ok
    23:41:46.0558 2864 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
    23:41:46.0560 2864 bthserv - ok
    23:41:46.0646 2864 catchme - ok
    23:41:46.0689 2864 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    23:41:46.0691 2864 cdfs - ok
    23:41:46.0741 2864 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
    23:41:46.0743 2864 cdrom - ok
    23:41:46.0783 2864 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
    23:41:46.0784 2864 CertPropSvc - ok
    23:41:46.0808 2864 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
    23:41:46.0809 2864 circlass - ok
    23:41:46.0827 2864 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    23:41:46.0830 2864 CLFS - ok
    23:41:46.0913 2864 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    23:41:46.0914 2864 clr_optimization_v2.0.50727_32 - ok
    23:41:46.0978 2864 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    23:41:46.0980 2864 clr_optimization_v4.0.30319_32 - ok
    23:41:47.0034 2864 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys
    23:41:47.0035 2864 CmBatt - ok
    23:41:47.0067 2864 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
    23:41:47.0068 2864 cmdide - ok
    23:41:47.0097 2864 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    23:41:47.0101 2864 CNG - ok
    23:41:47.0117 2864 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
    23:41:47.0118 2864 Compbatt - ok
    23:41:47.0175 2864 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
    23:41:47.0176 2864 CompositeBus - ok
    23:41:47.0194 2864 COMSysApp - ok
    23:41:47.0215 2864 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
    23:41:47.0215 2864 crcdisk - ok
    23:41:47.0249 2864 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
    23:41:47.0251 2864 CryptSvc - ok
    23:41:47.0283 2864 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
    23:41:47.0288 2864 CSC - ok
    23:41:47.0310 2864 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
    23:41:47.0326 2864 CscService - ok
    23:41:47.0354 2864 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
    23:41:47.0360 2864 DcomLaunch - ok
    23:41:47.0386 2864 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
    23:41:47.0388 2864 defragsvc - ok
    23:41:47.0444 2864 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
    23:41:47.0445 2864 DfsC - ok
    23:41:47.0490 2864 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
    23:41:47.0493 2864 Dhcp - ok
    23:41:47.0512 2864 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    23:41:47.0513 2864 discache - ok
    23:41:47.0569 2864 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
    23:41:47.0570 2864 Disk - ok
    23:41:47.0596 2864 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
    23:41:47.0598 2864 dmvsc - ok
    23:41:47.0618 2864 Dnscache (2fe30d71919c51131405797620e0a714) C:\Windows\System32\dnsrslvr.dll
    23:41:47.0620 2864 Dnscache - ok
    23:41:47.0638 2864 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
    23:41:47.0641 2864 dot3svc - ok
    23:41:47.0662 2864 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
    23:41:47.0664 2864 DPS - ok
    23:41:47.0701 2864 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    23:41:47.0701 2864 drmkaud - ok
    23:41:47.0731 2864 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
    23:41:47.0748 2864 DXGKrnl - ok
    23:41:47.0769 2864 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
    23:41:47.0771 2864 EapHost - ok
    23:41:47.0855 2864 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
    23:41:47.0907 2864 ebdrv - ok
    23:41:47.0935 2864 EFS (f42309c4191c506b71db5d1126d26318) C:\Windows\System32\lsass.exe
    23:41:47.0936 2864 EFS - ok
    23:41:47.0983 2864 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
    23:41:47.0998 2864 ehRecvr - ok
    23:41:48.0009 2864 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
    23:41:48.0010 2864 ehSched - ok
    23:41:48.0063 2864 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
    23:41:48.0077 2864 elxstor - ok
    23:41:48.0102 2864 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
    23:41:48.0102 2864 ErrDev - ok
    23:41:48.0146 2864 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
    23:41:48.0171 2864 EventSystem - ok
    23:41:48.0194 2864 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    23:41:48.0196 2864 exfat - ok
    23:41:48.0216 2864 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    23:41:48.0218 2864 fastfat - ok
    23:41:48.0253 2864 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
    23:41:48.0268 2864 Fax - ok
    23:41:48.0295 2864 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
    23:41:48.0296 2864 fdc - ok
    23:41:48.0313 2864 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
    23:41:48.0314 2864 fdPHost - ok
    23:41:48.0336 2864 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
    23:41:48.0368 2864 FDResPub - ok
    23:41:48.0714 2864 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    23:41:48.0729 2864 FileInfo - ok
    23:41:48.0778 2864 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    23:41:48.0779 2864 Filetrace - ok
    23:41:48.0810 2864 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
    23:41:48.0811 2864 flpydisk - ok
    23:41:48.0844 2864 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    23:41:48.0847 2864 FltMgr - ok
    23:41:48.0879 2864 FontCache (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll
    23:41:48.0896 2864 FontCache - ok
    23:41:48.0968 2864 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    23:41:48.0969 2864 FontCache3.0.0.0 - ok
    23:41:49.0033 2864 ForceWare Intelligent Application Manager (IAM) (b0424bd9c497b72c3f35a42e6e21d41b) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    23:41:49.0038 2864 ForceWare Intelligent Application Manager (IAM) - ok
    23:41:49.0090 2864 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    23:41:49.0091 2864 FsDepends - ok
    23:41:49.0118 2864 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    23:41:49.0119 2864 Fs_Rec - ok
    23:41:49.0154 2864 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
    23:41:49.0177 2864 fvevol - ok
    23:41:49.0217 2864 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
    23:41:49.0220 2864 gagp30kx - ok
    23:41:49.0275 2864 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files\WildTangent Games\App\GamesAppService.exe
    23:41:49.0278 2864 GamesAppService - ok
    23:41:49.0347 2864 GoToAssist Express Customer (6eb738ffc7dc8066eb5f4c6c5a5cdbe2) C:\Program Files\Citrix\GoToAssist Express Customer\363\g2ax_service.exe
    23:41:49.0363 2864 GoToAssist Express Customer - ok
    23:41:49.0447 2864 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
    23:41:49.0462 2864 gpsvc - ok
    23:41:49.0504 2864 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    23:41:49.0505 2864 hcw85cir - ok
    23:41:49.0541 2864 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
    23:41:49.0544 2864 HdAudAddService - ok
    23:41:49.0612 2864 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
    23:41:49.0614 2864 HDAudBus - ok
    23:41:49.0636 2864 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
    23:41:49.0637 2864 HidBatt - ok
    23:41:49.0652 2864 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
    23:41:49.0654 2864 HidBth - ok
    23:41:49.0687 2864 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
    23:41:49.0688 2864 HidIr - ok
    23:41:49.0711 2864 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
    23:41:49.0712 2864 hidserv - ok
    23:41:49.0747 2864 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
    23:41:49.0748 2864 HidUsb - ok
    23:41:49.0779 2864 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
    23:41:49.0781 2864 hkmsvc - ok
    23:41:49.0804 2864 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
    23:41:49.0807 2864 HomeGroupListener - ok
    23:41:49.0832 2864 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
    23:41:49.0835 2864 HomeGroupProvider - ok
    23:41:49.0923 2864 HP Health Check Service (45a12cacb97b4f15858fcfd59355a1e9) C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    23:41:49.0925 2864 HP Health Check Service - ok
    23:41:49.0956 2864 HPClientSvc (dfec85328a07e518b4dbdf43bbba5740) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    23:41:49.0959 2864 HPClientSvc - ok
    23:41:49.0969 2864 HPDrvMntSvc.exe (f55442690a70a0278a7eed4faaebf576) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    23:41:49.0971 2864 HPDrvMntSvc.exe - ok
    23:41:50.0000 2864 hpqwmiex (640e51db253265c3eac075866b3d2b33) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    23:41:50.0018 2864 hpqwmiex - ok
    23:41:50.0215 2864 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
    23:41:50.0216 2864 HpSAMD - ok
    23:41:50.0255 2864 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
    23:41:50.0261 2864 HTTP - ok
    23:41:50.0273 2864 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
    23:41:50.0273 2864 hwpolicy - ok
    23:41:50.0320 2864 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
    23:41:50.0322 2864 i8042prt - ok
    23:41:51.0191 2864 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
    23:41:51.0219 2864 iaStorV - ok
    23:41:51.0410 2864 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    23:41:51.0427 2864 idsvc - ok
    23:41:51.0551 2864 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
    23:41:51.0635 2864 igfx - ok
    23:41:51.0674 2864 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
    23:41:51.0675 2864 iirsp - ok
    23:41:51.0703 2864 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
    23:41:51.0720 2864 IKEEXT - ok
    23:41:51.0920 2864 IntcAzAudAddService (5294f1c52a6d8c2a15ffd2945c552736) C:\Windows\system32\drivers\RTKVHDA.sys
    23:41:51.0979 2864 IntcAzAudAddService - ok
    23:41:52.0050 2864 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
    23:41:52.0051 2864 intelide - ok
    23:41:52.0089 2864 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\drivers\intelppm.sys
    23:41:52.0091 2864 intelppm - ok
    23:41:52.0117 2864 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
    23:41:52.0119 2864 IPBusEnum - ok
    23:41:52.0141 2864 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    23:41:52.0142 2864 IpFilterDriver - ok
    23:41:52.0173 2864 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
    23:41:52.0179 2864 iphlpsvc - ok
    23:41:52.0197 2864 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
    23:41:52.0205 2864 IPMIDRV - ok
    23:41:52.0228 2864 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    23:41:52.0229 2864 IPNAT - ok
    23:41:52.0257 2864 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    23:41:52.0258 2864 IRENUM - ok
    23:41:52.0280 2864 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
    23:41:52.0281 2864 isapnp - ok
    23:41:52.0302 2864 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
    23:41:52.0305 2864 iScsiPrt - ok
    23:41:52.0409 2864 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    23:41:52.0410 2864 kbdclass - ok
    23:41:52.0443 2864 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
    23:41:52.0444 2864 kbdhid - ok
    23:41:52.0468 2864 KeyIso (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
    23:41:52.0469 2864 KeyIso - ok
    23:41:52.0556 2864 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
    23:41:52.0557 2864 KSecDD - ok
    23:41:52.0574 2864 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
    23:41:52.0576 2864 KSecPkg - ok
    23:41:52.0609 2864 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
    23:41:52.0613 2864 KtmRm - ok
    23:41:52.0682 2864 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
    23:41:52.0686 2864 LanmanServer - ok
    23:41:52.0787 2864 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
    23:41:52.0790 2864 LanmanWorkstation - ok
    23:41:52.0849 2864 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    23:41:52.0850 2864 lltdio - ok
    23:41:52.0879 2864 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
    23:41:52.0882 2864 lltdsvc - ok
    23:41:52.0897 2864 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
    23:41:52.0899 2864 lmhosts - ok
    23:41:52.0939 2864 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
    23:41:52.0940 2864 LSI_FC - ok
    23:41:52.0968 2864 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
    23:41:52.0970 2864 LSI_SAS - ok
    23:41:52.0997 2864 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
    23:41:52.0998 2864 LSI_SAS2 - ok
    23:41:53.0029 2864 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
    23:41:53.0031 2864 LSI_SCSI - ok
    23:41:53.0118 2864 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    23:41:53.0120 2864 luafv - ok
    23:41:53.0190 2864 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
    23:41:53.0191 2864 MBAMProtector - ok
    23:41:53.0289 2864 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    23:41:53.0305 2864 MBAMService - ok
    23:41:53.0334 2864 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
    23:41:53.0336 2864 Mcx2Svc - ok
    23:41:53.0379 2864 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
    23:41:53.0380 2864 megasas - ok
    23:41:53.0410 2864 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
    23:41:53.0413 2864 MegaSR - ok
    23:41:53.0427 2864 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    23:41:53.0429 2864 MMCSS - ok
    23:41:53.0457 2864 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    23:41:53.0458 2864 Modem - ok
    23:41:53.0488 2864 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    23:41:53.0489 2864 monitor - ok
    23:41:53.0529 2864 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    23:41:53.0530 2864 mouclass - ok
    23:41:53.0567 2864 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    23:41:53.0568 2864 mouhid - ok
    23:41:53.0581 2864 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
    23:41:53.0582 2864 mountmgr - ok
    23:41:53.0622 2864 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
    23:41:53.0624 2864 MpFilter - ok
    23:41:53.0652 2864 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
    23:41:53.0654 2864 mpio - ok
    23:41:53.0674 2864 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
    23:41:53.0675 2864 MpNWMon - ok
    23:41:53.0694 2864 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    23:41:53.0695 2864 mpsdrv - ok
    23:41:53.0722 2864 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
    23:41:53.0737 2864 MpsSvc - ok
    23:41:53.0758 2864 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
    23:41:53.0760 2864 MRxDAV - ok
    23:41:53.0778 2864 mrxsmb (b272b4c3e085ea860c12f2e4faf2ffa2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    23:41:53.0780 2864 mrxsmb - ok
    23:41:53.0798 2864 mrxsmb10 (9ac33ef26c8a3ad0f117d00eb7301d03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    23:41:53.0801 2864 mrxsmb10 - ok
    23:41:53.0818 2864 mrxsmb20 (e0abdb5ed7e199e242a7d028e76c1d3a) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    23:41:53.0819 2864 mrxsmb20 - ok
    23:41:53.0850 2864 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
    23:41:53.0851 2864 msahci - ok
    23:41:53.0861 2864 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
    23:41:53.0863 2864 msdsm - ok
    23:41:53.0883 2864 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
    23:41:53.0886 2864 MSDTC - ok
    23:41:53.0905 2864 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    23:41:53.0907 2864 Msfs - ok
    23:41:53.0922 2864 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    23:41:53.0923 2864 mshidkmdf - ok
    23:41:53.0945 2864 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
    23:41:53.0946 2864 msisadrv - ok
    23:41:53.0993 2864 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
    23:41:53.0995 2864 MSiSCSI - ok
    23:41:54.0004 2864 msiserver - ok
    23:41:54.0029 2864 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    23:41:54.0030 2864 MSKSSRV - ok
    23:41:54.0121 2864 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    23:41:54.0122 2864 MsMpSvc - ok
    23:41:54.0137 2864 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    23:41:54.0137 2864 MSPCLOCK - ok
    23:41:54.0147 2864 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    23:41:54.0147 2864 MSPQM - ok
    23:41:54.0167 2864 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    23:41:54.0169 2864 MsRPC - ok
    23:41:54.0197 2864 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
    23:41:54.0197 2864 mssmbios - ok
    23:41:54.0218 2864 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    23:41:54.0219 2864 MSTEE - ok
    23:41:54.0246 2864 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
    23:41:54.0247 2864 MTConfig - ok
    23:41:54.0268 2864 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    23:41:54.0270 2864 Mup - ok
    23:41:54.0299 2864 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
    23:41:54.0304 2864 napagent - ok
    23:41:54.0417 2864 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    23:41:54.0420 2864 NativeWifiP - ok
    23:41:54.0454 2864 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
    23:41:54.0471 2864 NDIS - ok
    23:41:54.0490 2864 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
  10. TechFee

    TechFee Newcomer, in training Topic Starter Posts: 29

    part 2

    23:41:54.0491 2864 NdisCap - ok
    23:41:54.0518 2864 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    23:41:54.0519 2864 NdisTapi - ok
    23:41:54.0542 2864 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
    23:41:54.0543 2864 Ndisuio - ok
    23:41:54.0567 2864 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
    23:41:54.0569 2864 NdisWan - ok
    23:41:54.0587 2864 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
    23:41:54.0588 2864 NDProxy - ok
    23:41:54.0625 2864 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
    23:41:54.0627 2864 Net Driver HPZ12 - ok
    23:41:54.0659 2864 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    23:41:54.0660 2864 NetBIOS - ok
    23:41:54.0682 2864 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
    23:41:54.0685 2864 NetBT - ok
    23:41:54.0710 2864 Netlogon (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
    23:41:54.0711 2864 Netlogon - ok
    23:41:54.0752 2864 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
    23:41:54.0757 2864 Netman - ok
    23:41:54.0932 2864 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    23:41:54.0934 2864 NetMsmqActivator - ok
    23:41:54.0940 2864 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    23:41:54.0941 2864 NetPipeActivator - ok
    23:41:54.0974 2864 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
    23:41:54.0979 2864 netprofm - ok
    23:41:54.0984 2864 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    23:41:54.0985 2864 NetTcpActivator - ok
    23:41:54.0990 2864 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    23:41:54.0991 2864 NetTcpPortSharing - ok
    23:41:55.0073 2864 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
    23:41:55.0074 2864 nfrd960 - ok
    23:41:55.0118 2864 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    23:41:55.0120 2864 NisDrv - ok
    23:41:55.0264 2864 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    23:41:55.0267 2864 NisSrv - ok
    23:41:55.0303 2864 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
    23:41:55.0307 2864 NlaSvc - ok
    23:41:55.0336 2864 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    23:41:55.0337 2864 Npfs - ok
    23:41:55.0354 2864 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
    23:41:55.0355 2864 nsi - ok
    23:41:55.0380 2864 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    23:41:55.0380 2864 nsiproxy - ok
    23:41:55.0453 2864 nSvcIp (d7ba30ebf53546a0f8c2785c0063368d) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    23:41:55.0456 2864 nSvcIp - ok
    23:41:55.0507 2864 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
    23:41:55.0533 2864 Ntfs - ok
    23:41:55.0548 2864 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    23:41:55.0549 2864 Null - ok
    23:41:55.0779 2864 nvlddmkm (54f3b2c69c9311996ff7ff1fee910978) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    23:41:55.0966 2864 nvlddmkm - ok
    23:41:56.0007 2864 NVNET (0219b05730635fcab3a9925d3374c464) C:\Windows\system32\DRIVERS\nvmf6232.sys
    23:41:56.0011 2864 NVNET - ok
    23:41:56.0034 2864 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
    23:41:56.0036 2864 nvraid - ok
    23:41:56.0052 2864 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
    23:41:56.0054 2864 nvstor - ok
    23:41:56.0075 2864 nvstor32 (3ff57a9a657c9690ecbc8b1e3b6e3979) C:\Windows\system32\drivers\nvstor32.sys
    23:41:56.0077 2864 nvstor32 - ok
    23:41:56.0124 2864 nvsvc (9d70397d171adb994b602a80b1b0f216) C:\Windows\system32\nvvsvc.exe
    23:41:56.0127 2864 nvsvc - ok
    23:41:56.0145 2864 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
    23:41:56.0147 2864 nv_agp - ok
    23:41:56.0172 2864 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
    23:41:56.0173 2864 ohci1394 - ok
    23:41:56.0216 2864 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    23:41:56.0219 2864 ose - ok
    23:41:56.0334 2864 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    23:41:56.0452 2864 osppsvc - ok
    23:41:56.0564 2864 OxPPort (05564282ea0fa0c7543452d7bc46a4fb) C:\Windows\system32\drivers\OxPPort.sys
    23:41:56.0566 2864 OxPPort - ok
    23:41:56.0600 2864 OxSer (a47925ceef0c0ae51409ddd551c5e3e5) C:\Windows\system32\drivers\OxSer.sys
    23:41:56.0601 2864 OxSer - ok
    23:41:56.0630 2864 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    23:41:56.0634 2864 p2pimsvc - ok
    23:41:56.0670 2864 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
    23:41:56.0674 2864 p2psvc - ok
    23:41:56.0702 2864 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
    23:41:56.0704 2864 Parport - ok
    23:41:56.0732 2864 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
    23:41:56.0733 2864 partmgr - ok
    23:41:56.0752 2864 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
    23:41:56.0753 2864 Parvdm - ok
    23:41:56.0771 2864 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
    23:41:56.0774 2864 PcaSvc - ok
    23:41:56.0808 2864 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
    23:41:56.0810 2864 pci - ok
    23:41:56.0839 2864 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
    23:41:56.0840 2864 pciide - ok
    23:41:56.0870 2864 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
    23:41:56.0873 2864 pcmcia - ok
    23:41:56.0903 2864 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    23:41:56.0904 2864 pcw - ok
    23:41:56.0952 2864 pdfcDispatcher - ok
    23:41:56.0990 2864 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    23:41:57.0005 2864 PEAUTH - ok
    23:41:57.0052 2864 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
    23:41:57.0078 2864 PeerDistSvc - ok
    23:41:57.0136 2864 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
    23:41:57.0162 2864 pla - ok
    23:41:57.0201 2864 PlugPlay (92dc6e68d2c856c5c2f21ae9e22112b8) C:\Windows\system32\umpnpmgr.dll
    23:41:57.0205 2864 PlugPlay - ok
    23:41:57.0239 2864 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
    23:41:57.0241 2864 Pml Driver HPZ12 - ok
    23:41:57.0270 2864 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
    23:41:57.0272 2864 PNRPAutoReg - ok
    23:41:57.0289 2864 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    23:41:57.0291 2864 PNRPsvc - ok
    23:41:57.0320 2864 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
    23:41:57.0325 2864 PolicyAgent - ok
    23:41:57.0355 2864 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
    23:41:57.0358 2864 Power - ok
    23:41:57.0406 2864 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    23:41:57.0408 2864 PptpMiniport - ok
    23:41:57.0432 2864 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
    23:41:57.0433 2864 Processor - ok
    23:41:57.0468 2864 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
    23:41:57.0472 2864 ProfSvc - ok
    23:41:57.0493 2864 ProtectedStorage (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
    23:41:57.0494 2864 ProtectedStorage - ok
    23:41:57.0528 2864 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    23:41:57.0530 2864 Psched - ok
    23:41:57.0588 2864 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
    23:41:57.0613 2864 ql2300 - ok
    23:41:57.0640 2864 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
    23:41:57.0642 2864 ql40xx - ok
    23:41:57.0667 2864 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
    23:41:57.0671 2864 QWAVE - ok
    23:41:57.0698 2864 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    23:41:57.0699 2864 QWAVEdrv - ok
    23:41:57.0716 2864 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    23:41:57.0717 2864 RasAcd - ok
    23:41:57.0747 2864 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    23:41:57.0748 2864 RasAgileVpn - ok
    23:41:57.0762 2864 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
    23:41:57.0764 2864 RasAuto - ok
    23:41:57.0784 2864 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    23:41:57.0785 2864 Rasl2tp - ok
    23:41:57.0826 2864 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
    23:41:57.0830 2864 RasMan - ok
    23:41:57.0907 2864 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    23:41:57.0909 2864 RasPppoe - ok
    23:41:57.0941 2864 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    23:41:57.0942 2864 RasSstp - ok
    23:41:57.0971 2864 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
    23:41:57.0974 2864 rdbss - ok
    23:41:57.0996 2864 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\drivers\rdpbus.sys
    23:41:57.0997 2864 rdpbus - ok
    23:41:58.0018 2864 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
    23:41:58.0018 2864 RDPCDD - ok
    23:41:58.0043 2864 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
    23:41:58.0045 2864 RDPDR - ok
    23:41:58.0069 2864 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    23:41:58.0069 2864 RDPENCDD - ok
    23:41:58.0093 2864 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    23:41:58.0093 2864 RDPREFMP - ok
    23:41:58.0111 2864 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
    23:41:58.0113 2864 RDPWD - ok
    23:41:58.0143 2864 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
    23:41:58.0146 2864 rdyboost - ok
    23:41:58.0173 2864 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
    23:41:58.0175 2864 RemoteAccess - ok
    23:41:58.0207 2864 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
    23:41:58.0209 2864 RemoteRegistry - ok
    23:41:58.0237 2864 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
    23:41:58.0239 2864 RpcEptMapper - ok
    23:41:58.0271 2864 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
    23:41:58.0280 2864 RpcLocator - ok
    23:41:58.0305 2864 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
    23:41:58.0308 2864 RpcSs - ok
    23:41:58.0577 2864 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    23:41:58.0579 2864 rspndr - ok
    23:41:58.0613 2864 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
    23:41:58.0614 2864 s3cap - ok
    23:41:58.0635 2864 SamSs (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
    23:41:58.0636 2864 SamSs - ok
    23:41:58.0679 2864 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
    23:41:58.0681 2864 sbp2port - ok
    23:41:58.0717 2864 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
    23:41:58.0720 2864 SCardSvr - ok
    23:41:58.0742 2864 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
    23:41:58.0743 2864 scfilter - ok
    23:41:58.0776 2864 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
    23:41:58.0793 2864 Schedule - ok
    23:41:58.0825 2864 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
    23:41:58.0825 2864 SCPolicySvc - ok
    23:41:58.0897 2864 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
    23:41:58.0900 2864 SDRSVC - ok
    23:41:58.0969 2864 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    23:41:58.0972 2864 SeaPort - ok
    23:41:59.0026 2864 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    23:41:59.0027 2864 secdrv - ok
    23:41:59.0045 2864 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
    23:41:59.0047 2864 seclogon - ok
    23:41:59.0077 2864 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
    23:41:59.0079 2864 SENS - ok
    23:41:59.0100 2864 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
    23:41:59.0102 2864 SensrSvc - ok
    23:41:59.0127 2864 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\drivers\serenum.sys
    23:41:59.0128 2864 Serenum - ok
    23:41:59.0143 2864 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys
    23:41:59.0145 2864 Serial - ok
    23:41:59.0172 2864 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
    23:41:59.0173 2864 sermouse - ok
    23:41:59.0207 2864 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
    23:41:59.0210 2864 SessionEnv - ok
    23:41:59.0235 2864 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
    23:41:59.0236 2864 sffdisk - ok
    23:41:59.0255 2864 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
    23:41:59.0256 2864 sffp_mmc - ok
    23:41:59.0278 2864 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
    23:41:59.0288 2864 sffp_sd - ok
    23:41:59.0309 2864 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
    23:41:59.0310 2864 sfloppy - ok
    23:41:59.0342 2864 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
    23:41:59.0346 2864 SharedAccess - ok
    23:41:59.0379 2864 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
    23:41:59.0385 2864 ShellHWDetection - ok
    23:41:59.0405 2864 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
    23:41:59.0406 2864 sisagp - ok
    23:41:59.0443 2864 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
    23:41:59.0444 2864 SiSRaid2 - ok
    23:41:59.0463 2864 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
    23:41:59.0465 2864 SiSRaid4 - ok
    23:41:59.0504 2864 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    23:41:59.0506 2864 Smb - ok
    23:41:59.0554 2864 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
    23:41:59.0556 2864 SNMPTRAP - ok
    23:41:59.0580 2864 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    23:41:59.0581 2864 spldr - ok
    23:41:59.0605 2864 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
    23:41:59.0609 2864 Spooler - ok
    23:41:59.0682 2864 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
    23:41:59.0741 2864 sppsvc - ok
    23:41:59.0758 2864 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
    23:41:59.0760 2864 sppuinotify - ok
    23:41:59.0781 2864 srv (112127c3b2e64d7680cc39cd0a39dd7e) C:\Windows\system32\DRIVERS\srv.sys
    23:41:59.0785 2864 srv - ok
    23:41:59.0809 2864 srv2 (e5dd784a4ee5ebc72a86c677c988fcdb) C:\Windows\system32\DRIVERS\srv2.sys
    23:41:59.0813 2864 srv2 - ok
    23:41:59.0830 2864 srvnet (cdbe627e16cc9e98f343d73f8e81d258) C:\Windows\system32\DRIVERS\srvnet.sys
    23:41:59.0832 2864 srvnet - ok
    23:41:59.0855 2864 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
    23:41:59.0858 2864 SSDPSRV - ok
    23:41:59.0878 2864 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
    23:41:59.0881 2864 SstpSvc - ok
    23:41:59.0915 2864 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
    23:41:59.0917 2864 stexstor - ok
    23:41:59.0955 2864 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
    23:41:59.0971 2864 StiSvc - ok
    23:41:59.0993 2864 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
    23:41:59.0994 2864 storflt - ok
    23:42:00.0017 2864 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
    23:42:00.0019 2864 StorSvc - ok
    23:42:00.0059 2864 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
    23:42:00.0060 2864 storvsc - ok
    23:42:00.0079 2864 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
    23:42:00.0081 2864 swenum - ok
    23:42:00.0109 2864 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
    23:42:00.0114 2864 swprv - ok
    23:42:00.0150 2864 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
    23:42:00.0176 2864 SysMain - ok
    23:42:00.0194 2864 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
    23:42:00.0197 2864 TabletInputService - ok
    23:42:00.0213 2864 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
    23:42:00.0217 2864 TapiSrv - ok
    23:42:00.0230 2864 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
    23:42:00.0232 2864 TBS - ok
    23:42:00.0283 2864 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
    23:42:00.0309 2864 Tcpip - ok
    23:42:00.0630 2864 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
    23:42:00.0637 2864 TCPIP6 - ok
    23:42:00.0670 2864 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
    23:42:00.0671 2864 tcpipreg - ok
    23:42:00.0695 2864 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
    23:42:00.0695 2864 TDPIPE - ok
    23:42:00.0714 2864 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
    23:42:00.0715 2864 TDTCP - ok
    23:42:00.0745 2864 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
    23:42:00.0747 2864 tdx - ok
    23:42:00.0760 2864 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
    23:42:00.0761 2864 TermDD - ok
    23:42:00.0799 2864 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
    23:42:00.0816 2864 TermService - ok
    23:42:00.0832 2864 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
    23:42:00.0834 2864 Themes - ok
    23:42:00.0912 2864 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    23:42:00.0913 2864 THREADORDER - ok
    23:42:00.0988 2864 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
    23:42:00.0991 2864 TrkWks - ok
    23:42:01.0057 2864 TrojanKillerDriver (113384367c3999e084fe156b18c7625e) C:\Windows\system32\DRIVERS\gtkdrv.sys
    23:42:01.0058 2864 TrojanKillerDriver - ok
    23:42:01.0096 2864 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
    23:42:01.0098 2864 TrustedInstaller - ok
    23:42:01.0127 2864 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
    23:42:01.0128 2864 tssecsrv - ok
    23:42:01.0147 2864 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
    23:42:01.0148 2864 TsUsbFlt - ok
    23:42:01.0179 2864 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
    23:42:01.0180 2864 TsUsbGD - ok
    23:42:01.0201 2864 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
    23:42:01.0203 2864 tunnel - ok
    23:42:01.0227 2864 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
    23:42:01.0229 2864 uagp35 - ok
    23:42:01.0249 2864 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
    23:42:01.0253 2864 udfs - ok
    23:42:01.0285 2864 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
    23:42:01.0287 2864 UI0Detect - ok
    23:42:01.0336 2864 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
    23:42:01.0337 2864 uliagpkx - ok
    23:42:01.0378 2864 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
    23:42:01.0379 2864 umbus - ok
    23:42:01.0403 2864 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
    23:42:01.0403 2864 UmPass - ok
    23:42:01.0425 2864 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
    23:42:01.0429 2864 UmRdpService - ok
    23:42:01.0447 2864 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
    23:42:01.0451 2864 upnphost - ok
    23:42:01.0483 2864 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys
    23:42:01.0484 2864 usbccgp - ok
    23:42:01.0514 2864 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
    23:42:01.0515 2864 usbcir - ok
    23:42:01.0525 2864 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys
    23:42:01.0526 2864 usbehci - ok
    23:42:01.0548 2864 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
    23:42:01.0552 2864 usbhub - ok
    23:42:01.0578 2864 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
    23:42:01.0579 2864 usbohci - ok
    23:42:01.0603 2864 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys
    23:42:01.0604 2864 usbprint - ok
    23:42:01.0628 2864 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    23:42:01.0630 2864 USBSTOR - ok
    23:42:01.0653 2864 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
    23:42:01.0654 2864 usbuhci - ok
    23:42:01.0685 2864 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
    23:42:01.0688 2864 UxSms - ok
    23:42:01.0710 2864 VaultSvc (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
    23:42:01.0711 2864 VaultSvc - ok
    23:42:01.0751 2864 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
    23:42:01.0752 2864 vdrvroot - ok
    23:42:01.0781 2864 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
    23:42:01.0798 2864 vds - ok
    23:42:01.0821 2864 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    23:42:01.0822 2864 vga - ok
    23:42:01.0843 2864 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    23:42:01.0844 2864 VgaSave - ok
    23:42:01.0878 2864 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
    23:42:01.0880 2864 vhdmp - ok
    23:42:01.0920 2864 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
    23:42:01.0921 2864 viaagp - ok
    23:42:01.0953 2864 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
    23:42:01.0954 2864 ViaC7 - ok
    23:42:01.0982 2864 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
    23:42:01.0983 2864 viaide - ok
    23:42:02.0017 2864 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
    23:42:02.0020 2864 vmbus - ok
    23:42:02.0038 2864 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
    23:42:02.0039 2864 VMBusHID - ok
    23:42:02.0054 2864 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
    23:42:02.0056 2864 volmgr - ok
    23:42:02.0090 2864 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    23:42:02.0093 2864 volmgrx - ok
    23:42:02.0115 2864 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
    23:42:02.0118 2864 volsnap - ok
    23:42:02.0148 2864 vpcbus (33e74df34753fcaab06f6f2bdc8cabf5) C:\Windows\system32\drivers\vpchbus.sys
    23:42:02.0151 2864 vpcbus - ok
    23:42:02.0199 2864 vpcnfltr (5f04362ceb5fb5901037e9d9eadd3760) C:\Windows\system32\DRIVERS\vpcnfltr.sys
    23:42:02.0200 2864 vpcnfltr - ok
    23:42:02.0228 2864 vpcusb (625088d6ee9ede977fd03cf18d1cd5c5) C:\Windows\system32\DRIVERS\vpcusb.sys
    23:42:02.0229 2864 vpcusb - ok
    23:42:02.0259 2864 vpcvmm (b21e23c100d6d5162b95cf6f05b4e035) C:\Windows\system32\drivers\vpcvmm.sys
    23:42:02.0263 2864 vpcvmm - ok
    23:42:02.0309 2864 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
    23:42:02.0312 2864 vsmraid - ok
    23:42:02.0567 2864 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
    23:42:02.0584 2864 VSS - ok
    23:42:02.0615 2864 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    23:42:02.0616 2864 vwifibus - ok
    23:42:02.0638 2864 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
    23:42:02.0643 2864 W32Time - ok
    23:42:02.0668 2864 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
    23:42:02.0669 2864 WacomPen - ok
    23:42:02.0692 2864 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    23:42:02.0693 2864 WANARP - ok
    23:42:02.0697 2864 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    23:42:02.0698 2864 Wanarpv6 - ok
    23:42:02.0744 2864 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
    23:42:02.0770 2864 wbengine - ok
    23:42:02.0783 2864 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
    23:42:02.0786 2864 WbioSrvc - ok
    23:42:02.0803 2864 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
    23:42:02.0808 2864 wcncsvc - ok
    23:42:02.0825 2864 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
    23:42:02.0827 2864 WcsPlugInService - ok
    23:42:02.0861 2864 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
    23:42:02.0862 2864 Wd - ok
    23:42:02.0894 2864 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    23:42:02.0909 2864 Wdf01000 - ok
    23:42:02.0925 2864 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    23:42:02.0928 2864 WdiServiceHost - ok
    23:42:02.0946 2864 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    23:42:02.0948 2864 WdiSystemHost - ok
    23:42:02.0967 2864 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
    23:42:02.0971 2864 WebClient - ok
    23:42:02.0989 2864 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
    23:42:02.0992 2864 Wecsvc - ok
    23:42:03.0009 2864 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
    23:42:03.0012 2864 wercplsupport - ok
    23:42:03.0044 2864 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
    23:42:03.0047 2864 WerSvc - ok
    23:42:03.0099 2864 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    23:42:03.0100 2864 WfpLwf - ok
    23:42:03.0119 2864 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    23:42:03.0121 2864 WIMMount - ok
    23:42:03.0185 2864 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
    23:42:03.0202 2864 WinDefend - ok
    23:42:03.0216 2864 WinHttpAutoProxySvc - ok
    23:42:03.0256 2864 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
    23:42:03.0259 2864 Winmgmt - ok
    23:42:03.0303 2864 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
    23:42:03.0329 2864 WinRM - ok
    23:42:03.0397 2864 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
    23:42:03.0412 2864 Wlansvc - ok
    23:42:03.0497 2864 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    23:42:03.0530 2864 wlidsvc - ok
    23:42:03.0605 2864 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
    23:42:03.0606 2864 WmiAcpi - ok
    23:42:03.0658 2864 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
    23:42:03.0660 2864 wmiApSrv - ok
    23:42:03.0709 2864 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
    23:42:03.0734 2864 WMPNetworkSvc - ok
    23:42:03.0758 2864 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
    23:42:03.0760 2864 WPCSvc - ok
    23:42:03.0778 2864 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
    23:42:03.0781 2864 WPDBusEnum - ok
    23:42:03.0808 2864 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    23:42:03.0809 2864 ws2ifsl - ok
    23:42:03.0822 2864 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
    23:42:03.0825 2864 wscsvc - ok
    23:42:03.0836 2864 WSearch - ok
    23:42:03.0892 2864 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
    23:42:03.0926 2864 wuauserv - ok
    23:42:03.0949 2864 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
    23:42:03.0951 2864 WudfPf - ok
    23:42:03.0970 2864 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
    23:42:03.0972 2864 wudfsvc - ok
    23:42:03.0988 2864 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
    23:42:03.0992 2864 WwanSvc - ok
    23:42:04.0051 2864 XobniService (2f1f1e823fd15be2be1c4e4e1ec07abe) C:\Program Files\Xobni\XobniService.exe
    23:42:04.0052 2864 XobniService - ok
    23:42:04.0080 2864 MBR (0x1B8) (6c6fdff834aa5d876c307bee53974486) \Device\Harddisk0\DR0
    23:42:04.0110 2864 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    23:42:04.0110 2864 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    23:42:04.0149 2864 Boot (0x1200) (a990ec4b9325c17c3ff83f9fd57b0034) \Device\Harddisk0\DR0\Partition0
    23:42:04.0150 2864 \Device\Harddisk0\DR0\Partition0 - ok
    23:42:04.0159 2864 Boot (0x1200) (0c2807eb53ab5d9cbee395267c64d37a) \Device\Harddisk0\DR0\Partition1
    23:42:04.0160 2864 \Device\Harddisk0\DR0\Partition1 - ok
    23:42:04.0191 2864 Boot (0x1200) (69ac03852419528dc1117aef8b2ed653) \Device\Harddisk0\DR0\Partition2
    23:42:04.0192 2864 \Device\Harddisk0\DR0\Partition2 - ok
    23:42:04.0192 2864 ============================================================
    23:42:04.0192 2864 Scan finished
    23:42:04.0192 2864 ============================================================
    23:42:04.0206 3940 Detected object count: 1
    23:42:04.0207 3940 Actual detected object count: 1
    23:42:48.0891 3940 \Device\Harddisk0\DR0\# - copied to quarantine
    23:42:48.0891 3940 \Device\Harddisk0\DR0 - copied to quarantine
    23:42:48.0926 3940 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
    23:42:48.0937 3940 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    23:42:48.0948 3940 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
    23:42:48.0950 3940 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
    23:42:48.0953 3940 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
    23:42:48.0964 3940 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
    23:42:48.0974 3940 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
    23:42:48.0975 3940 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
    23:42:48.0976 3940 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
    23:42:48.0979 3940 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
    23:42:48.0983 3940 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
    23:42:49.0039 3940 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    23:42:49.0040 3940 \Device\Harddisk0\DR0 - ok
    23:42:50.0656 3940 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
    23:43:00.0112 0712 Deinitialize success
  11. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Good :)

    Re-run the tool one more time.
     
  12. TechFee

    TechFee Newcomer, in training Topic Starter Posts: 29

    2nd Run prt 1

    00:06:08.0036 3296 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
    00:06:08.0894 3296 ============================================================
    00:06:08.0894 3296 Current date / time: 2012/03/22 00:06:08.0894
    00:06:08.0894 3296 SystemInfo:
    00:06:08.0894 3296
    00:06:08.0894 3296 OS Version: 6.1.7601 ServicePack: 1.0
    00:06:08.0894 3296 Product type: Workstation
    00:06:08.0894 3296 ComputerName: MELB-W10
    00:06:08.0894 3296 UserName: kmanney
    00:06:08.0894 3296 Windows directory: C:\Windows
    00:06:08.0894 3296 System windows directory: C:\Windows
    00:06:08.0894 3296 Processor architecture: Intel x86
    00:06:08.0894 3296 Number of processors: 2
    00:06:08.0894 3296 Page size: 0x1000
    00:06:08.0894 3296 Boot type: Normal boot
    00:06:08.0894 3296 ============================================================
    00:06:11.0640 3296 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    00:06:11.0702 3296 \Device\Harddisk0\DR0:
    00:06:11.0718 3296 MBR used
    00:06:11.0718 3296 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    00:06:11.0718 3296 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1BF07000
    00:06:11.0718 3296 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BF39800, BlocksNum 0x128B800
    00:06:11.0843 3296 Initialize success
    00:06:11.0843 3296 ============================================================
    00:06:15.0633 2948 ============================================================
    00:06:15.0633 2948 Scan started
    00:06:15.0633 2948 Mode: Manual;
    00:06:15.0633 2948 ============================================================
    00:06:16.0164 2948 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
    00:06:16.0195 2948 1394ohci - ok
    00:06:16.0242 2948 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
    00:06:16.0242 2948 ACPI - ok
    00:06:16.0289 2948 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
    00:06:16.0289 2948 AcpiPmi - ok
    00:06:16.0382 2948 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    00:06:16.0382 2948 AdobeARMservice - ok
    00:06:16.0429 2948 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
    00:06:16.0445 2948 adp94xx - ok
    00:06:16.0491 2948 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
    00:06:16.0523 2948 adpahci - ok
    00:06:16.0538 2948 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
    00:06:16.0585 2948 adpu320 - ok
    00:06:16.0616 2948 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
    00:06:16.0632 2948 AeLookupSvc - ok
    00:06:16.0679 2948 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys
    00:06:16.0710 2948 AFD - ok
    00:06:16.0725 2948 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
    00:06:16.0757 2948 agp440 - ok
    00:06:16.0803 2948 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
    00:06:16.0819 2948 aic78xx - ok
    00:06:16.0850 2948 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
    00:06:16.0881 2948 ALG - ok
    00:06:16.0928 2948 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
    00:06:16.0928 2948 aliide - ok
    00:06:16.0959 2948 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
    00:06:16.0991 2948 amdagp - ok
    00:06:17.0022 2948 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
    00:06:17.0037 2948 amdide - ok
    00:06:17.0053 2948 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
    00:06:17.0084 2948 AmdK8 - ok
    00:06:17.0100 2948 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
    00:06:17.0131 2948 AmdPPM - ok
    00:06:17.0162 2948 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
    00:06:17.0178 2948 amdsata - ok
    00:06:17.0193 2948 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
    00:06:17.0256 2948 amdsbs - ok
    00:06:17.0271 2948 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
    00:06:17.0271 2948 amdxata - ok
    00:06:17.0318 2948 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
    00:06:17.0334 2948 AppID - ok
    00:06:17.0381 2948 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
    00:06:17.0396 2948 AppIDSvc - ok
    00:06:17.0412 2948 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
    00:06:17.0427 2948 Appinfo - ok
    00:06:17.0443 2948 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
    00:06:17.0490 2948 AppMgmt - ok
    00:06:17.0537 2948 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
    00:06:17.0552 2948 arc - ok
    00:06:17.0568 2948 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
    00:06:17.0599 2948 arcsas - ok
    00:06:17.0693 2948 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    00:06:17.0739 2948 aspnet_state - ok
    00:06:17.0771 2948 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    00:06:17.0786 2948 AsyncMac - ok
    00:06:17.0942 2948 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
    00:06:17.0973 2948 atapi - ok
    00:06:18.0207 2948 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
    00:06:18.0254 2948 AudioEndpointBuilder - ok
    00:06:18.0270 2948 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
    00:06:18.0270 2948 Audiosrv - ok
    00:06:18.0301 2948 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
    00:06:18.0317 2948 AxInstSV - ok
    00:06:18.0363 2948 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
    00:06:18.0426 2948 b06bdrv - ok
    00:06:18.0473 2948 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    00:06:18.0519 2948 b57nd60x - ok
    00:06:18.0551 2948 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
    00:06:18.0566 2948 BDESVC - ok
    00:06:18.0582 2948 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    00:06:18.0597 2948 Beep - ok
    00:06:18.0629 2948 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
    00:06:18.0675 2948 BFE - ok
    00:06:18.0707 2948 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
    00:06:18.0738 2948 BITS - ok
    00:06:18.0785 2948 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\drivers\blbdrive.sys
    00:06:18.0800 2948 blbdrive - ok
    00:06:18.0847 2948 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
    00:06:18.0878 2948 bowser - ok
    00:06:18.0909 2948 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
    00:06:18.0925 2948 BrFiltLo - ok
    00:06:18.0925 2948 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
    00:06:18.0941 2948 BrFiltUp - ok
    00:06:18.0987 2948 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
    00:06:19.0003 2948 BridgeMP - ok
    00:06:19.0034 2948 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
    00:06:19.0050 2948 Browser - ok
    00:06:19.0081 2948 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    00:06:19.0128 2948 Brserid - ok
    00:06:19.0159 2948 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    00:06:19.0175 2948 BrSerWdm - ok
    00:06:19.0206 2948 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    00:06:19.0206 2948 BrUsbMdm - ok
    00:06:19.0237 2948 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    00:06:19.0237 2948 BrUsbSer - ok
    00:06:19.0253 2948 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
    00:06:19.0284 2948 BTHMODEM - ok
    00:06:19.0331 2948 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
    00:06:19.0346 2948 bthserv - ok
    00:06:19.0424 2948 catchme - ok
    00:06:19.0471 2948 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    00:06:19.0502 2948 cdfs - ok
    00:06:19.0549 2948 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
    00:06:19.0565 2948 cdrom - ok
    00:06:19.0596 2948 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
    00:06:19.0627 2948 CertPropSvc - ok
    00:06:19.0658 2948 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
    00:06:19.0689 2948 circlass - ok
    00:06:19.0705 2948 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    00:06:19.0736 2948 CLFS - ok
    00:06:19.0814 2948 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    00:06:19.0861 2948 clr_optimization_v2.0.50727_32 - ok
    00:06:19.0939 2948 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    00:06:19.0939 2948 clr_optimization_v4.0.30319_32 - ok
    00:06:20.0033 2948 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys
    00:06:20.0079 2948 CmBatt - ok
    00:06:20.0111 2948 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
    00:06:20.0126 2948 cmdide - ok
    00:06:20.0157 2948 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    00:06:20.0157 2948 CNG - ok
    00:06:20.0173 2948 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
    00:06:20.0189 2948 Compbatt - ok
    00:06:20.0235 2948 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
    00:06:20.0251 2948 CompositeBus - ok
    00:06:20.0267 2948 COMSysApp - ok
    00:06:20.0298 2948 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
    00:06:20.0313 2948 crcdisk - ok
    00:06:20.0329 2948 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
    00:06:20.0360 2948 CryptSvc - ok
    00:06:20.0391 2948 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
    00:06:20.0423 2948 CSC - ok
    00:06:20.0454 2948 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
    00:06:20.0501 2948 CscService - ok
    00:06:20.0532 2948 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
    00:06:20.0532 2948 DcomLaunch - ok
    00:06:20.0563 2948 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
    00:06:20.0594 2948 defragsvc - ok
    00:06:20.0641 2948 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
    00:06:20.0703 2948 DfsC - ok
    00:06:20.0750 2948 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
    00:06:20.0781 2948 Dhcp - ok
    00:06:20.0813 2948 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    00:06:20.0828 2948 discache - ok
    00:06:20.0875 2948 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
    00:06:20.0875 2948 Disk - ok
    00:06:20.0891 2948 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
    00:06:20.0922 2948 dmvsc - ok
    00:06:20.0937 2948 Dnscache (2fe30d71919c51131405797620e0a714) C:\Windows\System32\dnsrslvr.dll
    00:06:20.0969 2948 Dnscache - ok
    00:06:20.0984 2948 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
    00:06:21.0015 2948 dot3svc - ok
    00:06:21.0031 2948 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
    00:06:21.0047 2948 DPS - ok
    00:06:21.0093 2948 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    00:06:21.0093 2948 drmkaud - ok
    00:06:21.0125 2948 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
    00:06:21.0171 2948 DXGKrnl - ok
    00:06:21.0187 2948 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
    00:06:21.0218 2948 EapHost - ok
    00:06:21.0327 2948 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
    00:06:21.0421 2948 ebdrv - ok
    00:06:21.0468 2948 EFS (f42309c4191c506b71db5d1126d26318) C:\Windows\System32\lsass.exe
    00:06:21.0483 2948 EFS - ok
    00:06:21.0530 2948 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
    00:06:21.0577 2948 ehRecvr - ok
    00:06:21.0593 2948 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
    00:06:21.0624 2948 ehSched - ok
    00:06:21.0671 2948 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
    00:06:21.0702 2948 elxstor - ok
    00:06:21.0733 2948 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
    00:06:21.0749 2948 ErrDev - ok
    00:06:21.0780 2948 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
    00:06:21.0811 2948 EventSystem - ok
    00:06:21.0827 2948 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    00:06:21.0858 2948 exfat - ok
    00:06:21.0873 2948 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    00:06:21.0905 2948 fastfat - ok
    00:06:21.0936 2948 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
    00:06:21.0983 2948 Fax - ok
    00:06:22.0014 2948 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
    00:06:22.0029 2948 fdc - ok
    00:06:22.0045 2948 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
    00:06:22.0061 2948 fdPHost - ok
    00:06:22.0076 2948 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
    00:06:22.0092 2948 FDResPub - ok
    00:06:22.0123 2948 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    00:06:22.0123 2948 FileInfo - ok
    00:06:22.0139 2948 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    00:06:22.0154 2948 Filetrace - ok
    00:06:22.0185 2948 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
    00:06:22.0201 2948 flpydisk - ok
    00:06:22.0217 2948 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    00:06:22.0217 2948 FltMgr - ok
    00:06:22.0263 2948 FontCache (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll
    00:06:22.0295 2948 FontCache - ok
    00:06:22.0357 2948 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    00:06:22.0388 2948 FontCache3.0.0.0 - ok
    00:06:22.0466 2948 ForceWare Intelligent Application Manager (IAM) (b0424bd9c497b72c3f35a42e6e21d41b) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    00:06:22.0497 2948 ForceWare Intelligent Application Manager (IAM) - ok
    00:06:22.0544 2948 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    00:06:22.0575 2948 FsDepends - ok
    00:06:22.0591 2948 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    00:06:22.0607 2948 Fs_Rec - ok
    00:06:22.0638 2948 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
    00:06:22.0638 2948 fvevol - ok
    00:06:22.0685 2948 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
    00:06:22.0716 2948 gagp30kx - ok
    00:06:22.0763 2948 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files\WildTangent Games\App\GamesAppService.exe
    00:06:22.0825 2948 GamesAppService - ok
    00:06:22.0887 2948 GoToAssist Express Customer (6eb738ffc7dc8066eb5f4c6c5a5cdbe2) C:\Program Files\Citrix\GoToAssist Express Customer\363\g2ax_service.exe
    00:06:22.0903 2948 GoToAssist Express Customer - ok
    00:06:22.0997 2948 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
    00:06:23.0043 2948 gpsvc - ok
    00:06:23.0106 2948 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    00:06:23.0121 2948 hcw85cir - ok
    00:06:23.0153 2948 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
    00:06:23.0184 2948 HdAudAddService - ok
    00:06:23.0231 2948 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
    00:06:23.0231 2948 HDAudBus - ok
    00:06:23.0262 2948 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
    00:06:23.0293 2948 HidBatt - ok
    00:06:23.0324 2948 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
    00:06:23.0355 2948 HidBth - ok
    00:06:23.0387 2948 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
    00:06:23.0402 2948 HidIr - ok
    00:06:23.0433 2948 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
    00:06:23.0449 2948 hidserv - ok
    00:06:23.0496 2948 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
    00:06:23.0511 2948 HidUsb - ok
    00:06:23.0543 2948 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
    00:06:23.0558 2948 hkmsvc - ok
    00:06:23.0589 2948 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
    00:06:23.0621 2948 HomeGroupListener - ok
    00:06:23.0652 2948 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
    00:06:23.0667 2948 HomeGroupProvider - ok
    00:06:23.0745 2948 HP Health Check Service (45a12cacb97b4f15858fcfd59355a1e9) C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    00:06:23.0761 2948 HP Health Check Service - ok
    00:06:23.0792 2948 HPClientSvc (dfec85328a07e518b4dbdf43bbba5740) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    00:06:23.0792 2948 HPClientSvc - ok
    00:06:23.0808 2948 HPDrvMntSvc.exe (f55442690a70a0278a7eed4faaebf576) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    00:06:23.0808 2948 HPDrvMntSvc.exe - ok
    00:06:23.0839 2948 hpqwmiex (640e51db253265c3eac075866b3d2b33) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    00:06:23.0964 2948 hpqwmiex - ok
    00:06:24.0057 2948 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
    00:06:24.0104 2948 HpSAMD - ok
    00:06:24.0135 2948 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
    00:06:24.0182 2948 HTTP - ok
    00:06:24.0198 2948 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
    00:06:24.0213 2948 hwpolicy - ok
    00:06:24.0245 2948 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
    00:06:24.0276 2948 i8042prt - ok
    00:06:24.0323 2948 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
    00:06:24.0354 2948 iaStorV - ok
    00:06:24.0432 2948 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    00:06:24.0650 2948 idsvc - ok
    00:06:24.0806 2948 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
    00:06:24.0947 2948 igfx - ok
    00:06:25.0040 2948 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
    00:06:25.0056 2948 iirsp - ok
    00:06:25.0118 2948 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
    00:06:25.0149 2948 IKEEXT - ok
    00:06:25.0243 2948 IntcAzAudAddService (5294f1c52a6d8c2a15ffd2945c552736) C:\Windows\system32\drivers\RTKVHDA.sys
    00:06:25.0383 2948 IntcAzAudAddService - ok
    00:06:25.0461 2948 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
    00:06:25.0477 2948 intelide - ok
    00:06:25.0508 2948 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\drivers\intelppm.sys
    00:06:25.0524 2948 intelppm - ok
    00:06:25.0555 2948 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
    00:06:25.0586 2948 IPBusEnum - ok
    00:06:25.0602 2948 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    00:06:25.0633 2948 IpFilterDriver - ok
    00:06:25.0664 2948 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
    00:06:25.0695 2948 iphlpsvc - ok
    00:06:25.0742 2948 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
    00:06:25.0758 2948 IPMIDRV - ok
    00:06:25.0789 2948 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    00:06:25.0805 2948 IPNAT - ok
    00:06:25.0820 2948 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    00:06:25.0836 2948 IRENUM - ok
    00:06:25.0851 2948 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
    00:06:25.0883 2948 isapnp - ok
    00:06:25.0914 2948 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
    00:06:25.0929 2948 iScsiPrt - ok
    00:06:25.0961 2948 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    00:06:25.0992 2948 kbdclass - ok
    00:06:26.0023 2948 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
    00:06:26.0039 2948 kbdhid - ok
    00:06:26.0070 2948 KeyIso (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
    00:06:26.0070 2948 KeyIso - ok
    00:06:26.0101 2948 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
    00:06:26.0101 2948 KSecDD - ok
    00:06:26.0117 2948 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
    00:06:26.0117 2948 KSecPkg - ok
    00:06:26.0148 2948 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
    00:06:26.0179 2948 KtmRm - ok
    00:06:26.0226 2948 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
    00:06:26.0241 2948 LanmanServer - ok
    00:06:26.0288 2948 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
    00:06:26.0304 2948 LanmanWorkstation - ok
    00:06:26.0351 2948 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    00:06:26.0382 2948 lltdio - ok
    00:06:26.0413 2948 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
    00:06:26.0429 2948 lltdsvc - ok
    00:06:26.0444 2948 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
    00:06:26.0475 2948 lmhosts - ok
    00:06:26.0522 2948 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
    00:06:26.0538 2948 LSI_FC - ok
    00:06:26.0569 2948 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
    00:06:26.0600 2948 LSI_SAS - ok
    00:06:26.0631 2948 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
    00:06:26.0647 2948 LSI_SAS2 - ok
    00:06:26.0678 2948 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
    00:06:26.0725 2948 LSI_SCSI - ok
    00:06:26.0741 2948 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    00:06:26.0787 2948 luafv - ok
    00:06:26.0865 2948 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
    00:06:26.0865 2948 MBAMProtector - ok
    00:06:26.0943 2948 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    00:06:26.0959 2948 MBAMService - ok
    00:06:26.0975 2948 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
    00:06:27.0006 2948 Mcx2Svc - ok
    00:06:27.0037 2948 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
    00:06:27.0053 2948 megasas - ok
    00:06:27.0084 2948 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
    00:06:27.0099 2948 MegaSR - ok
    00:06:27.0131 2948 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    00:06:27.0146 2948 MMCSS - ok
    00:06:27.0162 2948 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    00:06:27.0193 2948 Modem - ok
    00:06:27.0224 2948 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    00:06:27.0240 2948 monitor - ok
    00:06:27.0271 2948 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    00:06:27.0302 2948 mouclass - ok
    00:06:27.0333 2948 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    00:06:27.0349 2948 mouhid - ok
    00:06:27.0380 2948 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
    00:06:27.0380 2948 mountmgr - ok
    00:06:27.0427 2948 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
    00:06:27.0458 2948 MpFilter - ok
    00:06:27.0489 2948 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
    00:06:27.0536 2948 mpio - ok
    00:06:27.0645 2948 MpKsl9c8f64ff (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A1FC69F1-9E37-4AD8-8124-F423771E0539}\MpKsl9c8f64ff.sys
    00:06:27.0645 2948 MpKsl9c8f64ff - ok
    00:06:27.0739 2948 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
    00:06:27.0739 2948 MpNWMon - ok
    00:06:27.0786 2948 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    00:06:27.0817 2948 mpsdrv - ok
    00:06:27.0848 2948 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
    00:06:27.0879 2948 MpsSvc - ok
    00:06:27.0911 2948 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
    00:06:27.0926 2948 MRxDAV - ok
    00:06:27.0942 2948 mrxsmb (b272b4c3e085ea860c12f2e4faf2ffa2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    00:06:27.0973 2948 mrxsmb - ok
    00:06:27.0989 2948 mrxsmb10 (9ac33ef26c8a3ad0f117d00eb7301d03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    00:06:28.0020 2948 mrxsmb10 - ok
    00:06:28.0035 2948 mrxsmb20 (e0abdb5ed7e199e242a7d028e76c1d3a) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    00:06:28.0067 2948 mrxsmb20 - ok
    00:06:28.0098 2948 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
    00:06:28.0113 2948 msahci - ok
    00:06:28.0129 2948 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
    00:06:28.0145 2948 msdsm - ok
    00:06:28.0160 2948 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
    00:06:28.0191 2948 MSDTC - ok
    00:06:28.0223 2948 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    00:06:28.0238 2948 Msfs - ok
    00:06:28.0254 2948 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    00:06:28.0254 2948 mshidkmdf - ok
    00:06:28.0285 2948 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
    00:06:28.0285 2948 msisadrv - ok
    00:06:28.0332 2948 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
    00:06:28.0347 2948 MSiSCSI - ok
    00:06:28.0363 2948 msiserver - ok
    00:06:28.0394 2948 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    00:06:28.0410 2948 MSKSSRV - ok
    00:06:28.0488 2948 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    00:06:28.0488 2948 MsMpSvc - ok
    00:06:28.0519 2948 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    00:06:28.0535 2948 MSPCLOCK - ok
    00:06:28.0550 2948 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    00:06:28.0550 2948 MSPQM - ok
    00:06:28.0566 2948 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    00:06:28.0566 2948 MsRPC - ok
    00:06:28.0597 2948 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
    00:06:28.0613 2948 mssmbios - ok
    00:06:28.0644 2948 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    00:06:28.0644 2948 MSTEE - ok
    00:06:28.0675 2948 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
    00:06:28.0675 2948 MTConfig - ok
    00:06:28.0691 2948 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    00:06:28.0706 2948 Mup - ok
    00:06:28.0722 2948 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
    00:06:28.0753 2948 napagent - ok
    00:06:28.0784 2948 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    00:06:28.0800 2948 NativeWifiP - ok
    00:06:28.0847 2948 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
    00:06:28.0862 2948 NDIS - ok
    00:06:28.0878 2948 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    00:06:28.0893 2948 NdisCap - ok
    00:06:28.0925 2948 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    00:06:28.0940 2948 NdisTapi - ok
    00:06:28.0956 2948 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
    00:06:28.0971 2948 Ndisuio - ok
  13. TechFee

    TechFee Newcomer, in training Topic Starter Posts: 29

    prt2

    00:06:29.0003 2948 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
    00:06:29.0018 2948 NdisWan - ok
    00:06:29.0018 2948 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
    00:06:29.0049 2948 NDProxy - ok
    00:06:29.0127 2948 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
    00:06:29.0159 2948 Net Driver HPZ12 - ok
    00:06:29.0190 2948 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    00:06:29.0221 2948 NetBIOS - ok
    00:06:29.0252 2948 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
    00:06:29.0283 2948 NetBT - ok
    00:06:29.0299 2948 Netlogon (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
    00:06:29.0315 2948 Netlogon - ok
    00:06:29.0361 2948 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
    00:06:29.0377 2948 Netman - ok
    00:06:29.0455 2948 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    00:06:29.0502 2948 NetMsmqActivator - ok
    00:06:29.0502 2948 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    00:06:29.0517 2948 NetPipeActivator - ok
    00:06:29.0549 2948 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
    00:06:29.0580 2948 netprofm - ok
    00:06:29.0580 2948 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    00:06:29.0580 2948 NetTcpActivator - ok
    00:06:29.0595 2948 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    00:06:29.0595 2948 NetTcpPortSharing - ok
    00:06:29.0642 2948 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
    00:06:29.0658 2948 nfrd960 - ok
    00:06:29.0705 2948 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    00:06:29.0705 2948 NisDrv - ok
    00:06:29.0814 2948 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    00:06:29.0829 2948 NisSrv - ok
    00:06:29.0861 2948 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
    00:06:29.0892 2948 NlaSvc - ok
    00:06:29.0923 2948 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    00:06:29.0939 2948 Npfs - ok
    00:06:29.0954 2948 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
    00:06:29.0970 2948 nsi - ok
    00:06:30.0001 2948 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    00:06:30.0017 2948 nsiproxy - ok
    00:06:30.0079 2948 nSvcIp (d7ba30ebf53546a0f8c2785c0063368d) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    00:06:30.0095 2948 nSvcIp - ok
    00:06:30.0126 2948 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
    00:06:30.0157 2948 Ntfs - ok
    00:06:30.0157 2948 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    00:06:30.0173 2948 Null - ok
    00:06:30.0453 2948 nvlddmkm (54f3b2c69c9311996ff7ff1fee910978) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    00:06:30.0828 2948 nvlddmkm - ok
    00:06:30.0906 2948 NVNET (0219b05730635fcab3a9925d3374c464) C:\Windows\system32\DRIVERS\nvmf6232.sys
    00:06:30.0968 2948 NVNET - ok
    00:06:31.0015 2948 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
    00:06:31.0046 2948 nvraid - ok
    00:06:31.0077 2948 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
    00:06:31.0109 2948 nvstor - ok
    00:06:31.0140 2948 nvstor32 (3ff57a9a657c9690ecbc8b1e3b6e3979) C:\Windows\system32\drivers\nvstor32.sys
    00:06:31.0140 2948 nvstor32 - ok
    00:06:31.0187 2948 nvsvc (9d70397d171adb994b602a80b1b0f216) C:\Windows\system32\nvvsvc.exe
    00:06:31.0187 2948 nvsvc - ok
    00:06:31.0202 2948 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
    00:06:31.0218 2948 nv_agp - ok
    00:06:31.0249 2948 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
    00:06:31.0280 2948 ohci1394 - ok
    00:06:31.0327 2948 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    00:06:31.0405 2948 ose - ok
    00:06:31.0514 2948 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    00:06:31.0811 2948 osppsvc - ok
    00:06:31.0889 2948 OxPPort (05564282ea0fa0c7543452d7bc46a4fb) C:\Windows\system32\drivers\OxPPort.sys
    00:06:31.0935 2948 OxPPort - ok
    00:06:31.0982 2948 OxSer (a47925ceef0c0ae51409ddd551c5e3e5) C:\Windows\system32\drivers\OxSer.sys
    00:06:32.0013 2948 OxSer - ok
    00:06:32.0029 2948 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    00:06:32.0060 2948 p2pimsvc - ok
    00:06:32.0107 2948 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
    00:06:32.0138 2948 p2psvc - ok
    00:06:32.0169 2948 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
    00:06:32.0201 2948 Parport - ok
    00:06:32.0232 2948 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
    00:06:32.0232 2948 partmgr - ok
    00:06:32.0247 2948 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
    00:06:32.0263 2948 Parvdm - ok
    00:06:32.0279 2948 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
    00:06:32.0294 2948 PcaSvc - ok
    00:06:32.0325 2948 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
    00:06:32.0325 2948 pci - ok
    00:06:32.0357 2948 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
    00:06:32.0372 2948 pciide - ok
    00:06:32.0403 2948 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
    00:06:32.0419 2948 pcmcia - ok
    00:06:32.0450 2948 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    00:06:32.0450 2948 pcw - ok
    00:06:32.0528 2948 pdfcDispatcher - ok
    00:06:32.0559 2948 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    00:06:32.0591 2948 PEAUTH - ok
    00:06:32.0637 2948 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
    00:06:32.0731 2948 PeerDistSvc - ok
    00:06:32.0840 2948 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
    00:06:32.0934 2948 pla - ok
    00:06:32.0981 2948 PlugPlay (92dc6e68d2c856c5c2f21ae9e22112b8) C:\Windows\system32\umpnpmgr.dll
    00:06:33.0027 2948 PlugPlay - ok
    00:06:33.0059 2948 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
    00:06:33.0074 2948 Pml Driver HPZ12 - ok
    00:06:33.0105 2948 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
    00:06:33.0121 2948 PNRPAutoReg - ok
    00:06:33.0137 2948 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    00:06:33.0152 2948 PNRPsvc - ok
    00:06:33.0168 2948 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
    00:06:33.0215 2948 PolicyAgent - ok
    00:06:33.0230 2948 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
    00:06:33.0261 2948 Power - ok
    00:06:33.0308 2948 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    00:06:33.0355 2948 PptpMiniport - ok
    00:06:33.0386 2948 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
    00:06:33.0417 2948 Processor - ok
    00:06:33.0433 2948 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
    00:06:33.0464 2948 ProfSvc - ok
    00:06:33.0495 2948 ProtectedStorage (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
    00:06:33.0495 2948 ProtectedStorage - ok
    00:06:33.0527 2948 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    00:06:33.0558 2948 Psched - ok
    00:06:33.0605 2948 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
    00:06:33.0651 2948 ql2300 - ok
    00:06:33.0683 2948 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
    00:06:33.0729 2948 ql40xx - ok
    00:06:33.0761 2948 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
    00:06:33.0792 2948 QWAVE - ok
    00:06:33.0807 2948 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    00:06:33.0823 2948 QWAVEdrv - ok
    00:06:33.0839 2948 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    00:06:33.0870 2948 RasAcd - ok
    00:06:33.0885 2948 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    00:06:33.0917 2948 RasAgileVpn - ok
    00:06:33.0932 2948 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
    00:06:33.0948 2948 RasAuto - ok
    00:06:33.0979 2948 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    00:06:34.0010 2948 Rasl2tp - ok
    00:06:34.0041 2948 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
    00:06:34.0073 2948 RasMan - ok
    00:06:34.0073 2948 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    00:06:34.0088 2948 RasPppoe - ok
    00:06:34.0119 2948 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    00:06:34.0151 2948 RasSstp - ok
    00:06:34.0182 2948 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
    00:06:34.0213 2948 rdbss - ok
    00:06:34.0244 2948 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\drivers\rdpbus.sys
    00:06:34.0260 2948 rdpbus - ok
    00:06:34.0275 2948 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
    00:06:34.0275 2948 RDPCDD - ok
    00:06:34.0307 2948 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
    00:06:34.0338 2948 RDPDR - ok
    00:06:34.0353 2948 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    00:06:34.0369 2948 RDPENCDD - ok
    00:06:34.0385 2948 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    00:06:34.0400 2948 RDPREFMP - ok
    00:06:34.0416 2948 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
    00:06:34.0463 2948 RDPWD - ok
    00:06:34.0525 2948 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
    00:06:34.0525 2948 rdyboost - ok
    00:06:34.0556 2948 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
    00:06:34.0572 2948 RemoteAccess - ok
    00:06:34.0603 2948 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
    00:06:34.0619 2948 RemoteRegistry - ok
    00:06:34.0634 2948 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
    00:06:34.0665 2948 RpcEptMapper - ok
    00:06:34.0681 2948 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
    00:06:34.0712 2948 RpcLocator - ok
    00:06:34.0728 2948 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
    00:06:34.0743 2948 RpcSs - ok
    00:06:34.0790 2948 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    00:06:34.0821 2948 rspndr - ok
    00:06:34.0853 2948 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
    00:06:34.0853 2948 s3cap - ok
    00:06:34.0884 2948 SamSs (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
    00:06:34.0884 2948 SamSs - ok
    00:06:34.0915 2948 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
    00:06:34.0946 2948 sbp2port - ok
    00:06:34.0977 2948 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
    00:06:35.0009 2948 SCardSvr - ok
    00:06:35.0024 2948 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
    00:06:35.0040 2948 scfilter - ok
    00:06:35.0087 2948 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
    00:06:35.0118 2948 Schedule - ok
    00:06:35.0149 2948 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
    00:06:35.0149 2948 SCPolicySvc - ok
    00:06:35.0165 2948 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
    00:06:35.0180 2948 SDRSVC - ok
    00:06:35.0243 2948 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    00:06:35.0258 2948 SeaPort - ok
    00:06:35.0305 2948 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    00:06:35.0321 2948 secdrv - ok
    00:06:35.0336 2948 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
    00:06:35.0367 2948 seclogon - ok
    00:06:35.0383 2948 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
    00:06:35.0414 2948 SENS - ok
    00:06:35.0414 2948 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
    00:06:35.0445 2948 SensrSvc - ok
    00:06:35.0492 2948 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\drivers\serenum.sys
    00:06:35.0523 2948 Serenum - ok
    00:06:35.0539 2948 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys
    00:06:35.0586 2948 Serial - ok
    00:06:35.0617 2948 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
    00:06:35.0633 2948 sermouse - ok
    00:06:35.0648 2948 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
    00:06:35.0679 2948 SessionEnv - ok
    00:06:35.0711 2948 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
    00:06:35.0711 2948 sffdisk - ok
    00:06:35.0742 2948 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
    00:06:35.0742 2948 sffp_mmc - ok
    00:06:35.0773 2948 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
    00:06:35.0773 2948 sffp_sd - ok
    00:06:35.0804 2948 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
    00:06:35.0820 2948 sfloppy - ok
    00:06:35.0851 2948 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
    00:06:35.0898 2948 SharedAccess - ok
    00:06:35.0929 2948 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
    00:06:35.0945 2948 ShellHWDetection - ok
    00:06:35.0960 2948 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
    00:06:35.0991 2948 sisagp - ok
    00:06:36.0023 2948 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
    00:06:36.0038 2948 SiSRaid2 - ok
    00:06:36.0054 2948 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
    00:06:36.0085 2948 SiSRaid4 - ok
    00:06:36.0116 2948 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    00:06:36.0147 2948 Smb - ok
    00:06:36.0194 2948 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
    00:06:36.0210 2948 SNMPTRAP - ok
    00:06:36.0241 2948 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    00:06:36.0241 2948 spldr - ok
    00:06:36.0272 2948 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
    00:06:36.0303 2948 Spooler - ok
    00:06:36.0366 2948 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
    00:06:36.0491 2948 sppsvc - ok
    00:06:36.0522 2948 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
    00:06:36.0537 2948 sppuinotify - ok
    00:06:36.0553 2948 srv (112127c3b2e64d7680cc39cd0a39dd7e) C:\Windows\system32\DRIVERS\srv.sys
    00:06:36.0600 2948 srv - ok
    00:06:36.0615 2948 srv2 (e5dd784a4ee5ebc72a86c677c988fcdb) C:\Windows\system32\DRIVERS\srv2.sys
    00:06:36.0647 2948 srv2 - ok
    00:06:36.0662 2948 srvnet (cdbe627e16cc9e98f343d73f8e81d258) C:\Windows\system32\DRIVERS\srvnet.sys
    00:06:36.0678 2948 srvnet - ok
    00:06:36.0693 2948 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
    00:06:36.0725 2948 SSDPSRV - ok
    00:06:36.0740 2948 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
    00:06:36.0756 2948 SstpSvc - ok
    00:06:36.0787 2948 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
    00:06:36.0803 2948 stexstor - ok
    00:06:36.0834 2948 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
    00:06:36.0881 2948 StiSvc - ok
    00:06:36.0896 2948 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
    00:06:36.0896 2948 storflt - ok
    00:06:36.0927 2948 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
    00:06:36.0943 2948 StorSvc - ok
    00:06:36.0974 2948 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
    00:06:36.0990 2948 storvsc - ok
    00:06:37.0021 2948 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
    00:06:37.0021 2948 swenum - ok
    00:06:37.0052 2948 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
    00:06:37.0083 2948 swprv - ok
    00:06:37.0115 2948 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
    00:06:37.0177 2948 SysMain - ok
    00:06:37.0193 2948 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
    00:06:37.0208 2948 TabletInputService - ok
    00:06:37.0239 2948 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
    00:06:37.0255 2948 TapiSrv - ok
    00:06:37.0271 2948 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
    00:06:37.0302 2948 TBS - ok
    00:06:37.0427 2948 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
    00:06:37.0458 2948 Tcpip - ok
    00:06:37.0489 2948 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
    00:06:37.0505 2948 TCPIP6 - ok
    00:06:37.0520 2948 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
    00:06:37.0536 2948 tcpipreg - ok
    00:06:37.0567 2948 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
    00:06:37.0583 2948 TDPIPE - ok
    00:06:37.0598 2948 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
    00:06:37.0614 2948 TDTCP - ok
    00:06:37.0645 2948 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
    00:06:37.0692 2948 tdx - ok
    00:06:37.0707 2948 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
    00:06:37.0739 2948 TermDD - ok
    00:06:37.0770 2948 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
    00:06:37.0817 2948 TermService - ok
    00:06:37.0832 2948 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
    00:06:37.0848 2948 Themes - ok
    00:06:37.0879 2948 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    00:06:37.0879 2948 THREADORDER - ok
    00:06:37.0910 2948 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
    00:06:37.0926 2948 TrkWks - ok
    00:06:37.0988 2948 TrojanKillerDriver (113384367c3999e084fe156b18c7625e) C:\Windows\system32\DRIVERS\gtkdrv.sys
    00:06:38.0019 2948 TrojanKillerDriver - ok
    00:06:38.0035 2948 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
    00:06:38.0082 2948 TrustedInstaller - ok
    00:06:38.0113 2948 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
    00:06:38.0129 2948 tssecsrv - ok
    00:06:38.0144 2948 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
    00:06:38.0175 2948 TsUsbFlt - ok
    00:06:38.0207 2948 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
    00:06:38.0222 2948 TsUsbGD - ok
    00:06:38.0253 2948 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
    00:06:38.0269 2948 tunnel - ok
    00:06:38.0300 2948 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
    00:06:38.0316 2948 uagp35 - ok
    00:06:38.0363 2948 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
    00:06:38.0378 2948 udfs - ok
    00:06:38.0409 2948 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
    00:06:38.0425 2948 UI0Detect - ok
    00:06:38.0503 2948 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
    00:06:38.0534 2948 uliagpkx - ok
    00:06:38.0581 2948 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
    00:06:38.0612 2948 umbus - ok
    00:06:38.0643 2948 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
    00:06:38.0659 2948 UmPass - ok
    00:06:38.0675 2948 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
    00:06:38.0706 2948 UmRdpService - ok
    00:06:38.0721 2948 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
    00:06:38.0768 2948 upnphost - ok
    00:06:38.0799 2948 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys
    00:06:38.0831 2948 usbccgp - ok
    00:06:38.0846 2948 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
    00:06:38.0862 2948 usbcir - ok
    00:06:38.0877 2948 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys
    00:06:38.0893 2948 usbehci - ok
    00:06:38.0924 2948 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
    00:06:38.0940 2948 usbhub - ok
    00:06:38.0971 2948 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
    00:06:38.0987 2948 usbohci - ok
    00:06:39.0002 2948 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys
    00:06:39.0018 2948 usbprint - ok
    00:06:39.0049 2948 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    00:06:39.0080 2948 USBSTOR - ok
    00:06:39.0096 2948 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
    00:06:39.0111 2948 usbuhci - ok
    00:06:39.0143 2948 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
    00:06:39.0158 2948 UxSms - ok
    00:06:39.0189 2948 VaultSvc (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
    00:06:39.0189 2948 VaultSvc - ok
    00:06:39.0236 2948 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
    00:06:39.0236 2948 vdrvroot - ok
    00:06:39.0267 2948 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
    00:06:39.0299 2948 vds - ok
    00:06:39.0330 2948 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    00:06:39.0345 2948 vga - ok
    00:06:39.0361 2948 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    00:06:39.0377 2948 VgaSave - ok
    00:06:39.0392 2948 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
    00:06:39.0423 2948 vhdmp - ok
    00:06:39.0470 2948 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
    00:06:39.0486 2948 viaagp - ok
    00:06:39.0517 2948 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
    00:06:39.0533 2948 ViaC7 - ok
    00:06:39.0564 2948 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
    00:06:39.0595 2948 viaide - ok
    00:06:39.0626 2948 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
    00:06:39.0657 2948 vmbus - ok
    00:06:39.0673 2948 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
    00:06:39.0689 2948 VMBusHID - ok
    00:06:39.0704 2948 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
    00:06:39.0704 2948 volmgr - ok
    00:06:39.0735 2948 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    00:06:39.0735 2948 volmgrx - ok
    00:06:39.0767 2948 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
    00:06:39.0767 2948 volsnap - ok
    00:06:39.0798 2948 vpcbus (33e74df34753fcaab06f6f2bdc8cabf5) C:\Windows\system32\drivers\vpchbus.sys
    00:06:39.0813 2948 vpcbus - ok
    00:06:39.0845 2948 vpcnfltr (5f04362ceb5fb5901037e9d9eadd3760) C:\Windows\system32\DRIVERS\vpcnfltr.sys
    00:06:39.0860 2948 vpcnfltr - ok
    00:06:39.0891 2948 vpcusb (625088d6ee9ede977fd03cf18d1cd5c5) C:\Windows\system32\DRIVERS\vpcusb.sys
    00:06:39.0938 2948 vpcusb - ok
    00:06:39.0969 2948 vpcvmm (b21e23c100d6d5162b95cf6f05b4e035) C:\Windows\system32\drivers\vpcvmm.sys
    00:06:39.0985 2948 vpcvmm - ok
    00:06:40.0032 2948 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
    00:06:40.0079 2948 vsmraid - ok
    00:06:40.0141 2948 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
    00:06:40.0219 2948 VSS - ok
    00:06:40.0250 2948 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    00:06:40.0266 2948 vwifibus - ok
    00:06:40.0297 2948 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
    00:06:40.0344 2948 W32Time - ok
    00:06:40.0375 2948 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
    00:06:40.0391 2948 WacomPen - ok
    00:06:40.0406 2948 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    00:06:40.0437 2948 WANARP - ok
    00:06:40.0453 2948 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    00:06:40.0453 2948 Wanarpv6 - ok
    00:06:40.0640 2948 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
    00:06:40.0734 2948 wbengine - ok
    00:06:40.0749 2948 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
    00:06:40.0781 2948 WbioSrvc - ok
    00:06:40.0812 2948 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
    00:06:40.0843 2948 wcncsvc - ok
    00:06:40.0859 2948 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
    00:06:40.0874 2948 WcsPlugInService - ok
    00:06:40.0905 2948 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
    00:06:40.0921 2948 Wd - ok
    00:06:40.0952 2948 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    00:06:40.0968 2948 Wdf01000 - ok
    00:06:40.0983 2948 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    00:06:40.0999 2948 WdiServiceHost - ok
    00:06:40.0999 2948 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    00:06:40.0999 2948 WdiSystemHost - ok
    00:06:41.0015 2948 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
    00:06:41.0061 2948 WebClient - ok
    00:06:41.0077 2948 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
    00:06:41.0108 2948 Wecsvc - ok
    00:06:41.0124 2948 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
    00:06:41.0139 2948 wercplsupport - ok
    00:06:41.0171 2948 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
    00:06:41.0217 2948 WerSvc - ok
    00:06:41.0264 2948 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    00:06:41.0280 2948 WfpLwf - ok
    00:06:41.0311 2948 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    00:06:41.0311 2948 WIMMount - ok
    00:06:41.0389 2948 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
    00:06:41.0467 2948 WinDefend - ok
    00:06:41.0483 2948 WinHttpAutoProxySvc - ok
    00:06:41.0514 2948 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
    00:06:41.0545 2948 Winmgmt - ok
    00:06:41.0576 2948 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
    00:06:41.0654 2948 WinRM - ok
    00:06:41.0701 2948 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
    00:06:41.0748 2948 Wlansvc - ok
    00:06:41.0841 2948 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    00:06:41.0873 2948 wlidsvc - ok
    00:06:41.0951 2948 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
    00:06:41.0982 2948 WmiAcpi - ok
    00:06:42.0044 2948 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
    00:06:42.0060 2948 wmiApSrv - ok
    00:06:42.0122 2948 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
    00:06:42.0231 2948 WMPNetworkSvc - ok
    00:06:42.0247 2948 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
    00:06:42.0278 2948 WPCSvc - ok
    00:06:42.0294 2948 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
    00:06:42.0325 2948 WPDBusEnum - ok
    00:06:42.0356 2948 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    00:06:42.0372 2948 ws2ifsl - ok
    00:06:42.0387 2948 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
    00:06:42.0434 2948 wscsvc - ok
    00:06:42.0450 2948 WSearch - ok
    00:06:42.0575 2948 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
    00:06:42.0668 2948 wuauserv - ok
    00:06:42.0699 2948 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
    00:06:42.0731 2948 WudfPf - ok
    00:06:42.0762 2948 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
    00:06:42.0793 2948 wudfsvc - ok
    00:06:42.0809 2948 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
    00:06:42.0840 2948 WwanSvc - ok
    00:06:42.0902 2948 XobniService (2f1f1e823fd15be2be1c4e4e1ec07abe) C:\Program Files\Xobni\XobniService.exe
    00:06:42.0949 2948 XobniService - ok
    00:06:42.0980 2948 MBR (0x1B8) (434fe36c05f8bb22e0c8592360c3d53c) \Device\Harddisk0\DR0
    00:06:43.0245 2948 \Device\Harddisk0\DR0 - ok
    00:06:43.0261 2948 Boot (0x1200) (a990ec4b9325c17c3ff83f9fd57b0034) \Device\Harddisk0\DR0\Partition0
    00:06:43.0261 2948 \Device\Harddisk0\DR0\Partition0 - ok
    00:06:43.0277 2948 Boot (0x1200) (0c2807eb53ab5d9cbee395267c64d37a) \Device\Harddisk0\DR0\Partition1
    00:06:43.0277 2948 \Device\Harddisk0\DR0\Partition1 - ok
    00:06:43.0308 2948 Boot (0x1200) (69ac03852419528dc1117aef8b2ed653) \Device\Harddisk0\DR0\Partition2
    00:06:43.0339 2948 \Device\Harddisk0\DR0\Partition2 - ok
    00:06:43.0339 2948 ============================================================
    00:06:43.0339 2948 Scan finished
    00:06:43.0339 2948 ============================================================
    00:06:43.0339 2956 Detected object count: 0
    00:06:43.0339 2956 Actual detected object count: 0
  14. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Very good.

    Restart in normal mode and see how computer behaves.

    See if you can update and run MBAM from there.
    If so post fresh log.

    Then....

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  15. TechFee

    TechFee Newcomer, in training Topic Starter Posts: 29

    MBAM Combo Fix logs

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.22.04

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    kmanney :: MELB-W10 [administrator]

    Protection: Enabled

    3/22/2012 3:53:24 PM
    mbam-log-2012-03-22 (15-53-24).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 198495
    Time elapsed: 4 minute(s), 32 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\System32\chgletup.dll (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)


    ____________________________________________________

    ComboFix 12-03-21.02 - kmanney 03/22/2012 16:44:27.2.2 - x86
    Running from: c:\virus removers\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\kmanney\g2ax_customer_downloadhelper_win32_x86.exe
    c:\users\kmanney\g2mdlhlpx.exe
    c:\windows\$NtUninstallKB22518$
    c:\windows\system32\Agent.OMZ.Fix.exe
    c:\windows\system32\dumphive.exe
    c:\windows\system32\IEDFix.C.exe
    c:\windows\system32\IEDFix.exe
    c:\windows\system32\o4Patch.exe
    c:\windows\system32\Process.exe
    c:\windows\system32\SETAA3D.tmp
    c:\windows\system32\SrchSTS.exe
    c:\windows\system32\system
    c:\windows\system32\tmp.reg
    c:\windows\system32\VCCLSID.exe
    c:\windows\system32\WS2Fix.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-22 to 2012-03-22 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-22 20:57 . 2012-03-22 20:57 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-22 20:57 . 2012-03-22 20:58 -------- d-----w- c:\users\kmanney\AppData\Local\temp
    2012-03-22 19:52 . 2012-03-22 19:52 196984 ----a-w- c:\windows\system32\g2ax_credential_provider_383.dll
    2012-03-22 06:00 . 2012-03-22 06:00 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1FC69F1-9E37-4AD8-8124-F423771E0539}\offreg.dll
    2012-03-22 04:04 . 2012-03-13 23:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1FC69F1-9E37-4AD8-8124-F423771E0539}\mpengine.dll
    2012-03-22 03:42 . 2012-03-22 03:42 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-22 00:56 . 2012-03-22 00:56 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{53DADA43-7AFF-4798-8133-ED6D9C93144D}\gapaengine.dll
    2012-03-22 00:53 . 2012-03-22 00:53 -------- d-----w- c:\program files\Microsoft Security Client
    2012-03-21 17:08 . 2012-03-21 18:10 -------- d-----w- C:\Symantec Endpoint Protection 11.0.3
    2012-03-20 20:16 . 2012-03-20 20:35 -------- d-----w- c:\program files\GridinSoft Trojan Killer
    2012-03-20 20:16 . 2012-03-20 20:16 24398592 ----a-w- C:\gtk2119-setup.exe
    2012-03-20 17:45 . 2012-03-20 17:59 691 ----a-w- c:\users\kmanney\AppData\Roaming\GetValue.vbs
    2012-03-20 17:45 . 2012-03-20 17:59 35 ----a-w- c:\users\kmanney\AppData\Roaming\SetValue.bat
    2012-03-19 23:15 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
    2012-03-19 23:14 . 2012-03-19 23:14 -------- d-----w- c:\program files\MSXML 4.0
    2012-03-19 23:04 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-19 23:04 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-03-19 23:03 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-03-19 23:02 . 2012-03-21 18:53 -------- d-----w- C:\RBin
    2012-03-19 23:02 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
    2012-03-19 21:30 . 2012-03-19 21:30 28172738 ----a-w- C:\31912 530.reg
    2012-03-19 20:25 . 2012-03-19 20:26 -------- d-----w- c:\users\Security1st
    2012-03-19 16:18 . 2012-03-19 16:18 186 ----a-w- C:\new.reg
    2012-03-19 13:45 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-05 23:28 . 2012-03-22 04:01 -------- d-----w- C:\Virus removers
    2012-03-05 22:31 . 2012-03-05 22:31 126394 ----a-w- C:\cc_20120305_173129.reg
    2012-03-02 17:59 . 2012-03-02 18:44 -------- d-----w- c:\program files\CCleaner
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-31 12:44 . 2011-02-10 19:41 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-04 14:28 . 2012-01-04 14:28 16128 ----a-w- c:\windows\system32\drivers\gtkdrv.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2010-09-28 664600]
    "HP KEYBOARDx"="c:\program files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656]
    "HP Remote Solution"="c:\program files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
    "BATINDICATOR"="c:\program files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
    "LaunchHPOSIAPP"="c:\program files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
    2012-03-22 19:52 608632 ----a-w- c:\program files\Citrix\GoToAssist Express Customer\383\g2ax_winlogon.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [2011-02-23 56040]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
    R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 OxPPort;OxPPort;c:\windows\system32\drivers\OxPPort.sys [2008-07-31 82048]
    R3 OxSer;OxSer;c:\windows\system32\drivers\OxSer.sys [2009-09-16 83888]
    R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys [2012-01-04 16128]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\Citrix\GoToAssist Express Customer\383\g2ax_service.exe Start=service [x]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 246840]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-26 92216]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
    S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    TCP: DhcpNameServer = 192.168.1.254
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
    "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-03-22 17:03:03
    ComboFix-quarantined-files.txt 2012-03-22 21:03
    .
    Pre-Run: 210,196,496,384 bytes free
    Post-Run: 210,310,373,376 bytes free
    .
    - - End Of File - - 81562353BBEC28199F3D87EF81DF435E
  16. TechFee

    TechFee Newcomer, in training Topic Starter Posts: 29

    MBAM again

    scanned MBAM again and it found zero infections.
  17. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Good job :)

    Uninstall (GridinSoft) Trojan Killer a software of a very questionable reputation.

    Combofix log looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  18. TechFee

    TechFee Newcomer, in training Topic Starter Posts: 29

    Extras & OTL

    OTL Extras logfile created on: 3/26/2012 6:40:31 PM - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\kmanney\Desktop
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.75 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 64.29% Memory free
    3.50 Gb Paging File | 2.78 Gb Available in Paging File | 79.35% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 223.51 Gb Total Space | 198.52 Gb Free Space | 88.82% Space Free | Partition Type: NTFS
    Drive D: | 9.27 Gb Total Space | 1.13 Gb Free Space | 12.15% Space Free | Partition Type: NTFS
    Drive Z: | 223.51 Gb Total Space | 193.83 Gb Free Space | 86.72% Space Free | Partition Type: NTFS

    Computer Name: MELB-W10 | User Name: kmanney | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup
    "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3CEA34E7-41EE-4C68-95F8-10E183F1D3E5}" = Closers' Choice
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{465210C4-595A-BD80-44E8-E0457D9D8432}" = Zinio Reader 4
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
    "{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
    "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
    "{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{912CED74-88D3-4C5B-ACB0-132318649765}" = PressReader
    "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
    "{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
    "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
    "{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP MAINSTREAM KEYBOARD
    "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
    "{BE1C9464-DEBB-4DA6-B19A-8EC634F22D73}" = HP Connect Solutions
    "{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
    "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
    "{D7EC8A27-CDA2-46AE-8A26-4104A04FA5BE}" = 32 Bit HP CIO Components Installer
    "{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
    "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Fort Dox" = Fort Dox
    "GoToAssist Express Customer" = GoToManage Customer 1.6.0.383
    "HP Keyboard_is1" = HP Desktop Keyboard
    "HP Remote Solution" = HP Remote Solution
    "Kobo" = Kobo
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Security Client" = Microsoft Security Essentials
    "Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "Office14.SingleImage" = Microsoft Office Home and Business 2010
    "PDF Complete" = PDF Complete Special Edition
    "SHARP PCL6 T1 Printer Driver" = SHARP PCL6 T1 Printer Driver
    "WildTangent hp Master Uninstall" = HP Games
    "WT087328" = Blackhawk Striker 2
    "WT087330" = Bounce Symphony
    "WT087335" = Build-a-lot 2
    "WT087343" = Dora's World Adventure
    "WT087393" = Mah Jong Medley
    "WT087394" = Penguins!
    "WT087395" = Poker Superstars III
    "WT087396" = Polar Bowler
    "WT087397" = Polar Golfer
    "WT087415" = Wheel of Fortune 2
    "WT087536" = Diner Dash 2 Restaurant Rescue
    "WT089307" = Virtual Villagers 4 - The Tree of Life
    "WT089308" = Blasterball 3
    "WT089328" = Farm Frenzy
    "WT089359" = Cake Mania
    "WT089362" = Agatha Christie - Peril at End House
    "WT089453" = Bejeweled 2 Deluxe
    "WT089454" = Chuzzle Deluxe
    "WT089455" = Zuma Deluxe
    "WT089457" = Slingo Supreme
    "WT089458" = Plants vs. Zombies - Game of the Year
    "WT089470" = FATE - The Traitor Soul
    "WT089484" = Namco All-Stars PAC-MAN
    "WT089496" = Mystery P.I. - Stolen in San Francisco
    "WT089498" = Bejeweled 3
    "XobniMain" = Xobni
    "ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-377038991-3734808654-2868031893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToMeeting" = GoToMeeting 4.5.0.457

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2/1/2012 1:30:45 AM | Computer Name = MELB-W10 | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\program files\Kobo\drivers\dpinst64.exe".
    Dependent
    Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 2/1/2012 9:15:08 AM | Computer Name = MELB-W10 | Source = WinMgmt | ID = 10
    Description =

    Error - 2/2/2012 1:30:41 AM | Computer Name = MELB-W10 | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\program files\Kobo\drivers\dpinst64.exe".
    Dependent
    Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 2/3/2012 1:30:37 AM | Computer Name = MELB-W10 | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\program files\Kobo\drivers\dpinst64.exe".
    Dependent
    Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 2/3/2012 10:26:14 AM | Computer Name = MELB-W10 | Source = Application Hang | ID = 1002
    Description = The program ClosersChoice.exe version 5.0.0.511 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: db8 Start
    Time: 01cce2774552188c Termination Time: 30 Application Path: C:\Program Files\Closers'
    Choice\ClosersChoice.exe Report Id: f61270ed-4e72-11e1-a0cf-e0699532c7a6

    Error - 2/4/2012 1:30:42 AM | Computer Name = MELB-W10 | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\program files\Kobo\drivers\dpinst64.exe".
    Dependent
    Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 2/8/2012 5:31:37 PM | Computer Name = MELB-W10 | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
    time stamp: 0x4ce79912 Faulting module name: mshtml.dll, version: 8.0.7601.17514,
    time stamp: 0x4ce7b8f3 Exception code: 0xc0000005 Fault offset: 0x000d68d2 Faulting
    process id: 0x133c Faulting application start time: 0x01cce6a890c280b0 Faulting application
    path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
    Report
    Id: 473263b0-529c-11e1-a0cf-e0699532c7a6

    Error - 2/10/2012 1:30:45 AM | Computer Name = MELB-W10 | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\program files\Kobo\drivers\dpinst64.exe".
    Dependent
    Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 2/15/2012 1:30:52 AM | Computer Name = MELB-W10 | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\program files\Kobo\drivers\dpinst64.exe".
    Dependent
    Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 2/16/2012 1:00:02 AM | Computer Name = MELB-W10 | Source = VSS | ID = 8193
    Description =

    [ Hewlett-Packard Events ]
    Error - 7/21/2011 4:18:58 PM | Computer Name = MELB-W10 | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071121041853.xml
    File not created by asset agent

    Error - 12/1/2011 5:03:59 PM | Computer Name = MELB-W10 | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\121101040355.xml
    File not created by asset agent

    Error - 12/8/2011 5:52:03 PM | Computer Name = MELB-W10 | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\121108045159.xml
    File not created by asset agent

    Error - 1/5/2012 5:23:15 PM | Computer Name = MELB-W10 | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011205042312.xml
    File not created by asset agent

    Error - 1/26/2012 5:21:30 PM | Computer Name = MELB-W10 | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011226042127.xml
    File not created by asset agent

    [ System Events ]
    Error - 3/21/2012 11:40:22 PM | Computer Name = MELB-W10 | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 3/21/2012 11:40:22 PM | Computer Name = MELB-W10 | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 3/21/2012 11:40:22 PM | Computer Name = MELB-W10 | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 3/22/2012 4:00:52 PM | Computer Name = MELB-W10 | Source = Microsoft Antimalware | ID = 3002
    Description = %%860 Real-Time Protection feature has encountered an error and failed.

    Feature:
    %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

    Error - 3/22/2012 4:06:41 PM | Computer Name = MELB-W10 | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 3/22/2012 4:44:24 PM | Computer Name = MELB-W10 | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the HP
    Health Check Service service to connect.

    Error - 3/22/2012 4:44:24 PM | Computer Name = MELB-W10 | Source = Service Control Manager | ID = 7000
    Description = The HP Health Check Service service failed to start due to the following
    error: %%1053

    Error - 3/22/2012 4:44:24 PM | Computer Name = MELB-W10 | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 3/22/2012 4:50:06 PM | Computer Name = MELB-W10 | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 3/22/2012 4:58:06 PM | Computer Name = MELB-W10 | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.


    < End of report >
  19. TechFee

    TechFee Newcomer, in training Topic Starter Posts: 29

    OTL

    OTL logfile created on: 3/26/2012 6:40:31 PM - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\kmanney\Desktop
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.75 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 64.29% Memory free
    3.50 Gb Paging File | 2.78 Gb Available in Paging File | 79.35% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 223.51 Gb Total Space | 198.52 Gb Free Space | 88.82% Space Free | Partition Type: NTFS
    Drive D: | 9.27 Gb Total Space | 1.13 Gb Free Space | 12.15% Space Free | Partition Type: NTFS
    Drive Z: | 223.51 Gb Total Space | 193.83 Gb Free Space | 86.72% Space Free | Partition Type: NTFS

    Computer Name: MELB-W10 | User Name: kmanney | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/03/26 18:37:38 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\kmanney\Desktop\OTL.exe
    PRC - [2012/03/22 15:52:14 | 000,609,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Express Customer\383\g2ax_user_high_customer.exe
    PRC - [2012/03/22 15:52:14 | 000,609,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Express Customer\383\g2ax_user_customer.exe
    PRC - [2012/03/22 15:52:14 | 000,609,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Express Customer\383\g2ax_system_customer.exe
    PRC - [2012/03/22 15:52:14 | 000,609,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Express Customer\383\g2ax_service.exe
    PRC - [2012/03/22 15:52:14 | 000,609,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Express Customer\383\g2ax_host.exe
    PRC - [2012/03/22 15:52:14 | 000,609,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Express Customer\383\g2ax_comm_customer.exe
    PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2011/01/25 20:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2010/11/20 17:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/11/20 17:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2010/10/11 05:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    PRC - [2010/09/28 11:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
    PRC - [2010/03/04 20:23:48 | 000,370,792 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    PRC - [2010/03/04 20:23:48 | 000,167,528 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    PRC - [2009/02/27 22:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe


    ========== Modules (No Company Name) ==========

    MOD - [2009/02/27 22:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/03/22 15:52:14 | 000,609,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Citrix\GoToAssist Express Customer\383\g2ax_service.exe -- (GoToAssist Express Customer)
    SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2011/02/22 21:57:02 | 000,056,040 | ---- | M] (Xobni Corporation) [Auto | Stopped] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
    SRV - [2011/01/25 20:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/10/11 05:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
    SRV - [2010/09/28 11:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
    SRV - [2010/03/04 20:23:48 | 000,370,792 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
    SRV - [2010/03/04 20:23:48 | 000,167,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
    SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
    SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\kmanney\AppData\Local\Temp\mbr.sys -- (mbr)
    DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\kmanney\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/05/19 03:53:21 | 000,295,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
    DRV - [2011/05/19 03:52:38 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
    DRV - [2011/05/19 03:52:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
    DRV - [2011/05/19 03:52:38 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
    DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
    DRV - [2010/11/20 17:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 17:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 17:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
    DRV - [2010/11/20 17:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 17:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 17:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV - [2010/11/20 17:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 17:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2010/03/31 13:38:26 | 011,621,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2010/03/04 07:26:56 | 000,296,936 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
    DRV - [2009/09/16 03:37:08 | 000,083,888 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OxSer.sys -- (OxSer)
    DRV - [2009/08/04 20:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
    DRV - [2008/07/31 07:13:18 | 000,082,048 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OxPPort.sys -- (OxPPort)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-377038991-3734808654-2868031893-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-377038991-3734808654-2868031893-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-377038991-3734808654-2868031893-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/05/19 04:24:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/05/19 04:24:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/05/19 04:24:23 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/26 10:52:32 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2012/03/26 10:52:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kmanney\AppData\Roaming\Mozilla\Extensions
    [2012/03/26 10:52:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kmanney\AppData\Roaming\Mozilla\Firefox\Profiles\x9hb7ubf.default\extensions
    [2012/03/26 10:52:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\kmanney\AppData\Roaming\Mozilla\Firefox\Profiles\x9hb7ubf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2012/03/26 10:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/03/26 10:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
    [2012/03/26 10:52:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2011/11/21 00:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/11/20 21:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/11/20 21:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/03/22 16:58:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O3 - HKU\S-1-5-21-377038991-3734808654-2868031893-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-377038991-3734808654-2868031893-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [HP KEYBOARDx] C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard)
    O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [hpsysdrv] c:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-377038991-3734808654-2868031893-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-377038991-3734808654-2868031893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O15 - HKU\S-1-5-21-377038991-3734808654-2868031893-1000\..Trusted Domains: condocerts.com ([www] https in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50E7F8E2-F889-426E-B7F1-F582D346E46F}: DhcpNameServer = 192.168.1.254
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\GoToAssist Express Customer: DllName - (C:\Program Files\Citrix\GoToAssist Express Customer\383\g2ax_winlogon.dll) - C:\Program Files\Citrix\GoToAssist Express Customer\383\g2ax_winlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/03/26 18:39:01 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\kmanney\Desktop\OTL.exe
    [2012/03/26 10:52:38 | 000,000,000 | ---D | C] -- C:\Users\kmanney\AppData\Roaming\Mozilla
    [2012/03/26 10:52:38 | 000,000,000 | ---D | C] -- C:\Users\kmanney\AppData\Local\Mozilla
    [2012/03/26 10:52:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2012/03/26 09:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012/03/22 17:03:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/03/22 17:03:11 | 000,000,000 | ---D | C] -- C:\Users\kmanney\AppData\Local\temp
    [2012/03/22 16:05:32 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/03/22 15:52:27 | 000,000,000 | ---D | C] -- C:\Users\kmanney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
    [2012/03/21 23:42:48 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/03/21 20:53:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/03/21 16:48:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/03/21 16:48:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/03/21 16:48:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/03/21 13:08:43 | 000,000,000 | ---D | C] -- C:\Symantec Endpoint Protection 11.0.3
    [2012/03/20 16:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
    [2012/03/20 16:16:19 | 024,398,592 | ---- | C] (GridinSoft LLC) -- C:\gtk2119-setup.exe
    [2012/03/19 19:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
    [2012/03/19 19:02:07 | 000,000,000 | ---D | C] -- C:\RBin
    [2012/03/19 09:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/03/19 09:45:46 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/03/05 19:28:01 | 000,000,000 | ---D | C] -- C:\Virus removers
    [2012/03/05 19:14:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/03/05 19:11:18 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/03/02 14:17:50 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2012/03/02 13:59:57 | 000,000,000 | ---D | C] -- C:\Users\kmanney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2012/03/02 13:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/03/26 18:37:38 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\kmanney\Desktop\OTL.exe
    [2012/03/26 10:52:33 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/03/23 11:06:16 | 000,027,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/03/23 11:06:16 | 000,027,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/03/22 16:58:00 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/03/22 16:41:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/03/22 16:41:19 | 1408,737,280 | -HS- | M] () -- C:\hiberfil.sys
    [2012/03/22 15:52:27 | 000,001,441 | ---- | M] () -- C:\Users\kmanney\Desktop\GoToManage Customer.lnk
    [2012/03/21 20:54:04 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/03/21 20:53:20 | 000,666,176 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/03/21 20:53:20 | 000,122,934 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/03/20 22:06:19 | 000,284,272 | ---- | M] () -- C:\Users\kmanney\Desktop\error.jpg
    [2012/03/20 16:16:35 | 024,398,592 | ---- | M] (GridinSoft LLC) -- C:\gtk2119-setup.exe
    [2012/03/20 13:59:20 | 000,000,691 | ---- | M] () -- C:\Users\kmanney\AppData\Roaming\GetValue.vbs
    [2012/03/20 13:59:20 | 000,000,035 | ---- | M] () -- C:\Users\kmanney\AppData\Roaming\SetValue.bat
    [2012/03/19 17:30:47 | 028,172,738 | ---- | M] () -- C:\31912 530.reg
    [2012/03/19 12:18:41 | 000,000,186 | ---- | M] () -- C:\new.reg
    [2012/03/19 09:48:16 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/16 13:56:20 | 000,000,067 | ---- | M] () -- C:\Windows\iltwain.ini
    [2012/03/15 18:48:16 | 000,000,300 | ---- | M] () -- C:\Users\kmanney\Desktop\Community Management Professionals Selling & Refinancing.url
    [2012/03/15 18:47:44 | 000,000,361 | ---- | M] () -- C:\Users\kmanney\Desktop\Office DEPOT.url
    [2012/03/15 18:46:35 | 000,000,240 | ---- | M] () -- C:\Users\kmanney\Desktop\community docs HOA.url
    [2012/03/15 18:46:26 | 000,000,264 | ---- | M] () -- C:\Users\kmanney\Desktop\KW Property Management & Consulting.url
    [2012/03/15 18:46:07 | 000,000,231 | ---- | M] () -- C:\Users\kmanney\Desktop\AssociationDoc.com (2).url
    [2012/03/15 18:45:57 | 000,000,287 | ---- | M] () -- C:\Users\kmanney\Desktop\Welcome to CondoCerts.url
    [2012/03/15 18:45:45 | 000,000,537 | ---- | M] () -- C:\Users\kmanney\Desktop\WelcomeLink - The Continental Group, Inc - Welcome.url
    [2012/03/15 18:42:21 | 000,000,220 | ---- | M] () -- C:\Users\kmanney\Desktop\www.sunbiz.org - Home.url
    [2012/03/06 09:00:54 | 000,000,227 | ---- | M] () -- C:\Users\kmanney\Desktop\Wells Fargo - Personal & Business Banking - Student, Auto & Home Loans - Investing & Insurance.url
    [2012/03/05 18:31:40 | 000,126,394 | ---- | M] () -- C:\cc_20120305_173129.reg
    [2012/03/02 16:49:21 | 000,001,409 | ---- | M] () -- C:\Users\kmanney\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/03/02 15:17:12 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/03/26 10:52:33 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/03/21 20:54:04 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012/03/21 20:53:11 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/03/21 16:48:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/03/21 16:48:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/03/21 16:48:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/03/21 16:48:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/03/21 16:48:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/03/20 22:06:19 | 000,284,272 | ---- | C] () -- C:\Users\kmanney\Desktop\error.jpg
    [2012/03/20 13:45:58 | 000,000,691 | ---- | C] () -- C:\Users\kmanney\AppData\Roaming\GetValue.vbs
    [2012/03/20 13:45:58 | 000,000,035 | ---- | C] () -- C:\Users\kmanney\AppData\Roaming\SetValue.bat
    [2012/03/20 13:24:34 | 001,477,498 | ---- | C] () -- C:\Users\kmanney\Documents\SmitfraudFix.exe
    [2012/03/19 17:30:38 | 028,172,738 | ---- | C] () -- C:\31912 530.reg
    [2012/03/19 12:18:41 | 000,000,186 | ---- | C] () -- C:\new.reg
    [2012/03/19 09:48:16 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/06 09:00:54 | 000,000,227 | ---- | C] () -- C:\Users\kmanney\Desktop\Wells Fargo - Personal & Business Banking - Student, Auto & Home Loans - Investing & Insurance.url
    [2012/03/05 18:31:38 | 000,126,394 | ---- | C] () -- C:\cc_20120305_173129.reg
    [2012/03/02 16:49:21 | 000,001,415 | ---- | C] () -- C:\Users\kmanney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2012/03/02 15:17:12 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
    [2012/01/02 12:48:51 | 000,001,158 | -HS- | C] () -- C:\Users\kmanney\AppData\Local\euo68tj57ue8gtxmypjh118035d3bpg012r43rwbab8
    [2012/01/02 12:48:51 | 000,001,158 | -HS- | C] () -- C:\ProgramData\euo68tj57ue8gtxmypjh118035d3bpg012r43rwbab8
    [2011/07/13 15:49:35 | 000,000,067 | ---- | C] () -- C:\Windows\iltwain.ini
    [2011/07/06 12:59:04 | 000,172,128 | ---- | C] () -- C:\Windows\_isusr32.dll
    [2011/07/06 12:59:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\_isusr2k.dll
    [2011/07/06 12:46:36 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
    [2011/07/06 12:20:17 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx13_ic.ini
    [2011/07/06 12:19:36 | 000,057,344 | ---- | C] () -- C:\Windows\System32\zlib.dll
    [2011/05/19 03:59:02 | 000,010,084 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
    [2011/03/04 00:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
    [2010/11/20 17:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2010/04/16 18:12:06 | 000,035,384 | ---- | C] () -- C:\Windows\System32\drivers\cqcpu.sys
    [2010/04/16 18:12:06 | 000,035,384 | ---- | C] () -- C:\Windows\System32\drivers\cpqdfw.sys

    ========== LOP Check ==========

    [2012/03/21 15:31:27 | 000,025,382 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2012/03/19 17:30:47 | 028,172,738 | ---- | M] () -- C:\31912 530.reg
    [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2011/02/10 17:16:45 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2012/03/05 18:31:40 | 000,126,394 | ---- | M] () -- C:\cc_20120305_173129.reg
    [2012/03/22 17:03:05 | 000,009,395 | ---- | M] () -- C:\ComboFix.txt
    [2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2012/03/20 16:16:35 | 024,398,592 | ---- | M] (GridinSoft LLC) -- C:\gtk2119-setup.exe
    [2012/03/22 16:41:19 | 1408,737,280 | -HS- | M] () -- C:\hiberfil.sys
    [2011/07/06 12:57:01 | 015,801,490 | ---- | M] () -- C:\MXMAR-PCL6-0902A-2KXPVISTA-WHQL_T1.zip
    [2012/03/19 12:18:41 | 000,000,186 | ---- | M] () -- C:\new.reg
    [2011/05/19 05:34:31 | 000,000,000 | RHS- | M] () -- C:\OS
    [2012/03/22 16:41:21 | 1878,319,104 | -HS- | M] () -- C:\pagefile.sys
    [2012/03/20 14:08:34 | 000,002,408 | ---- | M] () -- C:\rapport.txt
    [2012/03/22 00:13:19 | 000,126,920 | ---- | M] () -- C:\TDSSKiller.2.7.22.0_22.03.2012_00.06.08_log.txt
    [2011/07/06 12:29:54 | 015,547,960 | ---- | M] () -- C:\upd-PCL5-X32-5_2_6_9321.exe

    < %systemroot%\Fonts\*.com >
    [2009/07/14 00:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 00:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 00:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 00:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 17:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2011/02/09 12:24:32 | 000,314,880 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpcpp112.dll
    [2005/06/22 13:15:38 | 000,066,048 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp3zw.DLL
    [2009/07/13 21:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2010/11/20 17:29:21 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 00:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2012/03/02 16:49:21 | 000,000,221 | -HS- | M] () -- C:\Users\kmanney\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/03/26 18:37:38 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\kmanney\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/03/22 16:41:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/03/21 15:31:27 | 000,025,382 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/07/06 10:22:33 | 000,000,402 | -HS- | M] () -- C:\Users\kmanney\Favorites\desktop.ini
    [2012/03/05 18:26:07 | 000,000,267 | ---- | M] () -- C:\Users\kmanney\Favorites\My Documents.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2012/01/02 12:48:51 | 000,001,158 | -HS- | M] () -- C:\ProgramData\euo68tj57ue8gtxmypjh118035d3bpg012r43rwbab8

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    < >

    < End of report >
  20. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    You didn't say:
    [​IMG]

    =======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKU\S-1-5-21-377038991-3734808654-2868031893-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O3 - HKU\S-1-5-21-377038991-3734808654-2868031893-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      O15 - HKU\S-1-5-21-377038991-3734808654-2868031893-1000\..Trusted Domains: condocerts.com ([www] https in Trusted sites)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2012/03/20 16:16:35 | 024,398,592 | ---- | M] (GridinSoft LLC) -- C:\gtk2119-setup.exe
      [2012/01/02 12:48:51 | 000,001,158 | -HS- | C] () -- C:\Users\kmanney\AppData\Local\euo68tj57ue8gtxmypjh118035d3bpg012r43rwbab8
      [2012/01/02 12:48:51 | 000,001,158 | -HS- | C] () -- C:\ProgramData\euo68tj57ue8gtxmypjh118035d3bpg012r43rwbab8
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ====================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  21. TechFee

    TechFee Newcomer, in training Topic Starter Posts: 29

    PC Is running fine

    I will run those scans tonight.
  22. TechFee

    TechFee Newcomer, in training Topic Starter Posts: 29

    Final Scan logs

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\S-1-5-21-377038991-3734808654-2868031893-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_USERS\S-1-5-21-377038991-3734808654-2868031893-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
    Registry key HKEY_USERS\S-1-5-21-377038991-3734808654-2868031893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\condocerts.com\www\ deleted successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    File C:\gtk2119-setup.exe not found.
    C:\Users\kmanney\AppData\Local\euo68tj57ue8gtxmypjh118035d3bpg012r43rwbab8 moved successfully.
    C:\ProgramData\euo68tj57ue8gtxmypjh118035d3bpg012r43rwbab8 moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: kmanney
    ->Temp folder emptied: 936839 bytes
    ->Temporary Internet Files folder emptied: 9409472 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 456 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Security1st
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 322253 bytes
    RecycleBin emptied: 2314 bytes

    Total Files Cleaned = 10.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: kmanney
    ->Java cache emptied: 0 bytes

    User: Public

    User: Security1st

    Total Java Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.39.2 log created on 04032012_030007

    Files\Folders moved on Reboot...
    C:\Users\kmanney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\kmanney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4QK1XD6\7407185e[1].htm moved successfully.
    C:\Users\kmanney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4QK1XD6\dpsync[1].htm moved successfully.
    C:\Users\kmanney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4QK1XD6\follow_button[1].htm moved successfully.
    C:\Users\kmanney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4AIWIXIA\3668935[1].htm moved successfully.
    C:\Users\kmanney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4AIWIXIA\3668935[2].htm moved successfully.
    C:\Users\kmanney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4AIWIXIA\up[1].htm moved successfully.
    C:\Users\kmanney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XEIXHY9\dpsync[1].htm moved successfully.
    C:\Users\kmanney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XEIXHY9\PugTracker[1].htm moved successfully.
    C:\Users\kmanney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XEIXHY9\topic178997[1].htm moved successfully.
    C:\Users\kmanney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1GFZZC28\dpsync[1].htm moved successfully.
    C:\Windows\temp\CitrixLogs\GoToAssist Express Customer\383\log7CDC.tmp\GoToAssist Express Customer_01.LOG moved successfully.
    C:\Windows\temp\CitrixLogs\GoToAssist Express Customer\383\log7CDC.tmp\mgn_service-service_00.log moved successfully.

    Registry entries deleted on Reboot...
  23. TechFee

    TechFee Newcomer, in training Topic Starter Posts: 29

    Security Check

    Results of screen317's Security Check version 0.99.24
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Norton Internet Security
    Microsoft Security Essentials
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 31
    Adobe Reader X (10.1.2)
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Malwarebytes' Anti-Malware mbamservice.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    ``````````End of Log````````````
  24. TechFee

    TechFee Newcomer, in training Topic Starter Posts: 29

    Farbar

    Farbar Service Scanner Version: 01-03-2012
    Ran by kmanney (administrator) on 03-04-2012 at 02:30:58
    Running from "C:\Users\kmanney\Desktop\New folder"
    Microsoft Windows 7 Professional Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is OK.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll
    [2010-11-20 17:29] - [2010-11-20 17:29] - 0132608 ____A (Microsoft Corporation) 2FE30D71919C51131405797620E0A714

    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
  25. TechFee

    TechFee Newcomer, in training Topic Starter Posts: 29

    Web Scan

    C:\gtk2119-setup.exe a variant of Win32/1AntiVirus application deleted - quarantined

    #this was that Trojan Killer program setup exe file that you asked me to uninstall.
    #I uninstalled the program when you requested but the setup file was still on my root.
    # Thanks for all your help with this one. I thought it was a gonner!


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.