60 replies to this topic

[MrCharlie]

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how it is, MrC

[headinhome]

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.04.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Aug-11 :: AUG-11-HP [administrator]

4/4/2012 7:15:45 PM
mbam-log-2012-04-04 (19-15-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195943
Time elapsed: 2 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[MrCharlie]

How is it now?? MrC

[headinhome]

seems to be good. having issues accessing several websites, but i think that is a problem with my isp.

thanks so much for all your help!

[MrCharlie]

OK, if you think it's OK, we have to clean up the tools and logs, there's a special way to do that so let me know, MrC

[headinhome]

let me see how it's doing when my isp gets their stuff fixed. i can't even get on google or bing right now (to see if my searches are getting redirected).

[MrCharlie]

Run another scan with RogueKiller, the host file was hijacked last time I looked.

MrC

[headinhome]

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Aug-11 [Admin rights]
Mode: Scan -- Date: 04/04/2012 21:21:48

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤
[SUSP PATH] winupd.job @ : C:\Users\Aug-11\AppData\Local\Temp:winupd.exe -> FOUND
[SUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}.job @ : C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST310005 28AS SATA Disk Device +++++
--- User ---
[MBR] 4664794ea9b3e1381cc1903ffa268820
[BSP] 4380b6c166e94d201c68450087fc3aec : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942339 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930117120 | Size: 11428 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 58e87bbccbddc74daba40b61bbf22a8a
[BSP] 774670e719613688107af143ed71084f : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 217933824 | Size: 300 Mo

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

[headinhome]

didn't delete anything on roguekill. just ran scan and copied log. if i x out roguekill it says none elements have been deleted, do you want to quit. should i quit or delete the elements?

thanks, scott

[MrCharlie]

Run RogueKiller again and delete this one only, uncheck the rest under "Registry Entries"

¤¤¤ Registry Entries: 4 ¤¤¤
[SUSP PATH] winupd.job @ : C:\Users\Aug-11\AppData\Local\Temp:winupd.exe -> FOUND

------------------------------

¤¤¤ Infection : Root.MBR ¤¤¤

Is also still shows that you're still infected.

Please delete your copy of TDSSKiller and download and run a fresh copy, post the log, MrC

[headinhome]

14:08:05.0304 4124 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
14:08:05.0676 4124 ============================================================
14:08:05.0676 4124 Current date / time: 2012/04/05 14:08:05.0676
14:08:05.0676 4124 SystemInfo:
14:08:05.0676 4124
14:08:05.0676 4124 OS Version: 6.1.7601 ServicePack: 1.0
14:08:05.0676 4124 Product type: Workstation
14:08:05.0676 4124 ComputerName: AUG-11-HP
14:08:05.0677 4124 UserName: Aug-11
14:08:05.0677 4124 Windows directory: C:\Windows
14:08:05.0677 4124 System windows directory: C:\Windows
14:08:05.0677 4124 Running under WOW64
14:08:05.0677 4124 Processor architecture: Intel x64
14:08:05.0677 4124 Number of processors: 4
14:08:05.0677 4124 Page size: 0x1000
14:08:05.0677 4124 Boot type: Normal boot
14:08:05.0677 4124 ============================================================
14:08:08.0156 4124 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:08:08.0252 4124 \Device\Harddisk0\DR0:
14:08:08.0252 4124 MBR used
14:08:08.0252 4124 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:08:08.0252 4124 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x73081800
14:08:08.0252 4124 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x730B4000, BlocksNum 0x1652000
14:08:08.0330 4124 Initialize success
14:08:08.0330 4124 ============================================================
14:09:48.0132 4940 ============================================================
14:09:48.0132 4940 Scan started
14:09:48.0132 4940 Mode: Manual; SigCheck; TDLFS;
14:09:48.0132 4940 ============================================================
14:09:49.0084 4940 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:09:49.0162 4940 1394ohci - ok
14:09:49.0193 4940 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:09:49.0209 4940 ACPI - ok
14:09:49.0224 4940 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:09:49.0302 4940 AcpiPmi - ok
14:09:49.0380 4940 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:09:49.0396 4940 adp94xx - ok
14:09:49.0427 4940 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:09:49.0443 4940 adpahci - ok
14:09:49.0521 4940 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:09:49.0536 4940 adpu320 - ok
14:09:49.0646 4940 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:09:49.0708 4940 AeLookupSvc - ok
14:09:49.0770 4940 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:09:49.0802 4940 AFD - ok
14:09:49.0942 4940 AffinegyService (b29bc445561f1ac7b1daf67af954c36b) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
14:09:49.0958 4940 AffinegyService - ok
14:09:50.0020 4940 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:09:50.0036 4940 agp440 - ok
14:09:50.0051 4940 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:09:50.0067 4940 ALG - ok
14:09:50.0129 4940 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:09:50.0145 4940 aliide - ok
14:09:50.0176 4940 AMD External Events Utility (ca0d6c1390f4b3baf2a0a69d1a7f8332) C:\Windows\system32\atiesrxx.exe
14:09:50.0192 4940 AMD External Events Utility - ok
14:09:50.0207 4940 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:09:50.0223 4940 amdide - ok
14:09:50.0238 4940 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:09:50.0270 4940 AmdK8 - ok
14:09:50.0379 4940 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys
14:09:50.0535 4940 amdkmdag - ok
14:09:50.0566 4940 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys
14:09:50.0582 4940 amdkmdap - ok
14:09:50.0660 4940 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
14:09:50.0675 4940 AmdPPM - ok
14:09:50.0738 4940 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:09:50.0753 4940 amdsata - ok
14:09:50.0800 4940 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:09:50.0816 4940 amdsbs - ok
14:09:50.0831 4940 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:09:50.0847 4940 amdxata - ok
14:09:50.0862 4940 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\Windows\system32\drivers\amd_sata.sys
14:09:50.0878 4940 amd_sata - ok
14:09:50.0909 4940 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\Windows\system32\drivers\amd_xata.sys
14:09:50.0925 4940 amd_xata - ok
14:09:50.0987 4940 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:09:51.0034 4940 AppID - ok
14:09:51.0050 4940 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:09:51.0096 4940 AppIDSvc - ok
14:09:51.0143 4940 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:09:51.0174 4940 Appinfo - ok
14:09:51.0252 4940 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:09:51.0284 4940 arc - ok
14:09:51.0299 4940 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:09:51.0315 4940 arcsas - ok
14:09:51.0393 4940 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:09:51.0408 4940 aspnet_state - ok
14:09:51.0424 4940 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:09:51.0486 4940 AsyncMac - ok
14:09:51.0518 4940 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:09:51.0549 4940 atapi - ok
14:09:51.0611 4940 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\drivers\AtiPcie64.sys
14:09:51.0627 4940 AtiPcie - ok
14:09:51.0642 4940 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:09:51.0674 4940 AudioEndpointBuilder - ok
14:09:51.0689 4940 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:09:51.0720 4940 AudioSrv - ok
14:09:51.0892 4940 AVGIDSAgent (f5689fba4360be50839999882e0a9d99) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
14:09:52.0001 4940 AVGIDSAgent - ok
14:09:52.0095 4940 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
14:09:52.0110 4940 AVGIDSDriver - ok
14:09:52.0142 4940 AVGIDSEH (9650578c511527e218328df6d311b4fa) C:\Windows\system32\DRIVERS\avgidseha.sys
14:09:52.0157 4940 AVGIDSEH - ok
14:09:52.0173 4940 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
14:09:52.0173 4940 AVGIDSFilter - ok
14:09:52.0235 4940 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
14:09:52.0251 4940 Avgldx64 - ok
14:09:52.0266 4940 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
14:09:52.0298 4940 Avgmfx64 - ok
14:09:52.0329 4940 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
14:09:52.0344 4940 Avgrkx64 - ok
14:09:52.0391 4940 Avgtdia (e601444168adfb78afa22a1e270d9253) C:\Windows\system32\DRIVERS\avgtdia.sys
14:09:52.0407 4940 Avgtdia - ok
14:09:52.0438 4940 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
14:09:52.0438 4940 avgwd - ok
14:09:52.0516 4940 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:09:52.0547 4940 AxInstSV - ok
14:09:52.0610 4940 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:09:52.0641 4940 b06bdrv - ok
14:09:52.0734 4940 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:09:52.0766 4940 b57nd60a - ok
14:09:52.0828 4940 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:09:52.0890 4940 BDESVC - ok
14:09:52.0922 4940 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:09:52.0968 4940 Beep - ok
14:09:53.0031 4940 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:09:53.0078 4940 BFE - ok
14:09:53.0156 4940 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
14:09:53.0218 4940 BITS - ok
14:09:53.0265 4940 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
14:09:53.0296 4940 blbdrive - ok
14:09:53.0327 4940 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:09:53.0343 4940 bowser - ok
14:09:53.0374 4940 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:09:53.0390 4940 BrFiltLo - ok
14:09:53.0436 4940 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:09:53.0468 4940 BrFiltUp - ok
14:09:53.0546 4940 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:09:53.0592 4940 BridgeMP - ok
14:09:53.0639 4940 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:09:53.0686 4940 Browser - ok
14:09:53.0702 4940 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:09:53.0733 4940 Brserid - ok
14:09:53.0764 4940 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:09:53.0795 4940 BrSerWdm - ok
14:09:53.0811 4940 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:09:53.0826 4940 BrUsbMdm - ok
14:09:53.0858 4940 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:09:53.0889 4940 BrUsbSer - ok
14:09:53.0904 4940 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
14:09:53.0920 4940 BTHMODEM - ok
14:09:53.0967 4940 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:09:53.0998 4940 bthserv - ok
14:09:54.0138 4940 CarboniteService (9da7d983b4e9ea2d065edf566ca64fc8) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
14:09:54.0216 4940 CarboniteService - ok
14:09:54.0248 4940 catchme - ok
14:09:54.0279 4940 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:09:54.0310 4940 cdfs - ok
14:09:54.0372 4940 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:09:54.0419 4940 cdrom - ok
14:09:54.0466 4940 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:09:54.0497 4940 CertPropSvc - ok
14:09:54.0638 4940 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:09:54.0684 4940 circlass - ok
14:09:54.0747 4940 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:09:54.0762 4940 CLFS - ok
14:09:54.0794 4940 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:09:54.0825 4940 clr_optimization_v2.0.50727_32 - ok
14:09:54.0887 4940 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:09:54.0903 4940 clr_optimization_v2.0.50727_64 - ok
14:09:54.0950 4940 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:09:54.0965 4940 clr_optimization_v4.0.30319_32 - ok
14:09:54.0996 4940 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:09:55.0012 4940 clr_optimization_v4.0.30319_64 - ok
14:09:55.0043 4940 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
14:09:55.0074 4940 CmBatt - ok
14:09:55.0106 4940 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:09:55.0121 4940 cmdide - ok
14:09:55.0137 4940 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:09:55.0168 4940 CNG - ok
14:09:55.0184 4940 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
14:09:55.0199 4940 Compbatt - ok
14:09:55.0262 4940 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:09:55.0277 4940 CompositeBus - ok
14:09:55.0293 4940 COMSysApp - ok
14:09:55.0324 4940 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:09:55.0340 4940 crcdisk - ok
14:09:55.0355 4940 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:09:55.0386 4940 CryptSvc - ok
14:09:55.0464 4940 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
14:09:55.0480 4940 cvhsvc - ok
14:09:55.0511 4940 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:09:55.0574 4940 DcomLaunch - ok
14:09:55.0605 4940 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:09:55.0652 4940 defragsvc - ok
14:09:55.0714 4940 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:09:55.0761 4940 DfsC - ok
14:09:55.0823 4940 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:09:55.0854 4940 Dhcp - ok
14:09:55.0870 4940 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:09:55.0917 4940 discache - ok
14:09:55.0964 4940 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:09:55.0979 4940 Disk - ok
14:09:56.0010 4940 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:09:56.0042 4940 Dnscache - ok
14:09:56.0073 4940 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:09:56.0104 4940 dot3svc - ok
14:09:56.0120 4940 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:09:56.0166 4940 DPS - ok
14:09:56.0213 4940 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:09:56.0229 4940 drmkaud - ok
14:09:56.0260 4940 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:09:56.0291 4940 DXGKrnl - ok
14:09:56.0322 4940 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:09:56.0354 4940 EapHost - ok
14:09:56.0432 4940 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:09:56.0510 4940 ebdrv - ok
14:09:56.0556 4940 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:09:56.0572 4940 EFS - ok
14:09:56.0603 4940 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:09:56.0650 4940 ehRecvr - ok
14:09:56.0650 4940 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:09:56.0666 4940 ehSched - ok
14:09:56.0697 4940 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:09:56.0728 4940 elxstor - ok
14:09:56.0790 4940 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:09:56.0837 4940 ErrDev - ok
14:09:56.0900 4940 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:09:56.0946 4940 EventSystem - ok
14:09:56.0962 4940 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:09:57.0009 4940 exfat - ok
14:09:57.0024 4940 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:09:57.0071 4940 fastfat - ok
14:09:57.0149 4940 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:09:57.0180 4940 Fax - ok
14:09:57.0212 4940 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
14:09:57.0258 4940 fdc - ok
14:09:57.0290 4940 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:09:57.0321 4940 fdPHost - ok
14:09:57.0336 4940 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:09:57.0368 4940 FDResPub - ok
14:09:57.0414 4940 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:09:57.0446 4940 FileInfo - ok
14:09:57.0461 4940 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:09:57.0492 4940 Filetrace - ok
14:09:57.0508 4940 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
14:09:57.0539 4940 flpydisk - ok
14:09:57.0555 4940 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:09:57.0570 4940 FltMgr - ok
14:09:57.0617 4940 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:09:57.0680 4940 FontCache - ok
14:09:57.0726 4940 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:09:57.0742 4940 FontCache3.0.0.0 - ok
14:09:57.0804 4940 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:09:57.0820 4940 FsDepends - ok
14:09:57.0836 4940 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:09:57.0836 4940 Fs_Rec - ok
14:09:57.0882 4940 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:09:57.0898 4940 fvevol - ok
14:09:57.0929 4940 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:09:57.0945 4940 gagp30kx - ok
14:09:58.0023 4940 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
14:09:58.0054 4940 GamesAppService - ok
14:09:58.0085 4940 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:09:58.0116 4940 gpsvc - ok
14:09:58.0132 4940 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:09:58.0179 4940 hcw85cir - ok
14:09:58.0226 4940 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:09:58.0257 4940 HdAudAddService - ok
14:09:58.0304 4940 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:09:58.0319 4940 HDAudBus - ok
14:09:58.0335 4940 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:09:58.0366 4940 HidBatt - ok
14:09:58.0366 4940 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
14:09:58.0397 4940 HidBth - ok
14:09:58.0444 4940 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:09:58.0460 4940 HidIr - ok
14:09:58.0491 4940 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:09:58.0522 4940 hidserv - ok
14:09:58.0553 4940 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:09:58.0569 4940 HidUsb - ok
14:09:58.0647 4940 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:09:58.0678 4940 hkmsvc - ok
14:09:58.0725 4940 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:09:58.0740 4940 HomeGroupListener - ok
14:09:58.0772 4940 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:09:58.0803 4940 HomeGroupProvider - ok
14:09:58.0896 4940 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
14:09:58.0896 4940 HP Support Assistant Service - ok
14:09:58.0974 4940 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
14:09:58.0974 4940 HPClientSvc - ok
14:09:59.0021 4940 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
14:09:59.0021 4940 HPDrvMntSvc.exe - ok
14:09:59.0084 4940 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
14:09:59.0130 4940 hpqwmiex - ok
14:09:59.0193 4940 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:09:59.0208 4940 HpSAMD - ok
14:09:59.0286 4940 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:09:59.0333 4940 HTTP - ok
14:09:59.0349 4940 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:09:59.0349 4940 hwpolicy - ok
14:09:59.0427 4940 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:09:59.0458 4940 i8042prt - ok
14:09:59.0505 4940 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:09:59.0520 4940 iaStorV - ok
14:09:59.0583 4940 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:09:59.0630 4940 idsvc - ok
14:09:59.0786 4940 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:09:59.0988 4940 igfx - ok
14:10:00.0035 4940 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:10:00.0051 4940 iirsp - ok
14:10:00.0098 4940 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:10:00.0129 4940 IKEEXT - ok
14:10:00.0191 4940 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
14:10:00.0285 4940 IntcAzAudAddService - ok
14:10:00.0316 4940 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:10:00.0332 4940 intelide - ok
14:10:00.0363 4940 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
14:10:00.0394 4940 intelppm - ok
14:10:00.0441 4940 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:10:00.0472 4940 IPBusEnum - ok
14:10:00.0503 4940 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:10:00.0550 4940 IpFilterDriver - ok
14:10:00.0597 4940 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:10:00.0659 4940 iphlpsvc - ok
14:10:00.0690 4940 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:10:00.0706 4940 IPMIDRV - ok
14:10:00.0722 4940 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:10:00.0768 4940 IPNAT - ok
14:10:00.0815 4940 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:10:00.0831 4940 IRENUM - ok
14:10:00.0846 4940 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:10:00.0862 4940 isapnp - ok
14:10:00.0924 4940 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:10:00.0940 4940 iScsiPrt - ok
14:10:00.0956 4940 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:10:00.0971 4940 kbdclass - ok
14:10:00.0987 4940 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:10:01.0018 4940 kbdhid - ok
14:10:01.0034 4940 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:10:01.0049 4940 KeyIso - ok
14:10:01.0065 4940 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:10:01.0080 4940 KSecDD - ok
14:10:01.0096 4940 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:10:01.0112 4940 KSecPkg - ok
14:10:01.0112 4940 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:10:01.0158 4940 ksthunk - ok
14:10:01.0190 4940 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:10:01.0252 4940 KtmRm - ok
14:10:01.0268 4940 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:10:01.0299 4940 LanmanServer - ok
14:10:01.0314 4940 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:10:01.0377 4940 LanmanWorkstation - ok
14:10:01.0408 4940 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:10:01.0439 4940 lltdio - ok
14:10:01.0486 4940 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:10:01.0533 4940 lltdsvc - ok
14:10:01.0564 4940 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:10:01.0595 4940 lmhosts - ok
14:10:01.0689 4940 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:10:01.0704 4940 LSI_FC - ok
14:10:01.0736 4940 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:10:01.0751 4940 LSI_SAS - ok
14:10:01.0767 4940 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:10:01.0782 4940 LSI_SAS2 - ok
14:10:01.0814 4940 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:10:01.0845 4940 LSI_SCSI - ok
14:10:01.0860 4940 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:10:01.0892 4940 luafv - ok
14:10:01.0923 4940 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:10:01.0938 4940 Mcx2Svc - ok
14:10:01.0970 4940 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:10:01.0985 4940 megasas - ok
14:10:02.0001 4940 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:10:02.0032 4940 MegaSR - ok
14:10:02.0048 4940 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
14:10:02.0063 4940 mfeapfk - ok
14:10:02.0141 4940 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
14:10:02.0172 4940 mfehidk - ok
14:10:02.0219 4940 mfevtp (3ed58a36f7f7d60f0ef44d29810b0b80) C:\Windows\system32\mfevtps.exe
14:10:02.0219 4940 mfevtp - ok
14:10:02.0266 4940 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:10:02.0297 4940 MMCSS - ok
14:10:02.0328 4940 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:10:02.0375 4940 Modem - ok
14:10:02.0406 4940 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:10:02.0422 4940 monitor - ok
14:10:02.0453 4940 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:10:02.0469 4940 mouclass - ok
14:10:02.0516 4940 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:10:02.0562 4940 mouhid - ok
14:10:02.0625 4940 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:10:02.0640 4940 mountmgr - ok
14:10:02.0672 4940 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:10:02.0687 4940 mpio - ok
14:10:02.0750 4940 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:10:02.0781 4940 mpsdrv - ok
14:10:02.0812 4940 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:10:02.0843 4940 MpsSvc - ok
14:10:02.0874 4940 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:10:02.0906 4940 MRxDAV - ok
14:10:02.0968 4940 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:10:02.0999 4940 mrxsmb - ok
14:10:03.0030 4940 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:10:03.0030 4940 mrxsmb10 - ok
14:10:03.0046 4940 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:10:03.0062 4940 mrxsmb20 - ok
14:10:03.0077 4940 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:10:03.0093 4940 msahci - ok
14:10:03.0124 4940 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:10:03.0140 4940 msdsm - ok
14:10:03.0155 4940 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:10:03.0186 4940 MSDTC - ok
14:10:03.0218 4940 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:10:03.0264 4940 Msfs - ok
14:10:03.0264 4940 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:10:03.0311 4940 mshidkmdf - ok
14:10:03.0327 4940 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:10:03.0342 4940 msisadrv - ok
14:10:03.0405 4940 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:10:03.0436 4940 MSiSCSI - ok
14:10:03.0436 4940 msiserver - ok
14:10:03.0483 4940 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:10:03.0530 4940 MSKSSRV - ok
14:10:03.0592 4940 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:10:03.0639 4940 MSPCLOCK - ok
14:10:03.0670 4940 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:10:03.0701 4940 MSPQM - ok
14:10:03.0732 4940 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:10:03.0748 4940 MsRPC - ok
14:10:03.0764 4940 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:10:03.0764 4940 mssmbios - ok
14:10:03.0795 4940 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:10:03.0842 4940 MSTEE - ok
14:10:03.0888 4940 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:10:03.0920 4940 MTConfig - ok
14:10:03.0920 4940 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:10:03.0935 4940 Mup - ok
14:10:03.0966 4940 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:10:03.0998 4940 napagent - ok
14:10:04.0060 4940 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:10:04.0076 4940 NativeWifiP - ok
14:10:04.0138 4940 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:10:04.0169 4940 NDIS - ok
14:10:04.0200 4940 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:10:04.0263 4940 NdisCap - ok
14:10:04.0278 4940 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:10:04.0310 4940 NdisTapi - ok
14:10:04.0325 4940 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:10:04.0356 4940 Ndisuio - ok
14:10:04.0388 4940 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:10:04.0434 4940 NdisWan - ok
14:10:04.0450 4940 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:10:04.0481 4940 NDProxy - ok
14:10:04.0497 4940 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:10:04.0544 4940 NetBIOS - ok
14:10:04.0606 4940 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:10:04.0637 4940 NetBT - ok
14:10:04.0668 4940 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:10:04.0684 4940 Netlogon - ok
14:10:04.0731 4940 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:10:04.0762 4940 Netman - ok
14:10:04.0856 4940 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:10:04.0871 4940 NetMsmqActivator - ok
14:10:04.0871 4940 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:10:04.0887 4940 NetPipeActivator - ok
14:10:04.0902 4940 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:10:04.0949 4940 netprofm - ok
14:10:04.0965 4940 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:10:04.0965 4940 NetTcpActivator - ok
14:10:04.0965 4940 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:10:04.0980 4940 NetTcpPortSharing - ok
14:10:05.0012 4940 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:10:05.0043 4940 nfrd960 - ok
14:10:05.0090 4940 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:10:05.0121 4940 NlaSvc - ok
14:10:05.0136 4940 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:10:05.0183 4940 Npfs - ok
14:10:05.0183 4940 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:10:05.0230 4940 nsi - ok
14:10:05.0246 4940 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:10:05.0277 4940 nsiproxy - ok
14:10:05.0370 4940 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:10:05.0433 4940 Ntfs - ok
14:10:05.0526 4940 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:10:05.0573 4940 Null - ok
14:10:05.0651 4940 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:10:05.0667 4940 nvraid - ok
14:10:05.0745 4940 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:10:05.0760 4940 nvstor - ok
14:10:05.0807 4940 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:10:05.0823 4940 nv_agp - ok
14:10:05.0838 4940 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:10:05.0870 4940 ohci1394 - ok
14:10:05.0948 4940 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:10:05.0979 4940 ose - ok
14:10:06.0088 4940 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:10:06.0384 4940 osppsvc - ok
14:10:06.0416 4940 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:10:06.0447 4940 p2pimsvc - ok
14:10:06.0509 4940 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:10:06.0525 4940 p2psvc - ok
14:10:06.0572 4940 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:10:06.0603 4940 Parport - ok
14:10:06.0665 4940 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:10:06.0681 4940 partmgr - ok
14:10:06.0696 4940 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:10:06.0728 4940 PcaSvc - ok
14:10:06.0743 4940 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:10:06.0759 4940 pci - ok
14:10:06.0790 4940 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:10:06.0806 4940 pciide - ok
14:10:06.0821 4940 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:10:06.0837 4940 pcmcia - ok
14:10:06.0852 4940 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:10:06.0868 4940 pcw - ok
14:10:06.0962 4940 pdfcDispatcher - ok
14:10:07.0008 4940 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:10:07.0055 4940 PEAUTH - ok
14:10:07.0118 4940 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:10:07.0133 4940 PerfHost - ok
14:10:07.0180 4940 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:10:07.0242 4940 pla - ok
14:10:07.0274 4940 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:10:07.0305 4940 PlugPlay - ok
14:10:07.0320 4940 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:10:07.0336 4940 PNRPAutoReg - ok
14:10:07.0352 4940 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:10:07.0367 4940 PNRPsvc - ok
14:10:07.0430 4940 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:10:07.0476 4940 PolicyAgent - ok
14:10:07.0508 4940 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:10:07.0539 4940 Power - ok
14:10:07.0617 4940 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:10:07.0664 4940 PptpMiniport - ok
14:10:07.0726 4940 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:10:07.0757 4940 Processor - ok
14:10:07.0788 4940 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:10:07.0820 4940 ProfSvc - ok
14:10:07.0866 4940 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:10:07.0866 4940 ProtectedStorage - ok
14:10:07.0882 4940 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:10:07.0929 4940 Psched - ok
14:10:07.0991 4940 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:10:08.0054 4940 ql2300 - ok
14:10:08.0069 4940 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:10:08.0085 4940 ql40xx - ok
14:10:08.0116 4940 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:10:08.0132 4940 QWAVE - ok
14:10:08.0147 4940 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:10:08.0178 4940 QWAVEdrv - ok
14:10:08.0194 4940 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:10:08.0225 4940 RasAcd - ok
14:10:08.0256 4940 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:10:08.0303 4940 RasAgileVpn - ok
14:10:08.0334 4940 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:10:08.0381 4940 RasAuto - ok
14:10:08.0397 4940 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:10:08.0444 4940 Rasl2tp - ok
14:10:08.0475 4940 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:10:08.0506 4940 RasMan - ok
14:10:08.0537 4940 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:10:08.0646 4940 RasPppoe - ok
14:10:08.0678 4940 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:10:08.0709 4940 RasSstp - ok
14:10:08.0724 4940 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:10:08.0771 4940 rdbss - ok
14:10:08.0787 4940 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
14:10:08.0818 4940 rdpbus - ok
14:10:08.0849 4940 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:10:08.0880 4940 RDPCDD - ok
14:10:08.0912 4940 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:10:08.0943 4940 RDPENCDD - ok
14:10:08.0974 4940 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:10:08.0990 4940 RDPREFMP - ok
14:10:09.0021 4940 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:10:09.0083 4940 RDPWD - ok
14:10:09.0099 4940 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:10:09.0114 4940 rdyboost - ok
14:10:09.0130 4940 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:10:09.0177 4940 RemoteAccess - ok
14:10:09.0208 4940 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:10:09.0239 4940 RemoteRegistry - ok
14:10:09.0317 4940 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
14:10:09.0333 4940 RoxioNow Service - ok
14:10:09.0348 4940 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:10:09.0380 4940 RpcEptMapper - ok
14:10:09.0411 4940 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:10:09.0411 4940 RpcLocator - ok
14:10:09.0442 4940 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:10:09.0473 4940 RpcSs - ok
14:10:09.0489 4940 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:10:09.0520 4940 rspndr - ok
14:10:09.0582 4940 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:10:09.0598 4940 RTL8167 - ok
14:10:09.0707 4940 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:10:09.0707 4940 SamSs - ok
14:10:09.0738 4940 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:10:09.0754 4940 sbp2port - ok
14:10:09.0785 4940 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:10:09.0816 4940 SCardSvr - ok
14:10:09.0832 4940 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:10:09.0863 4940 scfilter - ok
14:10:09.0894 4940 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:10:09.0957 4940 Schedule - ok
14:10:09.0988 4940 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:10:10.0019 4940 SCPolicySvc - ok
14:10:10.0113 4940 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:10:10.0128 4940 SDRSVC - ok
14:10:10.0206 4940 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
14:10:10.0206 4940 SeaPort - ok
14:10:10.0269 4940 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:10:10.0300 4940 secdrv - ok
14:10:10.0347 4940 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:10:10.0378 4940 seclogon - ok
14:10:10.0440 4940 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
14:10:10.0472 4940 SENS - ok
14:10:10.0503 4940 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:10:10.0534 4940 SensrSvc - ok
14:10:10.0815 4940 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
14:10:10.0877 4940 Serenum - ok
14:10:10.0924 4940 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
14:10:10.0955 4940 Serial - ok
14:10:10.0971 4940 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:10:11.0002 4940 sermouse - ok
14:10:11.0018 4940 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:10:11.0064 4940 SessionEnv - ok
14:10:11.0080 4940 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:10:11.0111 4940 sffdisk - ok
14:10:11.0111 4940 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:10:11.0142 4940 sffp_mmc - ok
14:10:11.0158 4940 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:10:11.0189 4940 sffp_sd - ok
14:10:11.0205 4940 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:10:11.0220 4940 sfloppy - ok
14:10:11.0252 4940 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
14:10:11.0283 4940 Sftfs - ok
14:10:11.0345 4940 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
14:10:11.0361 4940 sftlist - ok
14:10:11.0376 4940 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
14:10:11.0392 4940 Sftplay - ok
14:10:11.0408 4940 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
14:10:11.0408 4940 Sftredir - ok
14:10:11.0423 4940 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
14:10:11.0439 4940 Sftvol - ok
14:10:11.0454 4940 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
14:10:11.0454 4940 sftvsa - ok
14:10:11.0486 4940 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:10:11.0517 4940 SharedAccess - ok
14:10:11.0564 4940 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:10:11.0595 4940 ShellHWDetection - ok
14:10:11.0657 4940 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:10:11.0673 4940 SiSRaid2 - ok
14:10:11.0688 4940 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:10:11.0704 4940 SiSRaid4 - ok
14:10:11.0735 4940 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:10:11.0782 4940 Smb - ok
14:10:11.0829 4940 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:10:11.0844 4940 SNMPTRAP - ok
14:10:11.0860 4940 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:10:11.0876 4940 spldr - ok
14:10:11.0891 4940 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:10:11.0922 4940 Spooler - ok
14:10:12.0032 4940 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:10:12.0078 4940 sppsvc - ok
14:10:12.0094 4940 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:10:12.0125 4940 sppuinotify - ok
14:10:12.0172 4940 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:10:12.0203 4940 srv - ok
14:10:12.0219 4940 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:10:12.0234 4940 srv2 - ok
14:10:12.0266 4940 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:10:12.0281 4940 srvnet - ok
14:10:12.0328 4940 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:10:12.0359 4940 SSDPSRV - ok
14:10:12.0390 4940 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:10:12.0422 4940 SstpSvc - ok
14:10:12.0453 4940 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:10:12.0468 4940 stexstor - ok
14:10:12.0515 4940 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:10:12.0546 4940 stisvc - ok
14:10:12.0578 4940 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:10:12.0593 4940 swenum - ok
14:10:12.0640 4940 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:10:12.0671 4940 swprv - ok
14:10:12.0921 4940 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:10:12.0968 4940 SysMain - ok
14:10:12.0999 4940 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:10:13.0014 4940 TabletInputService - ok
14:10:13.0030 4940 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:10:13.0092 4940 TapiSrv - ok
14:10:13.0155 4940 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:10:13.0170 4940 TBS - ok
14:10:13.0233 4940 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:10:13.0280 4940 Tcpip - ok
14:10:13.0342 4940 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:10:13.0373 4940 TCPIP6 - ok
14:10:13.0389 4940 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:10:13.0420 4940 tcpipreg - ok
14:10:13.0467 4940 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:10:13.0482 4940 TDPIPE - ok
14:10:13.0514 4940 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:10:13.0529 4940 TDTCP - ok
14:10:13.0592 4940 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:10:13.0623 4940 tdx - ok
14:10:13.0732 4940 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:10:13.0748 4940 TermDD - ok
14:10:13.0779 4940 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:10:13.0826 4940 TermService - ok
14:10:13.0841 4940 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:10:13.0857 4940 Themes - ok
14:10:13.0904 4940 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:10:13.0919 4940 THREADORDER - ok
14:10:13.0935 4940 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:10:13.0966 4940 TrkWks - ok
14:10:13.0982 4940 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:10:14.0013 4940 TrustedInstaller - ok
14:10:14.0028 4940 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:10:14.0060 4940 tssecsrv - ok
14:10:14.0091 4940 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:10:14.0122 4940 TsUsbFlt - ok
14:10:14.0153 4940 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
14:10:14.0184 4940 TsUsbGD - ok
14:10:14.0231 4940 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:10:14.0278 4940 tunnel - ok
14:10:14.0294 4940 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:10:14.0309 4940 uagp35 - ok
14:10:14.0340 4940 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:10:14.0387 4940 udfs - ok
14:10:14.0403 4940 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:10:14.0418 4940 UI0Detect - ok
14:10:14.0434 4940 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:10:14.0450 4940 uliagpkx - ok
14:10:14.0481 4940 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:10:14.0496 4940 umbus - ok
14:10:14.0512 4940 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:10:14.0528 4940 UmPass - ok
14:10:14.0574 4940 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:10:14.0606 4940 upnphost - ok
14:10:14.0652 4940 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:10:14.0730 4940 usbccgp - ok
14:10:14.0746 4940 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:10:14.0762 4940 usbcir - ok
14:10:14.0793 4940 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:10:14.0808 4940 usbehci - ok
14:10:14.0824 4940 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\drivers\usbfilter.sys
14:10:14.0840 4940 usbfilter - ok
14:10:14.0886 4940 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:10:14.0918 4940 usbhub - ok
14:10:14.0933 4940 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
14:10:14.0949 4940 usbohci - ok
14:10:14.0996 4940 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:10:15.0027 4940 usbprint - ok
14:10:15.0042 4940 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:10:15.0074 4940 usbscan - ok
14:10:15.0089 4940 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:10:15.0136 4940 USBSTOR - ok
14:10:15.0152 4940 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:10:15.0167 4940 usbuhci - ok
14:10:15.0198 4940 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:10:15.0245 4940 UxSms - ok
14:10:15.0292 4940 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:10:15.0308 4940 VaultSvc - ok
14:10:15.0323 4940 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:10:15.0323 4940 vdrvroot - ok
14:10:15.0370 4940 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:10:15.0401 4940 vds - ok
14:10:15.0464 4940 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:10:15.0479 4940 vga - ok
14:10:15.0510 4940 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:10:15.0573 4940 VgaSave - ok
14:10:15.0635 4940 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:10:15.0651 4940 vhdmp - ok
14:10:15.0682 4940 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:10:15.0698 4940 viaide - ok
14:10:15.0729 4940 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:10:15.0729 4940 volmgr - ok
14:10:15.0760 4940 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:10:15.0760 4940 volmgrx - ok
14:10:15.0791 4940 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:10:15.0807 4940 volsnap - ok
14:10:15.0822 4940 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:10:15.0854 4940 vsmraid - ok
14:10:15.0932 4940 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:10:15.0978 4940 VSS - ok
14:10:16.0056 4940 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
14:10:16.0072 4940 vToolbarUpdater10.2.0 - ok
14:10:16.0088 4940 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:10:16.0119 4940 vwifibus - ok
14:10:16.0197 4940 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:10:16.0228 4940 W32Time - ok
14:10:16.0259 4940 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:10:16.0275 4940 WacomPen - ok
14:10:16.0322 4940 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:10:16.0353 4940 WANARP - ok
14:10:16.0353 4940 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:10:16.0384 4940 Wanarpv6 - ok
14:10:16.0462 4940 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:10:16.0680 4940 WatAdminSvc - ok
14:10:16.0712 4940 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:10:16.0774 4940 wbengine - ok
14:10:16.0790 4940 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:10:16.0805 4940 WbioSrvc - ok
14:10:16.0821 4940 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:10:16.0852 4940 wcncsvc - ok
14:10:16.0868 4940 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:10:16.0883 4940 WcsPlugInService - ok
14:10:16.0914 4940 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:10:16.0930 4940 Wd - ok
14:10:16.0961 4940 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:10:16.0977 4940 Wdf01000 - ok
14:10:16.0992 4940 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:10:17.0102 4940 WdiServiceHost - ok
14:10:17.0102 4940 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:10:17.0117 4940 WdiSystemHost - ok
14:10:17.0148 4940 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:10:17.0180 4940 WebClient - ok
14:10:17.0195 4940 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:10:17.0226 4940 Wecsvc - ok
14:10:17.0242 4940 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:10:17.0273 4940 wercplsupport - ok
14:10:17.0320 4940 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:10:17.0351 4940 WerSvc - ok
14:10:17.0382 4940 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:10:17.0414 4940 WfpLwf - ok
14:10:17.0429 4940 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:10:17.0445 4940 WIMMount - ok
14:10:17.0476 4940 WinDefend - ok
14:10:17.0476 4940 WinHttpAutoProxySvc - ok
14:10:17.0523 4940 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:10:17.0554 4940 Winmgmt - ok
14:10:17.0632 4940 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:10:17.0694 4940 WinRM - ok
14:10:17.0741 4940 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:10:17.0772 4940 WinUsb - ok
14:10:17.0788 4940 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:10:17.0819 4940 Wlansvc - ok
14:10:17.0882 4940 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:10:17.0897 4940 wlcrasvc - ok
14:10:17.0975 4940 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:10:18.0006 4940 wlidsvc - ok
14:10:18.0053 4940 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:10:18.0069 4940 WmiAcpi - ok
14:10:18.0116 4940 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:10:18.0131 4940 wmiApSrv - ok
14:10:18.0178 4940 WMPNetworkSvc - ok
14:10:18.0194 4940 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:10:18.0209 4940 WPCSvc - ok
14:10:18.0209 4940 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:10:18.0225 4940 WPDBusEnum - ok
14:10:18.0256 4940 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:10:18.0287 4940 ws2ifsl - ok
14:10:18.0318 4940 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:10:18.0350 4940 wscsvc - ok
14:10:18.0350 4940 WSearch - ok
14:10:18.0396 4940 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:10:18.0474 4940 wuauserv - ok
14:10:18.0506 4940 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:10:18.0537 4940 WudfPf - ok
14:10:18.0584 4940 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:10:18.0615 4940 WUDFRd - ok
14:10:18.0677 4940 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:10:18.0708 4940 wudfsvc - ok
14:10:18.0724 4940 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:10:18.0755 4940 WwanSvc - ok
14:10:18.0818 4940 MBR (0x1B8) (6f9dd6ab827c8b46cad334291946f201) \Device\Harddisk0\DR0
14:10:19.0098 4940 \Device\Harddisk0\DR0 - ok
14:10:19.0114 4940 Boot (0x1200) (b920e4bc4db2a2f85672de53afd62e83) \Device\Harddisk0\DR0\Partition0
14:10:19.0114 4940 \Device\Harddisk0\DR0\Partition0 - ok
14:10:19.0114 4940 Boot (0x1200) (6c565c6c6da482cbbc6f595924924585) \Device\Harddisk0\DR0\Partition1
14:10:19.0114 4940 \Device\Harddisk0\DR0\Partition1 - ok
14:10:19.0145 4940 Boot (0x1200) (bff80509c2c7cfccb6c9f2aed897ec2b) \Device\Harddisk0\DR0\Partition2
14:10:19.0145 4940 \Device\Harddisk0\DR0\Partition2 - ok
14:10:19.0145 4940 ============================================================
14:10:19.0145 4940 Scan finished
14:10:19.0145 4940 ============================================================
14:10:19.0161 1268 Detected object count: 0
14:10:19.0161 1268 Actual detected object count: 0

[headinhome]

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Aug-11 [Admin rights]
Mode: Scan -- Date: 04/05/2012 14:17:16

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[SUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}.job @ : C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST310005 28AS SATA Disk Device +++++
--- User ---
[MBR] 4664794ea9b3e1381cc1903ffa268820
[BSP] 4380b6c166e94d201c68450087fc3aec : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942339 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930117120 | Size: 11428 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 58e87bbccbddc74daba40b61bbf22a8a
[BSP] 774670e719613688107af143ed71084f : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 217933824 | Size: 300 Mo

+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[8].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt

[MrCharlie]

The TDSSKIller log is clean, but RogueKiller is showing this:

¤¤¤ Infection : Root.MBR ¤¤¤

Please do this:

Download aswMBR to your desktop.
http://public.avast....erek/aswMBR.exe
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
Zip it up and attach it to your post, MrC

[headinhome]

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-05 18:11:05
-----------------------------
18:11:05.256 OS Version: Windows x64 6.1.7601 Service Pack 1
18:11:05.256 Number of processors: 4 586 0x503
18:11:05.257 ComputerName: AUG-11-HP UserName: Aug-11
18:11:08.721 Initialize success
18:12:13.733 AVAST engine defs: 12040501
18:12:25.761 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005a
18:12:25.763 Disk 0 Vendor: ST310005 HP40 Size: 953869MB BusType: 11
18:12:25.805 Disk 0 MBR read successfully
18:12:25.807 Disk 0 MBR scan
18:12:25.811 Disk 0 unknown MBR code
18:12:25.881 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:12:25.927 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942339 MB offset 206848
18:12:25.953 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11428 MB offset 1930117120
18:12:25.999 Disk 0 scanning C:\Windows\system32\drivers
18:12:38.495 Service scanning
18:12:56.637 Modules scanning
18:12:56.642 Disk 0 trace - called modules:
18:12:56.667 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
18:12:56.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f3d790]
18:12:56.675 3 CLASSPNP.SYS[fffff880019b043f] -> nt!IofCallDriver -> [0xfffffa80059e2ac0]
18:12:56.679 5 amd_xata.sys[fffff88000fde8b4] -> nt!IofCallDriver -> \Device\0000005a[0xfffffa80059db9c0]
18:13:02.333 AVAST engine scan C:\Windows
18:13:06.545 AVAST engine scan C:\Windows\system32
18:18:30.009 AVAST engine scan C:\Windows\system32\drivers
18:18:59.880 AVAST engine scan C:\Users\Aug-11
18:22:39.966 File: C:\Users\Aug-11\AppData\Roaming\Adobe\Flash Player\NativeCache\F0928C8124B77479D780B2CCBD010F48\60014acf\adobecp-200489-1.dll **INFECTED** Win32:Malware-gen
18:23:02.438 File: C:\Users\Aug-11\Desktop\RK_Quarantine\hrapr.dll.vir **INFECTED** Win32:MalOb-KF [Cryp]
18:28:55.208 AVAST engine scan C:\ProgramData
18:30:12.860 Scan finished successfully
18:30:31.221 Disk 0 MBR has been saved successfully to "C:\Users\Aug-11\Desktop\MBR.dat"
18:30:31.226 The log file has been saved successfully to "C:\Users\Aug-11\Desktop\aswMBR.txt"

Attached Files

•  MBR.dat.zip   692bytes   8 downloads

[MrCharlie]

Your MBR looks OK

It found two infection, one is in the quarantine folder of RogueKiller and we'll delete the other one:

Quote

18:22:39.966 File: C:\Users\Aug-11\AppData\Roaming\Adobe\Flash Player\NativeCache\F0928C8124B77479D780B2CCBD010F48\60014acf\adobecp-200489-1.dll **INFECTED** Win32:Malware-gen

18:23:02.438 File: C:\Users\Aug-11\Desktop\RK_Quarantine\hrapr.dll.vir **INFECTED** Win32:MalOb-KF [Cryp]

-----------------------

Please download OTL from one of the links below:
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Please do this:
Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

  :OTL
  :Files
  C:\Users\Aug-11\AppData\Roaming\Adobe\Flash Player\NativeCache\F0928C8124B77479D780B2CCBD010F48\60014acf\adobecp-200489-1.dll
  :Commands
  [EMPTYJAVA]
  [emptytemp]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  
• Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Reboot and .............
Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how it is, MrC

[headinhome]

All processes killed
========== OTL ==========
========== FILES ==========
C:\Users\Aug-11\AppData\Roaming\Adobe\Flash Player\NativeCache\F0928C8124B77479D780B2CCBD010F48\60014acf\adobecp-200489-1.dll moved successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Aug-11
->Java cache emptied: 1611902 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 2.00 mb


[EMPTYTEMP]

User: All Users

User: Aug-11
->Temp folder emptied: 70287671 bytes
->Temporary Internet Files folder emptied: 2784041 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 71549574 bytes
->Flash cache emptied: 43858 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 107552 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 86591 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67496 bytes
RecycleBin emptied: 8523872 bytes

Total Files Cleaned = 146.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04052012_191255

Files\Folders moved on Reboot...
C:\Users\Aug-11\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Aug-11\AppData\Local\Temp\~DF21C7AB11FCF23389.TMP not found!
File\Folder C:\Users\Aug-11\AppData\Local\Temp\~DF5A72F4F6284379F6.TMP not found!
File\Folder C:\Users\Aug-11\AppData\Local\Temp\~DF76610AE0378C0753.TMP not found!
File\Folder C:\Users\Aug-11\AppData\Local\Temp\~DF953FA3D4F577B63B.TMP not found!
File\Folder C:\Users\Aug-11\AppData\Local\Temp\~DF97826647707B84BF.TMP not found!
File\Folder C:\Users\Aug-11\AppData\Local\Temp\~DF981A2E6ACEE9004A.TMP not found!
File\Folder C:\Users\Aug-11\AppData\Local\Temp\~DFB7D1DB8B8D46AAA0.TMP not found!
File\Folder C:\Users\Aug-11\AppData\Local\Temp\~DFF3097A9AC1671B61.TMP not found!
File\Folder C:\Users\Aug-11\AppData\Local\Temp\~DFF3F700904D8E53DA.TMP not found!
File\Folder C:\Users\Aug-11\AppData\Local\Temp\~DFF74D28587EC0363A.TMP not found!

Registry entries deleted on Reboot...

[headinhome]

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.05.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Aug-11 :: AUG-11-HP [administrator]

4/5/2012 7:21:51 PM
mbam-log-2012-04-05 (19-21-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196657
Time elapsed: 2 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[MrCharlie]

How is it running?? MrC

[headinhome]

seems to be running ok, but until my isp gets there issue fixed i can't get on google or bing to test the redirect problem. when i called my isp today they said check back with them tomorrow. so i will have to wait and see on that. i just did a reboot. downloaded and ran a new roguekill. still says infected...

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Aug-11 [Admin rights]
Mode: Scan -- Date: 04/05/2012 20:57:05

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[SUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}.job @ : C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST310005 28AS SATA Disk Device +++++
--- User ---
[MBR] 4664794ea9b3e1381cc1903ffa268820
[BSP] 4380b6c166e94d201c68450087fc3aec : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942339 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930117120 | Size: 11428 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 58e87bbccbddc74daba40b61bbf22a8a
[BSP] 774670e719613688107af143ed71084f : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 217933824 | Size: 300 Mo

+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[10].txt >>
RKreport[10].txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ;
RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt

[headinhome]

ok, maybe my isp has their stuff fixed as i was able to get on google and bing etc this morning. no redirects on either.
everything looks good to me. (but hey, i can't even post in the right thread 1/2 the time, so what do i know )


let me know if you see anything else that need taken care of and one more time... thanks so much for your help!

scott