Jump to content

DanFenton

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

Reputation

0 Neutral
  1. DanFenton
    Hi, Today I have noticed my bank's website and internet banking pages are being blocked. At least two different IP addresses are used that I can see from the logs. Both are blocked? I updated my package and it still seems to block the site. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 5/3/17 Protection Event Time: 11:23 AM Logfile: Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.1856 License: Premium -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: internetbanking.suncorpbank.com.au IP Address: 103.28.250.70 Port: [62831] Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (end) Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 5/3/17 Protection Event Time: 11:14 AM Logfile: Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.1855 License: Premium -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: www.suncorpbank.com.au IP Address: 103.28.250.229 Port: [62659] Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (end)
  2. DanFenton
    Thanks again MrC. All done now. Sounds like I should do a weekly scan with DDS. Cheers Dan
  3. DanFenton
    Hi MrC, The full scan came up with nothing. Is there anything further needed? With Total Defense and MBAM not picking up the original rootkit, is there any online scanner that I can use to regularly test for these (without the ads playing I would have been none the wiser...) Cheers Dan
  4. DanFenton
    Hi MrC I've just reinstalled Total Defense and it has now come up with some threats. It's come up with WinAntivirus Pro 2006, WinSpywareProtect and Bifrost. I am running a full scan now. Not sure why it hadn't picked these up before now... Cheers Dan
  5. DanFenton
    HI MrC, I ran a scan with MBAM, but it never picked anything up the whole time the problem was there (I have it scheduled to update and quick scan daily with weekly full scans). Here is the MBAM log Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.30.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Daniel :: OFFICE [administrator] Protection: Enabled 1/07/2012 9:04:56 AM mbam-log-2012-07-01 (09-04-56).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 279951 Time elapsed: 3 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  6. DanFenton
    Hi MrC, I had to uninstall Total Defence as Combofix wouldn't run with it installed (even after disabling - it said it was dangerous ) Here is the Combofix.txt. I am going to bed now, (it is just past 2am here) so take your time to respond... Thanks again. ComboFix 12-06-28.03 - Daniel 01/07/2012 1:45.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3327.1964 [GMT 10:00] Running from: c:\users\Daniel\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_NPF . . ((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-30 ))))))))))))))))))))))))))))))) . . 2012-06-30 15:52 . 2012-06-30 15:52 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-06-30 15:52 . 2012-06-30 15:52 -------- d-----w- c:\users\Stephanie\AppData\Local\temp 2012-06-30 15:52 . 2012-06-30 15:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-30 15:52 . 2012-06-30 15:52 -------- d-----w- c:\users\Amanda\AppData\Local\temp 2012-06-28 20:58 . 2012-06-28 20:58 -------- d-----w- c:\users\Daniel\AppData\Local\Qurb4 2012-06-28 12:47 . 2011-12-20 07:08 97328 ----a-w- c:\windows\system32\Vetredir.dll 2012-06-28 12:47 . 2011-12-20 07:08 130096 ----a-w- c:\windows\system32\Isafeif.dll 2012-06-28 12:44 . 2012-06-30 15:37 -------- d-----w- c:\windows\rnapxs 2012-06-28 12:44 . 2012-06-28 12:44 -------- d-----w- c:\program files\Common Files\Scanner 2012-06-21 04:49 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 04:49 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 04:49 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 04:49 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 04:49 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-21 04:49 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 04:49 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 04:49 . 2012-06-02 05:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 04:49 . 2012-06-02 05:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-20 10:56 . 2012-06-20 10:56 -------- d-----w- c:\users\Daniel\AppData\Roaming\print@camerahouse 2012-06-20 10:55 . 2012-06-20 10:55 -------- d-----w- c:\programdata\print@camerahouse 2012-06-20 10:55 . 2012-06-20 10:55 -------- d-----w- c:\program files\print@camerahouse 2012-06-14 02:35 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys 2012-06-14 02:35 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll 2012-06-14 02:35 . 2012-04-28 04:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll 2012-06-14 02:35 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-14 02:35 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-14 02:35 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-14 02:35 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-14 02:35 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll 2012-06-14 02:35 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll 2012-06-14 02:35 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-14 02:35 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-10 00:21 . 2012-06-10 00:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll 2012-06-10 00:21 . 2012-06-10 00:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll 2012-06-10 00:21 . 2012-06-10 00:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2012-06-10 00:21 . 2012-06-10 00:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2012-06-10 00:21 . 2012-06-10 00:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2012-06-10 00:21 . 2012-06-10 00:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2012-06-10 00:21 . 2012-06-10 00:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2012-06-10 00:21 . 2012-06-10 00:21 -------- d-----w- c:\program files\QuickTime . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-14 09:32 . 2012-04-10 08:23 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-14 09:32 . 2011-06-14 09:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-18 10:56 . 2012-04-18 10:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-04-18 10:56 . 2012-04-18 10:56 69632 ----a-w- c:\windows\system32\QuickTime.qts . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}" [HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}] 2012-01-18 02:25 1476448 ----a-w- c:\program files\ASUS\ASUS WebStorage\3.0.130.270\AsusWSShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{618A47A2-528B-4D9A-AFC8-97D3233511E2}" [HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}] 2012-01-18 02:25 1476448 ----a-w- c:\program files\ASUS\ASUS WebStorage\3.0.130.270\AsusWSShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U] @="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}" [HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}] 2012-01-18 02:25 1476448 ----a-w- c:\program files\ASUS\ASUS WebStorage\3.0.130.270\AsusWSShellExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2008-06-30 1150976] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2008-07-23 5625344] "Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-05-26 1423360] "QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2008-05-05 594432] "Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-24 7514656] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1298320] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736] "ASUS Sync Loader"="c:\program files\ASUS\ASUS Sync\asusUPCTLoader.exe" [2012-04-20 638976] "ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.130.270\AsusWSPanel.exe" [2012-01-18 740192] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ PC Probe II V1.04.60.lnk - c:\program files\ASUS\PC Probe II\Probe2.exe [2010-4-24 2142720] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-6-28 813584] Philips Device Manager.lnk - c:\program files\Philips\GoGear Mix Device Manager\main.exe [2011-6-29 124816] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-07-20 02:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R3 14132;14132;c:\windows\system32\DRIVERS\14132 [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x] R3 RDID1104;ME-25;c:\windows\system32\Drivers\rdwm1104.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [x] R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x] R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x] R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x] R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x] R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 Foxtel;Foxtel Download Manager;c:\program files\FOXTEL\Download Player\Download Control\DCBin\DCService.exe [x] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S3 AVerBDA6x;AVerBDA6x service;c:\windows\system32\DRIVERS\AVerBDA716x.sys [x] S3 AVerIR;AVerMedia Infrared Receiver;c:\windows\system32\DRIVERS\AVerIR.sys [x] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [x] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 09:32] . 2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3561972997-2194248060-3187249888-1001Core.job - c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-13 15:25] . 2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3561972997-2194248060-3187249888-1001UA.job - c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-13 15:25] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: jr.com.au\remote Trusted Zone: qld.gov.au\citrixgw.treasury TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe Notify-PFW - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Foxtel] "ImagePath"="\"c:\program files\FOXTEL\Download Player\Download Control\DCBin\DCService.exe\" /accountid:Foxtel" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\14132] "ImagePath"="System32\DRIVERS\14132" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54, 07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac, 6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce, 9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec, fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42 "{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e, 51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11 "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:a6,ca,e3,fc,dc,07,cd,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,12,92,2b,e1,a4,cd,22,46,83,da,99,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,12,92,2b,e1,a4,cd,22,46,83,da,99,\ . [HKEY_USERS\S-1-5-21-3561972997-2194248060-3187249888-1001\Software\SecuROM\License information*] "datasecu"=hex:c4,70,b6,32,56,26,5e,e7,fb,c4,1d,70,5b,5f,1c,41,be,c7,5a,d3,c8, 76,db,98,c8,11,2a,23,58,d8,a9,e8,51,2d,f0,8c,28,3f,05,8c,62,fd,34,cd,44,06,\ "rkeysecu"=hex:20,b7,bd,f5,5f,1c,67,ae,50,39,82,4c,f3,1c,b3,69 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(4676) c:\program files\Logitech\SetPoint\lgscroll.dll c:\program files\ASUS\ASUS WebStorage\3.0.130.270\ASUSWSShellExt.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\NVIDIA Corporation\Display\nvxdsync.exe c:\windows\system32\nvvsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\windows\system32\PnkBstrA.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\Citrix\ICA Client\wfcrun32.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE c:\program files\NVIDIA Corporation\Display\nvtray.exe c:\program files\iPod\bin\iPodService.exe c:\program files\ASUS\AASP\1.00.80\aaCenter.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe c:\windows\system32\DllHost.exe c:\windows\system32\sppsvc.exe c:\windows\system32\taskhost.exe . ************************************************************************** . Completion time: 2012-07-01 02:05:02 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-30 16:04 . Pre-Run: 365,051,281,408 bytes free Post-Run: 366,018,895,872 bytes free . - - End Of File - - 57A136B77D4C22DFEBBA3FADF57B0B4D
  7. DanFenton
    PS. Ads seem to have gone, just getting silence again . MY daughter will be happy, it freaked her out when it started .
  8. DanFenton
    Thanks again MrC Here is the log 00:53:45.0917 0272 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22 00:53:46.0714 0272 ============================================================ 00:53:46.0714 0272 Current date / time: 2012/07/01 00:53:46.0714 00:53:46.0714 0272 SystemInfo: 00:53:46.0714 0272 00:53:46.0714 0272 OS Version: 6.1.7601 ServicePack: 1.0 00:53:46.0714 0272 Product type: Workstation 00:53:46.0714 0272 ComputerName: OFFICE 00:53:46.0715 0272 UserName: Daniel 00:53:46.0715 0272 Windows directory: C:\Windows 00:53:46.0715 0272 System windows directory: C:\Windows 00:53:46.0715 0272 Processor architecture: Intel x86 00:53:46.0715 0272 Number of processors: 2 00:53:46.0715 0272 Page size: 0x1000 00:53:46.0715 0272 Boot type: Normal boot 00:53:46.0715 0272 ============================================================ 00:53:47.0880 0272 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 00:53:47.0890 0272 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xCF0156, SectorsPerTrack: 0x4, TracksPerCylinder: 0x12, Type 'K0', Flags 0x00000050 00:53:47.0892 0272 ============================================================ 00:53:47.0892 0272 \Device\Harddisk1\DR1: 00:53:47.0892 0272 MBR partitions: 00:53:47.0892 0272 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800 00:53:47.0892 0272 \Device\Harddisk0\DR0: 00:53:47.0892 0272 MBR partitions: 00:53:47.0892 0272 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 00:53:47.0892 0272 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000 00:53:47.0893 0272 ============================================================ 00:53:47.0913 0272 C: <-> \Device\Harddisk0\DR0\Partition1 00:53:47.0942 0272 D: <-> \Device\Harddisk1\DR1\Partition0 00:53:47.0942 0272 ============================================================ 00:53:47.0942 0272 Initialize success 00:53:47.0943 0272 ============================================================ 00:54:31.0169 4032 ============================================================ 00:54:31.0169 4032 Scan started 00:54:31.0169 4032 Mode: Manual; SigCheck; TDLFS; 00:54:31.0169 4032 ============================================================ 00:54:32.0280 4032 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 00:54:32.0448 4032 1394ohci - ok 00:54:32.0497 4032 14132 (34804da52276661c31422b5b98edbeb7) C:\Windows\system32\DRIVERS\14132 00:54:32.0521 4032 14132 - ok 00:54:32.0566 4032 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 00:54:32.0588 4032 ACPI - ok 00:54:32.0620 4032 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 00:54:32.0678 4032 AcpiPmi - ok 00:54:32.0766 4032 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 00:54:32.0787 4032 AdobeARMservice - ok 00:54:32.0867 4032 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 00:54:32.0886 4032 AdobeFlashPlayerUpdateSvc - ok 00:54:32.0940 4032 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 00:54:32.0966 4032 adp94xx - ok 00:54:32.0989 4032 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 00:54:33.0012 4032 adpahci - ok 00:54:33.0032 4032 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 00:54:33.0055 4032 adpu320 - ok 00:54:33.0064 4032 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll 00:54:33.0116 4032 AeLookupSvc - ok 00:54:33.0171 4032 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys 00:54:33.0222 4032 AFD - ok 00:54:33.0249 4032 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 00:54:33.0273 4032 agp440 - ok 00:54:33.0285 4032 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 00:54:33.0309 4032 aic78xx - ok 00:54:33.0326 4032 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe 00:54:33.0365 4032 ALG - ok 00:54:33.0373 4032 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 00:54:33.0395 4032 aliide - ok 00:54:33.0408 4032 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 00:54:33.0430 4032 amdagp - ok 00:54:33.0443 4032 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 00:54:33.0465 4032 amdide - ok 00:54:33.0478 4032 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 00:54:33.0515 4032 AmdK8 - ok 00:54:33.0530 4032 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 00:54:33.0555 4032 AmdPPM - ok 00:54:33.0590 4032 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys 00:54:33.0613 4032 amdsata - ok 00:54:33.0628 4032 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 00:54:33.0653 4032 amdsbs - ok 00:54:33.0678 4032 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys 00:54:33.0695 4032 amdxata - ok 00:54:33.0723 4032 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 00:54:33.0795 4032 AppID - ok 00:54:33.0808 4032 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll 00:54:33.0867 4032 AppIDSvc - ok 00:54:33.0895 4032 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll 00:54:33.0947 4032 Appinfo - ok 00:54:34.0027 4032 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:54:34.0044 4032 Apple Mobile Device - ok 00:54:34.0079 4032 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll 00:54:34.0116 4032 AppMgmt - ok 00:54:34.0125 4032 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 00:54:34.0146 4032 arc - ok 00:54:34.0151 4032 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 00:54:34.0174 4032 arcsas - ok 00:54:34.0199 4032 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\Windows\system32\drivers\AsIO.sys 00:54:34.0231 4032 AsIO - ok 00:54:34.0254 4032 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 00:54:34.0355 4032 AsyncMac - ok 00:54:34.0368 4032 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 00:54:34.0395 4032 atapi - ok 00:54:34.0438 4032 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 00:54:34.0489 4032 AudioEndpointBuilder - ok 00:54:34.0494 4032 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 00:54:34.0536 4032 Audiosrv - ok 00:54:34.0612 4032 AVerBDA6x (40a19901ef39cb6c7dc37402ffdc987c) C:\Windows\system32\DRIVERS\AVerBDA716x.sys 00:54:34.0666 4032 AVerBDA6x - ok 00:54:34.0710 4032 AVerIR (179b54e3cd7c781ace1692b1867c4872) C:\Windows\system32\DRIVERS\AVerIR.sys 00:54:34.0760 4032 AVerIR - ok 00:54:34.0798 4032 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll 00:54:34.0840 4032 AxInstSV - ok 00:54:34.0875 4032 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 00:54:34.0951 4032 b06bdrv - ok 00:54:35.0231 4032 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 00:54:35.0272 4032 b57nd60x - ok 00:54:35.0293 4032 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll 00:54:35.0342 4032 BDESVC - ok 00:54:35.0357 4032 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 00:54:35.0403 4032 Beep - ok 00:54:35.0449 4032 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll 00:54:35.0504 4032 BFE - ok 00:54:35.0561 4032 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll 00:54:35.0702 4032 BITS - ok 00:54:35.0714 4032 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 00:54:35.0750 4032 blbdrive - ok 00:54:35.0844 4032 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe 00:54:35.0867 4032 Bonjour Service - ok 00:54:35.0904 4032 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 00:54:35.0937 4032 bowser - ok 00:54:35.0949 4032 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 00:54:35.0994 4032 BrFiltLo - ok 00:54:36.0004 4032 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 00:54:36.0044 4032 BrFiltUp - ok 00:54:36.0068 4032 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys 00:54:36.0118 4032 BridgeMP - ok 00:54:36.0142 4032 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll 00:54:36.0196 4032 Browser - ok 00:54:36.0219 4032 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 00:54:36.0251 4032 Brserid - ok 00:54:36.0269 4032 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 00:54:36.0306 4032 BrSerWdm - ok 00:54:36.0314 4032 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 00:54:36.0355 4032 BrUsbMdm - ok 00:54:36.0365 4032 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 00:54:36.0403 4032 BrUsbSer - ok 00:54:36.0413 4032 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 00:54:36.0439 4032 BTHMODEM - ok 00:54:36.0464 4032 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll 00:54:36.0510 4032 bthserv - ok 00:54:36.0601 4032 CAAMSvc (684b1485fa8288b59830d5329198545c) C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe 00:54:36.0622 4032 CAAMSvc - ok 00:54:36.0678 4032 CaCCProvSP (d92bac805b36a15352a1acc3570c5b0b) C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe 00:54:36.0699 4032 CaCCProvSP - ok 00:54:36.0735 4032 CAISafe (9c271ae535d7e8f34634d4077d7fe873) C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe 00:54:36.0754 4032 CAISafe - ok 00:54:36.0785 4032 ccSchedulerSVC (3c73ef1d44809beac8533eff182d4f36) C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe 00:54:36.0805 4032 ccSchedulerSVC - ok 00:54:36.0828 4032 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 00:54:36.0877 4032 cdfs - ok 00:54:36.0922 4032 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys 00:54:36.0953 4032 cdrom - ok 00:54:36.0994 4032 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 00:54:37.0040 4032 CertPropSvc - ok 00:54:37.0053 4032 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 00:54:37.0078 4032 circlass - ok 00:54:37.0110 4032 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 00:54:37.0142 4032 CLFS - ok 00:54:37.0195 4032 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 00:54:37.0216 4032 clr_optimization_v2.0.50727_32 - ok 00:54:37.0283 4032 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 00:54:37.0306 4032 clr_optimization_v4.0.30319_32 - ok 00:54:37.0316 4032 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 00:54:37.0342 4032 CmBatt - ok 00:54:37.0371 4032 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 00:54:37.0391 4032 cmdide - ok 00:54:37.0434 4032 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys 00:54:37.0471 4032 CNG - ok 00:54:37.0481 4032 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 00:54:37.0503 4032 Compbatt - ok 00:54:37.0533 4032 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys 00:54:37.0564 4032 CompositeBus - ok 00:54:37.0576 4032 COMSysApp - ok 00:54:37.0588 4032 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 00:54:37.0609 4032 crcdisk - ok 00:54:37.0643 4032 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll 00:54:37.0723 4032 CryptSvc - ok 00:54:37.0763 4032 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys 00:54:37.0814 4032 CSC - ok 00:54:37.0862 4032 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll 00:54:37.0916 4032 CscService - ok 00:54:37.0975 4032 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys 00:54:37.0995 4032 ctxusbm - ok 00:54:38.0026 4032 dc3d (734bbe7c66e6fd6047a1bd29b9343b30) C:\Windows\system32\DRIVERS\dc3d.sys 00:54:38.0044 4032 dc3d - ok 00:54:38.0071 4032 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 00:54:38.0218 4032 DcomLaunch - ok 00:54:38.0243 4032 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll 00:54:38.0312 4032 defragsvc - ok 00:54:38.0353 4032 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 00:54:38.0396 4032 DfsC - ok 00:54:38.0438 4032 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll 00:54:38.0508 4032 Dhcp - ok 00:54:38.0523 4032 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 00:54:38.0565 4032 discache - ok 00:54:38.0588 4032 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 00:54:38.0613 4032 Disk - ok 00:54:38.0643 4032 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll 00:54:38.0708 4032 Dnscache - ok 00:54:38.0743 4032 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll 00:54:38.0810 4032 dot3svc - ok 00:54:38.0843 4032 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll 00:54:38.0920 4032 DPS - ok 00:54:38.0939 4032 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 00:54:38.0973 4032 drmkaud - ok 00:54:39.0022 4032 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 00:54:39.0067 4032 DXGKrnl - ok 00:54:39.0086 4032 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll 00:54:39.0166 4032 EapHost - ok 00:54:39.0311 4032 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 00:54:39.0394 4032 ebdrv - ok 00:54:39.0474 4032 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe 00:54:39.0579 4032 EFS - ok 00:54:39.0632 4032 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe 00:54:39.0684 4032 ehRecvr - ok 00:54:39.0700 4032 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe 00:54:39.0755 4032 ehSched - ok 00:54:39.0771 4032 EIO_XP (0daf3544804650526751c478aeccce63) C:\Windows\system32\drivers\EIO_XP.sys 00:54:39.0781 4032 EIO_XP ( UnsignedFile.Multi.Generic ) - warning 00:54:39.0781 4032 EIO_XP - detected UnsignedFile.Multi.Generic (1) 00:54:39.0815 4032 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 00:54:39.0846 4032 elxstor - ok 00:54:39.0875 4032 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 00:54:39.0907 4032 ErrDev - ok 00:54:39.0944 4032 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll 00:54:40.0043 4032 EventSystem - ok 00:54:40.0060 4032 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 00:54:40.0096 4032 exfat - ok 00:54:40.0112 4032 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 00:54:40.0155 4032 fastfat - ok 00:54:40.0202 4032 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe 00:54:40.0320 4032 Fax - ok 00:54:40.0373 4032 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 00:54:40.0405 4032 fdc - ok 00:54:40.0418 4032 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll 00:54:40.0490 4032 fdPHost - ok 00:54:40.0502 4032 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll 00:54:40.0573 4032 FDResPub - ok 00:54:40.0586 4032 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 00:54:40.0608 4032 FileInfo - ok 00:54:40.0616 4032 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 00:54:40.0653 4032 Filetrace - ok 00:54:40.0664 4032 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 00:54:40.0702 4032 flpydisk - ok 00:54:40.0728 4032 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 00:54:40.0756 4032 FltMgr - ok 00:54:40.0806 4032 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll 00:54:40.0895 4032 FontCache - ok 00:54:40.0945 4032 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 00:54:40.0965 4032 FontCache3.0.0.0 - ok 00:54:41.0047 4032 Foxtel (71e3fce77bf4e161c95f420dcf91afdf) C:\Program Files\FOXTEL\Download Player\Download Control\DCBin\DCService.exe 00:54:41.0080 4032 Foxtel ( UnsignedFile.Multi.Generic ) - warning 00:54:41.0082 4032 Foxtel - detected UnsignedFile.Multi.Generic (1) 00:54:41.0097 4032 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 00:54:41.0122 4032 FsDepends - ok 00:54:41.0147 4032 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys 00:54:41.0167 4032 fssfltr - ok 00:54:41.0290 4032 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe 00:54:41.0335 4032 fsssvc - ok 00:54:41.0408 4032 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys 00:54:41.0431 4032 Fs_Rec - ok 00:54:41.0474 4032 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 00:54:41.0500 4032 fvevol - ok 00:54:41.0525 4032 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 00:54:41.0547 4032 gagp30kx - ok 00:54:41.0575 4032 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 00:54:41.0598 4032 GEARAspiWDM - ok 00:54:41.0650 4032 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll 00:54:41.0738 4032 gpsvc - ok 00:54:41.0747 4032 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 00:54:41.0792 4032 hcw85cir - ok 00:54:41.0840 4032 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys 00:54:41.0872 4032 HdAudAddService - ok 00:54:41.0887 4032 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys 00:54:41.0923 4032 HDAudBus - ok 00:54:41.0932 4032 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 00:54:41.0970 4032 HidBatt - ok 00:54:41.0984 4032 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 00:54:42.0022 4032 HidBth - ok 00:54:42.0036 4032 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 00:54:42.0063 4032 HidIr - ok 00:54:42.0081 4032 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll 00:54:42.0160 4032 hidserv - ok 00:54:42.0212 4032 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys 00:54:42.0254 4032 HidUsb - ok 00:54:42.0285 4032 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll 00:54:42.0371 4032 hkmsvc - ok 00:54:42.0402 4032 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll 00:54:42.0493 4032 HomeGroupListener - ok 00:54:42.0520 4032 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll 00:54:42.0635 4032 HomeGroupProvider - ok 00:54:42.0728 4032 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll 00:54:42.0745 4032 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning 00:54:42.0745 4032 hpqcxs08 - detected UnsignedFile.Multi.Generic (1) 00:54:42.0752 4032 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll 00:54:42.0766 4032 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning 00:54:42.0766 4032 hpqddsvc - detected UnsignedFile.Multi.Generic (1) 00:54:42.0804 4032 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 00:54:42.0829 4032 HpSAMD - ok 00:54:42.0867 4032 HPSLPSVC (79737e0f7d25de8405cb34d4c9882253) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL 00:54:42.0900 4032 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning 00:54:42.0900 4032 HPSLPSVC - detected UnsignedFile.Multi.Generic (1) 00:54:42.0958 4032 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 00:54:43.0004 4032 HTTP - ok 00:54:43.0013 4032 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 00:54:43.0037 4032 hwpolicy - ok 00:54:43.0073 4032 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 00:54:43.0111 4032 i8042prt - ok 00:54:43.0141 4032 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys 00:54:43.0170 4032 iaStorV - ok 00:54:43.0236 4032 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 00:54:43.0254 4032 IDriverT ( UnsignedFile.Multi.Generic ) - warning 00:54:43.0254 4032 IDriverT - detected UnsignedFile.Multi.Generic (1) 00:54:43.0336 4032 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 00:54:43.0374 4032 idsvc - ok 00:54:43.0452 4032 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 00:54:43.0476 4032 iirsp - ok 00:54:43.0526 4032 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll 00:54:43.0623 4032 IKEEXT - ok 00:54:43.0752 4032 IntcAzAudAddService (8b27c21412ae4404eb0acfe1d98579ec) C:\Windows\system32\drivers\RTKVHDA.sys 00:54:43.0819 4032 IntcAzAudAddService - ok 00:54:43.0889 4032 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 00:54:43.0912 4032 intelide - ok 00:54:43.0936 4032 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 00:54:43.0974 4032 intelppm - ok 00:54:43.0995 4032 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll 00:54:44.0106 4032 IPBusEnum - ok 00:54:44.0117 4032 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 00:54:44.0154 4032 IpFilterDriver - ok 00:54:44.0196 4032 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll 00:54:44.0277 4032 iphlpsvc - ok 00:54:44.0305 4032 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 00:54:44.0346 4032 IPMIDRV - ok 00:54:44.0364 4032 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 00:54:44.0402 4032 IPNAT - ok 00:54:44.0478 4032 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe 00:54:44.0505 4032 iPod Service - ok 00:54:44.0522 4032 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 00:54:44.0573 4032 IRENUM - ok 00:54:44.0599 4032 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 00:54:44.0624 4032 isapnp - ok 00:54:44.0661 4032 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 00:54:44.0692 4032 iScsiPrt - ok 00:54:44.0705 4032 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 00:54:44.0730 4032 kbdclass - ok 00:54:44.0771 4032 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys 00:54:44.0801 4032 kbdhid - ok 00:54:44.0812 4032 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 00:54:44.0886 4032 KeyIso - ok 00:54:44.0941 4032 KmxAgent (e47f14be186a4f52fcc7408e328e5d05) C:\Windows\system32\DRIVERS\kmxagent.sys 00:54:44.0966 4032 KmxAgent - ok 00:54:45.0029 4032 KmxAMRT (dbe10508574482bb52c9a75a54c9d306) C:\Windows\system32\DRIVERS\KmxAMRT.sys 00:54:45.0052 4032 KmxAMRT - ok 00:54:45.0089 4032 KmxCF (c4de79d3134a6ff039e2a4018218ba74) C:\Windows\system32\DRIVERS\KmxCF.sys 00:54:45.0114 4032 KmxCF - ok 00:54:45.0138 4032 KmxCfg (ebbc74b243a683f7f9b71c764851c3f6) C:\Windows\system32\DRIVERS\kmxcfg.sys 00:54:45.0160 4032 KmxCfg - ok 00:54:45.0185 4032 KmxFile (2c20c160d2fda69e16e6456c28cade4d) C:\Windows\system32\DRIVERS\KmxFile.sys 00:54:45.0208 4032 KmxFile - ok 00:54:45.0233 4032 KmxFilter (3b4fec530366eb3deded91789c550233) C:\Windows\system32\DRIVERS\KmxFilter.sys 00:54:45.0257 4032 KmxFilter - ok 00:54:45.0284 4032 KmxFw (047641859449aa00e6c36bf81666ce11) C:\Windows\system32\DRIVERS\kmxfw.sys 00:54:45.0310 4032 KmxFw - ok 00:54:45.0326 4032 KmxSbx (6254044e1bba2fddaeba95e71ee830ca) C:\Windows\system32\DRIVERS\KmxSbx.sys 00:54:45.0352 4032 KmxSbx - ok 00:54:45.0365 4032 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys 00:54:45.0394 4032 KSecDD - ok 00:54:45.0553 4032 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys 00:54:45.0580 4032 KSecPkg - ok 00:54:45.0608 4032 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll 00:54:45.0723 4032 KtmRm - ok 00:54:45.0754 4032 L1E (f7cdaba15c7e853f0a11af6d77fca990) C:\Windows\system32\DRIVERS\L1E62x86.sys 00:54:45.0798 4032 L1E - ok 00:54:45.0848 4032 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll 00:54:45.0992 4032 LanmanServer - ok 00:54:46.0026 4032 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll 00:54:46.0186 4032 LanmanWorkstation - ok 00:54:46.0288 4032 LBTServ (3af6b73a3ad1fc37c5933441f66ceb91) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe 00:54:46.0308 4032 LBTServ - ok 00:54:46.0338 4032 LEqdUsb (70035567754bed4e6ad353ca3f175127) C:\Windows\system32\Drivers\LEqdUsb.Sys 00:54:46.0363 4032 LEqdUsb - ok 00:54:46.0393 4032 LHidEqd (32491b6bae0afad1d7a62c0ef0af4321) C:\Windows\system32\Drivers\LHidEqd.Sys 00:54:46.0416 4032 LHidEqd - ok 00:54:46.0441 4032 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys 00:54:46.0462 4032 LHidFilt - ok 00:54:46.0493 4032 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 00:54:46.0538 4032 lltdio - ok 00:54:46.0566 4032 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll 00:54:46.0667 4032 lltdsvc - ok 00:54:46.0688 4032 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll 00:54:46.0787 4032 lmhosts - ok 00:54:46.0796 4032 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys 00:54:46.0820 4032 LMouFilt - ok 00:54:46.0846 4032 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 00:54:46.0871 4032 LSI_FC - ok 00:54:46.0886 4032 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 00:54:46.0910 4032 LSI_SAS - ok 00:54:46.0921 4032 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 00:54:46.0947 4032 LSI_SAS2 - ok 00:54:46.0953 4032 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 00:54:46.0979 4032 LSI_SCSI - ok 00:54:46.0995 4032 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 00:54:47.0050 4032 luafv - ok 00:54:47.0080 4032 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys 00:54:47.0107 4032 MBAMProtector - ok 00:54:47.0186 4032 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 00:54:47.0211 4032 MBAMService - ok 00:54:47.0291 4032 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll 00:54:47.0373 4032 Mcx2Svc - ok 00:54:47.0459 4032 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe 00:54:47.0475 4032 MDM ( UnsignedFile.Multi.Generic ) - warning 00:54:47.0475 4032 MDM - detected UnsignedFile.Multi.Generic (1) 00:54:47.0483 4032 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 00:54:47.0510 4032 megasas - ok 00:54:47.0527 4032 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 00:54:47.0556 4032 MegaSR - ok 00:54:47.0577 4032 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 00:54:47.0690 4032 MMCSS - ok 00:54:47.0701 4032 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 00:54:47.0745 4032 Modem - ok 00:54:47.0759 4032 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 00:54:47.0796 4032 monitor - ok 00:54:47.0827 4032 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 00:54:47.0858 4032 mouclass - ok 00:54:47.0866 4032 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 00:54:47.0896 4032 mouhid - ok 00:54:47.0926 4032 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 00:54:47.0956 4032 mountmgr - ok 00:54:47.0986 4032 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 00:54:48.0015 4032 mpio - ok 00:54:48.0029 4032 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 00:54:48.0071 4032 mpsdrv - ok 00:54:48.0122 4032 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll 00:54:48.0249 4032 MpsSvc - ok 00:54:48.0280 4032 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 00:54:48.0312 4032 MRxDAV - ok 00:54:48.0344 4032 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys 00:54:48.0380 4032 mrxsmb - ok 00:54:48.0411 4032 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys 00:54:48.0440 4032 mrxsmb10 - ok 00:54:48.0450 4032 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys 00:54:48.0480 4032 mrxsmb20 - ok 00:54:48.0523 4032 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 00:54:48.0554 4032 msahci - ok 00:54:48.0587 4032 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 00:54:48.0614 4032 msdsm - ok 00:54:48.0642 4032 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe 00:54:48.0739 4032 MSDTC - ok 00:54:48.0762 4032 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 00:54:48.0799 4032 Msfs - ok 00:54:48.0814 4032 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 00:54:48.0864 4032 mshidkmdf - ok 00:54:48.0889 4032 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 00:54:48.0917 4032 msisadrv - ok 00:54:48.0944 4032 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll 00:54:49.0029 4032 MSiSCSI - ok 00:54:49.0032 4032 msiserver - ok 00:54:49.0050 4032 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 00:54:49.0096 4032 MSKSSRV - ok 00:54:49.0109 4032 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 00:54:49.0157 4032 MSPCLOCK - ok 00:54:49.0159 4032 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 00:54:49.0202 4032 MSPQM - ok 00:54:49.0224 4032 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 00:54:49.0255 4032 MsRPC - ok 00:54:49.0270 4032 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys 00:54:49.0296 4032 mssmbios - ok 00:54:49.0305 4032 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 00:54:49.0346 4032 MSTEE - ok 00:54:49.0352 4032 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 00:54:49.0388 4032 MTConfig - ok 00:54:49.0411 4032 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys 00:54:49.0436 4032 MTsensor - ok 00:54:49.0449 4032 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 00:54:49.0475 4032 Mup - ok 00:54:49.0704 4032 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll 00:54:49.0858 4032 napagent - ok 00:54:49.0892 4032 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 00:54:49.0928 4032 NativeWifiP - ok 00:54:49.0992 4032 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 00:54:50.0029 4032 NDIS - ok 00:54:50.0039 4032 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 00:54:50.0084 4032 NdisCap - ok 00:54:50.0106 4032 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 00:54:50.0147 4032 NdisTapi - ok 00:54:50.0184 4032 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 00:54:50.0233 4032 Ndisuio - ok 00:54:50.0276 4032 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 00:54:50.0316 4032 NdisWan - ok 00:54:50.0345 4032 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 00:54:50.0382 4032 NDProxy - ok 00:54:50.0395 4032 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\Windows\system32\HPZinw12.dll 00:54:50.0457 4032 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 00:54:50.0457 4032 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 00:54:50.0467 4032 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 00:54:50.0513 4032 NetBIOS - ok 00:54:50.0593 4032 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 00:54:50.0721 4032 NetBT - ok 00:54:50.0876 4032 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 00:54:50.0957 4032 Netlogon - ok 00:54:51.0046 4032 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll 00:54:51.0147 4032 Netman - ok 00:54:51.0177 4032 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll 00:54:51.0297 4032 netprofm - ok 00:54:51.0349 4032 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 00:54:51.0367 4032 NetTcpPortSharing - ok 00:54:51.0389 4032 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 00:54:51.0417 4032 nfrd960 - ok 00:54:51.0457 4032 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll 00:54:51.0589 4032 NlaSvc - ok 00:54:51.0622 4032 NPF (b15e0180c43d8b5219196d76878cc2dd) C:\Windows\system32\DRIVERS\aztech_npf32.sys 00:54:51.0641 4032 NPF - ok 00:54:51.0646 4032 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 00:54:51.0684 4032 Npfs - ok 00:54:51.0687 4032 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll 00:54:51.0794 4032 nsi - ok 00:54:51.0809 4032 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 00:54:51.0849 4032 nsiproxy - ok 00:54:52.0374 4032 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys 00:54:52.0456 4032 Ntfs - ok 00:54:52.0497 4032 NuidFltr (9620a1d8160a550f064bbaf48d0f97cc) C:\Windows\system32\DRIVERS\NuidFltr.sys 00:54:52.0521 4032 NuidFltr - ok 00:54:52.0528 4032 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 00:54:52.0575 4032 Null - ok 00:54:53.0652 4032 nvlddmkm (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys 00:54:53.0862 4032 nvlddmkm - ok 00:54:54.0229 4032 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys 00:54:54.0257 4032 nvraid - ok 00:54:54.0269 4032 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys 00:54:54.0298 4032 nvstor - ok 00:54:54.0378 4032 nvsvc (d122f7c5f79c68868f5dc28cefeb2ecf) C:\Windows\system32\nvvsvc.exe 00:54:54.0485 4032 nvsvc - ok 00:54:54.0637 4032 nvUpdatusService (003cb0a155568b4a53a301f07c734233) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 00:54:54.0681 4032 nvUpdatusService - ok 00:54:54.0729 4032 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 00:54:54.0759 4032 nv_agp - ok 00:54:54.0840 4032 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 00:54:54.0865 4032 odserv - ok 00:54:54.0896 4032 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 00:54:54.0934 4032 ohci1394 - ok 00:54:54.0971 4032 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 00:54:54.0993 4032 ose - ok 00:54:55.0025 4032 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 00:54:55.0142 4032 p2pimsvc - ok 00:54:55.0167 4032 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll 00:54:55.0294 4032 p2psvc - ok 00:54:55.0317 4032 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 00:54:55.0352 4032 Parport - ok 00:54:55.0374 4032 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys 00:54:55.0402 4032 partmgr - ok 00:54:55.0412 4032 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 00:54:55.0457 4032 Parvdm - ok 00:54:55.0464 4032 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll 00:54:55.0582 4032 PcaSvc - ok 00:54:55.0594 4032 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 00:54:55.0631 4032 pci - ok 00:54:55.0642 4032 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 00:54:55.0667 4032 pciide - ok 00:54:55.0685 4032 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 00:54:55.0713 4032 pcmcia - ok 00:54:55.0729 4032 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 00:54:55.0762 4032 pcw - ok 00:54:55.0810 4032 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 00:54:55.0869 4032 PEAUTH - ok 00:54:56.0044 4032 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll 00:54:56.0175 4032 PeerDistSvc - ok 00:54:56.0266 4032 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll 00:54:56.0408 4032 pla - ok 00:54:56.0492 4032 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll 00:54:56.0650 4032 PlugPlay - ok 00:54:56.0690 4032 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\Windows\system32\HPZipm12.dll 00:54:56.0750 4032 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 00:54:56.0750 4032 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 00:54:56.0798 4032 PnkBstrA (19e83b09ab8ee1d837665da941e2ac44) C:\Windows\system32\PnkBstrA.exe 00:54:56.0893 4032 PnkBstrA - ok 00:54:56.0913 4032 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll 00:54:57.0025 4032 PNRPAutoReg - ok 00:54:57.0050 4032 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 00:54:57.0155 4032 PNRPsvc - ok 00:54:57.0196 4032 Point32 (7d7a9c17d5455203dea11e5ef886cc59) C:\Windows\system32\DRIVERS\point32.sys 00:54:57.0222 4032 Point32 - ok 00:54:57.0263 4032 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll 00:54:57.0357 4032 PolicyAgent - ok 00:54:57.0382 4032 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll 00:54:57.0523 4032 Power - ok 00:54:57.0550 4032 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 00:54:57.0607 4032 PptpMiniport - ok 00:54:57.0636 4032 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 00:54:57.0680 4032 Processor - ok 00:54:57.0710 4032 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll 00:54:57.0858 4032 ProfSvc - ok 00:54:57.0881 4032 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 00:54:57.0958 4032 ProtectedStorage - ok 00:54:57.0981 4032 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 00:54:58.0023 4032 Psched - ok 00:54:58.0083 4032 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 00:54:58.0139 4032 ql2300 - ok 00:54:58.0218 4032 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 00:54:58.0248 4032 ql40xx - ok 00:54:58.0275 4032 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll 00:54:58.0394 4032 QWAVE - ok 00:54:58.0399 4032 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 00:54:58.0430 4032 QWAVEdrv - ok 00:54:58.0438 4032 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 00:54:58.0479 4032 RasAcd - ok 00:54:58.0502 4032 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 00:54:58.0536 4032 RasAgileVpn - ok 00:54:58.0551 4032 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll 00:54:58.0671 4032 RasAuto - ok 00:54:58.0683 4032 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 00:54:58.0733 4032 Rasl2tp - ok 00:54:58.0771 4032 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll 00:54:58.0903 4032 RasMan - ok 00:54:58.0912 4032 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 00:54:58.0952 4032 RasPppoe - ok 00:54:58.0965 4032 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 00:54:59.0010 4032 RasSstp - ok 00:54:59.0045 4032 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 00:54:59.0095 4032 rdbss - ok 00:54:59.0136 4032 RDID1104 (124f9ee38c0255dfa46e10905a958bd9) C:\Windows\system32\Drivers\rdwm1104.sys 00:54:59.0186 4032 RDID1104 - ok 00:54:59.0195 4032 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 00:54:59.0229 4032 rdpbus - ok 00:54:59.0254 4032 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 00:54:59.0292 4032 RDPCDD - ok 00:54:59.0324 4032 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys 00:54:59.0369 4032 RDPDR - ok 00:54:59.0390 4032 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 00:54:59.0434 4032 RDPENCDD - ok 00:54:59.0447 4032 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 00:54:59.0488 4032 RDPREFMP - ok 00:54:59.0541 4032 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys 00:54:59.0585 4032 RdpVideoMiniport - ok 00:54:59.0642 4032 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys 00:54:59.0691 4032 RDPWD - ok 00:54:59.0724 4032 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 00:54:59.0758 4032 rdyboost - ok 00:54:59.0795 4032 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll 00:54:59.0942 4032 RemoteAccess - ok 00:54:59.0966 4032 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll 00:55:00.0092 4032 RemoteRegistry - ok 00:55:00.0108 4032 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll 00:55:00.0228 4032 RpcEptMapper - ok 00:55:00.0240 4032 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe 00:55:00.0324 4032 RpcLocator - ok 00:55:00.0371 4032 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 00:55:00.0492 4032 RpcSs - ok 00:55:00.0534 4032 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 00:55:00.0574 4032 rspndr - ok 00:55:00.0597 4032 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys 00:55:00.0649 4032 s3cap - ok 00:55:00.0674 4032 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 00:55:00.0750 4032 SamSs - ok 00:55:00.0784 4032 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 00:55:00.0815 4032 sbp2port - ok 00:55:00.0831 4032 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll 00:55:00.0958 4032 SCardSvr - ok 00:55:00.0977 4032 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 00:55:01.0016 4032 scfilter - ok 00:55:01.0164 4032 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll 00:55:01.0311 4032 Schedule - ok 00:55:01.0326 4032 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 00:55:01.0368 4032 SCPolicySvc - ok 00:55:01.0384 4032 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll 00:55:01.0513 4032 SDRSVC - ok 00:55:01.0606 4032 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 00:55:01.0626 4032 SeaPort - ok 00:55:01.0658 4032 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 00:55:01.0702 4032 secdrv - ok 00:55:01.0718 4032 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll 00:55:01.0855 4032 seclogon - ok 00:55:01.0866 4032 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll 00:55:01.0990 4032 SENS - ok 00:55:02.0003 4032 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll 00:55:02.0120 4032 SensrSvc - ok 00:55:02.0127 4032 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 00:55:02.0173 4032 Serenum - ok 00:55:02.0185 4032 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 00:55:02.0231 4032 Serial - ok 00:55:02.0253 4032 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 00:55:02.0291 4032 sermouse - ok 00:55:02.0328 4032 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll 00:55:02.0461 4032 SessionEnv - ok 00:55:02.0478 4032 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 00:55:02.0523 4032 sffdisk - ok 00:55:02.0531 4032 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 00:55:02.0573 4032 sffp_mmc - ok 00:55:02.0586 4032 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys 00:55:02.0631 4032 sffp_sd - ok 00:55:02.0643 4032 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 00:55:02.0673 4032 sfloppy - ok 00:55:02.0708 4032 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll 00:55:02.0789 4032 SharedAccess - ok 00:55:02.0832 4032 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll 00:55:02.0959 4032 ShellHWDetection - ok 00:55:02.0986 4032 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 00:55:03.0017 4032 sisagp - ok 00:55:03.0039 4032 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 00:55:03.0068 4032 SiSRaid2 - ok 00:55:03.0078 4032 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 00:55:03.0110 4032 SiSRaid4 - ok 00:55:03.0131 4032 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 00:55:03.0171 4032 Smb - ok 00:55:03.0191 4032 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe 00:55:03.0313 4032 SNMPTRAP - ok 00:55:03.0323 4032 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 00:55:03.0353 4032 spldr - ok 00:55:03.0397 4032 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe 00:55:03.0535 4032 Spooler - ok 00:55:03.0681 4032 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe 00:55:03.0858 4032 sppsvc - ok 00:55:03.0938 4032 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll 00:55:04.0080 4032 sppuinotify - ok 00:55:04.0133 4032 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys 00:55:04.0185 4032 srv - ok 00:55:04.0228 4032 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys 00:55:04.0269 4032 srv2 - ok 00:55:04.0303 4032 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys 00:55:04.0334 4032 srvnet - ok 00:55:04.0362 4032 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll 00:55:04.0495 4032 SSDPSRV - ok 00:55:04.0509 4032 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll 00:55:04.0651 4032 SstpSvc - ok 00:55:04.0753 4032 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 00:55:04.0777 4032 Stereo Service - ok 00:55:04.0788 4032 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 00:55:04.0818 4032 stexstor - ok 00:55:04.0860 4032 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll 00:55:05.0003 4032 StiSvc - ok 00:55:05.0026 4032 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys 00:55:05.0058 4032 storflt - ok 00:55:05.0069 4032 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys 00:55:05.0098 4032 storvsc - ok 00:55:05.0127 4032 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 00:55:05.0158 4032 swenum - ok 00:55:05.0179 4032 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll 00:55:05.0307 4032 swprv - ok 00:55:05.0310 4032 Synth3dVsc - ok 00:55:05.0380 4032 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll 00:55:05.0525 4032 SysMain - ok 00:55:05.0547 4032 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll 00:55:05.0681 4032 TabletInputService - ok 00:55:05.0709 4032 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll 00:55:05.0855 4032 TapiSrv - ok 00:55:05.0866 4032 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll 00:55:06.0001 4032 TBS - ok 00:55:06.0099 4032 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys 00:55:06.0153 4032 Tcpip - ok 00:55:06.0174 4032 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys 00:55:06.0217 4032 TCPIP6 - ok 00:55:06.0302 4032 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 00:55:06.0345 4032 tcpipreg - ok 00:55:06.0378 4032 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 00:55:06.0428 4032 TDPIPE - ok 00:55:06.0452 4032 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys 00:55:06.0481 4032 TDTCP - ok 00:55:06.0509 4032 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 00:55:06.0550 4032 tdx - ok 00:55:06.0581 4032 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys 00:55:06.0613 4032 TermDD - ok 00:55:06.0663 4032 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll 00:55:06.0796 4032 TermService - ok 00:55:06.0806 4032 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll 00:55:06.0941 4032 Themes - ok 00:55:06.0951 4032 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 00:55:07.0044 4032 THREADORDER - ok 00:55:07.0059 4032 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll 00:55:07.0201 4032 TrkWks - ok 00:55:07.0244 4032 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe 00:55:07.0285 4032 TrustedInstaller - ok 00:55:07.0311 4032 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 00:55:07.0350 4032 tssecsrv - ok 00:55:07.0377 4032 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 00:55:07.0420 4032 TsUsbFlt - ok 00:55:07.0422 4032 tsusbhub - ok 00:55:07.0460 4032 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 00:55:07.0508 4032 tunnel - ok 00:55:07.0528 4032 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 00:55:07.0556 4032 uagp35 - ok 00:55:07.0597 4032 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 00:55:07.0653 4032 udfs - ok 00:55:07.0664 4032 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe 00:55:07.0801 4032 UI0Detect - ok 00:55:07.0819 4032 ULCDRHlp (a4e07da3ae2078bd96e84d4baa07b71d) C:\Windows\system32\Drivers\ULCDRHlp.sys 00:55:07.0839 4032 ULCDRHlp ( UnsignedFile.Multi.Generic ) - warning 00:55:07.0839 4032 ULCDRHlp - detected UnsignedFile.Multi.Generic (1) 00:55:07.0862 4032 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 00:55:07.0890 4032 uliagpkx - ok 00:55:07.0915 4032 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys 00:55:07.0951 4032 umbus - ok 00:55:07.0963 4032 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 00:55:07.0997 4032 UmPass - ok 00:55:08.0038 4032 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll 00:55:08.0184 4032 UmRdpService - ok 00:55:08.0286 4032 UmxEngine (a6d4800135180ebb6582768c4981a193) C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe 00:55:08.0306 4032 UmxEngine - ok 00:55:08.0338 4032 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll 00:55:08.0488 4032 upnphost - ok 00:55:08.0516 4032 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys 00:55:08.0543 4032 USBAAPL ( UnsignedFile.Multi.Generic ) - warning 00:55:08.0546 4032 USBAAPL - detected UnsignedFile.Multi.Generic (1) 00:55:08.0571 4032 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys 00:55:08.0618 4032 usbccgp - ok 00:55:08.0631 4032 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 00:55:08.0663 4032 usbcir - ok 00:55:08.0698 4032 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys 00:55:08.0728 4032 usbehci - ok 00:55:08.0763 4032 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys 00:55:08.0802 4032 usbhub - ok 00:55:08.0819 4032 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 00:55:08.0863 4032 usbohci - ok 00:55:08.0875 4032 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 00:55:08.0911 4032 usbprint - ok 00:55:08.0930 4032 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS 00:55:08.0973 4032 USBSTOR - ok 00:55:08.0982 4032 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys 00:55:09.0015 4032 usbuhci - ok 00:55:09.0041 4032 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll 00:55:09.0196 4032 UxSms - ok 00:55:09.0223 4032 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 00:55:09.0299 4032 VaultSvc - ok 00:55:09.0325 4032 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 00:55:09.0354 4032 vdrvroot - ok 00:55:09.0397 4032 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe 00:55:09.0549 4032 vds - ok 00:55:09.0568 4032 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 00:55:09.0611 4032 vga - ok 00:55:09.0618 4032 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 00:55:09.0662 4032 VgaSave - ok 00:55:09.0665 4032 VGPU - ok 00:55:09.0695 4032 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 00:55:09.0725 4032 vhdmp - ok 00:55:09.0747 4032 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 00:55:09.0776 4032 viaagp - ok 00:55:09.0790 4032 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 00:55:09.0833 4032 ViaC7 - ok 00:55:09.0843 4032 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 00:55:09.0873 4032 viaide - ok 00:55:09.0910 4032 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys 00:55:09.0943 4032 vmbus - ok 00:55:09.0963 4032 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys 00:55:09.0993 4032 VMBusHID - ok 00:55:10.0015 4032 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 00:55:10.0048 4032 volmgr - ok 00:55:10.0073 4032 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 00:55:10.0118 4032 volmgrx - ok 00:55:10.0138 4032 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 00:55:10.0173 4032 volsnap - ok 00:55:10.0195 4032 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 00:55:10.0225 4032 vsmraid - ok 00:55:10.0295 4032 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe 00:55:10.0452 4032 VSS - ok 00:55:10.0460 4032 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 00:55:10.0502 4032 vwifibus - ok 00:55:10.0535 4032 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll 00:55:10.0684 4032 W32Time - ok 00:55:10.0695 4032 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 00:55:10.0736 4032 WacomPen - ok 00:55:10.0767 4032 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 00:55:10.0809 4032 WANARP - ok 00:55:10.0812 4032 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 00:55:10.0852 4032 Wanarpv6 - ok 00:55:10.0931 4032 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe 00:55:10.0980 4032 WatAdminSvc - ok 00:55:11.0038 4032 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe 00:55:11.0205 4032 wbengine - ok 00:55:11.0222 4032 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll 00:55:11.0400 4032 WbioSrvc - ok 00:55:11.0635 4032 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll 00:55:11.0827 4032 wcncsvc - ok 00:55:11.0868 4032 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll 00:55:12.0015 4032 WcsPlugInService - ok 00:55:12.0052 4032 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 00:55:12.0085 4032 Wd - ok 00:55:12.0117 4032 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 00:55:12.0157 4032 Wdf01000 - ok 00:55:12.0167 4032 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 00:55:12.0315 4032 WdiServiceHost - ok 00:55:12.0318 4032 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 00:55:12.0456 4032 WdiSystemHost - ok 00:55:12.0486 4032 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll 00:55:12.0633 4032 WebClient - ok 00:55:12.0649 4032 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll 00:55:12.0803 4032 Wecsvc - ok 00:55:12.0809 4032 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll 00:55:12.0952 4032 wercplsupport - ok 00:55:12.0977 4032 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll 00:55:13.0122 4032 WerSvc - ok 00:55:13.0134 4032 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 00:55:13.0177 4032 WfpLwf - ok 00:55:13.0187 4032 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 00:55:13.0219 4032 WIMMount - ok 00:55:13.0289 4032 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll 00:55:13.0332 4032 WinDefend - ok 00:55:13.0334 4032 WinHttpAutoProxySvc - ok 00:55:13.0377 4032 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll 00:55:13.0427 4032 Winmgmt - ok 00:55:13.0503 4032 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll 00:55:13.0680 4032 WinRM - ok 00:55:13.0747 4032 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.sys 00:55:13.0788 4032 WinUsb - ok 00:55:13.0833 4032 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll 00:55:13.0987 4032 Wlansvc - ok 00:55:14.0036 4032 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 00:55:14.0054 4032 wlcrasvc - ok 00:55:14.0153 4032 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 00:55:14.0188 4032 wlidsvc - ok 00:55:14.0264 4032 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 00:55:14.0300 4032 WmiAcpi - ok 00:55:14.0344 4032 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe 00:55:14.0381 4032 wmiApSrv - ok 00:55:14.0491 4032 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe 00:55:14.0536 4032 WMPNetworkSvc - ok 00:55:14.0621 4032 WMZuneComm (017695393afffed8de58abd1b085be6d) C:\Program Files\Zune\WMZuneComm.exe 00:55:14.0649 4032 WMZuneComm - ok 00:55:14.0691 4032 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll 00:55:14.0841 4032 WPCSvc - ok 00:55:14.0869 4032 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll 00:55:15.0019 4032 WPDBusEnum - ok 00:55:15.0049 4032 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 00:55:15.0100 4032 ws2ifsl - ok 00:55:15.0140 4032 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys 00:55:15.0170 4032 WsAudio_DeviceS(1) - ok 00:55:15.0211 4032 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys 00:55:15.0240 4032 WsAudio_DeviceS(2) - ok 00:55:15.0254 4032 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys 00:55:15.0284 4032 WsAudio_DeviceS(3) - ok 00:55:15.0293 4032 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys 00:55:15.0319 4032 WsAudio_DeviceS(4) - ok 00:55:15.0329 4032 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys 00:55:15.0355 4032 WsAudio_DeviceS(5) - ok 00:55:15.0369 4032 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll 00:55:15.0523 4032 wscsvc - ok 00:55:15.0526 4032 WSearch - ok 00:55:15.0624 4032 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll 00:55:15.0803 4032 wuauserv - ok 00:55:15.0886 4032 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 00:55:15.0931 4032 WudfPf - ok 00:55:15.0963 4032 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 00:55:16.0018 4032 WUDFRd - ok 00:55:16.0051 4032 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll 00:55:16.0201 4032 wudfsvc - ok 00:55:16.0216 4032 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll 00:55:16.0371 4032 WwanSvc - ok 00:55:16.0670 4032 ZuneNetworkSvc (1076df9ade4e13ea3bf39d2165aeb903) C:\Program Files\Zune\ZuneNss.exe 00:55:16.0803 4032 ZuneNetworkSvc - ok 00:55:16.0943 4032 ZuneWlanCfgSvc (de1cdb333a402b279f04d627122fa08e) C:\Program Files\Zune\ZuneWlanCfgSvc.exe 00:55:16.0981 4032 ZuneWlanCfgSvc - ok 00:55:17.0013 4032 MBR (0x1B8) (3dfbd33517922022aab2367021b4bbec) \Device\Harddisk1\DR1 00:55:17.0013 4032 \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - infected 00:55:17.0014 4032 \Device\Harddisk1\DR1 - detected Rootkit.Boot.Wistler.a (0) 00:55:17.0079 4032 MBR (0x1B8) (3dfbd33517922022aab2367021b4bbec) \Device\Harddisk0\DR0 00:55:17.0105 4032 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - infected 00:55:17.0105 4032 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Wistler.a (0) 00:55:17.0162 4032 Boot (0x1200) (cebfdbc78ba272bf81848735d64959d4) \Device\Harddisk1\DR1\Partition0 00:55:17.0163 4032 \Device\Harddisk1\DR1\Partition0 - ok 00:55:17.0189 4032 Boot (0x1200) (8d15facad6c373948c49cc2bba9b1f54) \Device\Harddisk0\DR0\Partition0 00:55:17.0190 4032 \Device\Harddisk0\DR0\Partition0 - ok 00:55:17.0199 4032 Boot (0x1200) (5bbbf6c859f2d5bfcdcb3cca8e2f226d) \Device\Harddisk0\DR0\Partition1 00:55:17.0200 4032 \Device\Harddisk0\DR0\Partition1 - ok 00:55:17.0200 4032 ============================================================ 00:55:17.0200 4032 Scan finished 00:55:17.0200 4032 ============================================================ 00:55:17.0207 3420 Detected object count: 13 00:55:17.0207 3420 Actual detected object count: 13 00:56:26.0345 3420 EIO_XP ( UnsignedFile.Multi.Generic ) - skipped by user 00:56:26.0345 3420 EIO_XP ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:56:26.0345 3420 Foxtel ( UnsignedFile.Multi.Generic ) - skipped by user 00:56:26.0346 3420 Foxtel ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:56:26.0346 3420 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user 00:56:26.0346 3420 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:56:26.0347 3420 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user 00:56:26.0347 3420 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:56:26.0348 3420 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user 00:56:26.0348 3420 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:56:26.0349 3420 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 00:56:26.0349 3420 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:56:26.0350 3420 MDM ( UnsignedFile.Multi.Generic ) - skipped by user 00:56:26.0350 3420 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:56:26.0351 3420 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 00:56:26.0351 3420 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:56:26.0352 3420 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 00:56:26.0352 3420 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:56:26.0353 3420 ULCDRHlp ( UnsignedFile.Multi.Generic ) - skipped by user 00:56:26.0353 3420 ULCDRHlp ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:56:26.0355 3420 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user 00:56:26.0355 3420 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:56:26.0454 3420 \Device\Harddisk1\DR1\# - copied to quarantine 00:56:26.0454 3420 \Device\Harddisk1\DR1 - copied to quarantine 00:56:26.0455 3420 \Device\Harddisk1\DR1 - processing error 01:02:27.0286 3420 \Device\Harddisk1\DR1 - will be restored on reboot 01:02:27.0286 3420 \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - User select action: Cure Restore 01:02:28.0018 3420 \Device\Harddisk0\DR0\# - copied to quarantine 01:02:28.0019 3420 \Device\Harddisk0\DR0 - copied to quarantine 01:02:28.0027 3420 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - will be cured on reboot 01:02:28.0028 3420 \Device\Harddisk0\DR0 - ok 01:02:28.0028 3420 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - User select action: Cure 01:02:43.0380 2852 Deinitialize success
  9. DanFenton
    Hi MrC There were suspicious files so I left these on skip. There were 2 objects (wistler). I left these on Cure, but now have a warning that it "Can't cure MBR. Write standard boot code? If you have installed custom bootloader (eg Acronis, Grub, Lilo) you will need to reinstall them after treatment." I have a choice of Yes or No. Should I say Yes? Thanks
  10. DanFenton
    Thanks MrC Google Chrome reported the link as broken, but IE allowed download. Here is the report RogueKiller V7.6.1 [06/28/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User: Daniel [Admin rights] Mode: Scan -- Date: 07/01/2012 00:43:57 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 4 ¤¤¤ [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5001AALS-00L3B2 ATA Device +++++ --- User --- [MBR] 7da1ebebab6e0c07c905f5acf6f94c1e [bSP] 5a09d011670e4b02dd5eb5c5ed63d843 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo User != LL1 ... KO! --- LL1 --- [MBR] 10969b10278b2ed49a5f41771b9cbefb [bSP] 826b89e873a07c4790a7f1bf3e301948 : Suspicious NOP-flood MBR Code! Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD1600JB-00GVA0 ATA Device +++++ --- User --- [MBR] aec80bfe230185daa0f5f81f890b295c [bSP] 2c452425db47fafb407e53086f094af6 : Suspicious NOP-flood MBR Code! Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152625 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  11. DanFenton
    Hi, Just recently my computer has started playing ads in the background even when no programs are running. Nothing untoward seems to be listed in msconfig... Computer hasn't been used much, just my daughter on facebook... I have MBAM Pro and Total Defence, but these didn't stop infection. Below is dds.txt . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Daniel at 23:54:52 on 2012-06-30 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3327.1398 [GMT 10:00] . AV: Total Defense Anti-Virus Plus *Disabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA} SP: Total Defense Anti-Virus Plus *Disabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Total Defense Personal Firewall *Enabled* {6F8E4568-E0DA-DA91-5F44-FD1E1B727591} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\FOXTEL\Download Player\Download Control\DCBin\DCService.exe C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\PnkBstrA.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchIndexer.exe C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Citrix\ICA Client\wfcrun32.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ASUS\ASUS Sync\asusUPCTLoader.exe C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Philips\GoGear Mix Device Manager\main.exe C:\Program Files\ASUS\PC Probe II\Probe2.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\ASUS\AASP\1.00.80\aaCenter.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe "C:\Windows\system32\svchost.exe" "C:\Windows\system32\svchost.exe" C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe C:\Program Files\CA\CA Internet Security Suite\casc.exe C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Total Defense Anti-Phishing Toolbar Helper: {45011cf5-e4a9-4f13-9093-f30a784eb9b2} - c:\program files\ca\ca internet security suite\anti-phishing\toolbar\caIEToolbar.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Total Defense Anti-Phishing Toolbar: {0123b506-0ad9-43aa-b0cf-916c122ad4c5} - c:\program files\ca\ca internet security suite\anti-phishing\toolbar\caIEToolbar.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [ASUS SmartDoctor] c:\program files\asus\smartdoctor\SmartDoctor.exe /start uRun: [Google Update] "c:\users\daniel\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [six Engine] "c:\program files\asus\epu-4 engine\FourEngine.exe" -r mRun: [Ai Nap] "c:\program files\asus\ai suite\ainap\AiNap.exe" mRun: [QFan Help] "c:\program files\asus\ai suite\qfan3\QFanHelp.exe" mRun: [Cpu Level Up help] c:\program files\asus\ai suite\CpuLevelUpHelp.exe mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe" mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [ASUS Sync Loader] "c:\program files\asus\asus sync\asusUPCTLoader.exe" -startup mRun: [ASUSWebStorage] c:\program files\asus\asus webstorage\3.0.130.270\AsusWSPanel.exe /S mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex StartupFolder: c:\users\daniel\appdata\roaming\micros~1\windows\startm~1\programs\startup\pcprob~1.lnk - c:\program files\asus\pc probe ii\Probe2.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\philip~1.lnk - c:\program files\philips\gogear mix device manager\main.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll LSP: c:\windows\system32\VetRedir.dll Trusted Zone: jr.com.au\remote Trusted Zone: qld.gov.au\citrixgw.treasury DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{EEB1A7FF-ED13-4DEE-BBCB-930960899A17} : DhcpNameServer = 192.168.1.1 Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll AppInit_DLLs: UmxSbxExw.dll . ============= SERVICES / DRIVERS =============== . R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2011-10-27 170064] R0 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2011-9-6 107088] R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-10-5 65584] R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2011-10-26 83536] R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2011-9-6 63056] R1 KmxFilter;HIPS Core Filter Driver;c:\windows\system32\drivers\KmxFilter.sys [2011-9-6 66128] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928] R2 CAAMSvc;CAAMSvc;c:\program files\ca\ca internet security suite\ca anti-virus plus\CAAMSvc.exe [2011-11-10 210248] R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus plus\isafe.exe [2011-11-10 224304] R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2012-3-2 207920] R2 Foxtel;Foxtel Download Manager;c:\program files\foxtel\download player\download control\dcbin\DCService.exe [2009-9-24 70144] R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2011-9-6 152656] R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2011-9-6 81488] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-30 654408] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-11-10 2253120] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-10-15 381248] R2 UmxEngine;TM Engine;c:\program files\ca\sharedcomponents\tmengine\UmxEngine.exe [2011-4-4 662096] R3 AVerBDA6x;AVerBDA6x service;c:\windows\system32\drivers\AVerBDA716x.sys [2009-6-5 1151104] R3 AVerIR;AVerMedia Infrared Receiver;c:\windows\system32\drivers\AVerIR.sys [2011-1-24 87552] R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2011-9-6 331344] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-18 40720] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-18 10384] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-30 22344] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 14132;14132;c:\windows\system32\drivers\14132 [2011-11-10 9072] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-10 257224] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-24 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352] S3 RDID1104;ME-25;c:\windows\system32\drivers\Rdwm1104.sys [2011-11-3 144640] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-4-14 15872] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-14 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-24 1343400] S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 268512] S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-1-2 25704] S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-1-2 25704] S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-1-2 25704] S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2012-1-2 25704] S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2012-1-2 25704] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2012-06-30 09:58:20 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-30 09:58:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-28 20:58:53 -------- d-----w- c:\users\daniel\appdata\local\Qurb4 2012-06-28 12:47:42 1424432 ----a-w- c:\windows\system32\cfgmig32.dll 2012-06-28 12:47:31 97328 ----a-w- c:\windows\system32\Vetredir.dll 2012-06-28 12:47:30 130096 ----a-w- c:\windows\system32\Isafeif.dll 2012-06-28 12:45:28 98320 ----a-w- c:\windows\system32\winsfinst.exe 2012-06-28 12:45:28 4108304 ----a-w- c:\windows\system32\win32cpr.dll 2012-06-28 12:45:28 3207184 ----a-w- c:\windows\system32\mdmcls32.exe 2012-06-28 12:45:28 2990096 ----a-w- c:\windows\system32\winsflte.dll 2012-06-28 12:45:28 2760720 ----a-w- c:\windows\system32\svcprs32.exe 2012-06-28 12:45:28 1744912 ----a-w- c:\windows\system32\winsflt.dll 2012-06-28 12:44:54 -------- d-----w- c:\windows\rnapxs 2012-06-28 12:44:54 -------- d-----w- c:\program files\common files\Scanner 2012-06-28 12:44:53 7440 ----a-w- c:\windows\system32\sporder.dll 2012-06-28 12:44:39 -------- d-----w- c:\program files\ISSThirdParty 2012-06-21 04:49:35 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 04:49:21 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 04:49:13 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-21 04:49:13 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-20 10:56:00 -------- d-----w- c:\users\daniel\appdata\roaming\print@camerahouse 2012-06-20 10:55:56 -------- d-----w- c:\programdata\print@camerahouse 2012-06-20 10:55:54 -------- d-----w- c:\program files\print@camerahouse 2012-06-14 02:35:31 2343936 ----a-w- c:\windows\system32\win32k.sys 2012-06-14 02:35:30 2342400 ----a-w- c:\windows\system32\msi.dll 2012-06-14 02:35:29 919040 ----a-w- c:\windows\system32\rdpcorets.dll 2012-06-14 02:35:29 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-14 02:35:28 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-14 02:35:28 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-14 02:35:28 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-14 02:35:24 164352 ----a-w- c:\windows\system32\profsvc.dll 2012-06-14 02:35:20 1158656 ----a-w- c:\windows\system32\crypt32.dll 2012-06-14 02:35:19 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-14 02:35:19 103936 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-10 00:21:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2012-06-10 00:21:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2012-06-10 00:21:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2012-06-10 00:21:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2012-06-10 00:21:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2012-06-10 00:21:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2012-06-10 00:21:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll . ==================== Find3M ==================== . 2012-06-14 09:32:25 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-14 09:32:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-04-18 10:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-04-18 10:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7601 . CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process. device: opened successfully user: error reading MBR . Disk trace: called modules: ntkrnlpa.exe >>UNKNOWN [0x875C6A2E]<< _asm { MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; PUSH EBX; MOV EBX, [EBP+0xc]; MOV EAX, [EBX+0x60]; PUSH ESI; MOV ESI, [EBP+0x8]; CMP ESI, [0x875c9180]; JZ 0x25; PUSH EBX; PUSH ESI; CALL [0x875c9178]; } 1 ntkrnlpa!IofCallDriver[0x82E3C55A] -> \Device\Harddisk0\DR0[0x86E4F030] \Driver\Disk[0x86E4EC40] -> IRP_MJ_READ -> 0x875C6A2E kernel: MBR read successfully _asm { XOR EAX, EAX; MOV DS, AX; NOP ; MOV ES, AX; NOP ; MOV SS, AX; MOV SP, 0x7c00; CLD ; MOV SI, 0x7c00; MOV DI, 0x600; NOP ; MOV CX, 0x80; NOP ; REP MOVSD ; NOP ; JMP FAR 0x0:0x624; } user != kernel MBR !!! Warning: possible TDL4 rootkit infection ! TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix. . ============= FINISH: 23:56:30.43 =============== and Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume2 Install Date: 24/04/2010 2:41:43 PM System Uptime: 30/06/2012 1:44:08 PM (10 hours ago) . Motherboard: ASUSTeK Computer INC. | | P5QL PRO Processor: Intel® Core2 Duo CPU E8400 @ 3.00GHz | LGA775 | 3003/333mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 466 GiB total, 335.103 GiB free. D: is FIXED (NTFS) - 149 GiB total, 62.874 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Photosmart D7400 series Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Photosmart D7400 series PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . ==== System Restore Points =================== . RP284: 29/05/2012 8:18:24 PM - Installed Splashtop Streamer RP285: 29/05/2012 8:20:46 PM - Removed Splashtop Streamer RP286: 5/06/2012 1:48:56 AM - Windows Update RP287: 12/06/2012 9:46:27 PM - Scheduled Checkpoint RP288: 15/06/2012 3:00:23 AM - Windows Update RP289: 21/06/2012 2:48:42 PM - Windows Update RP290: 28/06/2012 10:00:41 PM - Scheduled Checkpoint RP292: 28/06/2012 10:45:00 PM - Installed CA Parental Controls RP293: 28/06/2012 10:46:03 PM - Device Driver Package Install: CA Network Service . ==== Installed Programs ====================== . . Update for Microsoft Office 2007 (KB2508958) 32 Bit HP CIO Components Installer Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.3) Adobe Shockwave Player 11.5 AI Suite Anti-Phishing Anti-Spam Anti-Virus Plus APH placeholder Apple Application Support Apple Mobile Device Support Apple Software Update ASUS Android USB Drivers ASUS RT-N15 Wireless Router Utilities ASUS Smart Doctor ASUS Sync ASUS Utilities ASUS WebStorage ASUSUpdate Atheros Ethernet Utility AVerMedia A188 PCIe TV Tuner 1.3.0.76 AVerMedia MCE Encoder x86 3.0.1.6 AVerMedia Media Center Plug-ins 2.0.8.0 Backup and Migration Bonjour BufferChm CDDRV_Installer Citrix online plug-in - web Citrix online plug-in (DV) Citrix online plug-in (HDX) Citrix online plug-in (USB) Citrix online plug-in (Web) D3DX10 D7400 D7400_Help DeviceDiscovery DNAMigrator DVD Shrink 3.2 e-tax 2010 e-tax 2011 EA Download Manager EA Download Manager UI EPU-4 Engine erLT Express Gate Foxtel Download Manager 4.1.500.11 FOXTEL Download Player GoGear Mix Device Manager Google Chrome GPBaseService2 Guitar Pro 6 HIPS HP Customer Participation Program 13.0 HP Imaging Device Functions 13.0 HP Photosmart Essential 3.5 HP Photosmart Printer Driver Software 13.0 Rel. 2 HP Smart Web Printing 4.51 HP Solution Center 13.0 HPPhotoGadget HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential HPProductAssistant iTunes Junk Mail filter update KhalInstallWrapper Logitech SetPoint Malwarebytes Anti-Malware version 1.61.0.1400 MarketResearch ME-25 Driver ME-25 Librarian Mesh Runtime Messenger Companion MetaFrame Presentation Server Web Client for Win32 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft IntelliPoint 8.1 Microsoft IntelliType Pro 8.1 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Live Add-in 1.5 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB973685) Need for Speed™ Undercover NetComm Powerline Adapters Network NVIDIA 3D Vision Controller Driver 285.62 NVIDIA 3D Vision Driver 285.62 NVIDIA Control Panel 285.62 NVIDIA Graphics Driver 285.62 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.11.0621 NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.5.20 NVIDIA Update Components OGA Notifier 2.0.0048.0 Parental Controls PC Probe II Personal Firewall PlayReady PC Runtime x86 Power Tab Editor 1.7 print@camerahouse PS_SF_02_ProductContext PS_SF_02_Software PS_SF_02_Software_Min QuickTime Realtek High Definition Audio Driver RollerCoaster Tycoon 3 Platinum Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition SimCity 4 SmartWebPrinting SolutionCenter Status Toolbox Total Defense Internet Security Suite TrayApp Ulead Burn.Now 4.5 Ulead Burn.Now 4.5 SE UnloadSupport Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Warcraft III WebReg Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Mobile Device Updater Component Windows Phone Intro Video (ENU) Zune Zune Language Pack (CHS) Zune Language Pack (CHT) Zune Language Pack (CSY) Zune Language Pack (DAN) Zune Language Pack (DEU) Zune Language Pack (ELL) Zune Language Pack (ESP) Zune Language Pack (FIN) Zune Language Pack (FRA) Zune Language Pack (HUN) Zune Language Pack (IND) Zune Language Pack (ITA) Zune Language Pack (JPN) Zune Language Pack (KOR) Zune Language Pack (MSL) Zune Language Pack (NLD) Zune Language Pack (NOR) Zune Language Pack (PLK) Zune Language Pack (PTB) Zune Language Pack (PTG) Zune Language Pack (RUS) Zune Language Pack (SVE) . ==== Event Viewer Messages From Past Week ======== . 29/06/2012 5:34:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000006 (0x00000000, 0x00000000, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 062912-20997-01. 29/06/2012 1:52:12 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000006 (0x00000000, 0x00000000, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 062912-22479-01. 28/06/2012 10:47:40 PM, Error: Service Control Manager [7030] - The CAISafe service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 28/06/2012 10:44:35 PM, Error: Service Control Manager [7030] - The CA Common Scheduler Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. . ==== End Of File =========================== Help is much appreciated. Cheers Dan
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.