Jump to content

madara

Honorary Members
  • Posts

    36
  • Joined

  • Last visited

Reputation

0 Neutral
  1. If I transfer files to USBs/External harddrives, will I have a chance of transferring the virus to another PC? If there is a risk I'd prefer to lose the files than the other PC. Also, in your personal opinion, which AV protection do you prefer? I'm not sure if we should stick with TrendMicro or change back to Norton
  2. The manufacturer is Hewlett-Packard. Here is the log. ListParts by Farbar Version: 23-06-2012 Ran by Patrick Fong (administrator) on 01-07-2012 at 02:14:57 Windows Vista (X86) Running From: C:\Users\Patrick Fong\Desktop Language: 0409 ************************************************************ ========================= Memory info ====================== Percentage of memory in use: 60% Total physical RAM: 2046.57 MB Available physical RAM: 802.93 MB Total Pagefile: 4332.16 MB Available Pagefile: 2870.92 MB Total Virtual: 2047.88 MB Available Virtual: 1964.57 MB ======================= Partitions ========================= 1 Drive c: (HP) (Fixed) (Total:289.41 GB) (Free:74.19 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (Recovery) (Fixed) (Total:8.68 GB) (Free:1.01 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Disk 1 No Media 0 B 0 B Disk 2 No Media 0 B 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 289 GB 32 KB Partition 2 Primary 9 GB 289 GB ====================================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C HP NTFS Partition 289 GB Healthy System (partition with boot components) ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D Recovery NTFS Partition 9 GB Healthy ====================================================================================================== Windows Boot Manager -------------------- identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795} device partition=C: description Windows Boot Manager locale en-US inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e} default {b646ad0b-2031-11dc-83db-001bfc5eda91} resumeobject {b646ad0c-2031-11dc-83db-001bfc5eda91} displayorder {b646ad0b-2031-11dc-83db-001bfc5eda91} toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d} timeout 30 resume No Windows Boot Loader ------------------- identifier {572bcd55-ffa7-11d9-aae2-0007e994107d} device ramdisk=[D:]\sources\boot.wim,{ae5534e0-a924-466c-b836-758539a3ee3a} path \windows\system32\boot\winload.exe description HP Recovery Manager osdevice ramdisk=[D:]\sources\boot.wim,{ae5534e0-a924-466c-b836-758539a3ee3a} systemroot \windows nx OptIn detecthal Yes winpe Yes Windows Boot Loader ------------------- identifier {b646ad0b-2031-11dc-83db-001bfc5eda91} device partition=C: path \Windows\system32\winload.exe description Microsoft Windows Vista locale en-US inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7} recoverysequence {572bcd55-ffa7-11d9-aae2-0007e994107d} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {b646ad0c-2031-11dc-83db-001bfc5eda91} nx OptIn Resume from Hibernate --------------------- identifier {b646ad0c-2031-11dc-83db-001bfc5eda91} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale en-US inherit {1afa9c49-16ab-4a5c-901b-212802da9460} filedevice partition=C: filepath \hiberfil.sys pae Yes debugoptionenabled No Windows Memory Tester --------------------- identifier {b2721d73-1db4-4c62-bf78-c548a880142d} device partition=C: path \boot\memtest.exe description Windows Memory Diagnostic locale en-US inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e} badmemoryaccess Yes Windows Legacy OS Loader ------------------------ identifier {466f5a88-0af2-4f76-9038-095b170dc21c} device partition=C: path \ntldr description Earlier Version of Windows EMS Settings ------------ identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9} bootems Yes Debugger Settings ----------------- identifier {4636856e-540f-4170-a130-a84776f4c654} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2} Global Settings --------------- identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e} inherit {4636856e-540f-4170-a130-a84776f4c654} {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9} {5189b25c-5558-4bf2-bca4-289b11bd29e2} Boot Loader Settings -------------------- identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7} inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e} Resume Loader Settings ---------------------- identifier {1afa9c49-16ab-4a5c-901b-212802da9460} inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e} Device options -------------- identifier {ad6c7bc8-fa0f-11da-8ddf-0013200354d8} description Ramdisk Device Options ramdisksdidevice partition=D: ramdisksdipath \boot\boot.sdi Setup Ramdisk Options --------------------- identifier {ae5534e0-a924-466c-b836-758539a3ee3a} description RAM Disk Settings ramdisksdidevice partition=D: ramdisksdipath \boot\boot.sdi ****** End Of Log ******
  3. Nope, I'm still going with the clean install. I was just surprised when I turned the computer on today.
  4. PS. When I turned the computer on to check the "created date" for Trend, I noticed that Windows Command Processor didn't pop up and we started the computer in normal mode.
  5. 1a) The computer belongs to me. 1b) Vista came pre-installed on our computer. 2a) We chose to install it, in early-mid June after our Norton 360 subscription ran out. 2b) June 11, 2012 2c) Norton 360. No, Norton expired for ~3 days before TrendMicro was activated. Yes I uninstalled Norton before installing Trend. 3) Yes, we've only had Norton installed on this computer. 4) A Norton free-trial came pre-installed. 5) Yes, only the ~3 days between Norton expiring and Trend being activated in June, 2012. 6) No, I don't think so. I will have a look around but I don't remember ever seeing one. 7) We only ever backed up to a HP SimpleSave external hard drive. That was also a long time ago. We haven't used this computer for important things as much recently as we have two new computers for our work-related stuff. We've decided to follow your advice and do a full reformat. If I can't find a disc with the Vista operating system, is there any other way to get it back? Or will I have to go and buy the disc? Also, in the past we did use this computer for internet banking, university sites, emails and entered other personal information. How far back can this virus go in terms of gathering personal information? I will still be changing all my passwords and alerting my bank. Can you help us through the reformatting process, please? Thank you for all your help. Pat
  6. Also ran ESET online scanner in safe mode with networking. Here is the log. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=9fe70c67ed45ca4ea6b5006bb84e666c # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-06-30 03:11:32 # local_time=2012-06-30 01:11:32 (+1000, AUS Eastern Standard Time) # country="Australia" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 1608473 1608473 0 0 # compatibility_mode=5892 16776574 100 100 1652098 178551185 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=211431 # found=6 # cleaned=6 # scan_time=3961 C:\Qoobox\Quarantine\C\Users\Patrick Fong\AppData\Local\lvpnwwpd\tchahayq.exe.vir a variant of Win32/Kryptik.AHES trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Patrick Fong\AppData\Local\lvpnwwpd\tchahayq.exe a variant of Win32/Kryptik.AHES trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Patrick Fong\AppData\Local\temp\lhfujcbahkhdwheq.exe a variant of Win32/Kryptik.AHES trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Patrick Fong\Desktop\Programs\Startup\tchahayq.exe a variant of Win32/Kryptik.AHES trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Patrick Fong\Desktop\RK_Quarantine\lhfujcbahkhdwheq.exe.vir a variant of Win32/Kryptik.AHES trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Patrick Fong\Desktop\RK_Quarantine\tchahayq.exe.vir a variant of Win32/Kryptik.AHES trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  7. MBAM ran in safe mode with networking. Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.29.12 Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 Patrick Fong :: PATRICKFONG-PC [administrator] Protection: Disabled 30/06/2012 10:46:25 AM mbam-log-2012-06-30 (10-46-25).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 420748 Time elapsed: 1 hour(s), 1 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  8. Bad news, I still can't run MBAM in normal mode so I'm currently running the scan in safe mode with networking. The same goes for the ESET Online Scanner; I can't access the website in normal mode of the infected computer. I will try ESET in safe mode once MBAM is finished. Also, when I turned my computer on this morning (in normal mode), the Windows Command Processor popup appeared again.
  9. Oh, I see why you say my previous post is hard to read. Sorry about that. I hope this is better.
  10. 22:08:26.0548 10552 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44 22:08:26.0594 10552 ============================================================ 22:08:26.0594 10552 Current date / time: 2012/06/29 22:08:26.0594 22:08:26.0594 10552 SystemInfo: 22:08:26.0594 10552 22:08:26.0594 10552 OS Version: 6.0.6002 ServicePack: 2.0 22:08:26.0594 10552 Product type: Workstation 22:08:26.0594 10552 ComputerName: PATRICKFONG-PC 22:08:26.0594 10552 UserName: Patrick Fong 22:08:26.0594 10552 Windows directory: C:\Windows 22:08:26.0594 10552 System windows directory: C:\Windows 22:08:26.0594 10552 Processor architecture: Intel x86 22:08:26.0594 10552 Number of processors: 2 22:08:26.0594 10552 Page size: 0x1000 22:08:26.0594 10552 Boot type: Normal boot 22:08:26.0594 10552 ============================================================ 22:08:27.0062 10552 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 22:08:27.0094 10552 Drive \Device\Harddisk5\DR5 - Size: 0x3E300000 (0.97 Gb), SectorSize: 0x200, Cylinders: 0x7E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 22:08:27.0094 10552 ============================================================ 22:08:27.0094 10552 \Device\Harddisk0\DR0: 22:08:27.0094 10552 MBR partitions: 22:08:27.0094 10552 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x242D1A55 22:08:27.0094 10552 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x242D1A94, BlocksNum 0x115BC2D 22:08:27.0094 10552 \Device\Harddisk5\DR5: 22:08:27.0094 10552 MBR partitions: 22:08:27.0094 10552 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1F17DF 22:08:27.0094 10552 ============================================================ 22:08:27.0125 10552 C: <-> \Device\Harddisk0\DR0\Partition0 22:08:27.0172 10552 D: <-> \Device\Harddisk0\DR0\Partition1 22:08:27.0172 10552 ============================================================ 22:08:27.0172 10552 Initialize success 22:08:27.0172 10552 ============================================================ 22:08:38.0965 10064 ============================================================ 22:08:38.0965 10064 Scan started 22:08:38.0965 10064 Mode: Manual; 22:08:38.0965 10064 ============================================================ 22:08:40.0120 10064 3xHybrid (3948303f88d035ff1c84aac07a17b9a9) C:\Windows\system32\DRIVERS\3xHybrid.sys 22:08:40.0198 10064 3xHybrid - ok 22:08:40.0260 10064 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 22:08:40.0276 10064 ACPI - ok 22:08:40.0338 10064 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 22:08:40.0354 10064 adp94xx - ok 22:08:40.0400 10064 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 22:08:40.0416 10064 adpahci - ok 22:08:40.0432 10064 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 22:08:40.0447 10064 adpu160m - ok 22:08:40.0478 10064 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 22:08:40.0478 10064 adpu320 - ok 22:08:40.0525 10064 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll 22:08:40.0525 10064 AeLookupSvc - ok 22:08:40.0603 10064 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 22:08:40.0619 10064 AFD - ok 22:08:40.0666 10064 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 22:08:40.0666 10064 agp440 - ok 22:08:40.0712 10064 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 22:08:40.0728 10064 aic78xx - ok 22:08:40.0837 10064 AlertService (c86d177967d27c80e466d4ed95c26db9) C:\Program Files\Intel\IntelDH\CCU\AlertService.exe 22:08:40.0837 10064 AlertService - ok 22:08:40.0853 10064 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe 22:08:40.0853 10064 ALG - ok 22:08:40.0868 10064 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 22:08:40.0868 10064 aliide - ok 22:08:40.0915 10064 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 22:08:40.0915 10064 amdagp - ok 22:08:40.0931 10064 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 22:08:40.0946 10064 amdide - ok 22:08:40.0978 10064 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 22:08:40.0978 10064 AmdK7 - ok 22:08:41.0009 10064 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 22:08:41.0009 10064 AmdK8 - ok 22:08:41.0165 10064 Amsp (feb0b5022c012a4a68dabcb711faff03) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe 22:08:41.0165 10064 Amsp - ok 22:08:41.0212 10064 anodlwf (48e008cf2edcf8fc91a9d3507865a51d) C:\Windows\system32\DRIVERS\anodlwf.sys 22:08:41.0212 10064 anodlwf - ok 22:08:41.0274 10064 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll 22:08:41.0274 10064 Appinfo - ok 22:08:41.0383 10064 Apple Mobile Device (5aa788d5a2c6737bb9c45933985bc1b8) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 22:08:41.0383 10064 Apple Mobile Device - ok 22:08:41.0446 10064 AppMgmt (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll 22:08:41.0446 10064 AppMgmt - ok 22:08:41.0492 10064 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 22:08:41.0492 10064 arc - ok 22:08:41.0539 10064 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 22:08:41.0539 10064 arcsas - ok 22:08:41.0602 10064 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 22:08:41.0602 10064 AsyncMac - ok 22:08:41.0633 10064 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 22:08:41.0633 10064 atapi - ok 22:08:41.0742 10064 athur (f1fc2fd87ff77f63cd7f8bf95940b40c) C:\Windows\system32\DRIVERS\athur.sys 22:08:41.0758 10064 athur - ok 22:08:41.0898 10064 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 22:08:41.0898 10064 AudioEndpointBuilder - ok 22:08:41.0914 10064 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 22:08:41.0914 10064 Audiosrv - ok 22:08:42.0054 10064 BackupService (68b86dd9d455a6a8de6d13c84fb5ce31) C:\Users\Patrick Fong\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe 22:08:42.0054 10064 BackupService - ok 22:08:42.0132 10064 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 22:08:42.0132 10064 Beep - ok 22:08:42.0210 10064 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll 22:08:42.0226 10064 BFE - ok 22:08:42.0288 10064 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll 22:08:42.0304 10064 BITS - ok 22:08:42.0304 10064 blbdrive - ok 22:08:42.0397 10064 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe 22:08:42.0397 10064 Bonjour Service - ok 22:08:42.0428 10064 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 22:08:42.0428 10064 bowser - ok 22:08:42.0475 10064 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 22:08:42.0475 10064 BrFiltLo - ok 22:08:42.0491 10064 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 22:08:42.0506 10064 BrFiltUp - ok 22:08:42.0538 10064 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll 22:08:42.0538 10064 Browser - ok 22:08:42.0584 10064 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 22:08:42.0584 10064 Brserid - ok 22:08:42.0647 10064 BrSerIf (56f59a4011f503149ae4de826982ca4f) C:\Windows\system32\Drivers\BrSerIf.sys 22:08:42.0647 10064 BrSerIf - ok 22:08:42.0662 10064 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 22:08:42.0662 10064 BrSerWdm - ok 22:08:42.0678 10064 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 22:08:42.0678 10064 BrUsbMdm - ok 22:08:42.0694 10064 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\Windows\system32\Drivers\BrUsbSer.sys 22:08:42.0694 10064 BrUsbSer - ok 22:08:42.0725 10064 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 22:08:42.0725 10064 BTHMODEM - ok 22:08:42.0803 10064 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS 22:08:42.0803 10064 BVRPMPR5 - ok 22:08:42.0912 10064 catchme - ok 22:08:42.0974 10064 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 22:08:42.0974 10064 cdfs - ok 22:08:43.0021 10064 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 22:08:43.0021 10064 cdrom - ok 22:08:43.0084 10064 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 22:08:43.0084 10064 CertPropSvc - ok 22:08:43.0130 10064 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys 22:08:43.0130 10064 circlass - ok 22:08:43.0177 10064 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 22:08:43.0193 10064 CLFS - ok 22:08:43.0240 10064 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:08:43.0240 10064 clr_optimization_v2.0.50727_32 - ok 22:08:43.0318 10064 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 22:08:43.0318 10064 clr_optimization_v4.0.30319_32 - ok 22:08:43.0349 10064 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 22:08:43.0349 10064 cmdide - ok 22:08:43.0364 10064 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys 22:08:43.0364 10064 Compbatt - ok 22:08:43.0364 10064 COMSysApp - ok 22:08:43.0380 10064 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 22:08:43.0396 10064 crcdisk - ok 22:08:43.0396 10064 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 22:08:43.0396 10064 Crusoe - ok 22:08:43.0458 10064 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll 22:08:43.0458 10064 CryptSvc - ok 22:08:43.0536 10064 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys 22:08:43.0552 10064 CSC - ok 22:08:43.0630 10064 CscService (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll 22:08:43.0630 10064 CscService - ok 22:08:43.0708 10064 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 22:08:43.0708 10064 DcomLaunch - ok 22:08:43.0754 10064 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 22:08:43.0754 10064 DfsC - ok 22:08:43.0864 10064 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe 22:08:43.0942 10064 DFSR - ok 22:08:44.0082 10064 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll 22:08:44.0098 10064 Dhcp - ok 22:08:44.0160 10064 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 22:08:44.0160 10064 disk - ok 22:08:44.0207 10064 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll 22:08:44.0222 10064 Dnscache - ok 22:08:44.0269 10064 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll 22:08:44.0285 10064 dot3svc - ok 22:08:44.0316 10064 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll 22:08:44.0332 10064 DPS - ok 22:08:44.0378 10064 DQLWinService (a0b584c33f55545d56f9e71fb4e203ac) C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe 22:08:44.0378 10064 DQLWinService - ok 22:08:44.0425 10064 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 22:08:44.0425 10064 drmkaud - ok 22:08:44.0472 10064 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 22:08:44.0488 10064 DXGKrnl - ok 22:08:44.0566 10064 D_Link_DWA-125 (f195fbc375342bd25c936982245a8fb0) C:\Program Files\D-Link\DWA-125 revA\ANIWZCSdS.exe 22:08:44.0566 10064 D_Link_DWA-125 - ok 22:08:44.0597 10064 D_Link_DWA-125_WPS (c062a2b158ed9c643d24f8e33a607c9f) C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe 22:08:44.0597 10064 D_Link_DWA-125_WPS - ok 22:08:44.0659 10064 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys 22:08:44.0675 10064 e1express - ok 22:08:44.0737 10064 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 22:08:44.0753 10064 E1G60 - ok 22:08:44.0768 10064 EagleNT - ok 22:08:44.0815 10064 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll 22:08:44.0815 10064 EapHost - ok 22:08:44.0878 10064 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 22:08:44.0893 10064 Ecache - ok 22:08:44.0956 10064 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe 22:08:44.0971 10064 ehRecvr - ok 22:08:44.0987 10064 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe 22:08:45.0002 10064 ehSched - ok 22:08:45.0002 10064 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll 22:08:45.0002 10064 ehstart - ok 22:08:45.0049 10064 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 22:08:45.0065 10064 elxstor - ok 22:08:45.0127 10064 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll 22:08:45.0143 10064 EMDMgmt - ok 22:08:45.0205 10064 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll 22:08:45.0205 10064 EventSystem - ok 22:08:45.0252 10064 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 22:08:45.0268 10064 exfat - ok 22:08:45.0299 10064 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 22:08:45.0299 10064 fastfat - ok 22:08:45.0346 10064 Fax (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe 22:08:45.0361 10064 Fax - ok 22:08:45.0392 10064 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 22:08:45.0392 10064 fdc - ok 22:08:45.0408 10064 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll 22:08:45.0408 10064 fdPHost - ok 22:08:45.0439 10064 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll 22:08:45.0439 10064 FDResPub - ok 22:08:45.0470 10064 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 22:08:45.0470 10064 FileInfo - ok 22:08:45.0502 10064 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 22:08:45.0502 10064 Filetrace - ok 22:08:45.0533 10064 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 22:08:45.0533 10064 flpydisk - ok 22:08:45.0564 10064 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 22:08:45.0564 10064 FltMgr - ok 22:08:45.0658 10064 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll 22:08:45.0689 10064 FontCache - ok 22:08:45.0736 10064 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 22:08:45.0751 10064 FontCache3.0.0.0 - ok 22:08:45.0767 10064 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys 22:08:45.0767 10064 Fs_Rec - ok 22:08:45.0798 10064 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys 22:08:45.0814 10064 fvevol - ok 22:08:45.0845 10064 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 22:08:45.0845 10064 gagp30kx - ok 22:08:45.0907 10064 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys 22:08:45.0907 10064 GEARAspiWDM - ok 22:08:45.0938 10064 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll 22:08:45.0954 10064 gpsvc - ok 22:08:46.0032 10064 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys 22:08:46.0048 10064 HdAudAddService - ok 22:08:46.0110 10064 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 22:08:46.0126 10064 HDAudBus - ok 22:08:46.0141 10064 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 22:08:46.0141 10064 HidBth - ok 22:08:46.0172 10064 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys 22:08:46.0172 10064 HidIr - ok 22:08:46.0188 10064 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll 22:08:46.0204 10064 hidserv - ok 22:08:46.0219 10064 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 22:08:46.0219 10064 HidUsb - ok 22:08:46.0250 10064 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll 22:08:46.0250 10064 hkmsvc - ok 22:08:46.0282 10064 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 22:08:46.0282 10064 HpCISSs - ok 22:08:46.0313 10064 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 22:08:46.0344 10064 HTTP - ok 22:08:46.0360 10064 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 22:08:46.0375 10064 i2omp - ok 22:08:46.0438 10064 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 22:08:46.0438 10064 i8042prt - ok 22:08:46.0469 10064 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys 22:08:46.0469 10064 iaStor - ok 22:08:46.0500 10064 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 22:08:46.0516 10064 iaStorV - ok 22:08:46.0609 10064 IDriverT (6f95324909b502e2651442c1548ab12f) c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 22:08:46.0609 10064 IDriverT - ok 22:08:46.0703 10064 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 22:08:46.0718 10064 idsvc - ok 22:08:46.0812 10064 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 22:08:46.0812 10064 iirsp - ok 22:08:46.0874 10064 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll 22:08:46.0890 10064 IKEEXT - ok 22:08:47.0030 10064 IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:\Windows\system32\drivers\RTKVHDA.sys 22:08:47.0093 10064 IntcAzAudAddService - ok 22:08:47.0233 10064 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\DRIVERS\intelide.sys 22:08:47.0233 10064 intelide - ok 22:08:47.0280 10064 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 22:08:47.0280 10064 intelppm - ok 22:08:47.0311 10064 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll 22:08:47.0311 10064 IPBusEnum - ok 22:08:47.0342 10064 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:08:47.0342 10064 IpFilterDriver - ok 22:08:47.0374 10064 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll 22:08:47.0389 10064 iphlpsvc - ok 22:08:47.0389 10064 IpInIp - ok 22:08:47.0420 10064 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 22:08:47.0420 10064 IPMIDRV - ok 22:08:47.0452 10064 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 22:08:47.0452 10064 IPNAT - ok 22:08:47.0483 10064 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 22:08:47.0483 10064 IRENUM - ok 22:08:47.0498 10064 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 22:08:47.0498 10064 isapnp - ok 22:08:47.0530 10064 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 22:08:47.0545 10064 iScsiPrt - ok 22:08:47.0639 10064 ISSM (e29ba28f76c5a703e7f30f74cf36df22) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe 22:08:47.0639 10064 ISSM - ok 22:08:47.0654 10064 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 22:08:47.0670 10064 iteatapi - ok 22:08:47.0717 10064 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 22:08:47.0717 10064 iteraid - ok 22:08:47.0795 10064 jswpsapi (cf9ba304b8047b9582d72d9bfef42eae) C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe 22:08:47.0810 10064 jswpsapi - ok 22:08:47.0857 10064 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 22:08:47.0857 10064 kbdclass - ok 22:08:47.0873 10064 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 22:08:47.0888 10064 kbdhid - ok 22:08:47.0904 10064 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 22:08:47.0904 10064 KeyIso - ok 22:08:47.0935 10064 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys 22:08:47.0966 10064 KSecDD - ok 22:08:48.0029 10064 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll 22:08:48.0044 10064 KtmRm - ok 22:08:48.0107 10064 L8042Kbd (d88846f9f4f27ae9be584a6e5b6b8753) C:\Windows\system32\DRIVERS\L8042Kbd.sys 22:08:48.0107 10064 L8042Kbd - ok 22:08:48.0122 10064 L8042mou (bea61fda2103f6f51b14eb0872e8a050) C:\Windows\system32\DRIVERS\L8042mou.Sys 22:08:48.0138 10064 L8042mou - ok 22:08:48.0154 10064 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll 22:08:48.0154 10064 LanmanServer - ok 22:08:48.0216 10064 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll 22:08:48.0232 10064 LanmanWorkstation - ok 22:08:48.0341 10064 LightScribeService (793ff718477345cd5d232c50bed1e452) c:\Program Files\Common Files\LightScribe\LSSrvc.exe 22:08:48.0341 10064 LightScribeService - ok 22:08:48.0372 10064 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 22:08:48.0372 10064 lltdio - ok 22:08:48.0403 10064 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll 22:08:48.0403 10064 lltdsvc - ok 22:08:48.0434 10064 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll 22:08:48.0434 10064 lmhosts - ok 22:08:48.0466 10064 LMouKE (cab504e38fced9a56d87d838e9ba13e9) C:\Windows\system32\DRIVERS\LMouKE.Sys 22:08:48.0481 10064 LMouKE - ok 22:08:48.0512 10064 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 22:08:48.0512 10064 LSI_FC - ok 22:08:48.0528 10064 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 22:08:48.0528 10064 LSI_SAS - ok 22:08:48.0559 10064 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 22:08:48.0559 10064 LSI_SCSI - ok 22:08:48.0590 10064 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 22:08:48.0606 10064 luafv - ok 22:08:48.0715 10064 LVcKap (fb548ff809634bfa866312b37d8a18ae) C:\Windows\system32\DRIVERS\LVcKap.sys 22:08:48.0762 10064 LVcKap - ok 22:08:48.0856 10064 LVCOMSer (14e4cc4d46169759d874f57604ea6be5) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe 22:08:48.0856 10064 LVCOMSer - ok 22:08:49.0027 10064 LVMVDrv (fe3fb994f8702d9e37648927819b74b8) C:\Windows\system32\DRIVERS\LVMVDrv.sys 22:08:49.0090 10064 LVMVDrv - ok 22:08:49.0168 10064 LVPr2Mon (c7ea51f1ab10b0b2b443f4d5589fc1a5) C:\Windows\system32\DRIVERS\LVPr2Mon.sys 22:08:49.0183 10064 LVPr2Mon - ok 22:08:49.0199 10064 LVPrcSrv (b2d04e813ba12ab179daf0b9fdecba3d) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe 22:08:49.0199 10064 LVPrcSrv - ok 22:08:49.0246 10064 LVSrvLauncher (a7a2ef5000007ca361da1e2b99df8c57) C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe 22:08:49.0261 10064 LVSrvLauncher - ok 22:08:49.0308 10064 LVUSBSta (caef4c05ba2c1acad4ebcaa4261cd55d) C:\Windows\system32\drivers\LVUSBSta.sys 22:08:49.0308 10064 LVUSBSta - ok 22:08:49.0370 10064 M1 Server (7b073fd0133346d0e555353f164057d7) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe 22:08:49.0370 10064 M1 Server - ok 22:08:49.0433 10064 mbamchameleon (5dc35c6ecff38c91db3511c63d0000d9) C:\Windows\system32\drivers\mbamchameleon.sys 22:08:49.0433 10064 mbamchameleon - ok 22:08:49.0464 10064 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys 22:08:49.0464 10064 MBAMProtector - ok 22:08:49.0526 10064 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 22:08:49.0526 10064 MBAMService - ok 22:08:49.0573 10064 MBAMSwissArmy - ok 22:08:49.0604 10064 MCLServiceATL (7bba15ca5a2aa4e50c7cbfb78d11db25) C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe 22:08:49.0604 10064 MCLServiceATL - ok 22:08:49.0636 10064 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll 22:08:49.0636 10064 Mcx2Svc - ok 22:08:49.0682 10064 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 22:08:49.0682 10064 megasas - ok 22:08:49.0698 10064 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 22:08:49.0698 10064 MMCSS - ok 22:08:49.0729 10064 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 22:08:49.0729 10064 Modem - ok 22:08:49.0776 10064 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 22:08:49.0776 10064 monitor - ok 22:08:49.0807 10064 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 22:08:49.0807 10064 mouclass - ok 22:08:49.0838 10064 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 22:08:49.0838 10064 mouhid - ok 22:08:49.0885 10064 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 22:08:49.0885 10064 MountMgr - ok 22:08:49.0948 10064 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 22:08:49.0948 10064 mpio - ok 22:08:49.0979 10064 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 22:08:49.0979 10064 mpsdrv - ok 22:08:50.0026 10064 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll 22:08:50.0026 10064 MpsSvc - ok 22:08:50.0057 10064 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 22:08:50.0057 10064 Mraid35x - ok 22:08:50.0072 10064 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 22:08:50.0088 10064 MRxDAV - ok 22:08:50.0119 10064 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 22:08:50.0119 10064 mrxsmb - ok 22:08:50.0150 10064 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:08:50.0166 10064 mrxsmb10 - ok 22:08:50.0197 10064 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:08:50.0197 10064 mrxsmb20 - ok 22:08:50.0213 10064 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 22:08:50.0213 10064 msahci - ok 22:08:50.0244 10064 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 22:08:50.0244 10064 msdsm - ok 22:08:50.0291 10064 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe 22:08:50.0291 10064 MSDTC - ok 22:08:50.0353 10064 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 22:08:50.0353 10064 Msfs - ok 22:08:50.0384 10064 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 22:08:50.0400 10064 msisadrv - ok 22:08:50.0416 10064 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll 22:08:50.0431 10064 MSiSCSI - ok 22:08:50.0431 10064 msiserver - ok 22:08:50.0462 10064 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 22:08:50.0478 10064 MSKSSRV - ok 22:08:50.0494 10064 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 22:08:50.0494 10064 MSPCLOCK - ok 22:08:50.0509 10064 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 22:08:50.0509 10064 MSPQM - ok 22:08:50.0540 10064 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 22:08:50.0556 10064 MsRPC - ok 22:08:50.0587 10064 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 22:08:50.0587 10064 mssmbios - ok 22:08:50.0603 10064 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 22:08:50.0603 10064 MSTEE - ok 22:08:50.0618 10064 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 22:08:50.0634 10064 Mup - ok 22:08:50.0665 10064 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll 22:08:50.0681 10064 napagent - ok 22:08:50.0743 10064 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 22:08:50.0759 10064 NativeWifiP - ok 22:08:50.0837 10064 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 22:08:50.0837 10064 NDIS - ok 22:08:50.0852 10064 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 22:08:50.0868 10064 NdisTapi - ok 22:08:50.0884 10064 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 22:08:50.0899 10064 Ndisuio - ok 22:08:50.0915 10064 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 22:08:50.0930 10064 NdisWan - ok 22:08:50.0962 10064 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 22:08:50.0962 10064 NDProxy - ok 22:08:50.0962 10064 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 22:08:50.0977 10064 NetBIOS - ok 22:08:50.0993 10064 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 22:08:51.0008 10064 netbt - ok 22:08:51.0040 10064 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 22:08:51.0040 10064 Netlogon - ok 22:08:51.0071 10064 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll 22:08:51.0071 10064 Netman - ok 22:08:51.0118 10064 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll 22:08:51.0118 10064 netprofm - ok 22:08:51.0180 10064 netr28u (575cc69d5aa74b8633f4022adcf58d96) C:\Windows\system32\DRIVERS\Dnetr28u.sys 22:08:51.0180 10064 netr28u - ok 22:08:51.0258 10064 netr73 (2f0bac1fab90244b644a7ae590257e1d) C:\Windows\system32\DRIVERS\netr73.sys 22:08:51.0258 10064 netr73 - ok 22:08:51.0305 10064 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 22:08:51.0320 10064 NetTcpPortSharing - ok 22:08:51.0336 10064 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 22:08:51.0336 10064 nfrd960 - ok 22:08:51.0367 10064 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll 22:08:51.0367 10064 NlaSvc - ok 22:08:51.0398 10064 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 22:08:51.0398 10064 Npfs - ok 22:08:51.0414 10064 npggsvc - ok 22:08:51.0445 10064 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll 22:08:51.0461 10064 nsi - ok 22:08:51.0476 10064 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 22:08:51.0476 10064 nsiproxy - ok 22:08:51.0539 10064 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 22:08:51.0554 10064 Ntfs - ok 22:08:51.0570 10064 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 22:08:51.0570 10064 ntrigdigi - ok 22:08:51.0601 10064 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 22:08:51.0601 10064 Null - ok 22:08:51.0648 10064 NVHDA (b4f70fac4ea61cf150823aa063a39ff9) C:\Windows\system32\drivers\nvhda32v.sys 22:08:51.0664 10064 NVHDA - ok 22:08:52.0022 10064 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys 22:08:52.0085 10064 nvlddmkm - ok 22:08:52.0210 10064 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 22:08:52.0210 10064 nvraid - ok 22:08:52.0241 10064 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 22:08:52.0241 10064 nvstor - ok 22:08:52.0288 10064 nvsvc (4ed813efd77a9b7e57e341cdc1c5cbc4) C:\Windows\system32\nvvsvc.exe 22:08:52.0288 10064 nvsvc - ok 22:08:52.0319 10064 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 22:08:52.0334 10064 nv_agp - ok 22:08:52.0334 10064 NwlnkFlt - ok 22:08:52.0350 10064 NwlnkFwd - ok 22:08:52.0428 10064 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 22:08:52.0459 10064 odserv - ok 22:08:52.0506 10064 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 22:08:52.0506 10064 ohci1394 - ok 22:08:52.0537 10064 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 22:08:52.0537 10064 ose - ok 22:08:52.0615 10064 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 22:08:52.0631 10064 p2pimsvc - ok 22:08:52.0631 10064 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 22:08:52.0646 10064 p2psvc - ok 22:08:52.0678 10064 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 22:08:52.0693 10064 Parport - ok 22:08:52.0724 10064 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys 22:08:52.0724 10064 partmgr - ok 22:08:52.0740 10064 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 22:08:52.0740 10064 Parvdm - ok 22:08:52.0771 10064 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll 22:08:52.0771 10064 PcaSvc - ok 22:08:52.0802 10064 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 22:08:52.0802 10064 pci - ok 22:08:52.0849 10064 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 22:08:52.0849 10064 pciide - ok 22:08:52.0880 10064 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 22:08:52.0896 10064 pcmcia - ok 22:08:52.0958 10064 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys 22:08:52.0958 10064 pcouffin - ok 22:08:53.0021 10064 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 22:08:53.0068 10064 PEAUTH - ok 22:08:53.0099 10064 pepifilter (c5d5ea6a29523e0f6016741e9851c6db) C:\Windows\system32\DRIVERS\lv302af.sys 22:08:53.0099 10064 pepifilter - ok 22:08:53.0192 10064 PID_PEPI (3f96dcd4ac98c8e0d3c03c24fd49a2fe) C:\Windows\system32\DRIVERS\LV302V32.SYS 22:08:53.0224 10064 PID_PEPI - ok 22:08:53.0380 10064 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll 22:08:53.0411 10064 pla - ok 22:08:53.0473 10064 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll 22:08:53.0489 10064 PlugPlay - ok 22:08:53.0536 10064 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 22:08:53.0536 10064 PNRPAutoReg - ok 22:08:53.0551 10064 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 22:08:53.0551 10064 PNRPsvc - ok 22:08:53.0582 10064 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll 22:08:53.0598 10064 PolicyAgent - ok 22:08:53.0645 10064 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 22:08:53.0660 10064 PptpMiniport - ok 22:08:53.0676 10064 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 22:08:53.0676 10064 Processor - ok 22:08:53.0707 10064 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll 22:08:53.0723 10064 ProfSvc - ok 22:08:53.0738 10064 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 22:08:53.0754 10064 ProtectedStorage - ok 22:08:53.0801 10064 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys 22:08:53.0801 10064 Ps2 - ok 22:08:53.0832 10064 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 22:08:53.0832 10064 PSched - ok 22:08:53.0848 10064 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys 22:08:53.0863 10064 PxHelp20 - ok 22:08:54.0097 10064 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 22:08:54.0097 10064 ql2300 - ok 22:08:54.0113 10064 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 22:08:54.0128 10064 ql40xx - ok 22:08:54.0160 10064 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll 22:08:54.0175 10064 QWAVE - ok 22:08:54.0206 10064 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 22:08:54.0206 10064 QWAVEdrv - ok 22:08:54.0238 10064 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 22:08:54.0238 10064 RasAcd - ok 22:08:54.0300 10064 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll 22:08:54.0300 10064 RasAuto - ok 22:08:54.0331 10064 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 22:08:54.0331 10064 Rasl2tp - ok 22:08:54.0378 10064 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll 22:08:54.0378 10064 RasMan - ok 22:08:54.0409 10064 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 22:08:54.0409 10064 RasPppoe - ok 22:08:54.0456 10064 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 22:08:54.0456 10064 RasSstp - ok 22:08:54.0472 10064 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 22:08:54.0472 10064 rdbss - ok 22:08:54.0518 10064 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 22:08:54.0518 10064 RDPCDD - ok 22:08:54.0550 10064 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys 22:08:54.0565 10064 rdpdr - ok 22:08:54.0565 10064 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 22:08:54.0565 10064 RDPENCDD - ok 22:08:54.0612 10064 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys 22:08:54.0628 10064 RDPWD - ok 22:08:54.0768 10064 Remote UI Service (752402f6bd5fa012805813c329f88dd3) C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe 22:08:54.0799 10064 Remote UI Service - ok 22:08:54.0877 10064 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll 22:08:54.0877 10064 RemoteAccess - ok 22:08:54.0955 10064 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll 22:08:54.0955 10064 RemoteRegistry - ok 22:08:55.0033 10064 RoxMediaDB9 (062d1268cfcf569ba5fbcfd1bea88d2a) c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe 22:08:55.0064 10064 RoxMediaDB9 - ok 22:08:55.0096 10064 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe 22:08:55.0096 10064 RpcLocator - ok 22:08:55.0142 10064 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll 22:08:55.0142 10064 RpcSs - ok 22:08:55.0205 10064 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 22:08:55.0205 10064 rspndr - ok 22:08:55.0220 10064 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 22:08:55.0220 10064 SamSs - ok 22:08:55.0252 10064 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 22:08:55.0252 10064 sbp2port - ok 22:08:55.0298 10064 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll 22:08:55.0298 10064 SCardSvr - ok 22:08:55.0361 10064 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll 22:08:55.0376 10064 Schedule - ok 22:08:55.0392 10064 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 22:08:55.0392 10064 SCPolicySvc - ok 22:08:55.0408 10064 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll 22:08:55.0408 10064 SDRSVC - ok 22:08:55.0439 10064 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 22:08:55.0439 10064 secdrv - ok 22:08:55.0470 10064 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll 22:08:55.0470 10064 seclogon - ok 22:08:55.0486 10064 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll 22:08:55.0501 10064 SENS - ok 22:08:55.0517 10064 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 22:08:55.0517 10064 Serenum - ok 22:08:55.0532 10064 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 22:08:55.0548 10064 Serial - ok 22:08:55.0564 10064 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 22:08:55.0564 10064 sermouse - ok 22:08:55.0595 10064 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll 22:08:55.0595 10064 SessionEnv - ok 22:08:55.0610 10064 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 22:08:55.0610 10064 sffdisk - ok 22:08:55.0626 10064 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 22:08:55.0626 10064 sffp_mmc - ok 22:08:55.0642 10064 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 22:08:55.0642 10064 sffp_sd - ok 22:08:55.0642 10064 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 22:08:55.0657 10064 sfloppy - ok 22:08:55.0673 10064 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll 22:08:55.0688 10064 SharedAccess - ok 22:08:55.0720 10064 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll 22:08:55.0735 10064 ShellHWDetection - ok 22:08:55.0751 10064 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 22:08:55.0751 10064 sisagp - ok 22:08:55.0766 10064 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 22:08:55.0766 10064 SiSRaid2 - ok 22:08:55.0798 10064 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 22:08:55.0798 10064 SiSRaid4 - ok 22:08:55.0938 10064 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe 22:08:56.0000 10064 slsvc - ok 22:08:56.0094 10064 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll 22:08:56.0094 10064 SLUINotify - ok 22:08:56.0141 10064 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 22:08:56.0156 10064 Smb - ok 22:08:56.0188 10064 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe 22:08:56.0188 10064 SNMPTRAP - ok 22:08:56.0203 10064 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 22:08:56.0219 10064 spldr - ok 22:08:56.0234 10064 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe 22:08:56.0250 10064 Spooler - ok 22:08:56.0281 10064 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 22:08:56.0297 10064 srv - ok 22:08:56.0328 10064 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 22:08:56.0344 10064 srv2 - ok 22:08:56.0344 10064 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 22:08:56.0359 10064 srvnet - ok 22:08:56.0390 10064 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll 22:08:56.0390 10064 SSDPSRV - ok 22:08:56.0437 10064 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll 22:08:56.0453 10064 SstpSvc - ok 22:08:56.0578 10064 Stereo Service (29662881a46db66730c62a4f1bfa3dc2) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 22:08:56.0578 10064 Stereo Service - ok 22:08:56.0609 10064 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll 22:08:56.0624 10064 stisvc - ok 22:08:56.0671 10064 stllssvr (4cfeb2bd9723489da072b300940ea287) c:\Program Files\Common Files\SureThing Shared\stllssvr.exe 22:08:56.0671 10064 stllssvr - ok 22:08:56.0718 10064 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 22:08:56.0718 10064 swenum - ok 22:08:56.0749 10064 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll 22:08:56.0765 10064 swprv - ok 22:08:56.0780 10064 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 22:08:56.0780 10064 Symc8xx - ok 22:08:56.0796 10064 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 22:08:56.0796 10064 Sym_hi - ok 22:08:56.0812 10064 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 22:08:56.0812 10064 Sym_u3 - ok 22:08:56.0858 10064 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll 22:08:56.0874 10064 SysMain - ok 22:08:56.0890 10064 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll 22:08:56.0905 10064 TabletInputService - ok 22:08:56.0936 10064 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll 22:08:56.0952 10064 TapiSrv - ok 22:08:56.0983 10064 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll 22:08:56.0983 10064 TBS - ok 22:08:57.0030 10064 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys 22:08:57.0061 10064 Tcpip - ok 22:08:57.0077 10064 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys 22:08:57.0077 10064 Tcpip6 - ok 22:08:57.0108 10064 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 22:08:57.0108 10064 tcpipreg - ok 22:08:57.0124 10064 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 22:08:57.0139 10064 TDPIPE - ok 22:08:57.0155 10064 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 22:08:57.0155 10064 TDTCP - ok 22:08:57.0186 10064 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 22:08:57.0186 10064 tdx - ok 22:08:57.0202 10064 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 22:08:57.0217 10064 TermDD - ok 22:08:57.0248 10064 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll 22:08:57.0264 10064 TermService - ok 22:08:57.0311 10064 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll 22:08:57.0311 10064 Themes - ok 22:08:57.0326 10064 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 22:08:57.0326 10064 THREADORDER - ok 22:08:57.0373 10064 tmactmon (e8e528896ff2595cfada88749cd72ef8) C:\Windows\system32\DRIVERS\tmactmon.sys 22:08:57.0373 10064 tmactmon - ok 22:08:57.0404 10064 tmcomm (1837512d4aab862bd297a2ef035fba14) C:\Windows\system32\DRIVERS\tmcomm.sys 22:08:57.0404 10064 tmcomm - ok 22:08:57.0451 10064 tmevtmgr (dbac510d1c7cc66b7a78eb2264f3072e) C:\Windows\system32\DRIVERS\tmevtmgr.sys 22:08:57.0451 10064 tmevtmgr - ok 22:08:57.0467 10064 tmtdi (a6e20b094a8d3e3f46d10bbe7e1ebb82) C:\Windows\system32\DRIVERS\tmtdi.sys 22:08:57.0482 10064 tmtdi - ok 22:08:57.0498 10064 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll 22:08:57.0498 10064 TrkWks - ok 22:08:57.0545 10064 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe 22:08:57.0545 10064 TrustedInstaller - ok 22:08:57.0592 10064 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 22:08:57.0592 10064 tssecsrv - ok 22:08:57.0607 10064 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 22:08:57.0623 10064 tunmp - ok 22:08:57.0638 10064 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 22:08:57.0638 10064 tunnel - ok 22:08:57.0670 10064 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 22:08:57.0670 10064 uagp35 - ok 22:08:57.0701 10064 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 22:08:57.0716 10064 udfs - ok 22:08:57.0748 10064 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe 22:08:57.0748 10064 UI0Detect - ok 22:08:57.0763 10064 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 22:08:57.0763 10064 uliagpkx - ok 22:08:57.0779 10064 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 22:08:57.0794 10064 uliahci - ok 22:08:57.0826 10064 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 22:08:57.0826 10064 UlSata - ok 22:08:57.0841 10064 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 22:08:57.0857 10064 ulsata2 - ok 22:08:57.0872 10064 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 22:08:57.0872 10064 umbus - ok 22:08:57.0904 10064 UmRdpService (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll 22:08:57.0919 10064 UmRdpService - ok 22:08:57.0950 10064 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll 22:08:57.0950 10064 upnphost - ok 22:08:57.0982 10064 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys 22:08:57.0982 10064 USBAAPL - ok 22:08:58.0028 10064 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 22:08:58.0028 10064 usbaudio - ok 22:08:58.0075 10064 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 22:08:58.0091 10064 usbccgp - ok 22:08:58.0106 10064 usbcir (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys 22:08:58.0106 10064 usbcir - ok 22:08:58.0122 10064 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 22:08:58.0122 10064 usbehci - ok 22:08:58.0153 10064 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 22:08:58.0169 10064 usbhub - ok 22:08:58.0184 10064 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 22:08:58.0184 10064 usbohci - ok 22:08:58.0200 10064 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 22:08:58.0216 10064 usbprint - ok 22:08:58.0231 10064 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 22:08:58.0247 10064 usbscan - ok 22:08:58.0262 10064 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:08:58.0278 10064 USBSTOR - ok 22:08:58.0309 10064 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 22:08:58.0309 10064 usbuhci - ok 22:08:58.0356 10064 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll 22:08:58.0356 10064 UxSms - ok 22:08:58.0403 10064 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe 22:08:58.0418 10064 vds - ok 22:08:58.0465 10064 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 22:08:58.0465 10064 vga - ok 22:08:58.0481 10064 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 22:08:58.0481 10064 VgaSave - ok 22:08:58.0512 10064 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 22:08:58.0512 10064 viaagp - ok 22:08:58.0528 10064 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 22:08:58.0528 10064 ViaC7 - ok 22:08:58.0543 10064 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 22:08:58.0543 10064 viaide - ok 22:08:58.0574 10064 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 22:08:58.0574 10064 volmgr - ok 22:08:58.0606 10064 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 22:08:58.0621 10064 volmgrx - ok 22:08:58.0652 10064 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 22:08:58.0668 10064 volsnap - ok 22:08:58.0715 10064 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 22:08:58.0715 10064 vsmraid - ok 22:08:58.0777 10064 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe 22:08:58.0824 10064 VSS - ok 22:08:58.0855 10064 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll 22:08:58.0855 10064 W32Time - ok 22:08:58.0902 10064 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 22:08:58.0902 10064 WacomPen - ok 22:08:58.0949 10064 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 22:08:58.0949 10064 Wanarp - ok 22:08:58.0949 10064 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 22:08:58.0949 10064 Wanarpv6 - ok 22:08:58.0996 10064 wbengine (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe 22:08:59.0027 10064 wbengine - ok 22:08:59.0089 10064 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll 22:08:59.0105 10064 wcncsvc - ok 22:08:59.0136 10064 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll 22:08:59.0136 10064 WcsPlugInService - ok 22:08:59.0183 10064 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 22:08:59.0183 10064 Wd - ok 22:08:59.0245 10064 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 22:08:59.0308 10064 Wdf01000 - ok 22:08:59.0339 10064 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 22:08:59.0339 10064 WdiServiceHost - ok 22:08:59.0339 10064 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 22:08:59.0354 10064 WdiSystemHost - ok 22:08:59.0386 10064 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll 22:08:59.0401 10064 WebClient - ok 22:08:59.0432 10064 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll 22:08:59.0432 10064 Wecsvc - ok 22:08:59.0464 10064 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll 22:08:59.0464 10064 wercplsupport - ok 22:08:59.0495 10064 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll 22:08:59.0495 10064 WerSvc - ok 22:08:59.0588 10064 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll 22:08:59.0588 10064 WinDefend - ok 22:08:59.0604 10064 WinHttpAutoProxySvc - ok 22:08:59.0666 10064 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll 22:08:59.0666 10064 Winmgmt - ok 22:08:59.0729 10064 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll 22:08:59.0760 10064 WinRM - ok 22:08:59.0807 10064 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll 22:08:59.0822 10064 Wlansvc - ok 22:08:59.0869 10064 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 22:08:59.0869 10064 WmiAcpi - ok 22:08:59.0932 10064 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe 22:08:59.0932 10064 wmiApSrv - ok 22:09:00.0041 10064 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe 22:09:00.0056 10064 WMPNetworkSvc - ok 22:09:00.0088 10064 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll 22:09:00.0088 10064 WPCSvc - ok 22:09:00.0119 10064 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll 22:09:00.0119 10064 WPDBusEnum - ok 22:09:00.0197 10064 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 22:09:00.0197 10064 WpdUsb - ok 22:09:00.0322 10064 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 22:09:00.0337 10064 WPFFontCache_v0400 - ok 22:09:00.0368 10064 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 22:09:00.0368 10064 ws2ifsl - ok 22:09:00.0400 10064 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll 22:09:00.0400 10064 wscsvc - ok 22:09:00.0400 10064 WSearch - ok 22:09:00.0509 10064 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll 22:09:00.0571 10064 wuauserv - ok 22:09:00.0680 10064 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 22:09:00.0680 10064 WUDFRd - ok 22:09:00.0712 10064 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll 22:09:00.0712 10064 wudfsvc - ok 22:09:00.0743 10064 XDva348 - ok 22:09:00.0743 10064 XDva359 - ok 22:09:00.0790 10064 MBR (0x1B8) (8913823ff508ccf109db74b636c301da) \Device\Harddisk0\DR0 22:09:00.0821 10064 \Device\Harddisk0\DR0 - ok 22:09:00.0821 10064 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk5\DR5 22:09:02.0755 10064 \Device\Harddisk5\DR5 - ok 22:09:02.0755 10064 Boot (0x1200) (18762cb94749c7c97f8702dff6cdd263) \Device\Harddisk0\DR0\Partition0 22:09:02.0771 10064 \Device\Harddisk0\DR0\Partition0 - ok 22:09:02.0771 10064 Boot (0x1200) (3d659c9e5cc9f1959c6d0ff3339866ea) \Device\Harddisk0\DR0\Partition1 22:09:02.0771 10064 \Device\Harddisk0\DR0\Partition1 - ok 22:09:02.0771 10064 Boot (0x1200) (e230c62268d1a82615f925992afc735d) \Device\Harddisk5\DR5\Partition0 22:09:02.0771 10064 \Device\Harddisk5\DR5\Partition0 - ok 22:09:02.0771 10064 ============================================================ 22:09:02.0771 10064 Scan finished 22:09:02.0771 10064 ============================================================ 22:09:02.0786 11616 Detected object count: 0 22:09:02.0786 11616 Actual detected object count: 0 22:19:40.0340 6268 Deinitialize success
  11. Sorry about the font size, it automatically changed when I pasted the log here. I accidently submitted the RogueKiller log twice, it's the same log though. I ran these tools in normal mode. Thanks, Pat
  12. ComboFix 12-06-28.03 - Patrick Fong 29/06/2012 21:38:09.8.2 - x86 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.61.1033.18.2047.962 [GMT 10:00] Running from: c:\users\Patrick Fong\Desktop\ComboFix.exe AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92} SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Patrick Fong\AppData\Local\amfmkrxk.log c:\users\Patrick Fong\AppData\Local\hsivcopd.log c:\users\Patrick Fong\AppData\Local\jlypkcri.log c:\users\Patrick Fong\AppData\Local\lvpnwwpd\tchahayq.exe c:\users\Patrick Fong\AppData\Local\narfqwth.log c:\users\Patrick Fong\AppData\Local\vtofbvlp.log c:\users\Patrick Fong\AppData\Local\wqexycde.log . . ((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-29 ))))))))))))))))))))))))))))))) . . 2012-06-29 11:45 . 2012-06-29 11:47 -------- d-----w- c:\users\Patrick Fong\AppData\Local\temp 2012-06-29 11:45 . 2012-06-29 11:45 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp 2012-06-29 11:45 . 2012-06-29 11:45 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-26 02:09 . 2012-06-28 13:41 0 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-06-25 10:07 . 2012-06-25 10:08 -------- d-----w- c:\program files\ERUNT 2012-06-22 11:55 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-22 11:55 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-22 11:55 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-22 11:55 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-22 11:54 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-22 11:54 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-22 11:54 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 03:16 . 2012-06-02 05:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 03:16 . 2012-06-02 05:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-21 00:15 . 2012-06-21 00:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-21 00:15 . 2012-04-04 05:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-20 13:13 . 2012-06-29 11:45 -------- d-----w- c:\users\Patrick Fong\AppData\Local\lvpnwwpd 2012-06-16 05:32 . 2012-06-16 05:32 -------- d-----w- c:\programdata\Tarma Installer 2012-06-16 05:31 . 2012-06-20 14:09 -------- d-----w- c:\program files\1ClickDownload 2012-06-13 11:39 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll 2012-06-13 11:39 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-13 11:39 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-13 11:39 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 11:39 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys 2012-06-11 12:45 . 2012-06-11 12:45 -------- d-----w- c:\users\Patrick Fong\AppData\Local\Trend Micro 2012-06-11 12:37 . 2012-06-11 12:08 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys 2012-06-11 12:25 . 2012-06-11 12:08 68368 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys 2012-06-11 12:25 . 2012-06-11 12:08 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2012-06-11 12:25 . 2012-06-11 12:08 81168 ----a-w- c:\windows\system32\drivers\tmactmon.sys 2012-06-11 12:19 . 2012-06-11 12:19 56 ----a-w- c:\windows\system32\SupportTool.exe.bat 2012-06-11 12:14 . 2012-06-28 21:07 -------- d-----w- c:\programdata\Trend Micro 2012-06-11 12:05 . 2012-06-11 12:17 -------- d-----w- c:\program files\Trend Micro 2012-06-09 05:05 . 2012-06-09 05:05 -------- d--h--w- c:\programdata\Common Files 2012-06-08 13:08 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB267CAB-EDFB-4DFE-9356-7F650B410C37}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-03 08:16 . 2012-05-11 11:44 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-03 08:16 . 2012-05-11 11:44 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "TchAhayq"="c:\users\Patrick Fong\AppData\Local\lvpnwwpd\tchahayq.exe" [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536] "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536] "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984] "CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-09-11 176128] "D-Link D-Link DWA-125"="c:\program files\D-Link\DWA-125 revA\AirGCFG.exe" [2010-05-21 1024000] "WZCSLDR2"="c:\program files\D-Link\DWA-125 revA\WZCSLDR2.exe" [2010-04-20 122880] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-02-06 622592] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792] "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 133424] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168] . c:\users\Patrick Fong\Desktop\Programs\Startup\ tchahayq.exe [2012-6-20 92216] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Canon LBP5200 Status Window.lnk - c:\windows\System32\spool\drivers\w32x86\3\CNAC3LAK.EXE [2004-9-24 50848] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-11-16 67128] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-16 692224] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-22 65588] NETGEAR WNA1100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA1100\WNA1100.exe [2012-3-4 4545024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Canon LBP5200 Status Window.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP5200 Status Window.lnk backup=c:\windows\pss\Canon LBP5200 Status Window.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2010-03-05 17:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 01:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 . S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com.au/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=73&bd=Pavilion&pf=desktop uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll . . ************************************************************************** scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(11468) c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\CNAC3RPK.EXE c:\program files\Trend Micro\AMSP\coreServiceShell.exe c:\program files\Intel\IntelDH\CCU\AlertService.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Trend Micro\AMSP\coreFrameworkHost.exe c:\program files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe c:\program files\Trend Micro\AMSP\AMSP_LogServer.exe c:\users\Patrick Fong\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe c:\program files\D-Link\DWA-125 revA\ANIWZCSdS.exe c:\program files\D-Link\DWA-125 revA\ANIWConnService.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\conime.exe c:\windows\ehome\ehsched.exe c:\windows\ehome\ehRecvr.exe c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2012-06-29 21:55:13 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-29 11:55 ComboFix2.txt 2012-06-28 21:26 ComboFix3.txt 2012-06-25 11:06 ComboFix4.txt 2012-06-22 13:12 ComboFix5.txt 2012-06-29 11:36 . Pre-Run: 80,460,693,504 bytes free Post-Run: 80,390,008,832 bytes free . - - End Of File - - 11B3F412B984A8B5ADFEEBBBAB38FF82
  13. RogueKiller V7.6.1 [06/28/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User: Patrick Fong [Admin rights] Mode: Scan -- Date: 06/29/2012 21:33:02 ¤¤¤ Bad processes: 3 ¤¤¤ [sVCHOST] svchost.exe -- C:\Windows\system32\svchost.exe -> KILLED [TermProc] [sVCHOST] svchost.exe -- C:\Windows\system32\svchost.exe -> KILLED [TermProc] [sUSP PATH] lhfujcbahkhdwheq.exe -- C:\Users\PATRIC~1\AppData\Local\Temp\lhfujcbahkhdwheq.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 2 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : TchAhayq (C:\Users\Patrick Fong\AppData\Local\lvpnwwpd\tchahayq.exe) -> FOUND [sUSP PATH] HKUS\S-1-5-21-517934540-472169772-531085458-1001[...]\Run : TchAhayq (C:\Users\Patrick Fong\AppData\Local\lvpnwwpd\tchahayq.exe) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ SSDT[64] : NtCreateKey @ 0x82A37140 -> HOOKED (Unknown @ 0x86F1F06C) SSDT[67] : NtCreateMutant @ 0x82A68812 -> HOOKED (Unknown @ 0x86E9FB1C) SSDT[72] : NtCreateProcess @ 0x82AD9DAB -> HOOKED (Unknown @ 0x86E17C2C) SSDT[73] : NtCreateProcessEx @ 0x82AD9DF6 -> HOOKED (Unknown @ 0x86E17D5C) SSDT[77] : NtCreateSymbolicLinkObject @ 0x82A0835A -> HOOKED (Unknown @ 0x86EF25EC) SSDT[78] : NtCreateThread @ 0x82AD9BE0 -> HOOKED (Unknown @ 0x86E0C814) SSDT[123] : NtDeleteKey @ 0x829FA727 -> HOOKED (Unknown @ 0x86E9F2E4) SSDT[126] : NtDeleteValueKey @ 0x829F5CC8 -> HOOKED (Unknown @ 0x86F84B8C) SSDT[129] : NtDuplicateObject @ 0x82A40551 -> HOOKED (Unknown @ 0x86EF25B4) SSDT[165] : NtLoadDriver @ 0x829B3DEE -> HOOKED (Unknown @ 0x86EF2C24) SSDT[194] : NtOpenProcess @ 0x82A68FAE -> HOOKED (Unknown @ 0x86D932D4) SSDT[197] : NtOpenSection @ 0x82A5966D -> HOOKED (Unknown @ 0x86F84B54) SSDT[201] : NtOpenThread @ 0x82A644FF -> HOOKED (Unknown @ 0x86BC3BE4) SSDT[267] : NtRenameKey @ 0x82A9C6AC -> HOOKED (Unknown @ 0x86E7B92C) SSDT[280] : NtRestoreKey @ 0x82A9ADB2 -> HOOKED (Unknown @ 0x86E7B8F4) SSDT[317] : NtSetSystemInformation @ 0x82A2EEEB -> HOOKED (Unknown @ 0x86E9FAE4) SSDT[324] : NtSetValueKey @ 0x82A263C2 -> HOOKED (Unknown @ 0x86E9F5E4) SSDT[334] : NtTerminateProcess @ 0x82A39143 -> HOOKED (Unknown @ 0x86E9FE0C) SSDT[335] : NtTerminateThread @ 0x82A64534 -> HOOKED (Unknown @ 0x86E10814) SSDT[358] : NtWriteVirtualMemory @ 0x82A5592D -> HOOKED (Unknown @ 0x86E0C84C) SSDT[382] : NtCreateThreadEx @ 0x82A63FE9 -> HOOKED (Unknown @ 0x86EF2C5C) SSDT[383] : NtCreateUserProcess @ 0x82A11C11 -> HOOKED (Unknown @ 0x86EF3154) S_SSDT[572] : Unknown -> HOOKED (Unknown @ 0x84EFA6BC) S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0xA35BFEEC) ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3320820AS ATA Device +++++ --- User --- [MBR] 517d979d7e41c90176b4180f0e37411e [bSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : HP tatooed MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 296355 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 606935700 | Size: 8887 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
  14. RogueKiller V7.6.1 [06/28/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User: Patrick Fong [Admin rights] Mode: Scan -- Date: 06/29/2012 21:33:02 ¤¤¤ Bad processes: 3 ¤¤¤ [sVCHOST] svchost.exe -- C:\Windows\system32\svchost.exe -> KILLED [TermProc] [sVCHOST] svchost.exe -- C:\Windows\system32\svchost.exe -> KILLED [TermProc] [sUSP PATH] lhfujcbahkhdwheq.exe -- C:\Users\PATRIC~1\AppData\Local\Temp\lhfujcbahkhdwheq.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 2 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : TchAhayq (C:\Users\Patrick Fong\AppData\Local\lvpnwwpd\tchahayq.exe) -> FOUND [sUSP PATH] HKUS\S-1-5-21-517934540-472169772-531085458-1001[...]\Run : TchAhayq (C:\Users\Patrick Fong\AppData\Local\lvpnwwpd\tchahayq.exe) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ SSDT[64] : NtCreateKey @ 0x82A37140 -> HOOKED (Unknown @ 0x86F1F06C) SSDT[67] : NtCreateMutant @ 0x82A68812 -> HOOKED (Unknown @ 0x86E9FB1C) SSDT[72] : NtCreateProcess @ 0x82AD9DAB -> HOOKED (Unknown @ 0x86E17C2C) SSDT[73] : NtCreateProcessEx @ 0x82AD9DF6 -> HOOKED (Unknown @ 0x86E17D5C) SSDT[77] : NtCreateSymbolicLinkObject @ 0x82A0835A -> HOOKED (Unknown @ 0x86EF25EC) SSDT[78] : NtCreateThread @ 0x82AD9BE0 -> HOOKED (Unknown @ 0x86E0C814) SSDT[123] : NtDeleteKey @ 0x829FA727 -> HOOKED (Unknown @ 0x86E9F2E4) SSDT[126] : NtDeleteValueKey @ 0x829F5CC8 -> HOOKED (Unknown @ 0x86F84B8C) SSDT[129] : NtDuplicateObject @ 0x82A40551 -> HOOKED (Unknown @ 0x86EF25B4) SSDT[165] : NtLoadDriver @ 0x829B3DEE -> HOOKED (Unknown @ 0x86EF2C24) SSDT[194] : NtOpenProcess @ 0x82A68FAE -> HOOKED (Unknown @ 0x86D932D4) SSDT[197] : NtOpenSection @ 0x82A5966D -> HOOKED (Unknown @ 0x86F84B54) SSDT[201] : NtOpenThread @ 0x82A644FF -> HOOKED (Unknown @ 0x86BC3BE4) SSDT[267] : NtRenameKey @ 0x82A9C6AC -> HOOKED (Unknown @ 0x86E7B92C) SSDT[280] : NtRestoreKey @ 0x82A9ADB2 -> HOOKED (Unknown @ 0x86E7B8F4) SSDT[317] : NtSetSystemInformation @ 0x82A2EEEB -> HOOKED (Unknown @ 0x86E9FAE4) SSDT[324] : NtSetValueKey @ 0x82A263C2 -> HOOKED (Unknown @ 0x86E9F5E4) SSDT[334] : NtTerminateProcess @ 0x82A39143 -> HOOKED (Unknown @ 0x86E9FE0C) SSDT[335] : NtTerminateThread @ 0x82A64534 -> HOOKED (Unknown @ 0x86E10814) SSDT[358] : NtWriteVirtualMemory @ 0x82A5592D -> HOOKED (Unknown @ 0x86E0C84C) SSDT[382] : NtCreateThreadEx @ 0x82A63FE9 -> HOOKED (Unknown @ 0x86EF2C5C) SSDT[383] : NtCreateUserProcess @ 0x82A11C11 -> HOOKED (Unknown @ 0x86EF3154) S_SSDT[572] : Unknown -> HOOKED (Unknown @ 0x84EFA6BC) S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0xA35BFEEC) ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3320820AS ATA Device +++++ --- User --- [MBR] 517d979d7e41c90176b4180f0e37411e [bSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : HP tatooed MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 296355 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 606935700 | Size: 8887 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
  15. Regarding your question in #19, yes I did uninstall Norton 360 using Programs and Features.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.