Smitfraud.C Generic Trojan Removal

[Ashleydo]

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion g6 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 166):
0x0240C000 \SystemRoot\system32\ntoskrnl.exe
0x029F5000 \SystemRoot\system32\hal.dll
0x00BB3000 \SystemRoot\system32\kdcom.dll
0x00C87000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C94000 \SystemRoot\system32\PSHED.dll
0x00CA8000 \SystemRoot\system32\CLFS.SYS
0x00D06000 \SystemRoot\system32\CI.dll
0x00EC2000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F66000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F75000 \SystemRoot\system32\drivers\ACPI.sys
0x00FCC000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00FD5000 \SystemRoot\system32\drivers\msisadrv.sys
0x00E00000 \SystemRoot\system32\drivers\pci.sys
0x00E33000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\drivers\compbatt.sys
0x00E5E000 \SystemRoot\system32\drivers\BATTC.SYS
0x00E6A000 \SystemRoot\system32\drivers\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E7F000 \SystemRoot\system32\drivers\pciide.sys
0x00E86000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00E96000 \SystemRoot\System32\drivers\mountmgr.sys
0x00EB0000 \SystemRoot\system32\drivers\atapi.sys
0x00C5C000 \SystemRoot\system32\drivers\ataport.SYS
0x00FDF000 \SystemRoot\system32\drivers\msahci.sys
0x00DC6000 \SystemRoot\system32\DRIVERS\amd_sata.sys
0x01078000 \SystemRoot\system32\DRIVERS\storport.sys
0x010DB000 \SystemRoot\system32\DRIVERS\amd_xata.sys
0x010E8000 \SystemRoot\system32\drivers\amdxata.sys
0x010F3000 \SystemRoot\system32\drivers\fltmgr.sys
0x0113F000 \SystemRoot\system32\drivers\fileinfo.sys
0x01153000 \SystemRoot\system32\drivers\mfehidk.sys
0x01255000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014DE000 \SystemRoot\System32\Drivers\cng.sys
0x01550000 \SystemRoot\System32\drivers\pcw.sys
0x01561000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016FA000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x018F4000 \SystemRoot\System32\drivers\tcpip.sys
0x01AF8000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01B42000 \SystemRoot\system32\drivers\mfewfpk.sys
0x01B86000 \SystemRoot\system32\drivers\volsnap.sys
0x01800000 \SystemRoot\System32\drivers\rdyboost.sys
0x0183A000 \SystemRoot\System32\Drivers\mup.sys
0x0184C000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01855000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0188F000 \SystemRoot\system32\drivers\disk.sys
0x018A5000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x018D5000 \SystemRoot\system32\DRIVERS\AtiPcie64.sys
0x01BF3000 \SystemRoot\System32\Drivers\Null.SYS
0x018EB000 \SystemRoot\System32\Drivers\Beep.SYS
0x0169E000 \SystemRoot\System32\drivers\vga.sys
0x016AC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x016D1000 \SystemRoot\System32\drivers\watchdog.sys
0x016E1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x016EA000 \SystemRoot\System32\Drivers\Msfs.SYS
0x017ED000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0156B000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0158D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0159A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x01400000 \SystemRoot\system32\drivers\afd.sys
0x01489000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x01492000 \SystemRoot\system32\DRIVERS\pacer.sys
0x014B8000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x015DF000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x015F0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02CB7000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02D08000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02D14000 \SystemRoot\System32\Drivers\dfsc.sys
0x02D32000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02D58000 \SystemRoot\system32\drivers\wmiacpi.sys
0x02D61000 \SystemRoot\system32\drivers\HDAudBus.sys
0x02D85000 \SystemRoot\System32\Drivers\fastfat.SYS
0x02C00000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x03015000 \SystemRoot\system32\DRIVERS\netr28x.sys
0x031D5000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x02C6C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x031E2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x031EF000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x02E68000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02EBE000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x02ECC000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02EDD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x02EFB000 \SystemRoot\system32\drivers\kbdclass.sys
0x02F0A000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x02F71000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x02F73000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x02F82000 \SystemRoot\system32\drivers\blbdrive.sys
0x02F93000 \SystemRoot\system32\drivers\CompositeBus.sys
0x02FA3000 \SystemRoot\system32\drivers\mssmbios.sys
0x02FAE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x02FC4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02FE8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02E00000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02E2F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02C96000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02E4A000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03000000 \SystemRoot\system32\drivers\termdd.sys
0x02E64000 \SystemRoot\system32\drivers\swenum.sys
0x02DBB000 \SystemRoot\system32\drivers\ks.sys
0x0121B000 \SystemRoot\system32\DRIVERS\amdiox64.sys
0x0122F000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03CCF000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03D29000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03D3E000 \SystemRoot\system32\drivers\mfefirek.sys
0x03DB2000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03DC0000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x03DCA000 \SystemRoot\System32\Drivers\dump_amd_sata.sys
0x03DE1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000B0000 \SystemRoot\System32\win32k.sys
0x03DF4000 \SystemRoot\System32\drivers\Dxapi.sys
0x03C00000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x00430000 \SystemRoot\System32\drivers\dxg.sys
0x00770000 \SystemRoot\System32\TSDDD.dll
0x00990000 \SystemRoot\System32\framebuf.dll
0x00A00000 \SystemRoot\System32\ATMFD.DLL
0x03C1D000 \SystemRoot\system32\drivers\WudfPf.sys
0x03C3E000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x03C91000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x03CA4000 \SystemRoot\system32\DRIVERS\bowser.sys
0x04C9B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x04CC8000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x04D16000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x04D3A000 \??\C:\Users\ASHLEY~1\AppData\Local\Temp\aswMBR.sys
0x775C0000 \Windows\System32\ntdll.dll
0x47BA0000 \Windows\System32\smss.exe
0xFF8E0000 \Windows\System32\apisetschema.dll
0xFFE80000 \Windows\System32\autochk.exe
0xFF6F0000 \Windows\System32\setupapi.dll
0x77790000 \Windows\System32\psapi.dll
0xFF6D0000 \Windows\System32\sechost.dll
0xFF650000 \Windows\System32\shlwapi.dll
0x774C0000 \Windows\System32\user32.dll
0xFF600000 \Windows\System32\ws2_32.dll
0x77370000 \Windows\System32\urlmon.dll
0xFF530000 \Windows\System32\usp10.dll
0xFF4B0000 \Windows\System32\difxapi.dll
0xFF2A0000 \Windows\System32\ole32.dll
0x77210000 \Windows\System32\wininet.dll
0xFF200000 \Windows\System32\comdlg32.dll
0xFF1E0000 \Windows\System32\imagehlp.dll
0xFF170000 \Windows\System32\gdi32.dll
0xFF160000 \Windows\System32\nsi.dll
0xFF050000 \Windows\System32\msctf.dll
0x77000000 \Windows\System32\iertutil.dll
0xFEF20000 \Windows\System32\rpcrt4.dll
0xFEF10000 \Windows\System32\lpk.dll
0xFEEE0000 \Windows\System32\imm32.dll
0x76EE0000 \Windows\System32\kernel32.dll
0xFEE40000 \Windows\System32\clbcatq.dll
0xFED60000 \Windows\System32\oleaut32.dll
0xFECC0000 \Windows\System32\msvcrt.dll
0x77780000 \Windows\System32\normaliz.dll
0xFDF30000 \Windows\System32\shell32.dll
0xFDE50000 \Windows\System32\advapi32.dll
0xFDDF0000 \Windows\System32\Wldap32.dll
0xFDDD0000 \Windows\System32\devobj.dll
0xFDC60000 \Windows\System32\crypt32.dll
0xFDBC0000 \Windows\System32\comctl32.dll
0xFDB80000 \Windows\System32\cfgmgr32.dll
0xFDB40000 \Windows\System32\wintrust.dll
0xFDAD0000 \Windows\System32\KernelBase.dll
0xFDAC0000 \Windows\System32\msasn1.dll

Processes (total 36):
0 System Idle Process
4 System
276 C:\Windows\System32\smss.exe
380 csrss.exe
420 csrss.exe
428 C:\Windows\System32\wininit.exe
472 C:\Windows\System32\winlogon.exe
512 C:\Windows\System32\services.exe
532 C:\Windows\System32\lsass.exe
540 C:\Windows\System32\lsm.exe
636 C:\Windows\System32\svchost.exe
712 C:\Windows\System32\svchost.exe
836 C:\Windows\System32\svchost.exe
868 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
416 C:\Windows\System32\mfevtps.exe
728 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
1172 C:\Windows\explorer.exe
1216 C:\Windows\System32\ctfmon.exe
524 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
2044 C:\Users\Ashley Do\Desktop\aswMBR.exe
1588 C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
2496 C:\Windows\SysWOW64\ctfmon.exe
1444 C:\Windows\svchost.exe
2200 C:\Windows\System32\conhost.exe
3020 C:\ProgramData\QkqnRvQCEE.exe
2808 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1788 C:\Program Files (x86)\Internet Explorer\iexplore.exe
2816 C:\Program Files (x86)\Internet Explorer\iexplore.exe
2152 C:\Windows\System32\vds.exe
2724 WmiPrvSE.exe
1640 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1200 C:\Users\Ashley Do\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B5Z3Z04F\MBRCheck.exe
568 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000070`bda00000 (NTFS)

PhysicalDrive0 Model Number: ST9500325AS, Rev: 0005HPM1

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 4A424128F8BDD7486A71ACBA75AD6A099B912047


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

[ken545]

Lets run this tool and see if it fixes it

Please download TDSSKiller.zip

• Extract it to your desktop
• Double click TDSSKiller.exe
• Press Start Scan
  
  • Only if Malicious objects are found then ensure Cure is selected
  • Then click Continue > Reboot now
• Copy and paste the log in your next reply
  
  • A copy of the log will be saved automatically to the root of the drive (typically C:\)

[Ashleydo]

Doesn't seem to have worked. My computer keeps restarting on it's own. Here is the report:

17:31:34.0511 1168 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
17:31:34.0979 1168 ============================================================
17:31:34.0979 1168 Current date / time: 2012/04/15 17:31:34.0979
17:31:34.0979 1168 SystemInfo:
17:31:34.0979 1168
17:31:34.0979 1168 OS Version: 6.1.7601 ServicePack: 1.0
17:31:34.0979 1168 Product type: Workstation
17:31:34.0979 1168 ComputerName: ASHLEYDO-HP
17:31:34.0979 1168 UserName: Ashley Do
17:31:34.0979 1168 Windows directory: C:\Windows
17:31:34.0979 1168 System windows directory: C:\Windows
17:31:34.0979 1168 Running under WOW64
17:31:34.0979 1168 Processor architecture: Intel x64
17:31:34.0979 1168 Number of processors: 2
17:31:34.0979 1168 Page size: 0x1000
17:31:34.0979 1168 Boot type: Safe boot with network
17:31:34.0979 1168 ============================================================
17:31:36.0617 1168 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:31:36.0617 1168 \Device\Harddisk0\DR0:
17:31:36.0617 1168 MBR used
17:31:36.0617 1168 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
17:31:36.0617 1168 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38589000
17:31:36.0617 1168 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x385ED000, BlocksNum 0x1D65000
17:31:36.0617 1168 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
17:31:36.0788 1168 Initialize success
17:31:36.0788 1168 ============================================================
17:31:45.0462 1616 ============================================================
17:31:45.0462 1616 Scan started
17:31:45.0462 1616 Mode: Manual;
17:31:45.0462 1616 ============================================================
17:31:46.0460 1616 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:31:46.0460 1616 1394ohci - ok
17:31:46.0882 1616 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:31:46.0882 1616 ACPI - ok
17:31:47.0318 1616 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:31:47.0318 1616 AcpiPmi - ok
17:31:47.0506 1616 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:31:47.0506 1616 AdobeARMservice - ok
17:31:47.0927 1616 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
17:31:47.0942 1616 adp94xx - ok
17:31:48.0395 1616 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
17:31:48.0395 1616 adpahci - ok
17:31:48.0832 1616 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
17:31:48.0832 1616 adpu320 - ok
17:31:49.0128 1616 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:31:49.0128 1616 AeLookupSvc - ok
17:31:49.0549 1616 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:31:49.0565 1616 AFD - ok
17:31:49.0986 1616 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:31:49.0986 1616 agp440 - ok
17:31:50.0314 1616 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:31:50.0314 1616 ALG - ok
17:31:50.0750 1616 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:31:50.0750 1616 aliide - ok
17:31:51.0062 1616 AMD External Events Utility (850f0c8034225fa3f50d551a905fa503) C:\Windows\system32\atiesrxx.exe
17:31:51.0062 1616 AMD External Events Utility - ok
17:31:51.0140 1616 AMD FUEL Service - ok
17:31:51.0265 1616 AMD Reservation Manager (dd27f6c3de9bfe50635c721e09edc5dd) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
17:31:51.0281 1616 AMD Reservation Manager - ok
17:31:51.0702 1616 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:31:51.0718 1616 amdide - ok
17:31:52.0154 1616 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
17:31:52.0154 1616 amdiox64 - ok
17:31:52.0607 1616 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
17:31:52.0607 1616 AmdK8 - ok
17:31:53.0278 1616 amdkmdag (7979bf4a66efdadf3d00a052409609b1) C:\Windows\system32\DRIVERS\atikmdag.sys
17:31:53.0480 1616 amdkmdag - ok
17:31:53.0948 1616 amdkmdap (7d5cdb0161e91951d3dd99e55cea4d01) C:\Windows\system32\DRIVERS\atikmpag.sys
17:31:53.0948 1616 amdkmdap - ok
17:31:54.0401 1616 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:31:54.0401 1616 AmdPPM - ok
17:31:54.0822 1616 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:31:54.0838 1616 amdsata - ok
17:31:55.0274 1616 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
17:31:55.0290 1616 amdsbs - ok
17:31:55.0727 1616 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:31:55.0727 1616 amdxata - ok
17:31:56.0148 1616 amd_sata (6363014d5e4ccd280fb4902ec3c2ccfe) C:\Windows\system32\DRIVERS\amd_sata.sys
17:31:56.0148 1616 amd_sata - ok
17:31:56.0569 1616 amd_xata (51a5aed2a4cceda6addcf3194c9b29eb) C:\Windows\system32\DRIVERS\amd_xata.sys
17:31:56.0569 1616 amd_xata - ok
17:31:56.0975 1616 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:31:56.0975 1616 AppID - ok
17:31:57.0256 1616 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:31:57.0256 1616 AppIDSvc - ok
17:31:57.0568 1616 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:31:57.0568 1616 Appinfo - ok
17:31:57.0802 1616 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:31:57.0802 1616 Apple Mobile Device - ok
17:31:58.0238 1616 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
17:31:58.0238 1616 arc - ok
17:31:58.0691 1616 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
17:31:58.0691 1616 arcsas - ok
17:31:59.0128 1616 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:31:59.0128 1616 AsyncMac - ok
17:31:59.0580 1616 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:31:59.0580 1616 atapi - ok
17:32:00.0048 1616 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
17:32:00.0048 1616 AtiHdmiService - ok
17:32:00.0500 1616 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
17:32:00.0500 1616 AtiPcie - ok
17:32:00.0812 1616 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:32:00.0812 1616 AudioEndpointBuilder - ok
17:32:00.0828 1616 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:32:00.0828 1616 AudioSrv - ok
17:32:01.0171 1616 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:32:01.0171 1616 AxInstSV - ok
17:32:01.0624 1616 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
17:32:01.0639 1616 b06bdrv - ok
17:32:02.0076 1616 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:32:02.0092 1616 b57nd60a - ok
17:32:02.0232 1616 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
17:32:02.0232 1616 BBSvc - ok
17:32:02.0700 1616 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
17:32:02.0731 1616 BCM43XX - ok
17:32:03.0028 1616 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:32:03.0028 1616 BDESVC - ok
17:32:03.0464 1616 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:32:03.0464 1616 Beep - ok
17:32:03.0776 1616 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
17:32:03.0854 1616 BITS - ok
17:32:04.0276 1616 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
17:32:04.0276 1616 blbdrive - ok
17:32:04.0369 1616 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:32:04.0385 1616 Bonjour Service - ok
17:32:04.0822 1616 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:32:04.0837 1616 bowser - ok
17:32:05.0258 1616 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
17:32:05.0258 1616 BrFiltLo - ok
17:32:05.0695 1616 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
17:32:05.0695 1616 BrFiltUp - ok
17:32:05.0992 1616 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:32:05.0992 1616 Browser - ok
17:32:06.0413 1616 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:32:06.0428 1616 Brserid - ok
17:32:06.0865 1616 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:32:06.0865 1616 BrSerWdm - ok
17:32:07.0302 1616 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:32:07.0302 1616 BrUsbMdm - ok
17:32:07.0739 1616 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:32:07.0739 1616 BrUsbSer - ok
17:32:08.0176 1616 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
17:32:08.0176 1616 BTHMODEM - ok
17:32:08.0488 1616 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:32:08.0488 1616 bthserv - ok
17:32:08.0909 1616 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:32:08.0909 1616 cdfs - ok
17:32:09.0346 1616 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:32:09.0346 1616 cdrom - ok
17:32:09.0673 1616 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:32:09.0673 1616 CertPropSvc - ok
17:32:10.0079 1616 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
17:32:10.0079 1616 cfwids - ok
17:32:10.0516 1616 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
17:32:10.0516 1616 circlass - ok
17:32:10.0812 1616 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:32:10.0812 1616 CLFS - ok
17:32:11.0030 1616 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:32:11.0046 1616 clr_optimization_v2.0.50727_32 - ok
17:32:11.0264 1616 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:32:11.0280 1616 clr_optimization_v2.0.50727_64 - ok
17:32:11.0530 1616 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:32:11.0592 1616 clr_optimization_v4.0.30319_32 - ok
17:32:11.0904 1616 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:32:12.0044 1616 clr_optimization_v4.0.30319_64 - ok
17:32:12.0481 1616 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
17:32:12.0481 1616 clwvd - ok
17:32:12.0918 1616 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
17:32:12.0918 1616 CmBatt - ok
17:32:13.0480 1616 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:32:13.0480 1616 cmdide - ok
17:32:13.0916 1616 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:32:13.0932 1616 CNG - ok
17:32:14.0338 1616 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
17:32:14.0338 1616 Compbatt - ok
17:32:14.0790 1616 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:32:14.0790 1616 CompositeBus - ok
17:32:15.0071 1616 COMSysApp - ok
17:32:15.0492 1616 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
17:32:15.0492 1616 crcdisk - ok
17:32:15.0804 1616 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:32:15.0804 1616 CryptSvc - ok
17:32:16.0100 1616 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:32:16.0100 1616 DcomLaunch - ok
17:32:16.0397 1616 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:32:16.0397 1616 defragsvc - ok
17:32:16.0849 1616 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:32:16.0849 1616 DfsC - ok
17:32:17.0146 1616 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:32:17.0161 1616 Dhcp - ok
17:32:17.0629 1616 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:32:17.0629 1616 discache - ok
17:32:18.0082 1616 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
17:32:18.0082 1616 Disk - ok
17:32:18.0394 1616 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:32:18.0394 1616 Dnscache - ok
17:32:18.0690 1616 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:32:18.0690 1616 dot3svc - ok
17:32:18.0986 1616 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:32:19.0002 1616 DPS - ok
17:32:19.0423 1616 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:32:19.0423 1616 drmkaud - ok
17:32:19.0860 1616 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:32:19.0860 1616 DXGKrnl - ok
17:32:20.0156 1616 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:32:20.0172 1616 EapHost - ok
17:32:20.0640 1616 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
17:32:20.0734 1616 ebdrv - ok
17:32:21.0030 1616 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:32:21.0030 1616 EFS - ok
17:32:21.0217 1616 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:32:21.0217 1616 ehRecvr - ok
17:32:21.0389 1616 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:32:21.0389 1616 ehSched - ok
17:32:21.0841 1616 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
17:32:21.0857 1616 elxstor - ok
17:32:22.0262 1616 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:32:22.0262 1616 ErrDev - ok
17:32:22.0574 1616 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:32:22.0574 1616 EventSystem - ok
17:32:22.0996 1616 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:32:22.0996 1616 exfat - ok
17:32:23.0276 1616 ezSharedSvc - ok
17:32:23.0682 1616 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:32:23.0682 1616 fastfat - ok
17:32:24.0150 1616 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:32:24.0150 1616 Fax - ok
17:32:24.0899 1616 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
17:32:24.0899 1616 fdc - ok
17:32:25.0694 1616 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:32:25.0694 1616 fdPHost - ok
17:32:26.0428 1616 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:32:26.0428 1616 FDResPub - ok
17:32:27.0317 1616 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:32:27.0348 1616 FileInfo - ok
17:32:27.0956 1616 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:32:27.0956 1616 Filetrace - ok
17:32:28.0518 1616 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
17:32:28.0549 1616 flpydisk - ok
17:32:29.0516 1616 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:32:29.0548 1616 FltMgr - ok
17:32:30.0312 1616 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:32:30.0359 1616 FontCache - ok
17:32:30.0577 1616 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:32:30.0593 1616 FontCache3.0.0.0 - ok
17:32:31.0700 1616 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:32:31.0716 1616 FsDepends - ok
17:32:32.0808 1616 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:32:32.0808 1616 Fs_Rec - ok
17:32:33.0916 1616 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:32:33.0916 1616 fvevol - ok
17:32:34.0789 1616 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
17:32:34.0789 1616 gagp30kx - ok
17:32:35.0039 1616 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
17:32:35.0054 1616 GamesAppService - ok
17:32:35.0819 1616 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:32:35.0819 1616 GEARAspiWDM - ok
17:32:36.0334 1616 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:32:36.0365 1616 gpsvc - ok
17:32:37.0675 1616 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:32:37.0675 1616 hcw85cir - ok
17:32:39.0235 1616 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:32:39.0282 1616 HdAudAddService - ok
17:32:41.0154 1616 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:32:41.0201 1616 HDAudBus - ok
17:32:43.0073 1616 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
17:32:43.0088 1616 HidBatt - ok
17:32:44.0742 1616 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
17:32:44.0804 1616 HidBth - ok
17:32:46.0396 1616 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
17:32:46.0396 1616 HidIr - ok
17:32:47.0815 1616 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
17:32:47.0831 1616 hidserv - ok
17:32:50.0686 1616 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:32:50.0686 1616 HidUsb - ok
17:32:52.0448 1616 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:32:52.0511 1616 hkmsvc - ok
17:32:54.0008 1616 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:32:54.0040 1616 HomeGroupListener - ok
17:32:55.0272 1616 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:32:55.0272 1616 HomeGroupProvider - ok
17:32:55.0990 1616 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
17:32:56.0083 1616 HP Support Assistant Service - ok
17:32:56.0520 1616 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
17:32:56.0707 1616 HPClientSvc - ok
17:32:57.0378 1616 hpCMSrv (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
17:32:57.0659 1616 hpCMSrv - ok
17:32:58.0314 1616 HPDrvMntSvc.exe (b19ff523b533a3f198b9239e1749c940) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
17:32:58.0345 1616 HPDrvMntSvc.exe - ok
17:32:58.0829 1616 hpqwmiex (01091b900e15878b4434f9c726c4541d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
17:32:58.0891 1616 hpqwmiex - ok
17:33:00.0607 1616 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:33:00.0623 1616 HpSAMD - ok
17:33:01.0247 1616 HPWMISVC (77c15d7e8f002a173eebff0b20cd697d) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
17:33:01.0262 1616 HPWMISVC - ok
17:33:02.0791 1616 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:33:02.0854 1616 HTTP - ok
17:33:04.0211 1616 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:33:04.0226 1616 hwpolicy - ok
17:33:05.0958 1616 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:33:05.0958 1616 i8042prt - ok
17:33:07.0705 1616 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:33:07.0721 1616 iaStorV - ok
17:33:08.0220 1616 IconMan_R (3a0ff117b4adc5abe4d968e26a337158) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
17:33:08.0423 1616 IconMan_R - ok
17:33:08.0906 1616 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:33:08.0922 1616 idsvc - ok
17:33:10.0732 1616 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
17:33:10.0747 1616 iirsp - ok
17:33:12.0136 1616 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:33:12.0292 1616 IKEEXT - ok
17:33:13.0914 1616 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:33:13.0976 1616 intelide - ok
17:33:15.0614 1616 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
17:33:15.0614 1616 intelppm - ok
17:33:16.0316 1616 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:33:16.0332 1616 IPBusEnum - ok
17:33:17.0986 1616 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:33:18.0001 1616 IpFilterDriver - ok
17:33:19.0546 1616 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:33:19.0546 1616 IPMIDRV - ok
17:33:20.0950 1616 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:33:20.0996 1616 IPNAT - ok
17:33:21.0355 1616 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
17:33:21.0652 1616 iPod Service - ok
17:33:22.0993 1616 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:33:23.0009 1616 IRENUM - ok
17:33:24.0803 1616 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:33:24.0819 1616 isapnp - ok
17:33:26.0457 1616 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:33:26.0472 1616 iScsiPrt - ok
17:33:28.0001 1616 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
17:33:28.0001 1616 kbdclass - ok
17:33:29.0811 1616 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:33:29.0811 1616 kbdhid - ok
17:33:30.0965 1616 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:33:30.0965 1616 KeyIso - ok
17:33:32.0868 1616 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:33:32.0884 1616 KSecDD - ok
17:33:34.0506 1616 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:33:34.0522 1616 KSecPkg - ok
17:33:36.0300 1616 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:33:36.0316 1616 ksthunk - ok
17:33:37.0533 1616 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:33:37.0595 1616 KtmRm - ok
17:33:38.0749 1616 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
17:33:38.0765 1616 LanmanServer - ok
17:33:40.0091 1616 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:33:40.0091 1616 LanmanWorkstation - ok
17:33:41.0526 1616 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:33:41.0542 1616 lltdio - ok
17:33:42.0930 1616 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:33:42.0977 1616 lltdsvc - ok
17:33:43.0960 1616 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:33:43.0975 1616 lmhosts - ok
17:33:45.0629 1616 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
17:33:45.0645 1616 LSI_FC - ok
17:33:47.0392 1616 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
17:33:47.0423 1616 LSI_SAS - ok
17:33:49.0264 1616 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
17:33:49.0264 1616 LSI_SAS2 - ok
17:33:51.0276 1616 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
17:33:51.0292 1616 LSI_SCSI - ok
17:33:52.0462 1616 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:33:52.0462 1616 luafv - ok
17:33:54.0115 1616 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
17:33:54.0115 1616 MBAMProtector - ok
17:33:54.0864 1616 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:33:54.0927 1616 MBAMService - ok
17:33:55.0535 1616 McAfee SiteAdvisor Service (02aa4f6f30605c72faab7a2858735c11) c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
17:33:55.0847 1616 McAfee SiteAdvisor Service - ok
17:33:56.0502 1616 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:33:56.0518 1616 McMPFSvc - ok
17:33:56.0643 1616 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:33:56.0658 1616 mcmscsvc - ok
17:33:56.0705 1616 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:33:56.0705 1616 McNaiAnn - ok
17:33:56.0845 1616 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:33:56.0845 1616 McNASvc - ok
17:33:57.0267 1616 McODS (3809b77eb1734cd5fb317425f188abc1) C:\Program Files\McAfee\VirusScan\mcods.exe
17:33:57.0267 1616 McODS - ok
17:33:57.0672 1616 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:33:57.0672 1616 McProxy - ok
17:33:58.0218 1616 McShield (4a463d645b48bb487ca7df12ba5d1602) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
17:33:58.0218 1616 McShield - ok
17:33:59.0419 1616 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:33:59.0451 1616 Mcx2Svc - ok
17:34:01.0073 1616 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
17:34:01.0073 1616 megasas - ok
17:34:02.0758 1616 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
17:34:02.0773 1616 MegaSR - ok
17:34:04.0380 1616 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
17:34:04.0380 1616 mfeapfk - ok
17:34:06.0112 1616 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
17:34:06.0112 1616 mfeavfk - ok
17:34:06.0642 1616 mfefire (c53b7aba204d9f7e9568ec147a1485c5) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
17:34:06.0642 1616 mfefire - ok
17:34:08.0405 1616 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
17:34:08.0405 1616 mfefirek - ok
17:34:09.0996 1616 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
17:34:10.0043 1616 mfehidk - ok
17:34:11.0587 1616 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
17:34:11.0587 1616 mfenlfk - ok
17:34:13.0101 1616 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
17:34:13.0132 1616 mferkdet - ok
17:34:14.0395 1616 mfevtp (8f3b3c3625e3aaa11d6d4db8423e1721) C:\Windows\system32\mfevtps.exe
17:34:14.0395 1616 mfevtp - ok
17:34:16.0033 1616 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
17:34:16.0080 1616 mfewfpk - ok
17:34:17.0110 1616 Microsoft SharePoint Workspace Audit Service - ok
17:34:18.0483 1616 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:34:18.0483 1616 MMCSS - ok
17:34:20.0386 1616 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:34:20.0386 1616 Modem - ok
17:34:21.0930 1616 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:34:21.0946 1616 monitor - ok
17:34:23.0693 1616 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:34:23.0693 1616 mouclass - ok
17:34:25.0596 1616 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:34:25.0612 1616 mouhid - ok
17:34:27.0453 1616 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:34:27.0453 1616 mountmgr - ok
17:34:29.0262 1616 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:34:29.0278 1616 mpio - ok
17:34:31.0150 1616 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:34:31.0165 1616 mpsdrv - ok
17:34:32.0663 1616 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:34:32.0663 1616 MRxDAV - ok
17:34:34.0395 1616 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:34:34.0582 1616 mrxsmb - ok
17:34:36.0282 1616 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:34:36.0282 1616 mrxsmb10 - ok
17:34:37.0795 1616 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:34:37.0795 1616 mrxsmb20 - ok
17:34:39.0465 1616 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:34:39.0480 1616 msahci - ok
17:34:41.0337 1616 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:34:41.0352 1616 msdsm - ok
17:34:42.0694 1616 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:34:42.0709 1616 MSDTC - ok
17:34:44.0129 1616 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:34:44.0145 1616 Msfs - ok
17:34:46.0188 1616 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:34:46.0204 1616 mshidkmdf - ok
17:34:48.0294 1616 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:34:48.0310 1616 msisadrv - ok
17:34:49.0683 1616 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:34:49.0807 1616 MSiSCSI - ok
17:34:50.0728 1616 msiserver - ok
17:34:52.0522 1616 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:34:52.0553 1616 MSKSSRV - ok
17:34:54.0051 1616 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:34:54.0082 1616 MSPCLOCK - ok
17:34:55.0860 1616 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:34:55.0860 1616 MSPQM - ok

[Ashleydo]

17:34:56.0937 1616 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:34:56.0952 1616 MsRPC - ok
17:34:58.0590 1616 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:34:58.0590 1616 mssmbios - ok
17:35:00.0369 1616 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:35:00.0431 1616 MSTEE - ok
17:35:01.0944 1616 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
17:35:01.0944 1616 MTConfig - ok
17:35:03.0660 1616 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:35:03.0660 1616 Mup - ok
17:35:04.0721 1616 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:35:04.0799 1616 napagent - ok
17:35:06.0640 1616 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:35:06.0640 1616 NativeWifiP - ok
17:35:08.0325 1616 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:35:08.0340 1616 NDIS - ok
17:35:10.0103 1616 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:35:10.0150 1616 NdisCap - ok
17:35:12.0225 1616 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:35:12.0240 1616 NdisTapi - ok
17:35:13.0785 1616 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:35:13.0800 1616 Ndisuio - ok
17:35:15.0563 1616 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:35:15.0703 1616 NdisWan - ok
17:35:17.0264 1616 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:35:17.0264 1616 NDProxy - ok
17:35:19.0182 1616 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:35:19.0198 1616 NetBIOS - ok
17:35:21.0101 1616 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:35:21.0117 1616 NetBT - ok
17:35:22.0443 1616 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:35:22.0443 1616 Netlogon - ok
17:35:23.0660 1616 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:35:23.0894 1616 Netman - ok
17:35:25.0220 1616 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:35:25.0251 1616 netprofm - ok
17:35:26.0920 1616 netr28x (2f06e01de7a3e366185e65c41c9debf7) C:\Windows\system32\DRIVERS\netr28x.sys
17:35:26.0936 1616 netr28x - ok
17:35:27.0669 1616 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:35:27.0684 1616 NetTcpPortSharing - ok
17:35:29.0915 1616 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
17:35:29.0931 1616 nfrd960 - ok
17:35:31.0210 1616 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:35:31.0226 1616 NlaSvc - ok
17:35:33.0207 1616 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:35:33.0222 1616 Npfs - ok
17:35:34.0470 1616 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:35:34.0486 1616 nsi - ok
17:35:36.0327 1616 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:35:36.0374 1616 nsiproxy - ok
17:35:38.0074 1616 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:35:38.0292 1616 Ntfs - ok
17:35:39.0837 1616 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:35:39.0868 1616 Null - ok
17:35:41.0381 1616 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
17:35:41.0397 1616 NVENETFD - ok
17:35:42.0957 1616 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:35:42.0972 1616 nvraid - ok
17:35:44.0751 1616 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:35:44.0876 1616 nvstor - ok
17:35:46.0810 1616 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:35:46.0841 1616 nv_agp - ok
17:35:48.0776 1616 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:35:48.0776 1616 ohci1394 - ok
17:35:49.0400 1616 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:35:49.0446 1616 ose - ok
17:35:50.0039 1616 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:35:50.0351 1616 osppsvc - ok
17:35:51.0474 1616 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:35:51.0490 1616 p2pimsvc - ok
17:35:52.0769 1616 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:35:52.0832 1616 p2psvc - ok
17:35:54.0844 1616 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
17:35:54.0860 1616 Parport - ok
17:35:56.0903 1616 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:35:56.0919 1616 partmgr - ok
17:35:58.0401 1616 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:35:58.0432 1616 PcaSvc - ok
17:36:00.0320 1616 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:36:00.0335 1616 pci - ok
17:36:01.0942 1616 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:36:01.0942 1616 pciide - ok
17:36:03.0455 1616 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
17:36:03.0642 1616 pcmcia - ok
17:36:05.0936 1616 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:36:05.0967 1616 pcw - ok
17:36:07.0230 1616 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:36:07.0246 1616 PEAUTH - ok
17:36:08.0198 1616 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:36:08.0463 1616 PerfHost - ok
17:36:09.0165 1616 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:36:09.0196 1616 pla - ok
17:36:09.0976 1616 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:36:09.0992 1616 PlugPlay - ok
17:36:10.0444 1616 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:36:10.0444 1616 PNRPAutoReg - ok
17:36:11.0240 1616 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:36:11.0240 1616 PNRPsvc - ok
17:36:12.0020 1616 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:36:12.0020 1616 PolicyAgent - ok
17:36:12.0644 1616 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:36:12.0644 1616 Power - ok
17:36:13.0346 1616 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:36:13.0346 1616 PptpMiniport - ok
17:36:14.0625 1616 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
17:36:14.0625 1616 Processor - ok
17:36:14.0921 1616 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:36:14.0921 1616 ProfSvc - ok
17:36:15.0218 1616 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:36:15.0218 1616 ProtectedStorage - ok
17:36:15.0732 1616 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:36:15.0732 1616 Psched - ok
17:36:16.0247 1616 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
17:36:16.0278 1616 ql2300 - ok
17:36:16.0809 1616 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
17:36:16.0840 1616 ql40xx - ok
17:36:17.0823 1616 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:36:17.0823 1616 QWAVE - ok
17:36:18.0540 1616 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:36:18.0540 1616 QWAVEdrv - ok
17:36:19.0570 1616 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:36:19.0586 1616 RasAcd - ok
17:36:20.0631 1616 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:36:20.0646 1616 RasAgileVpn - ok
17:36:20.0974 1616 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:36:20.0974 1616 RasAuto - ok
17:36:22.0222 1616 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:36:22.0238 1616 Rasl2tp - ok
17:36:22.0737 1616 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:36:22.0737 1616 RasMan - ok
17:36:23.0314 1616 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:36:23.0314 1616 RasPppoe - ok
17:36:24.0312 1616 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:36:24.0328 1616 RasSstp - ok
17:36:24.0749 1616 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:36:24.0765 1616 rdbss - ok
17:36:25.0233 1616 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
17:36:25.0264 1616 rdpbus - ok
17:36:26.0106 1616 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:36:26.0106 1616 RDPCDD - ok
17:36:26.0652 1616 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:36:26.0652 1616 RDPENCDD - ok
17:36:27.0354 1616 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:36:27.0354 1616 RDPREFMP - ok
17:36:28.0228 1616 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
17:36:28.0244 1616 RDPWD - ok
17:36:28.0790 1616 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:36:28.0790 1616 rdyboost - ok
17:36:29.0148 1616 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:36:29.0148 1616 RemoteAccess - ok
17:36:29.0866 1616 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:36:29.0866 1616 RemoteRegistry - ok
17:36:30.0006 1616 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
17:36:30.0038 1616 RoxioNow Service - ok
17:36:30.0490 1616 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:36:30.0490 1616 RpcEptMapper - ok
17:36:30.0849 1616 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:36:30.0849 1616 RpcLocator - ok
17:36:31.0145 1616 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:36:31.0145 1616 RpcSs - ok
17:36:32.0190 1616 RSPCIESTOR (546d7f426776090b90ef5f195b6ae662) C:\Windows\system32\DRIVERS\RtsPStor.sys
17:36:32.0190 1616 RSPCIESTOR - ok
17:36:32.0752 1616 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:36:32.0768 1616 rspndr - ok
17:36:33.0501 1616 RTL8167 (3372196f61af48503656ef6aa3e92d1b) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:36:33.0501 1616 RTL8167 - ok
17:36:34.0172 1616 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:36:34.0187 1616 SamSs - ok
17:36:34.0655 1616 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:36:34.0655 1616 sbp2port - ok
17:36:35.0092 1616 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:36:35.0108 1616 SCardSvr - ok
17:36:35.0903 1616 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:36:35.0903 1616 scfilter - ok
17:36:36.0246 1616 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:36:36.0262 1616 Schedule - ok
17:36:36.0730 1616 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:36:36.0730 1616 SCPolicySvc - ok
17:36:37.0198 1616 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
17:36:37.0214 1616 sdbus - ok
17:36:37.0931 1616 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:36:37.0931 1616 SDRSVC - ok
17:36:38.0056 1616 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
17:36:38.0072 1616 SeaPort - ok
17:36:38.0555 1616 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:36:38.0555 1616 secdrv - ok
17:36:38.0961 1616 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:36:38.0976 1616 seclogon - ok
17:36:39.0257 1616 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:36:39.0257 1616 SENS - ok
17:36:40.0121 1616 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:36:40.0121 1616 SensrSvc - ok
17:36:40.0621 1616 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
17:36:40.0621 1616 Serenum - ok
17:36:41.0181 1616 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
17:36:41.0181 1616 Serial - ok
17:36:42.0341 1616 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
17:36:42.0341 1616 sermouse - ok
17:36:42.0731 1616 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:36:42.0731 1616 SessionEnv - ok
17:36:43.0246 1616 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:36:43.0246 1616 sffdisk - ok
17:36:44.0214 1616 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:36:44.0224 1616 sffp_mmc - ok
17:36:44.0817 1616 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:36:44.0819 1616 sffp_sd - ok
17:36:45.0368 1616 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
17:36:45.0370 1616 sfloppy - ok
17:36:46.0394 1616 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:36:46.0399 1616 SharedAccess - ok
17:36:46.0687 1616 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:36:46.0693 1616 ShellHWDetection - ok
17:36:47.0130 1616 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
17:36:47.0132 1616 SiSRaid2 - ok
17:36:48.0198 1616 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
17:36:48.0205 1616 SiSRaid4 - ok
17:36:48.0414 1616 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
17:36:48.0428 1616 SkypeUpdate - ok
17:36:48.0976 1616 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:36:48.0979 1616 Smb - ok
17:36:49.0345 1616 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:36:49.0348 1616 SNMPTRAP - ok
17:36:50.0077 1616 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:36:50.0079 1616 spldr - ok
17:36:50.0431 1616 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:36:50.0439 1616 Spooler - ok
17:36:50.0835 1616 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:36:50.0925 1616 sppsvc - ok
17:36:52.0436 1616 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:36:52.0440 1616 sppuinotify - ok
17:36:53.0009 1616 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:36:53.0016 1616 srv - ok
17:36:54.0200 1616 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:36:54.0230 1616 srv2 - ok
17:36:55.0039 1616 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
17:36:55.0045 1616 SrvHsfHDA - ok
17:36:55.0962 1616 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
17:36:56.0014 1616 SrvHsfV92 - ok
17:36:56.0590 1616 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
17:36:56.0608 1616 SrvHsfWinac - ok
17:36:57.0197 1616 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:36:57.0200 1616 srvnet - ok
17:36:57.0768 1616 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:36:57.0778 1616 SSDPSRV - ok
17:36:58.0217 1616 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:36:58.0221 1616 SstpSvc - ok
17:36:58.0413 1616 STacSV (54de4331fbcfabcdfda5c845f856d848) C:\Program Files\IDT\WDM\STacSV64.exe
17:36:58.0524 1616 STacSV - ok
17:36:59.0103 1616 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
17:36:59.0105 1616 stexstor - ok
17:36:59.0947 1616 STHDA (400ebac444d0622cb0f7fba23b234b82) C:\Windows\system32\DRIVERS\stwrt64.sys
17:36:59.0966 1616 STHDA - ok
17:37:00.0390 1616 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:37:00.0400 1616 stisvc - ok
17:37:01.0119 1616 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:37:01.0120 1616 swenum - ok
17:37:02.0001 1616 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:37:02.0012 1616 swprv - ok
17:37:02.0881 1616 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys
17:37:02.0884 1616 SynTP - ok
17:37:03.0250 1616 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:37:03.0297 1616 SysMain - ok
17:37:03.0977 1616 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:37:03.0980 1616 TabletInputService - ok
17:37:04.0308 1616 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:37:04.0316 1616 TapiSrv - ok
17:37:05.0103 1616 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:37:05.0111 1616 TBS - ok
17:37:06.0354 1616 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:37:06.0563 1616 Tcpip - ok
17:37:07.0125 1616 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:37:07.0137 1616 TCPIP6 - ok
17:37:07.0923 1616 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:37:07.0939 1616 tcpipreg - ok
17:37:08.0903 1616 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:37:08.0904 1616 TDPIPE - ok
17:37:09.0374 1616 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:37:09.0377 1616 TDTCP - ok
17:37:10.0287 1616 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:37:10.0287 1616 tdx - ok
17:37:10.0907 1616 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:37:10.0907 1616 TermDD - ok
17:37:11.0227 1616 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:37:11.0237 1616 TermService - ok
17:37:11.0927 1616 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:37:11.0937 1616 Themes - ok
17:37:12.0272 1616 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:37:12.0272 1616 THREADORDER - ok
17:37:12.0553 1616 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:37:12.0553 1616 TrkWks - ok
17:37:12.0740 1616 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:37:12.0740 1616 TrustedInstaller - ok
17:37:13.0317 1616 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:37:13.0317 1616 tssecsrv - ok
17:37:14.0316 1616 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:37:14.0316 1616 TsUsbFlt - ok
17:37:14.0784 1616 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
17:37:14.0784 1616 TsUsbGD - ok
17:37:15.0314 1616 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:37:15.0314 1616 tunnel - ok
17:37:15.0954 1616 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
17:37:15.0954 1616 uagp35 - ok
17:37:16.0406 1616 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:37:16.0422 1616 udfs - ok
17:37:16.0781 1616 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:37:16.0781 1616 UI0Detect - ok
17:37:17.0467 1616 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:37:17.0498 1616 uliagpkx - ok
17:37:18.0294 1616 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
17:37:18.0294 1616 umbus - ok
17:37:18.0840 1616 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
17:37:18.0840 1616 UmPass - ok
17:37:19.0261 1616 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:37:19.0277 1616 upnphost - ok
17:37:20.0072 1616 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
17:37:20.0088 1616 USBAAPL64 - ok
17:37:20.0525 1616 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:37:20.0571 1616 usbccgp - ok
17:37:21.0086 1616 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:37:21.0086 1616 usbcir - ok
17:37:21.0929 1616 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:37:21.0944 1616 usbehci - ok
17:37:22.0568 1616 usbfilter (76e2ffad301490ba27b947c6507752fb) C:\Windows\system32\DRIVERS\usbfilter.sys
17:37:22.0568 1616 usbfilter - ok
17:37:23.0005 1616 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:37:23.0021 1616 usbhub - ok
17:37:23.0613 1616 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
17:37:23.0629 1616 usbohci - ok
17:37:24.0081 1616 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
17:37:24.0081 1616 usbprint - ok
17:37:24.0503 1616 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
17:37:24.0503 1616 USBSTOR - ok
17:37:25.0158 1616 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:37:25.0173 1616 usbuhci - ok
17:37:26.0000 1616 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
17:37:26.0000 1616 usbvideo - ok
17:37:26.0312 1616 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:37:26.0312 1616 UxSms - ok
17:37:26.0593 1616 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:37:26.0593 1616 VaultSvc - ok
17:37:27.0092 1616 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:37:27.0092 1616 vdrvroot - ok
17:37:27.0404 1616 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:37:27.0435 1616 vds - ok
17:37:28.0418 1616 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:37:28.0418 1616 vga - ok
17:37:28.0839 1616 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:37:28.0839 1616 VgaSave - ok
17:37:29.0276 1616 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:37:29.0276 1616 vhdmp - ok
17:37:29.0807 1616 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:37:29.0807 1616 viaide - ok
17:37:30.0259 1616 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:37:30.0259 1616 volmgr - ok
17:37:30.0696 1616 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:37:30.0696 1616 volmgrx - ok
17:37:31.0148 1616 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:37:31.0148 1616 volsnap - ok
17:37:31.0585 1616 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
17:37:31.0585 1616 vsmraid - ok
17:37:31.0928 1616 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:37:31.0959 1616 VSS - ok
17:37:32.0396 1616 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:37:32.0396 1616 vwifibus - ok
17:37:32.0817 1616 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:37:32.0817 1616 vwififlt - ok
17:37:33.0129 1616 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:37:33.0145 1616 W32Time - ok
17:37:33.0800 1616 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
17:37:33.0800 1616 WacomPen - ok
17:37:34.0268 1616 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:37:34.0268 1616 WANARP - ok
17:37:34.0299 1616 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:37:34.0299 1616 Wanarpv6 - ok
17:37:34.0643 1616 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:37:34.0674 1616 WatAdminSvc - ok
17:37:34.0986 1616 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:37:35.0033 1616 wbengine - ok
17:37:35.0329 1616 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:37:35.0345 1616 WbioSrvc - ok
17:37:35.0766 1616 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:37:35.0781 1616 wcncsvc - ok
17:37:36.0078 1616 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:37:36.0078 1616 WcsPlugInService - ok
17:37:36.0515 1616 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
17:37:36.0515 1616 Wd - ok
17:37:36.0967 1616 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:37:36.0967 1616 Wdf01000 - ok
17:37:37.0310 1616 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:37:37.0310 1616 WdiServiceHost - ok
17:37:37.0310 1616 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:37:37.0310 1616 WdiSystemHost - ok
17:37:38.0277 1616 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:37:38.0293 1616 WebClient - ok
17:37:38.0870 1616 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:37:38.0886 1616 Wecsvc - ok
17:37:39.0167 1616 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:37:39.0167 1616 wercplsupport - ok
17:37:39.0635 1616 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:37:39.0650 1616 WerSvc - ok
17:37:40.0087 1616 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:37:40.0087 1616 WfpLwf - ok
17:37:40.0555 1616 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:37:40.0555 1616 WIMMount - ok
17:37:40.0571 1616 WinHttpAutoProxySvc - ok
17:37:40.0929 1616 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:37:40.0945 1616 Winmgmt - ok
17:37:41.0553 1616 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:37:41.0600 1616 WinRM - ok
17:37:42.0318 1616 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:37:42.0365 1616 WinUsb - ok
17:37:42.0708 1616 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:37:42.0723 1616 Wlansvc - ok
17:37:43.0020 1616 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:37:43.0051 1616 wlcrasvc - ok
17:37:43.0213 1616 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:37:43.0263 1616 wlidsvc - ok
17:37:44.0133 1616 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:37:44.0133 1616 WmiAcpi - ok
17:37:44.0673 1616 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:37:44.0683 1616 wmiApSrv - ok
17:37:44.0753 1616 WMPNetworkSvc - ok
17:37:45.0073 1616 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:37:45.0083 1616 WPCSvc - ok
17:37:46.0016 1616 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:37:46.0016 1616 WPDBusEnum - ok
17:37:46.0921 1616 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:37:46.0936 1616 ws2ifsl - ok
17:37:47.0794 1616 WSearch - ok
17:37:48.0590 1616 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
17:37:48.0637 1616 wuauserv - ok
17:37:50.0306 1616 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:37:50.0321 1616 WudfPf - ok
17:37:51.0445 1616 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:37:51.0460 1616 WUDFRd - ok
17:37:52.0115 1616 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:37:52.0115 1616 wudfsvc - ok
17:37:52.0942 1616 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:37:52.0942 1616 WwanSvc - ok
17:37:52.0989 1616 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
17:37:53.0036 1616 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
17:37:53.0036 1616 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
17:37:53.0067 1616 Boot (0x1200) (5769326bc5bae3494e4c97c3ffa97964) \Device\Harddisk0\DR0\Partition0
17:37:53.0098 1616 \Device\Harddisk0\DR0\Partition0 - ok
17:37:53.0114 1616 Boot (0x1200) (5e20204b3655abb9809d8f9e96d3dcab) \Device\Harddisk0\DR0\Partition1
17:37:53.0114 1616 \Device\Harddisk0\DR0\Partition1 - ok
17:37:53.0161 1616 Boot (0x1200) (4aba3a6a520d0b350cb64e4d5a9a5e41) \Device\Harddisk0\DR0\Partition2
17:37:53.0192 1616 \Device\Harddisk0\DR0\Partition2 - ok
17:37:53.0264 1616 Boot (0x1200) (86d8620539c721d35343919fe8a83117) \Device\Harddisk0\DR0\Partition3
17:37:53.0314 1616 \Device\Harddisk0\DR0\Partition3 - ok
17:37:53.0314 1616 ============================================================
17:37:53.0314 1616 Scan finished
17:37:53.0314 1616 ============================================================
17:37:53.0324 1592 Detected object count: 1
17:37:53.0324 1592 Actual detected object count: 1
17:38:16.0384 1592 \Device\Harddisk0\DR0\# - copied to quarantine
17:38:16.0384 1592 \Device\Harddisk0\DR0 - copied to quarantine
17:38:16.0462 1592 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
17:38:16.0462 1592 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
17:38:16.0477 1592 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
17:38:16.0477 1592 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
17:38:16.0509 1592 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
17:38:16.0524 1592 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
17:38:16.0555 1592 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
17:38:16.0555 1592 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
17:38:16.0571 1592 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
17:38:16.0571 1592 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
17:38:16.0587 1592 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
17:38:16.0587 1592 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
17:38:16.0602 1592 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
17:38:16.0602 1592 \Device\Harddisk0\DR0 - ok
17:38:17.0491 1592 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
17:38:23.0630 0460 Deinitialize success

[ken545]

Go ahead and shut it down, then restart it , Drag Combfix to the trash and download a fresh updated copy and run it once more

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

[Ashleydo]

Here is the combofix report. I have had to restore a couple of times to a couple of days ago because it would not work. I don't know if that matters or not.


ComboFix 12-04-15.02 - Ashley Do 04/15/2012 23:32:54.2.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2800 [GMT -5:00]
Running from: c:\users\Ashley Do\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-16 to 2012-04-16 )))))))))))))))))))))))))))))))
.
.
2012-04-16 04:40 . 2012-04-16 04:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-15 22:38 . 2012-04-15 22:38 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-13 21:47 . 2012-04-13 21:44 323072 ----a-w- c:\programdata\QkqnRvQCEE.exe
2012-04-13 00:58 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-12 05:13 . 2012-02-28 06:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-04-12 05:06 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 05:06 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 05:06 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 05:06 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 05:06 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 05:06 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 05:06 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-09 17:52 . 2012-04-10 05:06 -------- d--h--w- c:\program files (x86)\ERUNT
2012-04-09 03:37 . 2012-04-09 03:37 -------- d--h--w- c:\users\Ashley Do\AppData\Roaming\Malwarebytes
2012-04-09 03:37 . 2012-04-16 06:08 -------- d-----w- c:\programdata\Malwarebytes
2012-04-09 03:37 . 2012-04-16 06:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-09 03:16 . 2012-04-09 03:46 -------- d--h--w- c:\users\Ashley Do\AppData\Roaming\Okf
2012-04-09 03:16 . 2012-04-09 03:16 -------- d--h--w- c:\users\Ashley Do\AppData\Roaming\Zewexez
2012-04-09 02:53 . 2012-04-16 06:51 -------- d-----w- c:\program files\iPod
2012-04-09 02:53 . 2012-04-16 06:51 -------- d-----w- c:\program files\iTunes
2012-04-09 02:53 . 2012-04-16 06:51 -------- d-----w- c:\program files (x86)\iTunes
2012-04-09 02:26 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-04-09 02:26 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-04-09 02:26 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-04-09 02:25 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-09 02:25 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-09 02:25 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-09 02:25 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-09 02:25 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-04-09 02:25 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-09 02:25 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-09 00:12 . 2012-04-09 00:12 5120 ---ha-w- c:\programdata\Microsoft\Windows\DRM\9718.tmp
2012-04-09 00:12 . 2012-04-09 00:12 5120 ---ha-w- c:\programdata\Microsoft\Windows\DRM\969A.tmp
2012-04-08 21:15 . 2012-04-08 21:15 -------- d--h--w- c:\programdata\Premium
2012-04-08 21:14 . 2012-04-09 05:14 -------- d--h--w- c:\programdata\Codecv
2012-04-08 21:14 . 2012-04-08 21:14 -------- d-----w- C:\codec-info
2012-04-08 21:13 . 2012-04-08 21:16 -------- d--h--w- c:\programdata\InstallMate
2012-04-08 21:10 . 2012-04-08 21:10 -------- d--h--w- c:\users\Ashley Do\AppData\Local\DDMSettings
2012-04-08 21:08 . 2012-04-08 21:14 -------- d--h--w- c:\users\Ashley Do\AppData\Roaming\DivX
2012-04-08 21:08 . 2012-04-09 05:14 -------- d--h--w- c:\program files (x86)\Common Files\PX Storage Engine
2012-04-08 21:07 . 2012-04-09 05:14 -------- d--h--w- c:\program files\DivX
2012-04-08 21:07 . 2012-04-16 06:50 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2012-04-08 21:07 . 2012-04-16 06:02 -------- d-----w- c:\program files (x86)\DivX
2012-04-08 21:06 . 2012-04-16 06:51 -------- d-----w- c:\programdata\DivX
2012-04-08 19:12 . 2012-04-08 19:12 -------- d--h--w- c:\users\Ashley Do\AppData\Local\Windows Live Writer
2012-04-08 19:12 . 2012-04-08 19:12 -------- d--h--w- c:\users\Ashley Do\AppData\Roaming\Windows Live Writer
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-30 02:44 . 2012-04-16 06:05 -------- d-----w- c:\program files (x86)\Real
2012-03-27 03:00 . 2012-04-09 18:02 -------- d--h--w- c:\users\Ashley Do\AppData\Local\Windows Live
2012-03-27 02:56 . 2012-03-27 02:56 -------- d--h--w- c:\users\Ashley Do\AppData\Roaming\MPEG Streamclip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-18 18:02 . 2011-09-20 01:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 18:58 . 2012-02-15 18:58 768848 ----a-w- c:\windows\SysWow64\msvcr100.dll
2012-02-15 18:58 . 2012-02-15 18:58 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2012-02-14 17:09 . 2012-02-14 17:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-16_04.17.00 )))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-28 336384]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QkqnRvQCEE.exe"="c:\programdata\QkqnRvQCEE.exe" [2012-04-13 323072]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Ashley Do\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ashley Do\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-02-28 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
R2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]
R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2011-08-10 102608]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-12-06 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2389999988-980581348-2656622395-1002Core.job
- c:\users\Ashley Do\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-12 01:09]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2389999988-980581348-2656622395-1002UA.job
- c:\users\Ashley Do\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-12 01:09]
.
2012-02-29 c:\windows\Tasks\HPCeeScheduleForAshley Do.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-15 1128448]
"norob"="c:\windows\TEMP\norob.dll" [BU]
"inlort"="c:\windows\TEMP\inlort.dll" [BU]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://exchange.ou.edu/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12 68.105.28.11
.
Supplementary scan did not complete!
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-15 23:43:09
ComboFix-quarantined-files.txt 2012-04-12 04:03
.
Pre-Run: 398,958,747,648 bytes free
Post-Run: 398,642,065,408 bytes free
.
- - End Of File - - 4568F951F0EE9FC03EE4273D3669CE4B

[ken545]

Good Morning,

Restoring was fine, sometimes you have to do what you have to do to get things running.

The infection on this system is one of the worst, if this was my system I would back up all my important data like documents and pictures and format and reinstall windows, this way you back to a nice clean computer with no problems. Not sure what this infection is capable of so I would suggest using a known clean computer and changing all your passwords for any sites you do online shopping with a credit card and also any online banking. If this is what you would like to do let me know and I can direct you to a good windows forum that can guide you through the process, do you have your windows CD ?


Lets check and see if this rootkit is still present

What I would like you to do is to go to Start > Control Panel > Administrative Tools > Computer Management > Then in the left pane click on Disk Management. When it opens expand it to fill the screen, then press Alt. Prnt Scrn , then go to your image editor , Paint will be fine if this is all you have and paste it in, save it to your desktop and then attach it in your next reply.



Then go ahead and run aswMBR again and post a new log please

[Ashleydo]

Here is the log and the print screen.

I do not have the CD. I don't think my computer came with one... if it did, I don't have it. Also, I am not able to see my documents or anything so I am not able to back those up. Any suggestions?

Thanks for your help!

[Ashleydo]

Also, the redirect has gone away, but I think there are still problems. The Malware bytes keeps saying it is quarantining a svchost.exe. Is that the problem?

[ken545]

Ashley,

Your Disk Management looks ok, but aswMBR did not run correctly, drag it to the trash and download a fresh copy, make sure it updates to the latest definitions.


Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply






You need to enable windows to show all files and folders, instructions Here

Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, if it says this file has been checked before, have them recheck it. When the scan is done just copy and paste the link back to this forum for me to see.

c:\programdata\Microsoft\Windows\DRM\9718.tmp<--This file

If the site is busy you can try this one
http://virusscan.jotti.org/en





Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::

Code:

File::
c:\programdata\QkqnRvQCEE.exe
C:\Windows\svchost.exe


Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QkqnRvQCEE.exe"=-

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.