Happili redirect

I don't have CD today right now so:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Shulan at 15:54:22 on 2012-04-23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1979.681 [GMT -7:00]
.
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Shulan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Users\Shulan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shulan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.6.2.10\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [EPSON NX410 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCA.EXE /FU "C:\Windows\TEMP\E_S32A5.tmp" /EF "HKCU"
uRun: [Google Update] "C:\Users\Shulan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5234EEB6-9645-4B41-80B9-9D92E56E0DAB} : DhcpNameServer = 40.5.1.100
TCP: Interfaces\{F1843EC0-48EC-4F01-BC62-03D86DE24ACE} : DhcpNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.6.2.10\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NAVx64\1306020.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\NAVx64\1306020.00A\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1306020.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\NAVx64\1306020.00A\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [2012-4-13 1160824]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\system32\drivers\NAVx64\1306020.00A\ccSetx64.sys --> C:\Windows\system32\drivers\NAVx64\1306020.00A\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120420.001\IDSviA64.sys [2012-4-20 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NAVx64\1306020.00A\Ironx64.SYS --> C:\Windows\system32\drivers\NAVx64\1306020.00A\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NAVx64\1306020.00A\SYMNETS.SYS --> C:\Windows\system32\Drivers\NAVx64\1306020.00A\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-12-1 98208]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-9-17 92216]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-9-28 26680]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\19.6.2.10\ccsvchst.exe [2012-4-22 138232]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-4-22 138360]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-04-23 04:06:57 -------- d-----w- C:\Users\Shulan\AppData\Roaming\Malwarebytes
2012-04-23 04:06:45 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-23 04:06:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-23 04:06:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-22 22:41:14 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-04-22 22:34:03 -------- d-----w- C:\Users\Shulan\AppData\Local\Google
2012-04-22 22:31:45 -------- d-----w- C:\Users\Shulan\AppData\Local\Deployment
2012-04-22 22:31:45 -------- d-----w- C:\Users\Shulan\AppData\Local\Apps
2012-04-22 22:22:20 80024 ----a-w- C:\Windows\SysWow64\PICSDK.dll
2012-04-22 22:22:20 51360 ----a-w- C:\Windows\SysWow64\EpPicPrt.dll
2012-04-22 22:22:20 51360 ----a-w- C:\Windows\SysWow64\EpPicMgr.dll
2012-04-22 22:22:20 501912 ----a-w- C:\Windows\SysWow64\PICSDK2.dll
2012-04-22 22:22:20 108704 ----a-w- C:\Windows\SysWow64\PICEntry.dll
2012-04-22 22:18:04 81408 ----a-w- C:\Windows\System32\E_IBCBFCA.DLL
2012-04-22 22:18:04 108032 ----a-w- C:\Windows\System32\E_ILMFCA.DLL
2012-04-22 22:17:59 -------- d-----w- C:\ProgramData\EPSON
2012-04-22 22:17:52 459776 ----a-w- C:\Windows\System32\esxwiaud.dll
2012-04-22 22:17:51 -------- d-----w- C:\Program Files (x86)\epson
2012-04-22 22:03:51 -------- d-----w- C:\Program Files (x86)\MSECache
2012-04-22 21:07:07 -------- d-----w- C:\Program Files (x86)\Microsoft ActiveSync
2012-04-22 21:06:51 -------- d-----w- C:\Windows\SHELLNEW
2012-04-22 20:09:40 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2012-04-22 19:53:29 738936 ----a-w- C:\Windows\System32\drivers\NAVx64\1306020.00A\srtsp64.sys
2012-04-22 19:53:29 451192 ----a-r- C:\Windows\System32\drivers\NAVx64\1306020.00A\symds64.sys
2012-04-22 19:53:29 405624 ----a-w- C:\Windows\System32\drivers\NAVx64\1306020.00A\symnets.sys
2012-04-22 19:53:29 37496 ----a-w- C:\Windows\System32\drivers\NAVx64\1306020.00A\srtspx64.sys
2012-04-22 19:53:29 190072 ----a-w- C:\Windows\System32\drivers\NAVx64\1306020.00A\ironx64.sys
2012-04-22 19:53:29 167048 ----a-w- C:\Windows\System32\drivers\NAVx64\1306020.00A\ccsetx64.sys
2012-04-22 19:53:29 1092728 ----a-w- C:\Windows\System32\drivers\NAVx64\1306020.00A\symefa64.sys
2012-04-22 19:53:22 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1306020.00A
2012-04-22 19:33:34 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-04-22 19:33:34 -------- d-----w- C:\Program Files\Symantec
2012-04-22 19:33:34 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-04-22 19:31:49 -------- d-----w- C:\Windows\System32\drivers\NAVx64
2012-04-22 19:31:31 -------- d-----w- C:\Program Files (x86)\Norton AntiVirus
2012-04-22 19:29:24 -------- d-----w- C:\ProgramData\PCSettings
2012-04-22 19:04:39 -------- d-----w- C:\Users\Shulan\AppData\Roaming\PictureMover
2012-04-22 19:01:00 -------- d-----w- C:\Users\Shulan\AppData\Roaming\hpqLog
2012-04-22 18:59:27 -------- d-----w- C:\Users\Shulan\AppData\Local\RemEngine
2012-04-22 18:56:48 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-22 18:56:48 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-22 18:56:48 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-22 18:56:48 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-04-22 18:56:47 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-04-22 18:56:47 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-04-22 18:56:47 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-22 18:55:42 -------- d-----w- C:\Users\Shulan\AppData\Local\Hewlett-Packard
2012-04-22 18:55:27 -------- d-----w- C:\Users\Shulan\AppData\Local\Hewlett-Packard_Company
2012-04-22 18:54:11 -------- d-----w- C:\Users\Shulan\AppData\Local\VirtualStore
.
==================== Find3M ====================
.
2012-04-22 20:09:40 902656 ----a-w- C:\Windows\System32\d2d1.dll
.
============= FINISH: 15:56:08.21 ===============

I don't have CD today right now so:

We can launch it in different ways. Do you have a usb stick ?



Please do the following. You will need a USB drive with no less than 64 mb of space.

• Insert your USB drive.
• Press Start > My Computer > right click your USB drive > choose Format > Quick format
• Download xPUD 0.9.2 iso, saving the file to your Desktop.
• Download UNetbootin and save it to your Desktop as well.
• Double click the unetbootin-windows-latest.exe that you just downloaded.
• Select the DiskImage option then click the browse button located on the right side of the textbox field.
• Browse to and select the xpud-0.9.2.iso file you downloaded
• Verify the correct drive letter is selected for your USB device then click OK
• It will write files to your USB device and make it bootable
• Once the files have been written to the device you will be prompted to reboot ~ do NOT reboot and instead just Exit the UNetbootin interface
• Next, download dumpit and save it to the same flash drive where you installed xPUD.
• Remove the USB and insert it in the ailing computer
• Power on the computer and press F12 then choose to boot from the USB
• After selecting a language and readying the system, a Welcome to xPUD screen will appear
• Click the File tab
• Expand mnt by clicking the plus sign to it's left
• sda1,2...usually corresponds to your HDD
• sdb1 is likely your USB
• Double click dumpit.
• It will create some MBR copies on the USB drive.
• When it completes press Enter to exit the Terminal window.
• Remove the USB drive, then locate on it an mbr.zip file, and upload that here as an attachment please.

mbr.zip should be created on your flash drive, please attach it to your next reply.



DDS log look clean.

I want to check a single file.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Virustotal

When the Virustotal page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\Windows\System32\d2d1.dll

note, if VT says these files have already been analysed, make sure you click re-analyse file now.

Please post back the results of the scan in your next post.

If Virustotal is busy, try the same at Virscan: http://virscan.org/



I analyzed your dump file.

It seems that the culprit is - iaStor.sys

Don't try to delete this file. It WILL render your PC unbootable.

Please scan the file on VirusTotal as described above.

C:\Windows\system32\DRIVERS\iaStor.sys

Post the results in your next reply.



Also...since TDSSKiller has been updated, please update it to latest version and run a fresh scan as described in my previous instructions.



And finally let's check for vulnerable software:



Download Security Check by screen317 from here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Regards,
Georgi

I'm not sure if you want this, but I ran the aswMBR with none selected, it went through sucessfully

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-23 19:51:46
-----------------------------
19:51:46.160 OS Version: Windows x64 6.1.7600
19:51:46.160 Number of processors: 2 586 0x170A
19:51:46.160 ComputerName: SHULAN-HP UserName: Shulan
19:51:47.408 Initialize success
19:51:54.194 AVAST engine defs: 12042201
19:52:00.403 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:52:00.403 Disk 0 Vendor: Hitachi_ ESBO Size: 238475MB BusType: 3
19:52:00.419 Disk 0 MBR read successfully
19:52:00.419 Disk 0 MBR scan
19:52:00.434 Disk 0 unknown MBR code
19:52:00.434 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
19:52:00.466 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 218806 MB offset 409600
19:52:00.497 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 19365 MB offset 448524288
19:52:00.528 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
19:52:00.575 Disk 0 scanning C:\Windows\system32\drivers
19:52:07.798 Service scanning
19:52:41.463 Modules scanning
19:52:41.463 Disk 0 trace - called modules:
19:52:41.525 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:52:41.525 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80023c9060]
19:52:41.541 3 CLASSPNP.SYS[fffff88001c3b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002270050]
19:52:41.541 Scan finished successfully
19:53:01.181 Disk 0 MBR has been saved successfully to "C:\Users\Shulan\Desktop\MBR.dat"
19:53:01.181 The log file has been saved successfully to "C:\Users\Shulan\Desktop\aswMBR.txt"

C:\Windows\system32\DRIVERS\iaStor.sys

doesn't exist, maybe its in some other location?

The other one:

SHA256: b33e08401aa20bec21f68df46e285aa8ab6d685f56474f5d7328a8782118781e
SHA1: 40f445e8b51302f01832d63b21bbea72686b3fee
MD5: 7c5567a00456f3a3a07800ebb3f351c4
File size: 722.5 KB ( 739840 bytes )
File name: d2d1.dll
File type: Win32 DLL
Detection ratio: 0 / 41
Analysis date: 2012-04-24 03:07:41 UTC ( 0 minutes ago )

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Norton AntiVirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java™ 6 Update 21
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Symantec Norton Online Backup NOBuAgent.exe
``````````End of Log````````````

TDDS:


20:30:32.0939 4564 TDSS rootkit removing tool 2.7.32.0 Apr 23 2012 19:12:34
20:30:33.0497 4564 ============================================================
20:30:33.0497 4564 Current date / time: 2012/04/23 20:30:33.0497
20:30:33.0497 4564 SystemInfo:
20:30:33.0497 4564
20:30:33.0497 4564 OS Version: 6.1.7600 ServicePack: 0.0
20:30:33.0497 4564 Product type: Workstation
20:30:33.0498 4564 ComputerName: SHULAN-HP
20:30:33.0498 4564 UserName: Shulan
20:30:33.0498 4564 Windows directory: C:\Windows
20:30:33.0498 4564 System windows directory: C:\Windows
20:30:33.0498 4564 Running under WOW64
20:30:33.0498 4564 Processor architecture: Intel x64
20:30:33.0498 4564 Number of processors: 2
20:30:33.0498 4564 Page size: 0x1000
20:30:33.0498 4564 Boot type: Normal boot
20:30:33.0498 4564 ============================================================
20:30:34.0367 4564 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:30:34.0375 4564 ============================================================
20:30:34.0375 4564 \Device\Harddisk0\DR0:
20:30:34.0375 4564 MBR partitions:
20:30:34.0375 4564 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
20:30:34.0375 4564 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1AB5B000
20:30:34.0375 4564 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1ABBF000, BlocksNum 0x25D2800
20:30:34.0375 4564 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970
20:30:34.0375 4564 ============================================================
20:30:34.0401 4564 C: <-> \Device\Harddisk0\DR0\Partition1
20:30:34.0449 4564 D: <-> \Device\Harddisk0\DR0\Partition2
20:30:34.0449 4564 ============================================================
20:30:34.0449 4564 Initialize success
20:30:34.0449 4564 ============================================================
20:31:16.0486 2280 ============================================================
20:31:16.0486 2280 Scan started
20:31:16.0486 2280 Mode: Manual; SigCheck; TDLFS;
20:31:16.0486 2280 ============================================================
20:31:17.0340 2280 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
20:31:17.0567 2280 1394ohci - ok
20:31:17.0681 2280 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
20:31:17.0711 2280 ACPI - ok
20:31:17.0730 2280 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
20:31:17.0856 2280 AcpiPmi - ok
20:31:17.0940 2280 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:31:17.0972 2280 adp94xx - ok
20:31:18.0013 2280 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:31:18.0029 2280 adpahci - ok
20:31:18.0046 2280 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:31:18.0061 2280 adpu320 - ok
20:31:18.0097 2280 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:31:18.0283 2280 AeLookupSvc - ok
20:31:18.0381 2280 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
20:31:18.0401 2280 AERTFilters - ok
20:31:18.0476 2280 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
20:31:18.0559 2280 AFD - ok
20:31:18.0639 2280 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
20:31:18.0661 2280 agp440 - ok
20:31:18.0706 2280 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:31:18.0763 2280 ALG - ok
20:31:18.0792 2280 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
20:31:18.0812 2280 aliide - ok
20:31:18.0825 2280 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
20:31:18.0838 2280 amdide - ok
20:31:18.0847 2280 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:31:18.0922 2280 AmdK8 - ok
20:31:18.0965 2280 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:31:19.0033 2280 AmdPPM - ok
20:31:19.0074 2280 amdsata (ab3166c09438a161fbde13099a72e0af) C:\Windows\system32\DRIVERS\amdsata.sys
20:31:19.0088 2280 amdsata - ok
20:31:19.0123 2280 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:31:19.0137 2280 amdsbs - ok
20:31:19.0182 2280 amdxata (5118dcd2065d8c8d752ad5ec0b2d6aa6) C:\Windows\system32\DRIVERS\amdxata.sys
20:31:19.0194 2280 amdxata - ok
20:31:19.0228 2280 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
20:31:20.0201 2280 AppID - ok
20:31:20.0236 2280 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:31:20.0325 2280 AppIDSvc - ok
20:31:20.0392 2280 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
20:31:20.0562 2280 Appinfo - ok
20:31:20.0679 2280 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:31:20.0701 2280 arc - ok
20:31:20.0714 2280 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:31:20.0727 2280 arcsas - ok
20:31:20.0756 2280 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:31:20.0845 2280 AsyncMac - ok
20:31:20.0909 2280 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
20:31:20.0921 2280 atapi - ok
20:31:21.0007 2280 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
20:31:21.0077 2280 AudioEndpointBuilder - ok
20:31:21.0083 2280 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
20:31:21.0130 2280 AudioSrv - ok
20:31:21.0184 2280 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
20:31:21.0313 2280 AxInstSV - ok
20:31:21.0404 2280 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:31:21.0522 2280 b06bdrv - ok
20:31:21.0594 2280 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:31:21.0652 2280 b57nd60a - ok
20:31:21.0687 2280 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:31:21.0761 2280 BDESVC - ok
20:31:21.0798 2280 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:31:21.0878 2280 Beep - ok
20:31:21.0966 2280 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
20:31:22.0047 2280 BFE - ok
20:31:22.0396 2280 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx64.sys
20:31:22.0447 2280 BHDrvx64 - ok
20:31:22.0786 2280 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
20:31:22.0872 2280 BITS - ok
20:31:23.0057 2280 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:31:23.0136 2280 blbdrive - ok
20:31:23.0171 2280 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
20:31:23.0237 2280 bowser - ok
20:31:23.0253 2280 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:31:23.0304 2280 BrFiltLo - ok
20:31:23.0334 2280 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:31:23.0384 2280 BrFiltUp - ok
20:31:23.0423 2280 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
20:31:23.0462 2280 Browser - ok
20:31:23.0492 2280 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:31:23.0604 2280 Brserid - ok
20:31:23.0627 2280 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:31:23.0685 2280 BrSerWdm - ok
20:31:23.0757 2280 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:31:23.0808 2280 BrUsbMdm - ok
20:31:23.0813 2280 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:31:23.0857 2280 BrUsbSer - ok
20:31:23.0907 2280 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:31:23.0949 2280 BTHMODEM - ok
20:31:23.0998 2280 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:31:24.0088 2280 bthserv - ok
20:31:24.0184 2280 ccSet_NAV (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NAVx64\1307000.009\ccSetx64.sys
20:31:24.0203 2280 ccSet_NAV - ok
20:31:24.0246 2280 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:31:24.0338 2280 cdfs - ok
20:31:24.0393 2280 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
20:31:24.0436 2280 cdrom - ok
20:31:24.0515 2280 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
20:31:24.0612 2280 CertPropSvc - ok
20:31:24.0658 2280 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:31:24.0708 2280 circlass - ok
20:31:24.0760 2280 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:31:24.0783 2280 CLFS - ok
20:31:24.0903 2280 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:31:24.0923 2280 clr_optimization_v2.0.50727_32 - ok
20:31:25.0062 2280 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:31:25.0081 2280 clr_optimization_v2.0.50727_64 - ok
20:31:25.0123 2280 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
20:31:25.0138 2280 clwvd - ok
20:31:25.0170 2280 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:31:25.0218 2280 CmBatt - ok
20:31:25.0238 2280 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
20:31:25.0252 2280 cmdide - ok
20:31:25.0286 2280 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
20:31:25.0332 2280 CNG - ok
20:31:25.0382 2280 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:31:25.0393 2280 Compbatt - ok
20:31:25.0408 2280 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:31:25.0477 2280 CompositeBus - ok
20:31:25.0496 2280 COMSysApp - ok
20:31:25.0518 2280 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:31:25.0538 2280 crcdisk - ok
20:31:25.0590 2280 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
20:31:25.0675 2280 CryptSvc - ok
20:31:25.0763 2280 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
20:31:25.0853 2280 DcomLaunch - ok
20:31:25.0903 2280 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:31:25.0958 2280 defragsvc - ok
20:31:26.0002 2280 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
20:31:26.0052 2280 DfsC - ok
20:31:26.0111 2280 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
20:31:26.0178 2280 Dhcp - ok
20:31:26.0190 2280 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:31:26.0239 2280 discache - ok
20:31:26.0282 2280 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:31:26.0294 2280 Disk - ok
20:31:26.0326 2280 Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll
20:31:26.0382 2280 Dnscache - ok
20:31:26.0398 2280 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
20:31:26.0449 2280 dot3svc - ok
20:31:26.0472 2280 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
20:31:26.0530 2280 DPS - ok
20:31:26.0570 2280 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:31:26.0609 2280 drmkaud - ok
20:31:26.0708 2280 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
20:31:26.0734 2280 DXGKrnl - ok
20:31:26.0765 2280 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:31:26.0820 2280 EapHost - ok
20:31:27.0029 2280 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:31:27.0102 2280 ebdrv - ok
20:31:27.0255 2280 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:31:27.0281 2280 eeCtrl - ok
20:31:27.0563 2280 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
20:31:27.0601 2280 EFS - ok
20:31:27.0732 2280 ehRecvr (3d69fae60ede442e004611a4ee4db44c) C:\Windows\ehome\ehRecvr.exe
20:31:27.0798 2280 ehRecvr - ok
20:31:27.0836 2280 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:31:27.0928 2280 ehSched - ok
20:31:28.0139 2280 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:31:28.0162 2280 elxstor - ok
20:31:28.0302 2280 EPSON_EB_RPCV4_01 (b5581646636759d0dafa8b008881c079) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
20:31:28.0363 2280 EPSON_EB_RPCV4_01 - ok
20:31:28.0409 2280 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
20:31:28.0463 2280 EPSON_PM_RPCV4_01 - ok
20:31:28.0605 2280 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:31:28.0617 2280 EraserUtilRebootDrv - ok
20:31:28.0639 2280 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
20:31:28.0673 2280 ErrDev - ok
20:31:28.0760 2280 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:31:28.0813 2280 EventSystem - ok
20:31:28.0842 2280 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:31:28.0892 2280 exfat - ok
20:31:28.0904 2280 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:31:28.0952 2280 fastfat - ok
20:31:29.0042 2280 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
20:31:29.0131 2280 Fax - ok
20:31:29.0185 2280 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:31:29.0224 2280 fdc - ok
20:31:29.0247 2280 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:31:29.0315 2280 fdPHost - ok
20:31:29.0322 2280 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:31:29.0359 2280 FDResPub - ok
20:31:29.0399 2280 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:31:29.0412 2280 FileInfo - ok
20:31:29.0427 2280 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:31:29.0477 2280 Filetrace - ok
20:31:29.0497 2280 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:31:29.0513 2280 flpydisk - ok
20:31:29.0567 2280 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
20:31:29.0593 2280 FltMgr - ok
20:31:29.0675 2280 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
20:31:29.0749 2280 FontCache - ok
20:31:29.0822 2280 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:31:29.0839 2280 FontCache3.0.0.0 - ok
20:31:29.0987 2280 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:31:30.0009 2280 FsDepends - ok
20:31:30.0013 2280 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:31:30.0026 2280 Fs_Rec - ok
20:31:30.0058 2280 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
20:31:30.0076 2280 fvevol - ok
20:31:30.0108 2280 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:31:30.0122 2280 gagp30kx - ok
20:31:30.0232 2280 GameConsoleService (d154305de6090e6e84e525f84bb08a06) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
20:31:30.0253 2280 GameConsoleService - ok
20:31:30.0331 2280 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
20:31:30.0382 2280 gpsvc - ok
20:31:30.0414 2280 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:31:30.0491 2280 hcw85cir - ok
20:31:30.0531 2280 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
20:31:30.0565 2280 HdAudAddService - ok
20:31:30.0600 2280 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:31:30.0633 2280 HDAudBus - ok
20:31:30.0649 2280 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:31:30.0680 2280 HidBatt - ok
20:31:30.0700 2280 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:31:30.0738 2280 HidBth - ok
20:31:30.0768 2280 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:31:30.0800 2280 HidIr - ok
20:31:30.0828 2280 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:31:30.0880 2280 hidserv - ok
20:31:30.0924 2280 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
20:31:30.0959 2280 HidUsb - ok
20:31:30.0999 2280 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
20:31:31.0056 2280 hkmsvc - ok
20:31:31.0084 2280 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
20:31:31.0154 2280 HomeGroupListener - ok
20:31:31.0182 2280 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
20:31:31.0211 2280 HomeGroupProvider - ok
20:31:31.0293 2280 HP Health Check Service (37965381364b2e106e1dd7d74cdcaa43) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
20:31:31.0312 2280 HP Health Check Service - ok
20:31:31.0405 2280 HP Wireless Assistant Service (c930128c8f8ff03d8f8c42b570920d56) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
20:31:31.0423 2280 HP Wireless Assistant Service - ok
20:31:31.0462 2280 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
20:31:31.0483 2280 HPClientSvc - ok
20:31:31.0574 2280 HPDrvMntSvc.exe (f323230c391771611bbe9363b88c3e3e) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
20:31:31.0587 2280 HPDrvMntSvc.exe - ok
20:31:31.0639 2280 hpqwmiex (5311386f0ec157d155bb07a1d420fb4d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
20:31:31.0662 2280 hpqwmiex - ok
20:31:32.0075 2280 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:31:32.0098 2280 HpSAMD - ok
20:31:32.0172 2280 HPWMISVC (854197d1270d20193fe2d4b14784aade) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
20:31:32.0181 2280 HPWMISVC - ok
20:31:32.0267 2280 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
20:31:32.0331 2280 HTTP - ok
20:31:32.0358 2280 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
20:31:32.0369 2280 hwpolicy - ok
20:31:32.0405 2280 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:31:32.0421 2280 i8042prt - ok
20:31:32.0482 2280 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
20:31:32.0499 2280 iaStor - ok
20:31:32.0548 2280 iaStorV (513dc087cfed7d2bb82f005385d3531f) C:\Windows\system32\DRIVERS\iaStorV.sys
20:31:32.0568 2280 iaStorV - ok
20:31:32.0696 2280 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:31:32.0723 2280 idsvc - ok
20:31:32.0973 2280 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120423.001\IDSvia64.sys
20:31:33.0004 2280 IDSVia64 - ok
20:31:34.0087 2280 igfx (898ab5bfed7040d7ab07af01885eb944) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:31:34.0420 2280 igfx - ok
20:31:34.0831 2280 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:31:34.0853 2280 iirsp - ok
20:31:34.0937 2280 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
20:31:35.0030 2280 IKEEXT - ok
20:31:35.0192 2280 IntcAzAudAddService (d311e2dd59a34079d89c249b2a4d9fdb) C:\Windows\system32\drivers\RTKVHD64.sys
20:31:35.0250 2280 IntcAzAudAddService - ok
20:31:35.0652 2280 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
20:31:35.0674 2280 intelide - ok
20:31:35.0689 2280 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:31:35.0715 2280 intelppm - ok
20:31:35.0752 2280 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:31:35.0801 2280 IPBusEnum - ok
20:31:35.0825 2280 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:31:35.0871 2280 IpFilterDriver - ok
20:31:35.0936 2280 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
20:31:35.0997 2280 iphlpsvc - ok
20:31:36.0026 2280 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:31:36.0049 2280 IPMIDRV - ok
20:31:36.0059 2280 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:31:36.0107 2280 IPNAT - ok
20:31:36.0150 2280 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:31:36.0172 2280 IRENUM - ok
20:31:36.0177 2280 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
20:31:36.0190 2280 isapnp - ok
20:31:36.0230 2280 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
20:31:36.0246 2280 iScsiPrt - ok
20:31:36.0275 2280 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:31:36.0287 2280 kbdclass - ok
20:31:36.0301 2280 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
20:31:36.0329 2280 kbdhid - ok
20:31:36.0375 2280 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
20:31:36.0401 2280 KeyIso - ok
20:31:36.0427 2280 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
20:31:36.0440 2280 KSecDD - ok
20:31:36.0470 2280 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
20:31:36.0485 2280 KSecPkg - ok
20:31:36.0494 2280 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:31:36.0546 2280 ksthunk - ok
20:31:36.0588 2280 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:31:36.0653 2280 KtmRm - ok
20:31:36.0719 2280 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
20:31:36.0783 2280 LanmanServer - ok
20:31:36.0841 2280 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
20:31:36.0916 2280 LanmanWorkstation - ok
20:31:36.0952 2280 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:31:36.0990 2280 lltdio - ok
20:31:37.0035 2280 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:31:37.0096 2280 lltdsvc - ok
20:31:37.0122 2280 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:31:37.0159 2280 lmhosts - ok
20:31:37.0191 2280 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:31:37.0205 2280 LSI_FC - ok
20:31:37.0222 2280 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:31:37.0236 2280 LSI_SAS - ok
20:31:37.0242 2280 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:31:37.0255 2280 LSI_SAS2 - ok
20:31:37.0265 2280 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:31:37.0279 2280 LSI_SCSI - ok
20:31:37.0288 2280 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:31:37.0337 2280 luafv - ok
20:31:37.0393 2280 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
20:31:37.0430 2280 Mcx2Svc - ok
20:31:37.0454 2280 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:31:37.0467 2280 megasas - ok
20:31:37.0485 2280 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:31:37.0503 2280 MegaSR - ok
20:31:37.0531 2280 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:31:37.0577 2280 MMCSS - ok
20:31:37.0594 2280 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:31:37.0644 2280 Modem - ok
20:31:37.0683 2280 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:31:37.0719 2280 monitor - ok
20:31:37.0732 2280 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:31:37.0745 2280 mouclass - ok
20:31:37.0775 2280 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:31:37.0791 2280 mouhid - ok
20:31:37.0799 2280 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
20:31:37.0811 2280 mountmgr - ok
20:31:37.0822 2280 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
20:31:37.0837 2280 mpio - ok
20:31:37.0844 2280 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:31:37.0888 2280 mpsdrv - ok
20:31:37.0976 2280 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
20:31:38.0033 2280 MpsSvc - ok
20:31:38.0043 2280 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
20:31:38.0080 2280 MRxDAV - ok
20:31:38.0108 2280 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:31:38.0190 2280 mrxsmb - ok
20:31:38.0218 2280 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:31:38.0250 2280 mrxsmb10 - ok
20:31:38.0260 2280 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:31:38.0276 2280 mrxsmb20 - ok
20:31:38.0295 2280 msahci (d1318d7b87b71003a5c6c7c31ec80288) C:\Windows\system32\DRIVERS\msahci.sys
20:31:38.0307 2280 msahci - ok
20:31:38.0332 2280 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
20:31:38.0347 2280 msdsm - ok
20:31:38.0385 2280 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:31:38.0428 2280 MSDTC - ok
20:31:38.0448 2280 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:31:38.0485 2280 Msfs - ok
20:31:38.0495 2280 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:31:38.0545 2280 mshidkmdf - ok
20:31:38.0559 2280 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
20:31:38.0572 2280 msisadrv - ok
20:31:38.0629 2280 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:31:38.0692 2280 MSiSCSI - ok
20:31:38.0695 2280 msiserver - ok
20:31:38.0719 2280 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:31:38.0756 2280 MSKSSRV - ok
20:31:38.0760 2280 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:31:38.0797 2280 MSPCLOCK - ok
20:31:38.0800 2280 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:31:38.0852 2280 MSPQM - ok
20:31:38.0873 2280 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
20:31:38.0892 2280 MsRPC - ok
20:31:38.0897 2280 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:31:38.0910 2280 mssmbios - ok
20:31:38.0913 2280 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:31:38.0958 2280 MSTEE - ok
20:31:38.0974 2280 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:31:39.0003 2280 MTConfig - ok
20:31:39.0045 2280 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:31:39.0068 2280 Mup - ok
20:31:39.0121 2280 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
20:31:39.0165 2280 napagent - ok
20:31:39.0271 2280 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:31:39.0329 2280 NativeWifiP - ok
20:31:39.0500 2280 NAV (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe
20:31:39.0520 2280 NAV - ok
20:31:39.0725 2280 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120423.002\ENG64.SYS
20:31:39.0744 2280 NAVENG - ok
20:31:39.0868 2280 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120423.002\EX64.SYS
20:31:39.0916 2280 NAVEX15 - ok
20:31:40.0385 2280 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
20:31:40.0428 2280 NDIS - ok
20:31:40.0464 2280 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:31:40.0501 2280 NdisCap - ok
20:31:40.0530 2280 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:31:40.0572 2280 NdisTapi - ok
20:31:40.0596 2280 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
20:31:40.0637 2280 Ndisuio - ok
20:31:40.0675 2280 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:31:40.0726 2280 NdisWan - ok
20:31:40.0733 2280 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
20:31:40.0770 2280 NDProxy - ok
20:31:40.0793 2280 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:31:40.0842 2280 NetBIOS - ok
20:31:40.0878 2280 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
20:31:40.0926 2280 NetBT - ok
20:31:40.0953 2280 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
20:31:40.0968 2280 Netlogon - ok
20:31:41.0023 2280 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:31:41.0077 2280 Netman - ok
20:31:41.0103 2280 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:31:41.0159 2280 netprofm - ok
20:31:41.0273 2280 netr28x (aa1d8f9de032be4e8303af33368fdfc8) C:\Windows\system32\DRIVERS\netr28x.sys
20:31:41.0321 2280 netr28x - ok
20:31:41.0411 2280 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:31:41.0431 2280 NetTcpPortSharing - ok
20:31:41.0875 2280 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
20:31:42.0042 2280 netw5v64 - ok
20:31:42.0445 2280 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:31:42.0467 2280 nfrd960 - ok
20:31:42.0530 2280 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
20:31:42.0597 2280 NlaSvc - ok
20:31:42.0868 2280 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
20:31:42.0932 2280 NOBU - ok
20:31:43.0324 2280 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:31:43.0377 2280 Npfs - ok
20:31:43.0399 2280 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:31:43.0453 2280 nsi - ok
20:31:43.0479 2280 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:31:43.0533 2280 nsiproxy - ok
20:31:43.0675 2280 Ntfs (1ad8fef2d6ac7116b68b887a9782fd33) C:\Windows\system32\drivers\Ntfs.sys
20:31:43.0722 2280 Ntfs - ok
20:31:44.0106 2280 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:31:44.0179 2280 Null - ok
20:31:44.0226 2280 nvraid (deab10231cbdb0881fc25428ebe11506) C:\Windows\system32\DRIVERS\nvraid.sys
20:31:44.0240 2280 nvraid - ok
20:31:44.0251 2280 nvstor (0af7b8136794e23e87be138992880e64) C:\Windows\system32\DRIVERS\nvstor.sys
20:31:44.0266 2280 nvstor - ok
20:31:44.0307 2280 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
20:31:44.0321 2280 nv_agp - ok
20:31:44.0328 2280 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
20:31:44.0344 2280 ohci1394 - ok
20:31:44.0444 2280 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:31:44.0465 2280 ose - ok
20:31:44.0653 2280 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:31:44.0724 2280 p2pimsvc - ok
20:31:44.0780 2280 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:31:44.0815 2280 p2psvc - ok
20:31:44.0850 2280 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:31:44.0879 2280 Parport - ok
20:31:44.0889 2280 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
20:31:44.0911 2280 partmgr - ok
20:31:44.0943 2280 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:31:44.0979 2280 PcaSvc - ok
20:31:45.0017 2280 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
20:31:45.0042 2280 pci - ok
20:31:45.0047 2280 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
20:31:45.0059 2280 pciide - ok
20:31:45.0074 2280 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:31:45.0091 2280 pcmcia - ok
20:31:45.0097 2280 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:31:45.0110 2280 pcw - ok
20:31:45.0149 2280 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:31:45.0215 2280 PEAUTH - ok
20:31:45.0454 2280 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:31:45.0495 2280 PerfHost - ok
20:31:45.0625 2280 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
20:31:45.0709 2280 pla - ok
20:31:45.0768 2280 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
20:31:45.0829 2280 PlugPlay - ok
20:31:45.0848 2280 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:31:45.0877 2280 PNRPAutoReg - ok
20:31:45.0899 2280 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:31:45.0918 2280 PNRPsvc - ok
20:31:45.0975 2280 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
20:31:46.0028 2280 PolicyAgent - ok
20:31:46.0068 2280 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:31:46.0117 2280 Power - ok
20:31:46.0277 2280 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
20:31:46.0345 2280 PptpMiniport - ok
20:31:46.0361 2280 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:31:46.0395 2280 Processor - ok
20:31:46.0439 2280 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
20:31:46.0503 2280 ProfSvc - ok
20:31:46.0550 2280 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
20:31:46.0578 2280 ProtectedStorage - ok
20:31:46.0640 2280 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
20:31:46.0699 2280 Psched - ok
20:31:46.0814 2280 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:31:46.0857 2280 ql2300 - ok
20:31:47.0247 2280 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:31:47.0271 2280 ql40xx - ok
20:31:47.0312 2280 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:31:47.0351 2280 QWAVE - ok
20:31:47.0363 2280 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:31:47.0393 2280 QWAVEdrv - ok
20:31:47.0408 2280 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:31:47.0458 2280 RasAcd - ok
20:31:47.0516 2280 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:31:47.0592 2280 RasAgileVpn - ok
20:31:47.0623 2280 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:31:47.0674 2280 RasAuto - ok
20:31:47.0704 2280 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:31:47.0760 2280 Rasl2tp - ok
20:31:47.0805 2280 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
20:31:47.0865 2280 RasMan - ok
20:31:47.0915 2280 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:31:47.0971 2280 RasPppoe - ok
20:31:47.0979 2280 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:31:48.0023 2280 RasSstp - ok
20:31:48.0071 2280 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
20:31:48.0130 2280 rdbss - ok
20:31:48.0134 2280 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:31:48.0152 2280 rdpbus - ok
20:31:48.0198 2280 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:31:48.0244 2280 RDPCDD - ok
20:31:48.0249 2280 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:31:48.0301 2280 RDPENCDD - ok
20:31:48.0307 2280 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:31:48.0345 2280 RDPREFMP - ok
20:31:48.0387 2280 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
20:31:48.0450 2280 RDPWD - ok
20:31:48.0503 2280 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
20:31:48.0527 2280 rdyboost - ok
20:31:48.0554 2280 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:31:48.0593 2280 RemoteAccess - ok
20:31:48.0625 2280 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:31:48.0679 2280 RemoteRegistry - ok
20:31:48.0798 2280 RoxioNow Service (c1568e17039b2ec2b73a4f880ddd51e5) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
20:31:48.0824 2280 RoxioNow Service - ok
20:31:48.0855 2280 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:31:48.0904 2280 RpcEptMapper - ok
20:31:48.0937 2280 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:31:48.0953 2280 RpcLocator - ok
20:31:49.0014 2280 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
20:31:49.0057 2280 RpcSs - ok
20:31:49.0226 2280 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:31:49.0307 2280 rspndr - ok
20:31:49.0370 2280 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:31:49.0393 2280 RTL8167 - ok
20:31:49.0536 2280 RtVOsdService (4ea7e5df0cb237156176fa0349e6e87f) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
20:31:49.0569 2280 RtVOsdService ( UnsignedFile.Multi.Generic ) - warning
20:31:49.0569 2280 RtVOsdService - detected UnsignedFile.Multi.Generic (1)
20:31:49.0610 2280 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
20:31:49.0634 2280 SamSs - ok
20:31:49.0661 2280 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
20:31:49.0675 2280 sbp2port - ok
20:31:49.0714 2280 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:31:49.0772 2280 SCardSvr - ok
20:31:49.0791 2280 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
20:31:49.0841 2280 scfilter - ok
20:31:49.0949 2280 Schedule (ec56b171f85c7e855e7b0588ac503eea) C:\Windows\system32\schedsvc.dll
20:31:50.0007 2280 Schedule - ok
20:31:50.0038 2280 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
20:31:50.0074 2280 SCPolicySvc - ok
20:31:50.0138 2280 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
20:31:50.0170 2280 sdbus - ok
20:31:50.0196 2280 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
20:31:50.0316 2280 SDRSVC - ok
20:31:50.0354 2280 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:31:50.0409 2280 secdrv - ok
20:31:50.0429 2280 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
20:31:50.0466 2280 seclogon - ok
20:31:50.0475 2280 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:31:50.0512 2280 SENS - ok
20:31:50.0555 2280 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:31:50.0635 2280 SensrSvc - ok
20:31:50.0665 2280 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:31:50.0686 2280 Serenum - ok
20:31:50.0703 2280 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:31:50.0732 2280 Serial - ok
20:31:50.0745 2280 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:31:50.0773 2280 sermouse - ok
20:31:50.0808 2280 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
20:31:50.0859 2280 SessionEnv - ok
20:31:50.0889 2280 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
20:31:50.0945 2280 sffdisk - ok
20:31:50.0951 2280 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:31:50.0987 2280 sffp_mmc - ok
20:31:51.0014 2280 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:31:51.0050 2280 sffp_sd - ok
20:31:51.0091 2280 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:31:51.0116 2280 sfloppy - ok
20:31:51.0172 2280 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:31:51.0233 2280 SharedAccess - ok
20:31:51.0281 2280 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
20:31:51.0324 2280 ShellHWDetection - ok
20:31:51.0348 2280 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:31:51.0361 2280 SiSRaid2 - ok
20:31:51.0380 2280 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:31:51.0393 2280 SiSRaid4 - ok
20:31:51.0433 2280 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:31:51.0503 2280 Smb - ok
20:31:51.0537 2280 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:31:51.0554 2280 SNMPTRAP - ok
20:31:51.0574 2280 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:31:51.0587 2280 spldr - ok
20:31:51.0653 2280 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
20:31:51.0718 2280 Spooler - ok
20:31:52.0002 2280 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
20:31:52.0087 2280 sppsvc - ok
20:31:52.0379 2280 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:31:52.0425 2280 sppuinotify - ok
20:31:52.0687 2280 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NAVx64\1306020.00A\SRTSP64.SYS
20:31:52.0712 2280 SRTSP - ok
20:31:52.0768 2280 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\NAVx64\1307000.009\SRTSPX64.SYS
20:31:52.0784 2280 SRTSPX - ok
20:31:52.0852 2280 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
20:31:52.0892 2280 srv - ok
20:31:52.0918 2280 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
20:31:52.0950 2280 srv2 - ok
20:31:52.0993 2280 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:31:53.0041 2280 SrvHsfHDA - ok
20:31:53.0147 2280 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:31:53.0187 2280 SrvHsfV92 - ok
20:31:53.0647 2280 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:31:53.0677 2280 SrvHsfWinac - ok
20:31:53.0714 2280 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
20:31:53.0743 2280 srvnet - ok
20:31:53.0795 2280 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:31:53.0855 2280 SSDPSRV - ok
20:31:53.0872 2280 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:31:53.0912 2280 SstpSvc - ok
20:31:53.0928 2280 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:31:53.0941 2280 stexstor - ok
20:31:54.0030 2280 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
20:31:54.0093 2280 stisvc - ok
20:31:54.0119 2280 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:31:54.0131 2280 swenum - ok
20:31:54.0178 2280 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:31:54.0227 2280 swprv - ok
20:31:54.0344 2280 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NAVx64\1307000.009\SYMDS64.SYS
20:31:54.0373 2280 SymDS - ok
20:31:54.0484 2280 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NAVx64\1307000.009\SYMEFA64.SYS
20:31:54.0516 2280 SymEFA - ok
20:31:54.0557 2280 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
20:31:54.0569 2280 SymEvent - ok
20:31:54.0623 2280 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NAVx64\1307000.009\Ironx64.SYS
20:31:54.0644 2280 SymIRON - ok
20:31:54.0752 2280 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NAVx64\1306020.00A\SYMNETS.SYS
20:31:54.0781 2280 SymNetS - ok
20:31:54.0932 2280 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
20:31:54.0970 2280 SynTP - ok
20:31:55.0396 2280 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
20:31:55.0465 2280 SysMain - ok
20:31:55.0757 2280 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
20:31:55.0780 2280 TabletInputService - ok
20:31:55.0808 2280 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
20:31:55.0867 2280 TapiSrv - ok
20:31:55.0891 2280 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:31:55.0932 2280 TBS - ok
20:31:56.0248 2280 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
20:31:56.0304 2280 Tcpip - ok
20:31:56.0889 2280 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
20:31:56.0934 2280 TCPIP6 - ok
20:31:57.0332 2280 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
20:31:57.0409 2280 tcpipreg - ok
20:31:57.0452 2280 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:31:57.0549 2280 TDPIPE - ok
20:31:57.0587 2280 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
20:31:57.0615 2280 TDTCP - ok
20:31:57.0639 2280 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
20:31:57.0696 2280 tdx - ok
20:31:57.0747 2280 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
20:31:57.0761 2280 TermDD - ok
20:31:57.0819 2280 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
20:31:57.0883 2280 TermService - ok
20:31:57.0905 2280 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:31:57.0927 2280 Themes - ok
20:31:57.0954 2280 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:31:57.0994 2280 THREADORDER - ok
20:31:58.0024 2280 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:31:58.0078 2280 TrkWks - ok
20:31:58.0133 2280 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
20:31:58.0160 2280 TrustedInstaller - ok
20:31:58.0180 2280 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:31:58.0261 2280 tssecsrv - ok
20:31:58.0314 2280 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
20:31:58.0384 2280 tunnel - ok
20:31:58.0392 2280 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:31:58.0406 2280 uagp35 - ok
20:31:58.0459 2280 udfs (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys
20:31:58.0501 2280 udfs - ok
20:31:58.0525 2280 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:31:58.0545 2280 UI0Detect - ok
20:31:58.0579 2280 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:31:58.0593 2280 uliagpkx - ok
20:31:58.0611 2280 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
20:31:58.0634 2280 umbus - ok
20:31:58.0655 2280 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:31:58.0685 2280 UmPass - ok
20:31:58.0734 2280 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:31:58.0779 2280 upnphost - ok
20:31:58.0807 2280 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
20:31:58.0877 2280 usbccgp - ok
20:31:58.0921 2280 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
20:31:58.0959 2280 usbcir - ok
20:31:58.0987 2280 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
20:31:59.0016 2280 usbehci - ok
20:31:59.0078 2280 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
20:31:59.0120 2280 usbhub - ok
20:31:59.0156 2280 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
20:31:59.0177 2280 usbohci - ok
20:31:59.0206 2280 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:31:59.0247 2280 usbprint - ok
20:31:59.0280 2280 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:31:59.0306 2280 usbscan - ok
20:31:59.0350 2280 USBSTOR (a60e7e0fa88ff067d049d525547cd5e9) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:31:59.0415 2280 USBSTOR - ok
20:31:59.0443 2280 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
20:31:59.0465 2280 usbuhci - ok
20:31:59.0485 2280 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:31:59.0524 2280 UxSms - ok
20:31:59.0553 2280 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
20:31:59.0571 2280 VaultSvc - ok
20:31:59.0611 2280 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:31:59.0624 2280 vdrvroot - ok
20:31:59.0686 2280 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
20:31:59.0712 2280 vds - ok
20:31:59.0756 2280 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:31:59.0775 2280 vga - ok
20:31:59.0780 2280 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:31:59.0828 2280 VgaSave - ok
20:31:59.0842 2280 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
20:31:59.0859 2280 vhdmp - ok
20:31:59.0864 2280 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
20:31:59.0876 2280 viaide - ok
20:31:59.0884 2280 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
20:31:59.0897 2280 volmgr - ok
20:31:59.0922 2280 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
20:31:59.0942 2280 volmgrx - ok
20:31:59.0983 2280 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
20:32:00.0002 2280 volsnap - ok
20:32:00.0031 2280 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:32:00.0046 2280 vsmraid - ok
20:32:00.0167 2280 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
20:32:00.0210 2280 VSS - ok
20:32:00.0606 2280 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:32:00.0639 2280 vwifibus - ok
20:32:00.0656 2280 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:32:00.0688 2280 vwififlt - ok
20:32:00.0740 2280 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:32:00.0786 2280 W32Time - ok
20:32:00.0808 2280 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:32:00.0845 2280 WacomPen - ok
20:32:00.0873 2280 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:32:00.0914 2280 WANARP - ok
20:32:00.0917 2280 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:32:00.0956 2280 Wanarpv6 - ok
20:32:01.0067 2280 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
20:32:01.0157 2280 wbengine - ok
20:32:01.0432 2280 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:32:01.0463 2280 WbioSrvc - ok
20:32:01.0487 2280 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
20:32:01.0514 2280 wcncsvc - ok
20:32:01.0521 2280 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:32:01.0574 2280 WcsPlugInService - ok
20:32:01.0722 2280 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:32:01.0745 2280 Wd - ok
20:32:01.0787 2280 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:32:01.0812 2280 Wdf01000 - ok
20:32:01.0836 2280 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:32:01.0870 2280 WdiServiceHost - ok
20:32:01.0873 2280 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:32:01.0894 2280 WdiSystemHost - ok
20:32:01.0932 2280 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
20:32:01.0972 2280 WebClient - ok
20:32:02.0000 2280 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:32:02.0057 2280 Wecsvc - ok
20:32:02.0089 2280 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:32:02.0130 2280 wercplsupport - ok
20:32:02.0155 2280 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:32:02.0196 2280 WerSvc - ok
20:32:02.0362 2280 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:32:02.0423 2280 WfpLwf - ok
20:32:02.0428 2280 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:32:02.0440 2280 WIMMount - ok
20:32:02.0469 2280 WinDefend - ok
20:32:02.0472 2280 WinHttpAutoProxySvc - ok
20:32:02.0592 2280 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:32:02.0659 2280 Winmgmt - ok
20:32:02.0814 2280 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
20:32:02.0897 2280 WinRM - ok
20:32:03.0258 2280 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:32:03.0317 2280 Wlansvc - ok
20:32:03.0575 2280 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:32:03.0635 2280 wlidsvc - ok
20:32:04.0040 2280 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:32:04.0065 2280 WmiAcpi - ok
20:32:04.0180 2280 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:32:04.0234 2280 wmiApSrv - ok
20:32:04.0305 2280 WMPNetworkSvc - ok
20:32:04.0327 2280 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:32:04.0398 2280 WPCSvc - ok
20:32:04.0428 2280 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
20:32:04.0514 2280 WPDBusEnum - ok
20:32:04.0543 2280 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:32:04.0581 2280 ws2ifsl - ok
20:32:04.0611 2280 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
20:32:04.0634 2280 wscsvc - ok
20:32:04.0638 2280 WSearch - ok
20:32:04.0790 2280 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
20:32:04.0869 2280 wuauserv - ok
20:32:05.0264 2280 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
20:32:05.0337 2280 WudfPf - ok
20:32:05.0398 2280 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:32:05.0454 2280 WUDFRd - ok
20:32:05.0485 2280 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
20:32:05.0526 2280 wudfsvc - ok
20:32:05.0558 2280 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:32:05.0594 2280 WwanSvc - ok
20:32:05.0662 2280 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
20:32:05.0699 2280 yukonw7 - ok
20:32:05.0717 2280 MBR (0x1B8) (2cd07e130f4efdc6bf79e0679ce1c7d6) \Device\Harddisk0\DR0
20:32:05.0850 2280 \Device\Harddisk0\DR0 - ok
20:32:05.0859 2280 Boot (0x1200) (ca3a8027b07ad702cccc1aa116e51341) \Device\Harddisk0\DR0\Partition0
20:32:05.0861 2280 \Device\Harddisk0\DR0\Partition0 - ok
20:32:05.0874 2280 Boot (0x1200) (e282e54f4f7d2aa9097c17c922ee6a34) \Device\Harddisk0\DR0\Partition1
20:32:05.0876 2280 \Device\Harddisk0\DR0\Partition1 - ok
20:32:05.0906 2280 Boot (0x1200) (6756a99271312ec3aa9fa5553b226d4e) \Device\Harddisk0\DR0\Partition2
20:32:05.0908 2280 \Device\Harddisk0\DR0\Partition2 - ok
20:32:05.0930 2280 Boot (0x1200) (fc373130f5a68415bf2a98e52a63a8f4) \Device\Harddisk0\DR0\Partition3
20:32:05.0931 2280 \Device\Harddisk0\DR0\Partition3 - ok
20:32:05.0931 2280 ============================================================
20:32:05.0931 2280 Scan finished
20:32:05.0931 2280 ============================================================
20:32:05.0995 5068 Detected object count: 1
20:32:05.0995 5068 Actual detected object count: 1
20:32:14.0650 5068 RtVOsdService ( UnsignedFile.Multi.Generic ) - skipped by user
20:32:14.0650 5068 RtVOsdService ( UnsignedFile.Multi.Generic ) - User select action: Skip

I will find something to do the mbr with tommorrow

Hi,



Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader 10.1.3 to your PC's desktop.

* Uninstall Adobe Reader 9 via Start => Control Panel > Uninstall a program
* Install the new downloaded updated software.


Note: Note that the McAfee Security scan is prechecked. You may wish to uncheck it before downloading.




Note: Adobe Reader X is a large program and if you prefer a smaller program you can get Foxit Reader 5.1.4 Build 0104 instead.

Foxit Reader 5.1.4 Build 0104 offer 5 levels of security. Click Me for more information.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.





Upgrading Java:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

• Download the latest version of Java SE 7u3.
• Click the Java SE 7u3 "Download JRE" button to the right.
• Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 7 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation for Windows x64 (64-bit) (jre-7u3-windows-x64.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel > Programs, click on Uninstall a program and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version. (Vista/Windows 7 users, right click on the jre-7u3-windows-x64.exe and select "Run as an Administrator.")

About C:\Windows\system32\DRIVERS\iaStor.sys

TDSSKiller claims it's right there.

20:31:32.0482 2280 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
20:31:32.0499 2280 iaStor - ok

Ok, let me know when you have the MBR.



Regards,
Georgi

SHA256: dc7844691740805a94f2901f8cb56f1591af4f0f9c6d92d6b8595f89e6fa5f02
SHA1: b176825bd68ee3e2f73567fa52b5f3683dc38b9e
MD5: 1384872112e8e7fd5786eceb8bddf4c9
File size: 528.0 KB ( 540696 bytes )
File name: iaStor.sys
File type: unknown
Detection ratio: 0 / 42
Analysis date: 2012-04-25 00:58:04 UTC ( 1 minute ago )

I found it, but when I tried to upload it, it wasn't there, so I copied and pasted it onto my desktop and was able to upload it from my desktop

I downloaded it and followed the instructions but when I pressed F12, there was no boot from USB option, the only option was the Windows 7 option.

I tried going through BIOs but I couldn't find the boot from USB under the boot options submenu either.

Hi,



The key used to access the Boot Menu may vary. Some commonly used Boot Menu keys are F2, F10, F11, and ESC
Also check the following topic.
Insert the USB drive into a USB socket before you power-on.
Then when you enter the BIOS, it should show and allow you set it to the 1st boot device.
Change this boot order and designate the USB flash drive as the first device in the "Boot Device Priority" list by selecting "1st" as its value.
Exit the BIOS Setup utility using the "Save and Exit Setup" item in the main menu.



Regards,
Georgi

I was able to boot it from the uSB, but I couldn't find the dumpit file, in fact, I couldn't find the file that corresponded to my USB

Dumpit is supposed to be a .txt file right?

Hello,



You have to download the file dumpit to your USB (by right clicking the following link and select Save Link/Target As. Save the file to your flash drive).

sda1,2...usually corresponds to your HDD
sdb1 is likely your USB





Let me know...



Regards,
Georgi

Hello,


Any progress ?
Please keep me posted if you have any problems with the steps.



Regards,
Georgi

No, tried a few times, there was no sdb
all there was was sda 1-4 but nothing else.