Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Invalid Partition Table Error after running TDSS Killer


  • This topic is locked This topic is locked
20 replies to this topic

#1 bobmarley753

bobmarley753

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 24 April 2012 - 09:30 AM

If this is not the right place to post this, let me know. My issue started as malware removal, which resulted in me not being able to boot windows vista. I'll do what I can to recall the steps that got me to where I am now:

Running Vista 64bit

I started getting pop ups in Vista that said "winrscmde has stopped working..." After closing the window it would pop up again in 30 seconds or so.

I updated Malwarebytes and ran a scan, which found something and quarentined it. It promped me to restart, which I did.

Upon restarting, I ran the MWB scan again, which found the same thing, again.

After searching for help on this, I downloaded TDSSkiller and ran it.

It popped up with two objects, 1 malicious (rootkit)and 1 suspicious(locked file), very much the same as is shown here

And here is where I made a mistake (I think). Following the advice on the site(not the one I linked above), I selected "Cure" for the malicious file and "Delete" for the suspicious one (I can't believe I did this).

When it finished it prompted a restart, which I did. Upon restarting I got an Invalid Partition Table error, so it looks like TDSSkiller deleted something necessary to boot windows.

My next step was to use the vista cd to attempt a recovery. The automated startup recovery found everything to be normal.

I performed a system restore to two weeks prior, which was successful, but did not solve the "invalid partition table" problem (I don't understand why this didn't work).

More searches pointed towards solving the boot problem by running the bootrec tool and /fixmbr and /fixboot from the recovery command prompt, which I did.

Upon restart, it does not give me the "invalid partition table" error, but instead just hangs at the same spot with a blinking cursor. I should note I have only one disk, and one partition.

I am now at a loss as to what to do, and am upset that I likely made things a lot worse due to my lack of knowledge. I was going to try and run /rebuildbcd, but decided I better get some help before possibly making things worse.

I'd say one course of action would be to try and find the TDSSkiller log to figure out what was deleted, but I am not sure how to do this with my computer in its current state.

Thanks for any help.

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:23 PM

Posted 24 April 2012 - 02:07 PM

Hi bobmarley753,

Welcome to the forum.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#3 bobmarley753

bobmarley753
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 24 April 2012 - 06:32 PM

Thanks for the quick response :)

Here is the output from frst64:

Scan result of Farbar Recovery Scan Tool Version: 22-04-2012
Ran by SYSTEM at 24-04-2012 19:16:15
Running from F:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] RAVCpl64.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [x]
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2726728 2010-03-24] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" [x]
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2011-11-22] (McAfee, Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] "C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" /logon [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScanUtility] "C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [140640 2010-03-02] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] "C:\Users\Mark\Documents\LeapFrog Connect\Monitor.exe" [268640 2011-11-12] (LeapFrog Enterprises, Inc.)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKU\Mark\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Mark\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-09-06] ()
HKU\UpdatusUser\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [339968 2009-04-10] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1

==================== Services (Whitelisted) ======

2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 IntuitUpdateService; "C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe" [13672 2010-08-23] (Intuit Inc.)
2 IntuitUpdateServiceV4; "C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" [13672 2011-08-25] (Intuit Inc.)
3 LBTServ; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [160272 2008-05-01] (Logitech, Inc.)
2 LeapFrog Connect Device Service; "C:\Users\Mark\Documents\LeapFrog Connect\CommandService.exe" [6141792 2011-11-12] (LeapFrog Enterprises, Inc.)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [501768 2011-06-23] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2011-10-18] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [208536 2011-10-18] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [161168 2011-10-18] (McAfee, Inc.)
3 p2pimsvc; C:\Windows\SysWow64\p2psvc.dll [644608 2009-04-10] (Microsoft Corporation)
3 p2psvc; C:\Windows\SysWow64\p2psvc.dll [644608 2009-04-10] (Microsoft Corporation)
3 PNRPAutoReg; C:\Windows\SysWow64\p2psvc.dll [644608 2009-04-10] (Microsoft Corporation)
3 PNRPsvc; C:\Windows\SysWow64\p2psvc.dll [644608 2009-04-10] (Microsoft Corporation)
3 SCardSvr; C:\Windows\SysWow64\SCardSvr.dll [95232 2009-04-10] (Microsoft Corporation)
2 Themes; C:\Windows\SysWow64\shsvcs.dll [247808 2009-07-10] (Microsoft Corporation)
2 msiserver; C:\Windows\System32\msiexec /V [x]

========================== Drivers (Whitelisted) =============

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2011-10-15] (McAfee, Inc.)
3 ENTECH64; C:\Windows\System32\Drivers\ENTECH64.sys [12744 2008-04-22] (EnTech Taiwan)
3 ET5Drv; \??\C:\Windows\ET5Drv.sys [36416 2007-10-16] (Windows ® Codename Longhorn DDK provider)
3 gdrv; \??\C:\Windows\gdrv.sys [20544 2008-10-14] (Windows ® Server 2003 DDK provider)
3 LHidFilt; C:\Windows\System32\Drivers\LHidFilt.sys [54800 2008-02-28] (Logitech, Inc.)
3 LMouFilt; C:\Windows\System32\Drivers\LMouFilt.sys [57360 2008-02-28] (Logitech, Inc.)
3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.sys [41488 2008-02-28] (Logitech, Inc.)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160280 2011-10-15] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2011-10-15] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [481768 2011-10-15] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647080 2011-10-15] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75808 2011-10-15] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2011-10-15] (McAfee, Inc.)
3 mferkdk; C:\Windows\System32\Drivers\mferkdk.sys [40904 2009-09-16] (McAfee, Inc.)
3 mfesmfk; C:\Windows\System32\Drivers\mfesmfk.sys [49480 2009-09-16] (McAfee, Inc.)
1 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [284648 2011-10-15] (McAfee, Inc.)
3 motccgp; C:\Windows\System32\Drivers\motccgp.sys [19456 2008-08-21] (Motorola)
3 motccgpfl; C:\Windows\System32\Drivers\motccgpfl.sys [9216 2008-08-21] (Motorola)
3 motmodem; C:\Windows\System32\Drivers\motmodem.sys [29184 2007-06-20] (Motorola)
3 motport; C:\Windows\System32\Drivers\motport.sys [29184 2007-06-20] (Motorola)
3 RTCore64; \??\C:\Program Files (x86)\EVGA Precision\RTCore64.sys [13416 2011-12-07] ()
3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh64.sys [197120 2009-03-06] (Realtek Corporation )
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 mfeavfk01; [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVCx32: Themes

============ One Month Created Files and Folders ==============

2012-04-24 19:15 - 2007-11-07 04:00 - 0000000 ____D C:\FRST
2012-04-23 17:34 - 2012-04-23 17:34 - 0119634 ____A C:\TDSSKiller.2.7.32.0_23.04.2012_21.34.58_log.txt
2012-04-23 17:33 - 2012-04-23 17:36 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-23 17:31 - 2012-04-24 00:57 - 0117958 ____A C:\TDSSKiller.2.7.32.0_23.04.2012_21.31.28_log.txt
2012-04-23 14:09 - 2011-02-12 10:25 - 0000000 ____D C:\Users\Mark\Documents\receipts
2012-04-22 11:36 - 2012-04-24 01:04 - 0000000 ____D C:\Program Files (x86)\iTunes(221)
2012-04-22 11:36 - 2012-04-24 01:02 - 0000000 ____D C:\Program Files\iPod(324)
2012-04-20 21:59 - 2009-02-27 08:19 - 0000000 ____D C:\users\UpdatusUser
2012-04-20 21:59 - - 0000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Media Center Programs
2012-04-20 21:57 - 2012-04-24 01:04 - 0000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-04-20 21:57 - 2012-04-24 01:04 - 0000000 ____D C:\ProgramData\NVIDIA Corporation
2012-04-20 21:29 - 2010-10-27 15:39 - 0000000 ____D C:\Users\Mark\Documents\Diablo III
2012-04-20 16:47 - 2012-01-07 15:17 - 0360048 ____A C:\Users\Mark\AppData\Local\dd_vcredistMSI651F.txt
2012-04-20 16:47 - 2012-01-07 15:17 - 0011154 ____A C:\Users\Mark\AppData\Local\dd_vcredistUI651F.txt
2012-04-20 16:47 - 2008-01-20 19:21 - 0000000 ____D C:\Program Files (x86)\Diablo III Beta
2012-04-20 16:41 - 2006-11-02 07:42 - 0000000 ____D C:\Users\All Users\Battle.net
2012-04-20 16:41 - 2006-11-02 07:42 - 0000000 ____D C:\ProgramData\Battle.net
2012-04-11 02:03 - 2012-02-27 23:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-11 02:03 - 2012-02-27 22:42 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-11 02:03 - 2012-02-27 17:52 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-11 02:03 - 2012-02-27 17:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-11 02:02 - 2012-02-27 22:56 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-11 02:02 - 2012-02-27 22:48 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-11 02:02 - 2012-02-27 22:45 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-11 02:02 - 2012-02-27 17:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-11 02:02 - 2012-02-27 17:09 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-11 02:02 - 2012-02-27 17:06 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-11 02:02 - 2011-11-16 08:43 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-11 02:02 - 2011-11-16 08:23 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-11 02:02 - 2011-05-11 05:38 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-11 02:02 - 2011-05-11 05:38 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-11 02:02 - 2011-05-11 05:38 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-11 02:02 - 2011-05-11 05:38 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-11 02:02 - 2011-05-11 05:37 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-11 02:02 - 2011-05-11 05:37 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-11 02:02 - 2011-05-11 05:37 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-11 02:02 - 2011-05-11 05:37 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-11 02:02 - 2011-05-02 09:16 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-11 02:02 - 2011-05-02 09:13 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-11 02:02 - 2009-04-10 23:15 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-11 02:02 - 2009-04-10 23:11 - 4699520 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-11 02:02 - 2008-01-20 18:50 - 0172032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-11 02:02 - 2008-01-20 18:49 - 0219136 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-11 02:02 - 2008-01-20 18:47 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-11 02:02 - 2008-01-20 18:47 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-11 02:02 - 2006-11-02 07:04 - 0005632 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-11 02:02 - 2006-11-02 07:04 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-11 02:02 - 2006-11-02 03:19 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-11 02:02 - 2006-11-02 03:15 - 0078848 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-11 02:02 - 2006-11-02 01:46 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-11 02:02 - 2006-11-02 01:44 - 0157696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-10 20:56 - - 0000222 ____A C:\Users\Mark\Desktop\Age of Empires Online.url

============ 3 Months Modified Files and Folders =============

2012-04-24 19:15 - 2012-04-24 19:15 - 0000000 ____D C:\FRST
2012-04-24 01:04 - 2012-01-03 17:17 - 0000000 ____D C:\Program Files\iTunes
2012-04-24 01:04 - 2012-01-03 17:17 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-04-24 01:04 - 2011-09-06 15:02 - 0000000 ____D C:\Users\All Users\PMB Files
2012-04-24 01:04 - 2011-09-06 15:02 - 0000000 ____D C:\ProgramData\PMB Files
2012-04-24 01:04 - 2011-02-12 10:25 - 0000000 ____D C:\Users\Mark\AppData\Roaming\Rainmeter
2012-04-24 01:04 - 2010-07-11 20:06 - 0000000 ____D C:\Users\All Users\McAfee Security Scan
2012-04-24 01:04 - 2010-07-11 20:06 - 0000000 ____D C:\ProgramData\McAfee Security Scan
2012-04-24 01:04 - 2010-02-26 09:13 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-04-24 01:04 - 2010-01-14 15:33 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-24 01:04 - 2009-11-05 16:52 - 0000000 ____D C:\Program Files (x86)\Steam
2012-04-24 01:04 - 2008-10-19 08:36 - 0000000 ____D C:\Users\Mark\AppData\Roaming\Ventrilo
2012-04-24 01:04 - 2008-10-14 19:06 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-04-24 01:04 - 2008-10-14 19:06 - 0000000 ____D C:\ProgramData\NVIDIA
2012-04-24 01:04 - 2008-10-14 17:15 - 0000000 ____D C:\users\Mark
2012-04-24 01:04 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\spool
2012-04-24 01:04 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\Msdtc
2012-04-24 01:04 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\registration
2012-04-24 01:04 - 2006-11-02 04:33 - 61079552 ____A C:\Windows\System32\config\software_previous
2012-04-24 01:04 - 2006-11-02 04:33 - 25952256 ____A C:\Windows\System32\config\system_previous
2012-04-24 01:02 - 2012-01-03 17:17 - 0000000 ____D C:\Program Files\iPod
2012-04-23 17:36 - 2012-04-23 17:34 - 0119634 ____A C:\TDSSKiller.2.7.32.0_23.04.2012_21.34.58_log.txt
2012-04-23 17:36 - 2012-04-23 17:33 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-23 17:36 - 2011-09-06 15:02 - 0000000 ____D C:\Users\Mark\AppData\Local\PMB Files
2012-04-23 17:36 - 2008-01-20 17:53 - 1192796 ____A C:\Windows\WindowsUpdate.log
2012-04-23 17:36 - 2006-11-02 04:33 - 56885248 ____A C:\Windows\System32\config\components_previous
2012-04-23 17:36 - 2006-11-02 04:33 - 0262144 ____A C:\Windows\System32\config\security_previous
2012-04-23 17:36 - 2006-11-02 04:33 - 0262144 ____A C:\Windows\System32\config\sam_previous
2012-04-23 17:36 - 2006-11-02 04:33 - 0262144 ____A C:\Windows\System32\config\default_previous
2012-04-23 17:34 - 2012-04-23 17:31 - 0117958 ____A C:\TDSSKiller.2.7.32.0_23.04.2012_21.31.28_log.txt
2012-04-23 14:09 - 2012-04-23 14:09 - 0000000 ____D C:\Users\Mark\Documents\receipts
2012-04-22 18:54 - 2009-04-24 19:16 - 0000000 ____D C:\Users\Mark\Documents\Erienne Is Awesome
2012-04-22 18:54 - 2008-10-14 17:16 - 0000000 ____D C:\Users\Mark\AppData\LocalLow
2012-04-22 16:40 - 2008-01-20 19:26 - 0174812 ____A C:\Windows\PFRO.log
2012-04-22 11:50 - 2008-12-26 11:12 - 0000000 ____D C:\Users\Mark\AppData\Roaming\Apple Computer
2012-04-22 11:37 - 2012-04-22 11:36 - 0000000 ____D C:\Program Files (x86)\iTunes(221)
2012-04-22 11:36 - 2012-04-22 11:36 - 0000000 ____D C:\Program Files\iPod(324)
2012-04-20 22:13 - 2008-10-14 19:13 - 0000000 ____D C:\Program Files (x86)\EVGA Precision
2012-04-20 22:00 - 2008-10-20 16:58 - 0000000 ____D C:\Program Files (x86)\AGEIA Technologies
2012-04-20 21:59 - 2012-04-20 21:59 - 0000000 ____D C:\users\UpdatusUser
2012-04-20 21:59 - 2010-02-26 09:13 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2012-04-20 21:59 - 2010-02-26 09:06 - 0000000 ____D C:\NVIDIA
2012-04-20 21:57 - 2012-04-20 21:57 - 0000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-04-20 21:57 - 2012-04-20 21:57 - 0000000 ____D C:\ProgramData\NVIDIA Corporation
2012-04-20 21:29 - 2012-04-20 21:29 - 0000000 ____D C:\Users\Mark\Documents\Diablo III
2012-04-20 21:28 - 2012-04-20 16:47 - 0000000 ____D C:\Program Files (x86)\Diablo III Beta
2012-04-20 16:47 - 2012-04-20 16:47 - 0360048 ____A C:\Users\Mark\AppData\Local\dd_vcredistMSI651F.txt
2012-04-20 16:47 - 2012-04-20 16:47 - 0011154 ____A C:\Users\Mark\AppData\Local\dd_vcredistUI651F.txt
2012-04-20 16:41 - 2012-04-20 16:41 - 0000000 ____D C:\Users\All Users\Battle.net
2012-04-20 16:41 - 2012-04-20 16:41 - 0000000 ____D C:\ProgramData\Battle.net
2012-04-20 16:29 - 2010-01-14 16:55 - 0034800 ____A C:\Users\All Users\nvModes.001
2012-04-20 16:29 - 2010-01-14 16:55 - 0034800 ____A C:\ProgramData\nvModes.001
2012-04-20 16:29 - 2010-01-14 16:54 - 0034800 ____A C:\Users\All Users\nvModes.dat
2012-04-20 16:29 - 2010-01-14 16:54 - 0034800 ____A C:\ProgramData\nvModes.dat
2012-04-20 10:32 - 2011-09-06 17:41 - 0000000 ____D C:\Users\Mark\riotsGamesLogs
2012-04-11 18:29 - 2006-11-02 07:22 - 0003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-11 18:29 - 2006-11-02 07:22 - 0003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-11 02:36 - 2006-11-02 04:46 - 0703516 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-11 02:29 - 2006-11-02 07:42 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-11 02:29 - 2006-11-02 07:21 - 0266104 ____A C:\Windows\System32\FNTCACHE.DAT
2012-04-11 02:27 - 2006-11-02 07:42 - 0032564 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-11 02:00 - 2006-11-02 04:35 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-04-10 20:56 - 2012-04-10 20:56 - 0000222 ____A C:\Users\Mark\Desktop\Age of Empires Online.url
2012-03-23 19:02 - 2008-10-14 17:16 - 0059760 ____A C:\Users\Mark\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-22 11:12 - 2012-03-22 11:12 - 4435968 ____A (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2012-03-21 05:07 - 2008-10-18 09:04 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-03-05 22:44 - 2012-04-11 02:02 - 4699520 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-02-29 07:37 - 2012-04-11 02:02 - 0219136 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 07:37 - 2012-04-11 02:02 - 0005632 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 07:35 - 2012-04-11 02:02 - 0078848 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 07:11 - 2012-04-11 02:02 - 0172032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 07:11 - 2012-04-11 02:02 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-29 07:09 - 2012-04-11 02:02 - 0157696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 05:52 - 2012-04-11 02:02 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-27 23:34 - 2012-04-11 02:02 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-04-11 02:02 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-04-11 02:02 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-04-11 02:02 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-04-11 02:02 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-04-11 02:02 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 22:48 - 2012-04-11 02:02 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:47 - 2012-04-11 02:02 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-04-11 02:02 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-04-11 02:03 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:43 - 2012-04-11 02:02 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:42 - 2012-04-11 02:03 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-04-11 02:02 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 17:52 - 2012-04-11 02:02 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-04-11 02:02 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-04-11 02:02 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 17:12 - 2012-04-11 02:02 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-04-11 02:02 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-04-11 02:02 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-04-11 02:02 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-04-11 02:02 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-04-11 02:02 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-04-11 02:02 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-04-11 02:03 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-04-11 02:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-04-11 02:02 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-20 00:02 - 2008-10-18 09:32 - 0029696 ____A C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-02-16 03:29 - 2010-03-20 15:33 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-14 08:49 - 2012-03-13 20:57 - 0327680 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-02-14 08:49 - 2012-03-13 20:57 - 0196096 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-02-14 07:45 - 2012-03-13 20:57 - 0219648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-02-14 07:45 - 2012-03-13 20:57 - 0160768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-02-13 06:38 - 2012-03-13 20:57 - 2002944 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-02-13 06:12 - 2012-03-13 20:57 - 1172480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-02-13 06:06 - 2012-03-13 20:57 - 0834048 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-02-13 06:03 - 2012-03-13 20:57 - 1555968 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-13 05:47 - 2012-03-13 20:57 - 0683008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-02-13 05:44 - 2012-03-13 20:57 - 1068544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-02 07:34 - 2012-03-13 20:57 - 2765824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-31 19:40 - 2009-02-02 14:36 - 0000000 ____D C:\Users\Mark\Documents\TurboTax
2012-01-27 21:39 - 2008-11-12 21:42 - 0000828 ____A C:\Users\Public\Desktop\World of Warcraft.lnk


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 4093.58 MB
Available physical RAM: 3524.17 MB
Total Pagefile: 3823.5 MB
Available Pagefile: 3499.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:465.76 GB) (Free:98.19 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
4 Drive e: (FRMCXFRE_EN_DVD) (CDROM) (Total:3.66 GB) (Free:0 GB) UDF
5 Drive f: (STORE'N'GO) (Removable) (Total:0.48 GB) (Free:0.09 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B
Disk 1 Online 489 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 466 GB 1024 KB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 466 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 489 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F STORE'N'GO FAT Removable 489 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-23 17:22

======================= End Of Log ==========================

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:23 PM

Posted 24 April 2012 - 07:11 PM

Let see what TDSSKiller has removed.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
cmd: type c:\tdss*.txt
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options and select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

#5 bobmarley753

bobmarley753
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 24 April 2012 - 08:00 PM

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 22-04-2012
Ran by SYSTEM at 2012-04-24 20:48:48 R:1
Running from F:\

==============================================


========= type c:\tdss*.txt =========


c:\TDSSKiller.2.7.32.0_23.04.2012_21.31.28_log.txt


21:31:28.0188 1996 TDSS rootkit removing tool 2.7.32.0 Apr 23 2012 19:12:34
21:31:28.0886 1996 ============================================================
21:31:28.0886 1996 Current date / time: 2012/04/23 21:31:28.0886
21:31:28.0886 1996 SystemInfo:
21:31:28.0886 1996
21:31:28.0886 1996 OS Version: 6.0.6002 ServicePack: 2.0
21:31:28.0886 1996 Product type: Workstation
21:31:28.0886 1996 ComputerName: MARK-PC
21:31:28.0886 1996 UserName: Mark
21:31:28.0886 1996 Windows directory: C:\Windows
21:31:28.0886 1996 System windows directory: C:\Windows
21:31:28.0886 1996 Running under WOW64
21:31:28.0886 1996 Processor architecture: Intel x64
21:31:28.0886 1996 Number of processors: 2
21:31:28.0886 1996 Page size: 0x1000
21:31:28.0886 1996 Boot type: Normal boot
21:31:28.0886 1996 ============================================================
21:31:30.0205 1996 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:31:30.0208 1996 ============================================================
21:31:30.0208 1996 \Device\Harddisk0\DR0:
21:31:30.0209 1996 MBR partitions:
21:31:30.0209 1996 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384000
21:31:30.0209 1996 ============================================================
21:31:30.0374 1996 C: <-> \Device\Harddisk0\DR0\Partition0
21:31:30.0374 1996 ============================================================
21:31:30.0374 1996 Initialize success
21:31:30.0374 1996 ============================================================
21:32:06.0268 5076 ============================================================
21:32:06.0268 5076 Scan started
21:32:06.0268 5076 Mode: Manual; TDLFS;
21:32:06.0268 5076 ============================================================
21:32:07.0792 5076 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
21:32:07.0796 5076 ACPI - ok
21:32:08.0022 5076 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
21:32:08.0028 5076 adp94xx - ok
21:32:08.0201 5076 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
21:32:08.0207 5076 adpahci - ok
21:32:08.0255 5076 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
21:32:08.0257 5076 adpu160m - ok
21:32:08.0465 5076 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
21:32:08.0468 5076 adpu320 - ok
21:32:08.0508 5076 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
21:32:08.0509 5076 AeLookupSvc - ok
21:32:08.0565 5076 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
21:32:08.0600 5076 AFD - ok
21:32:08.0702 5076 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
21:32:08.0704 5076 agp440 - ok
21:32:08.0722 5076 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
21:32:08.0724 5076 aic78xx - ok
21:32:08.0740 5076 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
21:32:08.0744 5076 ALG - ok
21:32:08.0767 5076 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
21:32:08.0769 5076 aliide - ok
21:32:08.0777 5076 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
21:32:08.0779 5076 amdide - ok
21:32:08.0795 5076 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
21:32:08.0797 5076 AmdK8 - ok
21:32:08.0820 5076 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
21:32:08.0821 5076 Appinfo - ok
21:32:08.0919 5076 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:32:08.0920 5076 Apple Mobile Device - ok
21:32:09.0023 5076 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
21:32:09.0026 5076 arc - ok
21:32:09.0049 5076 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
21:32:09.0051 5076 arcsas - ok
21:32:09.0088 5076 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
21:32:09.0091 5076 AsyncMac - ok
21:32:09.0110 5076 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
21:32:09.0110 5076 atapi - ok
21:32:09.0193 5076 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
21:32:09.0195 5076 AudioEndpointBuilder - ok
21:32:09.0199 5076 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
21:32:09.0201 5076 AudioSrv - ok
21:32:09.0266 5076 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
21:32:09.0271 5076 BFE - ok
21:32:09.0369 5076 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
21:32:09.0388 5076 BITS - ok
21:32:09.0468 5076 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
21:32:09.0471 5076 blbdrive - ok
21:32:09.0800 5076 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:32:09.0802 5076 Bonjour Service - ok
21:32:09.0935 5076 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
21:32:09.0969 5076 bowser - ok
21:32:10.0002 5076 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
21:32:10.0005 5076 BrFiltLo - ok
21:32:10.0019 5076 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
21:32:10.0022 5076 BrFiltUp - ok
21:32:10.0063 5076 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
21:32:10.0065 5076 Browser - ok
21:32:10.0094 5076 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
21:32:10.0097 5076 Brserid - ok
21:32:10.0196 5076 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
21:32:10.0200 5076 BrSerWdm - ok
21:32:10.0216 5076 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
21:32:10.0218 5076 BrUsbMdm - ok
21:32:10.0227 5076 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
21:32:10.0229 5076 BrUsbSer - ok
21:32:10.0253 5076 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
21:32:10.0256 5076 BTHMODEM - ok
21:32:10.0281 5076 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
21:32:10.0283 5076 cdfs - ok
21:32:10.0322 5076 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
21:32:10.0324 5076 cdrom - ok
21:32:10.0360 5076 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
21:32:10.0360 5076 CertPropSvc - ok
21:32:10.0404 5076 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
21:32:10.0440 5076 cfwids - ok
21:32:10.0485 5076 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
21:32:10.0488 5076 circlass - ok
21:32:10.0533 5076 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
21:32:10.0572 5076 CLFS - ok
21:32:10.0720 5076 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:32:10.0721 5076 clr_optimization_v2.0.50727_32 - ok
21:32:10.0792 5076 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:32:10.0793 5076 clr_optimization_v2.0.50727_64 - ok
21:32:10.0889 5076 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:32:10.0905 5076 clr_optimization_v4.0.30319_32 - ok
21:32:10.0955 5076 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:32:10.0956 5076 clr_optimization_v4.0.30319_64 - ok
21:32:10.0964 5076 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
21:32:10.0966 5076 cmdide - ok
21:32:10.0977 5076 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
21:32:10.0978 5076 Compbatt - ok
21:32:10.0980 5076 COMSysApp - ok
21:32:10.0992 5076 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
21:32:10.0994 5076 crcdisk - ok
21:32:11.0019 5076 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
21:32:11.0020 5076 CryptSvc - ok
21:32:11.0093 5076 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
21:32:11.0097 5076 DcomLaunch - ok
21:32:11.0141 5076 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
21:32:11.0175 5076 DfsC - ok
21:32:11.0669 5076 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
21:32:11.0721 5076 DFSR - ok
21:32:11.0875 5076 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
21:32:11.0876 5076 Dhcp - ok
21:32:11.0990 5076 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
21:32:11.0992 5076 disk - ok
21:32:12.0046 5076 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
21:32:12.0048 5076 Dnscache - ok
21:32:12.0086 5076 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
21:32:12.0093 5076 dot3svc - ok
21:32:12.0132 5076 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
21:32:12.0136 5076 DPS - ok
21:32:12.0164 5076 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
21:32:12.0165 5076 drmkaud - ok
21:32:12.0229 5076 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
21:32:12.0272 5076 DXGKrnl - ok
21:32:12.0329 5076 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
21:32:12.0332 5076 E1G60 - ok
21:32:12.0358 5076 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
21:32:12.0361 5076 EapHost - ok
21:32:12.0398 5076 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
21:32:12.0400 5076 Ecache - ok
21:32:12.0461 5076 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
21:32:12.0462 5076 ehRecvr - ok
21:32:12.0475 5076 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
21:32:12.0476 5076 ehSched - ok
21:32:12.0498 5076 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
21:32:12.0499 5076 ehstart - ok
21:32:12.0534 5076 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
21:32:12.0541 5076 elxstor - ok
21:32:12.0621 5076 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
21:32:12.0623 5076 EMDMgmt - ok
21:32:12.0661 5076 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
21:32:12.0695 5076 ENTECH64 - ok
21:32:12.0707 5076 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
21:32:12.0709 5076 ErrDev - ok
21:32:12.0762 5076 ET5Drv (5dc0914e8c6168de7702b8e2dc140b80) C:\Windows\ET5Drv.sys
21:32:12.0762 5076 ET5Drv - ok
21:32:12.0805 5076 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
21:32:12.0810 5076 EventSystem - ok
21:32:12.0848 5076 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
21:32:12.0850 5076 exfat - ok
21:32:12.0897 5076 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
21:32:12.0900 5076 fastfat - ok
21:32:12.0921 5076 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
21:32:12.0924 5076 fdc - ok
21:32:12.0927 5076 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
21:32:12.0930 5076 fdPHost - ok
21:32:12.0936 5076 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
21:32:12.0940 5076 FDResPub - ok
21:32:12.0953 5076 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
21:32:12.0955 5076 FileInfo - ok
21:32:12.0970 5076 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
21:32:12.0974 5076 Filetrace - ok
21:32:12.0985 5076 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:32:12.0986 5076 flpydisk - ok
21:32:13.0024 5076 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
21:32:13.0026 5076 FltMgr - ok
21:32:13.0138 5076 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
21:32:13.0170 5076 FontCache - ok
21:32:13.0232 5076 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:32:13.0232 5076 FontCache3.0.0.0 - ok
21:32:13.0306 5076 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
21:32:13.0340 5076 Fs_Rec - ok
21:32:13.0358 5076 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
21:32:13.0361 5076 gagp30kx - ok
21:32:13.0398 5076 gdrv (f51fb25e1328fa14f446a8b24ac52709) C:\Windows\gdrv.sys
21:32:13.0399 5076 gdrv - ok
21:32:13.0442 5076 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:32:13.0477 5076 GEARAspiWDM - ok
21:32:13.0541 5076 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
21:32:13.0544 5076 gpsvc - ok
21:32:13.0648 5076 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:32:13.0649 5076 gusvc - ok
21:32:13.0707 5076 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
21:32:13.0711 5076 HdAudAddService - ok
21:32:13.0882 5076 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:32:13.0891 5076 HDAudBus - ok
21:32:13.0910 5076 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
21:32:13.0912 5076 HidBth - ok
21:32:13.0926 5076 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
21:32:13.0928 5076 HidIr - ok
21:32:13.0956 5076 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
21:32:13.0958 5076 hidserv - ok
21:32:13.0987 5076 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
21:32:13.0990 5076 HidUsb - ok
21:32:14.0014 5076 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
21:32:14.0017 5076 hkmsvc - ok
21:32:14.0041 5076 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
21:32:14.0043 5076 HpCISSs - ok
21:32:14.0089 5076 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
21:32:14.0096 5076 HTTP - ok
21:32:14.0100 5076 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
21:32:14.0104 5076 i2omp - ok
21:32:14.0128 5076 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
21:32:14.0130 5076 i8042prt - ok
21:32:14.0152 5076 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
21:32:14.0158 5076 iaStorV - ok
21:32:14.0281 5076 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:32:14.0285 5076 idsvc - ok
21:32:14.0333 5076 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
21:32:14.0336 5076 iirsp - ok
21:32:14.0385 5076 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
21:32:14.0391 5076 IKEEXT - ok
21:32:14.0508 5076 IntcAzAudAddService (197ebb23caac8a29a5f166d186c5a117) C:\Windows\system32\drivers\RTKVHD64.sys
21:32:14.0548 5076 IntcAzAudAddService - ok
21:32:14.0680 5076 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
21:32:14.0684 5076 intelide - ok
21:32:14.0691 5076 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
21:32:14.0694 5076 intelppm - ok
21:32:14.0832 5076 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
21:32:14.0832 5076 IntuitUpdateService - ok
21:32:14.0905 5076 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
21:32:14.0906 5076 IntuitUpdateServiceV4 - ok
21:32:14.0934 5076 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
21:32:14.0938 5076 IPBusEnum - ok
21:32:14.0980 5076 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:32:14.0982 5076 IpFilterDriver - ok
21:32:15.0036 5076 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
21:32:15.0037 5076 iphlpsvc - ok
21:32:15.0039 5076 IpInIp - ok
21:32:15.0068 5076 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
21:32:15.0072 5076 IPMIDRV - ok
21:32:15.0088 5076 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
21:32:15.0090 5076 IPNAT - ok
21:32:15.0246 5076 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
21:32:15.0250 5076 iPod Service - ok
21:32:15.0268 5076 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
21:32:15.0270 5076 IRENUM - ok
21:32:15.0292 5076 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
21:32:15.0294 5076 isapnp - ok
21:32:15.0332 5076 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
21:32:15.0337 5076 iScsiPrt - ok
21:32:15.0375 5076 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
21:32:15.0378 5076 iteatapi - ok
21:32:15.0402 5076 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
21:32:15.0405 5076 iteraid - ok
21:32:15.0421 5076 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
21:32:15.0422 5076 kbdclass - ok
21:32:15.0452 5076 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
21:32:15.0456 5076 kbdhid - ok
21:32:15.0497 5076 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
21:32:15.0498 5076 KeyIso - ok
21:32:15.0546 5076 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
21:32:15.0574 5076 KSecDD - ok
21:32:15.0660 5076 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
21:32:15.0662 5076 ksthunk - ok
21:32:15.0709 5076 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
21:32:15.0715 5076 KtmRm - ok
21:32:15.0759 5076 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
21:32:15.0787 5076 LanmanServer - ok
21:32:15.0821 5076 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
21:32:15.0825 5076 LanmanWorkstation - ok
21:32:15.0894 5076 LBTServ (4d25a79a9f67a7e2d8d5382e75fcb124) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
21:32:15.0895 5076 LBTServ - ok
21:32:16.0441 5076 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Users\Mark\Documents\LeapFrog Connect\CommandService.exe
21:32:16.0468 5076 LeapFrog Connect Device Service - ok
21:32:16.0583 5076 LHidFilt (aa3d903c5a7538803f2400a8391f1881) C:\Windows\system32\DRIVERS\LHidFilt.Sys
21:32:16.0618 5076 LHidFilt - ok
21:32:16.0679 5076 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
21:32:16.0682 5076 lltdio - ok
21:32:16.0724 5076 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
21:32:16.0733 5076 lltdsvc - ok
21:32:16.0760 5076 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
21:32:16.0763 5076 lmhosts - ok
21:32:16.0778 5076 LMouFilt (90b4b2b0b5f05abb9fb365405a7b825b) C:\Windows\system32\DRIVERS\LMouFilt.Sys
21:32:16.0814 5076 LMouFilt - ok
21:32:16.0844 5076 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
21:32:16.0846 5076 LSI_FC - ok
21:32:16.0861 5076 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
21:32:16.0864 5076 LSI_SAS - ok
21:32:16.0879 5076 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
21:32:16.0882 5076 LSI_SCSI - ok
21:32:16.0904 5076 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
21:32:16.0908 5076 luafv - ok
21:32:16.0940 5076 LUsbFilt (4eb7886f6223f68ca855730a96d6110c) C:\Windows\system32\Drivers\LUsbFilt.Sys
21:32:16.0977 5076 LUsbFilt - ok
21:32:17.0013 5076 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
21:32:17.0014 5076 MBAMProtector - ok
21:32:17.0094 5076 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:32:17.0097 5076 MBAMService - ok
21:32:17.0161 5076 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
21:32:17.0207 5076 McComponentHostService - ok
21:32:17.0282 5076 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:32:17.0284 5076 McMPFSvc - ok
21:32:17.0298 5076 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:32:17.0299 5076 mcmscsvc - ok
21:32:17.0302 5076 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:32:17.0303 5076 McNaiAnn - ok
21:32:17.0306 5076 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:32:17.0307 5076 McNASvc - ok
21:32:17.0366 5076 McODS (07b89e7de2f7971cf7eef0262207c4de) C:\Program Files\McAfee\VirusScan\mcods.exe
21:32:17.0410 5076 McODS - ok
21:32:17.0449 5076 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:32:17.0451 5076 McProxy - ok
21:32:17.0547 5076 McShield (325b166bf78d8a8ad93e44ca7a6fc332) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
21:32:17.0548 5076 McShield - ok
21:32:17.0705 5076 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
21:32:17.0708 5076 Mcx2Svc - ok
21:32:17.0786 5076 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
21:32:17.0789 5076 megasas - ok
21:32:17.0829 5076 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
21:32:17.0833 5076 MegaSR - ok
21:32:17.0863 5076 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
21:32:17.0900 5076 mfeapfk - ok
21:32:17.0936 5076 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
21:32:17.0981 5076 mfeavfk - ok
21:32:17.0983 5076 mfeavfk01 - ok
21:32:18.0053 5076 mfefire (7d8fdc43972d059907e09ee4022f77e8) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
21:32:18.0054 5076 mfefire - ok
21:32:18.0102 5076 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
21:32:18.0142 5076 mfefirek - ok
21:32:18.0188 5076 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
21:32:18.0226 5076 mfehidk - ok
21:32:18.0253 5076 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
21:32:18.0289 5076 mfenlfk - ok
21:32:18.0303 5076 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
21:32:18.0337 5076 mferkdet - ok
21:32:18.0350 5076 mferkdk (624d717b11e5004f68442b5740f17f21) C:\Windows\system32\drivers\mferkdk.sys
21:32:18.0384 5076 mferkdk - ok
21:32:18.0409 5076 mfesmfk (0cd9de7b96735f33f078c4ea044e8b34) C:\Windows\system32\drivers\mfesmfk.sys
21:32:18.0448 5076 mfesmfk - ok
21:32:18.0703 5076 mfevtp (8a78905057308b084eaa29a9fe1b4f58) C:\Windows\system32\mfevtps.exe
21:32:18.0705 5076 mfevtp - ok
21:32:18.0749 5076 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
21:32:18.0786 5076 mfewfpk - ok
21:32:18.0805 5076 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
21:32:18.0809 5076 MMCSS - ok
21:32:18.0822 5076 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
21:32:18.0825 5076 Modem - ok
21:32:18.0855 5076 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
21:32:18.0858 5076 monitor - ok
21:32:18.0886 5076 motccgp (7bd101253058db30c52c6ea8d3911754) C:\Windows\system32\DRIVERS\motccgp.sys
21:32:18.0921 5076 motccgp - ok
21:32:18.0938 5076 motccgpfl (1a700e7063ca7f2b29a4e761da604dfb) C:\Windows\system32\DRIVERS\motccgpfl.sys
21:32:18.0975 5076 motccgpfl - ok
21:32:19.0009 5076 motmodem (940f4da752e28e6c4b1090d21aeb7b80) C:\Windows\system32\DRIVERS\motmodem.sys
21:32:19.0048 5076 motmodem - ok
21:32:19.0078 5076 motport (940f4da752e28e6c4b1090d21aeb7b80) C:\Windows\system32\DRIVERS\motport.sys
21:32:19.0113 5076 motport - ok
21:32:19.0203 5076 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
21:32:19.0205 5076 mouclass - ok
21:32:19.0256 5076 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
21:32:19.0258 5076 mouhid - ok
21:32:19.0272 5076 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
21:32:19.0275 5076 MountMgr - ok
21:32:19.0305 5076 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
21:32:19.0309 5076 mpio - ok
21:32:19.0331 5076 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
21:32:19.0335 5076 mpsdrv - ok
21:32:19.0390 5076 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
21:32:19.0398 5076 MpsSvc - ok
21:32:19.0432 5076 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
21:32:19.0434 5076 Mraid35x - ok
21:32:19.0464 5076 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
21:32:19.0468 5076 MRxDAV - ok
21:32:19.0509 5076 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:32:19.0548 5076 mrxsmb - ok
21:32:19.0635 5076 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:32:19.0669 5076 mrxsmb10 - ok
21:32:19.0676 5076 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:32:19.0710 5076 mrxsmb20 - ok
21:32:19.0722 5076 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
21:32:19.0723 5076 msahci - ok
21:32:19.0750 5076 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
21:32:19.0752 5076 msdsm - ok
21:32:19.0830 5076 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
21:32:19.0835 5076 MSDTC - ok
21:32:19.0857 5076 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
21:32:19.0860 5076 Msfs - ok
21:32:19.0868 5076 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
21:32:19.0870 5076 msisadrv - ok
21:32:19.0904 5076 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
21:32:19.0917 5076 MSiSCSI - ok
21:32:19.0919 5076 msiserver - ok
21:32:19.0960 5076 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
21:32:19.0962 5076 MSKSSRV - ok
21:32:19.0983 5076 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
21:32:19.0984 5076 MSPCLOCK - ok
21:32:19.0996 5076 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
21:32:19.0999 5076 MSPQM - ok
21:32:20.0027 5076 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
21:32:20.0032 5076 MsRPC - ok
21:32:20.0052 5076 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
21:32:20.0054 5076 mssmbios - ok
21:32:20.0080 5076 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
21:32:20.0083 5076 MSTEE - ok
21:32:20.0088 5076 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
21:32:20.0092 5076 Mup - ok
21:32:20.0119 5076 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
21:32:20.0122 5076 napagent - ok
21:32:20.0167 5076 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
21:32:20.0170 5076 NativeWifiP - ok
21:32:20.0259 5076 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
21:32:20.0267 5076 NDIS - ok
21:32:20.0306 5076 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
21:32:20.0310 5076 NdisTapi - ok
21:32:20.0321 5076 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
21:32:20.0324 5076 Ndisuio - ok
21:32:20.0344 5076 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
21:32:20.0347 5076 NdisWan - ok
21:32:20.0362 5076 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
21:32:20.0365 5076 NDProxy - ok
21:32:20.0378 5076 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
21:32:20.0381 5076 NetBIOS - ok
21:32:20.0424 5076 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
21:32:20.0428 5076 netbt - ok
21:32:20.0494 5076 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
21:32:20.0496 5076 Netlogon - ok
21:32:20.0527 5076 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
21:32:20.0536 5076 Netman - ok
21:32:20.0630 5076 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
21:32:20.0632 5076 netprofm - ok
21:32:20.0689 5076 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:32:20.0690 5076 NetTcpPortSharing - ok
21:32:20.0724 5076 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
21:32:20.0726 5076 nfrd960 - ok
21:32:20.0789 5076 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
21:32:20.0793 5076 NlaSvc - ok
21:32:20.0818 5076 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
21:32:20.0819 5076 Npfs - ok
21:32:20.0845 5076 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
21:32:20.0848 5076 nsi - ok
21:32:20.0852 5076 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
21:32:20.0853 5076 nsiproxy - ok
21:32:20.0997 5076 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
21:32:21.0010 5076 Ntfs - ok
21:32:21.0099 5076 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
21:32:21.0101 5076 Null - ok
21:32:21.0735 5076 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:32:21.0956 5076 nvlddmkm - ok
21:32:22.0077 5076 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
21:32:22.0081 5076 nvraid - ok
21:32:22.0099 5076 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
21:32:22.0100 5076 nvstor - ok
21:32:22.0166 5076 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
21:32:22.0171 5076 nvsvc - ok
21:32:22.0393 5076 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:32:22.0404 5076 nvUpdatusService - ok
21:32:22.0501 5076 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
21:32:22.0504 5076 nv_agp - ok
21:32:22.0506 5076 NwlnkFlt - ok
21:32:22.0510 5076 NwlnkFwd - ok
21:32:22.0557 5076 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
21:32:22.0559 5076 ohci1394 - ok
21:32:22.0643 5076 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
21:32:22.0664 5076 p2pimsvc - ok
21:32:22.0670 5076 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
21:32:22.0678 5076 p2psvc - ok
21:32:22.0765 5076 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
21:32:22.0767 5076 Parport - ok
21:32:22.0799 5076 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
21:32:22.0803 5076 partmgr - ok
21:32:22.0905 5076 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
21:32:22.0907 5076 PcaSvc - ok
21:32:22.0948 5076 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
21:32:22.0951 5076 pci - ok
21:32:22.0982 5076 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
21:32:22.0984 5076 pciide - ok
21:32:23.0014 5076 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
21:32:23.0018 5076 pcmcia - ok
21:32:23.0086 5076 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
21:32:23.0093 5076 PEAUTH - ok
21:32:23.0155 5076 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
21:32:23.0156 5076 PerfHost - ok
21:32:23.0241 5076 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
21:32:23.0277 5076 pla - ok
21:32:23.0321 5076 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
21:32:23.0323 5076 PlugPlay - ok
21:32:23.0393 5076 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
21:32:23.0401 5076 PNRPAutoReg - ok
21:32:23.0407 5076 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
21:32:23.0415 5076 PNRPsvc - ok
21:32:23.0461 5076 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
21:32:23.0472 5076 PolicyAgent - ok
21:32:23.0598 5076 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
21:32:23.0602 5076 PptpMiniport - ok
21:32:23.0633 5076 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
21:32:23.0636 5076 Processor - ok
21:32:23.0670 5076 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
21:32:23.0680 5076 ProfSvc - ok
21:32:23.0768 5076 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
21:32:23.0769 5076 ProtectedStorage - ok
21:32:23.0911 5076 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
21:32:23.0912 5076 PSched - ok
21:32:23.0996 5076 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
21:32:24.0007 5076 ql2300 - ok
21:32:24.0039 5076 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
21:32:24.0042 5076 ql40xx - ok
21:32:24.0076 5076 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
21:32:24.0086 5076 QWAVE - ok
21:32:24.0100 5076 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
21:32:24.0103 5076 QWAVEdrv - ok
21:32:24.0135 5076 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
21:32:24.0137 5076 RasAcd - ok
21:32:24.0163 5076 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
21:32:24.0169 5076 RasAuto - ok
21:32:24.0187 5076 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:32:24.0191 5076 Rasl2tp - ok
21:32:24.0217 5076 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
21:32:24.0226 5076 RasMan - ok
21:32:24.0260 5076 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
21:32:24.0262 5076 RasPppoe - ok
21:32:24.0295 5076 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
21:32:24.0299 5076 RasSstp - ok
21:32:24.0341 5076 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
21:32:24.0345 5076 rdbss - ok
21:32:24.0356 5076 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:32:24.0358 5076 RDPCDD - ok
21:32:24.0399 5076 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
21:32:24.0404 5076 rdpdr - ok
21:32:24.0407 5076 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
21:32:24.0409 5076 RDPENCDD - ok
21:32:24.0475 5076 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
21:32:24.0511 5076 RDPWD - ok
21:32:24.0558 5076 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
21:32:24.0562 5076 RemoteAccess - ok
21:32:24.0602 5076 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
21:32:24.0615 5076 RemoteRegistry - ok
21:32:24.0639 5076 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
21:32:24.0643 5076 RpcLocator - ok
21:32:24.0707 5076 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
21:32:24.0712 5076 RpcSs - ok
21:32:24.0727 5076 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
21:32:24.0730 5076 rspndr - ok
21:32:24.0797 5076 RTCore64 (aa55dd14064cb808613d09195e3ba749) C:\Program Files (x86)\EVGA Precision\RTCore64.sys
21:32:24.0798 5076 RTCore64 - ok
21:32:24.0837 5076 RTL8169 (af7074e1d6a8a66204067ee8b2a8327a) C:\Windows\system32\DRIVERS\Rtlh64.sys
21:32:24.0871 5076 RTL8169 - ok
21:32:24.0937 5076 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
21:32:24.0938 5076 SamSs - ok
21:32:24.0966 5076 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
21:32:24.0968 5076 sbp2port - ok
21:32:25.0015 5076 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
21:32:25.0029 5076 SCardSvr - ok
21:32:25.0080 5076 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
21:32:25.0085 5076 Schedule - ok
21:32:25.0107 5076 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
21:32:25.0108 5076 SCPolicySvc - ok
21:32:25.0137 5076 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
21:32:25.0151 5076 SDRSVC - ok
21:32:25.0163 5076 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:32:25.0166 5076 secdrv - ok
21:32:25.0172 5076 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
21:32:25.0174 5076 seclogon - ok
21:32:25.0185 5076 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
21:32:25.0190 5076 SENS - ok
21:32:25.0209 5076 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
21:32:25.0211 5076 Serenum - ok
21:32:25.0222 5076 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
21:32:25.0226 5076 Serial - ok
21:32:25.0237 5076 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
21:32:25.0241 5076 sermouse - ok
21:32:25.0260 5076 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
21:32:25.0265 5076 SessionEnv - ok
21:32:25.0292 5076 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
21:32:25.0295 5076 sffdisk - ok
21:32:25.0307 5076 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
21:32:25.0309 5076 sffp_mmc - ok
21:32:25.0317 5076 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
21:32:25.0319 5076 sffp_sd - ok
21:32:25.0329 5076 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
21:32:25.0331 5076 sfloppy - ok
21:32:25.0367 5076 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
21:32:25.0376 5076 SharedAccess - ok
21:32:25.0425 5076 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
21:32:25.0454 5076 ShellHWDetection - ok
21:32:25.0493 5076 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
21:32:25.0496 5076 SiSRaid2 - ok
21:32:25.0565 5076 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
21:32:25.0567 5076 SiSRaid4 - ok
21:32:25.0717 5076 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
21:32:25.0729 5076 slsvc - ok
21:32:25.0837 5076 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
21:32:25.0840 5076 SLUINotify - ok
21:32:25.0879 5076 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
21:32:25.0882 5076 Smb - ok
21:32:25.0903 5076 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
21:32:25.0908 5076 SNMPTRAP - ok
21:32:25.0932 5076 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
21:32:25.0933 5076 spldr - ok
21:32:25.0974 5076 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
21:32:25.0977 5076 Spooler - ok
21:32:26.0061 5076 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
21:32:26.0095 5076 srv - ok
21:32:26.0127 5076 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
21:32:26.0161 5076 srv2 - ok
21:32:26.0197 5076 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
21:32:26.0232 5076 srvnet - ok
21:32:26.0275 5076 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
21:32:26.0287 5076 SSDPSRV - ok
21:32:26.0310 5076 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
21:32:26.0312 5076 SstpSvc - ok
21:32:26.0353 5076 Steam Client Service - ok
21:32:26.0399 5076 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:32:26.0401 5076 Stereo Service - ok
21:32:26.0455 5076 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
21:32:26.0477 5076 stisvc - ok
21:32:26.0499 5076 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
21:32:26.0502 5076 swenum - ok
21:32:26.0546 5076 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
21:32:26.0549 5076 swprv - ok
21:32:26.0629 5076 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
21:32:26.0632 5076 Symc8xx - ok
21:32:26.0637 5076 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
21:32:26.0640 5076 Sym_hi - ok
21:32:26.0651 5076 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
21:32:26.0653 5076 Sym_u3 - ok
21:32:26.0719 5076 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
21:32:26.0738 5076 SysMain - ok
21:32:26.0760 5076 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
21:32:26.0764 5076 TabletInputService - ok
21:32:26.0805 5076 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
21:32:26.0821 5076 TapiSrv - ok
21:32:26.0834 5076 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
21:32:26.0837 5076 TBS - ok
21:32:26.0976 5076 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
21:32:27.0012 5076 Tcpip - ok
21:32:27.0139 5076 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
21:32:27.0145 5076 Tcpip6 - ok
21:32:27.0213 5076 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
21:32:27.0215 5076 tcpipreg - ok
21:32:27.0228 5076 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
21:32:27.0229 5076 TDPIPE - ok
21:32:27.0244 5076 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
21:32:27.0247 5076 TDTCP - ok
21:32:27.0274 5076 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
21:32:27.0276 5076 tdx - ok
21:32:27.0308 5076 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
21:32:27.0311 5076 TermDD - ok
21:32:27.0361 5076 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
21:32:27.0364 5076 TermService - ok
21:32:27.0444 5076 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
21:32:27.0446 5076 Themes - ok
21:32:27.0470 5076 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
21:32:27.0471 5076 THREADORDER - ok
21:32:27.0494 5076 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
21:32:27.0498 5076 TrkWks - ok
21:32:27.0589 5076 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
21:32:27.0590 5076 TrustedInstaller - ok
21:32:27.0610 5076 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:32:27.0611 5076 tssecsrv - ok
21:32:27.0638 5076 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
21:32:27.0640 5076 tunmp - ok
21:32:27.0670 5076 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
21:32:27.0672 5076 tunnel - ok
21:32:27.0695 5076 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
21:32:27.0696 5076 uagp35 - ok
21:32:27.0732 5076 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
21:32:27.0736 5076 udfs - ok
21:32:27.0758 5076 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
21:32:27.0764 5076 UI0Detect - ok
21:32:27.0786 5076 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
21:32:27.0789 5076 uliagpkx - ok
21:32:27.0833 5076 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
21:32:27.0837 5076 uliahci - ok
21:32:27.0861 5076 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
21:32:27.0864 5076 UlSata - ok
21:32:27.0890 5076 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
21:32:27.0895 5076 ulsata2 - ok
21:32:27.0923 5076 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
21:32:27.0927 5076 umbus - ok
21:32:27.0949 5076 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
21:32:27.0954 5076 upnphost - ok
21:32:27.0994 5076 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
21:32:28.0028 5076 USBAAPL64 - ok
21:32:28.0068 5076 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
21:32:28.0070 5076 usbccgp - ok
21:32:28.0086 5076 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
21:32:28.0090 5076 usbcir - ok
21:32:28.0119 5076 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
21:32:28.0122 5076 usbehci - ok
21:32:28.0143 5076 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
21:32:28.0147 5076 usbhub - ok
21:32:28.0174 5076 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
21:32:28.0176 5076 usbohci - ok
21:32:28.0205 5076 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
21:32:28.0207 5076 usbprint - ok
21:32:28.0251 5076 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
21:32:28.0252 5076 usbscan - ok
21:32:28.0288 5076 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:32:28.0290 5076 USBSTOR - ok
21:32:28.0311 5076 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
21:32:28.0313 5076 usbuhci - ok
21:32:28.0343 5076 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
21:32:28.0345 5076 UxSms - ok
21:32:28.0420 5076 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
21:32:28.0432 5076 vds - ok
21:32:28.0467 5076 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
21:32:28.0470 5076 vga - ok
21:32:28.0487 5076 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
21:32:28.0490 5076 VgaSave - ok
21:32:28.0576 5076 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
21:32:28.0578 5076 viaide - ok
21:32:28.0595 5076 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
21:32:28.0598 5076 volmgr - ok
21:32:28.0645 5076 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
21:32:28.0651 5076 volmgrx - ok
21:32:28.0721 5076 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
21:32:28.0725 5076 volsnap - ok
21:32:28.0789 5076 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
21:32:28.0792 5076 vsmraid - ok
21:32:28.0885 5076 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
21:32:28.0893 5076 VSS - ok
21:32:29.0082 5076 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
21:32:29.0087 5076 W32Time - ok
21:32:29.0121 5076 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
21:32:29.0125 5076 WacomPen - ok
21:32:29.0261 5076 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
21:32:29.0263 5076 Wanarp - ok
21:32:29.0267 5076 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
21:32:29.0268 5076 Wanarpv6 - ok
21:32:29.0365 5076 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
21:32:29.0377 5076 wcncsvc - ok
21:32:29.0415 5076 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
21:32:29.0420 5076 WcsPlugInService - ok
21:32:29.0447 5076 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
21:32:29.0449 5076 Wd - ok
21:32:29.0495 5076 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
21:32:29.0529 5076 WDC_SAM - ok
21:32:29.0621 5076 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
21:32:29.0629 5076 Wdf01000 - ok
21:32:29.0641 5076 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
21:32:29.0643 5076 WdiServiceHost - ok
21:32:29.0645 5076 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
21:32:29.0647 5076 WdiSystemHost - ok
21:32:29.0664 5076 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
21:32:29.0675 5076 WebClient - ok
21:32:29.0712 5076 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
21:32:29.0747 5076 Wecsvc - ok
21:32:29.0768 5076 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
21:32:29.0771 5076 wercplsupport - ok
21:32:29.0788 5076 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
21:32:29.0791 5076 WerSvc - ok
21:32:29.0821 5076 WinDefend - ok
21:32:29.0825 5076 WinHttpAutoProxySvc - ok
21:32:29.0889 5076 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
21:32:29.0894 5076 Winmgmt - ok
21:32:30.0017 5076 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
21:32:30.0081 5076 WinRM - ok
21:32:30.0195 5076 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
21:32:30.0216 5076 Wlansvc - ok
21:32:30.0265 5076 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
21:32:30.0266 5076 WmiAcpi - ok
21:32:30.0301 5076 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
21:32:30.0307 5076 wmiApSrv - ok
21:32:30.0334 5076 WMPNetworkSvc - ok
21:32:30.0367 5076 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
21:32:30.0380 5076 WPCSvc - ok
21:32:30.0415 5076 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
21:32:30.0418 5076 WPDBusEnum - ok
21:32:30.0492 5076 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
21:32:30.0494 5076 WpdUsb - ok
21:32:30.0644 5076 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:32:30.0649 5076 WPFFontCache_v0400 - ok
21:32:30.0666 5076 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
21:32:30.0670 5076 ws2ifsl - ok
21:32:30.0698 5076 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll
21:32:30.0703 5076 wscsvc - ok
21:32:30.0706 5076 WSearch - ok
21:32:30.0859 5076 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
21:32:30.0871 5076 wuauserv - ok
21:32:31.0014 5076 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:32:31.0018 5076 WUDFRd - ok
21:32:31.0063 5076 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
21:32:31.0067 5076 wudfsvc - ok
21:32:31.0085 5076 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:32:31.0114 5076 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
21:32:31.0114 5076 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
21:32:31.0145 5076 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:32:31.0145 5076 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:32:31.0176 5076 Boot (0x1200) (fccf7d8cb9f49b75ef65ae964efacbb8) \Device\Harddisk0\DR0\Partition0
21:32:31.0177 5076 \Device\Harddisk0\DR0\Partition0 - ok
21:32:31.0179 5076 ============================================================
21:32:31.0179 5076 Scan finished
21:32:31.0179 5076 ============================================================
21:32:31.0186 1548 Detected object count: 2
21:32:31.0186 1548 Actual detected object count: 2
21:33:09.0616 1548 \Device\Harddisk0\DR0\# - copied to quarantine
21:33:09.0617 1548 \Device\Harddisk0\DR0 - copied to quarantine
21:33:09.0645 1548 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
21:33:09.0647 1548 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
21:33:09.0657 1548 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:33:09.0664 1548 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:33:09.0665 1548 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
21:33:09.0667 1548 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
21:33:09.0676 1548 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
21:33:09.0710 1548 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:33:09.0737 1548 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:33:09.0739 1548 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
21:33:09.0741 1548 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
21:33:09.0743 1548 \Device\Harddisk0\DR0 - processing error
21:33:40.0542 1548 \Device\Harddisk0\DR0 - will be restored on reboot
21:33:46.0187 1548 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure Restore
21:33:46.0187 1548 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
21:33:46.0187 1548 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
21:34:51.0622 4148 Deinitialize success

c:\TDSSKiller.2.7.32.0_23.04.2012_21.34.58_log.txt


21:34:58.0257 5068 TDSS rootkit removing tool 2.7.32.0 Apr 23 2012 19:12:34
21:34:58.0689 5068 ============================================================
21:34:58.0689 5068 Current date / time: 2012/04/23 21:34:58.0689
21:34:58.0689 5068 SystemInfo:
21:34:58.0689 5068
21:34:58.0689 5068 OS Version: 6.0.6002 ServicePack: 2.0
21:34:58.0689 5068 Product type: Workstation
21:34:58.0689 5068 ComputerName: MARK-PC
21:34:58.0693 5068 UserName: Mark
21:34:58.0693 5068 Windows directory: C:\Windows
21:34:58.0693 5068 System windows directory: C:\Windows
21:34:58.0693 5068 Running under WOW64
21:34:58.0693 5068 Processor architecture: Intel x64
21:34:58.0693 5068 Number of processors: 2
21:34:58.0693 5068 Page size: 0x1000
21:34:58.0693 5068 Boot type: Normal boot
21:34:58.0693 5068 ============================================================
21:34:58.0899 5068 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:34:58.0903 5068 ============================================================
21:34:58.0903 5068 \Device\Harddisk0\DR0:
21:34:58.0903 5068 MBR partitions:
21:34:58.0903 5068 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384000
21:34:58.0903 5068 ============================================================
21:34:58.0937 5068 C: <-> \Device\Harddisk0\DR0\Partition0
21:34:58.0937 5068 ============================================================
21:34:58.0937 5068 Initialize success
21:34:58.0937 5068 ============================================================
21:35:07.0433 4756 ============================================================
21:35:07.0433 4756 Scan started
21:35:07.0433 4756 Mode: Manual; TDLFS;
21:35:07.0433 4756 ============================================================
21:35:08.0481 4756 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
21:35:08.0483 4756 ACPI - ok
21:35:08.0547 4756 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
21:35:08.0549 4756 adp94xx - ok
21:35:08.0602 4756 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
21:35:08.0607 4756 adpahci - ok
21:35:08.0628 4756 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
21:35:08.0629 4756 adpu160m - ok
21:35:08.0668 4756 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
21:35:08.0669 4756 adpu320 - ok
21:35:08.0706 4756 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
21:35:08.0706 4756 AeLookupSvc - ok
21:35:08.0745 4756 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
21:35:08.0748 4756 AFD - ok
21:35:08.0801 4756 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
21:35:08.0802 4756 agp440 - ok
21:35:08.0836 4756 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
21:35:08.0837 4756 aic78xx - ok
21:35:08.0854 4756 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
21:35:08.0855 4756 ALG - ok
21:35:08.0865 4756 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
21:35:08.0866 4756 aliide - ok
21:35:08.0875 4756 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
21:35:08.0875 4756 amdide - ok
21:35:08.0892 4756 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
21:35:08.0893 4756 AmdK8 - ok
21:35:08.0918 4756 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
21:35:08.0919 4756 Appinfo - ok
21:35:09.0017 4756 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:35:09.0018 4756 Apple Mobile Device - ok
21:35:09.0047 4756 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
21:35:09.0048 4756 arc - ok
21:35:09.0063 4756 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
21:35:09.0065 4756 arcsas - ok
21:35:09.0110 4756 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
21:35:09.0111 4756 AsyncMac - ok
21:35:09.0123 4756 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
21:35:09.0123 4756 atapi - ok
21:35:09.0191 4756 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
21:35:09.0193 4756 AudioEndpointBuilder - ok
21:35:09.0197 4756 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
21:35:09.0199 4756 AudioSrv - ok
21:35:09.0255 4756 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
21:35:09.0257 4756 BFE - ok
21:35:09.0376 4756 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
21:35:09.0382 4756 BITS - ok
21:35:09.0430 4756 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
21:35:09.0430 4756 blbdrive - ok
21:35:09.0528 4756 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:35:09.0531 4756 Bonjour Service - ok
21:35:09.0620 4756 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
21:35:09.0621 4756 bowser - ok
21:35:09.0642 4756 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
21:35:09.0643 4756 BrFiltLo - ok
21:35:09.0651 4756 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
21:35:09.0651 4756 BrFiltUp - ok
21:35:09.0687 4756 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
21:35:09.0687 4756 Browser - ok
21:35:09.0709 4756 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
21:35:09.0710 4756 Brserid - ok
21:35:09.0730 4756 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
21:35:09.0730 4756 BrSerWdm - ok
21:35:09.0740 4756 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
21:35:09.0740 4756 BrUsbMdm - ok
21:35:09.0751 4756 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
21:35:09.0752 4756 BrUsbSer - ok
21:35:09.0769 4756 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
21:35:09.0769 4756 BTHMODEM - ok
21:35:09.0788 4756 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
21:35:09.0789 4756 cdfs - ok
21:35:09.0851 4756 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
21:35:09.0852 4756 cdrom - ok
21:35:09.0891 4756 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
21:35:09.0892 4756 CertPropSvc - ok
21:35:09.0936 4756 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
21:35:09.0937 4756 cfwids - ok
21:35:09.0949 4756 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
21:35:09.0949 4756 circlass - ok
21:35:09.0987 4756 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
21:35:09.0991 4756 CLFS - ok
21:35:10.0042 4756 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:35:10.0043 4756 clr_optimization_v2.0.50727_32 - ok
21:35:10.0098 4756 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:35:10.0099 4756 clr_optimization_v2.0.50727_64 - ok
21:35:10.0204 4756 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:35:10.0205 4756 clr_optimization_v4.0.30319_32 - ok
21:35:10.0235 4756 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:35:10.0236 4756 clr_optimization_v4.0.30319_64 - ok
21:35:10.0245 4756 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
21:35:10.0246 4756 cmdide - ok
21:35:10.0258 4756 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
21:35:10.0258 4756 Compbatt - ok
21:35:10.0262 4756 COMSysApp - ok
21:35:10.0266 4756 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
21:35:10.0266 4756 crcdisk - ok
21:35:10.0292 4756 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
21:35:10.0293 4756 CryptSvc - ok
21:35:10.0357 4756 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
21:35:10.0361 4756 DcomLaunch - ok
21:35:10.0397 4756 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
21:35:10.0398 4756 DfsC - ok
21:35:10.0587 4756 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
21:35:10.0603 4756 DFSR - ok
21:35:10.0773 4756 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
21:35:10.0774 4756 Dhcp - ok
21:35:10.0837 4756 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
21:35:10.0838 4756 disk - ok
21:35:10.0894 4756 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
21:35:10.0895 4756 Dnscache - ok
21:35:10.0934 4756 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
21:35:10.0936 4756 dot3svc - ok
21:35:10.0963 4756 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
21:35:10.0964 4756 DPS - ok
21:35:10.0995 4756 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
21:35:10.0995 4756 drmkaud - ok
21:35:11.0055 4756 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
21:35:11.0059 4756 DXGKrnl - ok
21:35:11.0110 4756 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
21:35:11.0111 4756 E1G60 - ok
21:35:11.0147 4756 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
21:35:11.0148 4756 EapHost - ok
21:35:11.0188 4756 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
21:35:11.0190 4756 Ecache - ok
21:35:11.0267 4756 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
21:35:11.0269 4756 ehRecvr - ok
21:35:11.0331 4756 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
21:35:11.0332 4756 ehSched - ok
21:35:11.0355 4756 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
21:35:11.0355 4756 ehstart - ok
21:35:11.0391 4756 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
21:35:11.0392 4756 elxstor - ok
21:35:11.0444 4756 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
21:35:11.0446 4756 EMDMgmt - ok
21:35:11.0484 4756 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
21:35:11.0485 4756 ENTECH64 - ok
21:35:11.0496 4756 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
21:35:11.0497 4756 ErrDev - ok
21:35:11.0551 4756 ET5Drv (5dc0914e8c6168de7702b8e2dc140b80) C:\Windows\ET5Drv.sys
21:35:11.0552 4756 ET5Drv - ok
21:35:11.0596 4756 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
21:35:11.0598 4756 EventSystem - ok
21:35:11.0671 4756 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
21:35:11.0672 4756 exfat - ok
21:35:11.0712 4756 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
21:35:11.0713 4756 fastfat - ok
21:35:11.0760 4756 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
21:35:11.0761 4756 fdc - ok
21:35:11.0764 4756 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
21:35:11.0764 4756 fdPHost - ok
21:35:11.0776 4756 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
21:35:11.0777 4756 FDResPub - ok
21:35:11.0784 4756 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
21:35:11.0785 4756 FileInfo - ok
21:35:11.0802 4756 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
21:35:11.0803 4756 Filetrace - ok
21:35:11.0824 4756 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:35:11.0825 4756 flpydisk - ok
21:35:11.0864 4756 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
21:35:11.0865 4756 FltMgr - ok
21:35:11.0977 4756 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
21:35:11.0983 4756 FontCache - ok
21:35:12.0046 4756 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:35:12.0047 4756 FontCache3.0.0.0 - ok
21:35:12.0121 4756 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
21:35:12.0121 4756 Fs_Rec - ok
21:35:12.0147 4756 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
21:35:12.0148 4756 gagp30kx - ok
21:35:12.0188 4756 gdrv (f51fb25e1328fa14f446a8b24ac52709) C:\Windows\gdrv.sys
21:35:12.0188 4756 gdrv - ok
21:35:12.0232 4756 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:35:12.0268 4756 GEARAspiWDM - ok
21:35:12.0372 4756 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
21:35:12.0376 4756 gpsvc - ok
21:35:12.0471 4756 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:35:12.0472 4756 gusvc - ok
21:35:12.0520 4756 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
21:35:12.0521 4756 HdAudAddService - ok
21:35:12.0660 4756 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:35:12.0664 4756 HDAudBus - ok
21:35:12.0716 4756 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
21:35:12.0716 4756 HidBth - ok
21:35:12.0732 4756 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
21:35:12.0733 4756 HidIr - ok
21:35:12.0763 4756 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
21:35:12.0764 4756 hidserv - ok
21:35:12.0793 4756 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
21:35:12.0794 4756 HidUsb - ok
21:35:12.0820 4756 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
21:35:12.0821 4756 hkmsvc - ok
21:35:12.0848 4756 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
21:35:12.0848 4756 HpCISSs - ok
21:35:12.0895 4756 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
21:35:12.0898 4756 HTTP - ok
21:35:12.0902 4756 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
21:35:12.0902 4756 i2omp - ok
21:35:12.0926 4756 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
21:35:12.0927 4756 i8042prt - ok
21:35:12.0950 4756 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
21:35:12.0952 4756 iaStorV - ok
21:35:13.0073 4756 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:35:13.0077 4756 idsvc - ok
21:35:13.0098 4756 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
21:35:13.0098 4756 iirsp - ok
21:35:13.0140 4756 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
21:35:13.0143 4756 IKEEXT - ok
21:35:13.0259 4756 IntcAzAudAddService (197ebb23caac8a29a5f166d186c5a117) C:\Windows\system32\drivers\RTKVHD64.sys
21:35:13.0299 4756 IntcAzAudAddService - ok
21:35:13.0470 4756 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
21:35:13.0470 4756 intelide - ok
21:35:13.0481 4756 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
21:35:13.0482 4756 intelppm - ok
21:35:13.0605 4756 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
21:35:13.0605 4756 IntuitUpdateService - ok
21:35:13.0686 4756 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
21:35:13.0687 4756 IntuitUpdateServiceV4 - ok
21:35:13.0715 4756 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
21:35:13.0716 4756 IPBusEnum - ok
21:35:13.0753 4756 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:35:13.0754 4756 IpFilterDriver - ok
21:35:13.0800 4756 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
21:35:13.0802 4756 iphlpsvc - ok
21:35:13.0804 4756 IpInIp - ok
21:35:13.0866 4756 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
21:35:13.0867 4756 IPMIDRV - ok
21:35:13.0886 4756 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
21:35:13.0887 4756 IPNAT - ok
21:35:14.0003 4756 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
21:35:14.0008 4756 iPod Service - ok
21:35:14.0024 4756 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
21:35:14.0025 4756 IRENUM - ok
21:35:14.0049 4756 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
21:35:14.0049 4756 isapnp - ok
21:35:14.0080 4756 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
21:35:14.0081 4756 iScsiPrt - ok
21:35:14.0131 4756 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
21:35:14.0132 4756 iteatapi - ok
21:35:14.0158 4756 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
21:35:14.0159 4756 iteraid - ok
21:35:14.0177 4756 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
21:35:14.0178 4756 kbdclass - ok
21:35:14.0209 4756 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
21:35:14.0209 4756 kbdhid - ok
21:35:14.0278 4756 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
21:35:14.0279 4756 KeyIso - ok
21:35:14.0352 4756 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
21:35:14.0354 4756 KSecDD - ok
21:35:14.0408 4756 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
21:35:14.0408 4756 ksthunk - ok
21:35:14.0457 4756 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
21:35:14.0460 4756 KtmRm - ok
21:35:14.0499 4756 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
21:35:14.0501 4756 LanmanServer - ok
21:35:14.0536 4756 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
21:35:14.0538 4756 LanmanWorkstation - ok
21:35:14.0609 4756 LBTServ (4d25a79a9f67a7e2d8d5382e75fcb124) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
21:35:14.0610 4756 LBTServ - ok
21:35:15.0128 4756 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Users\Mark\Documents\LeapFrog Connect\CommandService.exe
21:35:15.0157 4756 LeapFrog Connect Device Service - ok
21:35:15.0324 4756 LHidFilt (aa3d903c5a7538803f2400a8391f1881) C:\Windows\system32\DRIVERS\LHidFilt.Sys
21:35:15.0324 4756 LHidFilt - ok
21:35:15.0352 4756 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
21:35:15.0353 4756 lltdio - ok
21:35:15.0397 4756 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
21:35:15.0401 4756 lltdsvc - ok
21:35:15.0435 4756 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
21:35:15.0436 4756 lmhosts - ok
21:35:15.0450 4756 LMouFilt (90b4b2b0b5f05abb9fb365405a7b825b) C:\Windows\system32\DRIVERS\LMouFilt.Sys
21:35:15.0451 4756 LMouFilt - ok
21:35:15.0483 4756 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
21:35:15.0484 4756 LSI_FC - ok
21:35:15.0499 4756 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
21:35:15.0499 4756 LSI_SAS - ok
21:35:15.0510 4756 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
21:35:15.0511 4756 LSI_SCSI - ok
21:35:15.0535 4756 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
21:35:15.0536 4756 luafv - ok
21:35:15.0571 4756 LUsbFilt (4eb7886f6223f68ca855730a96d6110c) C:\Windows\system32\Drivers\LUsbFilt.Sys
21:35:15.0571 4756 LUsbFilt - ok
21:35:15.0611 4756 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
21:35:15.0611 4756 MBAMProtector - ok
21:35:15.0715 4756 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:35:15.0718 4756 MBAMService - ok
21:35:15.0792 4756 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
21:35:15.0793 4756 McComponentHostService - ok
21:35:15.0864 4756 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:35:15.0865 4756 McMPFSvc - ok
21:35:15.0889 4756 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:35:15.0890 4756 mcmscsvc - ok
21:35:15.0893 4756 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:35:15.0894 4756 McNaiAnn - ok
21:35:15.0897 4756 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:35:15.0898 4756 McNASvc - ok
21:35:15.0958 4756 McODS (07b89e7de2f7971cf7eef0262207c4de) C:\Program Files\McAfee\VirusScan\mcods.exe
21:35:15.0961 4756 McODS - ok
21:35:15.0987 4756 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:35:15.0989 4756 McProxy - ok
21:35:16.0071 4756 McShield (325b166bf78d8a8ad93e44ca7a6fc332) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
21:35:16.0072 4756 McShield - ok
21:35:16.0170 4756 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
21:35:16.0171 4756 Mcx2Svc - ok
21:35:16.0234 4756 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
21:35:16.0235 4756 megasas - ok
21:35:16.0277 4756 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
21:35:16.0279 4756 MegaSR - ok
21:35:16.0352 4756 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
21:35:16.0353 4756 mfeapfk - ok
21:35:16.0393 4756 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
21:35:16.0394 4756 mfeavfk - ok
21:35:16.0398 4756 mfeavfk01 - ok
21:35:16.0467 4756 mfefire (7d8fdc43972d059907e09ee4022f77e8) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
21:35:16.0469 4756 mfefire - ok
21:35:16.0517 4756 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
21:35:16.0520 4756 mfefirek - ok
21:35:16.0610 4756 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
21:35:16.0613 4756 mfehidk - ok
21:35:16.0626 4756 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
21:35:16.0627 4756 mfenlfk - ok
21:35:16.0643 4756 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
21:35:16.0644 4756 mferkdet - ok
21:35:16.0673 4756 mferkdk (624d717b11e5004f68442b5740f17f21) C:\Windows\system32\drivers\mferkdk.sys
21:35:16.0673 4756 mferkdk - ok
21:35:16.0708 4756 mfesmfk (0cd9de7b96735f33f078c4ea044e8b34) C:\Windows\system32\drivers\mfesmfk.sys
21:35:16.0709 4756 mfesmfk - ok
21:35:16.0783 4756 mfevtp (8a78905057308b084eaa29a9fe1b4f58) C:\Windows\system32\mfevtps.exe
21:35:16.0785 4756 mfevtp - ok
21:35:16.0822 4756 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
21:35:16.0824 4756 mfewfpk - ok
21:35:16.0886 4756 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
21:35:16.0888 4756 MMCSS - ok
21:35:16.0903 4756 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
21:35:16.0904 4756 Modem - ok
21:35:16.0928 4756 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
21:35:16.0928 4756 monitor - ok
21:35:16.0959 4756 motccgp (7bd101253058db30c52c6ea8d3911754) C:\Windows\system32\DRIVERS\motccgp.sys
21:35:16.0959 4756 motccgp - ok
21:35:16.0978 4756 motccgpfl (1a700e7063ca7f2b29a4e761da604dfb) C:\Windows\system32\DRIVERS\motccgpfl.sys
21:35:17.0012 4756 motccgpfl - ok
21:35:17.0040 4756 motmodem (940f4da752e28e6c4b1090d21aeb7b80) C:\Windows\system32\DRIVERS\motmodem.sys
21:35:17.0041 4756 motmodem - ok
21:35:17.0067 4756 motport (940f4da752e28e6c4b1090d21aeb7b80) C:\Windows\system32\DRIVERS\motport.sys
21:35:17.0067 4756 motport - ok
21:35:17.0083 4756 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
21:35:17.0084 4756 mouclass - ok
21:35:17.0120 4756 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
21:35:17.0121 4756 mouhid - ok
21:35:17.0137 4756 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
21:35:17.0138 4756 MountMgr - ok
21:35:17.0170 4756 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
21:35:17.0171 4756 mpio - ok
21:35:17.0204 4756 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
21:35:17.0205 4756 mpsdrv - ok
21:35:17.0262 4756 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
21:35:17.0266 4756 MpsSvc - ok
21:35:17.0304 4756 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
21:35:17.0305 4756 Mraid35x - ok
21:35:17.0349 4756 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
21:35:17.0350 4756 MRxDAV - ok
21:35:17.0382 4756 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:35:17.0383 4756 mrxsmb - ok
21:35:17.0458 4756 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:35:17.0459 4756 mrxsmb10 - ok
21:35:17.0466 4756 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:35:17.0466 4756 mrxsmb20 - ok
21:35:17.0479 4756 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
21:35:17.0479 4756 msahci - ok
21:35:17.0505 4756 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
21:35:17.0506 4756 msdsm - ok
21:35:17.0519 4756 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
21:35:17.0521 4756 MSDTC - ok
21:35:17.0547 4756 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
21:35:17.0547 4756 Msfs - ok
21:35:17.0559 4756 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
21:35:17.0559 4756 msisadrv - ok
21:35:17.0635 4756 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
21:35:17.0636 4756 MSiSCSI - ok
21:35:17.0640 4756 msiserver - ok
21:35:17.0692 4756 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
21:35:17.0693 4756 MSKSSRV - ok
21:35:17.0706 4756 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
21:35:17.0707 4756 MSPCLOCK - ok
21:35:17.0719 4756 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
21:35:17.0719 4756 MSPQM - ok
21:35:17.0765 4756 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
21:35:17.0766 4756 MsRPC - ok
21:35:17.0775 4756 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
21:35:17.0775 4756 mssmbios - ok
21:35:17.0803 4756 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
21:35:17.0803 4756 MSTEE - ok
21:35:17.0811 4756 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
21:35:17.0812 4756 Mup - ok
21:35:17.0842 4756 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
21:35:17.0845 4756 napagent - ok
21:35:17.0923 4756 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
21:35:17.0924 4756 NativeWifiP - ok
21:35:18.0169 4756 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
21:35:18.0176 4756 NDIS - ok
21:35:18.0198 4756 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
21:35:18.0198 4756 NdisTapi - ok
21:35:18.0211 4756 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
21:35:18.0211 4756 Ndisuio - ok
21:35:18.0242 4756 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
21:35:18.0243 4756 NdisWan - ok
21:35:18.0268 4756 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
21:35:18.0271 4756 NDProxy - ok
21:35:18.0284 4756 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
21:35:18.0285 4756 NetBIOS - ok
21:35:18.0322 4756 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
21:35:18.0323 4756 netbt - ok
21:35:18.0411 4756 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
21:35:18.0412 4756 Netlogon - ok
21:35:18.0733 4756 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
21:35:18.0736 4756 Netman - ok
21:35:18.0761 4756 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
21:35:18.0763 4756 netprofm - ok
21:35:18.0837 4756 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:35:18.0838 4756 NetTcpPortSharing - ok
21:35:18.0872 4756 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
21:35:18.0873 4756 nfrd960 - ok
21:35:18.0901 4756 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
21:35:18.0904 4756 NlaSvc - ok
21:35:18.0924 4756 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
21:35:18.0924 4756 Npfs - ok
21:35:18.0960 4756 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
21:35:18.0961 4756 nsi - ok
21:35:18.0965 4756 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
21:35:18.0966 4756 nsiproxy - ok
21:35:19.0111 4756 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
21:35:19.0118 4756 Ntfs - ok
21:35:19.0197 4756 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
21:35:19.0197 4756 Null - ok
21:35:19.0857 4756 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:35:19.0923 4756 nvlddmkm - ok
21:35:20.0059 4756 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
21:35:20.0060 4756 nvraid - ok
21:35:20.0072 4756 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
21:35:20.0072 4756 nvstor - ok
21:35:20.0139 4756 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
21:35:20.0154 4756 nvsvc - ok
21:35:20.0332 4756 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:35:20.0408 4756 nvUpdatusService - ok
21:35:20.0478 4756 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
21:35:20.0479 4756 nv_agp - ok
21:35:20.0484 4756 NwlnkFlt - ok
21:35:20.0488 4756 NwlnkFwd - ok
21:35:20.0546 4756 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
21:35:20.0547 4756 ohci1394 - ok
21:35:20.0625 4756 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
21:35:20.0633 4756 p2pimsvc - ok
21:35:20.0639 4756 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
21:35:20.0647 4756 p2psvc - ok
21:35:20.0704 4756 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
21:35:20.0705 4756 Parport - ok
21:35:20.0739 4756 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
21:35:20.0743 4756 partmgr - ok
21:35:20.0774 4756 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
21:35:20.0776 4756 PcaSvc - ok
21:35:20.0805 4756 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
21:35:20.0806 4756 pci - ok
21:35:20.0839 4756 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
21:35:20.0839 4756 pciide - ok
21:35:20.0870 4756 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
21:35:20.0872 4756 pcmcia - ok
21:35:20.0926 4756 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
21:35:20.0930 4756 PEAUTH - ok
21:35:20.0994 4756 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
21:35:20.0996 4756 PerfHost - ok
21:35:21.0073 4756 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
21:35:21.0080 4756 pla - ok
21:35:21.0120 4756 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
21:35:21.0127 4756 PlugPlay - ok
21:35:21.0191 4756 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
21:35:21.0200 4756 PNRPAutoReg - ok
21:35:21.0205 4756 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
21:35:21.0214 4756 PNRPsvc - ok
21:35:21.0293 4756 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
21:35:21.0296 4756 PolicyAgent - ok
21:35:21.0381 4756 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
21:35:21.0382 4756 PptpMiniport - ok
21:35:21.0407 4756 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
21:35:21.0407 4756 Processor - ok
21:35:21.0438 4756 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
21:35:21.0441 4756 ProfSvc - ok
21:35:21.0511 4756 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
21:35:21.0512 4756 ProtectedStorage - ok
21:35:21.0538 4756 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
21:35:21.0540 4756 PSched - ok
21:35:21.0619 4756 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
21:35:21.0625 4756 ql2300 - ok
21:35:21.0687 4756 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
21:35:21.0688 4756 ql40xx - ok
21:35:21.0725 4756 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
21:35:21.0727 4756 QWAVE - ok
21:35:21.0741 4756 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
21:35:21.0741 4756 QWAVEdrv - ok
21:35:21.0750 4756 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
21:35:21.0751 4756 RasAcd - ok
21:35:21.0771 4756 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
21:35:21.0773 4756 RasAuto - ok
21:35:21.0786 4756 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:35:21.0786 4756 Rasl2tp - ok
21:35:21.0808 4756 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
21:35:21.0810 4756 RasMan - ok
21:35:21.0842 4756 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
21:35:21.0843 4756 RasPppoe - ok
21:35:21.0877 4756 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
21:35:21.0878 4756 RasSstp - ok
21:35:21.0923 4756 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
21:35:21.0925 4756 rdbss - ok
21:35:21.0930 4756 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:35:21.0931 4756 RDPCDD - ok
21:35:21.0964 4756 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
21:35:21.0966 4756 rdpdr - ok
21:35:21.0969 4756 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
21:35:21.0969 4756 RDPENCDD - ok
21:35:22.0033 4756 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
21:35:22.0034 4756 RDPWD - ok
21:35:22.0049 4756 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
21:35:22.0050 4756 RemoteAccess - ok
21:35:22.0093 4756 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
21:35:22.0098 4756 RemoteRegistry - ok
21:35:22.0121 4756 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
21:35:22.0123 4756 RpcLocator - ok
21:35:22.0181 4756 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
21:35:22.0185 4756 RpcSs - ok
21:35:22.0202 4756 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
21:35:22.0203 4756 rspndr - ok
21:35:22.0280 4756 RTCore64 (aa55dd14064cb808613d09195e3ba749) C:\Program Files (x86)\EVGA Precision\RTCore64.sys
21:35:22.0280 4756 RTCore64 - ok
21:35:22.0321 4756 RTL8169 (af7074e1d6a8a66204067ee8b2a8327a) C:\Windows\system32\DRIVERS\Rtlh64.sys
21:35:22.0323 4756 RTL8169 - ok
21:35:22.0386 4756 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
21:35:22.0387 4756 SamSs - ok
21:35:22.0415 4756 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
21:35:22.0416 4756 sbp2port - ok
21:35:22.0472 4756 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
21:35:22.0474 4756 SCardSvr - ok
21:35:22.0521 4756 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
21:35:22.0531 4756 Schedule - ok
21:35:22.0573 4756 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
21:35:22.0574 4756 SCPolicySvc - ok
21:35:22.0602 4756 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
21:35:22.0607 4756 SDRSVC - ok
21:35:22.0663 4756 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:35:22.0664 4756 secdrv - ok
21:35:22.0671 4756 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
21:35:22.0673 4756 seclogon - ok
21:35:22.0684 4756 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
21:35:22.0686 4756 SENS - ok
21:35:22.0708 4756 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
21:35:22.0708 4756 Serenum - ok
21:35:22.0721 4756 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
21:35:22.0722 4756 Serial - ok
21:35:22.0736 4756 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
21:35:22.0737 4756 sermouse - ok
21:35:22.0759 4756 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
21:35:22.0761 4756 SessionEnv - ok
21:35:22.0807 4756 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
21:35:22.0808 4756 sffdisk - ok
21:35:22.0822 4756 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
21:35:22.0823 4756 sffp_mmc - ok
21:35:22.0832 4756 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
21:35:22.0833 4756 sffp_sd - ok
21:35:22.0845 4756 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
21:35:22.0847 4756 sfloppy - ok
21:35:22.0883 4756 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
21:35:22.0885 4756 SharedAccess - ok
21:35:22.0938 4756 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
21:35:22.0942 4756 ShellHWDetection - ok
21:35:22.0962 4756 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
21:35:22.0963 4756 SiSRaid2 - ok
21:35:22.0989 4756 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
21:35:22.0989 4756 SiSRaid4 - ok
21:35:23.0132 4756 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
21:35:23.0167 4756 slsvc - ok
21:35:23.0278 4756 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
21:35:23.0280 4756 SLUINotify - ok
21:35:23.0320 4756 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
21:35:23.0321 4756 Smb - ok
21:35:23.0352 4756 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
21:35:23.0354 4756 SNMPTRAP - ok
21:35:23.0381 4756 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
21:35:23.0381 4756 spldr - ok
21:35:23.0423 4756 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
21:35:23.0440 4756 Spooler - ok
21:35:23.0543 4756 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
21:35:23.0545 4756 srv - ok
21:35:23.0584 4756 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
21:35:23.0586 4756 srv2 - ok
21:35:23.0621 4756 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
21:35:23.0622 4756 srvnet - ok
21:35:23.0640 4756 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
21:35:23.0642 4756 SSDPSRV - ok
21:35:23.0667 4756 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
21:35:23.0679 4756 SstpSvc - ok
21:35:23.0719 4756 Steam Client Service - ok
21:35:24.0027 4756 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:35:24.0043 4756 Stereo Service - ok
21:35:24.0095 4756 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
21:35:24.0099 4756 stisvc - ok
21:35:24.0131 4756 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
21:35:24.0131 4756 swenum - ok
21:35:24.0177 4756 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
21:35:24.0188 4756 swprv - ok
21:35:24.0203 4756 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
21:35:24.0203 4756 Symc8xx - ok
21:35:24.0208 4756 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
21:35:24.0208 4756 Sym_hi - ok
21:35:24.0224 4756 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
21:35:24.0224 4756 Sym_u3 - ok
21:35:24.0293 4756 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
21:35:24.0298 4756 SysMain - ok
21:35:24.0333 4756 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
21:35:24.0335 4756 TabletInputService - ok
21:35:24.0378 4756 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
21:35:24.0380 4756 TapiSrv - ok
21:35:24.0424 4756 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
21:35:24.0426 4756 TBS - ok
21:35:24.0564 4756 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
21:35:24.0570 4756 Tcpip - ok
21:35:24.0767 4756 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
21:35:24.0773 4756 Tcpip6 - ok
21:35:24.0836 4756 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
21:35:24.0838 4756 tcpipreg - ok
21:35:24.0859 4756 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
21:35:24.0861 4756 TDPIPE - ok
21:35:24.0875 4756 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
21:35:24.0876 4756 TDTCP - ok
21:35:24.0905 4756 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
21:35:24.0908 4756 tdx - ok
21:35:24.0939 4756 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
21:35:24.0940 4756 TermDD - ok
21:35:24.0993 4756 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
21:35:25.0001 4756 TermService - ok
21:35:25.0048 4756 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
21:35:25.0050 4756 Themes - ok
21:35:25.0077 4756 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
21:35:25.0078 4756 THREADORDER - ok
21:35:25.0113 4756 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
21:35:25.0115 4756 TrkWks - ok
21:35:25.0146 4756 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
21:35:25.0146 4756 TrustedInstaller - ok
21:35:25.0166 4756 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:35:25.0167 4756 tssecsrv - ok
21:35:25.0195 4756 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
21:35:25.0196 4756 tunmp - ok
21:35:25.0226 4756 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
21:35:25.0228 4756 tunnel - ok
21:35:25.0251 4756 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
21:35:25.0252 4756 uagp35 - ok
21:35:25.0288 4756 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
21:35:25.0290 4756 udfs - ok
21:35:25.0297 4756 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
21:35:25.0300 4756 UI0Detect - ok
21:35:25.0326 4756 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
21:35:25.0327 4756 uliagpkx - ok
21:35:25.0356 4756 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
21:35:25.0358 4756 uliahci - ok
21:35:25.0392 4756 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
21:35:25.0395 4756 UlSata - ok
21:35:25.0413 4756 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
21:35:25.0414 4756 ulsata2 - ok
21:35:25.0438 4756 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
21:35:25.0439 4756 umbus - ok
21:35:25.0463 4756 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
21:35:25.0466 4756 upnphost - ok
21:35:25.0509 4756 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
21:35:25.0509 4756 USBAAPL64 - ok
21:35:25.0558 4756 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
21:35:25.0558 4756 usbccgp - ok
21:35:25.0575 4756 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
21:35:25.0576 4756 usbcir - ok
21:35:25.0609 4756 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
21:35:25.0609 4756 usbehci - ok
21:35:25.0633 4756 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
21:35:25.0634 4756 usbhub - ok
21:35:25.0705 4756 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
21:35:25.0706 4756 usbohci - ok
21:35:25.0737 4756 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
21:35:25.0737 4756 usbprint - ok
21:35:25.0782 4756 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
21:35:25.0783 4756 usbscan - ok
21:35:25.0811 4756 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:35:25.0811 4756 USBSTOR - ok
21:35:25.0834 4756 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
21:35:25.0835 4756 usbuhci - ok
21:35:25.0866 4756 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
21:35:25.0868 4756 UxSms - ok
21:35:25.0924 4756 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
21:35:25.0932 4756 vds - ok
21:35:25.0948 4756 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
21:35:25.0949 4756 vga - ok
21:35:25.0963 4756 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
21:35:25.0963 4756 VgaSave - ok
21:35:25.0982 4756 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
21:35:25.0983 4756 viaide - ok
21:35:26.0002 4756 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
21:35:26.0002 4756 volmgr - ok
21:35:26.0051 4756 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
21:35:26.0053 4756 volmgrx - ok
21:35:26.0094 4756 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
21:35:26.0096 4756 volsnap - ok
21:35:26.0129 4756 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
21:35:26.0130 4756 vsmraid - ok
21:35:26.0227 4756 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
21:35:26.0293 4756 VSS - ok
21:35:26.0463 4756 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
21:35:26.0468 4756 W32Time - ok
21:35:26.0494 4756 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
21:35:26.0495 4756 WacomPen - ok
21:35:26.0541 4756 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
21:35:26.0541 4756 Wanarp - ok
21:35:26.0546 4756 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
21:35:26.0547 4756 Wanarpv6 - ok
21:35:26.0618 4756 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
21:35:26.0622 4756 wcncsvc - ok
21:35:26.0680 4756 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
21:35:26.0682 4756 WcsPlugInService - ok
21:35:26.0694 4756 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
21:35:26.0695 4756 Wd - ok
21:35:26.0737 4756 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
21:35:26.0737 4756 WDC_SAM - ok
21:35:26.0794 4756 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
21:35:26.0802 4756 Wdf01000 - ok
21:35:26.0814 4756 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
21:35:26.0817 4756 WdiServiceHost - ok
21:35:26.0819 4756 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
21:35:26.0821 4756 WdiSystemHost - ok
21:35:26.0838 4756 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
21:35:26.0840 4756 WebClient - ok
21:35:26.0878 4756 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
21:35:26.0880 4756 Wecsvc - ok
21:35:26.0890 4756 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
21:35:26.0893 4756 wercplsupport - ok
21:35:26.0911 4756 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
21:35:26.0913 4756 WerSvc - ok
21:35:26.0944 4756 WinDefend - ok
21:35:26.0948 4756 WinHttpAutoProxySvc - ok
21:35:27.0013 4756 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
21:35:27.0014 4756 Winmgmt - ok
21:35:27.0134 4756 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
21:35:27.0145 4756 WinRM - ok
21:35:27.0246 4756 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
21:35:27.0250 4756 Wlansvc - ok
21:35:27.0330 4756 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
21:35:27.0330 4756 WmiAcpi - ok
21:35:27.0366 4756 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
21:35:27.0368 4756 wmiApSrv - ok
21:35:27.0390 4756 WMPNetworkSvc - ok
21:35:27.0424 4756 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
21:35:27.0428 4756 WPCSvc - ok
21:35:27.0456 4756 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
21:35:27.0458 4756 WPDBusEnum - ok
21:35:27.0531 4756 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
21:35:27.0531 4756 WpdUsb - ok
21:35:27.0694 4756 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:35:27.0698 4756 WPFFontCache_v0400 - ok
21:35:27.0716 4756 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
21:35:27.0716 4756 ws2ifsl - ok
21:35:27.0747 4756 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll
21:35:27.0750 4756 wscsvc - ok
21:35:27.0753 4756 WSearch - ok
21:35:27.0943 4756 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
21:35:27.0983 4756 wuauserv - ok
21:35:28.0151 4756 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:35:28.0152 4756 WUDFRd - ok
21:35:28.0187 4756 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
21:35:28.0190 4756 wudfsvc - ok
21:35:28.0214 4756 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:35:28.0238 4756 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
21:35:28.0239 4756 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
21:35:28.0258 4756 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:35:28.0258 4756 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:35:28.0308 4756 Boot (0x1200) (fccf7d8cb9f49b75ef65ae964efacbb8) \Device\Harddisk0\DR0\Partition0
21:35:28.0323 4756 \Device\Harddisk0\DR0\Partition0 - ok
21:35:28.0323 4756 ============================================================
21:35:28.0323 4756 Scan finished
21:35:28.0323 4756 ============================================================
21:35:28.0334 2472 Detected object count: 2
21:35:28.0334 2472 Actual detected object count: 2
21:36:07.0348 2472 \Device\Harddisk0\DR0\# - copied to quarantine
21:36:07.0349 2472 \Device\Harddisk0\DR0 - copied to quarantine
21:36:07.0377 2472 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
21:36:07.0400 2472 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
21:36:07.0410 2472 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:36:07.0419 2472 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:36:07.0421 2472 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
21:36:07.0422 2472 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
21:36:07.0458 2472 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
21:36:07.0460 2472 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:36:07.0464 2472 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:36:07.0465 2472 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
21:36:07.0467 2472 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
21:36:07.0469 2472 \Device\Harddisk0\DR0 - processing error
21:36:16.0204 2472 \Device\Harddisk0\DR0 - will be restored on reboot
21:36:21.0750 2472 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure Restore
21:36:21.0760 2472 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
21:36:21.0762 2472 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
21:36:21.0777 2472 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:36:21.0784 2472 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:36:21.0811 2472 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
21:36:21.0814 2472 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
21:36:21.0816 2472 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
21:36:21.0818 2472 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:36:21.0828 2472 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:36:21.0831 2472 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
21:36:21.0839 2472 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
21:36:21.0841 2472 \Device\Harddisk0\DR0\TDLFS - deleted
21:36:21.0841 2472 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
21:36:40.0894 1560 Deinitialize success

========= End of CMD: =========


==== End of Fixlog ====

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:23 PM

Posted 24 April 2012 - 08:30 PM

Let's take a look at other things while we do the fixes you have done once more.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
cmd: bootrec /FixMbr
cmd: bootrec /Fixboot
cmd: dir /a c:\
Folder: c:\boot
cmd: bcdedit /enum all
Control: 
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options and select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also restart the system. If the startup repair wanted to run let it run to completion. If you still could not get to Windows, restart and Tab F8 a few times at startup and see if you can get to Safe Mode.

#7 bobmarley753

bobmarley753
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 24 April 2012 - 08:56 PM

Will report on the restart attempts shortly...

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 22-04-2012
Ran by SYSTEM at 2012-04-24 21:51:40 R:2
Running from F:\

==============================================


========= bootrec /FixMbr =========

˙ūT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


========= bootrec /Fixboot =========

˙ūT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


========= dir /a c:\ =========

Volume in drive C has no label.
Volume Serial Number is CA56-5682

Directory of c:\

04/10/2009 07:45 AM <DIR> $Recycle.Bin
12/05/2009 10:45 AM <DIR> Boot
04/10/2009 10:36 PM 333,257 bootmgr
10/15/2008 07:59 AM 8,192 BOOTSECT.BAK
10/14/2008 06:45 PM 237 csb.log
11/02/2006 07:42 AM <JUNCTION> Documents and Settings [C:\Users]
11/07/2007 04:00 AM 17,734 eula.1028.txt
11/07/2007 04:00 AM 17,734 eula.1031.txt
11/07/2007 04:00 AM 10,134 eula.1033.txt
11/07/2007 04:00 AM 17,734 eula.1036.txt
11/07/2007 04:00 AM 17,734 eula.1040.txt
11/07/2007 04:00 AM 118 eula.1041.txt
11/07/2007 04:00 AM 17,734 eula.1042.txt
11/07/2007 04:00 AM 17,734 eula.2052.txt
11/07/2007 04:00 AM 17,734 eula.3082.txt
04/24/2012 07:16 PM <DIR> FRST
09/06/2011 03:01 PM <DIR> Games
11/07/2007 04:00 AM 1,110 globdata.ini
11/07/2007 04:03 AM 562,688 install.exe
11/07/2007 04:00 AM 843 install.ini
11/07/2007 04:03 AM 76,304 install.res.1028.dll
11/07/2007 04:03 AM 96,272 install.res.1031.dll
11/07/2007 04:03 AM 91,152 install.res.1033.dll
11/07/2007 04:03 AM 97,296 install.res.1036.dll
11/07/2007 04:03 AM 95,248 install.res.1040.dll
11/07/2007 04:03 AM 81,424 install.res.1041.dll
11/07/2007 04:03 AM 79,888 install.res.1042.dll
11/07/2007 04:03 AM 75,792 install.res.2052.dll
11/07/2007 04:03 AM 96,272 install.res.3082.dll
10/14/2008 06:36 PM <DIR> Intel
12/01/2006 07:37 PM 904,704 msdia80.dll
04/20/2012 09:59 PM <DIR> NVIDIA
04/23/2012 05:16 PM 4,607,000,576 pagefile.sys
01/20/2008 07:04 PM <DIR> PerfLogs
04/24/2012 01:04 AM <DIR> Program Files
04/24/2012 01:04 AM <DIR> Program Files (x86)
04/20/2012 09:57 PM <DIR> ProgramData
10/14/2008 06:42 PM 473 RHDSetup.log
10/14/2008 06:52 PM 122 service.log
04/24/2012 07:25 PM <DIR> System Volume Information
04/23/2012 05:34 PM 117,958 TDSSKiller.2.7.32.0_23.04.2012_21.31.28_log.txt
04/23/2012 05:36 PM 119,634 TDSSKiller.2.7.32.0_23.04.2012_21.34.58_log.txt
04/23/2012 05:36 PM <DIR> TDSSKiller_Quarantine
04/20/2012 09:59 PM <DIR> Users
11/07/2007 04:00 AM 5,686 vcredist.bmp
11/07/2007 04:09 AM 1,442,522 VC_RED.cab
11/07/2007 04:12 AM 232,960 VC_RED.MSI
04/24/2012 01:04 AM <DIR> Windows
33 File(s) 4,611,655,000 bytes
15 Dir(s) 179,334,258,688 bytes free

========= End of CMD: =========


========================= Folder: c:\boot ========================

2008-10-15 07:59 - 2012-04-24 21:33 - 0024576 __ASH () c:\boot\BCD
2008-10-15 07:59 - 2012-04-24 21:33 - 0021504 __ASH () c:\boot\BCD.LOG
2008-10-15 07:59 - 2008-10-15 07:59 - 0000000 ___AH () c:\boot\BCD.LOG1
2008-10-15 07:59 - 2008-10-15 07:59 - 0000000 ___AH () c:\boot\BCD.LOG2
2008-10-15 07:59 - 2008-10-15 07:59 - 0065536 __ASH () c:\boot\bootstat.dat
2008-10-15 07:59 - 2009-12-05 10:45 - 0000000 ____D () c:\boot\cs-CZ
2008-10-15 07:59 - 2009-12-05 10:45 - 0000000 ____D () c:\boot\da-DK
2008-10-15 07:59 - 2009-12-05 10:45 - 0000000 ____D () c:\boot\de-DE
2008-10-15 07:59 - 2009-12-05 10:45 - 0000000 ____D () c:\boot\el-GR
2008-10-15 07:59 - 2009-12-05 10:45 - 0000000 ____D () c:\boot\en-US
2008-10-15 07:59 - 2009-12-05 10:45 - 0000000 ____D () c:\boot\es-ES
2008-10-15 07:59 - 2009-12-05 10:45 - 0000000 ____D () c:\boot\fi-FI
2008-10-15 07:59 - 2008-10-15 07:59 - 0000000 ____D () c:\boot\Fonts
2008-10-15 07:59 - 2009-12-05 10:45 - 0000000 ____D () c:\boot\fr-FR
2008-10-15 07:59 - 2009-12-05 10:45 - 0000000 ____D () c:\boot\hu-HU
2008-10-15 07:59 - 2009-12-05 10:45 - 0000000 ____D () c:\boot\it-IT
2008-10-15 07:59 - 2009-12-05 10:45 - 0000000 ____D () c:\boot\ja-JP
2008-10-15 07:59 - 2009-12-05 10:45 - 0000000 ____D () c:\boot\ko-KR
2008-10-15 07:59 - 2009-04-10 22:32 - 0405992 ____A (Microsoft Corporation) c:\boot\memtest.exe
2008-10-15 07:59 - 2009-12-05 10:45 - 0000000 ____D () c:\boot\nb-NO
2008-10-15 07:59 - 2009-12-05 10:45 - 0000000 ____D () c:\boot\nl-NL
2008-10-15 07:59 - 2009-12-05 10:45 - 0000000 ____D () c:\boot\pl-PL
2008-10-15 07:59 - 2009-12-05 10:45 - 0000000 ____D () c:\boot\pt-BR
2008-10-15 07:59 - 2009-12-05 10:45 - 0000000 ____D () c:\boot\pt-PT
2008-10-15 07:59 - 2009-12-05 10:45 - 0000000 ____D () c:\boot\ru-RU
2008-10-15 07:59 - 2009-12-05 10:45 - 0000000 ____D () c:\boot\sv-SE
2008-10-15 07:59 - 2009-12-05 10:45 - 0000000 ____D () c:\boot\tr-TR
2008-10-15 07:59 - 2009-12-05 10:45 - 0000000 ____D () c:\boot\zh-CN
2008-10-15 07:59 - 2009-12-05 10:45 - 0000000 ____D () c:\boot\zh-HK
2008-10-15 07:59 - 2009-12-05 10:45 - 0000000 ____D () c:\boot\zh-TW
2008-10-15 07:59 - 2008-01-20 18:48 - 0068096 ____A (Microsoft Corporation) c:\boot\cs-CZ\bootmgr.exe.mui
2008-10-15 07:59 - 2008-01-20 18:48 - 0067072 ____A (Microsoft Corporation) c:\boot\da-DK\bootmgr.exe.mui
2008-10-15 07:59 - 2008-01-20 18:48 - 0070656 ____A (Microsoft Corporation) c:\boot\de-DE\bootmgr.exe.mui
2008-10-15 07:59 - 2008-01-20 18:48 - 0073216 ____A (Microsoft Corporation) c:\boot\el-GR\bootmgr.exe.mui
2008-10-15 07:59 - 2008-01-20 18:48 - 0066560 ____A (Microsoft Corporation) c:\boot\en-US\bootmgr.exe.mui
2008-10-15 07:59 - 2006-11-02 07:13 - 0036352 ____A (Microsoft Corporation) c:\boot\en-US\memtest.exe.mui
2008-10-15 07:59 - 2008-01-20 18:48 - 0069632 ____A (Microsoft Corporation) c:\boot\es-ES\bootmgr.exe.mui
2008-10-15 07:59 - 2008-01-20 18:48 - 0068096 ____A (Microsoft Corporation) c:\boot\fi-FI\bootmgr.exe.mui
2008-10-15 07:59 - 2006-09-18 13:27 - 3694080 ____A () c:\boot\Fonts\chs_boot.ttf
2008-10-15 07:59 - 2006-09-18 13:27 - 3876772 ____A () c:\boot\Fonts\cht_boot.ttf
2008-10-15 07:59 - 2006-09-18 13:27 - 1984228 ____A () c:\boot\Fonts\jpn_boot.ttf
2008-10-15 07:59 - 2006-09-18 13:27 - 2371360 ____A () c:\boot\Fonts\kor_boot.ttf
2008-10-15 07:59 - 2006-09-18 13:27 - 0047452 ____A () c:\boot\Fonts\wgl4_boot.ttf
2008-10-15 07:59 - 2008-01-20 18:48 - 0072192 ____A (Microsoft Corporation) c:\boot\fr-FR\bootmgr.exe.mui
2008-10-15 07:59 - 2008-01-20 18:51 - 0070144 ____A (Microsoft Corporation) c:\boot\hu-HU\bootmgr.exe.mui
2008-10-15 07:59 - 2008-01-20 18:51 - 0070144 ____A (Microsoft Corporation) c:\boot\it-IT\bootmgr.exe.mui
2008-10-15 07:59 - 2008-01-20 18:50 - 0056320 ____A (Microsoft Corporation) c:\boot\ja-JP\bootmgr.exe.mui
2008-10-15 07:59 - 2008-01-20 18:50 - 0056832 ____A (Microsoft Corporation) c:\boot\ko-KR\bootmgr.exe.mui
2008-10-15 07:59 - 2008-01-20 18:50 - 0067584 ____A (Microsoft Corporation) c:\boot\nb-NO\bootmgr.exe.mui
2008-10-15 07:59 - 2008-01-20 18:50 - 0070144 ____A (Microsoft Corporation) c:\boot\nl-NL\bootmgr.exe.mui
2008-10-15 07:59 - 2008-01-20 18:49 - 0070144 ____A (Microsoft Corporation) c:\boot\pl-PL\bootmgr.exe.mui
2008-10-15 07:59 - 2008-01-20 18:49 - 0069632 ____A (Microsoft Corporation) c:\boot\pt-BR\bootmgr.exe.mui
2008-10-15 07:59 - 2008-01-20 18:49 - 0069632 ____A (Microsoft Corporation) c:\boot\pt-PT\bootmgr.exe.mui
2008-10-15 07:59 - 2008-01-20 18:49 - 0069120 ____A (Microsoft Corporation) c:\boot\ru-RU\bootmgr.exe.mui
2008-10-15 07:59 - 2008-01-20 18:49 - 0067584 ____A (Microsoft Corporation) c:\boot\sv-SE\bootmgr.exe.mui
2008-10-15 07:59 - 2008-01-20 18:49 - 0067584 ____A (Microsoft Corporation) c:\boot\tr-TR\bootmgr.exe.mui
2008-10-15 07:59 - 2008-01-20 18:48 - 0053248 ____A (Microsoft Corporation) c:\boot\zh-CN\bootmgr.exe.mui
2008-10-15 07:59 - 2008-01-20 18:48 - 0051712 ____A (Microsoft Corporation) c:\boot\zh-HK\bootmgr.exe.mui
2008-10-15 07:59 - 2008-01-20 18:48 - 0051712 ____A (Microsoft Corporation) c:\boot\zh-TW\bootmgr.exe.mui
====== End of Folder: ======

==== End of Fixlog ====

#8 bobmarley753

bobmarley753
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 24 April 2012 - 09:05 PM

No change in startup. I get the Motherboard splash screen, the readout of all of the USB host controllers, etc.

Then verifying DMI Pool Data..................

Then it hangs up with a flashing cursor (this is where it used to say invalid partition table before fixmbr and fixboot were run by me the first time)

TAB and F8 seem to have no effect on startup for me, got the same displays listed above. I'm using a GIGABYTE Motherboard FYI.

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:23 PM

Posted 25 April 2012 - 03:20 AM

The log is not complete, are you sure you copied and pasted all the script to the fixlist.txt?

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
cmd: bcdedit /enum all
Control: 
end

Now please enter System Recovery Options and select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

#10 bobmarley753

bobmarley753
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 25 April 2012 - 08:05 AM

Double checked both fixlist and fixlog to make sure I copied and pasted the whole thing, and it appears I have. If something is missing from the log it really may not be there :/

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 22-04-2012
Ran by SYSTEM at 2012-04-25 09:00:33 R:3
Running from F:\

==============================================


========= bcdedit /enum all =========


Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {default}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30
resume No

Windows Boot Loader
-------------------
identifier {default}
device partition=C:
path \Windows\system32\winload.exe
description Microsoft Windows Vista
locale en-US
inherit {bootloadersettings}
osdevice partition=C:
systemroot \Windows
resumeobject {4ee4c717-9ad2-11dd-bc26-e750cd6ccdab}
nx OptIn

Resume from Hibernate
---------------------
identifier {4ee4c717-9ad2-11dd-bc26-e750cd6ccdab}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

Windows Legacy OS Loader
------------------------
identifier {ntldr}
device partition=C:
path \ntldr
description Earlier Version of Windows

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

========= End of CMD: =========


=========== Control: ===========

The operation completed successfully.

==== End of Control: ====

==== End of Fixlog ====

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:23 PM

Posted 25 April 2012 - 12:07 PM

That part is good.

You have not changed any setting in the BIOS set up, have you?

See if you can get to BIOS set up by taping F2 after restart. If you can find the option to restore BIOS to its default setting. Save the setting and exit BIOS to see if it boots.

#12 bobmarley753

bobmarley753
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 25 April 2012 - 12:17 PM

You have not changed any setting in the BIOS set up, have you?


The only change I have made in the BIOS was to change the boot priority to boot from CD. I recall seeing an option to load "default" or "fail-safe default," so I will do that when I get home from work in ~ 5 hrs.

Thanks

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:23 PM

Posted 25 April 2012 - 12:18 PM

:thumbup2:

#14 bobmarley753

bobmarley753
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 25 April 2012 - 05:41 PM

Loaded Fail-Safe Default in the BIOS, saved and restarted, same result. Stops at Verifying DMI Pool Data with a blinking cursor indefinitely.

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:23 PM

Posted 25 April 2012 - 10:12 PM

Let's try this one. This fix will restore the registry hives to pre-boot condition.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
Last Boot: 2012-04-23 17:22
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options and select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also please restart and see if anything is changed. Before restarting please remove the flash drive.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users