Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tons of viruses, fixed some cant fix em all.


  • Please log in to reply
25 replies to this topic

#1 asip

asip

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 02 August 2012 - 04:23 PM

Hello everyone,
I was doing some work on my java programming and was searching for help in java, when suddenly my AV said I had a virus. Surprised, I quickly opened up mbam to scan my computer, but it was too late. All my windows closed and "live security platinum" opened up, claiming my computer was infested with viruses. Having had this particular virus before I restarted my computer, RKill at the ready. Surprisingly, live security platinum didn't pop up after I restarted the computer. I ran Mbam and it caught and removed 11 viruses, I thought I had lucked out. After mbam finished, another window called "Security Shield" popped up. In addition to "Security Shield," I was also receiving redirects when I searched things in Google by something called, "http://click.get-answers-fast.com." I restarted my computer and quickly opened up RKill. I ran it and I got this error "Windows has discovered a critical error, and must restart." After it restarted I ran mbam, which caught another 6 viruses. Thinking I was finally safe, I decided to update my computer to the latest firmware (last time I did this was in October.) My Windows Update screen was surrounded in red and when I tried to check for updates, I got this error, "Windows Update cannot check for updates because the service is not running, a restart may be needed." I restarted my computer and tried to update, but the I got the same problem. Frustrated, I decided to update and run my old AV, Spybot Search and Destroy. It caught 24 viruses, some of which called something-like, Windows.security.AntiVirus.Override or something like that. Now when I restart my computer I still get redirects from "http://click.get-answers-fast.com" and my Windows Update still does not work. Mbam does not see anything, after full scans and quick scans. PLEASE HELP!

If you need me to release any other info please tell me what I need to do.

Thanks,
Aaron.

Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:03 AM

Posted 02 August 2012 - 05:23 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 asip

asip
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 02 August 2012 - 10:55 PM

should i try to remove the viruses with the things u tell me to download, or only report what they find?

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:03 AM

Posted 02 August 2012 - 11:16 PM

Post the logs alone

#5 asip

asip
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 02 August 2012 - 11:38 PM

In the midst of my ESCT scan my mcafee scanner picked up 5 viruses and is constantly getting larger. They are called av4C3B.tmp and all something around that, another is caleld av4C93.tmp. It classifies them all as ZeroAccess.

#6 asip

asip
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 03 August 2012 - 08:50 AM

logs from TDSKILLER:
00:28:59.0886 7844 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
00:29:00.0148 7844 ============================================================
00:29:00.0148 7844 Current date / time: 2012/08/03 00:29:00.0148
00:29:00.0148 7844 SystemInfo:
00:29:00.0148 7844
00:29:00.0148 7844 OS Version: 6.1.7601 ServicePack: 1.0
00:29:00.0148 7844 Product type: Workstation
00:29:00.0148 7844 ComputerName: AARONSCOMPUTER
00:29:00.0149 7844 UserName: Aaron ******
00:29:00.0149 7844 Windows directory: C:\Windows
00:29:00.0149 7844 System windows directory: C:\Windows
00:29:00.0149 7844 Running under WOW64
00:29:00.0149 7844 Processor architecture: Intel x64
00:29:00.0149 7844 Number of processors: 8
00:29:00.0149 7844 Page size: 0x1000
00:29:00.0149 7844 Boot type: Normal boot
00:29:00.0149 7844 ============================================================
00:29:00.0731 7844 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:29:00.0742 7844 Drive \Device\Harddisk5\DR5 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:29:00.0763 7844 ============================================================
00:29:00.0763 7844 \Device\Harddisk0\DR0:
00:29:00.0764 7844 MBR partitions:
00:29:00.0764 7844 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:29:00.0764 7844 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3283F, BlocksNum 0xAD43D7C1
00:29:00.0764 7844 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAD470000, BlocksNum 0x1617000
00:29:00.0764 7844 \Device\Harddisk5\DR5:
00:29:00.0764 7844 MBR partitions:
00:29:00.0764 7844 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAEA86702
00:29:00.0764 7844 ============================================================
00:29:00.0801 7844 C: <-> \Device\Harddisk0\DR0\Partition1
00:29:00.0874 7844 D: <-> \Device\Harddisk0\DR0\Partition2
00:29:00.0908 7844 J: <-> \Device\Harddisk5\DR5\Partition0
00:29:00.0908 7844 ============================================================
00:29:00.0908 7844 Initialize success
00:29:00.0908 7844 ============================================================
00:29:33.0098 7340 ============================================================
00:29:33.0098 7340 Scan started
00:29:33.0098 7340 Mode: Manual; TDLFS;
00:29:33.0098 7340 ============================================================
00:29:33.0734 7340 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:29:33.0783 7340 1394ohci - ok
00:29:33.0872 7340 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
00:29:33.0961 7340 ACDaemon - ok
00:29:33.0985 7340 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:29:33.0987 7340 ACPI - ok
00:29:34.0016 7340 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:29:34.0049 7340 AcpiPmi - ok
00:29:34.0146 7340 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:29:34.0148 7340 AdobeFlashPlayerUpdateSvc - ok
00:29:34.0200 7340 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:29:34.0215 7340 adp94xx - ok
00:29:34.0237 7340 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:29:34.0249 7340 adpahci - ok
00:29:34.0265 7340 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:29:34.0274 7340 adpu320 - ok
00:29:34.0294 7340 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:29:34.0296 7340 AeLookupSvc - ok
00:29:34.0401 7340 Afc (0d0e5281784c2c526ba43c2ecd374288) C:\Windows\syswow64\drivers\Afc.sys
00:29:34.0459 7340 Afc - ok
00:29:34.0552 7340 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
00:29:34.0600 7340 AFD - ok
00:29:34.0645 7340 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:29:34.0650 7340 agp440 - ok
00:29:34.0898 7340 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll
00:29:34.0898 7340 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
00:29:34.0904 7340 Akamai ( HiddenFile.Multi.Generic ) - warning
00:29:34.0904 7340 Akamai - detected HiddenFile.Multi.Generic (1)
00:29:34.0995 7340 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:29:35.0001 7340 ALG - ok
00:29:35.0046 7340 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:29:35.0053 7340 aliide - ok
00:29:35.0118 7340 AMD External Events Utility (c6f7a4e77158af1b937f872392ff1b13) C:\Windows\system32\atiesrxx.exe
00:29:35.0165 7340 AMD External Events Utility - ok
00:29:35.0206 7340 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:29:35.0208 7340 amdide - ok
00:29:35.0231 7340 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:29:35.0237 7340 AmdK8 - ok
00:29:35.0510 7340 amdkmdag (21d749e3c8140b16c40a8273fd747899) C:\Windows\system32\DRIVERS\atikmdag.sys
00:29:35.0708 7340 amdkmdag - ok
00:29:35.0782 7340 amdkmdap (1aa6f50a8e7f8413377c979cef5218a5) C:\Windows\system32\DRIVERS\atikmpag.sys
00:29:35.0828 7340 amdkmdap - ok
00:29:35.0834 7340 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:29:35.0838 7340 AmdPPM - ok
00:29:35.0855 7340 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:29:35.0891 7340 amdsata - ok
00:29:35.0911 7340 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:29:35.0918 7340 amdsbs - ok
00:29:35.0929 7340 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:29:35.0929 7340 amdxata - ok
00:29:35.0998 7340 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:29:36.0056 7340 AppID - ok
00:29:36.0083 7340 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:29:36.0086 7340 AppIDSvc - ok
00:29:36.0130 7340 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
00:29:36.0155 7340 Appinfo - ok
00:29:36.0231 7340 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:29:36.0283 7340 Apple Mobile Device - ok
00:29:36.0297 7340 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:29:36.0302 7340 arc - ok
00:29:36.0364 7340 archlp (29e7252fa743b15bce1a2245c5643a02) C:\Windows\syswow64\drivers\archlp.sys
00:29:36.0417 7340 archlp - ok
00:29:36.0430 7340 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:29:36.0435 7340 arcsas - ok
00:29:36.0571 7340 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:29:36.0626 7340 aspnet_state - ok
00:29:36.0647 7340 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:29:36.0650 7340 AsyncMac - ok
00:29:36.0705 7340 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:29:36.0709 7340 atapi - ok
00:29:36.0747 7340 AtiHdmiService (d481083348138b4933acfe95812db71c) C:\Windows\system32\drivers\AtiHdmi.sys
00:29:36.0792 7340 AtiHdmiService - ok
00:29:37.0068 7340 atikmdag (21d749e3c8140b16c40a8273fd747899) C:\Windows\system32\DRIVERS\atikmdag.sys
00:29:37.0098 7340 atikmdag - ok
00:29:37.0202 7340 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:29:37.0253 7340 AudioEndpointBuilder - ok
00:29:37.0257 7340 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:29:37.0260 7340 AudioSrv - ok
00:29:37.0319 7340 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
00:29:37.0347 7340 AxInstSV - ok
00:29:37.0415 7340 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:29:37.0429 7340 b06bdrv - ok
00:29:37.0452 7340 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:29:37.0460 7340 b57nd60a - ok
00:29:37.0491 7340 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:29:37.0495 7340 BDESVC - ok
00:29:37.0502 7340 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:29:37.0507 7340 Beep - ok
00:29:37.0531 7340 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:29:37.0537 7340 blbdrive - ok
00:29:37.0614 7340 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
00:29:37.0665 7340 Bonjour Service - ok
00:29:37.0728 7340 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:29:37.0730 7340 bowser - ok
00:29:37.0740 7340 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:29:37.0747 7340 BrFiltLo - ok
00:29:37.0750 7340 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:29:37.0756 7340 BrFiltUp - ok
00:29:37.0801 7340 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
00:29:37.0847 7340 Browser - ok
00:29:37.0874 7340 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:29:37.0881 7340 Brserid - ok
00:29:37.0887 7340 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:29:37.0891 7340 BrSerWdm - ok
00:29:37.0894 7340 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:29:37.0896 7340 BrUsbMdm - ok
00:29:37.0899 7340 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:29:37.0902 7340 BrUsbSer - ok
00:29:37.0923 7340 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:29:37.0926 7340 BTHMODEM - ok
00:29:37.0936 7340 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:29:37.0939 7340 bthserv - ok
00:29:37.0958 7340 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:29:37.0965 7340 cdfs - ok
00:29:38.0033 7340 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
00:29:38.0076 7340 cdrom - ok
00:29:38.0134 7340 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:29:38.0179 7340 CertPropSvc - ok
00:29:38.0219 7340 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:29:38.0223 7340 circlass - ok
00:29:38.0247 7340 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:29:38.0250 7340 CLFS - ok
00:29:38.0321 7340 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:29:38.0326 7340 clr_optimization_v2.0.50727_32 - ok
00:29:38.0354 7340 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:29:38.0361 7340 clr_optimization_v2.0.50727_64 - ok
00:29:38.0427 7340 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:29:38.0475 7340 clr_optimization_v4.0.30319_32 - ok
00:29:38.0512 7340 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:29:38.0562 7340 clr_optimization_v4.0.30319_64 - ok
00:29:38.0588 7340 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:29:38.0592 7340 CmBatt - ok
00:29:38.0607 7340 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:29:38.0611 7340 cmdide - ok
00:29:38.0666 7340 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
00:29:38.0670 7340 CNG - ok
00:29:38.0692 7340 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:29:38.0698 7340 Compbatt - ok
00:29:38.0745 7340 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:29:38.0795 7340 CompositeBus - ok
00:29:38.0803 7340 COMSysApp - ok
00:29:38.0811 7340 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:29:38.0814 7340 crcdisk - ok
00:29:38.0861 7340 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
00:29:38.0903 7340 CryptSvc - ok
00:29:38.0931 7340 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:29:38.0934 7340 DcomLaunch - ok
00:29:38.0967 7340 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:29:38.0974 7340 defragsvc - ok
00:29:39.0017 7340 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:29:39.0019 7340 DfsC - ok
00:29:39.0045 7340 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
00:29:39.0086 7340 Dhcp - ok
00:29:39.0093 7340 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:29:39.0095 7340 discache - ok
00:29:39.0112 7340 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:29:39.0112 7340 Disk - ok
00:29:39.0167 7340 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
00:29:39.0206 7340 Dnscache - ok
00:29:39.0264 7340 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
00:29:39.0301 7340 dot3svc - ok
00:29:39.0359 7340 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
00:29:39.0361 7340 DPS - ok
00:29:39.0394 7340 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:29:39.0399 7340 drmkaud - ok
00:29:39.0445 7340 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:29:39.0511 7340 DXGKrnl - ok
00:29:39.0555 7340 e1yexpress (761b9edd97a021aa1922501b7a056635) C:\Windows\system32\DRIVERS\e1y62x64.sys
00:29:39.0602 7340 e1yexpress - ok
00:29:39.0618 7340 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:29:39.0621 7340 EapHost - ok
00:29:39.0736 7340 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:29:39.0787 7340 ebdrv - ok
00:29:39.0852 7340 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
00:29:39.0856 7340 EFS - ok
00:29:39.0904 7340 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
00:29:39.0961 7340 ehRecvr - ok
00:29:40.0069 7340 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:29:40.0072 7340 ehSched - ok
00:29:40.0116 7340 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:29:40.0129 7340 elxstor - ok
00:29:40.0166 7340 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:29:40.0171 7340 ErrDev - ok
00:29:40.0209 7340 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:29:40.0217 7340 EventSystem - ok
00:29:40.0234 7340 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:29:40.0244 7340 exfat - ok
00:29:40.0261 7340 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:29:40.0270 7340 fastfat - ok
00:29:40.0345 7340 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
00:29:40.0389 7340 Fax - ok
00:29:40.0421 7340 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:29:40.0425 7340 fdc - ok
00:29:40.0434 7340 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:29:40.0439 7340 fdPHost - ok
00:29:40.0447 7340 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:29:40.0450 7340 FDResPub - ok
00:29:40.0462 7340 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:29:40.0463 7340 FileInfo - ok
00:29:40.0474 7340 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:29:40.0478 7340 Filetrace - ok
00:29:40.0483 7340 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:29:40.0488 7340 flpydisk - ok
00:29:40.0537 7340 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:29:40.0540 7340 FltMgr - ok
00:29:40.0617 7340 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
00:29:40.0655 7340 FontCache - ok
00:29:40.0744 7340 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:29:40.0800 7340 FontCache3.0.0.0 - ok
00:29:40.0849 7340 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:29:40.0853 7340 FsDepends - ok
00:29:40.0863 7340 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
00:29:40.0866 7340 Fs_Rec - ok
00:29:40.0886 7340 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:29:40.0888 7340 fvevol - ok
00:29:40.0898 7340 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:29:40.0906 7340 gagp30kx - ok
00:29:40.0973 7340 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
00:29:41.0029 7340 GameConsoleService - ok
00:29:41.0058 7340 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:29:41.0091 7340 GEARAspiWDM - ok
00:29:41.0153 7340 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
00:29:41.0189 7340 gpsvc - ok
00:29:41.0243 7340 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:29:41.0245 7340 gupdate - ok
00:29:41.0268 7340 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:29:41.0270 7340 gupdatem - ok
00:29:41.0315 7340 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
00:29:41.0371 7340 hamachi - ok
00:29:41.0380 7340 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:29:41.0384 7340 hcw85cir - ok
00:29:41.0414 7340 hcwhdpvr (9010fa16badfde702e8dfeb26e19e0e9) C:\Windows\system32\DRIVERS\hcwhdpvr.sys
00:29:41.0465 7340 hcwhdpvr - ok
00:29:41.0517 7340 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
00:29:41.0560 7340 HDAudBus - ok
00:29:41.0572 7340 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:29:41.0574 7340 HidBatt - ok
00:29:41.0586 7340 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:29:41.0589 7340 HidBth - ok
00:29:41.0599 7340 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:29:41.0602 7340 HidIr - ok
00:29:41.0621 7340 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
00:29:41.0624 7340 hidserv - ok
00:29:41.0638 7340 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
00:29:41.0671 7340 HidUsb - ok
00:29:41.0712 7340 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
00:29:41.0751 7340 hkmsvc - ok
00:29:41.0799 7340 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
00:29:41.0827 7340 HomeGroupListener - ok
00:29:41.0881 7340 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
00:29:41.0926 7340 HomeGroupProvider - ok
00:29:41.0944 7340 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:29:41.0980 7340 HpSAMD - ok
00:29:42.0055 7340 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:29:42.0116 7340 HTTP - ok
00:29:42.0152 7340 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:29:42.0153 7340 hwpolicy - ok
00:29:42.0219 7340 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
00:29:42.0224 7340 i8042prt - ok
00:29:42.0301 7340 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
00:29:42.0398 7340 IAANTMON - ok
00:29:42.0447 7340 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
00:29:42.0450 7340 iaStor - ok
00:29:42.0505 7340 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:29:42.0557 7340 iaStorV - ok
00:29:42.0607 7340 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
00:29:42.0667 7340 IDriverT - ok
00:29:42.0669 7340 IDriverT32 - ok
00:29:42.0744 7340 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:29:42.0811 7340 idsvc - ok
00:29:42.0849 7340 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:29:42.0854 7340 iirsp - ok
00:29:42.0902 7340 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
00:29:42.0951 7340 IKEEXT - ok
00:29:43.0036 7340 IntcAzAudAddService (ef75c94792187a143871fbb87611b0b7) C:\Windows\system32\drivers\RTKVHD64.sys
00:29:43.0125 7340 IntcAzAudAddService - ok
00:29:43.0182 7340 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:29:43.0184 7340 intelide - ok
00:29:43.0200 7340 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:29:43.0207 7340 intelppm - ok
00:29:43.0229 7340 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:29:43.0237 7340 IPBusEnum - ok
00:29:43.0279 7340 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:29:43.0312 7340 IpFilterDriver - ok
00:29:43.0325 7340 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:29:43.0357 7340 IPMIDRV - ok
00:29:43.0373 7340 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:29:43.0378 7340 IPNAT - ok
00:29:43.0465 7340 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
00:29:43.0517 7340 iPod Service - ok
00:29:43.0531 7340 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:29:43.0534 7340 IRENUM - ok
00:29:43.0559 7340 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:29:43.0562 7340 isapnp - ok
00:29:43.0584 7340 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:29:43.0651 7340 iScsiPrt - ok
00:29:43.0675 7340 JRAID (2224abc439d115a44edb5630a92c1d7e) C:\Windows\system32\DRIVERS\jraid.sys
00:29:43.0676 7340 JRAID - ok
00:29:43.0694 7340 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
00:29:43.0714 7340 kbdclass - ok
00:29:43.0724 7340 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
00:29:43.0771 7340 kbdhid - ok
00:29:43.0776 7340 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
00:29:43.0777 7340 KeyIso - ok
00:29:43.0791 7340 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
00:29:43.0792 7340 KSecDD - ok
00:29:43.0837 7340 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
00:29:43.0839 7340 KSecPkg - ok
00:29:43.0849 7340 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:29:43.0853 7340 ksthunk - ok
00:29:43.0878 7340 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:29:43.0888 7340 KtmRm - ok
00:29:43.0912 7340 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
00:29:43.0945 7340 LanmanServer - ok
00:29:43.0993 7340 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
00:29:44.0033 7340 LanmanWorkstation - ok
00:29:44.0087 7340 LightScribeService (0ee66bdf485c6828aa65c0ef5d591133) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
00:29:44.0136 7340 LightScribeService - ok
00:29:44.0149 7340 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:29:44.0152 7340 lltdio - ok
00:29:44.0185 7340 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:29:44.0192 7340 lltdsvc - ok
00:29:44.0196 7340 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:29:44.0200 7340 lmhosts - ok
00:29:44.0225 7340 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:29:44.0229 7340 LSI_FC - ok
00:29:44.0235 7340 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:29:44.0239 7340 LSI_SAS - ok
00:29:44.0249 7340 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:29:44.0251 7340 LSI_SAS2 - ok
00:29:44.0269 7340 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:29:44.0273 7340 LSI_SCSI - ok
00:29:44.0293 7340 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:29:44.0296 7340 luafv - ok
00:29:44.0342 7340 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
00:29:44.0377 7340 LVPr2M64 - ok
00:29:44.0404 7340 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
00:29:44.0405 7340 LVPr2Mon - ok
00:29:44.0485 7340 LVPrcS64 (9cd0dc863be5d40a762f7d84f11a8471) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
00:29:44.0487 7340 LVPrcS64 - ok
00:29:44.0539 7340 LVRS64 (803085f59ec92b3827cc4d90fcbfd335) C:\Windows\system32\DRIVERS\lvrs64.sys
00:29:44.0588 7340 LVRS64 - ok
00:29:44.0738 7340 LVUVC64 (a8d7c97016e6b76ef472a4c7ab357ee3) C:\Windows\system32\DRIVERS\lvuvc64.sys
00:29:44.0865 7340 LVUVC64 - ok
00:29:45.0009 7340 McAfeeEngineService (639da8f468552785e15f0f2fd8db44b3) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
00:29:45.0060 7340 McAfeeEngineService - ok
00:29:45.0112 7340 McAfeeFramework (c341d64c9f3b39cb56f9712335c33717) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
00:29:45.0127 7340 McAfeeFramework - ok
00:29:45.0186 7340 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
00:29:45.0248 7340 McComponentHostService - ok
00:29:45.0306 7340 McShield (4e09d8c4c861348a7f1c12a5aa9c4de7) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe
00:29:45.0360 7340 McShield - ok
00:29:45.0375 7340 McTaskManager (ea6278098da1f905aaec3dd614357f6e) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
00:29:45.0415 7340 McTaskManager - ok
00:29:45.0494 7340 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
00:29:45.0544 7340 Mcx2Svc - ok
00:29:45.0574 7340 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:29:45.0579 7340 megasas - ok
00:29:45.0603 7340 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:29:45.0609 7340 MegaSR - ok
00:29:45.0639 7340 mfeapfk (e2d642a38a8dc4722f859092f731b6a3) C:\Windows\system32\drivers\mfeapfk.sys
00:29:45.0689 7340 mfeapfk - ok
00:29:45.0705 7340 mfeavfk (ae23ed41216e160f54e5ef1a5ee325f7) C:\Windows\system32\drivers\mfeavfk.sys
00:29:45.0739 7340 mfeavfk - ok
00:29:45.0763 7340 mfehidk (bc76bc7129b2206098ac220b656f15b7) C:\Windows\system32\drivers\mfehidk.sys
00:29:45.0766 7340 mfehidk - ok
00:29:45.0782 7340 mferkdet (c7c15d125aa697be97087d197c9fad08) C:\Windows\system32\drivers\mferkdet.sys
00:29:45.0821 7340 mferkdet - ok
00:29:45.0837 7340 mfetdik (41ca4c4292004486d004d357b9c19718) C:\Windows\system32\drivers\mfetdik.sys
00:29:45.0871 7340 mfetdik - ok
00:29:45.0883 7340 mfevtp (c39855495e82ec6b02e6190c34a1b752) C:\Windows\system32\mfevtps.exe
00:29:45.0917 7340 mfevtp - ok
00:29:45.0934 7340 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:29:45.0935 7340 MMCSS - ok
00:29:45.0951 7340 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:29:45.0955 7340 Modem - ok
00:29:45.0985 7340 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:29:45.0990 7340 monitor - ok
00:29:46.0037 7340 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
00:29:46.0043 7340 mouclass - ok
00:29:46.0059 7340 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:29:46.0065 7340 mouhid - ok
00:29:46.0117 7340 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:29:46.0118 7340 mountmgr - ok
00:29:46.0229 7340 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:29:46.0291 7340 MozillaMaintenance - ok
00:29:46.0324 7340 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:29:46.0360 7340 mpio - ok
00:29:46.0392 7340 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:29:46.0397 7340 mpsdrv - ok
00:29:46.0452 7340 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:29:46.0506 7340 MRxDAV - ok
00:29:46.0552 7340 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:29:46.0554 7340 mrxsmb - ok
00:29:46.0604 7340 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:29:46.0606 7340 mrxsmb10 - ok
00:29:46.0621 7340 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:29:46.0622 7340 mrxsmb20 - ok
00:29:46.0635 7340 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:29:46.0676 7340 msahci - ok
00:29:46.0687 7340 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:29:46.0730 7340 msdsm - ok
00:29:46.0757 7340 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:29:46.0767 7340 MSDTC - ok
00:29:46.0803 7340 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:29:46.0805 7340 Msfs - ok
00:29:46.0812 7340 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:29:46.0819 7340 mshidkmdf - ok
00:29:46.0828 7340 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:29:46.0829 7340 msisadrv - ok
00:29:46.0875 7340 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:29:46.0884 7340 MSiSCSI - ok
00:29:46.0888 7340 msiserver - ok
00:29:46.0915 7340 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:29:46.0922 7340 MSKSSRV - ok
00:29:46.0935 7340 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:29:46.0942 7340 MSPCLOCK - ok
00:29:46.0958 7340 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:29:46.0962 7340 MSPQM - ok
00:29:46.0990 7340 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:29:46.0994 7340 MsRPC - ok
00:29:47.0002 7340 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:29:47.0006 7340 mssmbios - ok
00:29:47.0081 7340 MSSQL$SQLEXPRESS - ok
00:29:47.0170 7340 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
00:29:47.0222 7340 MSSQLServerADHelper100 - ok
00:29:47.0226 7340 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:29:47.0228 7340 MSTEE - ok
00:29:47.0237 7340 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:29:47.0240 7340 MTConfig - ok
00:29:47.0264 7340 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:29:47.0265 7340 Mup - ok
00:29:47.0286 7340 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
00:29:47.0334 7340 napagent - ok
00:29:47.0370 7340 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:29:47.0377 7340 NativeWifiP - ok
00:29:47.0416 7340 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:29:47.0421 7340 NDIS - ok
00:29:47.0437 7340 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:29:47.0442 7340 NdisCap - ok
00:29:47.0457 7340 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:29:47.0461 7340 NdisTapi - ok
00:29:47.0506 7340 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:29:47.0553 7340 Ndisuio - ok
00:29:47.0568 7340 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:29:47.0614 7340 NdisWan - ok
00:29:47.0660 7340 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:29:47.0693 7340 NDProxy - ok
00:29:47.0701 7340 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:29:47.0702 7340 NetBIOS - ok
00:29:47.0719 7340 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:29:47.0760 7340 NetBT - ok
00:29:47.0780 7340 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
00:29:47.0781 7340 Netlogon - ok
00:29:47.0830 7340 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:29:47.0838 7340 Netman - ok
00:29:47.0926 7340 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:29:47.0979 7340 NetMsmqActivator - ok
00:29:47.0981 7340 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:29:47.0982 7340 NetPipeActivator - ok
00:29:48.0013 7340 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:29:48.0015 7340 netprofm - ok
00:29:48.0017 7340 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:29:48.0018 7340 NetTcpActivator - ok
00:29:48.0021 7340 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:29:48.0022 7340 NetTcpPortSharing - ok
00:29:48.0044 7340 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:29:48.0048 7340 nfrd960 - ok
00:29:48.0068 7340 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
00:29:48.0102 7340 NlaSvc - ok
00:29:48.0109 7340 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:29:48.0110 7340 Npfs - ok
00:29:48.0125 7340 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:29:48.0128 7340 nsi - ok
00:29:48.0137 7340 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:29:48.0140 7340 nsiproxy - ok
00:29:48.0230 7340 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:29:48.0258 7340 Ntfs - ok
00:29:48.0311 7340 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:29:48.0317 7340 Null - ok
00:29:48.0409 7340 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:29:48.0457 7340 nvraid - ok
00:29:48.0521 7340 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:29:48.0573 7340 nvstor - ok
00:29:48.0623 7340 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:29:48.0632 7340 nv_agp - ok
00:29:48.0734 7340 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:29:48.0789 7340 odserv - ok
00:29:48.0808 7340 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:29:48.0814 7340 ohci1394 - ok
00:29:48.0839 7340 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:29:48.0884 7340 ose - ok
00:29:48.0904 7340 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:29:48.0909 7340 p2pimsvc - ok
00:29:48.0931 7340 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:29:48.0941 7340 p2psvc - ok
00:29:48.0952 7340 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:29:48.0956 7340 Parport - ok
00:29:48.0997 7340 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
00:29:48.0998 7340 partmgr - ok
00:29:49.0012 7340 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:29:49.0021 7340 PcaSvc - ok
00:29:49.0122 7340 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
00:29:49.0475 7340 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - ok
00:29:49.0509 7340 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:29:49.0544 7340 pci - ok
00:29:49.0556 7340 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:29:49.0559 7340 pciide - ok
00:29:49.0575 7340 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:29:49.0582 7340 pcmcia - ok
00:29:49.0601 7340 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:29:49.0602 7340 pcw - ok
00:29:49.0628 7340 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:29:49.0639 7340 PEAUTH - ok
00:29:49.0695 7340 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:29:49.0698 7340 PerfHost - ok
00:29:49.0785 7340 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
00:29:49.0844 7340 pla - ok
00:29:49.0903 7340 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
00:29:49.0947 7340 PlugPlay - ok
00:29:49.0967 7340 PnkBstrA - ok
00:29:49.0987 7340 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:29:49.0991 7340 PNRPAutoReg - ok
00:29:50.0012 7340 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:29:50.0014 7340 PNRPsvc - ok
00:29:50.0047 7340 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
00:29:50.0080 7340 PolicyAgent - ok
00:29:50.0102 7340 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:29:50.0105 7340 Power - ok
00:29:50.0127 7340 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:29:50.0161 7340 PptpMiniport - ok
00:29:50.0207 7340 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:29:50.0211 7340 Processor - ok
00:29:50.0227 7340 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
00:29:50.0272 7340 ProfSvc - ok
00:29:50.0295 7340 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
00:29:50.0296 7340 ProtectedStorage - ok
00:29:50.0351 7340 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:29:50.0400 7340 Psched - ok
00:29:50.0436 7340 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
00:29:50.0436 7340 PxHlpa64 - ok
00:29:50.0513 7340 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:29:50.0557 7340 ql2300 - ok
00:29:50.0623 7340 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:29:50.0628 7340 ql40xx - ok
00:29:50.0651 7340 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:29:50.0660 7340 QWAVE - ok
00:29:50.0676 7340 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:29:50.0683 7340 QWAVEdrv - ok
00:29:50.0695 7340 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:29:50.0699 7340 RasAcd - ok
00:29:50.0709 7340 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:29:50.0713 7340 RasAgileVpn - ok
00:29:50.0726 7340 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:29:50.0735 7340 RasAuto - ok
00:29:50.0747 7340 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:29:50.0793 7340 Rasl2tp - ok
00:29:50.0837 7340 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
00:29:50.0865 7340 RasMan - ok
00:29:50.0917 7340 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:29:50.0922 7340 RasPppoe - ok
00:29:50.0931 7340 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:29:50.0935 7340 RasSstp - ok
00:29:50.0959 7340 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:29:50.0962 7340 rdbss - ok
00:29:50.0972 7340 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:29:50.0977 7340 rdpbus - ok
00:29:50.0990 7340 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:29:50.0993 7340 RDPCDD - ok
00:29:51.0020 7340 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:29:51.0024 7340 RDPENCDD - ok
00:29:51.0029 7340 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:29:51.0031 7340 RDPREFMP - ok
00:29:51.0083 7340 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
00:29:51.0127 7340 RDPWD - ok
00:29:51.0190 7340 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:29:51.0242 7340 rdyboost - ok
00:29:51.0309 7340 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:29:51.0316 7340 RemoteAccess - ok
00:29:51.0333 7340 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:29:51.0338 7340 RemoteRegistry - ok
00:29:51.0350 7340 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:29:51.0356 7340 RpcEptMapper - ok
00:29:51.0370 7340 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:29:51.0376 7340 RpcLocator - ok
00:29:51.0399 7340 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:29:51.0404 7340 RpcSs - ok
00:29:51.0469 7340 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
00:29:51.0519 7340 RsFx0103 - ok
00:29:51.0545 7340 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:29:51.0548 7340 rspndr - ok
00:29:51.0553 7340 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
00:29:51.0554 7340 SamSs - ok
00:29:51.0600 7340 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\DRIVERS\sbp2port.sys
00:29:51.0601 7340 sbp2port - ok
00:29:51.0699 7340 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
00:29:51.0826 7340 SBSDWSCService - ok
00:29:51.0851 7340 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:29:51.0858 7340 SCardSvr - ok
00:29:51.0930 7340 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:29:51.0990 7340 scfilter - ok
00:29:52.0066 7340 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
00:29:52.0133 7340 Schedule - ok
00:29:52.0183 7340 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:29:52.0222 7340 SCPolicySvc - ok
00:29:52.0281 7340 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
00:29:52.0318 7340 SDRSVC - ok
00:29:52.0347 7340 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:29:52.0349 7340 secdrv - ok
00:29:52.0362 7340 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
00:29:52.0390 7340 seclogon - ok
00:29:52.0398 7340 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
00:29:52.0402 7340 SENS - ok
00:29:52.0406 7340 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:29:52.0408 7340 SensrSvc - ok
00:29:52.0440 7340 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:29:52.0443 7340 Serenum - ok
00:29:52.0482 7340 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:29:52.0487 7340 Serial - ok
00:29:52.0539 7340 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:29:52.0543 7340 sermouse - ok
00:29:52.0596 7340 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
00:29:52.0644 7340 SessionEnv - ok
00:29:52.0668 7340 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:29:52.0672 7340 sffdisk - ok
00:29:52.0683 7340 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:29:52.0686 7340 sffp_mmc - ok
00:29:52.0695 7340 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:29:52.0728 7340 sffp_sd - ok
00:29:52.0741 7340 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:29:52.0745 7340 sfloppy - ok
00:29:52.0766 7340 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
00:29:52.0792 7340 ShellHWDetection - ok
00:29:52.0802 7340 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:29:52.0806 7340 SiSRaid2 - ok
00:29:52.0815 7340 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:29:52.0819 7340 SiSRaid4 - ok
00:29:52.0838 7340 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:29:52.0844 7340 Smb - ok
00:29:52.0887 7340 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:29:52.0895 7340 SNMPTRAP - ok
00:29:52.0904 7340 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:29:52.0905 7340 spldr - ok
00:29:52.0933 7340 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
00:29:52.0987 7340 Spooler - ok
00:29:53.0137 7340 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
00:29:53.0202 7340 sppsvc - ok
00:29:53.0265 7340 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:29:53.0272 7340 sppuinotify - ok
00:29:53.0378 7340 SQLAgent$SQLEXPRESS (12e6d95cde974b131defaa44bab8b056) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
00:29:53.0433 7340 SQLAgent$SQLEXPRESS - ok
00:29:53.0539 7340 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
00:29:53.0612 7340 SQLBrowser - ok
00:29:53.0659 7340 SQLWriter (6d65985945b03ca59b67d0b73702fc7b) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
00:29:53.0726 7340 SQLWriter - ok
00:29:53.0794 7340 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:29:53.0798 7340 srv - ok
00:29:53.0824 7340 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:29:53.0828 7340 srv2 - ok
00:29:53.0845 7340 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:29:53.0888 7340 srvnet - ok
00:29:53.0915 7340 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:29:53.0919 7340 SSDPSRV - ok
00:29:53.0933 7340 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:29:53.0937 7340 SstpSvc - ok
00:29:53.0989 7340 Steam Client Service - ok
00:29:54.0018 7340 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:29:54.0023 7340 stexstor - ok
00:29:54.0100 7340 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
00:29:54.0145 7340 stisvc - ok
00:29:54.0187 7340 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:29:54.0190 7340 swenum - ok
00:29:54.0310 7340 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
00:29:54.0371 7340 SwitchBoard - ok
00:29:54.0411 7340 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:29:54.0423 7340 swprv - ok
00:29:54.0523 7340 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
00:29:54.0561 7340 SysMain - ok
00:29:54.0647 7340 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
00:29:54.0690 7340 TabletInputService - ok
00:29:54.0755 7340 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
00:29:54.0801 7340 TapiSrv - ok
00:29:54.0809 7340 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:29:54.0812 7340 TBS - ok
00:29:54.0932 7340 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
00:29:54.0967 7340 Tcpip - ok
00:29:55.0099 7340 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
00:29:55.0112 7340 TCPIP6 - ok
00:29:55.0218 7340 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:29:55.0250 7340 tcpipreg - ok
00:29:55.0267 7340 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:29:55.0272 7340 TDPIPE - ok
00:29:55.0276 7340 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
00:29:55.0278 7340 TDTCP - ok
00:29:55.0320 7340 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:29:55.0373 7340 tdx - ok
00:29:55.0533 7340 TeamViewer6 (839e88db24d2d8f05b72e12b175951ca) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
00:29:55.0608 7340 TeamViewer6 - ok
00:29:55.0701 7340 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:29:55.0739 7340 TermDD - ok
00:29:55.0766 7340 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
00:29:55.0807 7340 TermService - ok
00:29:55.0828 7340 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:29:55.0833 7340 Themes - ok
00:29:55.0853 7340 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:29:55.0854 7340 THREADORDER - ok
00:29:55.0872 7340 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:29:55.0877 7340 TrkWks - ok
00:29:55.0942 7340 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
00:29:55.0986 7340 TrustedInstaller - ok
00:29:56.0029 7340 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:29:56.0074 7340 tssecsrv - ok
00:29:56.0133 7340 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:29:56.0186 7340 TsUsbFlt - ok
00:29:56.0260 7340 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:29:56.0309 7340 tunnel - ok
00:29:56.0329 7340 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:29:56.0334 7340 uagp35 - ok
00:29:56.0357 7340 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:29:56.0394 7340 udfs - ok
00:29:56.0433 7340 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:29:56.0437 7340 UI0Detect - ok
00:29:56.0453 7340 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:29:56.0457 7340 uliagpkx - ok
00:29:56.0528 7340 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
00:29:56.0578 7340 umbus - ok
00:29:56.0591 7340 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:29:56.0595 7340 UmPass - ok
00:29:56.0614 7340 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:29:56.0618 7340 upnphost - ok
00:29:56.0672 7340 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
00:29:56.0725 7340 USBAAPL64 - ok
00:29:56.0739 7340 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
00:29:56.0772 7340 usbaudio - ok
00:29:56.0782 7340 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:29:56.0815 7340 usbccgp - ok
00:29:56.0840 7340 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:29:56.0845 7340 usbcir - ok
00:29:56.0857 7340 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
00:29:56.0890 7340 usbehci - ok
00:29:56.0912 7340 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:29:56.0953 7340 usbhub - ok
00:29:56.0978 7340 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
00:29:57.0011 7340 usbohci - ok
00:29:57.0025 7340 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:29:57.0027 7340 usbprint - ok
00:29:57.0043 7340 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:29:57.0076 7340 USBSTOR - ok
00:29:57.0089 7340 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
00:29:57.0123 7340 usbuhci - ok
00:29:57.0132 7340 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:29:57.0135 7340 UxSms - ok
00:29:57.0149 7340 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
00:29:57.0150 7340 VaultSvc - ok
00:29:57.0165 7340 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:29:57.0166 7340 vdrvroot - ok
00:29:57.0228 7340 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
00:29:57.0278 7340 vds - ok
00:29:57.0293 7340 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:29:57.0296 7340 vga - ok
00:29:57.0301 7340 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:29:57.0305 7340 VgaSave - ok
00:29:57.0321 7340 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:29:57.0358 7340 vhdmp - ok
00:29:57.0367 7340 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:29:57.0370 7340 viaide - ok
00:29:57.0385 7340 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:29:57.0386 7340 volmgr - ok
00:29:57.0441 7340 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:29:57.0443 7340 volmgrx - ok
00:29:57.0460 7340 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:29:57.0462 7340 volsnap - ok
00:29:57.0480 7340 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:29:57.0485 7340 vsmraid - ok
00:29:57.0673 7340 VSPerfDrv100 (1928b9ca20f51bfbbad54d2c2c447b13) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
00:29:57.0746 7340 VSPerfDrv100 - ok
00:29:57.0821 7340 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
00:29:57.0858 7340 VSS - ok
00:29:57.0914 7340 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
00:29:57.0918 7340 vwifibus - ok
00:29:57.0951 7340 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:29:57.0963 7340 W32Time - ok
00:29:57.0979 7340 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:29:57.0987 7340 WacomPen - ok
00:29:58.0053 7340 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:29:58.0105 7340 WANARP - ok
00:29:58.0108 7340 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:29:58.0108 7340 Wanarpv6 - ok
00:29:58.0200 7340 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
00:29:58.0295 7340 WatAdminSvc - ok
00:29:58.0361 7340 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
00:29:58.0414 7340 wbengine - ok
00:29:58.0487 7340 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:29:58.0493 7340 WbioSrvc - ok
00:29:58.0512 7340 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
00:29:58.0548 7340 wcncsvc - ok
00:29:58.0563 7340 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:29:58.0566 7340 WcsPlugInService - ok
00:29:58.0580 7340 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:29:58.0583 7340 Wd - ok
00:29:58.0611 7340 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:29:58.0614 7340 Wdf01000 - ok
00:29:58.0629 7340 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:29:58.0630 7340 WdiServiceHost - ok
00:29:58.0633 7340 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:29:58.0634 7340 WdiSystemHost - ok
00:29:58.0649 7340 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
00:29:58.0676 7340 WebClient - ok
00:29:58.0696 7340 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:29:58.0703 7340 Wecsvc - ok
00:29:58.0717 7340 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:29:58.0721 7340 wercplsupport - ok
00:29:58.0737 7340 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:29:58.0738 7340 WerSvc - ok
00:29:58.0764 7340 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:29:58.0766 7340 WfpLwf - ok
00:29:58.0778 7340 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:29:58.0781 7340 WIMMount - ok
00:29:58.0798 7340 WinHttpAutoProxySvc - ok
00:29:58.0851 7340 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:29:58.0859 7340 Winmgmt - ok
00:29:58.0928 7340 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
00:29:58.0989 7340 WinRM - ok
00:29:59.0081 7340 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
00:29:59.0130 7340 WinUsb - ok
00:29:59.0166 7340 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:29:59.0180 7340 Wlansvc - ok
00:29:59.0358 7340 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:29:59.0438 7340 wlidsvc - ok
00:29:59.0504 7340 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:29:59.0507 7340 WmiAcpi - ok
00:29:59.0538 7340 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:29:59.0543 7340 wmiApSrv - ok
00:29:59.0579 7340 WMPNetworkSvc - ok
00:29:59.0592 7340 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:29:59.0596 7340 WPCSvc - ok
00:29:59.0647 7340 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
00:29:59.0691 7340 WPDBusEnum - ok
00:29:59.0709 7340 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:29:59.0713 7340 ws2ifsl - ok
00:29:59.0717 7340 WSearch - ok
00:29:59.0764 7340 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:29:59.0816 7340 WudfPf - ok
00:29:59.0841 7340 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:29:59.0874 7340 WUDFRd - ok
00:29:59.0903 7340 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
00:29:59.0929 7340 wudfsvc - ok
00:29:59.0956 7340 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:29:59.0963 7340 WwanSvc - ok
00:29:59.0977 7340 MBR (0x1B8) (554c050b59c96679e575a91a82721201) \Device\Harddisk0\DR0
00:30:00.0242 7340 \Device\Harddisk0\DR0 - ok
00:30:00.0246 7340 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5
00:30:01.0199 7340 \Device\Harddisk5\DR5 - ok
00:30:01.0216 7340 Boot (0x1200) (51cd323bfd8f00007e941115470ac45e) \Device\Harddisk0\DR0\Partition0
00:30:01.0219 7340 \Device\Harddisk0\DR0\Partition0 - ok
00:30:01.0229 7340 Boot (0x1200) (d2a644dd9adc3cd57e4aa5c283ddcd0c) \Device\Harddisk0\DR0\Partition1
00:30:01.0231 7340 \Device\Harddisk0\DR0\Partition1 - ok
00:30:01.0266 7340 Boot (0x1200) (855e148fd44c8080541a261704dc843f) \Device\Harddisk0\DR0\Partition2
00:30:01.0268 7340 \Device\Harddisk0\DR0\Partition2 - ok
00:30:01.0271 7340 Boot (0x1200) (81913eac424d44dae57fb9e90b3f2272) \Device\Harddisk5\DR5\Partition0
00:30:01.0274 7340 \Device\Harddisk5\DR5\Partition0 - ok
00:30:01.0274 7340 ============================================================
00:30:01.0274 7340 Scan finished
00:30:01.0274 7340 ============================================================
00:30:01.0283 7016 Detected object count: 1
00:30:01.0283 7016 Actual detected object count: 1

logs from aswMBR:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-03 00:30:41
-----------------------------
00:30:41.826 OS Version: Windows x64 6.1.7601 Service Pack 1
00:30:41.827 Number of processors: 8 586 0x1A05
00:30:41.827 ComputerName: AARONSCOMPUTER UserName: Aaron ********
00:30:44.456 Initialize success
00:31:39.248 AVAST engine defs: 12080201
00:32:13.685 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:32:13.687 Disk 0 Vendor: ST315003 HP23 Size: 1430799MB BusType: 8
00:32:13.689 Disk 5 \Device\Harddisk5\DR5 -> \Device\0000008e
00:32:13.690 Disk 5 Vendor: Size: 1430799MB BusType: 0
00:32:13.700 Disk 0 MBR read successfully
00:32:13.702 Disk 0 MBR scan
00:32:13.708 Disk 0 unknown MBR code
00:32:13.715 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:32:13.727 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1419386 MB offset 206911
00:32:13.773 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11310 MB offset 2907111424
00:32:13.823 Disk 0 scanning C:\Windows\system32\drivers
00:32:34.111 Service scanning
00:33:06.630 Modules scanning
00:33:06.639 Disk 0 trace - called modules:
00:33:06.649 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
00:33:06.654 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a77790]
00:33:06.659 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80077f4050]
00:33:11.963 AVAST engine scan C:\Windows
00:33:16.437 AVAST engine scan C:\Windows\system32
00:41:43.220 AVAST engine scan C:\Windows\system32\drivers
00:42:04.788 AVAST engine scan C:\Users\Aaron *********
00:44:09.035 Disk 0 MBR has been saved successfully to "C:\Users\Aaron ********\Desktop\MBR.dat"
00:44:09.038 The log file has been saved successfully to "C:\Users\Aaron ***********\Desktop\xxxxxxxxxxxxxxxx.txt"



logs from ESET:

C:\torrent.exe Win32/BundleInstaller application cleaned by deleting - quarantined

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:03 AM

Posted 03 August 2012 - 08:53 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#8 asip

asip
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 03 August 2012 - 10:07 AM

As i said before, Mbam finds nothing. Here are my previous logs where it removed Security Shield and live security platinum.

Files Detected: 1
C:\Users\Aaron *******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\5e4902f1-2c421032 (Trojan.Downloader.H) -> Quarantined and deleted successfully.
Files Detected: 6
C:\Users\Aaron *******\AppData\Roaming\snlose.dll (Trojan.Midhos) -> Quarantined and deleted successfully.
C:\Users\Aaron *******\AppData\Local\Temp\sdhttt.exe (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\Aaron *******\AppData\Local\Temp\~!#3527.tmp (Trojan.Phex.THAGen6) -> Quarantined and deleted successfully.
C:\Users\Aaron *******\AppData\Local\Temp\~!#3BFB.tmp (Trojan.LameShield) -> Quarantined and deleted successfully.
C:\Users\Aaron *******\Local Settings\ytpqzhy.exe (Trojan.LameShield) -> Quarantined and deleted successfully.
C:\Users\Aaron *******\Local Settings\Application Data\ytpqzhy.exe (Trojan.LameShield) -> Quarantined and deleted successfully.

Memory Processes Detected: 1
C:\Users\Aaron *******\AppData\Roaming\Ygah\qyugiw.exe (Trojan.ZbotR.Gen) -> 3672 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{79D65A8C-018B-2F70-7164-B67C75F64334} (Trojan.ZbotR.Gen) -> Data: "C:\Users\Aaron ********\AppData\Roaming\Ygah\qyugiw.exe" -> Quarantined and deleted successfully.

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 1
C:\Users\Aaron *******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.

Files Detected: 3
C:\Users\Aaron *******\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.
C:\Users\Aaron *******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.
C:\Users\Aaron *******\AppData\Roaming\Ygah\qyugiw.exe (Trojan.ZbotR.Gen) -> Delete on reboot.

(end)

Importantly I just saw this:
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
My firewall/antivirus/updates STILL do not work...

Edited by asip, 03 August 2012 - 10:08 AM.


#9 asip

asip
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 03 August 2012 - 10:09 AM

I am running the previous things you suggested now.

#10 asip

asip
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 03 August 2012 - 10:13 AM

In the midst of Minitoolbox running this error came up:

nslookup.exe - Ordinal Not Found

The ordinal 1108 couldnot be located in the dynamic link library WSOCK32.dll.
This error came up about 5 times before it could progress pass "getting IP config"
Then it suddenly closed.

This is my log from FSS:

Farbar Service Scanner Version: 26-07-2012
Ran by Aaron *********(administrator) on 03-08-2012 at 11:15:07
Running from "C:\Users\Aaron *********\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

This is my log from adwarecleaner:

# AdwCleaner v1.800 - Logfile created 08/03/2012 at 11:17:16
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Aaron **********- AARONSCOMPUTER
# Running from : C:\Users\Aaron ********\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\AARONS~1\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\AARONS~1\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
File Deleted : C:\Users\Aaron ******\AppData\Roaming\Mozilla\Firefox\Profiles\n3w2op8u.default\searchplugins\Conduit.xml
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
[x64] Key Deleted : HKLM\SOFTWARE\Software

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Aaron **********\AppData\Roaming\Mozilla\Firefox\Profiles\n3w2op8u.default\prefs.js

C:\Users\Aaron ********\AppData\Roaming\Mozilla\Firefox\Profiles\n3w2op8u.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultthis.engineName", "RuneScape Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680363&Sea[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Aaron ***********\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3459 octets] - [03/08/2012 11:17:16]

########## EOF - C:\AdwCleaner[S1].txt - [3587 octets] ##########


Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile. The key does not exist.
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall value. The value does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of wscsvc. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of wscsvc. The value does not exist.
Unable to retrieve ServiceDll of wscsvc. The value does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of WinDefend. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of WinDefend. The value does not exist.
Unable to retrieve ServiceDll of WinDefend. The value does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Edited by asip, 03 August 2012 - 10:25 AM.


#11 asip

asip
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 03 August 2012 - 10:27 AM

My Windows update still does not work :X I am not sure if I am still getting advertisements popping up in my computer. BTW narenXP, please read through all my posts, sorry I posted a lot, just was posting as I got more info.

#12 asip

asip
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 03 August 2012 - 11:26 AM

bump. Can anybody help me? The popups in firefox have indeed been fixed but I still cannot update my computer through Windows Update

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:03 AM

Posted 03 August 2012 - 12:56 PM

Please update and run the malwarebytes scans until you get a clean log

My Windows update still does not work :X I am not sure if I am still getting advertisements popping up in my computer.


We would solve the issue after we clean up the system.

bump. Can anybody help me? The popups in firefox have indeed been fixed but I still cannot update my computer through Windows Update


Do not bump threads.We are volunteers and we have our own job.You cannot expect replies every second.:)

#14 asip

asip
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 04 August 2012 - 07:50 AM

Mbam finds nothing after a full scan:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.04.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Aaron **********:: AARONSCOMPUTER [administrator]

8/4/2012 12:12:38 AM
mbam-log-2012-08-04 (00-12-38).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 868568
Time elapsed: 3 hour(s), 21 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:03 AM

Posted 04 August 2012 - 11:38 AM

Download

MpsSvc
BFE
wscsvc
defender
BITS
wuauserv
Sharedaccess


Launch them ,click YES when you get UAC prompt

restart the PC


Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
Reset file permissions
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Repair hosts


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the FSS log


Please re run minitoolbox and post the new log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users