1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Web link Redirects, TPC/IP Ping has random sound files playing

Discussion in 'Virus & Other Malware Removal' started by leechtime, Jun 19, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. leechtime

    leechtime Thread Starter

    Joined:
    Jun 19, 2012
    Messages:
    9
    Hello there!

    My problem sounds very much the same as the one I discovered here on the forum (solved):
    http://forums.techguy.org/virus-oth...9-redirects-sound-files-playing-iexplore.html

    Clicking links in Google on any web browser I try will sometimes redirrect to something random.

    I also experience random sound files playing (rare occurance I think it's linked with web browsing), these will stack up layer upon layer and it's just weird and annoying. When I click on the sound mixer I see TCP/IP Ping is producing the sound and by killing PING.EXE with Process Hacker 2 I stop it but that's not fixing the overall problem.

    Here is my HiJackThis Log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:51:07 AM, on 20/06/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16446)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Steam\steam.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Leech\Desktop\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
    O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Leech\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Process Hacker 2] "C:\Program Files\Process Hacker 2\ProcessHacker.exe" -hide
    O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6AEE9792-8B78-41E6-B58C-923D5A9EA40E}: NameServer = 192.168.0.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{6AEE9792-8B78-41E6-B58C-923D5A9EA40E}: NameServer = 192.168.0.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{6AEE9792-8B78-41E6-B58C-923D5A9EA40E}: NameServer = 192.168.0.1
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 10497 bytes


    And here is my DDS:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Leech at 11:55:36 on 2012-06-20
    Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.4095.2482 [GMT 10:00]
    .
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Steam\steam.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\msiexec.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\SysWOW64\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://www.google.com.au/
    uSearch Bar = Preserve
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [Google Update] "C:\Users\Leech\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Process Hacker 2] "C:\Program Files\Process Hacker 2\ProcessHacker.exe" -hide
    uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
    mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
    TCP: Interfaces\{6AEE9792-8B78-41E6-B58C-923D5A9EA40E} : NameServer = 192.168.0.1
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [(Default)]
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
    mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
    R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2011-12-18 8704]
    R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]
    R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]
    R4 KProcessHacker2;KProcessHacker2;C:\Program Files\Process Hacker 2\kprocesshacker.sys [2012-6-7 36424]
    S1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-10-26 101112]
    S2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-5-3 1226096]
    S2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-7 257224]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2011-7-5 25832]
    S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro36.sys --> C:\Windows\system32\drivers\hitmanpro36.sys [?]
    S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\F6BC.tmp --> C:\Windows\system32\F6BC.tmp [?]
    S3 netr28x;D-Link 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\Dnetr28x.sys --> C:\Windows\system32\DRIVERS\Dnetr28x.sys [?]
    S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]
    S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
    S3 sbwtis;sbwtis;C:\Windows\system32\DRIVERS\sbwtis.sys --> C:\Windows\system32\DRIVERS\sbwtis.sys [?]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2011-7-10 736104]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-06-20 01:20:16 -------- d-----w- C:\Users\Leech\AppData\Local\SKIDROW
    2012-06-19 23:01:02 -------- d-----w- C:\Program Files (x86)\SEGA
    2012-06-18 23:38:59 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-18 23:38:29 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-18 23:38:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-18 23:38:12 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-13 05:33:52 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-06-13 05:33:52 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-06-13 05:33:52 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-06-13 05:33:18 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-06-13 05:33:11 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-06-13 05:33:10 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-06-13 05:33:10 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-06-13 05:32:39 3146752 ----a-w- C:\Windows\System32\win32k.sys
    2012-06-13 05:32:27 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-06-13 05:32:21 3216384 ----a-w- C:\Windows\System32\msi.dll
    2012-06-13 05:32:21 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
    2012-06-13 05:32:08 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-06-13 05:32:08 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-06-13 05:32:07 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-06-13 05:32:07 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-06-13 05:32:07 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-06-13 05:32:07 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-06-12 06:36:35 -------- d-----w- C:\Users\Leech\AppData\Local\The Lord of the Rings Online
    2012-06-12 06:17:36 -------- d-----w- C:\Users\Leech\AppData\Local\Turbine
    2012-06-12 06:17:31 -------- d-----w- C:\Users\Leech\AppData\Local\ApplicationHistory
    2012-06-12 06:14:45 -------- d-----w- C:\Windows\SysWow64\URTTEMP
    2012-06-12 06:08:56 30496 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys
    2012-06-12 06:02:22 -------- d-----w- C:\ProgramData\HitmanPro
    2012-06-12 06:00:26 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2012-06-12 05:15:51 18816 ------w- C:\Windows\SysWow64\SAVRKBootTasks.sys
    2012-06-12 05:03:10 6144 ------w- C:\Windows\System32\F6BC.tmp
    2012-06-12 05:02:18 6144 ------w- C:\Windows\System32\2A72.tmp
    2012-06-12 03:40:01 -------- d-----w- C:\ProgramData\Sophos
    2012-06-12 03:36:46 73728 ----a-r- C:\Users\Leech\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
    2012-06-12 03:36:45 73728 ----a-r- C:\Users\Leech\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
    2012-06-12 03:36:45 73728 ----a-r- C:\Users\Leech\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
    2012-06-12 03:33:05 -------- d-----w- C:\Users\Leech\AppData\Roaming\SUPERAntiSpyware.com
    2012-06-12 03:32:40 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2012-06-12 03:32:28 -------- d-----w- C:\Program Files (x86)\Sophos
    2012-06-07 12:00:15 -------- d-----w- C:\Users\Leech\AppData\Roaming\Process Hacker 2
    2012-06-07 09:21:41 -------- d-----w- C:\Program Files\Process Hacker 2
    2012-05-26 09:13:11 -------- d-----r- C:\Backup
    2012-05-26 09:09:47 85048 ----a-w- C:\Windows\System32\drivers\CSCrySec.sys
    2012-05-26 09:09:47 66104 ----a-w- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys
    2012-05-26 07:27:47 -------- d-----w- C:\Users\Leech\AppData\Local\adaware
    2012-05-26 07:27:47 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
    2012-05-26 07:27:29 60536 ----a-w- C:\Windows\System32\drivers\sbhips.sys
    2012-05-26 07:27:19 119416 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys
    2012-05-26 07:27:18 256632 ----a-w- C:\Windows\System32\drivers\SbFw.sys
    2012-05-26 07:27:17 57976 ----a-w- C:\Windows\System32\drivers\sbredrv.sys
    2012-05-26 07:27:17 45936 ----a-w- C:\Windows\System32\sbbd.exe
    2012-05-26 07:27:16 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
    2012-05-26 07:26:23 -------- d-----w- C:\Users\Leech\AppData\Roaming\Ad-Aware Antivirus
    2012-05-22 06:25:44 -------- d-----w- C:\Users\Leech\AppData\Local\WB Games
    2012-05-21 09:13:11 -------- d-----w- C:\ProgramData\Blizzard Entertainment
    2012-05-21 09:10:28 -------- d-----w- C:\ProgramData\Battle.net
    2012-05-21 08:26:14 -------- d-----w- C:\Program Files (x86)\Games
    .
    ==================== Find3M ====================
    .
    2012-06-20 01:50:37 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
    2012-06-20 01:50:37 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2012-06-20 01:50:37 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
    2012-06-20 01:50:37 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2012-06-20 01:24:23 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-20 01:24:23 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-05-27 05:15:19 280856 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-05-27 05:15:19 280856 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-05-05 02:57:07 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-28 14:33:59 4731904 ----a-w- C:\Windows\System32\atiumd6a.dll
    2012-04-23 15:28:40 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-04-05 12:34:26 187392 ----a-w- C:\Windows\System32\clinfo.exe
    2012-04-05 12:34:10 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll
    2012-04-05 12:34:04 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
    2012-04-05 12:33:56 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
    2012-04-05 12:33:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2012-04-05 12:33:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll
    2012-04-05 12:32:56 13007872 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    .
    ============= FINISH: 11:55:47.34 ===============


    I believe this is running 64 Bit so I didn't make an ARK file please let me know if I need to.

    I really appreciate the opportunity to get some smart people to help.
     

    Attached Files:

  2. leechtime

    leechtime Thread Starter

    Joined:
    Jun 19, 2012
    Messages:
    9
    Also worth noting that since posting this the audio looping has gone from raw to constant. It seems once I launch a browser from booting the computer that it starts, and doesn't stop. Very annoying as you can imagine.
     
  3. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,852
    Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

    let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot

    post back with its log

    By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
    Logs have names like: UtilityName.Version_Date_Time_log.txt.
    E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
     
  4. leechtime

    leechtime Thread Starter

    Joined:
    Jun 19, 2012
    Messages:
    9
    Thankyou for getting back to me!

    I ran the scan here's the log:

    13:30:16.0632 5004 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
    13:30:18.0632 5004 ============================================================
    13:30:18.0632 5004 Current date / time: 2012/06/22 13:30:18.0632
    13:30:18.0632 5004 SystemInfo:
    13:30:18.0632 5004
    13:30:18.0632 5004 OS Version: 6.1.7601 ServicePack: 1.0
    13:30:18.0632 5004 Product type: Workstation
    13:30:18.0632 5004 ComputerName: LEECH-PC
    13:30:18.0632 5004 UserName: Leech
    13:30:18.0632 5004 Windows directory: C:\Windows
    13:30:18.0632 5004 System windows directory: C:\Windows
    13:30:18.0632 5004 Running under WOW64
    13:30:18.0632 5004 Processor architecture: Intel x64
    13:30:18.0632 5004 Number of processors: 2
    13:30:18.0632 5004 Page size: 0x1000
    13:30:18.0632 5004 Boot type: Normal boot
    13:30:18.0632 5004 ============================================================
    13:30:20.0131 5004 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    13:30:20.0131 5004 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    13:30:20.0139 5004 ============================================================
    13:30:20.0139 5004 \Device\Harddisk0\DR0:
    13:30:20.0139 5004 MBR partitions:
    13:30:20.0139 5004 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    13:30:20.0139 5004 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE8DD5800
    13:30:20.0139 5004 \Device\Harddisk1\DR1:
    13:30:20.0139 5004 MBR partitions:
    13:30:20.0139 5004 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
    13:30:20.0139 5004 ============================================================
    13:30:20.0163 5004 C: <-> \Device\Harddisk0\DR0\Partition1
    13:30:20.0163 5004 E: <-> \Device\Harddisk1\DR1\Partition0
    13:30:20.0163 5004 ============================================================
    13:30:20.0163 5004 Initialize success
    13:30:20.0163 5004 ============================================================
    13:30:26.0329 4788 ============================================================
    13:30:26.0329 4788 Scan started
    13:30:26.0329 4788 Mode: Manual; SigCheck; TDLFS;
    13:30:26.0329 4788 ============================================================
    13:30:29.0288 4788 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    13:30:29.0311 4788 !SASCORE - ok
    13:30:29.0467 4788 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    13:30:29.0514 4788 1394ohci - ok
    13:30:29.0553 4788 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    13:30:29.0561 4788 ACPI - ok
    13:30:29.0608 4788 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    13:30:29.0663 4788 AcpiPmi - ok
    13:30:29.0788 4788 Ad-Aware Service (09e61047b0cef21559cfcedf4f14d216) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
    13:30:29.0803 4788 Ad-Aware Service - ok
    13:30:29.0931 4788 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    13:30:29.0939 4788 AdobeARMservice - ok
    13:30:30.0056 4788 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    13:30:30.0064 4788 AdobeFlashPlayerUpdateSvc - ok
    13:30:30.0158 4788 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    13:30:30.0166 4788 adp94xx - ok
    13:30:30.0189 4788 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    13:30:30.0205 4788 adpahci - ok
    13:30:30.0228 4788 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    13:30:30.0244 4788 adpu320 - ok
    13:30:30.0275 4788 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    13:30:30.0353 4788 AeLookupSvc - ok
    13:30:30.0423 4788 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    13:30:30.0462 4788 AFD - ok
    13:30:30.0486 4788 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    13:30:30.0494 4788 agp440 - ok
    13:30:30.0501 4788 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    13:30:30.0548 4788 ALG - ok
    13:30:30.0564 4788 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    13:30:30.0572 4788 aliide - ok
    13:30:30.0611 4788 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
    13:30:30.0666 4788 AMD External Events Utility - ok
    13:30:30.0673 4788 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    13:30:30.0681 4788 amdide - ok
    13:30:30.0689 4788 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    13:30:30.0751 4788 AmdK8 - ok
    13:30:31.0059 4788 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
    13:30:31.0184 4788 amdkmdag - ok
    13:30:31.0254 4788 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
    13:30:31.0278 4788 amdkmdap - ok
    13:30:31.0286 4788 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    13:30:31.0309 4788 AmdPPM - ok
    13:30:31.0340 4788 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    13:30:31.0348 4788 amdsata - ok
    13:30:31.0372 4788 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    13:30:31.0379 4788 amdsbs - ok
    13:30:31.0387 4788 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    13:30:31.0395 4788 amdxata - ok
    13:30:31.0434 4788 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    13:30:31.0543 4788 AppID - ok
    13:30:31.0567 4788 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    13:30:31.0606 4788 AppIDSvc - ok
    13:30:31.0637 4788 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    13:30:31.0668 4788 Appinfo - ok
    13:30:31.0754 4788 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    13:30:31.0762 4788 Apple Mobile Device - ok
    13:30:31.0801 4788 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
    13:30:31.0825 4788 AppMgmt - ok
    13:30:31.0840 4788 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    13:30:31.0848 4788 arc - ok
    13:30:31.0864 4788 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    13:30:31.0872 4788 arcsas - ok
    13:30:32.0015 4788 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    13:30:32.0023 4788 aspnet_state - ok
    13:30:32.0039 4788 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    13:30:32.0078 4788 AsyncMac - ok
    13:30:32.0109 4788 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    13:30:32.0117 4788 atapi - ok
    13:30:32.0179 4788 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
    13:30:32.0195 4788 AtiHDAudioService - ok
    13:30:32.0468 4788 atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
    13:30:32.0570 4788 atikmdag - ok
    13:30:32.0632 4788 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    13:30:32.0687 4788 AudioEndpointBuilder - ok
    13:30:32.0695 4788 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    13:30:32.0718 4788 AudioSrv - ok
    13:30:32.0757 4788 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    13:30:32.0812 4788 AxInstSV - ok
    13:30:32.0851 4788 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    13:30:32.0904 4788 b06bdrv - ok
    13:30:32.0935 4788 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    13:30:32.0982 4788 b57nd60a - ok
    13:30:32.0998 4788 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    13:30:33.0037 4788 BDESVC - ok
    13:30:33.0044 4788 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    13:30:33.0083 4788 Beep - ok
    13:30:33.0154 4788 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
    13:30:33.0201 4788 BITS - ok
    13:30:33.0208 4788 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    13:30:33.0224 4788 blbdrive - ok
    13:30:33.0287 4788 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    13:30:33.0294 4788 Bonjour Service - ok
    13:30:33.0318 4788 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    13:30:33.0333 4788 bowser - ok
    13:30:33.0341 4788 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    13:30:33.0380 4788 BrFiltLo - ok
    13:30:33.0388 4788 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    13:30:33.0396 4788 BrFiltUp - ok
    13:30:33.0412 4788 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    13:30:33.0451 4788 Browser - ok
    13:30:33.0466 4788 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    13:30:33.0505 4788 Brserid - ok
    13:30:33.0513 4788 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    13:30:33.0537 4788 BrSerWdm - ok
    13:30:33.0544 4788 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    13:30:33.0591 4788 BrUsbMdm - ok
    13:30:33.0615 4788 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    13:30:33.0623 4788 BrUsbSer - ok
    13:30:33.0638 4788 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    13:30:33.0654 4788 BTHMODEM - ok
    13:30:33.0669 4788 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    13:30:33.0708 4788 bthserv - ok
    13:30:33.0740 4788 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    13:30:33.0779 4788 cdfs - ok
    13:30:33.0826 4788 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    13:30:33.0849 4788 cdrom - ok
    13:30:33.0880 4788 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    13:30:33.0919 4788 CertPropSvc - ok
    13:30:33.0951 4788 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    13:30:33.0958 4788 circlass - ok
    13:30:33.0982 4788 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    13:30:33.0998 4788 CLFS - ok
    13:30:34.0052 4788 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    13:30:34.0060 4788 clr_optimization_v2.0.50727_32 - ok
    13:30:34.0107 4788 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    13:30:34.0115 4788 clr_optimization_v2.0.50727_64 - ok
    13:30:34.0208 4788 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    13:30:34.0216 4788 clr_optimization_v4.0.30319_32 - ok
    13:30:34.0318 4788 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    13:30:34.0326 4788 clr_optimization_v4.0.30319_64 - ok
    13:30:34.0365 4788 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    13:30:34.0373 4788 CmBatt - ok
    13:30:34.0404 4788 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    13:30:34.0412 4788 cmdide - ok
    13:30:34.0451 4788 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    13:30:34.0466 4788 CNG - ok
    13:30:34.0498 4788 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    13:30:34.0505 4788 Compbatt - ok
    13:30:34.0544 4788 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    13:30:34.0568 4788 CompositeBus - ok
    13:30:34.0568 4788 COMSysApp - ok
    13:30:34.0599 4788 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    13:30:34.0607 4788 crcdisk - ok
    13:30:34.0654 4788 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
    13:30:34.0685 4788 CryptSvc - ok
    13:30:34.0732 4788 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
    13:30:34.0794 4788 CSC - ok
    13:30:34.0849 4788 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
    13:30:34.0896 4788 CscService - ok
    13:30:35.0130 4788 DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe
    13:30:35.0138 4788 DAUpdaterSvc - ok
    13:30:35.0169 4788 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    13:30:35.0248 4788 DcomLaunch - ok
    13:30:35.0318 4788 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    13:30:35.0341 4788 defragsvc - ok
    13:30:35.0427 4788 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    13:30:35.0466 4788 DfsC - ok
    13:30:35.0498 4788 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    13:30:35.0544 4788 Dhcp - ok
    13:30:35.0560 4788 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    13:30:35.0591 4788 discache - ok
    13:30:35.0638 4788 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    13:30:35.0646 4788 Disk - ok
    13:30:35.0693 4788 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    13:30:35.0724 4788 Dnscache - ok
    13:30:35.0763 4788 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    13:30:35.0794 4788 dot3svc - ok
    13:30:35.0865 4788 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
    13:30:35.0880 4788 Dot4 - ok
    13:30:35.0912 4788 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    13:30:35.0919 4788 Dot4Print - ok
    13:30:35.0951 4788 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
    13:30:35.0966 4788 dot4usb - ok
    13:30:36.0013 4788 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    13:30:36.0044 4788 DPS - ok
    13:30:36.0099 4788 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    13:30:36.0123 4788 drmkaud - ok
    13:30:36.0185 4788 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    13:30:36.0201 4788 DXGKrnl - ok
    13:30:36.0224 4788 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    13:30:36.0248 4788 EapHost - ok
    13:30:36.0365 4788 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    13:30:36.0412 4788 ebdrv - ok
    13:30:36.0498 4788 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    13:30:36.0529 4788 EFS - ok
    13:30:36.0607 4788 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    13:30:36.0654 4788 ehRecvr - ok
    13:30:36.0685 4788 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    13:30:36.0724 4788 ehSched - ok
    13:30:36.0763 4788 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    13:30:36.0779 4788 elxstor - ok
    13:30:36.0818 4788 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    13:30:36.0826 4788 ErrDev - ok
    13:30:36.0896 4788 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    13:30:36.0936 4788 EventSystem - ok
    13:30:36.0975 4788 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    13:30:37.0006 4788 exfat - ok
    13:30:37.0014 4788 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    13:30:37.0061 4788 fastfat - ok
    13:30:37.0155 4788 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    13:30:37.0202 4788 Fax - ok
    13:30:37.0209 4788 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    13:30:37.0225 4788 fdc - ok
    13:30:37.0249 4788 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    13:30:37.0272 4788 fdPHost - ok
    13:30:37.0319 4788 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    13:30:37.0358 4788 FDResPub - ok
    13:30:37.0374 4788 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    13:30:37.0381 4788 FileInfo - ok
    13:30:37.0397 4788 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    13:30:37.0428 4788 Filetrace - ok
    13:30:37.0436 4788 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    13:30:37.0444 4788 flpydisk - ok
    13:30:37.0491 4788 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    13:30:37.0499 4788 FltMgr - ok
    13:30:37.0561 4788 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    13:30:37.0592 4788 FontCache - ok
    13:30:37.0639 4788 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    13:30:37.0647 4788 FontCache3.0.0.0 - ok
    13:30:37.0655 4788 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    13:30:37.0663 4788 FsDepends - ok
    13:30:37.0702 4788 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    13:30:37.0709 4788 Fs_Rec - ok
    13:30:37.0773 4788 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    13:30:37.0792 4788 fvevol - ok
    13:30:37.0796 4788 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    13:30:37.0804 4788 gagp30kx - ok
    13:30:37.0837 4788 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    13:30:37.0841 4788 GEARAspiWDM - ok
    13:30:37.0904 4788 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    13:30:37.0951 4788 gpsvc - ok
    13:30:37.0991 4788 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
    13:30:37.0997 4788 hamachi - ok
    13:30:38.0000 4788 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    13:30:38.0016 4788 hcw85cir - ok
    13:30:38.0063 4788 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    13:30:38.0079 4788 HdAudAddService - ok
    13:30:38.0112 4788 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    13:30:38.0127 4788 HDAudBus - ok
    13:30:38.0146 4788 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    13:30:38.0156 4788 HidBatt - ok
    13:30:38.0169 4788 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    13:30:38.0191 4788 HidBth - ok
    13:30:38.0203 4788 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    13:30:38.0215 4788 HidIr - ok
    13:30:38.0218 4788 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    13:30:38.0247 4788 hidserv - ok
    13:30:38.0260 4788 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    13:30:38.0268 4788 HidUsb - ok
    13:30:38.0338 4788 HiPatchService (5a457c3d00c1c701230a12aa1580114d) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    13:30:38.0342 4788 HiPatchService ( UnsignedFile.Multi.Generic ) - warning
    13:30:38.0342 4788 HiPatchService - detected UnsignedFile.Multi.Generic (1)
    13:30:38.0368 4788 hitmanpro35 (44f92c1f913e582bef9cac66443c6230) C:\Windows\system32\drivers\hitmanpro36.sys
    13:30:38.0375 4788 hitmanpro35 - ok
    13:30:38.0418 4788 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    13:30:38.0456 4788 hkmsvc - ok
    13:30:38.0495 4788 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    13:30:38.0522 4788 HomeGroupListener - ok
    13:30:38.0540 4788 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    13:30:38.0553 4788 HomeGroupProvider - ok
    13:30:38.0653 4788 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
    13:30:38.0663 4788 hpqcxs08 - ok
    13:30:38.0676 4788 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
    13:30:38.0682 4788 hpqddsvc - ok
    13:30:38.0694 4788 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    13:30:38.0702 4788 HpSAMD - ok
    13:30:38.0776 4788 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
    13:30:38.0797 4788 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
    13:30:38.0797 4788 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
    13:30:38.0858 4788 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    13:30:38.0899 4788 HTTP - ok
    13:30:38.0924 4788 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    13:30:38.0934 4788 hwpolicy - ok
    13:30:39.0168 4788 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    13:30:39.0178 4788 i8042prt - ok
    13:30:39.0231 4788 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    13:30:39.0243 4788 iaStorV - ok
    13:30:39.0329 4788 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    13:30:39.0342 4788 idsvc - ok
    13:30:39.0375 4788 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    13:30:39.0383 4788 iirsp - ok
    13:30:39.0454 4788 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    13:30:39.0498 4788 IKEEXT - ok
    13:30:39.0515 4788 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    13:30:39.0523 4788 intelide - ok
    13:30:39.0553 4788 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    13:30:39.0568 4788 intelppm - ok
    13:30:39.0638 4788 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    13:30:39.0666 4788 IPBusEnum - ok
    13:30:39.0700 4788 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    13:30:39.0741 4788 IpFilterDriver - ok
    13:30:39.0771 4788 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    13:30:39.0780 4788 IPMIDRV - ok
    13:30:39.0803 4788 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    13:30:39.0838 4788 IPNAT - ok
    13:30:39.0936 4788 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
    13:30:39.0951 4788 iPod Service - ok
    13:30:39.0988 4788 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    13:30:40.0036 4788 IRENUM - ok
    13:30:40.0083 4788 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    13:30:40.0091 4788 isapnp - ok
    13:30:40.0115 4788 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    13:30:40.0125 4788 iScsiPrt - ok
    13:30:40.0151 4788 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    13:30:40.0159 4788 kbdclass - ok
    13:30:40.0183 4788 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    13:30:40.0204 4788 kbdhid - ok
    13:30:40.0256 4788 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    13:30:40.0267 4788 KeyIso - ok
    13:30:40.0325 4788 KProcessHacker2 (bd70833ae5b0a9190d9a9618609034e2) C:\Program Files\Process Hacker 2\kprocesshacker.sys
    13:30:40.0331 4788 KProcessHacker2 - ok
    13:30:40.0340 4788 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    13:30:40.0349 4788 KSecDD - ok
    13:30:40.0370 4788 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    13:30:40.0379 4788 KSecPkg - ok
    13:30:40.0382 4788 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    13:30:40.0422 4788 ksthunk - ok
    13:30:40.0450 4788 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    13:30:40.0498 4788 KtmRm - ok
    13:30:40.0538 4788 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
    13:30:40.0574 4788 LanmanServer - ok
    13:30:40.0613 4788 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    13:30:40.0638 4788 LanmanWorkstation - ok
    13:30:40.0644 4788 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    13:30:40.0669 4788 lltdio - ok
    13:30:40.0712 4788 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    13:30:40.0739 4788 lltdsvc - ok
    13:30:40.0758 4788 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    13:30:40.0784 4788 lmhosts - ok
    13:30:40.0804 4788 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    13:30:40.0812 4788 LSI_FC - ok
    13:30:40.0825 4788 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    13:30:40.0833 4788 LSI_SAS - ok
    13:30:40.0847 4788 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    13:30:40.0856 4788 LSI_SAS2 - ok
    13:30:40.0875 4788 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    13:30:40.0883 4788 LSI_SCSI - ok
    13:30:40.0904 4788 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    13:30:40.0944 4788 luafv - ok
    13:30:40.0977 4788 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
    13:30:40.0987 4788 mcdbus - ok
    13:30:41.0017 4788 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    13:30:41.0034 4788 Mcx2Svc - ok
    13:30:41.0049 4788 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    13:30:41.0057 4788 megasas - ok
    13:30:41.0073 4788 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    13:30:41.0083 4788 MegaSR - ok
    13:30:41.0119 4788 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\F6BC.tmp
    13:30:41.0121 4788 MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - warning
    13:30:41.0121 4788 MEMSWEEP2 - detected UnsignedFile.Multi.Generic (1)
    13:30:41.0139 4788 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    13:30:41.0186 4788 MMCSS - ok
    13:30:41.0218 4788 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    13:30:41.0256 4788 Modem - ok
    13:30:41.0286 4788 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    13:30:41.0302 4788 monitor - ok
    13:30:41.0337 4788 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    13:30:41.0345 4788 mouclass - ok
    13:30:41.0352 4788 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    13:30:41.0373 4788 mouhid - ok
    13:30:41.0406 4788 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    13:30:41.0415 4788 mountmgr - ok
    13:30:41.0461 4788 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    13:30:41.0470 4788 mpio - ok
    13:30:41.0487 4788 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    13:30:41.0512 4788 mpsdrv - ok
    13:30:41.0553 4788 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    13:30:41.0580 4788 MRxDAV - ok
    13:30:41.0805 4788 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    13:30:41.0876 4788 mrxsmb - ok
    13:30:41.0932 4788 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    13:30:41.0959 4788 mrxsmb10 - ok
    13:30:41.0991 4788 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    13:30:42.0013 4788 mrxsmb20 - ok
    13:30:42.0042 4788 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    13:30:42.0050 4788 msahci - ok
    13:30:42.0093 4788 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    13:30:42.0102 4788 msdsm - ok
    13:30:42.0125 4788 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    13:30:42.0146 4788 MSDTC - ok
    13:30:42.0182 4788 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    13:30:42.0208 4788 Msfs - ok
    13:30:42.0233 4788 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    13:30:42.0259 4788 mshidkmdf - ok
    13:30:42.0300 4788 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    13:30:42.0308 4788 msisadrv - ok
    13:30:42.0335 4788 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    13:30:42.0372 4788 MSiSCSI - ok
    13:30:42.0374 4788 msiserver - ok
    13:30:42.0407 4788 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    13:30:42.0445 4788 MSKSSRV - ok
    13:30:42.0477 4788 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    13:30:42.0508 4788 MSPCLOCK - ok
    13:30:42.0541 4788 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    13:30:42.0568 4788 MSPQM - ok
    13:30:42.0634 4788 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    13:30:42.0645 4788 MsRPC - ok
    13:30:42.0674 4788 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    13:30:42.0682 4788 mssmbios - ok
    13:30:42.0693 4788 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    13:30:42.0733 4788 MSTEE - ok
    13:30:42.0774 4788 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    13:30:42.0782 4788 MTConfig - ok
    13:30:42.0807 4788 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    13:30:42.0816 4788 Mup - ok
    13:30:42.0858 4788 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    13:30:42.0884 4788 napagent - ok
    13:30:42.0923 4788 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    13:30:42.0943 4788 NativeWifiP - ok
    13:30:42.0991 4788 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    13:30:43.0010 4788 NDIS - ok
    13:30:43.0045 4788 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    13:30:43.0081 4788 NdisCap - ok
    13:30:43.0124 4788 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    13:30:43.0147 4788 NdisTapi - ok
    13:30:43.0190 4788 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    13:30:43.0213 4788 Ndisuio - ok
    13:30:43.0260 4788 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    13:30:43.0291 4788 NdisWan - ok
    13:30:43.0323 4788 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    13:30:43.0346 4788 NDProxy - ok
    13:30:43.0377 4788 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
    13:30:43.0385 4788 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
    13:30:43.0385 4788 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
    13:30:43.0401 4788 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    13:30:43.0436 4788 NetBIOS - ok
    13:30:43.0483 4788 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    13:30:43.0541 4788 NetBT - ok
    13:30:43.0573 4788 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    13:30:43.0581 4788 Netlogon - ok
    13:30:45.0412 4788 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    13:30:45.0450 4788 Netman - ok
    13:30:45.0565 4788 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    13:30:45.0572 4788 NetMsmqActivator - ok
    13:30:45.0576 4788 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    13:30:45.0583 4788 NetPipeActivator - ok
    13:30:45.0638 4788 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    13:30:45.0673 4788 netprofm - ok
    13:30:45.0745 4788 netr28x (68cdb276a3009f0cf000c6352c1f72e7) C:\Windows\system32\DRIVERS\Dnetr28x.sys
    13:30:45.0803 4788 netr28x - ok
    13:30:45.0813 4788 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    13:30:45.0820 4788 NetTcpActivator - ok
    13:30:45.0825 4788 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    13:30:45.0833 4788 NetTcpPortSharing - ok
    13:30:45.0871 4788 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    13:30:45.0879 4788 nfrd960 - ok
    13:30:45.0939 4788 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    13:30:45.0982 4788 NlaSvc - ok
    13:30:46.0012 4788 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    13:30:46.0038 4788 Npfs - ok
    13:30:46.0077 4788 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    13:30:46.0109 4788 nsi - ok
    13:30:46.0141 4788 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    13:30:46.0168 4788 nsiproxy - ok
    13:30:46.0255 4788 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    13:30:46.0282 4788 Ntfs - ok
    13:30:46.0341 4788 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    13:30:46.0376 4788 Null - ok
    13:30:46.0414 4788 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    13:30:46.0422 4788 nvraid - ok
    13:30:46.0443 4788 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    13:30:46.0452 4788 nvstor - ok
    13:30:46.0492 4788 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    13:30:46.0500 4788 nv_agp - ok
    13:30:46.0624 4788 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    13:30:46.0634 4788 odserv - ok
    13:30:46.0666 4788 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    13:30:46.0683 4788 ohci1394 - ok
    13:30:46.0736 4788 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    13:30:46.0744 4788 ose - ok
    13:30:46.0766 4788 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    13:30:46.0787 4788 p2pimsvc - ok
    13:30:46.0809 4788 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    13:30:46.0820 4788 p2psvc - ok
    13:30:46.0877 4788 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    13:30:46.0886 4788 Parport - ok
    13:30:46.0924 4788 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
    13:30:46.0933 4788 partmgr - ok
    13:30:46.0946 4788 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    13:30:46.0974 4788 PcaSvc - ok
    13:30:47.0003 4788 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    13:30:47.0013 4788 pci - ok
    13:30:47.0030 4788 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    13:30:47.0038 4788 pciide - ok
    13:30:47.0061 4788 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    13:30:47.0071 4788 pcmcia - ok
    13:30:47.0087 4788 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    13:30:47.0095 4788 pcw - ok
    13:30:47.0128 4788 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    13:30:47.0192 4788 PEAUTH - ok
    13:30:47.0276 4788 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
    13:30:47.0338 4788 PeerDistSvc - ok
    13:30:47.0394 4788 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    13:30:47.0403 4788 PerfHost - ok
    13:30:47.0513 4788 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    13:30:47.0576 4788 pla - ok
    13:30:47.0697 4788 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    13:30:47.0807 4788 PlugPlay - ok
    13:30:47.0846 4788 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
    13:30:47.0849 4788 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
    13:30:47.0849 4788 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
    13:30:47.0885 4788 PnkBstrA - ok
    13:30:47.0905 4788 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    13:30:47.0926 4788 PNRPAutoReg - ok
    13:30:47.0955 4788 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    13:30:47.0965 4788 PNRPsvc - ok
    13:30:48.0027 4788 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    13:30:48.0076 4788 PolicyAgent - ok
    13:30:48.0118 4788 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    13:30:48.0163 4788 Power - ok
    13:30:48.0225 4788 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    13:30:48.0263 4788 PptpMiniport - ok
    13:30:48.0321 4788 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    13:30:48.0336 4788 Processor - ok
    13:30:48.0381 4788 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
    13:30:48.0418 4788 ProfSvc - ok
    13:30:48.0458 4788 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    13:30:48.0466 4788 ProtectedStorage - ok
    13:30:48.0501 4788 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    13:30:48.0526 4788 Psched - ok
    13:30:48.0606 4788 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    13:30:48.0629 4788 ql2300 - ok
    13:30:48.0730 4788 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    13:30:48.0739 4788 ql40xx - ok
    13:30:48.0753 4788 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    13:30:48.0766 4788 QWAVE - ok
    13:30:48.0840 4788 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    13:30:48.0861 4788 QWAVEdrv - ok
    13:30:48.0878 4788 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    13:30:48.0903 4788 RasAcd - ok
    13:30:48.0926 4788 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    13:30:48.0950 4788 RasAgileVpn - ok
    13:30:48.0968 4788 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    13:30:49.0002 4788 RasAuto - ok
    13:30:49.0058 4788 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    13:30:49.0093 4788 Rasl2tp - ok
    13:30:49.0151 4788 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    13:30:49.0178 4788 RasMan - ok
    13:30:49.0193 4788 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    13:30:49.0218 4788 RasPppoe - ok
    13:30:49.0223 4788 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    13:30:49.0260 4788 RasSstp - ok
    13:30:49.0288 4788 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    13:30:49.0331 4788 rdbss - ok
    13:30:49.0343 4788 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    13:30:49.0357 4788 rdpbus - ok
    13:30:49.0366 4788 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    13:30:49.0395 4788 RDPCDD - ok
    13:30:49.0431 4788 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
    13:30:49.0449 4788 RDPDR - ok
    13:30:49.0466 4788 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    13:30:49.0509 4788 RDPENCDD - ok
    13:30:49.0513 4788 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    13:30:49.0538 4788 RDPREFMP - ok
    13:30:49.0681 4788 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
    13:30:49.0747 4788 RDPWD - ok
    13:30:49.0872 4788 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    13:30:49.0881 4788 rdyboost - ok
    13:30:49.0928 4788 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    13:30:49.0963 4788 RemoteAccess - ok
    13:30:50.0000 4788 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    13:30:50.0033 4788 RemoteRegistry - ok
    13:30:50.0052 4788 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    13:30:50.0079 4788 RpcEptMapper - ok
    13:30:50.0120 4788 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    13:30:50.0143 4788 RpcLocator - ok
    13:30:50.0195 4788 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    13:30:50.0226 4788 RpcSs - ok
    13:30:50.0232 4788 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    13:30:50.0274 4788 rspndr - ok
    13:30:50.0855 4788 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
    13:30:50.0881 4788 RTL8167 - ok
    13:30:50.0911 4788 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
    13:30:50.0944 4788 s3cap - ok
    13:30:50.0977 4788 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    13:30:50.0985 4788 SamSs - ok
    13:30:51.0082 4788 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    13:30:51.0099 4788 SASDIFSV - ok
    13:30:51.0140 4788 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    13:30:51.0146 4788 SASKUTIL - ok
    13:30:51.0155 4788 SAVRKBootTasks - ok
    13:30:51.0296 4788 SBAMSvc (bce943896289a91ad75cc5652620b1c6) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
    13:30:51.0341 4788 SBAMSvc - ok
    13:30:51.0431 4788 sbapifs (6e342316e72f4b6fa39c99e06373a1a3) C:\Windows\system32\DRIVERS\sbapifs.sys
    13:30:51.0438 4788 sbapifs - ok
    13:30:51.0482 4788 SbFw (19954328dda3d656f8a879b3a46ffed6) C:\Windows\system32\drivers\SbFw.sys
    13:30:51.0491 4788 SbFw - ok
    13:30:51.0523 4788 SBFWIMCL (513b3bfcd3c465b9820c2d05fa94e630) C:\Windows\system32\DRIVERS\sbfwim.sys
    13:30:51.0530 4788 SBFWIMCL - ok
    13:30:51.0533 4788 SBFWIMCLMP (513b3bfcd3c465b9820c2d05fa94e630) C:\Windows\system32\DRIVERS\SBFWIM.sys
    13:30:51.0540 4788 SBFWIMCLMP - ok
    13:30:51.0627 4788 sbhips (b671eef468d13016b9286f5835a06ae1) C:\Windows\system32\drivers\sbhips.sys
    13:30:51.0633 4788 sbhips - ok
    13:30:51.0776 4788 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    13:30:51.0785 4788 sbp2port - ok
    13:30:51.0824 4788 SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys
    13:30:51.0830 4788 SBRE - ok
    13:30:51.0847 4788 sbwtis (eab54adcceca64b2f38cd859fb494895) C:\Windows\system32\DRIVERS\sbwtis.sys
    13:30:51.0854 4788 sbwtis - ok
    13:30:51.0867 4788 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    13:30:51.0906 4788 SCardSvr - ok
    13:30:51.0958 4788 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    13:30:51.0988 4788 scfilter - ok
    13:30:52.0070 4788 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    13:30:52.0103 4788 Schedule - ok
    13:30:52.0138 4788 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    13:30:52.0163 4788 SCPolicySvc - ok
    13:30:52.0214 4788 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    13:30:52.0232 4788 SDRSVC - ok
    13:30:52.0250 4788 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    13:30:52.0275 4788 secdrv - ok
    13:30:52.0323 4788 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    13:30:52.0362 4788 seclogon - ok
    13:30:52.0381 4788 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    13:30:52.0419 4788 SENS - ok
    13:30:52.0467 4788 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    13:30:52.0484 4788 SensrSvc - ok
    13:30:52.0487 4788 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    13:30:52.0505 4788 Serenum - ok
    13:30:52.0538 4788 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    13:30:52.0546 4788 Serial - ok
    13:30:52.0575 4788 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    13:30:52.0599 4788 sermouse - ok
    13:30:52.0682 4788 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    13:30:52.0707 4788 SessionEnv - ok
    13:30:52.0731 4788 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    13:30:52.0754 4788 sffdisk - ok
    13:30:52.0765 4788 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    13:30:52.0780 4788 sffp_mmc - ok
    13:30:52.0797 4788 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    13:30:52.0811 4788 sffp_sd - ok
    13:30:52.0823 4788 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    13:30:52.0831 4788 sfloppy - ok
    13:30:52.0879 4788 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    13:30:52.0916 4788 ShellHWDetection - ok
    13:30:52.0947 4788 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    13:30:52.0956 4788 SiSRaid2 - ok
    13:30:52.0980 4788 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    13:30:52.0992 4788 SiSRaid4 - ok
    13:30:53.0041 4788 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    13:30:53.0075 4788 Smb - ok
    13:30:53.0111 4788 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    13:30:53.0144 4788 SNMPTRAP - ok
    13:30:53.0169 4788 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    13:30:53.0179 4788 spldr - ok
    13:30:53.0209 4788 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    13:30:53.0242 4788 Spooler - ok
    13:30:53.0433 4788 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    13:30:53.0542 4788 sppsvc - ok
    13:30:53.0686 4788 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    13:30:53.0720 4788 sppuinotify - ok
    13:30:53.0763 4788 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    13:30:53.0803 4788 srv - ok
    13:30:53.0838 4788 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    13:30:53.0864 4788 srv2 - ok
    13:30:53.0884 4788 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    13:30:53.0903 4788 srvnet - ok
    13:30:53.0940 4788 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    13:30:53.0980 4788 SSDPSRV - ok
    13:30:54.0017 4788 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    13:30:54.0075 4788 SstpSvc - ok
    13:30:54.0129 4788 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    13:30:54.0138 4788 stexstor - ok
    13:30:54.0198 4788 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    13:30:54.0216 4788 stisvc - ok
    13:30:54.0253 4788 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
    13:30:54.0261 4788 storflt - ok
    13:30:54.0288 4788 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
    13:30:54.0302 4788 StorSvc - ok
    13:30:54.0315 4788 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
    13:30:54.0324 4788 storvsc - ok
    13:30:54.0326 4788 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    13:30:54.0334 4788 swenum - ok
    13:30:54.0403 4788 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    13:30:54.0433 4788 swprv - ok
    13:30:54.0528 4788 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    13:30:54.0576 4788 SysMain - ok
    13:30:54.0712 4788 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    13:30:54.0725 4788 TabletInputService - ok
    13:30:54.0780 4788 tap0901 (595cb8da5b522ad8cc28193dc21fd496) C:\Windows\system32\DRIVERS\tap0901.sys
    13:30:54.0812 4788 tap0901 - ok
    13:30:54.0847 4788 tap0901t (b08740047145b9bce15bf75ca0f9718a) C:\Windows\system32\DRIVERS\tap0901t.sys
    13:30:54.0873 4788 tap0901t - ok
    13:30:54.0902 4788 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    13:30:54.0946 4788 TapiSrv - ok
    13:30:54.0964 4788 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    13:30:54.0998 4788 TBS - ok
    13:30:55.0101 4788 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
    13:30:55.0128 4788 Tcpip - ok
    13:30:55.0241 4788 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
    13:30:55.0268 4788 TCPIP6 - ok
    13:30:55.0354 4788 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    13:30:55.0377 4788 tcpipreg - ok
    13:30:55.0415 4788 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    13:30:55.0434 4788 TDPIPE - ok
    13:30:55.0466 4788 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    13:30:55.0475 4788 TDTCP - ok
    13:30:55.0512 4788 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    13:30:55.0536 4788 tdx - ok
    13:30:55.0570 4788 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    13:30:55.0581 4788 TermDD - ok
    13:30:55.0646 4788 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    13:30:55.0737 4788 TermService - ok
    13:30:55.0782 4788 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    13:30:55.0793 4788 Themes - ok
    13:30:55.0820 4788 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    13:30:55.0844 4788 THREADORDER - ok
    13:30:55.0980 4788 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    13:30:56.0034 4788 TrkWks - ok
    13:30:56.0059 4788 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    13:30:56.0083 4788 TrustedInstaller - ok
    13:30:56.0121 4788 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    13:30:56.0144 4788 tssecsrv - ok
    13:30:56.0186 4788 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    13:30:56.0216 4788 TsUsbFlt - ok
    13:30:56.0253 4788 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    13:30:56.0278 4788 tunnel - ok
    13:30:56.0383 4788 TunngleService (7a34128510eeb13cf8583531c8fb081c) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
    13:30:56.0395 4788 TunngleService - ok
    13:30:56.0442 4788 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    13:30:56.0450 4788 uagp35 - ok
    13:30:56.0495 4788 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    13:30:56.0529 4788 udfs - ok
    13:30:56.0564 4788 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    13:30:56.0574 4788 UI0Detect - ok
    13:30:56.0657 4788 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    13:30:56.0666 4788 uliagpkx - ok
    13:30:56.0746 4788 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    13:30:56.0767 4788 umbus - ok
    13:30:56.0786 4788 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    13:30:56.0793 4788 UmPass - ok
    13:30:56.0820 4788 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
    13:30:56.0836 4788 UmRdpService - ok
    13:30:56.0864 4788 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    13:30:56.0903 4788 upnphost - ok
    13:30:56.0975 4788 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    13:30:57.0003 4788 USBAAPL64 - ok
    13:30:57.0048 4788 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    13:30:57.0059 4788 usbaudio - ok
    13:30:57.0092 4788 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    13:30:57.0108 4788 usbccgp - ok
    13:30:57.0151 4788 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    13:30:57.0170 4788 usbcir - ok
    13:30:57.0204 4788 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    13:30:57.0213 4788 usbehci - ok
    13:30:57.0230 4788 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    13:30:57.0253 4788 usbhub - ok
    13:30:57.0269 4788 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    13:30:57.0277 4788 usbohci - ok
    13:30:57.0292 4788 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    13:30:57.0300 4788 usbprint - ok
    13:30:57.0339 4788 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    13:30:57.0363 4788 usbscan - ok
    13:30:57.0402 4788 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    13:30:57.0421 4788 USBSTOR - ok
    13:30:57.0429 4788 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
    13:30:57.0441 4788 usbuhci - ok
    13:30:57.0453 4788 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    13:30:57.0480 4788 UxSms - ok
    13:30:57.0539 4788 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    13:30:57.0550 4788 VaultSvc - ok
    13:30:57.0570 4788 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    13:30:57.0578 4788 vdrvroot - ok
    13:30:57.0625 4788 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    13:30:57.0652 4788 vds - ok
    13:30:57.0675 4788 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    13:30:57.0683 4788 vga - ok
    13:30:57.0687 4788 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    13:30:57.0722 4788 VgaSave - ok
    13:30:57.0757 4788 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    13:30:57.0769 4788 vhdmp - ok
    13:30:57.0781 4788 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    13:30:57.0789 4788 viaide - ok
    13:30:57.0812 4788 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
    13:30:57.0824 4788 vmbus - ok
    13:30:57.0839 4788 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
    13:30:57.0847 4788 VMBusHID - ok
    13:30:57.0863 4788 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    13:30:57.0871 4788 volmgr - ok
    13:30:57.0925 4788 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    13:30:57.0937 4788 volmgrx - ok
    13:30:57.0960 4788 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    13:30:57.0968 4788 volsnap - ok
    13:30:57.0984 4788 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    13:30:57.0992 4788 vsmraid - ok
    13:30:58.0085 4788 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    13:30:58.0125 4788 VSS - ok
    13:30:58.0203 4788 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    13:30:58.0224 4788 vwifibus - ok
    13:30:58.0229 4788 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    13:30:58.0261 4788 vwififlt - ok
    13:30:58.0293 4788 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    13:30:58.0323 4788 W32Time - ok
    13:30:58.0340 4788 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    13:30:58.0349 4788 WacomPen - ok
    13:30:58.0371 4788 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    13:30:58.0409 4788 WANARP - ok
    13:30:58.0412 4788 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    13:30:58.0437 4788 Wanarpv6 - ok
    13:30:58.0503 4788 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    13:30:58.0524 4788 WatAdminSvc - ok
    13:30:58.0730 4788 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    13:30:58.0784 4788 wbengine - ok
    13:30:58.0818 4788 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    13:30:58.0831 4788 WbioSrvc - ok
    13:30:58.0880 4788 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    13:30:58.0910 4788 wcncsvc - ok
    13:30:58.0916 4788 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    13:30:58.0938 4788 WcsPlugInService - ok
    13:30:58.0947 4788 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    13:30:58.0955 4788 Wd - ok
    13:30:58.0998 4788 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
    13:30:59.0014 4788 WDC_SAM - ok
    13:30:59.0049 4788 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    13:30:59.0064 4788 Wdf01000 - ok
    13:30:59.0099 4788 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    13:30:59.0146 4788 WdiServiceHost - ok
    13:30:59.0148 4788 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    13:30:59.0161 4788 WdiSystemHost - ok
    13:30:59.0304 4788 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    13:30:59.0333 4788 WebClient - ok
    13:30:59.0452 4788 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    13:30:59.0506 4788 Wecsvc - ok
    13:30:59.0626 4788 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    13:30:59.0698 4788 wercplsupport - ok
    13:30:59.0840 4788 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    13:30:59.0872 4788 WerSvc - ok
    13:30:59.0996 4788 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    13:31:00.0021 4788 WfpLwf - ok
    13:31:00.0089 4788 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    13:31:00.0097 4788 WIMMount - ok
    13:31:00.0110 4788 WinHttpAutoProxySvc - ok
    13:31:00.0151 4788 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    13:31:00.0188 4788 Winmgmt - ok
    13:31:00.0292 4788 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    13:31:00.0358 4788 WinRM - ok
    13:31:00.0485 4788 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    13:31:00.0495 4788 WinUsb - ok
    13:31:00.0539 4788 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    13:31:00.0576 4788 Wlansvc - ok
    13:31:00.0965 4788 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    13:31:00.0997 4788 wlidsvc - ok
    13:31:01.0865 4788 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    13:31:01.0880 4788 WmiAcpi - ok
    13:31:01.0929 4788 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    13:31:01.0945 4788 wmiApSrv - ok
    13:31:01.0976 4788 WMPNetworkSvc - ok
    13:31:01.0984 4788 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    13:31:02.0001 4788 WPCSvc - ok
    13:31:02.0035 4788 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    13:31:02.0046 4788 WPDBusEnum - ok
    13:31:02.0072 4788 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    13:31:02.0097 4788 ws2ifsl - ok
    13:31:02.0099 4788 WSearch - ok
    13:31:02.0216 4788 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    13:31:02.0250 4788 wuauserv - ok
    13:31:02.0306 4788 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    13:31:02.0339 4788 WudfPf - ok
    13:31:02.0369 4788 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    13:31:02.0404 4788 WUDFRd - ok
    13:31:02.0439 4788 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    13:31:02.0464 4788 wudfsvc - ok
    13:31:02.0490 4788 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    13:31:02.0511 4788 WwanSvc - ok
    13:31:02.0550 4788 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    13:31:02.0789 4788 \Device\Harddisk0\DR0 - ok
    13:31:02.0791 4788 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
    13:31:02.0916 4788 \Device\Harddisk1\DR1 ( TDSS File System ) - warning
    13:31:02.0917 4788 \Device\Harddisk1\DR1 - detected TDSS File System (1)
    13:31:02.0919 4788 Boot (0x1200) (d42eb5b6f4ec3d63630293a0b847abcb) \Device\Harddisk0\DR0\Partition0
    13:31:02.0919 4788 \Device\Harddisk0\DR0\Partition0 - ok
    13:31:02.0941 4788 Boot (0x1200) (ef7b51b83b217dd470bd2bad211d5ec8) \Device\Harddisk0\DR0\Partition1
    13:31:02.0943 4788 \Device\Harddisk0\DR0\Partition1 - ok
    13:31:02.0945 4788 Boot (0x1200) (2e94c917a1b6673a28376dce2cc8688c) \Device\Harddisk1\DR1\Partition0
    13:31:02.0947 4788 \Device\Harddisk1\DR1\Partition0 - ok
    13:31:02.0947 4788 ============================================================
    13:31:02.0947 4788 Scan finished
    13:31:02.0947 4788 ============================================================
    13:31:02.0955 4564 Detected object count: 6
    13:31:02.0955 4564 Actual detected object count: 6
    13:32:21.0371 4564 HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
    13:32:21.0371 4564 HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    13:32:21.0371 4564 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
    13:32:21.0371 4564 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
    13:32:21.0371 4564 MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - skipped by user
    13:32:21.0371 4564 MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    13:32:21.0378 4564 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
    13:32:21.0378 4564 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    13:32:21.0378 4564 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
    13:32:21.0378 4564 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    13:32:21.0378 4564 \Device\Harddisk1\DR1 ( TDSS File System ) - skipped by user
    13:32:21.0378 4564 \Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Skip

    And here's a link to a pic of the threats that came up:
    http://gyazo.com/0d2e4a59d009af3214e317e0dd3cb004

    There was skip by default and quaratine but I just skipped.

    Thanks again dvk01
     
  5. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,852
    now run it again and read my last post carefully

    particuarly
    let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot


    you ignored the infection

     
  6. leechtime

    leechtime Thread Starter

    Joined:
    Jun 19, 2012
    Messages:
    9
    My mistake. Here's the new log:

    21:43:23.0915 2384 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
    21:43:25.0009 2384 ============================================================
    21:43:25.0009 2384 Current date / time: 2012/06/22 21:43:25.0009
    21:43:25.0009 2384 SystemInfo:
    21:43:25.0009 2384
    21:43:25.0009 2384 OS Version: 6.1.7601 ServicePack: 1.0
    21:43:25.0009 2384 Product type: Workstation
    21:43:25.0009 2384 ComputerName: LEECH-PC
    21:43:25.0009 2384 UserName: Leech
    21:43:25.0009 2384 Windows directory: C:\Windows
    21:43:25.0009 2384 System windows directory: C:\Windows
    21:43:25.0009 2384 Running under WOW64
    21:43:25.0009 2384 Processor architecture: Intel x64
    21:43:25.0009 2384 Number of processors: 2
    21:43:25.0009 2384 Page size: 0x1000
    21:43:25.0009 2384 Boot type: Normal boot
    21:43:25.0009 2384 ============================================================
    21:43:31.0705 2384 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    21:43:31.0736 2384 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    21:43:31.0769 2384 ============================================================
    21:43:31.0769 2384 \Device\Harddisk0\DR0:
    21:43:31.0785 2384 MBR partitions:
    21:43:31.0785 2384 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    21:43:31.0785 2384 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE8DD5800
    21:43:31.0785 2384 \Device\Harddisk1\DR1:
    21:43:31.0785 2384 MBR partitions:
    21:43:31.0785 2384 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
    21:43:31.0785 2384 ============================================================
    21:43:31.0863 2384 C: <-> \Device\Harddisk0\DR0\Partition1
    21:43:31.0863 2384 E: <-> \Device\Harddisk1\DR1\Partition0
    21:43:31.0863 2384 ============================================================
    21:43:31.0863 2384 Initialize success
    21:43:31.0863 2384 ============================================================
    21:43:35.0759 3540 ============================================================
    21:43:35.0759 3540 Scan started
    21:43:35.0759 3540 Mode: Manual; SigCheck; TDLFS;
    21:43:35.0759 3540 ============================================================
    21:43:39.0673 3540 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    21:43:40.0613 3540 !SASCORE - ok
    21:43:41.0271 3540 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    21:43:41.0880 3540 1394ohci - ok
    21:43:42.0023 3540 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    21:43:42.0039 3540 ACPI - ok
    21:43:42.0132 3540 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    21:43:42.0195 3540 AcpiPmi - ok
    21:43:42.0398 3540 Ad-Aware Service (09e61047b0cef21559cfcedf4f14d216) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
    21:43:42.0446 3540 Ad-Aware Service - ok
    21:43:42.0586 3540 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    21:43:42.0602 3540 AdobeARMservice - ok
    21:43:42.0931 3540 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    21:43:42.0947 3540 AdobeFlashPlayerUpdateSvc - ok
    21:43:43.0603 3540 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    21:43:43.0634 3540 adp94xx - ok
    21:43:43.0712 3540 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    21:43:43.0728 3540 adpahci - ok
    21:43:43.0759 3540 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    21:43:43.0759 3540 adpu320 - ok
    21:43:43.0900 3540 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    21:43:44.0292 3540 AeLookupSvc - ok
    21:43:44.0480 3540 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    21:43:44.0589 3540 AFD - ok
    21:43:44.0652 3540 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    21:43:44.0667 3540 agp440 - ok
    21:43:44.0699 3540 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    21:43:44.0846 3540 ALG - ok
    21:43:44.0875 3540 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    21:43:44.0884 3540 aliide - ok
    21:43:44.0987 3540 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
    21:43:45.0078 3540 AMD External Events Utility - ok
    21:43:45.0106 3540 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    21:43:45.0115 3540 amdide - ok
    21:43:45.0146 3540 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    21:43:45.0203 3540 AmdK8 - ok
    21:43:48.0424 3540 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
    21:43:48.0733 3540 amdkmdag - ok
    21:43:54.0592 3540 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
    21:43:54.0610 3540 amdkmdap - ok
    21:43:54.0631 3540 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    21:43:54.0656 3540 AmdPPM - ok
    21:43:54.0708 3540 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    21:43:54.0718 3540 amdsata - ok
    21:43:54.0754 3540 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    21:43:54.0765 3540 amdsbs - ok
    21:43:54.0783 3540 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    21:43:54.0791 3540 amdxata - ok
    21:43:55.0394 3540 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    21:43:55.0560 3540 AppID - ok
    21:43:56.0189 3540 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    21:43:56.0311 3540 AppIDSvc - ok
    21:43:57.0644 3540 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    21:43:57.0748 3540 Appinfo - ok
    21:43:58.0534 3540 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    21:43:58.0541 3540 Apple Mobile Device - ok
    21:43:59.0413 3540 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
    21:43:59.0479 3540 AppMgmt - ok
    21:43:59.0509 3540 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    21:43:59.0520 3540 arc - ok
    21:43:59.0541 3540 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    21:43:59.0551 3540 arcsas - ok
    21:43:59.0889 3540 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    21:43:59.0998 3540 aspnet_state - ok
    21:44:00.0022 3540 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    21:44:00.0067 3540 AsyncMac - ok
    21:44:00.0099 3540 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    21:44:00.0108 3540 atapi - ok
    21:44:00.0160 3540 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
    21:44:00.0211 3540 AtiHDAudioService - ok
    21:44:01.0253 3540 atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
    21:44:01.0348 3540 atikmdag - ok
    21:44:03.0490 3540 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    21:44:03.0887 3540 AudioEndpointBuilder - ok
    21:44:03.0892 3540 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    21:44:03.0919 3540 AudioSrv - ok
    21:44:04.0227 3540 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    21:44:04.0344 3540 AxInstSV - ok
    21:44:04.0458 3540 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    21:44:04.0515 3540 b06bdrv - ok
    21:44:04.0554 3540 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    21:44:04.0601 3540 b57nd60a - ok
    21:44:04.0905 3540 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    21:44:04.0956 3540 BDESVC - ok
    21:44:04.0992 3540 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    21:44:05.0057 3540 Beep - ok
    21:44:05.0183 3540 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
    21:44:05.0252 3540 BITS - ok
    21:44:05.0311 3540 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    21:44:05.0349 3540 blbdrive - ok
    21:44:06.0213 3540 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    21:44:06.0223 3540 Bonjour Service - ok
    21:44:06.0600 3540 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    21:44:06.0685 3540 bowser - ok
    21:44:06.0794 3540 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    21:44:07.0182 3540 BrFiltLo - ok
    21:44:07.0230 3540 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    21:44:07.0240 3540 BrFiltUp - ok
    21:44:07.0268 3540 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    21:44:07.0356 3540 Browser - ok
    21:44:07.0613 3540 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    21:44:07.0800 3540 Brserid - ok
    21:44:07.0932 3540 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    21:44:07.0953 3540 BrSerWdm - ok
    21:44:07.0998 3540 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    21:44:08.0029 3540 BrUsbMdm - ok
    21:44:08.0073 3540 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    21:44:08.0166 3540 BrUsbSer - ok
    21:44:08.0250 3540 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    21:44:08.0296 3540 BTHMODEM - ok
    21:44:08.0427 3540 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    21:44:08.0488 3540 bthserv - ok
    21:44:08.0561 3540 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    21:44:08.0619 3540 cdfs - ok
    21:44:08.0961 3540 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    21:44:09.0009 3540 cdrom - ok
    21:44:09.0343 3540 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    21:44:09.0446 3540 CertPropSvc - ok
    21:44:09.0563 3540 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    21:44:09.0629 3540 circlass - ok
    21:44:09.0817 3540 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    21:44:09.0843 3540 CLFS - ok
    21:44:10.0136 3540 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    21:44:10.0234 3540 clr_optimization_v2.0.50727_32 - ok
    21:44:10.0453 3540 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    21:44:10.0487 3540 clr_optimization_v2.0.50727_64 - ok
    21:44:10.0871 3540 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    21:44:11.0173 3540 clr_optimization_v4.0.30319_32 - ok
    21:44:11.0481 3540 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    21:44:11.0635 3540 clr_optimization_v4.0.30319_64 - ok
    21:44:11.0717 3540 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    21:44:11.0793 3540 CmBatt - ok
    21:44:11.0874 3540 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    21:44:11.0882 3540 cmdide - ok
    21:44:12.0097 3540 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    21:44:12.0202 3540 CNG - ok
    21:44:12.0269 3540 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    21:44:12.0278 3540 Compbatt - ok
    21:44:12.0394 3540 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    21:44:12.0418 3540 CompositeBus - ok
    21:44:12.0467 3540 COMSysApp - ok
    21:44:12.0536 3540 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    21:44:12.0544 3540 crcdisk - ok
    21:44:12.0766 3540 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
    21:44:12.0855 3540 CryptSvc - ok
    21:44:12.0981 3540 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
    21:44:13.0078 3540 CSC - ok
    21:44:13.0145 3540 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
    21:44:13.0203 3540 CscService - ok
    21:44:13.0640 3540 DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe
    21:44:13.0647 3540 DAUpdaterSvc - ok
    21:44:13.0682 3540 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    21:44:13.0771 3540 DcomLaunch - ok
    21:44:13.0946 3540 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    21:44:13.0973 3540 defragsvc - ok
    21:44:14.0144 3540 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    21:44:14.0178 3540 DfsC - ok
    21:44:14.0262 3540 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    21:44:14.0327 3540 Dhcp - ok
    21:44:14.0435 3540 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    21:44:14.0472 3540 discache - ok
    21:44:14.0706 3540 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    21:44:14.0763 3540 Disk - ok
    21:44:15.0353 3540 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    21:44:15.0413 3540 Dnscache - ok
    21:44:15.0519 3540 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    21:44:15.0565 3540 dot3svc - ok
    21:44:15.0855 3540 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
    21:44:15.0891 3540 Dot4 - ok
    21:44:15.0925 3540 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    21:44:15.0946 3540 Dot4Print - ok
    21:44:16.0058 3540 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
    21:44:16.0120 3540 dot4usb - ok
    21:44:16.0200 3540 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    21:44:16.0258 3540 DPS - ok
    21:44:16.0300 3540 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    21:44:16.0338 3540 drmkaud - ok
    21:44:16.0434 3540 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    21:44:16.0452 3540 DXGKrnl - ok
    21:44:16.0485 3540 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    21:44:16.0521 3540 EapHost - ok
    21:44:17.0059 3540 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    21:44:17.0166 3540 ebdrv - ok
    21:44:17.0421 3540 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    21:44:17.0478 3540 EFS - ok
    21:44:17.0687 3540 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    21:44:17.0768 3540 ehRecvr - ok
    21:44:17.0799 3540 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    21:44:17.0838 3540 ehSched - ok
    21:44:17.0962 3540 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    21:44:17.0979 3540 elxstor - ok
    21:44:18.0123 3540 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    21:44:18.0146 3540 ErrDev - ok
    21:44:18.0188 3540 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    21:44:18.0235 3540 EventSystem - ok
    21:44:18.0351 3540 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    21:44:18.0378 3540 exfat - ok
    21:44:18.0395 3540 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    21:44:18.0441 3540 fastfat - ok
    21:44:19.0061 3540 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    21:44:19.0173 3540 Fax - ok
    21:44:19.0328 3540 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    21:44:19.0382 3540 fdc - ok
    21:44:19.0458 3540 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    21:44:19.0495 3540 fdPHost - ok
    21:44:19.0515 3540 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    21:44:19.0551 3540 FDResPub - ok
    21:44:19.0577 3540 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    21:44:19.0585 3540 FileInfo - ok
    21:44:19.0640 3540 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    21:44:19.0685 3540 Filetrace - ok
    21:44:19.0708 3540 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    21:44:19.0716 3540 flpydisk - ok
    21:44:19.0937 3540 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    21:44:19.0963 3540 FltMgr - ok
    21:44:20.0344 3540 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    21:44:20.0396 3540 FontCache - ok
    21:44:20.0472 3540 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    21:44:20.0482 3540 FontCache3.0.0.0 - ok
    21:44:20.0882 3540 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    21:44:20.0891 3540 FsDepends - ok
    21:44:20.0929 3540 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    21:44:20.0937 3540 Fs_Rec - ok
    21:44:21.0329 3540 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    21:44:21.0355 3540 fvevol - ok
    21:44:21.0436 3540 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    21:44:21.0461 3540 gagp30kx - ok
    21:44:21.0543 3540 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    21:44:21.0550 3540 GEARAspiWDM - ok
    21:44:21.0930 3540 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    21:44:22.0004 3540 gpsvc - ok
    21:44:22.0112 3540 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
    21:44:22.0119 3540 hamachi - ok
    21:44:22.0222 3540 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    21:44:22.0287 3540 hcw85cir - ok
    21:44:22.0487 3540 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    21:44:22.0504 3540 HdAudAddService - ok
    21:44:22.0761 3540 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    21:44:22.0795 3540 HDAudBus - ok
    21:44:22.0813 3540 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    21:44:22.0845 3540 HidBatt - ok
    21:44:22.0860 3540 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    21:44:22.0881 3540 HidBth - ok
    21:44:22.0893 3540 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    21:44:22.0915 3540 HidIr - ok
    21:44:22.0985 3540 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    21:44:23.0040 3540 hidserv - ok
    21:44:23.0208 3540 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    21:44:23.0216 3540 HidUsb - ok
    21:44:23.0389 3540 HiPatchService (5a457c3d00c1c701230a12aa1580114d) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    21:44:23.0417 3540 HiPatchService ( UnsignedFile.Multi.Generic ) - warning
    21:44:23.0417 3540 HiPatchService - detected UnsignedFile.Multi.Generic (1)
    21:44:23.0454 3540 hitmanpro35 (44f92c1f913e582bef9cac66443c6230) C:\Windows\system32\drivers\hitmanpro36.sys
    21:44:23.0471 3540 hitmanpro35 - ok
    21:44:23.0639 3540 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    21:44:23.0744 3540 hkmsvc - ok
    21:44:25.0582 3540 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    21:44:25.0660 3540 HomeGroupListener - ok
    21:44:25.0945 3540 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    21:44:25.0991 3540 HomeGroupProvider - ok
    21:44:26.0426 3540 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
    21:44:26.0474 3540 hpqcxs08 - ok
    21:44:27.0439 3540 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
    21:44:27.0446 3540 hpqddsvc - ok
    21:44:27.0729 3540 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    21:44:27.0738 3540 HpSAMD - ok
    21:44:28.0043 3540 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
    21:44:28.0106 3540 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
    21:44:28.0106 3540 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
    21:44:28.0250 3540 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    21:44:28.0316 3540 HTTP - ok
    21:44:28.0384 3540 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    21:44:28.0392 3540 hwpolicy - ok
    21:44:28.0447 3540 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    21:44:28.0457 3540 i8042prt - ok
    21:44:28.0551 3540 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    21:44:28.0578 3540 iaStorV - ok
    21:44:28.0718 3540 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    21:44:28.0737 3540 idsvc - ok
    21:44:28.0778 3540 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    21:44:28.0787 3540 iirsp - ok
    21:44:28.0833 3540 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    21:44:28.0888 3540 IKEEXT - ok
    21:44:28.0956 3540 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    21:44:28.0964 3540 intelide - ok
    21:44:29.0229 3540 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    21:44:29.0244 3540 intelppm - ok
    21:44:29.0326 3540 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    21:44:29.0384 3540 IPBusEnum - ok
    21:44:29.0523 3540 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:44:29.0571 3540 IpFilterDriver - ok
    21:44:29.0603 3540 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    21:44:29.0612 3540 IPMIDRV - ok
    21:44:29.0635 3540 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    21:44:29.0668 3540 IPNAT - ok
    21:44:29.0743 3540 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
    21:44:29.0757 3540 iPod Service - ok
    21:44:29.0808 3540 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    21:44:29.0847 3540 IRENUM - ok
    21:44:29.0879 3540 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    21:44:29.0888 3540 isapnp - ok
    21:44:29.0921 3540 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    21:44:29.0933 3540 iScsiPrt - ok
    21:44:29.0958 3540 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    21:44:29.0967 3540 kbdclass - ok
    21:44:30.0016 3540 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    21:44:30.0035 3540 kbdhid - ok
    21:44:30.0052 3540 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    21:44:30.0061 3540 KeyIso - ok
    21:44:30.0133 3540 KProcessHacker2 (bd70833ae5b0a9190d9a9618609034e2) C:\Program Files\Process Hacker 2\kprocesshacker.sys
    21:44:30.0139 3540 KProcessHacker2 - ok
    21:44:30.0149 3540 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    21:44:30.0158 3540 KSecDD - ok
    21:44:30.0177 3540 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    21:44:30.0187 3540 KSecPkg - ok
    21:44:30.0193 3540 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    21:44:30.0228 3540 ksthunk - ok
    21:44:30.0257 3540 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    21:44:30.0298 3540 KtmRm - ok
    21:44:30.0333 3540 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
    21:44:30.0368 3540 LanmanServer - ok
    21:44:30.0385 3540 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    21:44:30.0411 3540 LanmanWorkstation - ok
    21:44:30.0416 3540 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    21:44:30.0440 3540 lltdio - ok
    21:44:30.0473 3540 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    21:44:30.0500 3540 lltdsvc - ok
    21:44:30.0530 3540 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    21:44:30.0553 3540 lmhosts - ok
    21:44:30.0576 3540 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    21:44:30.0585 3540 LSI_FC - ok
    21:44:30.0597 3540 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    21:44:30.0607 3540 LSI_SAS - ok
    21:44:30.0620 3540 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    21:44:30.0628 3540 LSI_SAS2 - ok
    21:44:30.0647 3540 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    21:44:30.0656 3540 LSI_SCSI - ok
    21:44:30.0676 3540 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    21:44:30.0715 3540 luafv - ok
    21:44:30.0737 3540 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
    21:44:30.0747 3540 mcdbus - ok
    21:44:30.0858 3540 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    21:44:30.0869 3540 Mcx2Svc - ok
    21:44:30.0881 3540 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    21:44:30.0890 3540 megasas - ok
    21:44:30.0905 3540 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    21:44:30.0916 3540 MegaSR - ok
    21:44:30.0951 3540 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\F6BC.tmp
    21:44:30.0954 3540 MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - warning
    21:44:30.0954 3540 MEMSWEEP2 - detected UnsignedFile.Multi.Generic (1)
    21:44:30.0971 3540 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    21:44:31.0031 3540 MMCSS - ok
    21:44:31.0080 3540 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    21:44:31.0124 3540 Modem - ok
    21:44:31.0126 3540 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    21:44:31.0146 3540 monitor - ok
    21:44:31.0193 3540 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    21:44:31.0202 3540 mouclass - ok
    21:44:31.0214 3540 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    21:44:31.0241 3540 mouhid - ok
    21:44:31.0344 3540 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    21:44:31.0356 3540 mountmgr - ok
    21:44:31.0391 3540 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    21:44:31.0401 3540 mpio - ok
    21:44:31.0416 3540 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    21:44:31.0440 3540 mpsdrv - ok
    21:44:31.0481 3540 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    21:44:31.0506 3540 MRxDAV - ok
    21:44:31.0535 3540 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:44:31.0564 3540 mrxsmb - ok
    21:44:31.0631 3540 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:44:31.0660 3540 mrxsmb10 - ok
    21:44:31.0691 3540 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:44:31.0713 3540 mrxsmb20 - ok
    21:44:31.0731 3540 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    21:44:31.0739 3540 msahci - ok
    21:44:31.0886 3540 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    21:44:31.0919 3540 msdsm - ok
    21:44:32.0048 3540 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    21:44:32.0084 3540 MSDTC - ok
    21:44:32.0098 3540 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    21:44:32.0123 3540 Msfs - ok
    21:44:32.0137 3540 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    21:44:32.0161 3540 mshidkmdf - ok
    21:44:32.0193 3540 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    21:44:32.0201 3540 msisadrv - ok
    21:44:32.0226 3540 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    21:44:32.0262 3540 MSiSCSI - ok
    21:44:32.0264 3540 msiserver - ok
    21:44:32.0287 3540 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    21:44:32.0311 3540 MSKSSRV - ok
    21:44:32.0322 3540 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    21:44:32.0365 3540 MSPCLOCK - ok
    21:44:32.0385 3540 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    21:44:32.0423 3540 MSPQM - ok
    21:44:32.0604 3540 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    21:44:32.0624 3540 MsRPC - ok
    21:44:32.0651 3540 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    21:44:32.0659 3540 mssmbios - ok
    21:44:32.0668 3540 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    21:44:32.0708 3540 MSTEE - ok
    21:44:32.0752 3540 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    21:44:32.0783 3540 MTConfig - ok
    21:44:32.0795 3540 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    21:44:32.0804 3540 Mup - ok
    21:44:32.0945 3540 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    21:44:32.0991 3540 napagent - ok
    21:44:33.0065 3540 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    21:44:33.0084 3540 NativeWifiP - ok
    21:44:33.0132 3540 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    21:44:33.0186 3540 NDIS - ok
    21:44:33.0224 3540 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    21:44:33.0256 3540 NdisCap - ok
    21:44:33.0291 3540 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    21:44:33.0314 3540 NdisTapi - ok
    21:44:33.0380 3540 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    21:44:33.0404 3540 Ndisuio - ok
    21:44:33.0438 3540 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    21:44:33.0466 3540 NdisWan - ok
    21:44:33.0500 3540 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    21:44:33.0524 3540 NDProxy - ok
    21:44:33.0555 3540 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
    21:44:33.0561 3540 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
    21:44:33.0561 3540 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
    21:44:33.0580 3540 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    21:44:33.0614 3540 NetBIOS - ok
    21:44:33.0650 3540 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    21:44:33.0708 3540 NetBT - ok
    21:44:33.0737 3540 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    21:44:33.0746 3540 Netlogon - ok
    21:44:33.0780 3540 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    21:44:33.0812 3540 Netman - ok
    21:44:33.0949 3540 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:44:33.0961 3540 NetMsmqActivator - ok
    21:44:33.0963 3540 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:44:33.0971 3540 NetPipeActivator - ok
    21:44:33.0999 3540 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    21:44:34.0029 3540 netprofm - ok
    21:44:34.0197 3540 netr28x (68cdb276a3009f0cf000c6352c1f72e7) C:\Windows\system32\DRIVERS\Dnetr28x.sys
    21:44:34.0275 3540 netr28x - ok
    21:44:34.0284 3540 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:44:34.0291 3540 NetTcpActivator - ok
    21:44:34.0292 3540 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:44:34.0300 3540 NetTcpPortSharing - ok
    21:44:34.0318 3540 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    21:44:34.0327 3540 nfrd960 - ok
    21:44:34.0362 3540 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    21:44:34.0403 3540 NlaSvc - ok
    21:44:34.0423 3540 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    21:44:34.0448 3540 Npfs - ok
    21:44:34.0456 3540 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    21:44:34.0494 3540 nsi - ok
    21:44:34.0497 3540 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    21:44:34.0522 3540 nsiproxy - ok
    21:44:34.0917 3540 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    21:44:35.0041 3540 Ntfs - ok
    21:44:35.0089 3540 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    21:44:35.0124 3540 Null - ok
    21:44:35.0161 3540 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    21:44:35.0171 3540 nvraid - ok
    21:44:35.0202 3540 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    21:44:35.0212 3540 nvstor - ok
    21:44:35.0322 3540 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    21:44:35.0346 3540 nv_agp - ok
    21:44:35.0655 3540 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    21:44:35.0693 3540 odserv - ok
    21:44:35.0776 3540 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    21:44:35.0826 3540 ohci1394 - ok
    21:44:35.0879 3540 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    21:44:35.0888 3540 ose - ok
    21:44:35.0910 3540 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    21:44:35.0929 3540 p2pimsvc - ok
    21:44:35.0964 3540 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    21:44:35.0978 3540 p2psvc - ok
    21:44:35.0997 3540 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    21:44:36.0006 3540 Parport - ok
    21:44:36.0043 3540 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
    21:44:36.0052 3540 partmgr - ok
    21:44:36.0065 3540 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    21:44:36.0093 3540 PcaSvc - ok
    21:44:36.0123 3540 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    21:44:36.0133 3540 pci - ok
    21:44:36.0148 3540 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    21:44:36.0156 3540 pciide - ok
    21:44:36.0180 3540 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    21:44:36.0191 3540 pcmcia - ok
    21:44:36.0207 3540 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    21:44:36.0214 3540 pcw - ok
    21:44:36.0415 3540 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    21:44:36.0489 3540 PEAUTH - ok
    21:44:36.0538 3540 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
    21:44:36.0589 3540 PeerDistSvc - ok
    21:44:36.0645 3540 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    21:44:36.0655 3540 PerfHost - ok
    21:44:36.0948 3540 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    21:44:37.0042 3540 pla - ok
    21:44:37.0099 3540 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    21:44:37.0142 3540 PlugPlay - ok
    21:44:37.0322 3540 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
    21:44:37.0363 3540 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
    21:44:37.0363 3540 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
    21:44:37.0401 3540 PnkBstrA - ok
    21:44:37.0420 3540 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    21:44:37.0441 3540 PNRPAutoReg - ok
    21:44:37.0469 3540 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    21:44:37.0480 3540 PNRPsvc - ok
    21:44:37.0516 3540 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    21:44:37.0555 3540 PolicyAgent - ok
    21:44:37.0704 3540 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    21:44:37.0750 3540 Power - ok
    21:44:37.0800 3540 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    21:44:37.0835 3540 PptpMiniport - ok
    21:44:37.0848 3540 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    21:44:37.0863 3540 Processor - ok
    21:44:37.0909 3540 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
    21:44:37.0946 3540 ProfSvc - ok
    21:44:37.0972 3540 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    21:44:37.0981 3540 ProtectedStorage - ok
    21:44:38.0017 3540 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    21:44:38.0051 3540 Psched - ok
    21:44:38.0109 3540 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    21:44:38.0144 3540 ql2300 - ok
    21:44:38.0583 3540 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    21:44:38.0613 3540 ql40xx - ok
    21:44:38.0653 3540 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    21:44:38.0668 3540 QWAVE - ok
    21:44:38.0704 3540 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    21:44:38.0724 3540 QWAVEdrv - ok
    21:44:38.0754 3540 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    21:44:38.0793 3540 RasAcd - ok
    21:44:38.0877 3540 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    21:44:38.0932 3540 RasAgileVpn - ok
    21:44:38.0952 3540 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    21:44:38.0986 3540 RasAuto - ok
    21:44:39.0138 3540 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:44:39.0183 3540 Rasl2tp - ok
    21:44:39.0572 3540 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    21:44:39.0619 3540 RasMan - ok
    21:44:39.0644 3540 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    21:44:39.0676 3540 RasPppoe - ok
    21:44:39.0696 3540 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    21:44:39.0733 3540 RasSstp - ok
    21:44:39.0916 3540 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    21:44:39.0963 3540 rdbss - ok
    21:44:39.0974 3540 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    21:44:39.0985 3540 rdpbus - ok
    21:44:39.0998 3540 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:44:40.0022 3540 RDPCDD - ok
    21:44:40.0063 3540 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
    21:44:40.0080 3540 RDPDR - ok
    21:44:40.0084 3540 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    21:44:40.0126 3540 RDPENCDD - ok
    21:44:40.0129 3540 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    21:44:40.0153 3540 RDPREFMP - ok
    21:44:40.0344 3540 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
    21:44:40.0412 3540 RDPWD - ok
    21:44:40.0459 3540 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    21:44:40.0470 3540 rdyboost - ok
    21:44:40.0500 3540 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    21:44:40.0533 3540 RemoteAccess - ok
    21:44:40.0675 3540 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    21:44:40.0715 3540 RemoteRegistry - ok
    21:44:40.0732 3540 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    21:44:40.0756 3540 RpcEptMapper - ok
    21:44:40.0775 3540 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    21:44:40.0797 3540 RpcLocator - ok
    21:44:41.0036 3540 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    21:44:41.0062 3540 RpcSs - ok
    21:44:41.0194 3540 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    21:44:41.0233 3540 rspndr - ok
    21:44:41.0293 3540 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
    21:44:41.0321 3540 RTL8167 - ok
    21:44:41.0365 3540 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
    21:44:41.0406 3540 s3cap - ok
    21:44:41.0441 3540 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    21:44:41.0449 3540 SamSs - ok
    21:44:41.0564 3540 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    21:44:41.0570 3540 SASDIFSV - ok
    21:44:41.0604 3540 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    21:44:41.0609 3540 SASKUTIL - ok
    21:44:41.0619 3540 SAVRKBootTasks - ok
    21:44:42.0596 3540 SBAMSvc (bce943896289a91ad75cc5652620b1c6) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
    21:44:42.0638 3540 SBAMSvc - ok
    21:44:43.0092 3540 sbapifs (6e342316e72f4b6fa39c99e06373a1a3) C:\Windows\system32\DRIVERS\sbapifs.sys
    21:44:43.0099 3540 sbapifs - ok
    21:44:43.0158 3540 SbFw (19954328dda3d656f8a879b3a46ffed6) C:\Windows\system32\drivers\SbFw.sys
    21:44:43.0166 3540 SbFw - ok
    21:44:43.0274 3540 SBFWIMCL (513b3bfcd3c465b9820c2d05fa94e630) C:\Windows\system32\DRIVERS\sbfwim.sys
    21:44:43.0281 3540 SBFWIMCL - ok
    21:44:43.0287 3540 SBFWIMCLMP (513b3bfcd3c465b9820c2d05fa94e630) C:\Windows\system32\DRIVERS\SBFWIM.sys
    21:44:43.0292 3540 SBFWIMCLMP - ok
    21:44:43.0326 3540 sbhips (b671eef468d13016b9286f5835a06ae1) C:\Windows\system32\drivers\sbhips.sys
    21:44:43.0332 3540 sbhips - ok
    21:44:43.0437 3540 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    21:44:43.0458 3540 sbp2port - ok
    21:44:43.0487 3540 SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys
    21:44:43.0493 3540 SBRE - ok
    21:44:43.0511 3540 sbwtis (eab54adcceca64b2f38cd859fb494895) C:\Windows\system32\DRIVERS\sbwtis.sys
    21:44:43.0517 3540 sbwtis - ok
    21:44:43.0542 3540 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    21:44:43.0605 3540 SCardSvr - ok
    21:44:43.0645 3540 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    21:44:43.0673 3540 scfilter - ok
    21:44:43.0786 3540 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    21:44:43.0838 3540 Schedule - ok
    21:44:43.0898 3540 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    21:44:43.0922 3540 SCPolicySvc - ok
    21:44:43.0962 3540 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    21:44:44.0002 3540 SDRSVC - ok
    21:44:44.0021 3540 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    21:44:44.0045 3540 secdrv - ok
    21:44:44.0081 3540 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    21:44:44.0121 3540 seclogon - ok
    21:44:44.0154 3540 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    21:44:44.0190 3540 SENS - ok
    21:44:44.0227 3540 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    21:44:44.0243 3540 SensrSvc - ok
    21:44:44.0246 3540 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    21:44:44.0264 3540 Serenum - ok
    21:44:44.0296 3540 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    21:44:44.0306 3540 Serial - ok
    21:44:44.0323 3540 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    21:44:44.0346 3540 sermouse - ok
    21:44:44.0378 3540 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    21:44:44.0403 3540 SessionEnv - ok
    21:44:44.0430 3540 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    21:44:44.0454 3540 sffdisk - ok
    21:44:44.0464 3540 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    21:44:44.0479 3540 sffp_mmc - ok
    21:44:44.0485 3540 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    21:44:44.0510 3540 sffp_sd - ok
    21:44:44.0522 3540 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    21:44:44.0531 3540 sfloppy - ok
    21:44:44.0578 3540 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    21:44:44.0614 3540 ShellHWDetection - ok
    21:44:44.0933 3540 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    21:44:44.0942 3540 SiSRaid2 - ok
    21:44:44.0992 3540 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    21:44:45.0000 3540 SiSRaid4 - ok
    21:44:45.0026 3540 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    21:44:45.0051 3540 Smb - ok
    21:44:45.0084 3540 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    21:44:45.0100 3540 SNMPTRAP - ok
    21:44:45.0157 3540 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    21:44:45.0165 3540 spldr - ok
    21:44:45.0211 3540 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    21:44:45.0240 3540 Spooler - ok
    21:44:45.0377 3540 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    21:44:45.0489 3540 sppsvc - ok
    21:44:45.0588 3540 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    21:44:45.0616 3540 sppuinotify - ok
    21:44:45.0666 3540 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    21:44:45.0716 3540 srv - ok
    21:44:45.0741 3540 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    21:44:45.0766 3540 srv2 - ok
    21:44:45.0787 3540 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    21:44:45.0806 3540 srvnet - ok
    21:44:45.0843 3540 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    21:44:45.0880 3540 SSDPSRV - ok
    21:44:45.0956 3540 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    21:44:45.0981 3540 SstpSvc - ok
    21:44:46.0009 3540 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    21:44:46.0027 3540 stexstor - ok
    21:44:46.0089 3540 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    21:44:46.0112 3540 stisvc - ok
    21:44:46.0144 3540 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
    21:44:46.0153 3540 storflt - ok
    21:44:46.0178 3540 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
    21:44:46.0206 3540 StorSvc - ok
    21:44:46.0218 3540 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
    21:44:46.0227 3540 storvsc - ok
    21:44:46.0249 3540 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    21:44:46.0256 3540 swenum - ok
    21:44:46.0294 3540 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    21:44:46.0332 3540 swprv - ok
    21:44:46.0406 3540 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    21:44:46.0491 3540 SysMain - ok
    21:44:46.0580 3540 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    21:44:46.0592 3540 TabletInputService - ok
    21:44:46.0635 3540 tap0901 (595cb8da5b522ad8cc28193dc21fd496) C:\Windows\system32\DRIVERS\tap0901.sys
    21:44:46.0667 3540 tap0901 - ok
    21:44:46.0703 3540 tap0901t (b08740047145b9bce15bf75ca0f9718a) C:\Windows\system32\DRIVERS\tap0901t.sys
    21:44:46.0727 3540 tap0901t - ok
    21:44:46.0768 3540 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    21:44:46.0811 3540 TapiSrv - ok
    21:44:46.0856 3540 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    21:44:46.0881 3540 TBS - ok
    21:44:46.0992 3540 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
    21:44:47.0071 3540 Tcpip - ok
    21:44:47.0179 3540 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
    21:44:47.0207 3540 TCPIP6 - ok
    21:44:47.0257 3540 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    21:44:47.0281 3540 tcpipreg - ok
    21:44:47.0293 3540 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    21:44:47.0313 3540 TDPIPE - ok
    21:44:47.0346 3540 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    21:44:47.0354 3540 TDTCP - ok
    21:44:47.0391 3540 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    21:44:47.0416 3540 tdx - ok
    21:44:47.0425 3540 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    21:44:47.0434 3540 TermDD - ok
    21:44:47.0488 3540 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    21:44:47.0543 3540 TermService - ok
    21:44:47.0565 3540 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    21:44:47.0577 3540 Themes - ok
    21:44:47.0603 3540 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    21:44:47.0627 3540 THREADORDER - ok
    21:44:47.0639 3540 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    21:44:47.0694 3540 TrkWks - ok
    21:44:47.0735 3540 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    21:44:47.0759 3540 TrustedInstaller - ok
    21:44:47.0796 3540 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:44:47.0820 3540 tssecsrv - ok
    21:44:47.0874 3540 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    21:44:47.0904 3540 TsUsbFlt - ok
    21:44:47.0941 3540 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    21:44:47.0964 3540 tunnel - ok
    21:44:48.0070 3540 TunngleService (7a34128510eeb13cf8583531c8fb081c) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
    21:44:48.0097 3540 TunngleService - ok
    21:44:48.0117 3540 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    21:44:48.0125 3540 uagp35 - ok
    21:44:48.0146 3540 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    21:44:48.0192 3540 udfs - ok
    21:44:48.0215 3540 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    21:44:48.0225 3540 UI0Detect - ok
    21:44:48.0242 3540 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    21:44:48.0250 3540 uliagpkx - ok
    21:44:48.0278 3540 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    21:44:48.0297 3540 umbus - ok
    21:44:48.0317 3540 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    21:44:48.0326 3540 UmPass - ok
    21:44:48.0352 3540 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
    21:44:48.0368 3540 UmRdpService - ok
    21:44:48.0434 3540 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    21:44:48.0506 3540 upnphost - ok
    21:44:48.0958 3540 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    21:44:49.0015 3540 USBAAPL64 - ok
    21:44:49.0116 3540 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    21:44:49.0156 3540 usbaudio - ok
    21:44:49.0187 3540 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    21:44:49.0204 3540 usbccgp - ok
    21:44:49.0247 3540 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    21:44:49.0266 3540 usbcir - ok
    21:44:49.0299 3540 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    21:44:49.0308 3540 usbehci - ok
    21:44:49.0328 3540 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    21:44:49.0362 3540 usbhub - ok
    21:44:49.0378 3540 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    21:44:49.0386 3540 usbohci - ok
    21:44:49.0400 3540 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    21:44:49.0411 3540 usbprint - ok
    21:44:49.0458 3540 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    21:44:49.0482 3540 usbscan - ok
    21:44:49.0521 3540 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    21:44:49.0541 3540 USBSTOR - ok
    21:44:49.0549 3540 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
    21:44:49.0562 3540 usbuhci - ok
    21:44:49.0573 3540 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    21:44:49.0598 3540 UxSms - ok
    21:44:49.0636 3540 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    21:44:49.0645 3540 VaultSvc - ok
    21:44:49.0701 3540 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    21:44:49.0709 3540 vdrvroot - ok
    21:44:49.0756 3540 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    21:44:49.0786 3540 vds - ok
    21:44:49.0806 3540 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    21:44:49.0817 3540 vga - ok
    21:44:49.0820 3540 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    21:44:49.0854 3540 VgaSave - ok
    21:44:49.0902 3540 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    21:44:49.0914 3540 vhdmp - ok
    21:44:49.0925 3540 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    21:44:49.0934 3540 viaide - ok
    21:44:50.0085 3540 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
    21:44:50.0096 3540 vmbus - ok
    21:44:50.0309 3540 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
    21:44:50.0366 3540 VMBusHID - ok
    21:44:50.0582 3540 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    21:44:50.0590 3540 volmgr - ok
    21:44:50.0635 3540 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    21:44:50.0648 3540 volmgrx - ok
    21:44:50.0666 3540 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    21:44:50.0679 3540 volsnap - ok
    21:44:50.0716 3540 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    21:44:50.0726 3540 vsmraid - ok
    21:44:50.0824 3540 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    21:44:50.0876 3540 VSS - ok
    21:44:50.0958 3540 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    21:44:50.0978 3540 vwifibus - ok
    21:44:50.0984 3540 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    21:44:51.0013 3540 vwififlt - ok
    21:44:51.0048 3540 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    21:44:51.0077 3540 W32Time - ok
    21:44:51.0094 3540 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    21:44:51.0103 3540 WacomPen - ok
    21:44:51.0125 3540 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    21:44:51.0162 3540 WANARP - ok
    21:44:51.0164 3540 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    21:44:51.0187 3540 Wanarpv6 - ok
    21:44:51.0362 3540 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    21:44:51.0387 3540 WatAdminSvc - ok
    21:44:51.0641 3540 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    21:44:51.0718 3540 wbengine - ok
    21:44:51.0764 3540 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    21:44:51.0778 3540 WbioSrvc - ok
    21:44:52.0109 3540 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    21:44:52.0144 3540 wcncsvc - ok
    21:44:52.0148 3540 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    21:44:52.0171 3540 WcsPlugInService - ok
    21:44:52.0193 3540 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    21:44:52.0202 3540 Wd - ok
    21:44:52.0355 3540 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
    21:44:52.0380 3540 WDC_SAM - ok
    21:44:52.0444 3540 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    21:44:52.0460 3540 Wdf01000 - ok
    21:44:52.0487 3540 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    21:44:52.0564 3540 WdiServiceHost - ok
    21:44:52.0566 3540 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    21:44:52.0579 3540 WdiSystemHost - ok
    21:44:52.0615 3540 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    21:44:52.0639 3540 WebClient - ok
    21:44:52.0655 3540 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    21:44:52.0692 3540 Wecsvc - ok
    21:44:52.0708 3540 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    21:44:52.0751 3540 wercplsupport - ok
    21:44:52.0782 3540 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    21:44:52.0817 3540 WerSvc - ok
    21:44:52.0834 3540 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    21:44:52.0858 3540 WfpLwf - ok
    21:44:52.0870 3540 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    21:44:52.0881 3540 WIMMount - ok
    21:44:52.0888 3540 WinHttpAutoProxySvc - ok
    21:44:52.0940 3540 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    21:44:53.0027 3540 Winmgmt - ok
    21:44:53.0117 3540 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    21:44:53.0219 3540 WinRM - ok
    21:44:53.0371 3540 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    21:44:53.0381 3540 WinUsb - ok
    21:44:53.0424 3540 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    21:44:53.0473 3540 Wlansvc - ok
    21:44:53.0647 3540 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    21:44:53.0689 3540 wlidsvc - ok
    21:44:53.0899 3540 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    21:44:53.0939 3540 WmiAcpi - ok
    21:44:53.0963 3540 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    21:44:53.0991 3540 wmiApSrv - ok
    21:44:54.0004 3540 WMPNetworkSvc - ok
    21:44:54.0057 3540 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    21:44:54.0084 3540 WPCSvc - ok
    21:44:54.0124 3540 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    21:44:54.0134 3540 WPDBusEnum - ok
    21:44:54.0178 3540 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    21:44:54.0202 3540 ws2ifsl - ok
    21:44:54.0204 3540 WSearch - ok
    21:44:54.0575 3540 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    21:44:54.0677 3540 wuauserv - ok
    21:44:54.0894 3540 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    21:44:54.0985 3540 WudfPf - ok
    21:44:55.0015 3540 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    21:44:55.0049 3540 WUDFRd - ok
    21:44:55.0110 3540 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    21:44:55.0134 3540 wudfsvc - ok
    21:44:55.0159 3540 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    21:44:55.0182 3540 WwanSvc - ok
    21:44:55.0221 3540 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    21:44:55.0951 3540 \Device\Harddisk0\DR0 - ok
    21:44:55.0953 3540 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
    21:44:56.0073 3540 \Device\Harddisk1\DR1 ( TDSS File System ) - warning
    21:44:56.0073 3540 \Device\Harddisk1\DR1 - detected TDSS File System (1)
    21:44:56.0075 3540 Boot (0x1200) (d42eb5b6f4ec3d63630293a0b847abcb) \Device\Harddisk0\DR0\Partition0
    21:44:56.0076 3540 \Device\Harddisk0\DR0\Partition0 - ok
    21:44:56.0092 3540 Boot (0x1200) (ef7b51b83b217dd470bd2bad211d5ec8) \Device\Harddisk0\DR0\Partition1
    21:44:56.0092 3540 \Device\Harddisk0\DR0\Partition1 - ok
    21:44:56.0095 3540 Boot (0x1200) (2e94c917a1b6673a28376dce2cc8688c) \Device\Harddisk1\DR1\Partition0
    21:44:56.0096 3540 \Device\Harddisk1\DR1\Partition0 - ok
    21:44:56.0096 3540 ============================================================
    21:44:56.0096 3540 Scan finished
    21:44:56.0096 3540 ============================================================
    21:44:56.0101 3388 Detected object count: 6
    21:44:56.0101 3388 Actual detected object count: 6
    21:45:13.0190 3388 C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe - copied to quarantine
    21:45:13.0196 3388 HKLM\SYSTEM\ControlSet001\services\HiPatchService - will be deleted on reboot
    21:45:13.0243 3388 HKLM\SYSTEM\ControlSet002\services\HiPatchService - will be deleted on reboot
    21:45:13.0436 3388 C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe - will be deleted on reboot
    21:45:13.0436 3388 HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Delete
    21:45:13.0571 3388 C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL - copied to quarantine
    21:45:13.0572 3388 HKLM\SYSTEM\ControlSet001\services\HPSLPSVC - will be deleted on reboot
    21:45:13.0583 3388 HKLM\SYSTEM\ControlSet002\services\HPSLPSVC - will be deleted on reboot
    21:45:13.0587 3388 C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL - will be deleted on reboot
    21:45:13.0587 3388 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Delete
    21:45:13.0629 3388 C:\Windows\system32\F6BC.tmp - copied to quarantine
    21:45:13.0630 3388 HKLM\SYSTEM\ControlSet001\services\MEMSWEEP2 - will be deleted on reboot
    21:45:13.0630 3388 HKLM\SYSTEM\ControlSet002\services\MEMSWEEP2 - will be deleted on reboot
    21:45:13.0635 3388 C:\Windows\system32\F6BC.tmp - will be deleted on reboot
    21:45:13.0635 3388 MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - User select action: Delete
    21:45:13.0672 3388 C:\Windows\system32\HPZinw12.dll - copied to quarantine
    21:45:13.0673 3388 HKLM\SYSTEM\ControlSet001\services\Net Driver HPZ12 - will be deleted on reboot
    21:45:13.0673 3388 HKLM\SYSTEM\ControlSet002\services\Net Driver HPZ12 - will be deleted on reboot
    21:45:13.0677 3388 C:\Windows\system32\HPZinw12.dll - will be deleted on reboot
    21:45:13.0677 3388 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Delete
    21:45:13.0687 3388 C:\Windows\system32\HPZipm12.dll - copied to quarantine
    21:45:13.0688 3388 HKLM\SYSTEM\ControlSet001\services\Pml Driver HPZ12 - will be deleted on reboot
    21:45:13.0688 3388 HKLM\SYSTEM\ControlSet002\services\Pml Driver HPZ12 - will be deleted on reboot
    21:45:13.0692 3388 C:\Windows\system32\HPZipm12.dll - will be deleted on reboot
    21:45:13.0692 3388 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Delete
    21:45:13.0713 3388 \Device\Harddisk1\DR1\TDLFS\config.ini - copied to quarantine
    21:45:13.0717 3388 \Device\Harddisk1\DR1\TDLFS\tdl - copied to quarantine
    21:45:13.0718 3388 \Device\Harddisk1\DR1\TDLFS\rsrc.dat - copied to quarantine
    21:45:13.0719 3388 \Device\Harddisk1\DR1\TDLFS\bckfg.tmp - copied to quarantine
    21:45:13.0724 3388 \Device\Harddisk1\DR1\TDLFS\tdlcmd.dll - copied to quarantine
    21:45:13.0725 3388 \Device\Harddisk1\DR1\TDLFS\keywords - copied to quarantine
    21:45:13.0725 3388 \Device\Harddisk1\DR1\TDLFS - deleted
    21:45:13.0725 3388 \Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Delete
    21:45:18.0969 4076 Deinitialize success


    Thanks again for getting back so quickly!
     
  7. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,852
    that looks a lot better
    how is it now
    are you still getting any redirects or strange sounds or has all that cleared up
     
  8. leechtime

    leechtime Thread Starter

    Joined:
    Jun 19, 2012
    Messages:
    9
    Hi again. Still getting errors.

    Booted up today and left it for a few minutes and came back to lots of sounds (the same ones I've been hearing) playing over and over.

    Tried google and I still get redirects.

    Any other ideas would be very much appreciated.
     
  9. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,852
    OK do you have your Vista/W7 install dvd as we need to replace the infected MBR from the PE recovery environment
    If you don't then hopefully, you will have the recovery environment pre-installed by the computer manufacturer

    this shows you how to boot to recovery environment
    http://windows.microsoft.com/en-US/windows-vista/What-happened-to-the-Recovery-Console
    once in RE
    select the command (CMD) option
    when the black screen opens type bootrec /fixmbr < press enter>
    once that has completed & you get a MBR replaced message, type exit <press enter> and that should reboot you into windows
     
  10. leechtime

    leechtime Thread Starter

    Joined:
    Jun 19, 2012
    Messages:
    9
    Hi, I'm not certain but I think I did what you recommended.

    I got to a CMD prompt within the repair windows section.
    I typed bootrec /fixmbr and it said instantly that the operation was completed successfuly.

    I still have the same problems though. I think maybe it didn't replace the infected stuff, probably because I did something wrong ;)
     
  11. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,852
    do you have the windows DVD as this normally fixes better from outside windows rather than using teh inbuilt RE console
    but you probably didn't follow instaructions properly
    when you last ran TDSSkiller, you still didn't folow the correct instructions & fixed everythinmg, which menas that you will have to reinstall all your printer drivers & software as they have been removed by tdsskiller
    I told you to fix the tdss infection only & skip the unsigned multi-file entries

    if you don't follow the instructions fully, it makes it very hard to help you
     
  12. leechtime

    leechtime Thread Starter

    Joined:
    Jun 19, 2012
    Messages:
    9
    Thanks for the reply. You're right I probably did it wrong. As for the old drivers that's not a worry to me for now.

    I am having trouble understanding the instructions for the latest step you gave me.

    Don't know what MBR or PE mean sorry.

    This info makes sense as to what I do when I boot with the install disk. But..

    I don't ever come across anything called a Recovery Environment.

    There is a CMD promt I can get to and I use the cmd you instructed but apart from that I don't know if it's right or wrong. I'm sure it's quite simple but I don't know if it's done anything.

    Really appreciate your patience in helping me out.

    It is worth mentioning I have another HDD in the computer which has windows installed on it, it might be fixing the wrong version of windows but I don't know how or why it would do that one.
     
  13. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,852
  14. leechtime

    leechtime Thread Starter

    Joined:
    Jun 19, 2012
    Messages:
    9
    Hello again! Thanks for getting back to me.

    I've definately done it as the instructions say and not with standard cmd prompt, since I can't take screenshots I just wrote down all the possible things that happened when I went through, hopefully you can see what the problem is.

    Using the Install Disk:
    It loads the files (black screen with the grey progress bar) i click next when it comes up Install Windows and underneath the install button that comes up I click "repair your computer".
    It says "Searching for Windows installations" and two come up.
    Windows 7 Professional (recovered) (C:) and the other is Windows 7 (E:)
    The (C:) drive is the new drive with the windows I am using installed. (E:) still has an older version of it installed.
    If I pick (E:) and go on the command promt that says "X:\Sources>"and I type in as you say 'bootrec /fixmbr' without the 's, it works. For (C:) it comes up "This version of System Recovery Option is not compatible with your version of ... etc etc" So somehow the Windows 7 (x64) disk is the wrong one.

    Inbuilt Recovery:
    If I use the inbuilt recovery it says "Choose a recovery tool" and underneath "Operating System: Windows 7 on (E:) Local Disk" and there is no (C:) drive listed.

    Normal Boot:
    Normal boots asks me to choose an operating system (the one on C: or E:) which it didn't before (probably because it's repaired the old one). If I choose the new one (C:) it and try to boot up it crashes and restarts. And up where it will say for the (E:) drive to use the inbuilt repair it says instead "Windows failed to start. A recent hardware or software change might be the cause ie. use a disk yo!"

    I think (and could be wrong) that if I disconnect this old (E:) drive it might help because it seems to be getting in the way. Any insight from you would be really awesome thanks again for all your help.
     
  15. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,852
    it might be getting confused with 2 drives in, but shouldn't do

    try it with just one disc in & see what happens & whether it will bott or not
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1057773