Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Unwanted audio starts when IE is opened and then it doesn't stop [

Started by robkbriggs , Nov 04 2012 02:24 PM

This topic is locked

#1
robkbriggs

Posted 04 November 2012 - 02:24 PM

Member

Member
152 posts

Hello,
I had a friend call me last week and say that she wanted me to take a look at the laptop her kids use. When she brought it to me, she said that it had become really slow lately, and that there was sound coming from it any time you opened IE(9) and that even if you closed it the audio kept on going. According to her, the kids (Girls, 6 and 4) don't use it for anything other than watching videos on Youtube, and she did not know of any recent changes, or how it might have happened. She said that it had been giong on a month or so she thought.

I now have it at my house and am looking to get it cleaned up. The audio sounds like some sort of Access Hollywood or other type of news program, I haven't caught the name yet. Once that plays for a little while, I start to hear my local (New Mexico) political ads that are on cable every day. If you leave it on long enough, you hear some music videos, but I still haven't been able to catch the name of any station or program, etc. Mostly it's just commercials.

I have ran a couple of MBAM scans, and deleted the entries it told me to, but this was before I found this site. They are running Microsoft Security Essentials as AV, and before I ran the MBAM scans, it wouldn't let the service for MSE start. I downloaded and reinstalled MSE, and it seems to be running and updating fine, but the problem with the audio remains. Since I have found this site, I have downloaded OTL and I am currently running a scan with it. Two things that I noticed that were peculiar, but I don't know if they pertain to the malware infection are that it looks like they have windows automatic updates enabled, but it has not had windows upadates installed since July 25 2012. I have also noticed thatthe Adminstrative tools are all gone. The machine is a Toshiba laptop, running Windows 7 Home Premium, SP1. I'm not sure what else I can provide, but I will try to answer questions.

Edit: I forgot to add that I created a new account on the machine for myself. I don't know if it is adviseable, but I generally do this whe I'm working on other peoples machines, so that I try to stay out of their profile. Also, the OTL scan has finished, so I have attached the OTL.txt file.

Attached Files

OTL.Txt 80.3KB 74 downloads

Edited by robkbriggs, 04 November 2012 - 02:34 PM.

#2
gringo_pr

Posted 04 November 2012 - 07:40 PM

Trusted Helper

Malware Removal
7,268 posts

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

Please do not run any tools unless instructed to do so.
- We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Please do not attach logs or use code boxes, just copy and paste the text.
- Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
Please read every post completely before doing anything.
- Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
Please provide feedback about your experience as we go.
- A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

Download Security Check by screen317 from here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

Download & SAVE to your Desktop RogueKiller or from here
Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller+

Gringo

#3
robkbriggs

Posted 04 November 2012 - 08:21 PM

Member

Topic Starter
Member
152 posts

Gringo,
First of all, Thank You for taking on this topic. I am currently in the process of copying the users files on to an external hard drive. When I am done, I will update this post with the results of the three tools. I am currently posting from my PC, and keeping the affected laptop offline. If this is not a preferrable way to do this, please let me know, and I will post directly from the laptop.

#4
gringo_pr

Posted 04 November 2012 - 08:42 PM

Trusted Helper

Malware Removal
7,268 posts

Hello

I do not see that as a problem but it may mean more work for you and some of our tools also need to access the net to download extra files - in the long run if the computer connects to the net it is best to let it

gringo

#5
robkbriggs

Posted 04 November 2012 - 09:08 PM

Member

Topic Starter
Member
152 posts

Here are the results form the tools you asked me to run.

Security Check

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Norton Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 14
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 12% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

AdwCleaner

# AdwCleaner v2.006 - Logfile created 11/04/2012 at 18:54:55
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Rob - TOMBRANTLEY-PC
# Boot Mode : Normal
# Running from : C:\Users\Rob\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Tom Brantley\AppData\Local\Temp\boost_interprocess

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [1034 octets] - [04/11/2012 18:54:55]

########## EOF - C:\AdwCleaner[S1].txt - [1094 octets] ##########

RogueKiller

RogueKiller V8.2.2 [11/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Rob [Admin rights]
Mode : Remove -- Date : 11/04/2012 19:02:53

¤¤¤ Bad processes : 1 ¤¤¤
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 7 ¤¤¤
[TASK][SUSP PATH] {7C68746F-06E5-4BFF-B542-89FBB2676710} : C:\windows\system32\pcalua.exe -a "C:\Users\Tom Brantley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0CY923MX\LeapFrogConnectSetup_LeapPadExplorer[1].exe" -d "C:\Users\Tom Brantley\Desktop" -> DELETED
[TASK][SUSP PATH] {EA746011-A09A-408F-87C5-C5AE4FF39C4C} : C:\windows\system32\pcalua.exe -a "C:\Users\Tom Brantley\Desktop\LeapFrogConnectSetup_LeapPadExplorer.exe" -d "C:\Users\Tom Brantley\Desktop" -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[SHELLSPWN] HKUS\.DEFAULT[...]\command : ("C:\ProgramData\pcdfdata\enorcsmaxw.exe" /ex "%1" %*) -> REPLACED ("%1" %*)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] ROOT : C:\windows\Installer\{b6882914-af0c-dbf4-4a4b-7d1a9db4c23a}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\windows\Installer\{b6882914-af0c-dbf4-4a4b-7d1a9db4c23a}\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\windows\Installer\{b6882914-af0c-dbf4-4a4b-7d1a9db4c23a}\L\201d3dde --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\windows\Installer\{b6882914-af0c-dbf4-4a4b-7d1a9db4c23a}\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$b6882914af0cdbf44a4b7d1a9db4c23a\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$b6882914af0cdbf44a4b7d1a9db4c23a\L --> REMOVED
[Susp.ASLR][FILE] services.exe : C:\windows\system32\services.exe --> REPLACED AT REBOOT (C:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe)

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5055GSX +++++
--- User ---
[MBR] 0e5bbbeb2cffc0b9391dc994acedf859
[BSP] b5833d5a0920cae56d823e6c9c7edaa6 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 464820 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 955025408 | Size: 10616 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] 578797112a29c6d68f290a6cd497d862
[BSP] 22bb06d7f2e7d1a6b84bac7488df4e4c : PiHar MBR Code!
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 464820 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 955025408 | Size: 10616 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] 578797112a29c6d68f290a6cd497d862
[BSP] 22bb06d7f2e7d1a6b84bac7488df4e4c : PiHar MBR Code!
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 464820 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 955025408 | Size: 10616 Mo

Finished : << RKreport[2]_D_11042012_02d1902.txt >>
RKreport[1]_S_11042012_02d1857.txt ; RKreport[2]_D_11042012_02d1902.txt

#6
gringo_pr

Posted 04 November 2012 - 09:58 PM

Trusted Helper

Malware Removal
7,268 posts

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

#7
robkbriggs

Posted 05 November 2012 - 07:16 PM

Member

Topic Starter
Member
152 posts

I attempted to run ComboFix, but I got a BSOD at some point after the scan started. Upon the PC automatically restarting, there was no report from ComboFix. Would you like me to run it again?

Here are the parameters from the bluescreen

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 1e
BCP1: FFFFFFFFC0000005
BCP2: FFFFF80002EBBF6B
BCP3: 0000000000000000
BCP4: 000000007EFA0000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

#8
gringo_pr

Posted 05 November 2012 - 07:18 PM

Trusted Helper

Malware Removal
7,268 posts

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo

#9
robkbriggs

Posted 05 November 2012 - 08:31 PM

Member

Topic Starter
Member
152 posts

Hello,

I was able to run ComboFix to completion in Safe Mode, however, the program never asked for or initiated a reboot. Here is the log file.

ComboFix 12-11-05.03 - Rob 11/05/2012 19:01:30.2.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4059.3228 [GMT -7:00]
Running from: c:\users\Rob\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\PC Defender Plus
c:\programdata\Microsoft\Windows\Start Menu\Programs\PC Defender Plus\PC Defender Plus Help and Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\PC Defender Plus\PC Defender Plus.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\PC Defender Plus\Remove PC Defender Plus.lnk
c:\users\Tom Brantley\AppData\Roaming\B5DB8C69.reg
c:\users\Tom Brantley\AppData\Roaming\System Smart Security
c:\windows\svchost.exe
c:\windows\SysWow64\config\systemprofile\dzkfpcrvlgppzdvhfvuiaesr.exe
c:\windows\SysWow64\config\systemprofile\kumopytjfhd.exe
c:\windows\SysWow64\config\systemprofile\tiijuefmni.exe
c:\windows\SysWow64\config\systemprofile\viabmhhattppfukegei.exe
c:\windows\SysWow64\config\systemprofile\vszwghnosabhkeivgq.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-06 to 2012-11-06 )))))))))))))))))))))))))))))))
.
.
2012-11-06 02:15 . 2012-11-06 02:15 -------- d-----w- c:\users\Tom Brantley\AppData\Local\temp
2012-11-06 02:15 . 2012-11-06 02:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-06 01:56 . 2012-11-06 01:56 -------- d-----w- c:\windows\system32\MpEngineStore
2012-11-06 01:20 . 2012-10-17 08:31 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1276CDC4-7F31-4733-9975-0B65E37A2B56}\mpengine.dll
2012-11-05 00:44 . 2012-11-05 00:44 -------- d-----w- c:\windows\Microsoft Antimalware
2012-11-04 22:15 . 2012-11-04 22:15 -------- d-----w- c:\users\Tom Brantley\AppData\Roaming\Malwarebytes
2012-11-04 03:44 . 2012-11-04 03:44 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-11-04 02:45 . 2012-11-04 03:57 -------- d-----w- c:\programdata\pcdfdata
2012-11-04 02:40 . 2012-11-04 02:40 -------- d-----w- c:\programdata\Malwarebytes
2012-11-04 02:40 . 2012-11-04 02:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-04 02:40 . 2012-09-30 01:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-04 02:37 . 2012-10-17 08:31 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-04 02:23 . 2012-11-04 02:24 -------- d-----w- c:\windows\Temp43C67ABC-E81F-8C13-B95D-1AA08C538D9B-Signatures
2012-11-04 02:14 . 2012-11-04 02:15 -------- d-----w- c:\users\Rob
2012-11-03 23:46 . 2012-11-04 00:52 -------- d-----w- c:\users\Admin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-04 19:03 . 2010-06-23 20:54 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-11-04 03:45 . 2012-05-17 13:23 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-04 03:45 . 2011-12-27 15:12 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-31 04:03 . 2012-08-31 04:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 04:03 . 2011-04-27 22:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-20 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [2010-11-23 953904]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys [2010-02-26 615040]
R1 dwaqoify;dwaqoify;c:\windows\system32\drivers\dwaqoify.sys [x]
R1 evhgqgzl;evhgqgzl;c:\windows\system32\drivers\evhgqgzl.sys [x]
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110223.001\IDSvia64.sys [2010-12-01 476792]
R1 ihihllmr;ihihllmr;c:\windows\system32\drivers\ihihllmr.sys [x]
R1 PMCF;PMCF;c:\windows\system32\drivers\PMCF.sys [2009-10-01 16528]
R1 slraiubz;slraiubz;c:\windows\system32\drivers\slraiubz.sys [x]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS [2010-04-29 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1108000.005\SYMTDIV.SYS [2010-05-06 451120]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
R2 gupdate1cab43fda26aa46;Google Update Service (gupdate1cab43fda26aa46);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 133104]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe [2010-02-26 126392]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\rselect\RSelSvc.exe [2009-07-07 65904]
R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [2011-11-12 40320]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-27 1103904]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-22 1255736]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS [2009-08-30 433200]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS [2010-04-22 221232]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-30 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-29 81408]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-05 55808]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 03:45]
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 04:22]
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 04:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-24 8081952]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-07-22 312832]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 709976]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Toolbar-Locked - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-05 19:20:23
ComboFix-quarantined-files.txt 2012-11-06 02:20
.
Pre-Run: 408,562,597,888 bytes free
Post-Run: 411,631,034,368 bytes free
.
- - End Of File - - DFE2D247CA881FFE1BD4F00952BD44A3

Would you like me to go ahead and reboot the machine into safe mode again?

Thanks,

Rob

#10
gringo_pr

Posted 05 November 2012 - 08:37 PM

Trusted Helper

Malware Removal
7,268 posts

reboot the computer and see about going into normal mode and then check things out and let me know how they are doing

gringo

#11
robkbriggs

Posted 05 November 2012 - 08:42 PM

Member

Topic Starter
Member
152 posts

Gringo,

I will do that and report back.

Thanks,

Rob

#12
gringo_pr

Posted 05 November 2012 - 08:46 PM

Trusted Helper

Malware Removal
7,268 posts

#13
robkbriggs

Posted 06 November 2012 - 09:59 AM

Member

Topic Starter
Member
152 posts

Hello,

Gringo, I'm sorry to report that the problem still seems to be happening.

One thing that I have noticed, in the task manager there is a process with the image name svchost.exe *32 and the description winrscmde that runs when this problem is happening. The CPU usage on this process stays between 50 and 98 percent, and the memory usage generally is between 500,000 and 800,000 k while the problem is happening. If I kill that process, the audio quits, and the process reappears, but at a much lower CPU and memory usage.

#14
gringo_pr

Posted 06 November 2012 - 10:28 AM

Trusted Helper

Malware Removal
7,268 posts

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

#15
robkbriggs

Posted 06 November 2012 - 12:59 PM

Member

Topic Starter
Member
152 posts

Helllo,

I ran tdskiller and followed the instructions. It asked to reboot the PC, and upon reboot, tdskiller started again, so I just let it run again.

Here is the first log

11:26:44.0413 6244 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:26:44.0811 6244 ============================================================
11:26:44.0811 6244 Current date / time: 2012/11/06 11:26:44.0811
11:26:44.0811 6244 SystemInfo:
11:26:44.0811 6244
11:26:44.0811 6244 OS Version: 6.1.7601 ServicePack: 1.0
11:26:44.0811 6244 Product type: Workstation
11:26:44.0812 6244 ComputerName: TOMBRANTLEY-PC
11:26:44.0812 6244 UserName: Tom Brantley
11:26:44.0812 6244 Windows directory: C:\windows
11:26:44.0812 6244 System windows directory: C:\windows
11:26:44.0812 6244 Running under WOW64
11:26:44.0812 6244 Processor architecture: Intel x64
11:26:44.0812 6244 Number of processors: 2
11:26:44.0812 6244 Page size: 0x1000
11:26:44.0812 6244 Boot type: Normal boot
11:26:44.0812 6244 ============================================================
11:26:58.0426 6244 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:26:58.0459 6244 ============================================================
11:26:58.0459 6244 \Device\Harddisk0\DR0:
11:26:58.0462 6244 MBR partitions:
11:26:58.0462 6244 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38BDA000
11:26:58.0462 6244 ============================================================
11:26:58.0599 6244 C: <-> \Device\Harddisk0\DR0\Partition1
11:26:58.0939 6244 ============================================================
11:26:58.0940 6244 Initialize success
11:26:58.0940 6244 ============================================================
11:27:02.0500 7644 ============================================================
11:27:02.0500 7644 Scan started
11:27:02.0500 7644 Mode: Manual;
11:27:02.0500 7644 ============================================================
11:28:04.0839 7644 ================ Scan system memory ========================
11:28:04.0839 7644 System memory - ok
11:28:04.0843 7644 ================ Scan services =============================
11:28:05.0635 7644 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
11:28:05.0735 7644 1394ohci - ok
11:28:05.0967 7644 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
11:28:06.0067 7644 ACPI - ok
11:28:06.0270 7644 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
11:28:06.0322 7644 AcpiPmi - ok
11:28:06.0931 7644 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:28:07.0021 7644 AdobeFlashPlayerUpdateSvc - ok
11:28:07.0307 7644 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
11:28:07.0408 7644 adp94xx - ok
11:28:07.0534 7644 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
11:28:07.0613 7644 adpahci - ok
11:28:07.0777 7644 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
11:28:07.0867 7644 adpu320 - ok
11:28:07.0923 7644 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
11:28:08.0024 7644 AeLookupSvc - ok
11:28:08.0451 7644 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
11:28:08.0566 7644 AFD - ok
11:28:08.0775 7644 [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
11:28:08.0784 7644 AgereModemAudio - ok
11:28:08.0974 7644 [ C98356D813B581E9C425B42A5D146CE0 ] AgereSoftModem C:\windows\system32\DRIVERS\agrsm64.sys
11:28:09.0133 7644 AgereSoftModem - ok
11:28:09.0327 7644 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
11:28:09.0427 7644 agp440 - ok
11:28:09.0568 7644 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
11:28:09.0640 7644 ALG - ok
11:28:10.0037 7644 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
11:28:10.0148 7644 aliide - ok
11:28:10.0303 7644 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
11:28:10.0392 7644 amdide - ok
11:28:10.0656 7644 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
11:28:10.0660 7644 AmdK8 - ok
11:28:10.0759 7644 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
11:28:10.0795 7644 AmdPPM - ok
11:28:10.0854 7644 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
11:28:10.0856 7644 amdsata - ok
11:28:11.0107 7644 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
11:28:11.0176 7644 amdsbs - ok
11:28:11.0229 7644 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
11:28:11.0230 7644 amdxata - ok
11:28:11.0298 7644 [ 1661F9C9E4B0049FA0A5E30264375A87 ] ApfiltrService C:\windows\system32\DRIVERS\Apfiltr.sys
11:28:11.0304 7644 ApfiltrService - ok
11:28:11.0347 7644 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
11:28:11.0363 7644 AppID - ok
11:28:11.0488 7644 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
11:28:11.0590 7644 AppIDSvc - ok
11:28:11.0999 7644 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
11:28:12.0105 7644 Appinfo - ok
11:28:12.0432 7644 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:28:12.0480 7644 Apple Mobile Device - ok
11:28:12.0640 7644 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
11:28:12.0642 7644 arc - ok
11:28:12.0678 7644 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
11:28:12.0680 7644 arcsas - ok
11:28:12.0716 7644 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
11:28:12.0717 7644 AsyncMac - ok
11:28:12.0855 7644 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
11:28:12.0863 7644 atapi - ok
11:28:13.0237 7644 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\windows\system32\DRIVERS\athrx.sys
11:28:13.0316 7644 athr - ok
11:28:13.0619 7644 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
11:28:13.0686 7644 AudioEndpointBuilder - ok
11:28:13.0785 7644 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
11:28:13.0790 7644 AudioSrv - ok
11:28:14.0419 7644 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
11:28:14.0542 7644 AxInstSV - ok
11:28:14.0660 7644 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
11:28:14.0670 7644 b06bdrv - ok
11:28:15.0179 7644 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
11:28:15.0183 7644 b57nd60a - ok
11:28:15.0318 7644 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
11:28:15.0361 7644 BDESVC - ok
11:28:15.0750 7644 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
11:28:15.0884 7644 Beep - ok
11:28:16.0102 7644 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
11:28:16.0170 7644 BFE - ok
11:28:17.0383 7644 [ 446B2C459A7D11CD71350235D6977E2A ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101123.003\BHDrvx64.sys
11:28:17.0573 7644 BHDrvx64 - ok
11:28:18.0180 7644 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
11:28:18.0414 7644 BITS - ok
11:28:18.0655 7644 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
11:28:18.0657 7644 blbdrive - ok
11:28:18.0864 7644 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:28:18.0878 7644 Bonjour Service - ok
11:28:18.0980 7644 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
11:28:18.0982 7644 bowser - ok
11:28:19.0092 7644 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
11:28:19.0097 7644 BrFiltLo - ok
11:28:19.0156 7644 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
11:28:19.0256 7644 BrFiltUp - ok
11:28:19.0912 7644 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
11:28:19.0952 7644 BridgeMP - ok
11:28:20.0027 7644 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\windows\System32\browser.dll
11:28:20.0127 7644 Browser - ok
11:28:20.0150 7644 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
11:28:20.0228 7644 Brserid - ok
11:28:20.0277 7644 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
11:28:20.0400 7644 BrSerWdm - ok
11:28:20.0559 7644 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
11:28:20.0569 7644 BrUsbMdm - ok
11:28:21.0042 7644 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
11:28:21.0187 7644 BrUsbSer - ok
11:28:21.0475 7644 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
11:28:21.0586 7644 BTHMODEM - ok
11:28:21.0793 7644 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
11:28:21.0915 7644 bthserv - ok
11:28:22.0033 7644 catchme - ok
11:28:22.0622 7644 [ DA66E851E76766D2C84502FE682AB175 ] ccHP C:\windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys
11:28:22.0649 7644 ccHP - ok
11:28:22.0726 7644 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
11:28:22.0729 7644 cdfs - ok
11:28:22.0781 7644 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\drivers\cdrom.sys
11:28:22.0784 7644 cdrom - ok
11:28:22.0944 7644 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
11:28:22.0954 7644 CertPropSvc - ok
11:28:23.0180 7644 [ 837FF2D497880198C918E6954DBD170C ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
11:28:23.0303 7644 cfWiMAXService - ok
11:28:23.0690 7644 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
11:28:23.0768 7644 circlass - ok
11:28:23.0817 7644 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
11:28:23.0930 7644 CLFS - ok
11:28:24.0124 7644 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:28:24.0869 7644 clr_optimization_v2.0.50727_32 - ok
11:28:24.0968 7644 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:28:24.0970 7644 clr_optimization_v2.0.50727_64 - ok
11:28:25.0454 7644 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:28:25.0554 7644 clr_optimization_v4.0.30319_32 - ok
11:28:25.0662 7644 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:28:25.0665 7644 clr_optimization_v4.0.30319_64 - ok
11:28:25.0699 7644 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
11:28:25.0700 7644 CmBatt - ok
11:28:25.0749 7644 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
11:28:25.0750 7644 cmdide - ok
11:28:25.0778 7644 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\windows\system32\Drivers\cng.sys
11:28:25.0785 7644 CNG - ok
11:28:25.0801 7644 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
11:28:25.0815 7644 Compbatt - ok
11:28:25.0844 7644 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
11:28:25.0918 7644 CompositeBus - ok
11:28:25.0978 7644 COMSysApp - ok
11:28:26.0043 7644 [ D252C53BCDFC199BBA55EEB10CDB266E ] ConfigFree Gadget Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
11:28:26.0072 7644 ConfigFree Gadget Service - ok
11:28:26.0105 7644 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
11:28:26.0127 7644 ConfigFree Service - ok
11:28:26.0188 7644 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
11:28:26.0311 7644 crcdisk - ok
11:28:26.0532 7644 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
11:28:26.0547 7644 CryptSvc - ok
11:28:26.0713 7644 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
11:28:26.0725 7644 DcomLaunch - ok
11:28:27.0022 7644 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
11:28:27.0044 7644 defragsvc - ok
11:28:27.0118 7644 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
11:28:27.0126 7644 DfsC - ok
11:28:27.0261 7644 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
11:28:27.0373 7644 Dhcp - ok
11:28:27.0446 7644 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
11:28:27.0447 7644 discache - ok
11:28:27.0510 7644 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
11:28:27.0553 7644 Disk - ok
11:28:27.0668 7644 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
11:28:27.0725 7644 Dnscache - ok
11:28:27.0762 7644 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
11:28:28.0074 7644 dot3svc - ok
11:28:28.0137 7644 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
11:28:28.0179 7644 DPS - ok
11:28:28.0345 7644 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
11:28:28.0395 7644 drmkaud - ok
11:28:28.0403 7644 dwaqoify - ok
11:28:28.0533 7644 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
11:28:28.0589 7644 DXGKrnl - ok
11:28:28.0657 7644 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
11:28:28.0660 7644 EapHost - ok
11:28:29.0633 7644 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
11:28:29.0736 7644 ebdrv - ok
11:28:30.0173 7644 [ 066108AE4C35835081598827A1A7D08D ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
11:28:30.0262 7644 eeCtrl - ok
11:28:30.0352 7644 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
11:28:30.0413 7644 EFS - ok
11:28:30.0516 7644 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
11:28:30.0568 7644 ehRecvr - ok
11:28:30.0649 7644 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
11:28:30.0695 7644 ehSched - ok
11:28:30.0852 7644 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
11:28:30.0953 7644 elxstor - ok
11:28:31.0120 7644 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
11:28:31.0309 7644 ErrDev - ok
11:28:31.0393 7644 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
11:28:31.0605 7644 EventSystem - ok
11:28:31.0616 7644 evhgqgzl - ok
11:28:31.0716 7644 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
11:28:31.0883 7644 exfat - ok
11:28:31.0934 7644 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
11:28:32.0102 7644 fastfat - ok
11:28:32.0391 7644 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
11:28:32.0492 7644 Fax - ok
11:28:32.0534 7644 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
11:28:32.0648 7644 fdc - ok
11:28:32.0963 7644 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
11:28:33.0119 7644 fdPHost - ok
11:28:33.0214 7644 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
11:28:33.0348 7644 FDResPub - ok
11:28:33.0406 7644 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
11:28:33.0506 7644 FileInfo - ok
11:28:33.0531 7644 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
11:28:33.0654 7644 Filetrace - ok
11:28:33.0698 7644 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
11:28:33.0779 7644 flpydisk - ok
11:28:33.0933 7644 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
11:28:33.0978 7644 FltMgr - ok
11:28:34.0092 7644 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
11:28:34.0205 7644 FontCache - ok
11:28:34.0288 7644 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:28:34.0342 7644 FontCache3.0.0.0 - ok
11:28:34.0434 7644 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
11:28:34.0481 7644 FsDepends - ok
11:28:34.0522 7644 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
11:28:34.0656 7644 Fs_Rec - ok
11:28:34.0968 7644 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
11:28:35.0113 7644 fvevol - ok
11:28:35.0353 7644 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
11:28:35.0520 7644 gagp30kx - ok
11:28:35.0966 7644 [ 4FBCCBDD99A75C9EFBC90392CF32AF61 ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
11:28:36.0122 7644 GameConsoleService - ok
11:28:37.0726 7644 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
11:28:37.0882 7644 GEARAspiWDM - ok
11:28:38.0446 7644 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
11:28:38.0636 7644 gpsvc - ok
11:28:39.0175 7644 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1cab43fda26aa46 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:28:39.0376 7644 gupdate1cab43fda26aa46 - ok
11:28:39.0731 7644 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:28:39.0732 7644 gupdatem - ok
11:28:40.0315 7644 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:28:40.0330 7644 gusvc - ok
11:28:41.0315 7644 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
11:28:41.0327 7644 hcw85cir - ok
11:28:41.0433 7644 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
11:28:41.0449 7644 HdAudAddService - ok
11:28:41.0850 7644 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
11:28:41.0856 7644 HDAudBus - ok
11:28:41.0870 7644 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
11:28:41.0879 7644 HidBatt - ok
11:28:41.0977 7644 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
11:28:41.0991 7644 HidBth - ok
11:28:42.0052 7644 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
11:28:42.0061 7644 HidIr - ok
11:28:42.0359 7644 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
11:28:42.0369 7644 hidserv - ok
11:28:42.0544 7644 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
11:28:42.0647 7644 HidUsb - ok
11:28:42.0702 7644 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
11:28:42.0716 7644 hkmsvc - ok
11:28:43.0217 7644 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
11:28:43.0241 7644 HomeGroupListener - ok
11:28:43.0297 7644 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
11:28:43.0464 7644 HomeGroupProvider - ok
11:28:43.0637 7644 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
11:28:43.0639 7644 HpSAMD - ok
11:28:43.0922 7644 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
11:28:43.0932 7644 HTTP - ok
11:28:44.0254 7644 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
11:28:44.0257 7644 hwpolicy - ok
11:28:44.0935 7644 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
11:28:44.0940 7644 i8042prt - ok
11:28:45.0025 7644 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
11:28:45.0029 7644 iaStor - ok
11:28:45.0204 7644 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
11:28:45.0294 7644 iaStorV - ok
11:28:45.0506 7644 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:28:45.0652 7644 idsvc - ok
11:28:46.0156 7644 [ 6F9B281BC4AFFF5FE784D7DA699D347F ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110223.001\IDSvia64.sys
11:28:46.0176 7644 IDSVia64 - ok
11:28:47.0105 7644 [ 3C3F27002ABC69C5AFE29CBE6CF7ADDF ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
11:28:47.0368 7644 igfx - ok
11:28:47.0434 7644 ihihllmr - ok
11:28:47.0548 7644 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
11:28:47.0549 7644 iirsp - ok
11:28:47.0622 7644 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
11:28:47.0651 7644 IKEEXT - ok
11:28:47.0935 7644 [ B6E61B181884527CC5B68C2D79504B43 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
11:28:47.0970 7644 IntcAzAudAddService - ok
11:28:48.0198 7644 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
11:28:48.0199 7644 intelide - ok
11:28:48.0235 7644 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
11:28:48.0236 7644 intelppm - ok
11:28:48.0376 7644 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
11:28:48.0379 7644 IPBusEnum - ok
11:28:48.0468 7644 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
11:28:48.0470 7644 IpFilterDriver - ok
11:28:48.0640 7644 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
11:28:48.0785 7644 IPMIDRV - ok
11:28:48.0792 7644 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
11:28:48.0875 7644 IPNAT - ok
11:28:49.0652 7644 [ EE4C2A137C7088911A8919EFFC9812E7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:28:49.0671 7644 iPod Service - ok
11:28:50.0221 7644 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
11:28:50.0230 7644 IRENUM - ok
11:28:50.0329 7644 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
11:28:50.0338 7644 isapnp - ok
11:28:50.0420 7644 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
11:28:50.0543 7644 iScsiPrt - ok
11:28:50.0583 7644 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
11:28:50.0674 7644 kbdclass - ok
11:28:50.0838 7644 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
11:28:51.0016 7644 kbdhid - ok
11:28:51.0054 7644 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
11:28:51.0165 7644 KeyIso - ok
11:28:51.0209 7644 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
11:28:51.0369 7644 KSecDD - ok
11:28:51.0415 7644 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
11:28:51.0571 7644 KSecPkg - ok
11:28:51.0635 7644 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
11:28:51.0646 7644 ksthunk - ok
11:28:52.0308 7644 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
11:28:52.0323 7644 KtmRm - ok
11:28:52.0674 7644 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
11:28:52.0755 7644 LanmanServer - ok
11:28:52.0924 7644 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
11:28:53.0058 7644 LanmanWorkstation - ok
11:28:53.0841 7644 [ 3C879D04BB6466E2853C3155B635CC45 ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
11:28:54.0178 7644 LeapFrog Connect Device Service - ok
11:28:54.0531 7644 [ 797289607A5EBF31353AA5EAD141F872 ] Leapfrog-USBLAN C:\windows\system32\DRIVERS\btblan.sys
11:28:54.0541 7644 Leapfrog-USBLAN - ok
11:28:54.0750 7644 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
11:28:54.0828 7644 lltdio - ok
11:28:54.0909 7644 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
11:28:54.0999 7644 lltdsvc - ok
11:28:55.0049 7644 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
11:28:55.0138 7644 lmhosts - ok
11:28:55.0257 7644 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
11:28:55.0318 7644 LSI_FC - ok
11:28:55.0449 7644 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
11:28:55.0457 7644 LSI_SAS - ok
11:28:55.0593 7644 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
11:28:55.0638 7644 LSI_SAS2 - ok
11:28:55.0693 7644 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
11:28:55.0695 7644 LSI_SCSI - ok
11:28:55.0883 7644 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
11:28:55.0894 7644 luafv - ok
11:28:56.0325 7644 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
11:28:56.0336 7644 Mcx2Svc - ok
11:28:56.0373 7644 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
11:28:56.0374 7644 megasas - ok
11:28:56.0467 7644 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
11:28:56.0472 7644 MegaSR - ok
11:28:56.0508 7644 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
11:28:56.0512 7644 MMCSS - ok
11:28:56.0531 7644 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
11:28:56.0532 7644 Modem - ok
11:28:56.0576 7644 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
11:28:56.0577 7644 monitor - ok
11:28:56.0604 7644 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
11:28:56.0605 7644 mouclass - ok
11:28:56.0613 7644 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
11:28:56.0620 7644 mouhid - ok
11:28:56.0651 7644 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
11:28:56.0653 7644 mountmgr - ok
11:28:56.0819 7644 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
11:28:56.0844 7644 MpFilter - ok
11:28:56.0949 7644 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
11:28:56.0971 7644 mpio - ok
11:28:57.0164 7644 [ 0EBB390B7AEEC45EC061D9870A34FD42 ] MpKslde52cc37 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1276CDC4-7F31-4733-9975-0B65E37A2B56}\MpKslde52cc37.sys
11:28:57.0399 7644 MpKslde52cc37 - ok
11:28:57.0548 7644 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
11:28:57.0560 7644 mpsdrv - ok
11:28:57.0652 7644 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
11:28:57.0663 7644 MRxDAV - ok
11:28:58.0216 7644 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
11:28:58.0221 7644 mrxsmb - ok
11:28:58.0570 7644 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
11:28:58.0592 7644 mrxsmb10 - ok
11:28:59.0056 7644 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
11:28:59.0071 7644 mrxsmb20 - ok
11:28:59.0112 7644 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
11:28:59.0120 7644 msahci - ok
11:28:59.0268 7644 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
11:28:59.0281 7644 msdsm - ok
11:28:59.0409 7644 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
11:28:59.0426 7644 MSDTC - ok
11:28:59.0482 7644 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
11:28:59.0486 7644 Msfs - ok
11:29:00.0278 7644 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
11:29:00.0456 7644 mshidkmdf - ok
11:29:00.0468 7644 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
11:29:00.0496 7644 msisadrv - ok
11:29:00.0569 7644 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
11:29:00.0590 7644 MSiSCSI - ok
11:29:00.0616 7644 msiserver - ok
11:29:00.0671 7644 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
11:29:00.0680 7644 MSKSSRV - ok
11:29:00.0895 7644 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
11:29:00.0900 7644 MsMpSvc - ok
11:29:00.0977 7644 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
11:29:00.0983 7644 MSPCLOCK - ok
11:29:01.0103 7644 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
11:29:01.0109 7644 MSPQM - ok
11:29:01.0357 7644 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
11:29:01.0365 7644 MsRPC - ok
11:29:01.0792 7644 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
11:29:01.0796 7644 mssmbios - ok
11:29:01.0977 7644 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
11:29:01.0992 7644 MSTEE - ok
11:29:02.0078 7644 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
11:29:02.0097 7644 MTConfig - ok
11:29:02.0309 7644 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
11:29:02.0319 7644 Mup - ok
11:29:02.0622 7644 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
11:29:02.0641 7644 napagent - ok
11:29:02.0786 7644 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
11:29:02.0791 7644 NativeWifiP - ok
11:29:02.0816 7644 NAVENG - ok
11:29:02.0822 7644 NAVEX15 - ok
11:29:02.0911 7644 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\windows\system32\drivers\ndis.sys
11:29:02.0956 7644 NDIS - ok
11:29:03.0000 7644 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
11:29:03.0002 7644 NdisCap - ok
11:29:03.0022 7644 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
11:29:03.0024 7644 NdisTapi - ok
11:29:03.0274 7644 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
11:29:03.0340 7644 Ndisuio - ok
11:29:03.0665 7644 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
11:29:03.0671 7644 NdisWan - ok
11:29:03.0875 7644 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
11:29:03.0890 7644 NDProxy - ok
11:29:03.0990 7644 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
11:29:03.0995 7644 NetBIOS - ok
11:29:04.0180 7644 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
11:29:04.0197 7644 NetBT - ok
11:29:04.0789 7644 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
11:29:04.0814 7644 Netlogon - ok
11:29:04.0927 7644 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
11:29:04.0943 7644 Netman - ok
11:29:04.0984 7644 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
11:29:05.0005 7644 netprofm - ok
11:29:05.0603 7644 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:29:05.0614 7644 NetTcpPortSharing - ok
11:29:05.0829 7644 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
11:29:05.0838 7644 nfrd960 - ok
11:29:06.0710 7644 [ 8E643FD5F38FA9A2EDA27268A1E9499F ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
11:29:06.0723 7644 NIS - ok
11:29:06.0871 7644 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
11:29:06.0891 7644 NisDrv - ok
11:29:06.0958 7644 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
11:29:06.0963 7644 NisSrv - ok
11:29:07.0014 7644 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
11:29:07.0022 7644 NlaSvc - ok
11:29:07.0066 7644 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
11:29:07.0068 7644 Npfs - ok
11:29:07.0095 7644 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
11:29:07.0098 7644 nsi - ok
11:29:07.0129 7644 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
11:29:07.0130 7644 nsiproxy - ok
11:29:07.0244 7644 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
11:29:07.0360 7644 Ntfs - ok
11:29:07.0433 7644 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
11:29:07.0523 7644 Null - ok
11:29:07.0624 7644 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
11:29:07.0637 7644 nvraid - ok
11:29:07.0694 7644 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
11:29:07.0712 7644 nvstor - ok
11:29:07.0751 7644 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
11:29:07.0760 7644 nv_agp - ok
11:29:08.0446 7644 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:29:08.0467 7644 odserv - ok
11:29:08.0530 7644 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
11:29:08.0540 7644 ohci1394 - ok
11:29:08.0819 7644 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:29:08.0825 7644 ose - ok
11:29:09.0089 7644 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
11:29:09.0096 7644 p2pimsvc - ok
11:29:09.0197 7644 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
11:29:09.0248 7644 p2psvc - ok
11:29:09.0312 7644 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
11:29:09.0535 7644 Parport - ok
11:29:09.0570 7644 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
11:29:09.0606 7644 partmgr - ok
11:29:09.0664 7644 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
11:29:09.0887 7644 PcaSvc - ok
11:29:09.0921 7644 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
11:29:09.0925 7644 pci - ok
11:29:10.0291 7644 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
11:29:10.0379 7644 pciide - ok
11:29:10.0435 7644 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
11:29:10.0449 7644 pcmcia - ok
11:29:10.0549 7644 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
11:29:10.0578 7644 pcw - ok
11:29:10.0763 7644 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
11:29:10.0789 7644 PEAUTH - ok
11:29:10.0938 7644 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
11:29:10.0967 7644 PerfHost - ok
11:29:11.0026 7644 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
11:29:11.0065 7644 PGEffect - ok
11:29:11.0202 7644 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
11:29:11.0270 7644 pla - ok
11:29:11.0485 7644 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
11:29:11.0499 7644 PlugPlay - ok
11:29:11.0656 7644 [ 55F3EE8A42CFC089C8DF3327125DC4B1 ] PMCF C:\windows\system32\drivers\PMCF.sys
11:29:11.0695 7644 PMCF - ok
11:29:11.0729 7644 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
11:29:11.0749 7644 PNRPAutoReg - ok
11:29:11.0834 7644 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
11:29:11.0839 7644 PNRPsvc - ok
11:29:12.0017 7644 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
11:29:12.0046 7644 PolicyAgent - ok
11:29:12.0107 7644 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
11:29:12.0130 7644 Power - ok
11:29:12.0231 7644 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
11:29:12.0267 7644 PptpMiniport - ok
11:29:12.0311 7644 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
11:29:12.0326 7644 Processor - ok
11:29:12.0398 7644 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\windows\system32\profsvc.dll
11:29:12.0521 7644 ProfSvc - ok
11:29:12.0556 7644 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
11:29:12.0576 7644 ProtectedStorage - ok
11:29:12.0770 7644 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
11:29:12.0781 7644 Psched - ok
11:29:12.0927 7644 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
11:29:12.0965 7644 ql2300 - ok
11:29:13.0050 7644 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
11:29:13.0064 7644 ql40xx - ok
11:29:13.0134 7644 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
11:29:13.0160 7644 QWAVE - ok
11:29:13.0203 7644 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
11:29:13.0247 7644 QWAVEdrv - ok
11:29:13.0312 7644 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
11:29:13.0434 7644 RasAcd - ok
11:29:13.0572 7644 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
11:29:13.0870 7644 RasAgileVpn - ok
11:29:13.0926 7644 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
11:29:13.0932 7644 RasAuto - ok
11:29:13.0991 7644 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
11:29:14.0029 7644 Rasl2tp - ok
11:29:14.0071 7644 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
11:29:14.0090 7644 RasMan - ok
11:29:14.0121 7644 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
11:29:14.0160 7644 RasPppoe - ok
11:29:14.0252 7644 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
11:29:14.0271 7644 RasSstp - ok
11:29:14.0306 7644 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
11:29:14.0318 7644 rdbss - ok
11:29:14.0390 7644 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
11:29:14.0419 7644 rdpbus - ok
11:29:14.0486 7644 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
11:29:14.0511 7644 RDPCDD - ok
11:29:14.0525 7644 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
11:29:14.0540 7644 RDPENCDD - ok
11:29:14.0563 7644 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
11:29:14.0593 7644 RDPREFMP - ok
11:29:14.0646 7644 [ 6D76E6433574B058ADCB0C50DF834492 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
11:29:14.0673 7644 RDPWD - ok
11:29:14.0749 7644 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
11:29:14.0766 7644 rdyboost - ok
11:29:14.0860 7644 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
11:29:14.0874 7644 RemoteAccess - ok
11:29:14.0929 7644 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
11:29:14.0957 7644 RemoteRegistry - ok
11:29:15.0171 7644 [ E20B1907FC72A3664ECE21E3C20FC63D ] rimspci C:\windows\system32\DRIVERS\rimspe64.sys
11:29:15.0229 7644 rimspci - ok
11:29:15.0298 7644 RimUsb - ok
11:29:15.0375 7644 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\windows\system32\DRIVERS\RimSerial_AMD64.sys
11:29:15.0393 7644 RimVSerPort - ok
11:29:15.0461 7644 [ 7DDA2E5CF452DAD24B1BE704225C18EE ] risdpcie C:\windows\system32\DRIVERS\risdpe64.sys
11:29:15.0477 7644 risdpcie - ok
11:29:15.0535 7644 [ 6A1CD4674505E6791390A1AB71DA1FBE ] rixdpcie C:\windows\system32\DRIVERS\rixdpe64.sys
11:29:15.0551 7644 rixdpcie - ok
11:29:15.0643 7644 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\windows\system32\Drivers\RootMdm.sys
11:29:15.0672 7644 ROOTMODEM - ok
11:29:15.0724 7644 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
11:29:15.0741 7644 RpcEptMapper - ok
11:29:15.0773 7644 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
11:29:15.0787 7644 RpcLocator - ok
11:29:15.0838 7644 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\System32\rpcss.dll
11:29:15.0846 7644 RpcSs - ok
11:29:15.0972 7644 RSELSVC - ok
11:29:16.0131 7644 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
11:29:16.0171 7644 rspndr - ok
11:29:16.0306 7644 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
11:29:16.0323 7644 RTL8167 - ok
11:29:16.0457 7644 [ 7475548B0BA58EBA4D12414FC9E9DFE6 ] rtl8192se C:\windows\system32\DRIVERS\rtl8192se.sys
11:29:16.0487 7644 rtl8192se - ok
11:29:16.0612 7644 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
11:29:16.0615 7644 SamSs - ok
11:29:16.0654 7644 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
11:29:16.0672 7644 sbp2port - ok
11:29:16.0720 7644 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
11:29:16.0733 7644 SCardSvr - ok
11:29:16.0893 7644 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
11:29:16.0900 7644 scfilter - ok
11:29:17.0085 7644 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
11:29:17.0107 7644 Schedule - ok
11:29:17.0204 7644 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
11:29:17.0206 7644 SCPolicySvc - ok
11:29:17.0272 7644 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\windows\system32\drivers\sdbus.sys
11:29:17.0309 7644 sdbus - ok
11:29:17.0351 7644 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
11:29:17.0361 7644 SDRSVC - ok
11:29:17.0523 7644 [ 331E7BDE228914574FC9AE6CD520DAFA ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
11:29:17.0532 7644 SeaPort - ok
11:29:17.0603 7644 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
11:29:17.0622 7644 secdrv - ok
11:29:17.0776 7644 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
11:29:17.0789 7644 seclogon - ok
11:29:17.0832 7644 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
11:29:17.0855 7644 SENS - ok
11:29:17.0883 7644 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
11:29:17.0891 7644 SensrSvc - ok
11:29:17.0922 7644 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
11:29:17.0941 7644 Serenum - ok
11:29:17.0977 7644 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
11:29:17.0991 7644 Serial - ok
11:29:18.0000 7644 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
11:29:18.0002 7644 sermouse - ok
11:29:18.0131 7644 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
11:29:18.0167 7644 SessionEnv - ok
11:29:18.0235 7644 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
11:29:18.0252 7644 sffdisk - ok
11:29:18.0259 7644 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
11:29:18.0260 7644 sffp_mmc - ok
11:29:18.0269 7644 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
11:29:18.0276 7644 sffp_sd - ok
11:29:18.0300 7644 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
11:29:18.0301 7644 sfloppy - ok
11:29:18.0526 7644 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
11:29:18.0536 7644 ShellHWDetection - ok
11:29:18.0622 7644 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
11:29:18.0636 7644 SiSRaid2 - ok
11:29:18.0761 7644 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
11:29:18.0763 7644 SiSRaid4 - ok
11:29:18.0835 7644 slraiubz - ok
11:29:18.0908 7644 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
11:29:18.0924 7644 Smb - ok
11:29:18.0977 7644 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
11:29:18.0988 7644 SNMPTRAP - ok
11:29:19.0195 7644 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
11:29:19.0260 7644 spldr - ok
11:29:19.0370 7644 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\windows\System32\spoolsv.exe
11:29:19.0432 7644 Spooler - ok
11:29:19.0853 7644 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
11:29:20.0025 7644 sppsvc - ok
11:29:20.0072 7644 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
11:29:20.0274 7644 sppuinotify - ok
11:29:20.0664 7644 [ 96BABC4906ECDB1C69D1176F8647AD8E ] SRTSP C:\windows\System32\Drivers\NISx64\1108000.005\SRTSP64.SYS
11:29:20.0680 7644 SRTSP - ok
11:29:20.0727 7644 [ C7F491A290E0E4222F5CDCD50EEB8167 ] SRTSPX C:\windows\system32\drivers\NISx64\1108000.005\SRTSPX64.SYS
11:29:20.0774 7644 SRTSPX - ok
11:29:20.0883 7644 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
11:29:21.0164 7644 srv - ok
11:29:21.0226 7644 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
11:29:21.0772 7644 srv2 - ok
11:29:21.0834 7644 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
11:29:21.0866 7644 srvnet - ok
11:29:21.0959 7644 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
11:29:22.0037 7644 SSDPSRV - ok
11:29:22.0084 7644 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
11:29:22.0115 7644 SstpSvc - ok
11:29:22.0256 7644 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
11:29:22.0271 7644 stexstor - ok
11:29:22.0505 7644 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
11:29:22.0521 7644 stisvc - ok
11:29:22.0817 7644 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
11:29:22.0833 7644 swenum - ok
11:29:22.0973 7644 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
11:29:23.0004 7644 swprv - ok
11:29:23.0254 7644 [ 659B227A72B76115975A6A9491B2FE1F ] SymDS C:\windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS
11:29:23.0270 7644 SymDS - ok
11:29:23.0363 7644 [ 42C952D131EFF724A9959BB6D78C1B63 ] SymEFA C:\windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS
11:29:23.0394 7644 SymEFA - ok
11:29:23.0488 7644 [ 3F9D5FE52585E2653E59FDBFDF09A94C ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS
11:29:23.0519 7644 SymEvent - ok
11:29:23.0613 7644 [ F57588546E738DB1583981D8F44E9BC2 ] SymIRON C:\windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS
11:29:23.0628 7644 SymIRON - ok
11:29:23.0691 7644 [ 8ABB6E5B7D75CD3F0A988695D0D9186A ] SYMTDIv C:\windows\System32\Drivers\NISx64\1108000.005\SYMTDIV.SYS
11:29:23.0691 7644 SYMTDIv - ok
11:29:23.0925 7644 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
11:29:23.0956 7644 SysMain - ok
11:29:24.0486 7644 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
11:29:24.0518 7644 TabletInputService - ok
11:29:24.0549 7644 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
11:29:24.0564 7644 TapiSrv - ok
11:29:24.0596 7644 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
11:29:24.0596 7644 TBS - ok
11:29:25.0095 7644 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\windows\system32\drivers\tcpip.sys
11:29:25.0110 7644 Tcpip - ok
11:29:25.0173 7644 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
11:29:25.0173 7644 TCPIP6 - ok
11:29:25.0485 7644 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
11:29:25.0500 7644 tcpipreg - ok
11:29:25.0594 7644 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
11:29:25.0594 7644 tdcmdpst - ok
11:29:25.0890 7644 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
11:29:25.0922 7644 TDPIPE - ok
11:29:25.0968 7644 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
11:29:25.0968 7644 TDTCP - ok
11:29:26.0000 7644 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
11:29:26.0000 7644 tdx - ok
11:29:26.0171 7644 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
11:29:26.0187 7644 TermDD - ok
11:29:26.0296 7644 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
11:29:26.0312 7644 TermService - ok
11:29:26.0421 7644 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
11:29:26.0436 7644 Themes - ok
11:29:26.0452 7644 [ C013F6ACAA9761F571BD28DADA7C157D ] Thpdrv C:\windows\system32\DRIVERS\thpdrv.sys
11:29:26.0452 7644 Thpdrv - ok
11:29:26.0608 7644 [ B4E609047434ED948AF7BDEF2FA66E38 ] Thpevm C:\windows\system32\DRIVERS\Thpevm.SYS
11:29:26.0624 7644 Thpevm - ok
11:29:26.0733 7644 [ 6146EAC71AE3C9DA17B0E33632082B7B ] Thpsrv C:\windows\system32\ThpSrv.exe
11:29:26.0826 7644 Thpsrv - ok
11:29:26.0858 7644 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
11:29:26.0889 7644 THREADORDER - ok
11:29:26.0967 7644 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe
11:29:26.0982 7644 TODDSrv - ok
11:29:27.0107 7644 [ 06C61275ADC64F1E36240A2287998A5E ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
11:29:27.0123 7644 TosCoSrv - ok
11:29:27.0232 7644 [ DD58E1250F604CBBADDA04575E5E2376 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
11:29:27.0248 7644 TOSHIBA HDD SSD Alert Service - ok
11:29:27.0606 7644 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys
11:29:27.0638 7644 tos_sps64 - ok
11:29:27.0809 7644 [ DE64C52BD0671165CF2EEBF2A728A3E2 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
11:29:27.0856 7644 TPCHSrv - ok
11:29:28.0496 7644 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
11:29:28.0558 7644 TrkWks - ok
11:29:28.0761 7644 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
11:29:28.0776 7644 TrustedInstaller - ok
11:29:28.0917 7644 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
11:29:28.0932 7644 tssecsrv - ok
11:29:29.0759 7644 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
11:29:29.0775 7644 TsUsbFlt - ok
11:29:29.0837 7644 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
11:29:29.0837 7644 tunnel - ok
11:29:29.0884 7644 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
11:29:29.0884 7644 TVALZ - ok
11:29:29.0931 7644 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
11:29:29.0946 7644 TVALZFL - ok
11:29:29.0962 7644 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
11:29:29.0962 7644 uagp35 - ok
11:29:30.0165 7644 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
11:29:30.0196 7644 udfs - ok
11:29:30.0243 7644 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
11:29:30.0243 7644 UI0Detect - ok
11:29:30.0258 7644 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
11:29:30.0258 7644 uliagpkx - ok
11:29:30.0290 7644 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
11:29:30.0321 7644 umbus - ok
11:29:30.0414 7644 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
11:29:30.0414 7644 UmPass - ok
11:29:30.0539 7644 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
11:29:30.0570 7644 upnphost - ok
11:29:30.0633 7644 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
11:29:30.0648 7644 USBAAPL64 - ok
11:29:30.0742 7644 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
11:29:30.0773 7644 usbaudio - ok
11:29:30.0804 7644 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
11:29:30.0804 7644 usbccgp - ok
11:29:30.0882 7644 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
11:29:30.0898 7644 usbcir - ok
11:29:30.0992 7644 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
11:29:31.0023 7644 usbehci - ok
11:29:31.0522 7644 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
11:29:31.0538 7644 usbhub - ok
11:29:31.0600 7644 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
11:29:31.0616 7644 usbohci - ok
11:29:31.0647 7644 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
11:29:31.0647 7644 usbprint - ok
11:29:31.0678 7644 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
11:29:31.0678 7644 usbscan - ok
11:29:31.0709 7644 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
11:29:31.0725 7644 USBSTOR - ok
11:29:31.0756 7644 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
11:29:31.0772 7644 usbuhci - ok
11:29:31.0865 7644 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
11:29:31.0881 7644 usbvideo - ok
11:29:31.0928 7644 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
11:29:31.0928 7644 UxSms - ok
11:29:31.0943 7644 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
11:29:31.0959 7644 VaultSvc - ok
11:29:32.0006 7644 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
11:29:32.0006 7644 vdrvroot - ok
11:29:32.0068 7644 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
11:29:32.0084 7644 vds - ok
11:29:32.0115 7644 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
11:29:32.0115 7644 vga - ok
11:29:32.0146 7644 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
11:29:32.0146 7644 VgaSave - ok
11:29:32.0302 7644 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
11:29:32.0349 7644 vhdmp - ok
11:29:32.0364 7644 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
11:29:32.0380 7644 viaide - ok
11:29:32.0427 7644 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
11:29:32.0442 7644 volmgr - ok
11:29:32.0567 7644 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
11:29:32.0598 7644 volmgrx - ok
11:29:32.0645 7644 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
11:29:32.0661 7644 volsnap - ok
11:29:32.0723 7644 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
11:29:32.0723 7644 vsmraid - ok
11:29:32.0926 7644 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
11:29:32.0988 7644 VSS - ok
11:29:33.0051 7644 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
11:29:33.0051 7644 vwifibus - ok
11:29:33.0098 7644 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
11:29:33.0113 7644 vwififlt - ok
11:29:33.0160 7644 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
11:29:33.0160 7644 vwifimp - ok
11:29:33.0191 7644 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
11:29:33.0207 7644 W32Time - ok
11:29:33.0222 7644 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
11:29:33.0222 7644 WacomPen - ok
11:29:33.0347 7644 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
11:29:33.0363 7644 WANARP - ok
11:29:33.0378 7644 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
11:29:33.0378 7644 Wanarpv6 - ok
11:29:33.0488 7644 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
11:29:33.0519 7644 WatAdminSvc - ok
11:29:33.0628 7644 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
11:29:33.0675 7644 wbengine - ok
11:29:33.0722 7644 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
11:29:33.0753 7644 WbioSrvc - ok
11:29:33.0784 7644 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
11:29:33.0784 7644 wcncsvc - ok
11:29:33.0815 7644 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
11:29:33.0831 7644 WcsPlugInService - ok
11:29:33.0878 7644 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
11:29:33.0893 7644 Wd - ok
11:29:33.0956 7644 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
11:29:33.0971 7644 Wdf01000 - ok
11:29:34.0018 7644 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
11:29:34.0034 7644 WdiServiceHost - ok
11:29:34.0034 7644 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
11:29:34.0034 7644 WdiSystemHost - ok
11:29:34.0158 7644 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
11:29:34.0174 7644 WebClient - ok
11:29:34.0205 7644 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
11:29:34.0221 7644 Wecsvc - ok
11:29:34.0236 7644 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
11:29:34.0236 7644 wercplsupport - ok
11:29:34.0283 7644 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
11:29:34.0299 7644 WerSvc - ok
11:29:34.0346 7644 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
11:29:34.0361 7644 WfpLwf - ok
11:29:34.0392 7644 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
11:29:34.0408 7644 WIMMount - ok
11:29:34.0408 7644 WinHttpAutoProxySvc - ok
11:29:34.0486 7644 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
11:29:34.0502 7644 Winmgmt - ok
11:29:34.0845 7644 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
11:29:34.0923 7644 WinRM - ok
11:29:35.0001 7644 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
11:29:35.0016 7644 WinUsb - ok
11:29:35.0079 7644 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
11:29:35.0094 7644 Wlansvc - ok
11:29:35.0266 7644 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:29:35.0344 7644 wlidsvc - ok
11:29:35.0375 7644 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
11:29:35.0391 7644 WmiAcpi - ok
11:29:35.0438 7644 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
11:29:35.0453 7644 wmiApSrv - ok
11:29:35.0500 7644 WMPNetworkSvc - ok
11:29:35.0531 7644 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
11:29:35.0547 7644 WPCSvc - ok
11:29:35.0578 7644 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
11:29:35.0609 7644 WPDBusEnum - ok
11:29:35.0640 7644 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
11:29:35.0640 7644 ws2ifsl - ok
11:29:35.0656 7644 WSearch - ok
11:29:35.0906 7644 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
11:29:35.0999 7644 wuauserv - ok
11:29:36.0030 7644 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
11:29:36.0030 7644 WudfPf - ok
11:29:36.0218 7644 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
11:29:36.0233 7644 WUDFRd - ok
11:29:36.0483 7644 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
11:29:36.0514 7644 wudfsvc - ok
11:29:36.0545 7644 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
11:29:36.0561 7644 WwanSvc - ok
11:29:36.0608 7644 ================ Scan global ===============================
11:29:36.0639 7644 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
11:29:36.0686 7644 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
11:29:36.0717 7644 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
11:29:36.0748 7644 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
11:29:36.0795 7644 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
11:29:36.0810 7644 [Global] - ok
11:29:36.0810 7644 ================ Scan MBR ==================================
11:29:36.0826 7644 [ B5D3B89509933463264FF7748B075C37 ] \Device\Harddisk0\DR0
11:29:36.0826 7644 Suspicious mbr (Forged): \Device\Harddisk0\DR0
11:29:36.0888 7644 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
11:29:36.0888 7644 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
11:29:36.0888 7644 ================ Scan VBR ==================================
11:29:36.0904 7644 [ 96747A29472D97B0043A260435EAA0BD ] \Device\Harddisk0\DR0\Partition1
11:29:36.0904 7644 \Device\Harddisk0\DR0\Partition1 - ok
11:29:36.0904 7644 ============================================================
11:29:36.0904 7644 Scan finished
11:29:36.0904 7644 ============================================================
11:29:36.0935 7636 Detected object count: 1
11:29:36.0935 7636 Actual detected object count: 1
11:29:45.0702 7636 \Device\Harddisk0\DR0\# - copied to quarantine
11:29:45.0734 7636 \Device\Harddisk0\DR0 - copied to quarantine
11:29:45.0999 7636 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
11:29:46.0014 7636 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
11:29:46.0124 7636 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
11:29:46.0139 7636 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
11:29:46.0139 7636 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
11:29:46.0155 7636 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
11:29:46.0155 7636 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
11:29:46.0155 7636 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
11:29:46.0155 7636 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
11:29:46.0155 7636 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
11:29:46.0170 7636 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
11:29:46.0170 7636 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
11:29:46.0264 7636 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
11:29:46.0264 7636 \Device\Harddisk0\DR0 - ok
11:29:46.0451 7636 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
11:29:53.0892 7776 Deinitialize success

Here is the second log

11:32:17.0573 2880 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:32:18.0338 2880 ============================================================
11:32:18.0338 2880 Current date / time: 2012/11/06 11:32:18.0338
11:32:18.0338 2880 SystemInfo:
11:32:18.0338 2880
11:32:18.0338 2880 OS Version: 6.1.7601 ServicePack: 1.0
11:32:18.0338 2880 Product type: Workstation
11:32:18.0338 2880 ComputerName: TOMBRANTLEY-PC
11:32:18.0338 2880 UserName: Tom Brantley
11:32:18.0338 2880 Windows directory: C:\windows
11:32:18.0338 2880 System windows directory: C:\windows
11:32:18.0338 2880 Running under WOW64
11:32:18.0338 2880 Processor architecture: Intel x64
11:32:18.0338 2880 Number of processors: 2
11:32:18.0338 2880 Page size: 0x1000
11:32:18.0338 2880 Boot type: Normal boot
11:32:18.0338 2880 ============================================================
11:32:18.0447 2880 BG loaded
11:32:19.0149 2880 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:32:19.0196 2880 ============================================================
11:32:19.0196 2880 \Device\Harddisk0\DR0:
11:32:19.0196 2880 MBR partitions:
11:32:19.0196 2880 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38BDA000
11:32:19.0196 2880 ============================================================
11:32:19.0289 2880 C: <-> \Device\Harddisk0\DR0\Partition1
11:32:19.0289 2880 ============================================================
11:32:19.0289 2880 Initialize success
11:32:19.0289 2880 ============================================================
11:32:30.0588 3324 ============================================================
11:32:30.0588 3324 Scan started
11:32:30.0588 3324 Mode: Manual;
11:32:30.0588 3324 ============================================================
11:33:17.0815 3324 ================ Scan system memory ========================
11:33:17.0816 3324 System memory - ok
11:33:17.0822 3324 ================ Scan services =============================
11:33:18.0822 3324 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
11:33:18.0833 3324 1394ohci - ok
11:33:18.0921 3324 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
11:33:18.0932 3324 ACPI - ok
11:33:18.0991 3324 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
11:33:19.0007 3324 AcpiPmi - ok
11:33:19.0197 3324 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:33:19.0211 3324 AdobeFlashPlayerUpdateSvc - ok
11:33:19.0272 3324 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
11:33:19.0278 3324 adp94xx - ok
11:33:19.0343 3324 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
11:33:19.0363 3324 adpahci - ok
11:33:19.0420 3324 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
11:33:19.0435 3324 adpu320 - ok
11:33:19.0489 3324 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
11:33:19.0489 3324 AeLookupSvc - ok
11:33:19.0584 3324 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
11:33:19.0588 3324 AFD - ok
11:33:19.0796 3324 [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
11:33:19.0798 3324 AgereModemAudio - ok
11:33:19.0872 3324 [ C98356D813B581E9C425B42A5D146CE0 ] AgereSoftModem C:\windows\system32\DRIVERS\agrsm64.sys
11:33:19.0880 3324 AgereSoftModem - ok
11:33:19.0947 3324 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
11:33:19.0960 3324 agp440 - ok
11:33:20.0022 3324 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
11:33:20.0024 3324 ALG - ok
11:33:20.0102 3324 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
11:33:20.0120 3324 aliide - ok
11:33:20.0224 3324 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
11:33:20.0248 3324 amdide - ok
11:33:20.0388 3324 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
11:33:20.0391 3324 AmdK8 - ok
11:33:20.0435 3324 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
11:33:20.0448 3324 AmdPPM - ok
11:33:20.0508 3324 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
11:33:20.0523 3324 amdsata - ok
11:33:20.0572 3324 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
11:33:20.0578 3324 amdsbs - ok
11:33:20.0605 3324 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
11:33:20.0607 3324 amdxata - ok
11:33:20.0669 3324 [ 1661F9C9E4B0049FA0A5E30264375A87 ] ApfiltrService C:\windows\system32\DRIVERS\Apfiltr.sys
11:33:20.0671 3324 ApfiltrService - ok
11:33:20.0745 3324 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
11:33:20.0767 3324 AppID - ok
11:33:20.0808 3324 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
11:33:20.0816 3324 AppIDSvc - ok
11:33:20.0898 3324 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
11:33:20.0899 3324 Appinfo - ok
11:33:21.0120 3324 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:33:21.0133 3324 Apple Mobile Device - ok
11:33:21.0294 3324 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
11:33:21.0307 3324 arc - ok
11:33:21.0331 3324 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
11:33:21.0348 3324 arcsas - ok
11:33:21.0455 3324 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
11:33:21.0469 3324 AsyncMac - ok
11:33:21.0498 3324 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
11:33:21.0520 3324 atapi - ok
11:33:21.0613 3324 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\windows\system32\DRIVERS\athrx.sys
11:33:21.0630 3324 athr - ok
11:33:21.0729 3324 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
11:33:21.0733 3324 AudioEndpointBuilder - ok
11:33:21.0749 3324 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
11:33:21.0754 3324 AudioSrv - ok
11:33:21.0874 3324 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
11:33:21.0886 3324 AxInstSV - ok
11:33:22.0004 3324 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
11:33:22.0023 3324 b06bdrv - ok
11:33:22.0100 3324 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
11:33:22.0105 3324 b57nd60a - ok
11:33:22.0172 3324 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
11:33:22.0174 3324 BDESVC - ok
11:33:22.0226 3324 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
11:33:22.0227 3324 Beep - ok
11:33:22.0450 3324 [ 446B2C459A7D11CD71350235D6977E2A ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101123.003\BHDrvx64.sys
11:33:22.0456 3324 BHDrvx64 - ok
11:33:22.0558 3324 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
11:33:22.0587 3324 BITS - ok
11:33:22.0620 3324 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
11:33:22.0621 3324 blbdrive - ok
11:33:22.0774 3324 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:33:22.0780 3324 Bonjour Service - ok
11:33:22.0801 3324 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
11:33:22.0802 3324 bowser - ok
11:33:22.0857 3324 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
11:33:23.0119 3324 BrFiltLo - ok
11:33:23.0154 3324 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
11:33:23.0205 3324 BrFiltUp - ok
11:33:23.0255 3324 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
11:33:23.0258 3324 BridgeMP - ok
11:33:23.0459 3324 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\windows\System32\browser.dll
11:33:23.0460 3324 Browser - ok
11:33:23.0472 3324 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
11:33:23.0477 3324 Brserid - ok
11:33:23.0564 3324 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
11:33:23.0566 3324 BrSerWdm - ok
11:33:23.0613 3324 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
11:33:23.0624 3324 BrUsbMdm - ok
11:33:23.0651 3324 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
11:33:23.0653 3324 BrUsbSer - ok
11:33:23.0683 3324 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
11:33:23.0697 3324 BTHMODEM - ok
11:33:23.0757 3324 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
11:33:23.0764 3324 bthserv - ok
11:33:23.0776 3324 catchme - ok
11:33:24.0054 3324 [ DA66E851E76766D2C84502FE682AB175 ] ccHP C:\windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys
11:33:24.0060 3324 ccHP - ok
11:33:24.0102 3324 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
11:33:24.0104 3324 cdfs - ok
11:33:24.0145 3324 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\drivers\cdrom.sys
11:33:24.0148 3324 cdrom - ok
11:33:24.0264 3324 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
11:33:24.0280 3324 CertPropSvc - ok
11:33:24.0455 3324 [ 837FF2D497880198C918E6954DBD170C ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
11:33:24.0590 3324 cfWiMAXService - ok
11:33:24.0732 3324 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
11:33:24.0748 3324 circlass - ok
11:33:24.0849 3324 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
11:33:24.0883 3324 CLFS - ok
11:33:25.0099 3324 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:33:25.0644 3324 clr_optimization_v2.0.50727_32 - ok
11:33:25.0732 3324 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:33:25.0888 3324 clr_optimization_v2.0.50727_64 - ok
11:33:26.0011 3324 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:33:26.0530 3324 clr_optimization_v4.0.30319_32 - ok
11:33:26.0615 3324 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:33:26.0849 3324 clr_optimization_v4.0.30319_64 - ok
11:33:26.0896 3324 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
11:33:26.0897 3324 CmBatt - ok
11:33:26.0980 3324 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
11:33:27.0049 3324 cmdide - ok
11:33:27.0076 3324 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\windows\system32\Drivers\cng.sys
11:33:27.0101 3324 CNG - ok
11:33:27.0165 3324 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
11:33:27.0200 3324 Compbatt - ok
11:33:27.0242 3324 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
11:33:27.0243 3324 CompositeBus - ok
11:33:27.0281 3324 COMSysApp - ok
11:33:27.0341 3324 [ D252C53BCDFC199BBA55EEB10CDB266E ] ConfigFree Gadget Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
11:33:27.0386 3324 ConfigFree Gadget Service - ok
11:33:27.0402 3324 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
11:33:27.0417 3324 ConfigFree Service - ok
11:33:27.0497 3324 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
11:33:27.0534 3324 crcdisk - ok
11:33:27.0659 3324 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
11:33:27.0662 3324 CryptSvc - ok
11:33:27.0731 3324 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
11:33:27.0738 3324 DcomLaunch - ok
11:33:27.0801 3324 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
11:33:27.0831 3324 defragsvc - ok
11:33:27.0871 3324 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
11:33:27.0872 3324 DfsC - ok
11:33:28.0003 3324 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
11:33:28.0010 3324 Dhcp - ok
11:33:28.0065 3324 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
11:33:28.0066 3324 discache - ok
11:33:28.0152 3324 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
11:33:28.0194 3324 Disk - ok
11:33:28.0265 3324 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
11:33:28.0270 3324 Dnscache - ok
11:33:28.0460 3324 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
11:33:28.0489 3324 dot3svc - ok
11:33:28.0546 3324 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
11:33:28.0548 3324 DPS - ok
11:33:28.0642 3324 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
11:33:28.0668 3324 drmkaud - ok
11:33:28.0675 3324 dwaqoify - ok
11:33:28.0832 3324 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
11:33:29.0044 3324 DXGKrnl - ok
11:33:29.0132 3324 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
11:33:29.0135 3324 EapHost - ok
11:33:29.0460 3324 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
11:33:29.0608 3324 ebdrv - ok
11:33:29.0728 3324 [ 066108AE4C35835081598827A1A7D08D ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
11:33:29.0733 3324 eeCtrl - ok
11:33:29.0806 3324 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
11:33:29.0808 3324 EFS - ok
11:33:30.0016 3324 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
11:33:30.0070 3324 ehRecvr - ok
11:33:30.0137 3324 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
11:33:30.0146 3324 ehSched - ok
11:33:30.0252 3324 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
11:33:30.0268 3324 elxstor - ok
11:33:30.0318 3324 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
11:33:30.0344 3324 ErrDev - ok
11:33:30.0480 3324 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
11:33:30.0484 3324 EventSystem - ok
11:33:30.0490 3324 evhgqgzl - ok
11:33:30.0547 3324 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
11:33:30.0568 3324 exfat - ok
11:33:30.0589 3324 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
11:33:30.0597 3324 fastfat - ok
11:33:30.0790 3324 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
11:33:30.0796 3324 Fax - ok
11:33:30.0855 3324 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
11:33:30.0856 3324 fdc - ok
11:33:30.0895 3324 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
11:33:30.0895 3324 fdPHost - ok
11:33:30.0912 3324 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
11:33:30.0913 3324 FDResPub - ok
11:33:30.0926 3324 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
11:33:30.0959 3324 FileInfo - ok
11:33:30.0985 3324 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
11:33:30.0986 3324 Filetrace - ok
11:33:31.0041 3324 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
11:33:31.0042 3324 flpydisk - ok
11:33:31.0076 3324 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
11:33:31.0078 3324 FltMgr - ok
11:33:31.0226 3324 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
11:33:31.0258 3324 FontCache - ok
11:33:31.0309 3324 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:33:31.0322 3324 FontCache3.0.0.0 - ok
11:33:31.0366 3324 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
11:33:31.0372 3324 FsDepends - ok
11:33:31.0398 3324 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
11:33:31.0399 3324 Fs_Rec - ok
11:33:31.0433 3324 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
11:33:31.0449 3324 fvevol - ok
11:33:31.0574 3324 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
11:33:31.0583 3324 gagp30kx - ok
11:33:31.0742 3324 [ 4FBCCBDD99A75C9EFBC90392CF32AF61 ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
11:33:31.0915 3324 GameConsoleService - ok
11:33:31.0979 3324 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
11:33:31.0980 3324 GEARAspiWDM - ok
11:33:32.0054 3324 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
11:33:32.0059 3324 gpsvc - ok
11:33:32.0183 3324 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1cab43fda26aa46 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:33:32.0185 3324 gupdate1cab43fda26aa46 - ok
11:33:32.0234 3324 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:33:32.0236 3324 gupdatem - ok
11:33:32.0298 3324 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:33:32.0321 3324 gusvc - ok
11:33:32.0357 3324 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
11:33:32.0359 3324 hcw85cir - ok
11:33:32.0412 3324 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
11:33:32.0419 3324 HdAudAddService - ok
11:33:32.0459 3324 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
11:33:32.0460 3324 HDAudBus - ok
11:33:32.0469 3324 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
11:33:32.0518 3324 HidBatt - ok
11:33:32.0555 3324 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
11:33:32.0558 3324 HidBth - ok
11:33:32.0582 3324 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
11:33:32.0584 3324 HidIr - ok
11:33:32.0621 3324 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
11:33:32.0634 3324 hidserv - ok
11:33:32.0685 3324 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
11:33:32.0686 3324 HidUsb - ok
11:33:32.0743 3324 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
11:33:32.0753 3324 hkmsvc - ok
11:33:32.0792 3324 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
11:33:32.0797 3324 HomeGroupListener - ok
11:33:32.0827 3324 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
11:33:32.0831 3324 HomeGroupProvider - ok
11:33:32.0878 3324 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
11:33:32.0881 3324 HpSAMD - ok
11:33:32.0932 3324 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
11:33:32.0940 3324 HTTP - ok
11:33:33.0162 3324 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
11:33:33.0198 3324 hwpolicy - ok
11:33:33.0241 3324 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
11:33:33.0242 3324 i8042prt - ok
11:33:33.0311 3324 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
11:33:33.0315 3324 iaStor - ok
11:33:33.0368 3324 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
11:33:33.0389 3324 iaStorV - ok
11:33:33.0467 3324 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:33:33.0481 3324 idsvc - ok
11:33:33.0622 3324 [ 6F9B281BC4AFFF5FE784D7DA699D347F ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110223.001\IDSvia64.sys
11:33:33.0628 3324 IDSVia64 - ok
11:33:34.0110 3324 [ 3C3F27002ABC69C5AFE29CBE6CF7ADDF ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
11:33:34.0152 3324 igfx - ok
11:33:34.0175 3324 ihihllmr - ok
11:33:34.0200 3324 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
11:33:34.0202 3324 iirsp - ok
11:33:34.0265 3324 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
11:33:34.0282 3324 IKEEXT - ok
11:33:34.0430 3324 [ B6E61B181884527CC5B68C2D79504B43 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
11:33:34.0449 3324 IntcAzAudAddService - ok
11:33:34.0572 3324 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
11:33:34.0582 3324 intelide - ok
11:33:34.0621 3324 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
11:33:34.0623 3324 intelppm - ok
11:33:34.0662 3324 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
11:33:34.0665 3324 IPBusEnum - ok
11:33:34.0699 3324 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
11:33:34.0702 3324 IpFilterDriver - ok
11:33:34.0737 3324 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
11:33:34.0754 3324 IPMIDRV - ok
11:33:34.0763 3324 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
11:33:34.0767 3324 IPNAT - ok
11:33:34.0878 3324 [ EE4C2A137C7088911A8919EFFC9812E7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:33:34.0887 3324 iPod Service - ok
11:33:34.0951 3324 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
11:33:34.0952 3324 IRENUM - ok
11:33:34.0970 3324 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
11:33:34.0972 3324 isapnp - ok
11:33:34.0994 3324 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
11:33:34.0999 3324 iScsiPrt - ok
11:33:35.0024 3324 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
11:33:35.0025 3324 kbdclass - ok
11:33:35.0057 3324 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
11:33:35.0058 3324 kbdhid - ok
11:33:35.0084 3324 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
11:33:35.0086 3324 KeyIso - ok
11:33:35.0128 3324 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
11:33:35.0145 3324 KSecDD - ok
11:33:35.0167 3324 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
11:33:35.0171 3324 KSecPkg - ok
11:33:35.0185 3324 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
11:33:35.0186 3324 ksthunk - ok
11:33:35.0233 3324 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
11:33:35.0241 3324 KtmRm - ok
11:33:35.0393 3324 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
11:33:35.0398 3324 LanmanServer - ok
11:33:35.0454 3324 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
11:33:35.0458 3324 LanmanWorkstation - ok
11:33:35.0780 3324 [ 3C879D04BB6466E2853C3155B635CC45 ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
11:33:35.0815 3324 LeapFrog Connect Device Service - ok
11:33:35.0883 3324 [ 797289607A5EBF31353AA5EAD141F872 ] Leapfrog-USBLAN C:\windows\system32\DRIVERS\btblan.sys
11:33:35.0885 3324 Leapfrog-USBLAN - ok
11:33:35.0958 3324 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
11:33:35.0959 3324 lltdio - ok
11:33:36.0018 3324 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
11:33:36.0025 3324 lltdsvc - ok
11:33:36.0046 3324 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
11:33:36.0048 3324 lmhosts - ok
11:33:36.0087 3324 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
11:33:36.0090 3324 LSI_FC - ok
11:33:36.0099 3324 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
11:33:36.0103 3324 LSI_SAS - ok
11:33:36.0139 3324 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
11:33:36.0142 3324 LSI_SAS2 - ok
11:33:36.0181 3324 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
11:33:36.0184 3324 LSI_SCSI - ok
11:33:36.0213 3324 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
11:33:36.0214 3324 luafv - ok
11:33:36.0376 3324 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
11:33:36.0400 3324 Mcx2Svc - ok
11:33:36.0435 3324 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
11:33:36.0438 3324 megasas - ok
11:33:36.0464 3324 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
11:33:36.0481 3324 MegaSR - ok
11:33:36.0515 3324 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
11:33:36.0518 3324 MMCSS - ok
11:33:36.0538 3324 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
11:33:36.0539 3324 Modem - ok
11:33:36.0583 3324 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
11:33:36.0584 3324 monitor - ok
11:33:36.0611 3324 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
11:33:36.0612 3324 mouclass - ok
11:33:36.0619 3324 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
11:33:36.0621 3324 mouhid - ok
11:33:36.0657 3324 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
11:33:36.0659 3324 mountmgr - ok
11:33:36.0696 3324 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
11:33:36.0697 3324 MpFilter - ok
11:33:36.0745 3324 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
11:33:37.0009 3324 mpio - ok
11:33:37.0028 3324 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
11:33:37.0031 3324 mpsdrv - ok
11:33:37.0063 3324 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
11:33:37.0067 3324 MRxDAV - ok
11:33:37.0129 3324 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
11:33:37.0131 3324 mrxsmb - ok
11:33:37.0149 3324 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
11:33:37.0152 3324 mrxsmb10 - ok
11:33:37.0172 3324 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
11:33:37.0174 3324 mrxsmb20 - ok
11:33:37.0318 3324 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
11:33:37.0320 3324 msahci - ok
11:33:37.0357 3324 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
11:33:37.0361 3324 msdsm - ok
11:33:37.0393 3324 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
11:33:37.0398 3324 MSDTC - ok
11:33:37.0434 3324 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
11:33:37.0435 3324 Msfs - ok
11:33:37.0607 3324 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
11:33:37.0780 3324 mshidkmdf - ok
11:33:37.0797 3324 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
11:33:37.0798 3324 msisadrv - ok
11:33:37.0850 3324 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
11:33:37.0867 3324 MSiSCSI - ok
11:33:37.0873 3324 msiserver - ok
11:33:37.0909 3324 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
11:33:37.0911 3324 MSKSSRV - ok
11:33:37.0957 3324 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
11:33:37.0958 3324 MsMpSvc - ok
11:33:37.0992 3324 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
11:33:37.0994 3324 MSPCLOCK - ok
11:33:38.0012 3324 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
11:33:38.0013 3324 MSPQM - ok
11:33:38.0048 3324 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
11:33:38.0067 3324 MsRPC - ok
11:33:38.0098 3324 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
11:33:38.0100 3324 mssmbios - ok
11:33:38.0150 3324 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
11:33:38.0166 3324 MSTEE - ok
11:33:38.0183 3324 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
11:33:38.0185 3324 MTConfig - ok
11:33:38.0212 3324 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
11:33:38.0214 3324 Mup - ok
11:33:38.0285 3324 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
11:33:38.0291 3324 napagent - ok
11:33:38.0370 3324 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
11:33:38.0372 3324 NativeWifiP - ok
11:33:38.0390 3324 NAVENG - ok
11:33:38.0394 3324 NAVEX15 - ok
11:33:38.0464 3324 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\windows\system32\drivers\ndis.sys
11:33:38.0478 3324 NDIS - ok
11:33:38.0529 3324 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
11:33:38.0531 3324 NdisCap - ok
11:33:38.0551 3324 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
11:33:38.0552 3324 NdisTapi - ok
11:33:38.0578 3324 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
11:33:38.0579 3324 Ndisuio - ok
11:33:38.0856 3324 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
11:33:38.0858 3324 NdisWan - ok
11:33:38.0993 3324 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
11:33:38.0994 3324 NDProxy - ok
11:33:39.0017 3324 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
11:33:39.0019 3324 NetBIOS - ok
11:33:39.0054 3324 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
11:33:39.0056 3324 NetBT - ok
11:33:39.0073 3324 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
11:33:39.0075 3324 Netlogon - ok
11:33:39.0116 3324 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
11:33:39.0119 3324 Netman - ok
11:33:39.0146 3324 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
11:33:39.0151 3324 netprofm - ok
11:33:39.0221 3324 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:33:39.0230 3324 NetTcpPortSharing - ok
11:33:39.0273 3324 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
11:33:39.0275 3324 nfrd960 - ok
11:33:39.0391 3324 [ 8E643FD5F38FA9A2EDA27268A1E9499F ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
11:33:39.0411 3324 NIS - ok
11:33:39.0466 3324 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
11:33:39.0478 3324 NisDrv - ok
11:33:39.0522 3324 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
11:33:39.0527 3324 NisSrv - ok
11:33:39.0575 3324 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
11:33:39.0578 3324 NlaSvc - ok
11:33:39.0617 3324 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
11:33:39.0618 3324 Npfs - ok
11:33:39.0669 3324 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
11:33:39.0677 3324 nsi - ok
11:33:39.0702 3324 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
11:33:39.0703 3324 nsiproxy - ok
11:33:39.0862 3324 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
11:33:39.0907 3324 Ntfs - ok
11:33:39.0929 3324 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
11:33:39.0930 3324 Null - ok
11:33:39.0960 3324 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
11:33:39.0962 3324 nvraid - ok
11:33:39.0972 3324 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
11:33:39.0975 3324 nvstor - ok
11:33:39.0991 3324 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
11:33:39.0993 3324 nv_agp - ok
11:33:40.0143 3324 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:33:40.0204 3324 odserv - ok
11:33:40.0234 3324 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
11:33:40.0236 3324 ohci1394 - ok
11:33:40.0308 3324 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:33:40.0337 3324 ose - ok
11:33:40.0386 3324 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
11:33:40.0396 3324 p2pimsvc - ok
11:33:40.0426 3324 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
11:33:40.0435 3324 p2psvc - ok
11:33:40.0474 3324 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
11:33:40.0476 3324 Parport - ok
11:33:40.0499 3324 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
11:33:40.0502 3324 partmgr - ok
11:33:40.0539 3324 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
11:33:40.0543 3324 PcaSvc - ok
11:33:40.0572 3324 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
11:33:40.0744 3324 pci - ok
11:33:40.0786 3324 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
11:33:40.0793 3324 pciide - ok
11:33:40.0831 3324 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
11:33:40.0842 3324 pcmcia - ok
11:33:40.0856 3324 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
11:33:40.0858 3324 pcw - ok
11:33:40.0905 3324 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
11:33:40.0911 3324 PEAUTH - ok
11:33:41.0056 3324 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
11:33:41.0058 3324 PerfHost - ok
11:33:41.0099 3324 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
11:33:41.0110 3324 PGEffect - ok
11:33:41.0219 3324 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
11:33:41.0242 3324 pla - ok
11:33:41.0314 3324 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
11:33:41.0318 3324 PlugPlay - ok
11:33:41.0385 3324 [ 55F3EE8A42CFC089C8DF3327125DC4B1 ] PMCF C:\windows\system32\drivers\PMCF.sys
11:33:41.0386 3324 PMCF - ok
11:33:41.0402 3324 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
11:33:41.0411 3324 PNRPAutoReg - ok
11:33:41.0441 3324 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
11:33:41.0446 3324 PNRPsvc - ok
11:33:41.0612 3324 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
11:33:41.0624 3324 PolicyAgent - ok
11:33:41.0669 3324 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
11:33:41.0673 3324 Power - ok
11:33:41.0738 3324 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
11:33:41.0739 3324 PptpMiniport - ok
11:33:41.0762 3324 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
11:33:41.0797 3324 Processor - ok
11:33:41.0849 3324 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\windows\system32\profsvc.dll
11:33:41.0853 3324 ProfSvc - ok
11:33:41.0873 3324 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
11:33:41.0875 3324 ProtectedStorage - ok
11:33:41.0922 3324 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
11:33:41.0924 3324 Psched - ok
11:33:42.0104 3324 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
11:33:42.0161 3324 ql2300 - ok
11:33:42.0201 3324 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
11:33:42.0216 3324 ql40xx - ok
11:33:42.0251 3324 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
11:33:42.0258 3324 QWAVE - ok
11:33:42.0277 3324 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
11:33:42.0278 3324 QWAVEdrv - ok
11:33:42.0296 3324 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
11:33:42.0297 3324 RasAcd - ok
11:33:42.0345 3324 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
11:33:42.0346 3324 RasAgileVpn - ok
11:33:42.0387 3324 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
11:33:42.0390 3324 RasAuto - ok
11:33:42.0421 3324 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
11:33:42.0421 3324 Rasl2tp - ok
11:33:42.0453 3324 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
11:33:42.0453 3324 RasMan - ok
11:33:42.0484 3324 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
11:33:42.0484 3324 RasPppoe - ok
11:33:42.0531 3324 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
11:33:42.0531 3324 RasSstp - ok
11:33:42.0562 3324 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
11:33:42.0562 3324 rdbss - ok
11:33:42.0593 3324 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
11:33:42.0609 3324 rdpbus - ok
11:33:42.0624 3324 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
11:33:42.0624 3324 RDPCDD - ok
11:33:42.0640 3324 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
11:33:42.0640 3324 RDPENCDD - ok
11:33:42.0655 3324 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
11:33:42.0655 3324 RDPREFMP - ok
11:33:42.0702 3324 [ 6D76E6433574B058ADCB0C50DF834492 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
11:33:42.0718 3324 RDPWD - ok
11:33:42.0765 3324 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
11:33:42.0765 3324 rdyboost - ok
11:33:42.0796 3324 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
11:33:42.0811 3324 RemoteAccess - ok
11:33:42.0843 3324 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
11:33:42.0843 3324 RemoteRegistry - ok
11:33:42.0889 3324 [ E20B1907FC72A3664ECE21E3C20FC63D ] rimspci C:\windows\system32\DRIVERS\rimspe64.sys
11:33:42.0889 3324 rimspci - ok
11:33:42.0921 3324 RimUsb - ok
11:33:42.0936 3324 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\windows\system32\DRIVERS\RimSerial_AMD64.sys
11:33:42.0936 3324 RimVSerPort - ok
11:33:42.0983 3324 [ 7DDA2E5CF452DAD24B1BE704225C18EE ] risdpcie C:\windows\system32\DRIVERS\risdpe64.sys
11:33:42.0983 3324 risdpcie - ok
11:33:43.0014 3324 [ 6A1CD4674505E6791390A1AB71DA1FBE ] rixdpcie C:\windows\system32\DRIVERS\rixdpe64.sys
11:33:43.0014 3324 rixdpcie - ok
11:33:43.0061 3324 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\windows\system32\Drivers\RootMdm.sys
11:33:43.0061 3324 ROOTMODEM - ok
11:33:43.0092 3324 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
11:33:43.0092 3324 RpcEptMapper - ok
11:33:43.0186 3324 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
11:33:43.0217 3324 RpcLocator - ok
11:33:43.0264 3324 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\System32\rpcss.dll
11:33:43.0264 3324 RpcSs - ok
11:33:43.0326 3324 RSELSVC - ok
11:33:43.0357 3324 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
11:33:43.0357 3324 rspndr - ok
11:33:43.0451 3324 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
11:33:43.0451 3324 RTL8167 - ok
11:33:43.0545 3324 [ 7475548B0BA58EBA4D12414FC9E9DFE6 ] rtl8192se C:\windows\system32\DRIVERS\rtl8192se.sys
11:33:43.0560 3324 rtl8192se - ok
11:33:43.0591 3324 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
11:33:43.0591 3324 SamSs - ok
11:33:43.0669 3324 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
11:33:43.0669 3324 sbp2port - ok
11:33:43.0701 3324 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
11:33:43.0716 3324 SCardSvr - ok
11:33:43.0841 3324 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
11:33:43.0857 3324 scfilter - ok
11:33:44.0122 3324 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
11:33:44.0137 3324 Schedule - ok
11:33:44.0215 3324 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
11:33:44.0215 3324 SCPolicySvc - ok
11:33:44.0262 3324 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\windows\system32\drivers\sdbus.sys
11:33:44.0262 3324 sdbus - ok
11:33:44.0309 3324 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
11:33:44.0325 3324 SDRSVC - ok
11:33:44.0481 3324 [ 331E7BDE228914574FC9AE6CD520DAFA ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
11:33:44.0496 3324 SeaPort - ok
11:33:44.0543 3324 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
11:33:44.0543 3324 secdrv - ok
11:33:44.0590 3324 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
11:33:44.0590 3324 seclogon - ok
11:33:44.0637 3324 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
11:33:44.0637 3324 SENS - ok
11:33:44.0683 3324 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
11:33:44.0699 3324 SensrSvc - ok
11:33:44.0730 3324 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
11:33:44.0730 3324 Serenum - ok
11:33:44.0761 3324 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
11:33:44.0761 3324 Serial - ok
11:33:44.0777 3324 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
11:33:44.0777 3324 sermouse - ok
11:33:44.0902 3324 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
11:33:44.0917 3324 SessionEnv - ok
11:33:44.0949 3324 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
11:33:44.0964 3324 sffdisk - ok
11:33:44.0964 3324 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
11:33:44.0964 3324 sffp_mmc - ok
11:33:44.0980 3324 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
11:33:44.0980 3324 sffp_sd - ok
11:33:44.0995 3324 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
11:33:44.0995 3324 sfloppy - ok
11:33:45.0136 3324 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
11:33:45.0136 3324 ShellHWDetection - ok
11:33:45.0198 3324 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
11:33:45.0198 3324 SiSRaid2 - ok
11:33:45.0229 3324 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
11:33:45.0245 3324 SiSRaid4 - ok
11:33:45.0245 3324 slraiubz - ok
11:33:45.0261 3324 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
11:33:45.0261 3324 Smb - ok
11:33:45.0307 3324 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
11:33:45.0307 3324 SNMPTRAP - ok
11:33:45.0354 3324 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
11:33:45.0354 3324 spldr - ok
11:33:45.0463 3324 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\windows\System32\spoolsv.exe
11:33:45.0479 3324 Spooler - ok
11:33:45.0760 3324 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
11:33:45.0885 3324 sppsvc - ok
11:33:45.0916 3324 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
11:33:45.0916 3324 sppuinotify - ok
11:33:46.0041 3324 [ 96BABC4906ECDB1C69D1176F8647AD8E ] SRTSP C:\windows\System32\Drivers\NISx64\1108000.005\SRTSP64.SYS
11:33:46.0056 3324 SRTSP - ok
11:33:46.0087 3324 [ C7F491A290E0E4222F5CDCD50EEB8167 ] SRTSPX C:\windows\system32\drivers\NISx64\1108000.005\SRTSPX64.SYS
11:33:46.0087 3324 SRTSPX - ok
11:33:46.0150 3324 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
11:33:46.0150 3324 srv - ok
11:33:46.0181 3324 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
11:33:46.0197 3324 srv2 - ok
11:33:46.0228 3324 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
11:33:46.0228 3324 srvnet - ok
11:33:46.0290 3324 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
11:33:46.0290 3324 SSDPSRV - ok
11:33:46.0337 3324 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
11:33:46.0353 3324 SstpSvc - ok
11:33:46.0384 3324 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
11:33:46.0384 3324 stexstor - ok
11:33:46.0477 3324 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
11:33:46.0493 3324 stisvc - ok
11:33:46.0555 3324 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
11:33:46.0555 3324 swenum - ok
11:33:46.0649 3324 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
11:33:46.0649 3324 swprv - ok
11:33:46.0696 3324 [ 659B227A72B76115975A6A9491B2FE1F ] SymDS C:\windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS
11:33:46.0711 3324 SymDS - ok
11:33:46.0743 3324 [ 42C952D131EFF724A9959BB6D78C1B63 ] SymEFA C:\windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS
11:33:46.0743 3324 SymEFA - ok
11:33:46.0789 3324 [ 3F9D5FE52585E2653E59FDBFDF09A94C ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS
11:33:46.0789 3324 SymEvent - ok
11:33:46.0836 3324 [ F57588546E738DB1583981D8F44E9BC2 ] SymIRON C:\windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS
11:33:46.0836 3324 SymIRON - ok
11:33:46.0883 3324 [ 8ABB6E5B7D75CD3F0A988695D0D9186A ] SYMTDIv C:\windows\System32\Drivers\NISx64\1108000.005\SYMTDIV.SYS
11:33:46.0883 3324 SYMTDIv - ok
11:33:46.0977 3324 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
11:33:46.0992 3324 SysMain - ok
11:33:47.0257 3324 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
11:33:47.0257 3324 TabletInputService - ok
11:33:47.0273 3324 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
11:33:47.0304 3324 TapiSrv - ok
11:33:47.0335 3324 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
11:33:47.0335 3324 TBS - ok
11:33:47.0460 3324 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\windows\system32\drivers\tcpip.sys
11:33:47.0554 3324 Tcpip - ok
11:33:47.0632 3324 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
11:33:47.0647 3324 TCPIP6 - ok
11:33:47.0866 3324 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
11:33:47.0866 3324 tcpipreg - ok
11:33:47.0944 3324 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
11:33:47.0944 3324 tdcmdpst - ok
11:33:48.0006 3324 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
11:33:48.0006 3324 TDPIPE - ok
11:33:48.0022 3324 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
11:33:48.0022 3324 TDTCP - ok
11:33:48.0069 3324 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
11:33:48.0069 3324 tdx - ok
11:33:48.0131 3324 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
11:33:48.0131 3324 TermDD - ok
11:33:48.0178 3324 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
11:33:48.0193 3324 TermService - ok
11:33:48.0240 3324 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
11:33:48.0240 3324 Themes - ok
11:33:48.0271 3324 [ C013F6ACAA9761F571BD28DADA7C157D ] Thpdrv C:\windows\system32\DRIVERS\thpdrv.sys
11:33:48.0287 3324 Thpdrv - ok
11:33:48.0349 3324 [ B4E609047434ED948AF7BDEF2FA66E38 ] Thpevm C:\windows\system32\DRIVERS\Thpevm.SYS
11:33:48.0349 3324 Thpevm - ok
11:33:48.0505 3324 [ 6146EAC71AE3C9DA17B0E33632082B7B ] Thpsrv C:\windows\system32\ThpSrv.exe
11:33:48.0521 3324 Thpsrv - ok
11:33:48.0568 3324 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
11:33:48.0583 3324 THREADORDER - ok
11:33:48.0615 3324 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe
11:33:48.0615 3324 TODDSrv - ok
11:33:48.0771 3324 [ 06C61275ADC64F1E36240A2287998A5E ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
11:33:48.0771 3324 TosCoSrv - ok
11:33:48.0849 3324 [ DD58E1250F604CBBADDA04575E5E2376 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
11:33:48.0849 3324 TOSHIBA HDD SSD Alert Service - ok
11:33:48.0880 3324 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys
11:33:48.0895 3324 tos_sps64 - ok
11:33:49.0036 3324 [ DE64C52BD0671165CF2EEBF2A728A3E2 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
11:33:49.0067 3324 TPCHSrv - ok
11:33:49.0098 3324 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
11:33:49.0114 3324 TrkWks - ok
11:33:49.0223 3324 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
11:33:49.0254 3324 TrustedInstaller - ok
11:33:49.0301 3324 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
11:33:49.0301 3324 tssecsrv - ok
11:33:49.0332 3324 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
11:33:49.0348 3324 TsUsbFlt - ok
11:33:49.0395 3324 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
11:33:49.0395 3324 tunnel - ok
11:33:49.0457 3324 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
11:33:49.0457 3324 TVALZ - ok
11:33:49.0504 3324 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
11:33:49.0504 3324 TVALZFL - ok
11:33:49.0535 3324 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
11:33:49.0535 3324 uagp35 - ok
11:33:49.0738 3324 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
11:33:49.0753 3324 udfs - ok
11:33:49.0847 3324 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
11:33:49.0847 3324 UI0Detect - ok
11:33:49.0909 3324 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
11:33:49.0909 3324 uliagpkx - ok
11:33:49.0941 3324 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
11:33:49.0941 3324 umbus - ok
11:33:49.0987 3324 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
11:33:50.0019 3324 UmPass - ok
11:33:50.0050 3324 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
11:33:50.0065 3324 upnphost - ok
11:33:50.0112 3324 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
11:33:50.0128 3324 USBAAPL64 - ok
11:33:50.0159 3324 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
11:33:50.0175 3324 usbaudio - ok
11:33:50.0206 3324 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
11:33:50.0221 3324 usbccgp - ok
11:33:50.0253 3324 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
11:33:50.0268 3324 usbcir - ok
11:33:50.0299 3324 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
11:33:50.0299 3324 usbehci - ok
11:33:50.0346 3324 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
11:33:50.0346 3324 usbhub - ok
11:33:50.0409 3324 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
11:33:50.0455 3324 usbohci - ok
11:33:50.0502 3324 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
11:33:50.0502 3324 usbprint - ok
11:33:50.0549 3324 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
11:33:50.0549 3324 usbscan - ok
11:33:50.0580 3324 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
11:33:50.0580 3324 USBSTOR - ok
11:33:50.0596 3324 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
11:33:50.0596 3324 usbuhci - ok
11:33:50.0658 3324 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
11:33:50.0674 3324 usbvideo - ok
11:33:50.0689 3324 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
11:33:50.0689 3324 UxSms - ok
11:33:50.0705 3324 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
11:33:50.0721 3324 VaultSvc - ok
11:33:50.0752 3324 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
11:33:50.0752 3324 vdrvroot - ok
11:33:50.0861 3324 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
11:33:50.0892 3324 vds - ok
11:33:50.0923 3324 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
11:33:50.0923 3324 vga - ok
11:33:50.0955 3324 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
11:33:50.0955 3324 VgaSave - ok
11:33:51.0001 3324 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
11:33:51.0017 3324 vhdmp - ok
11:33:51.0033 3324 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
11:33:51.0033 3324 viaide - ok
11:33:51.0064 3324 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
11:33:51.0064 3324 volmgr - ok
11:33:51.0095 3324 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
11:33:51.0095 3324 volmgrx - ok
11:33:51.0126 3324 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
11:33:51.0126 3324 volsnap - ok
11:33:51.0173 3324 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
11:33:51.0189 3324 vsmraid - ok
11:33:51.0267 3324 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
11:33:51.0329 3324 VSS - ok
11:33:51.0376 3324 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
11:33:51.0376 3324 vwifibus - ok
11:33:51.0454 3324 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
11:33:51.0454 3324 vwififlt - ok
11:33:51.0501 3324 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
11:33:51.0501 3324 vwifimp - ok
11:33:51.0594 3324 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
11:33:51.0610 3324 W32Time - ok
11:33:51.0641 3324 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
11:33:51.0657 3324 WacomPen - ok
11:33:51.0813 3324 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
11:33:51.0813 3324 WANARP - ok
11:33:51.0828 3324 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
11:33:51.0828 3324 Wanarpv6 - ok
11:33:52.0359 3324 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
11:33:52.0437 3324 WatAdminSvc - ok
11:33:52.0577 3324 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
11:33:52.0749 3324 wbengine - ok
11:33:52.0795 3324 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
11:33:52.0811 3324 WbioSrvc - ok
11:33:52.0858 3324 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
11:33:52.0889 3324 wcncsvc - ok
11:33:52.0905 3324 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
11:33:52.0920 3324 WcsPlugInService - ok
11:33:53.0201 3324 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
11:33:53.0201 3324 Wd - ok
11:33:53.0295 3324 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
11:33:53.0388 3324 Wdf01000 - ok
11:33:53.0435 3324 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
11:33:53.0435 3324 WdiServiceHost - ok
11:33:53.0435 3324 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
11:33:53.0451 3324 WdiSystemHost - ok
11:33:53.0544 3324 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
11:33:53.0560 3324 WebClient - ok
11:33:53.0591 3324 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
11:33:53.0591 3324 Wecsvc - ok
11:33:53.0622 3324 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
11:33:53.0622 3324 wercplsupport - ok
11:33:53.0669 3324 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
11:33:53.0669 3324 WerSvc - ok
11:33:53.0731 3324 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
11:33:53.0731 3324 WfpLwf - ok
11:33:53.0747 3324 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
11:33:53.0763 3324 WIMMount - ok
11:33:53.0763 3324 WinHttpAutoProxySvc - ok
11:33:53.0856 3324 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
11:33:53.0856 3324 Winmgmt - ok
11:33:54.0028 3324 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
11:33:54.0106 3324 WinRM - ok
11:33:54.0246 3324 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
11:33:54.0262 3324 WinUsb - ok
11:33:54.0355 3324 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
11:33:54.0371 3324 Wlansvc - ok
11:33:54.0511 3324 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:33:54.0527 3324 wlidsvc - ok
11:33:54.0558 3324 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
11:33:54.0589 3324 WmiAcpi - ok
11:33:54.0621 3324 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
11:33:54.0652 3324 wmiApSrv - ok
11:33:54.0699 3324 WMPNetworkSvc - ok
11:33:54.0730 3324 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
11:33:54.0761 3324 WPCSvc - ok
11:33:54.0792 3324 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
11:33:54.0792 3324 WPDBusEnum - ok
11:33:54.0823 3324 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
11:33:54.0823 3324 ws2ifsl - ok
11:33:54.0839 3324 WSearch - ok
11:33:55.0011 3324 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
11:33:55.0089 3324 wuauserv - ok
11:33:55.0104 3324 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
11:33:55.0104 3324 WudfPf - ok
11:33:55.0276 3324 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
11:33:55.0307 3324 WUDFRd - ok
11:33:55.0541 3324 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
11:33:55.0541 3324 wudfsvc - ok
11:33:55.0572 3324 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
11:33:55.0588 3324 WwanSvc - ok
11:33:55.0713 3324 ================ Scan global ===============================
11:33:55.0728 3324 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
11:33:55.0791 3324 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
11:33:55.0791 3324 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
11:33:55.0837 3324 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
11:33:55.0915 3324 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
11:33:55.0915 3324 [Global] - ok
11:33:55.0915 3324 ================ Scan MBR ==================================
11:33:55.0931 3324 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
11:33:56.0243 3324 \Device\Harddisk0\DR0 - ok
11:33:56.0243 3324 ================ Scan VBR ==================================
11:33:56.0259 3324 [ 96747A29472D97B0043A260435EAA0BD ] \Device\Harddisk0\DR0\Partition1
11:33:56.0259 3324 \Device\Harddisk0\DR0\Partition1 - ok
11:33:56.0259 3324 ============================================================
11:33:56.0259 3324 Scan finished
11:33:56.0259 3324 ============================================================
11:33:56.0274 3268 Detected object count: 0
11:33:56.0274 3268 Actual detected object count: 0
11:34:27.0639 2840 Deinitialize success

Upon attempting to run run awsMBR, the machine experienced a BSOD and rebooted. Here are the Blue Screen parameters. At the time of the blue screen, I could not tel if awsMBR had completed the scan or not. Would you like me to run awsMBR again.
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 109
BCP1: A3A039D8964E25B0
BCP2: B3B7465EE8CC611E
BCP3: FFFFF80000B95080
BCP4: 0000000000000002
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

As of right now I am posting to the forum from the affected laptop, and I do not hear the unwanted audio ads. I also notice that the svchost.exe *32 winrscmde process is no longer running.

Edited by robkbriggs, 06 November 2012 - 01:01 PM.