Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Windows 7 will not reboot. Please help! [Solved]

Started by mikison , Nov 25 2012 08:07 PM

This topic is locked

#1
mikison

Posted 25 November 2012 - 08:07 PM

Member

Member
94 posts

I have a Gateway all-in-one that suddenly stopped working. I tried system restore in safe mode but now the computer will not reboot at all. Windows startup repair does not work at all. I have AVG and it is always up to date so I'm not sure what happened.
I tried following the instructions for AVG reboot CD but my only other computer is an ASUS that does not have a CD drive.
Please help!
Thanks in advance,
Miki

#2
CompCav

Posted 25 November 2012 - 08:22 PM

Member 5k

Expert
12,454 posts

Hi, mikison! My nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out.

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.

Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
You must reply within four days failure to reply will result in the topic being closed!
Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Step 1.

For x32 (x86) bit systems downloadFarbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select English as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
Posted Image

[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

Step 3.

Please post:

FRST.txt

#3
mikison

Posted 25 November 2012 - 08:34 PM

Member

Topic Starter
Member
94 posts

Thank you for your quick reply. Below is the frst.txt file.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2012
Ran by SYSTEM at 25-11-2012 21:31:16
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [TouchORB] C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe [153416 2010-02-03] (Acer Corp.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10103840 2010-03-09] (Realtek Semiconductor)
HKLM\...\Run: [TouchPortal] C:\Program Files (x86)\Gateway\Gateway Touch Suite\TouchPortal.exe [6314016 2010-04-19] (Acer Corp.)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2726728 2010-03-24] (CANON INC.)
HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-09-30] (Creative Technology Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-07-10] (Adobe Systems Incorporated)
HKLM\...\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s [167008 2009-11-23] (CyberLink Corp.)
HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [1016832 2010-02-22] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.)
HKLM-x32\...\Run: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave [815704 2010-07-08] (GlavSoft LLC.)
HKLM-x32\...\Run: [Corel File Shell Monitor] c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe [x]
HKLM-x32\...\Run: [Standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START [105632 2010-08-06] (Corel)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2010-09-07] (Google)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2010-03-02] (CANON INC.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [997320 2012-11-08] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [928096 2012-01-16] ()
HKLM-x32\...\Run: [HFALoader] C:\Program Files (x86)\Hamster Soft\Hamster Free Zip Archiver\HamsterArc.exe -loader [2260480 2012-03-06] (Hamster Soft)
HKLM-x32\...\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized [1466760 2012-05-23] (Garmin)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [296056 2012-06-13] (RealNetworks, Inc.)
HKLM-x32\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [1022048 2012-08-30] ()
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1061960 2012-08-29] (Carbonite, Inc.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] ()
HKU\Owner\...\Run: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)
HKU\Owner\...\Run: [Spotify] "C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [x]
HKU\Owner\...\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler [226904 2007-07-12] (Macrovision Corporation)
HKU\Owner\...\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup [522752 2011-09-07] (Corel, Inc.)
HKU\Owner\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe -update activex [686792 2012-08-20] (Adobe Systems Incorporated)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Auto run of VideoCam Suite 1.0.lnk
ShortcutTarget: Auto run of VideoCam Suite 1.0.lnk -> C:\Program Files (x86)\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe (Matsushita Electric Industrial Co., Ltd.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Device Detector 4.lnk
ShortcutTarget: Device Detector 4.lnk -> C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe (OLYMPUS IMAGING CORP.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Directrec Configuration Tool.lnk
ShortcutTarget: Directrec Configuration Tool.lnk -> C:\Program Files (x86)\OLYMPUS\DirectrecConfig\DirectrecConfigurationTool.exe (OLYMPUS IMAGING CORP.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
ShortcutTarget: Event Reminder.lnk -> C:\Program Files (x86)\The Print Shop 23.1\Remind.exe (Broderbund Properties LLC)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\Users\Owner\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ===================

2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll [4539712 2012-11-09] (Akamai Technologies, Inc.)
3 AppIDSvc; C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [27136 2009-07-13] (Microsoft Corporation)
3 AppIDSvc; C:\Windows\SysWow64\svchost.exe -k LocalServiceAndNoImpersonation [20992 2009-07-13] (Microsoft Corporation)
3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
2 avgfws; "C:\Program Files (x86)\AVG\AVG2012\avgfws.exe" [2321560 2012-06-12] (AVG Technologies CZ, s.r.o.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5167736 2012-08-12] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
3 AxInstSV; C:\Windows\System32\svchost.exe -k AxInstSVGroup [27136 2009-07-13] (Microsoft Corporation)
3 AxInstSV; C:\Windows\SysWow64\svchost.exe -k AxInstSVGroup [20992 2009-07-13] (Microsoft Corporation)
3 Browser; C:\Windows\System32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
3 Browser; C:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
2 DcomLaunch; C:\Windows\System32\svchost.exe -k DcomLaunch [27136 2009-07-13] (Microsoft Corporation)
2 DcomLaunch; C:\Windows\SysWow64\svchost.exe -k DcomLaunch [20992 2009-07-13] (Microsoft Corporation)
2 Dnscache; C:\Windows\System32\svchost.exe -k NetworkService [27136 2009-07-13] (Microsoft Corporation)
2 Dnscache; C:\Windows\SysWow64\svchost.exe -k NetworkService [20992 2009-07-13] (Microsoft Corporation)
3 dot3svc; C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [27136 2009-07-13] (Microsoft Corporation)
3 dot3svc; C:\Windows\SysWow64\svchost.exe -k LocalSystemNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 FontCache; C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [27136 2009-07-13] (Microsoft Corporation)
2 FontCache; C:\Windows\SysWow64\svchost.exe -k LocalServiceAndNoImpersonation [20992 2009-07-13] (Microsoft Corporation)
3 GoogleDesktopManager-051210-111108; "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2010-09-07] (Google)
2 gpsvc; C:\Windows\System32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
2 gpsvc; C:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
3 HomeGroupListener; C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [27136 2009-07-13] (Microsoft Corporation)
3 HomeGroupListener; C:\Windows\SysWow64\svchost.exe -k LocalSystemNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
3 HomeGroupProvider; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [27136 2009-07-13] (Microsoft Corporation)
3 HomeGroupProvider; C:\Windows\SysWow64\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
3 KtmRm; C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [27136 2009-07-13] (Microsoft Corporation)
3 KtmRm; C:\Windows\SysWow64\svchost.exe -k NetworkServiceAndNoImpersonation [20992 2009-07-13] (Microsoft Corporation)
2 LPDSVC; C:\Windows\System32\lpdsvc.dll [45568 2009-07-13] (Microsoft Corporation)
4 Mcx2Svc; C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [27136 2009-07-13] (Microsoft Corporation)
4 Mcx2Svc; C:\Windows\SysWow64\svchost.exe -k LocalServiceAndNoImpersonation [20992 2009-07-13] (Microsoft Corporation)
2 MMCSS; C:\Windows\System32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
2 MMCSS; C:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
2 NlaSvc; C:\Windows\System32\svchost.exe -k NetworkService [27136 2009-07-13] (Microsoft Corporation)
2 NlaSvc; C:\Windows\SysWow64\svchost.exe -k NetworkService [20992 2009-07-13] (Microsoft Corporation)
3 p2pimsvc; C:\Windows\System32\svchost.exe -k LocalServicePeerNet [27136 2009-07-13] (Microsoft Corporation)
3 p2pimsvc; C:\Windows\SysWow64\svchost.exe -k LocalServicePeerNet [20992 2009-07-13] (Microsoft Corporation)
3 p2psvc; C:\Windows\System32\svchost.exe -k LocalServicePeerNet [27136 2009-07-13] (Microsoft Corporation)
3 p2psvc; C:\Windows\SysWow64\svchost.exe -k LocalServicePeerNet [20992 2009-07-13] (Microsoft Corporation)
2 PC Performer Manager; C:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\%Protector Process Name%.exe [1695776 2012-08-15] ()
2 PcaSvc; C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [27136 2009-07-13] (Microsoft Corporation)
2 PcaSvc; C:\Windows\SysWow64\svchost.exe -k LocalSystemNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
3 pla; C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [27136 2009-07-13] (Microsoft Corporation)
3 pla; C:\Windows\SysWow64\svchost.exe -k LocalServiceNoNetwork [20992 2009-07-13] (Microsoft Corporation)
3 PNRPsvc; C:\Windows\System32\svchost.exe -k LocalServicePeerNet [27136 2009-07-13] (Microsoft Corporation)
3 PNRPsvc; C:\Windows\SysWow64\svchost.exe -k LocalServicePeerNet [20992 2009-07-13] (Microsoft Corporation)
3 PolicyAgent; C:\Windows\System32\svchost.exe -k NetworkServiceNetworkRestricted [27136 2009-07-13] (Microsoft Corporation)
3 PolicyAgent; C:\Windows\SysWow64\svchost.exe -k NetworkServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
3 QWAVE; C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [27136 2009-07-13] (Microsoft Corporation)
3 QWAVE; C:\Windows\SysWow64\svchost.exe -k LocalServiceAndNoImpersonation [20992 2009-07-13] (Microsoft Corporation)
3 RasMan; C:\Windows\System32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
3 RasMan; C:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
2 RpcEptMapper; C:\Windows\System32\svchost.exe -k RPCSS [27136 2009-07-13] (Microsoft Corporation)
2 RpcEptMapper; C:\Windows\SysWow64\svchost.exe -k RPCSS [20992 2009-07-13] (Microsoft Corporation)
2 RpcSs; C:\Windows\System32\svchost.exe -k rpcss [27136 2009-07-13] (Microsoft Corporation)
2 RpcSs; C:\Windows\SysWow64\svchost.exe -k rpcss [20992 2009-07-13] (Microsoft Corporation)
2 Schedule; C:\Windows\System32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
2 Schedule; C:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
3 SCPolicySvc; C:\Windows\System32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
3 SCPolicySvc; C:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
3 SDRSVC; C:\Windows\System32\svchost.exe -k SDRSVC [27136 2009-07-13] (Microsoft Corporation)
3 SDRSVC; C:\Windows\SysWow64\svchost.exe -k SDRSVC [20992 2009-07-13] (Microsoft Corporation)
3 seclogon; C:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
3 seclogon; C:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
2 SENS; C:\Windows\System32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
2 SENS; C:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
3 sppuinotify; C:\Windows\System32\svchost.exe -k LocalService [27136 2009-07-13] (Microsoft Corporation)
3 sppuinotify; C:\Windows\SysWow64\svchost.exe -k LocalService [20992 2009-07-13] (Microsoft Corporation)
3 SstpSvc; C:\Windows\System32\svchost.exe -k LocalService [27136 2009-07-13] (Microsoft Corporation)
3 SstpSvc; C:\Windows\SysWow64\svchost.exe -k LocalService [20992 2009-07-13] (Microsoft Corporation)
3 TBS; C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [27136 2009-07-13] (Microsoft Corporation)
3 TBS; C:\Windows\SysWow64\svchost.exe -k LocalServiceAndNoImpersonation [20992 2009-07-13] (Microsoft Corporation)
2 tvnserver; "C:\Program Files (x86)\TightVNC\tvnserver.exe" -service [815704 2010-07-08] (GlavSoft LLC.)
2 vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] ()
3 W32Time; C:\Windows\System32\svchost.exe -k LocalService [27136 2009-07-13] (Microsoft Corporation)
3 W32Time; C:\Windows\SysWow64\svchost.exe -k LocalService [20992 2009-07-13] (Microsoft Corporation)
3 WbioSrvc; C:\Windows\System32\svchost.exe -k WbioSvcGroup [27136 2009-07-13] (Microsoft Corporation)
3 WbioSrvc; C:\Windows\SysWow64\svchost.exe -k WbioSvcGroup [20992 2009-07-13] (Microsoft Corporation)
3 WerSvc; C:\Windows\System32\svchost.exe -k WerSvcGroup [27136 2009-07-13] (Microsoft Corporation)
3 WerSvc; C:\Windows\SysWow64\svchost.exe -k WerSvcGroup [20992 2009-07-13] (Microsoft Corporation)
3 WinHttpAutoProxySvc; C:\Windows\System32\svchost.exe -k LocalService [27136 2009-07-13] (Microsoft Corporation)
3 WinHttpAutoProxySvc; C:\Windows\SysWow64\svchost.exe -k LocalService [20992 2009-07-13] (Microsoft Corporation)
2 wscsvc; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [27136 2009-07-13] (Microsoft Corporation)
2 wscsvc; C:\Windows\SysWow64\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 wuauserv; C:\Windows\System32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
2 wuauserv; C:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
2 wudfsvc; C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [27136 2009-07-13] (Microsoft Corporation)
2 wudfsvc; C:\Windows\SysWow64\svchost.exe -k LocalSystemNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]

==================== Drivers (Whitelisted) =====================

1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-22] (AVG Technologies CZ, s.r.o.)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-25] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-11-08] (AVG Technologies)
1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation)

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2012-11-25 21:31 - 2012-11-25 21:31 - 00000000 ____D C:\FRST
2012-11-14 11:16 - 2012-11-14 11:17 - 00000000 ____D C:\Users\Owner\Desktop\Fuji camera
2012-11-14 10:39 - 2012-11-14 10:39 - 00002103 ____A C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2012-11-13 05:55 - 2012-11-13 05:55 - 00000245 ____A C:\Users\Owner\Desktop\The No Excuses Workout System Web-Based Personal Trainer.url
2012-11-08 17:42 - 2012-11-08 17:42 - 00005424 ____A C:\Users\Owner\Desktop\Ana White Free and Easy DIY Furniture Plans to Save You Money.url
2012-11-08 17:31 - 2012-11-08 17:31 - 00001475 ____A C:\Users\Owner\Desktop\The Complete Guide to Imperfect Homemaking 31 DAYS TO AN ORGANIZED HOME.url
2012-11-07 11:12 - 2012-11-07 11:12 - 00000367 ____A C:\Users\Owner\Desktop\How I Absorbed Three Punches and Stood Up Anyway chantrynotes.url
2012-11-04 17:07 - 2012-11-04 17:07 - 00000000 ____D C:\Users\Owner\Documents\Leawo
2012-11-04 16:22 - 2012-11-04 16:22 - 00000000 ____D C:\Users\Owner\AppData\Local\leawo
2012-11-04 13:35 - 2012-08-21 10:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-11-04 13:34 - 2012-11-25 20:06 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-04 13:34 - 2012-11-25 20:06 - 00000000 ____D C:\Program Files\iTunes
2012-11-04 13:34 - 2012-11-25 20:06 - 00000000 ____D C:\Program Files\iPod
2012-11-04 13:34 - 2012-11-25 20:06 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-11-04 13:24 - 2012-11-25 20:04 - 00000000 ____D C:\Program Files (x86)\Leawo
2012-11-04 13:24 - 2012-11-04 13:24 - 00000000 ____D C:\Users\Owner\AppData\Roaming\com.leawo.imediago
2012-11-03 21:00 - 2012-11-19 07:09 - 00001088 ____A C:\Windows\setupact.log
2012-11-03 21:00 - 2012-11-03 21:00 - 00000000 ____A C:\Windows\setuperr.log
2012-10-29 07:51 - 2012-10-29 08:08 - 00000000 ____D C:\Users\Owner\Desktop\usb

==================== One Month Modified Files and Folders =======

2012-11-25 20:06 - 2012-11-04 13:34 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-25 20:06 - 2012-11-04 13:34 - 00000000 ____D C:\Program Files\iTunes
2012-11-25 20:06 - 2012-11-04 13:34 - 00000000 ____D C:\Program Files\iPod
2012-11-25 20:06 - 2012-11-04 13:34 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-11-25 20:06 - 2011-12-08 04:25 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-11-25 20:06 - 2011-11-01 14:41 - 00000000 ____D C:\Users\Owner\AppData\Local\Akamai
2012-11-25 20:06 - 2011-09-11 10:31 - 00000000 ___HD C:\Users\All Users\CanonIJScan
2012-11-25 20:06 - 2011-09-02 21:41 - 00000000 ___HD C:\Users\All Users\CanonIJEGV
2012-11-25 20:06 - 2011-08-10 02:33 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-11-25 20:06 - 2010-12-01 06:34 - 00000000 ____D C:\Program Files\Carbonite
2012-11-25 20:06 - 2010-12-01 06:34 - 00000000 ____D C:\Program Files (x86)\Carbonite
2012-11-25 20:06 - 2010-09-06 18:06 - 00000000 ____D C:\Users\All Users\2mWGWmOw0haGithHFng
2012-11-25 20:06 - 2010-09-06 16:26 - 00000000 ____D C:\Abacus
2012-11-25 20:06 - 2010-09-03 16:41 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TouchGadget
2012-11-25 20:06 - 2010-09-03 15:39 - 00000000 ____D C:\users\Owner
2012-11-25 20:06 - 2010-04-12 18:43 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-25 20:06 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2012-11-25 20:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-11-25 20:04 - 2012-11-04 13:24 - 00000000 ____D C:\Program Files (x86)\Leawo
2012-11-25 20:04 - 2012-06-13 13:00 - 00000000 ____D C:\Users\All Users\Real
2012-11-25 20:04 - 2011-12-08 04:25 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-11-25 20:04 - 2010-04-12 19:02 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-25 16:18 - 2011-12-07 07:11 - 00000000 ____D C:\Windows\Minidump
2012-11-25 16:16 - 2010-12-25 08:31 - 00000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-11-25 13:21 - 2010-09-06 16:03 - 00000000 ____D C:\Users\Owner\Documents\Outlook Files
2012-11-25 13:04 - 2011-08-10 02:58 - 00000000 ____D C:\Users\Owner\Desktop\MT
2012-11-21 09:58 - 2010-09-06 16:33 - 00000000 ____D C:\Users\Owner\Documents\Surf Express
2012-11-19 07:19 - 2010-09-06 14:20 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-19 07:18 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-19 07:18 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-19 07:14 - 2010-09-03 18:29 - 01872459 ____A C:\Windows\WindowsUpdate.log
2012-11-19 07:14 - 2009-07-13 21:13 - 00005720 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-19 07:10 - 2010-09-12 08:55 - 00000436 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-11-19 07:09 - 2012-11-03 21:00 - 00001088 ____A C:\Windows\setupact.log
2012-11-19 07:09 - 2010-04-12 19:06 - 00410814 ____A C:\Windows\PFRO.log
2012-11-19 07:09 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-19 05:41 - 2011-08-10 00:22 - 00000000 ____D C:\Users\All Users\MFAData
2012-11-18 13:19 - 2010-09-06 14:20 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-15 14:22 - 2010-09-08 10:52 - 00000000 ____D C:\Users\Owner\AppData\Local\Corel
2012-11-15 13:05 - 2011-06-27 21:19 - 00005642 __ASH C:\Users\All Users\KGyGaAvL.sys
2012-11-15 13:05 - 2010-09-06 16:33 - 00000000 ____D C:\Users\Owner\Documents\My PSP Files
2012-11-14 11:17 - 2012-11-14 11:16 - 00000000 ____D C:\Users\Owner\Desktop\Fuji camera
2012-11-14 10:39 - 2012-11-14 10:39 - 00002103 ____A C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2012-11-13 05:55 - 2012-11-13 05:55 - 00000245 ____A C:\Users\Owner\Desktop\The No Excuses Workout System Web-Based Personal Trainer.url
2012-11-08 17:42 - 2012-11-08 17:42 - 00005424 ____A C:\Users\Owner\Desktop\Ana White Free and Easy DIY Furniture Plans to Save You Money.url
2012-11-08 17:31 - 2012-11-08 17:31 - 00001475 ____A C:\Users\Owner\Desktop\The Complete Guide to Imperfect Homemaking 31 DAYS TO AN ORGANIZED HOME.url
2012-11-08 13:19 - 2012-08-30 11:50 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-11-07 11:12 - 2012-11-07 11:12 - 00000367 ____A C:\Users\Owner\Desktop\How I Absorbed Three Punches and Stood Up Anyway chantrynotes.url
2012-11-06 09:02 - 2010-09-06 16:33 - 00000000 ____D C:\Users\Owner\Documents\MT
2012-11-04 17:07 - 2012-11-04 17:07 - 00000000 ____D C:\Users\Owner\Documents\Leawo
2012-11-04 16:23 - 2010-12-25 08:31 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Apple Computer
2012-11-04 16:22 - 2012-11-04 16:22 - 00000000 ____D C:\Users\Owner\AppData\Local\leawo
2012-11-04 13:24 - 2012-11-04 13:24 - 00000000 ____D C:\Users\Owner\AppData\Roaming\com.leawo.imediago
2012-11-03 21:00 - 2012-11-03 21:00 - 00000000 ____A C:\Windows\setuperr.log
2012-10-29 18:46 - 2011-04-14 23:05 - 00000000 ____D C:\02e9a3d73b4761fa2b32ee
2012-10-29 18:46 - 2010-11-16 18:13 - 00000000 ____D C:\Users\Owner\AppData\Roaming\HamsterSoft
2012-10-29 10:05 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2012-10-29 08:08 - 2012-10-29 07:51 - 00000000 ____D C:\Users\Owner\Desktop\usb

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-04 13:32:40
Restore point made on: 2012-11-04 13:56:15
Restore point made on: 2012-11-04 14:32:58
Restore point made on: 2012-11-04 20:42:39
Restore point made on: 2012-11-06 08:35:59
Restore point made on: 2012-11-12 05:03:35
Restore point made on: 2012-11-12 05:45:04
Restore point made on: 2012-11-12 12:31:48
Restore point made on: 2012-11-14 11:16:59
Restore point made on: 2012-11-15 08:30:34
Restore point made on: 2012-11-19 07:46:39
Restore point made on: 2012-11-19 09:29:15
Restore point made on: 2012-11-19 20:12:55
Restore point made on: 2012-11-20 20:56:15
Restore point made on: 2012-11-25 13:41:19

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 3839.3 MB
Available physical RAM: 3267.29 MB
Total Pagefile: 3837.45 MB
Available Pagefile: 3248.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (Gateway) (Fixed) (Total:596.17 GB) (Free:375.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: () (Removable) (Total:7.45 GB) (Free:7.44 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 Online 7648 MB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 596 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Gateway NTFS Partition 596 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7646 MB 1132 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E FAT32 Removable 7646 MB Healthy

=========================================================

Last Boot: 2012-11-24 21:26

==================== End Of Log =============================

#4
CompCav

Posted 25 November 2012 - 09:11 PM

Member 5k

Expert
12,454 posts

Step 1.

Download the enclosed file.

fixlist.txt 212bytes 513 downloads
Save it in the USB drive.

Insert the USB drive into the ailing computer. Run FRST as you did before, except that this time around click on the Fix button.

The tool will make a log on the flashdrive (Fixlog.txt) please post it it your reply.

Step 2.

Attempt to boot in Normal Mode. If successful, run RogueKiller as follows:

Download RogueKiller and save it on your desktop.
Quit all programs
Start RogueKiller.exe.
Wait until Prescan has finished ...
Click on Scan
Note: If RogueKiller will not run please try it several times, if it still does not run rename it winlogon.com and try it several times.

Wait for the end of the scan.
The report has been created on the desktop.
Click on the Delete button.

The report has been created on the desktop.

Next click on ShortcutsFix
The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.

Step 3.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

Posted Image

When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

After the run you may have internet problems or access to something problems. Simply reboot the computer.

Step 4.

Please let me know it it did not boot up.

If it did please post:

Fixlog.txt
All RKreport.txt files
ComboFix.txt

Also please give me an update on how the computer is performing and what issues remain.

#5
mikison

Posted 25 November 2012 - 09:51 PM

Member

Topic Starter
Member
94 posts

I have included the fix file below. I rebooted the computer and get all the way to the desktop and then I get the blue screen.
Error message is "IRQL_NOT_LESS_OR_EQUAL

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2012
Ran by SYSTEM at 2012-11-25 22:22:28 Run:1
Running from E:\

==============================================

C:\Users\All Users\2mWGWmOw0haGithHFng moved successfully.
C:\02e9a3d73b4761fa2b32ee moved successfully.
DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

#6
mikison

Posted 25 November 2012 - 10:01 PM

Member

Topic Starter
Member
94 posts

I am able to reboot into safe mode. Should I attempt the Rogue Killer and Combofix from safe mode?

#7
CompCav

Posted 25 November 2012 - 10:01 PM

Member 5k

Expert
12,454 posts

We Need to Diagnose Your BlueScreen

When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
Select "Disable Automatic Restart on System Failure", as shown here:
When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:

Please post me the error(s).

#8
CompCav

Posted 25 November 2012 - 10:02 PM

Member 5k

Expert
12,454 posts

I am able to reboot into safe mode. Should I attempt the Rogue Killer and Combofix from safe mode?

Yes!

#9
mikison

Posted 25 November 2012 - 10:58 PM

Member

Topic Starter
Member
94 posts

I got your message regarding the blue screen before the one regarding doing the scans in safe mode.
When I tried to reboot in normal mode, the blue screen error messages were as follows:
BAD_POOL_HEADER
STOP:0x00000019 (0x000000000000000020, 0xFFFFFA8005F4EA80, 0xFFFFFA8005F4EC30, 0x 00000000041B0005)

I rebooted in safe mode and ran Rogue Killer and ComboFix. I could not figure out how to disable AVG in safe mode. After running the 2 programs, I rebooted the computer in safe mode and got the blue screen again, this time with no error message but with the following stop code:
STOP: 0x0000001E (0xFFFFFFFFC000005, 0xFFFFF800003097C02, 0x0000000000000000, 0xFFFFFFFFFFFFFFFF)

The Rogue reports and Combo Fix text files are below:
RogueKiller V8.3.1 [Nov 25 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Owner [Admin rights]
Mode : Scan -- Date : 11/25/2012 23:14:21

¤¤¤ Bad processes : 1 ¤¤¤
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : ISUSPM ("C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler) -> FOUND
[RUN][NOTFOUND] HKLM\[...]\Run : RunDLLEntry_THXCfg (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64) -> FOUND
[RUN][ROGUE ST] HKUS\.DEFAULT[...]\Run : 20090604 (C:\Program Files (x86)\The Print Shop 2.0 Deluxe\RegApp\encore_reg.exe /r "C:\Program Files (x86)\The Print Shop 2.0 Deluxe\RegApp\encore_reg.rpd") -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2838504156-3010775765-3846147393-1000[...]\Run : ISUSPM ("C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler) -> FOUND
[RUN][ROGUE ST] HKUS\S-1-5-18[...]\Run : 20090604 (C:\Program Files (x86)\The Print Shop 2.0 Deluxe\RegApp\encore_reg.exe /r "C:\Program Files (x86)\The Print Shop 2.0 Deluxe\RegApp\encore_reg.rpd") -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : UpdReg (C:\Windows\Updreg.EXE) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD64 00AAKS-65A7B2 SATA Disk Device +++++
--- User ---
[MBR] 321a6ea519724aef215940bf3e492021
[BSP] 4ed3c72d1f6c7a7712f13ebdb4899827 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 610478 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] ac45200ad5860aa8c92b19ddac6acc64
[BSP] 4ed3c72d1f6c7a7712f13ebdb4899827 : Windows 7/8 MBR Code
Partition table:
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 610478 Mo

Finished : << RKreport[1]_S_11252012_02d2314.txt >>
RKreport[1]_S_11252012_02d2314.txt

RogueKiller V8.3.1 [Nov 25 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Owner [Admin rights]
Mode : Remove -- Date : 11/25/2012 23:15:45

¤¤¤ Bad processes : 1 ¤¤¤
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : ISUSPM ("C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler) -> DELETED
[RUN][NOTFOUND] HKLM\[...]\Run : RunDLLEntry_THXCfg (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64) -> DELETED
[RUN][ROGUE ST] HKUS\.DEFAULT[...]\Run : 20090604 (C:\Program Files (x86)\The Print Shop 2.0 Deluxe\RegApp\encore_reg.exe /r "C:\Program Files (x86)\The Print Shop 2.0 Deluxe\RegApp\encore_reg.rpd") -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : UpdReg (C:\Windows\Updreg.EXE) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD64 00AAKS-65A7B2 SATA Disk Device +++++
--- User ---
[MBR] 321a6ea519724aef215940bf3e492021
[BSP] 4ed3c72d1f6c7a7712f13ebdb4899827 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 610478 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] ac45200ad5860aa8c92b19ddac6acc64
[BSP] 4ed3c72d1f6c7a7712f13ebdb4899827 : Windows 7/8 MBR Code
Partition table:
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 610478 Mo

Finished : << RKreport[2]_D_11252012_02d2315.txt >>
RKreport[1]_S_11252012_02d2314.txt ; RKreport[2]_D_11252012_02d2315.txt

RogueKiller V8.3.1 [Nov 25 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Owner [Admin rights]
Mode : Shortcuts HJfix -- Date : 11/25/2012 23:21:44

¤¤¤ Bad processes : 1 ¤¤¤
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 2 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 16 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 479 / Fail 0
My documents: Success 7 / Fail 7
My favorites: Success 0 / Fail 0
My pictures: Success 86 / Fail 0
My music: Success 227 / Fail 0
My videos: Success 2 / Fail 0
Local drives: Success 267 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped

Finished : << RKreport[3]_SC_11252012_02d2321.txt >>
RKreport[1]_S_11252012_02d2314.txt ; RKreport[2]_D_11252012_02d2315.txt ; RKreport[3]_SC_11252012_02d2321.txt

ComboFix 12-11-25.01 - Owner 11/25/2012 23:29:08.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2771 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\ Results.tmp
C:\install.exe
c:\program files (x86)\FunWebProducts
c:\program files (x86)\Object
c:\program files (x86)\Object\config.ini
c:\programdata\4EED2E65AC.sys
c:\programdata\AMMYY
c:\programdata\AMMYY\hr
c:\programdata\AMMYY\settings.bin
c:\users\Owner\AppData\Local\assembly\tmp
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\{76EE70A4-B945-4EE7-816A-71FD29413871}.xps
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\{86B35049-EB70-42A4-9869-84CA8B60DB4F}.xps
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F5790237-63F9-4E71-8D68-5A1F1C815B60}.xps
c:\users\Owner\Documents\DPE.DUS
c:\users\Owner\g2mdlhlpx.exe
c:\users\Owner\GoToAssistDownloadHelper.exe
c:\windows\msvcr71.dll
c:\windows\SSFM1032.DLL
c:\windows\svchost.exe
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\Lagoon.resources.dll
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
c:\windows\usp10.dll
c:\windows\WindowsUpdate.log
.
.
((((((((((((((((((((((((( Files Created from 2012-10-26 to 2012-11-26 )))))))))))))))))))))))))))))))
.
.
2012-11-26 05:31 . 2012-11-26 05:31 -------- d-----w- C:\FRST
2012-11-26 04:35 . 2012-11-26 04:35 -------- d-----w- c:\users\test\AppData\Local\temp
2012-11-26 04:35 . 2012-11-26 04:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-05 00:22 . 2012-11-05 00:22 -------- d-----w- c:\users\Owner\AppData\Local\leawo
2012-11-04 21:35 . 2012-08-21 18:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-11-04 21:34 . 2012-11-26 04:06 -------- d-----w- c:\program files\iPod
2012-11-04 21:34 . 2012-11-26 04:06 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-04 21:34 . 2012-11-26 04:06 -------- d-----w- c:\program files\iTunes
2012-11-04 21:34 . 2012-11-26 04:06 -------- d-----w- c:\program files (x86)\iTunes
2012-11-04 21:24 . 2012-11-04 21:24 -------- d-----w- c:\users\Owner\AppData\Roaming\com.leawo.imediago
2012-11-04 21:24 . 2012-11-26 04:04 -------- d-----w- c:\program files (x86)\Leawo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-15 21:05 . 2011-06-28 05:19 5642 --s-a-w- c:\programdata\KGyGaAvL.sys
2012-11-08 21:19 . 2012-08-30 19:50 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0cc09160-108c-4759-bab1-5c12c216e005}"= "c:\program files (x86)\appbario8\prxtbappb.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{0cc09160-108c-4759-bab1-5c12c216e005}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0cc09160-108c-4759-bab1-5c12c216e005}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\appbario8\prxtbappb.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-08 21:19 1796552 ----a-w- c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-08 1796552]
"{0cc09160-108c-4759-bab1-5c12c216e005}"= "c:\program files (x86)\appbario8\prxtbappb.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{0cc09160-108c-4759-bab1-5c12c216e005}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-08-29 19:51 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-08-29 19:51 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-08-29 19:51 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Owner\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2011-09-07 522752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2009-11-24 167008]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2010-02-22 1016832]
"tvncontrol"="c:\program files (x86)\TightVNC\tvnserver.exe" [2010-07-08 815704]
"Standby"="c:\program files (x86)\Common Files\Corel\Standby\Standby.exe" [2010-08-06 105632]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-07 30192]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-08 997320]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
"HFALoader"="c:\program files (x86)\Hamster Soft\Hamster Free Zip Archiver\HamsterArc.exe" [2012-03-06 2260480]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-05-23 1466760]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-06-13 296056]
"ROC_ROC_JULY_P1"="c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-08-30 1022048]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-08-29 1061960]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Auto run of VideoCam Suite 1.0.lnk - c:\program files (x86)\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe [2011-2-12 161160]
Device Detector 4.lnk - c:\program files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe [2009-2-25 397312]
Directrec Configuration Tool.lnk - c:\program files (x86)\OLYMPUS\DirectrecConfig\DirectrecConfigurationTool.exe [2009-2-25 2367488]
Event Reminder.lnk - c:\program files (x86)\The Print Shop 23.1\Remind.exe [2010-6-21 344064]
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\PCPERF~1\22558~1.177\{16CDF~1\%Protector Process Name%.dll c:\progra~2\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-13 202752]
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-06-13 2321560]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
R2 PC Performer Manager;PC Performer Manager;c:\programdata\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\%Protector Process Name%.exe [2012-08-16 1695776]
R2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
R2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe [2010-07-08 815704]
R2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-08 711112]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-07 30192]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
R3 Olympus DVR Service;Olympus DVR Service;c:\program files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [2009-02-25 167936]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-04 1255736]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-03-07 29288]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-03-07 29288]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-03-07 29288]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2012-03-07 29288]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2012-03-07 29288]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-23 48992]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-08 30568]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-03-29 925984]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-09 239136]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-12-19 314400]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-06 22:20]
.
2012-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-06 22:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-08-29 19:43 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-08-29 19:43 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-08-29 19:43 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TouchORB"="c:\program files (x86)\TouchSettings\TouchPortalOBR.exe" [2010-02-04 153416]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-09 10103840]
"TouchPortal"="c:\program files (x86)\Gateway\Gateway Touch Suite\TouchPortal.exe" [2010-04-19 6314016]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-07-10 499608]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
Trusted Zone: airse.com
Trusted Zone: arise.com\*.ns
Trusted Zone: facebook.com\www
Trusted Zone: rccl.com\arisectx
Trusted Zone: signmeup.com\www
Trusted Zone: tcpalm.com\www
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {F3DCFC89-8C6E-4052-9176-B7806D188FD5} - hxxp://www.disneyphotopass.com/Scripts/ImageUploader7.cab
DPF: {F8EB59EC-35A8-4B59-8F67-B3E19147FED6} - hxxp://www.dishonline.com/widevine/installer/WidevineMediaTransformer.exe
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i3w97kuc.default\
FF - prefs.js: browser.search.selectedEngine - appbario8 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3227980&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227980&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
Toolbar-{99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~2\WIC55D~1\ToolBar\searchqudtx.dll
Toolbar-10 - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKCU-Run-Spotify - c:\users\Owner\AppData\Roaming\Spotify\Spotify.exe
Wow6432Node-HKLM-Run-Corel File Shell Monitor - c:\program files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{16D3836E-B1D6-43CA-A8C5-2DC4FCB1F8E7} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{0CC09160-108C-4759-BAB1-5C12C216E005} - (no file)
AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{249B9E04-F0FC-434D-B0D8-12D3EDFF3B77}\Best Buy Software Installer Setup.exe
AddRemove-469749833.www1.movie-promo.com - c:\program files (x86)\Microsoft Silverlight\4.0.51204.0\Silverlight.Configuration.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-25 23:39:11
ComboFix-quarantined-files.txt 2012-11-26 04:39
ComboFix2.txt 2010-03-01 01:19
.
Pre-Run: 402,663,968,768 bytes free
Post-Run: 402,341,593,088 bytes free
.
- - End Of File - - 6E26BAEE636427DA24BF7EA0FD0619F0

#10
CompCav

Posted 25 November 2012 - 11:21 PM

Member 5k

Expert
12,454 posts

If you cannot run in normal mode still please run these in safe mode:

Step 1.

Download AdwCleaner from here to your desktop
Run AdwCleaner for Vista and 7 right click and select Run as administrator

Select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please post it

Step 2.

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Get the report by selecting Reports

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3.

Please post:

AdwCleaner log
TDSSKiller log

Also if you get the 1E BSOD or the other one and they mention a file name please include it in your next post.

#11
mikison

Posted 25 November 2012 - 11:35 PM

Member

Topic Starter
Member
94 posts

This time the computer would not reboot in safe mode. I got a blue screen again with the following error message and stop code:
PAGE_FAULT_IN_NONPAGED_AREA
STOP: 0x00000050, (0xFFFFF8A000105000, 0x0000000000000000, 0xFFFFF8000252038E, 0x0000000000000000)

Should I try the fixlist again and then try to reboot in safe mode?
Miki

#12
mikison

Posted 26 November 2012 - 12:26 AM

Member

Topic Starter
Member
94 posts

I was able to restart in safe mode and run the AdwCleaner. Upon reboot, I was just able to copy the report before the blue screen appeared again. No file name was mentioned in the screen.
I restarted the computer in safe mode and ran the TDSS Killer. Upon reboot, I copied the reports. Right now the blue screen has yet to appear, but I have an exclamation mark on the AVG icon stating that AVG could not finish automatic state repair and is not able to fix one or more components. In addition, I have a Windows message that my AVG is not on. When I try to turn it on, it says that the action cannot be finished due to insufficient user rights and to log on as administrator user or turn on Vista UAC feature. However, AVG did update. Not sure what to do next.
AdwCleaner and TDSS Killer logs are below:

# AdwCleaner v2.009 - Logfile created 11/26/2012 at 00:57:18
# Updated 24/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Owner - MIKI-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v9.0.1 (en-US)

Profile name : default
File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i3w97kuc.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [7948 octets] - [26/11/2012 00:53:05]
AdwCleaner[S2].txt - [771 octets] - [26/11/2012 00:57:18]

########## EOF - C:\AdwCleaner[S2].txt - [830 octets] ##########

01:07:14.0171 2232 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
01:07:14.0701 2232 ============================================================
01:07:14.0701 2232 Current date / time: 2012/11/26 01:07:14.0701
01:07:14.0701 2232 SystemInfo:
01:07:14.0701 2232
01:07:14.0701 2232 OS Version: 6.1.7601 ServicePack: 1.0
01:07:14.0701 2232 Product type: Workstation
01:07:14.0701 2232 ComputerName: MIKI-PC
01:07:14.0701 2232 UserName: Owner
01:07:14.0701 2232 Windows directory: C:\Windows
01:07:14.0701 2232 System windows directory: C:\Windows
01:07:14.0701 2232 Running under WOW64
01:07:14.0701 2232 Processor architecture: Intel x64
01:07:14.0701 2232 Number of processors: 2
01:07:14.0701 2232 Page size: 0x1000
01:07:14.0701 2232 Boot type: Safe boot with network
01:07:14.0701 2232 ============================================================
01:07:15.0902 2232 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:07:15.0918 2232 Drive \Device\Harddisk1\DR1 - Size: 0x1DE000000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:07:15.0918 2232 ============================================================
01:07:15.0918 2232 \Device\Harddisk0\DR0:
01:07:15.0918 2232 MBR partitions:
01:07:15.0918 2232 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000
01:07:15.0918 2232 \Device\Harddisk1\DR1:
01:07:15.0918 2232 MBR partitions:
01:07:15.0918 2232 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x8D8, BlocksNum 0xEEF728
01:07:15.0918 2232 ============================================================
01:07:15.0965 2232 C: <-> \Device\Harddisk0\DR0\Partition1
01:07:15.0965 2232 ============================================================
01:07:15.0965 2232 Initialize success
01:07:15.0965 2232 ============================================================
01:07:36.0401 2444 ============================================================
01:07:36.0401 2444 Scan started
01:07:36.0401 2444 Mode: Manual; SigCheck; TDLFS;
01:07:36.0401 2444 ============================================================
01:07:37.0352 2444 ================ Scan system memory ========================
01:07:37.0352 2444 System memory - ok
01:07:37.0352 2444 ================ Scan services =============================
01:07:37.0524 2444 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
01:07:37.0929 2444 1394ohci - ok
01:07:38.0007 2444 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
01:07:38.0023 2444 ACPI - ok
01:07:38.0054 2444 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
01:07:38.0101 2444 AcpiPmi - ok
01:07:38.0179 2444 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
01:07:38.0195 2444 adp94xx - ok
01:07:38.0226 2444 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
01:07:38.0241 2444 adpahci - ok
01:07:38.0257 2444 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
01:07:38.0273 2444 adpu320 - ok
01:07:38.0273 2444 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:07:38.0351 2444 AeLookupSvc - ok
01:07:38.0397 2444 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
01:07:38.0444 2444 AFD - ok
01:07:38.0491 2444 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
01:07:38.0491 2444 agp440 - ok
01:07:38.0694 2444 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
01:07:38.0694 2444 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
01:07:38.0709 2444 Akamai ( HiddenFile.Multi.Generic ) - warning
01:07:38.0709 2444 Akamai - detected HiddenFile.Multi.Generic (1)
01:07:38.0756 2444 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
01:07:38.0787 2444 ALG - ok
01:07:38.0834 2444 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
01:07:38.0850 2444 aliide - ok
01:07:38.0897 2444 [ 8F6C0FF277DBFE5EBED24E3543DA7BFA ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
01:07:38.0943 2444 AMD External Events Utility - ok
01:07:38.0959 2444 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
01:07:38.0975 2444 amdide - ok
01:07:39.0037 2444 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
01:07:39.0084 2444 AmdK8 - ok
01:07:39.0240 2444 [ 9673319070166E26660EBA4EDF316FA2 ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
01:07:39.0396 2444 amdkmdag - ok
01:07:39.0458 2444 [ 430D06D63952848E64CBBF23B5C1479E ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
01:07:39.0489 2444 amdkmdap - ok
01:07:39.0505 2444 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
01:07:39.0536 2444 AmdPPM - ok
01:07:39.0567 2444 [ 53D8D46D51D390ABDB54ECA623165CB7 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
01:07:39.0848 2444 amdsata - ok
01:07:39.0895 2444 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
01:07:39.0895 2444 amdsbs - ok
01:07:39.0911 2444 [ 75C51148154E34EB3D7BB84749A758D5 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
01:07:39.0926 2444 amdxata - ok
01:07:39.0973 2444 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
01:07:40.0020 2444 AppID - ok
01:07:40.0051 2444 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
01:07:40.0098 2444 AppIDSvc - ok
01:07:40.0145 2444 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
01:07:40.0238 2444 Appinfo - ok
01:07:40.0316 2444 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:07:40.0332 2444 Apple Mobile Device - ok
01:07:40.0332 2444 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
01:07:40.0347 2444 arc - ok
01:07:40.0363 2444 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
01:07:40.0363 2444 arcsas - ok
01:07:40.0457 2444 aspnet_state - ok
01:07:40.0488 2444 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:07:40.0519 2444 AsyncMac - ok
01:07:40.0581 2444 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
01:07:40.0581 2444 atapi - ok
01:07:40.0644 2444 [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
01:07:40.0659 2444 AtiPcie - ok
01:07:40.0722 2444 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:07:40.0784 2444 AudioEndpointBuilder - ok
01:07:40.0800 2444 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
01:07:40.0831 2444 AudioSrv - ok
01:07:40.0956 2444 [ D45B7995761253A92AB071D576114F28 ] AVG Security Toolbar Service C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
01:07:40.0971 2444 AVG Security Toolbar Service - ok
01:07:41.0081 2444 [ 96B4456F1DCA4EDA506ED31C7D2D6B05 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6a.sys
01:07:41.0081 2444 Avgfwfd - ok
01:07:41.0315 2444 [ BD5D11CEDBCDE4FA97D2387E7069B1FF ] avgfws C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
01:07:41.0377 2444 avgfws - ok
01:07:41.0502 2444 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
01:07:41.0611 2444 AVGIDSAgent - ok
01:07:41.0658 2444 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
01:07:41.0673 2444 AVGIDSDriver - ok
01:07:41.0736 2444 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
01:07:41.0736 2444 AVGIDSFilter - ok
01:07:41.0751 2444 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
01:07:41.0751 2444 AVGIDSHA - ok
01:07:41.0814 2444 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
01:07:41.0829 2444 Avgldx64 - ok
01:07:41.0845 2444 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
01:07:41.0845 2444 Avgmfx64 - ok
01:07:41.0907 2444 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
01:07:41.0907 2444 Avgrkx64 - ok
01:07:41.0939 2444 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
01:07:41.0954 2444 Avgtdia - ok
01:07:42.0001 2444 [ 371428CF0F71934CB0F2344823ADFA32 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
01:07:42.0017 2444 avgtp - ok
01:07:42.0063 2444 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
01:07:42.0095 2444 avgwd - ok
01:07:42.0141 2444 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
01:07:42.0204 2444 AxInstSV - ok
01:07:42.0282 2444 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
01:07:42.0329 2444 b06bdrv - ok
01:07:42.0375 2444 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
01:07:42.0422 2444 b57nd60a - ok
01:07:42.0469 2444 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
01:07:42.0500 2444 BDESVC - ok
01:07:42.0516 2444 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
01:07:42.0578 2444 Beep - ok
01:07:42.0672 2444 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
01:07:42.0750 2444 BFE - ok
01:07:42.0875 2444 [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen C:\Windows\SysWOW64\bgsvcgen.exe
01:07:42.0890 2444 bgsvcgen - ok
01:07:42.0968 2444 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
01:07:43.0124 2444 BITS - ok
01:07:43.0171 2444 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
01:07:43.0187 2444 blbdrive - ok
01:07:43.0311 2444 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
01:07:43.0327 2444 Bonjour Service - ok
01:07:43.0389 2444 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:07:43.0421 2444 bowser - ok
01:07:43.0436 2444 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:07:43.0452 2444 BrFiltLo - ok
01:07:43.0452 2444 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:07:43.0467 2444 BrFiltUp - ok
01:07:43.0514 2444 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
01:07:43.0561 2444 Browser - ok
01:07:43.0592 2444 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
01:07:43.0623 2444 Brserid - ok
01:07:43.0639 2444 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
01:07:43.0655 2444 BrSerWdm - ok
01:07:43.0670 2444 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
01:07:43.0686 2444 BrUsbMdm - ok
01:07:43.0686 2444 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
01:07:43.0701 2444 BrUsbSer - ok
01:07:43.0717 2444 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
01:07:43.0748 2444 BTHMODEM - ok
01:07:43.0795 2444 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
01:07:43.0842 2444 bthserv - ok
01:07:44.0029 2444 [ 5B183E26AFE185DE1436479D217154B3 ] CarboniteService C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
01:07:44.0185 2444 CarboniteService - ok
01:07:44.0216 2444 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:07:44.0263 2444 cdfs - ok
01:07:44.0325 2444 [ 9EDD76D0800A022AE10B9243D0224E72 ] cdrbsdrv C:\Windows\system32\drivers\cdrbsdrv.sys
01:07:44.0341 2444 cdrbsdrv - ok
01:07:44.0403 2444 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
01:07:44.0435 2444 cdrom - ok
01:07:44.0466 2444 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
01:07:44.0528 2444 CertPropSvc - ok
01:07:44.0544 2444 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
01:07:44.0559 2444 circlass - ok
01:07:44.0606 2444 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
01:07:44.0622 2444 CLFS - ok
01:07:44.0637 2444 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:07:44.0669 2444 clr_optimization_v2.0.50727_32 - ok
01:07:44.0715 2444 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:07:44.0747 2444 clr_optimization_v2.0.50727_64 - ok
01:07:44.0856 2444 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:07:44.0887 2444 clr_optimization_v4.0.30319_32 - ok
01:07:44.0918 2444 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:07:44.0934 2444 clr_optimization_v4.0.30319_64 - ok
01:07:44.0981 2444 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
01:07:45.0012 2444 CmBatt - ok
01:07:45.0043 2444 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
01:07:45.0059 2444 cmdide - ok
01:07:45.0090 2444 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\Windows\system32\Drivers\cng.sys
01:07:45.0121 2444 CNG - ok
01:07:45.0168 2444 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
01:07:45.0168 2444 Compbatt - ok
01:07:45.0230 2444 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
01:07:45.0261 2444 CompositeBus - ok
01:07:45.0261 2444 COMSysApp - ok
01:07:45.0308 2444 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
01:07:45.0308 2444 crcdisk - ok
01:07:45.0386 2444 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:07:45.0433 2444 CryptSvc - ok
01:07:45.0480 2444 [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
01:07:45.0527 2444 dc3d - ok
01:07:45.0558 2444 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
01:07:45.0651 2444 DcomLaunch - ok
01:07:45.0683 2444 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
01:07:45.0729 2444 defragsvc - ok
01:07:45.0761 2444 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:07:45.0823 2444 DfsC - ok
01:07:45.0870 2444 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
01:07:45.0917 2444 Dhcp - ok
01:07:45.0917 2444 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
01:07:45.0963 2444 discache - ok
01:07:45.0995 2444 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
01:07:46.0010 2444 Disk - ok
01:07:46.0057 2444 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:07:46.0088 2444 Dnscache - ok
01:07:46.0135 2444 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
01:07:46.0166 2444 dot3svc - ok
01:07:46.0197 2444 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
01:07:46.0244 2444 DPS - ok
01:07:46.0260 2444 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:07:46.0291 2444 drmkaud - ok
01:07:46.0400 2444 [ 3EEF0B3489EDBF725564E17C77CABAFD ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys
01:07:46.0416 2444 dsNcAdpt - ok
01:07:46.0494 2444 [ 824C188936FDC1B20FB32192B57CDEBA ] dsNcService C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
01:07:46.0525 2444 dsNcService - ok
01:07:46.0572 2444 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:07:46.0603 2444 DXGKrnl - ok
01:07:46.0634 2444 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
01:07:46.0681 2444 EapHost - ok
01:07:46.0759 2444 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
01:07:46.0853 2444 ebdrv - ok
01:07:46.0884 2444 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
01:07:46.0915 2444 EFS - ok
01:07:46.0977 2444 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:07:47.0009 2444 ehRecvr - ok
01:07:47.0055 2444 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
01:07:47.0087 2444 ehSched - ok
01:07:47.0133 2444 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
01:07:47.0149 2444 elxstor - ok
01:07:47.0180 2444 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
01:07:47.0211 2444 ErrDev - ok
01:07:47.0274 2444 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
01:07:47.0321 2444 EventSystem - ok
01:07:47.0367 2444 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
01:07:47.0414 2444 exfat - ok
01:07:47.0414 2444 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:07:47.0445 2444 fastfat - ok
01:07:47.0508 2444 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
01:07:47.0555 2444 Fax - ok
01:07:47.0570 2444 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
01:07:47.0586 2444 fdc - ok
01:07:47.0617 2444 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
01:07:47.0679 2444 fdPHost - ok
01:07:47.0711 2444 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
01:07:47.0742 2444 FDResPub - ok
01:07:47.0773 2444 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:07:47.0789 2444 FileInfo - ok
01:07:47.0789 2444 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:07:47.0835 2444 Filetrace - ok
01:07:47.0851 2444 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
01:07:47.0913 2444 flpydisk - ok
01:07:47.0945 2444 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:07:47.0960 2444 FltMgr - ok
01:07:48.0007 2444 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
01:07:48.0038 2444 FontCache - ok
01:07:48.0101 2444 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:07:48.0116 2444 FontCache3.0.0.0 - ok
01:07:48.0132 2444 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
01:07:48.0132 2444 FsDepends - ok
01:07:48.0194 2444 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
01:07:48.0210 2444 fssfltr - ok
01:07:48.0288 2444 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
01:07:48.0319 2444 fsssvc - ok
01:07:48.0335 2444 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:07:48.0335 2444 Fs_Rec - ok
01:07:48.0366 2444 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
01:07:48.0381 2444 fvevol - ok
01:07:48.0428 2444 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
01:07:48.0444 2444 gagp30kx - ok
01:07:48.0537 2444 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
01:07:48.0553 2444 GamesAppService - ok
01:07:48.0584 2444 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:07:48.0584 2444 GEARAspiWDM - ok
01:07:48.0725 2444 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
01:07:48.0725 2444 GoogleDesktopManager-051210-111108 - ok
01:07:48.0756 2444 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
01:07:48.0818 2444 gpsvc - ok
01:07:48.0896 2444 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
01:07:48.0943 2444 Greg_Service - ok
01:07:48.0974 2444 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:07:48.0974 2444 gupdate - ok
01:07:49.0052 2444 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:07:49.0068 2444 gupdatem - ok
01:07:49.0130 2444 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
01:07:49.0161 2444 hcw85cir - ok
01:07:49.0193 2444 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:07:49.0239 2444 HdAudAddService - ok
01:07:49.0271 2444 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
01:07:49.0302 2444 HDAudBus - ok
01:07:49.0317 2444 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
01:07:49.0349 2444 HidBatt - ok
01:07:49.0349 2444 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
01:07:49.0364 2444 HidBth - ok
01:07:49.0395 2444 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
01:07:49.0442 2444 HidIr - ok
01:07:49.0473 2444 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
01:07:49.0505 2444 hidserv - ok
01:07:49.0567 2444 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
01:07:49.0583 2444 HidUsb - ok
01:07:49.0614 2444 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
01:07:49.0676 2444 hkmsvc - ok
01:07:49.0707 2444 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:07:49.0739 2444 HomeGroupListener - ok
01:07:49.0785 2444 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:07:49.0801 2444 HomeGroupProvider - ok
01:07:49.0832 2444 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
01:07:49.0848 2444 HpSAMD - ok
01:07:49.0879 2444 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:07:49.0941 2444 HTTP - ok
01:07:49.0973 2444 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
01:07:49.0988 2444 hwpolicy - ok
01:07:50.0019 2444 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
01:07:50.0035 2444 i8042prt - ok
01:07:50.0066 2444 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
01:07:50.0082 2444 iaStorV - ok
01:07:50.0238 2444 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
01:07:50.0269 2444 IDriverT ( UnsignedFile.Multi.Generic ) - warning
01:07:50.0269 2444 IDriverT - detected UnsignedFile.Multi.Generic (1)
01:07:50.0331 2444 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:07:50.0347 2444 idsvc - ok
01:07:50.0394 2444 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
01:07:50.0394 2444 iirsp - ok
01:07:50.0472 2444 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
01:07:50.0519 2444 IKEEXT - ok
01:07:50.0597 2444 [ E80469090249F7D6D64BE772CFA8C4C1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
01:07:50.0659 2444 IntcAzAudAddService - ok
01:07:50.0706 2444 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
01:07:50.0721 2444 intelide - ok
01:07:50.0737 2444 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
01:07:50.0768 2444 intelppm - ok
01:07:50.0831 2444 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:07:50.0862 2444 IPBusEnum - ok
01:07:50.0893 2444 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:07:50.0940 2444 IpFilterDriver - ok
01:07:50.0971 2444 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
01:07:51.0033 2444 iphlpsvc - ok
01:07:51.0080 2444 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
01:07:51.0096 2444 IPMIDRV - ok
01:07:51.0127 2444 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
01:07:51.0174 2444 IPNAT - ok
01:07:51.0236 2444 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
01:07:51.0299 2444 iPod Service - ok
01:07:51.0314 2444 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:07:51.0330 2444 IRENUM - ok
01:07:51.0377 2444 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:07:51.0392 2444 isapnp - ok
01:07:51.0439 2444 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
01:07:51.0455 2444 iScsiPrt - ok
01:07:51.0501 2444 [ 8D990A44B4F2B68E2C56A3724EC3EB84 ] itecir C:\Windows\system32\DRIVERS\itecir.sys
01:07:51.0501 2444 itecir - ok
01:07:51.0548 2444 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
01:07:51.0564 2444 kbdclass - ok
01:07:51.0626 2444 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
01:07:51.0657 2444 kbdhid - ok
01:07:51.0704 2444 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
01:07:51.0704 2444 KeyIso - ok
01:07:51.0782 2444 [ 07071C1E3CD8F0F9114AAC8B072CA1E5 ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
01:07:51.0782 2444 KMWDFILTER - ok
01:07:51.0813 2444 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:07:51.0829 2444 KSecDD - ok
01:07:51.0845 2444 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
01:07:51.0860 2444 KSecPkg - ok
01:07:51.0876 2444 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
01:07:51.0923 2444 ksthunk - ok
01:07:51.0969 2444 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
01:07:52.0016 2444 KtmRm - ok
01:07:52.0063 2444 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
01:07:52.0125 2444 LanmanServer - ok
01:07:52.0157 2444 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:07:52.0219 2444 LanmanWorkstation - ok
01:07:52.0235 2444 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:07:52.0281 2444 lltdio - ok
01:07:52.0328 2444 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:07:52.0375 2444 lltdsvc - ok
01:07:52.0375 2444 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:07:52.0406 2444 lmhosts - ok
01:07:52.0484 2444 [ 5DCD36FC4A6ECBF6E7F9B3BF7E0D0F55 ] LPDSVC C:\Windows\system32\lpdsvc.dll
01:07:52.0515 2444 LPDSVC - ok
01:07:52.0515 2444 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
01:07:52.0515 2444 LSI_FC - ok
01:07:52.0562 2444 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
01:07:52.0562 2444 LSI_SAS - ok
01:07:52.0562 2444 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:07:52.0578 2444 LSI_SAS2 - ok
01:07:52.0593 2444 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:07:52.0593 2444 LSI_SCSI - ok
01:07:52.0609 2444 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
01:07:52.0656 2444 luafv - ok
01:07:52.0687 2444 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\Windows\system32\drivers\MBfilt64.sys
01:07:52.0687 2444 MBfilt - ok
01:07:52.0718 2444 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:07:52.0749 2444 Mcx2Svc - ok
01:07:52.0781 2444 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
01:07:52.0781 2444 megasas - ok
01:07:52.0827 2444 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
01:07:52.0843 2444 MegaSR - ok
01:07:52.0905 2444 Microsoft SharePoint Workspace Audit Service - ok
01:07:52.0968 2444 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
01:07:53.0015 2444 MMCSS - ok
01:07:53.0015 2444 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
01:07:53.0046 2444 Modem - ok
01:07:53.0046 2444 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:07:53.0077 2444 monitor - ok
01:07:53.0139 2444 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
01:07:53.0155 2444 mouclass - ok
01:07:53.0155 2444 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:07:53.0186 2444 mouhid - ok
01:07:53.0249 2444 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
01:07:53.0264 2444 mountmgr - ok
01:07:53.0295 2444 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
01:07:53.0311 2444 mpio - ok
01:07:53.0327 2444 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:07:53.0373 2444 mpsdrv - ok
01:07:53.0405 2444 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
01:07:53.0467 2444 MpsSvc - ok
01:07:53.0529 2444 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:07:53.0529 2444 MRxDAV - ok
01:07:53.0561 2444 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:07:53.0592 2444 mrxsmb - ok
01:07:53.0639 2444 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:07:53.0670 2444 mrxsmb10 - ok
01:07:53.0685 2444 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:07:53.0717 2444 mrxsmb20 - ok
01:07:53.0748 2444 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
01:07:53.0748 2444 msahci - ok
01:07:53.0779 2444 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
01:07:53.0779 2444 msdsm - ok
01:07:53.0795 2444 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
01:07:53.0841 2444 MSDTC - ok
01:07:53.0873 2444 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:07:53.0919 2444 Msfs - ok
01:07:53.0935 2444 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
01:07:53.0966 2444 mshidkmdf - ok
01:07:53.0997 2444 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:07:54.0013 2444 msisadrv - ok
01:07:54.0044 2444 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:07:54.0091 2444 MSiSCSI - ok
01:07:54.0107 2444 msiserver - ok
01:07:54.0138 2444 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:07:54.0169 2444 MSKSSRV - ok
01:07:54.0169 2444 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:07:54.0216 2444 MSPCLOCK - ok
01:07:54.0216 2444 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:07:54.0247 2444 MSPQM - ok
01:07:54.0278 2444 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:07:54.0294 2444 MsRPC - ok
01:07:54.0325 2444 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
01:07:54.0325 2444 mssmbios - ok
01:07:54.0341 2444 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:07:54.0387 2444 MSTEE - ok
01:07:54.0403 2444 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
01:07:54.0403 2444 MTConfig - ok
01:07:54.0419 2444 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
01:07:54.0419 2444 Mup - ok
01:07:54.0450 2444 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
01:07:54.0497 2444 napagent - ok
01:07:54.0543 2444 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:07:54.0575 2444 NativeWifiP - ok
01:07:54.0621 2444 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
01:07:54.0653 2444 NDIS - ok
01:07:54.0668 2444 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
01:07:54.0699 2444 NdisCap - ok
01:07:54.0715 2444 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:07:54.0746 2444 NdisTapi - ok
01:07:54.0793 2444 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:07:54.0840 2444 Ndisuio - ok
01:07:54.0871 2444 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:07:54.0918 2444 NdisWan - ok
01:07:54.0949 2444 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:07:54.0996 2444 NDProxy - ok
01:07:55.0089 2444 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
01:07:55.0121 2444 Nero BackItUp Scheduler 4.0 - ok
01:07:55.0136 2444 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:07:55.0167 2444 NetBIOS - ok
01:07:55.0199 2444 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
01:07:55.0230 2444 NetBT - ok
01:07:55.0245 2444 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
01:07:55.0261 2444 Netlogon - ok
01:07:55.0323 2444 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
01:07:55.0370 2444 Netman - ok
01:07:55.0401 2444 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
01:07:55.0464 2444 netprofm - ok
01:07:55.0511 2444 [ 6B605ADC90A1DD4A9BD94FC23EF52884 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
01:07:55.0526 2444 netr28x - ok
01:07:55.0557 2444 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:07:55.0557 2444 NetTcpPortSharing - ok
01:07:55.0604 2444 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
01:07:55.0620 2444 nfrd960 - ok
01:07:55.0682 2444 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
01:07:55.0729 2444 NlaSvc - ok
01:07:55.0729 2444 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:07:55.0760 2444 Npfs - ok
01:07:55.0791 2444 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
01:07:55.0823 2444 nsi - ok
01:07:55.0838 2444 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:07:55.0854 2444 nsiproxy - ok
01:07:55.0916 2444 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:07:55.0963 2444 Ntfs - ok
01:07:56.0025 2444 [ 4C08A14D04E62963E96E0BB57BBC953B ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
01:07:56.0025 2444 NuidFltr - ok
01:07:56.0041 2444 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
01:07:56.0088 2444 Null - ok
01:07:56.0119 2444 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
01:07:56.0135 2444 nvraid - ok
01:07:56.0197 2444 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
01:07:56.0213 2444 nvstor - ok
01:07:56.0259 2444 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:07:56.0275 2444 nv_agp - ok
01:07:56.0306 2444 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
01:07:56.0322 2444 ohci1394 - ok
01:07:56.0478 2444 [ 3CE1890BDBEAC17F804C25036BBF5329 ] Olympus DVR Service C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe
01:07:56.0509 2444 Olympus DVR Service ( UnsignedFile.Multi.Generic ) - warning
01:07:56.0509 2444 Olympus DVR Service - detected UnsignedFile.Multi.Generic (1)
01:07:56.0571 2444 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:07:56.0587 2444 ose - ok
01:07:56.0712 2444 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:07:56.0821 2444 osppsvc - ok
01:07:56.0837 2444 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
01:07:56.0852 2444 p2pimsvc - ok
01:07:56.0883 2444 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
01:07:56.0899 2444 p2psvc - ok
01:07:56.0915 2444 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
01:07:56.0946 2444 Parport - ok
01:07:56.0977 2444 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:07:56.0993 2444 partmgr - ok
01:07:56.0993 2444 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
01:07:57.0024 2444 PcaSvc - ok
01:07:57.0055 2444 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
01:07:57.0071 2444 pci - ok
01:07:57.0086 2444 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
01:07:57.0102 2444 pciide - ok
01:07:57.0117 2444 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
01:07:57.0133 2444 pcmcia - ok
01:07:57.0149 2444 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
01:07:57.0149 2444 pcw - ok
01:07:57.0164 2444 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:07:57.0211 2444 PEAUTH - ok
01:07:57.0289 2444 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
01:07:57.0383 2444 PerfHost - ok
01:07:57.0445 2444 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
01:07:57.0492 2444 pla - ok
01:07:57.0554 2444 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:07:57.0570 2444 PlugPlay - ok
01:07:57.0585 2444 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
01:07:57.0601 2444 PNRPAutoReg - ok
01:07:57.0601 2444 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
01:07:57.0617 2444 PNRPsvc - ok
01:07:57.0679 2444 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
01:07:57.0679 2444 Point64 - ok
01:07:57.0726 2444 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:07:57.0757 2444 PolicyAgent - ok
01:07:57.0788 2444 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
01:07:57.0835 2444 Power - ok
01:07:57.0897 2444 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:07:57.0913 2444 PptpMiniport - ok
01:07:57.0929 2444 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
01:07:57.0960 2444 Processor - ok
01:07:57.0991 2444 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
01:07:58.0038 2444 ProfSvc - ok
01:07:58.0053 2444 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:07:58.0069 2444 ProtectedStorage - ok
01:07:58.0131 2444 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
01:07:58.0163 2444 Psched - ok
01:07:58.0209 2444 [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
01:07:58.0225 2444 PSI_SVC_2 - ok
01:07:58.0256 2444 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
01:07:58.0303 2444 ql2300 - ok
01:07:58.0303 2444 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
01:07:58.0319 2444 ql40xx - ok
01:07:58.0350 2444 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
01:07:58.0365 2444 QWAVE - ok
01:07:58.0397 2444 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:07:58.0428 2444 QWAVEdrv - ok
01:07:58.0428 2444 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:07:58.0521 2444 RasAcd - ok
01:07:58.0553 2444 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
01:07:58.0568 2444 RasAgileVpn - ok
01:07:58.0584 2444 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
01:07:58.0615 2444 RasAuto - ok
01:07:58.0646 2444 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:07:58.0677 2444 Rasl2tp - ok
01:07:58.0693 2444 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
01:07:58.0724 2444 RasMan - ok
01:07:58.0755 2444 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:07:58.0802 2444 RasPppoe - ok
01:07:58.0818 2444 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:07:58.0849 2444 RasSstp - ok
01:07:58.0880 2444 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:07:58.0943 2444 rdbss - ok
01:07:58.0974 2444 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
01:07:59.0005 2444 rdpbus - ok
01:07:59.0005 2444 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
01:07:59.0036 2444 RDPCDD - ok
01:07:59.0036 2444 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
01:07:59.0067 2444 RDPENCDD - ok
01:07:59.0083 2444 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
01:07:59.0114 2444 RDPREFMP - ok
01:07:59.0145 2444 [ 15B66C206B5CB095BAB980553F38ED23 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:07:59.0192 2444 RDPWD - ok
01:07:59.0239 2444 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
01:07:59.0239 2444 rdyboost - ok
01:07:59.0286 2444 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
01:07:59.0317 2444 RemoteAccess - ok
01:07:59.0333 2444 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:07:59.0379 2444 RemoteRegistry - ok
01:07:59.0442 2444 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
01:07:59.0457 2444 RimUsb - ok
01:07:59.0504 2444 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
01:07:59.0520 2444 RimVSerPort - ok
01:07:59.0551 2444 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
01:07:59.0582 2444 ROOTMODEM - ok
01:07:59.0645 2444 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
01:07:59.0707 2444 RpcEptMapper - ok
01:07:59.0738 2444 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
01:07:59.0754 2444 RpcLocator - ok
01:07:59.0801 2444 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
01:07:59.0832 2444 RpcSs - ok
01:07:59.0832 2444 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
01:07:59.0863 2444 rspndr - ok
01:07:59.0925 2444 [ 3CEEE53BBF8BA284FF44585CEC0162FE ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
01:07:59.0941 2444 RSUSBSTOR - ok
01:08:00.0003 2444 [ 66F9F7161D147B6486A22FEB9425930D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
01:08:00.0003 2444 RTL8167 - ok
01:08:00.0019 2444 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
01:08:00.0035 2444 SamSs - ok
01:08:00.0066 2444 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
01:08:00.0066 2444 sbp2port - ok
01:08:00.0097 2444 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:08:00.0128 2444 SCardSvr - ok
01:08:00.0159 2444 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
01:08:00.0206 2444 scfilter - ok
01:08:00.0237 2444 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
01:08:00.0300 2444 Schedule - ok
01:08:00.0362 2444 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
01:08:00.0378 2444 SCPolicySvc - ok
01:08:00.0425 2444 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:08:00.0440 2444 SDRSVC - ok
01:08:00.0487 2444 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
01:08:00.0534 2444 secdrv - ok
01:08:00.0565 2444 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
01:08:00.0612 2444 seclogon - ok
01:08:00.0659 2444 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
01:08:00.0690 2444 SENS - ok
01:08:00.0737 2444 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
01:08:00.0768 2444 SensrSvc - ok
01:08:00.0768 2444 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
01:08:00.0783 2444 Serenum - ok
01:08:00.0783 2444 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
01:08:00.0799 2444 Serial - ok
01:08:00.0846 2444 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
01:08:00.0861 2444 sermouse - ok
01:08:00.0955 2444 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
01:08:00.0971 2444 SessionEnv - ok
01:08:01.0002 2444 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
01:08:01.0033 2444 sffdisk - ok
01:08:01.0064 2444 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
01:08:01.0095 2444 sffp_mmc - ok
01:08:01.0111 2444 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
01:08:01.0142 2444 sffp_sd - ok
01:08:01.0173 2444 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
01:08:01.0205 2444 sfloppy - ok
01:08:01.0251 2444 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
01:08:01.0298 2444 SharedAccess - ok
01:08:01.0345 2444 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:08:01.0376 2444 ShellHWDetection - ok
01:08:01.0392 2444 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:08:01.0407 2444 SiSRaid2 - ok
01:08:01.0407 2444 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
01:08:01.0423 2444 SiSRaid4 - ok
01:08:01.0454 2444 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
01:08:01.0485 2444 Smb - ok
01:08:01.0532 2444 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:08:01.0563 2444 SNMPTRAP - ok
01:08:01.0563 2444 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
01:08:01.0579 2444 spldr - ok
01:08:01.0610 2444 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
01:08:01.0657 2444 Spooler - ok
01:08:01.0751 2444 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
01:08:01.0860 2444 sppsvc - ok
01:08:01.0891 2444 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
01:08:01.0938 2444 sppuinotify - ok
01:08:01.0969 2444 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
01:08:02.0016 2444 srv - ok
01:08:02.0047 2444 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:08:02.0078 2444 srv2 - ok
01:08:02.0109 2444 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:08:02.0109 2444 srvnet - ok
01:08:02.0187 2444 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:08:02.0234 2444 SSDPSRV - ok
01:08:02.0265 2444 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:08:02.0297 2444 SstpSvc - ok
01:08:02.0297 2444 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
01:08:02.0312 2444 stexstor - ok
01:08:02.0390 2444 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
01:08:02.0468 2444 stisvc - ok
01:08:02.0531 2444 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
01:08:02.0531 2444 swenum - ok
01:08:02.0655 2444 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
01:08:02.0687 2444 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
01:08:02.0687 2444 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
01:08:02.0733 2444 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
01:08:02.0796 2444 swprv - ok
01:08:02.0858 2444 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
01:08:02.0936 2444 SysMain - ok
01:08:02.0967 2444 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:08:02.0999 2444 TabletInputService - ok
01:08:03.0045 2444 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
01:08:03.0108 2444 TapiSrv - ok
01:08:03.0139 2444 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
01:08:03.0170 2444 TBS - ok
01:08:03.0264 2444 [ FC62769E7BFF2896035AEED399108162 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:08:03.0311 2444 Tcpip - ok
01:08:03.0389 2444 [ FC62769E7BFF2896035AEED399108162 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
01:08:03.0420 2444 TCPIP6 - ok
01:08:03.0451 2444 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:08:03.0498 2444 tcpipreg - ok
01:08:03.0576 2444 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
01:08:03.0607 2444 TDPIPE - ok
01:08:03.0623 2444 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
01:08:03.0638 2444 TDTCP - ok
01:08:03.0685 2444 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:08:03.0732 2444 tdx - ok
01:08:03.0903 2444 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
01:08:03.0997 2444 TeamViewer7 - ok
01:08:04.0044 2444 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
01:08:04.0044 2444 TermDD - ok
01:08:04.0075 2444 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
01:08:04.0153 2444 TermService - ok
01:08:04.0200 2444 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
01:08:04.0215 2444 Themes - ok
01:08:04.0262 2444 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
01:08:04.0278 2444 THREADORDER - ok
01:08:04.0293 2444 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
01:08:04.0340 2444 TrkWks - ok
01:08:04.0387 2444 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:08:04.0434 2444 TrustedInstaller - ok
01:08:04.0481 2444 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
01:08:04.0512 2444 tssecsrv - ok
01:08:04.0559 2444 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
01:08:04.0574 2444 TsUsbFlt - ok
01:08:04.0621 2444 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:08:04.0668 2444 tunnel - ok
01:08:04.0746 2444 [ 711561440FDC396CB6E4C69C13375A38 ] tvnserver C:\Program Files (x86)\TightVNC\tvnserver.exe
01:08:04.0777 2444 tvnserver - ok
01:08:04.0808 2444 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
01:08:04.0808 2444 uagp35 - ok
01:08:04.0839 2444 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:08:04.0886 2444 udfs - ok
01:08:04.0933 2444 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:08:04.0949 2444 UI0Detect - ok
01:08:04.0995 2444 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:08:05.0011 2444 uliagpkx - ok
01:08:05.0058 2444 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
01:08:05.0073 2444 umbus - ok
01:08:05.0089 2444 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
01:08:05.0105 2444 UmPass - ok
01:08:05.0198 2444 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
01:08:05.0198 2444 Updater Service - ok
01:08:05.0229 2444 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
01:08:05.0276 2444 upnphost - ok
01:08:05.0307 2444 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
01:08:05.0339 2444 USBAAPL64 - ok
01:08:05.0370 2444 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
01:08:05.0370 2444 usbccgp - ok
01:08:05.0401 2444 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
01:08:05.0417 2444 usbcir - ok
01:08:05.0432 2444 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
01:08:05.0463 2444 usbehci - ok
01:08:05.0495 2444 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
01:08:05.0510 2444 usbhub - ok
01:08:05.0526 2444 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
01:08:05.0541 2444 usbohci - ok
01:08:05.0588 2444 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
01:08:05.0619 2444 usbprint - ok
01:08:05.0651 2444 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
01:08:05.0682 2444 usbscan - ok
01:08:05.0713 2444 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:08:05.0744 2444 USBSTOR - ok
01:08:05.0775 2444 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
01:08:05.0775 2444 usbuhci - ok
01:08:05.0869 2444 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
01:08:05.0900 2444 usbvideo - ok
01:08:05.0916 2444 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
01:08:05.0947 2444 UxSms - ok
01:08:05.0963 2444 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
01:08:05.0963 2444 VaultSvc - ok
01:08:06.0025 2444 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
01:08:06.0025 2444 vdrvroot - ok
01:08:06.0072 2444 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
01:08:06.0119 2444 vds - ok
01:08:06.0150 2444 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
01:08:06.0181 2444 vga - ok
01:08:06.0212 2444 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
01:08:06.0243 2444 VgaSave - ok
01:08:06.0275 2444 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
01:08:06.0290 2444 vhdmp - ok
01:08:06.0321 2444 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
01:08:06.0321 2444 viaide - ok
01:08:06.0337 2444 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:08:06.0353 2444 volmgr - ok
01:08:06.0384 2444 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:08:06.0399 2444 volmgrx - ok
01:08:06.0431 2444 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:08:06.0431 2444 volsnap - ok
01:08:06.0477 2444 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
01:08:06.0477 2444 vsmraid - ok
01:08:06.0540 2444 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
01:08:06.0618 2444 VSS - ok
01:08:06.0633 2444 vToolbarUpdater13.2.0 - ok
01:08:06.0633 2444 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
01:08:06.0649 2444 vwifibus - ok
01:08:06.0665 2444 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
01:08:06.0665 2444 vwififlt - ok
01:08:06.0696 2444 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
01:08:06.0696 2444 vwifimp - ok
01:08:06.0743 2444 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
01:08:06.0789 2444 W32Time - ok
01:08:06.0789 2444 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
01:08:06.0805 2444 WacomPen - ok
01:08:06.0899 2444 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
01:08:06.0930 2444 WANARP - ok
01:08:06.0945 2444 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:08:06.0961 2444 Wanarpv6 - ok
01:08:07.0055 2444 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
01:08:07.0101 2444 WatAdminSvc - ok
01:08:07.0148 2444 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
01:08:07.0195 2444 wbengine - ok
01:08:07.0242 2444 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
01:08:07.0273 2444 WbioSrvc - ok
01:08:07.0320 2444 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:08:07.0335 2444 wcncsvc - ok
01:08:07.0367 2444 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:08:07.0382 2444 WcsPlugInService - ok
01:08:07.0398 2444 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
01:08:07.0398 2444 Wd - ok
01:08:07.0429 2444 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:08:07.0445 2444 Wdf01000 - ok
01:08:07.0460 2444 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:08:07.0476 2444 WdiServiceHost - ok
01:08:07.0476 2444 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:08:07.0491 2444 WdiSystemHost - ok
01:08:07.0538 2444 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
01:08:07.0569 2444 WebClient - ok
01:08:07.0616 2444 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:08:07.0663 2444 Wecsvc - ok
01:08:07.0694 2444 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:08:07.0725 2444 wercplsupport - ok
01:08:07.0772 2444 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
01:08:07.0803 2444 WerSvc - ok
01:08:07.0835 2444 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
01:08:07.0866 2444 WfpLwf - ok
01:08:07.0881 2444 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
01:08:07.0881 2444 WIMMount - ok
01:08:07.0913 2444 WinDefend - ok
01:08:07.0913 2444 WinHttpAutoProxySvc - ok
01:08:07.0959 2444 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
01:08:08.0022 2444 Winmgmt - ok
01:08:08.0084 2444 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
01:08:08.0147 2444 WinRM - ok
01:08:08.0240 2444 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
01:08:08.0240 2444 WinUsb - ok
01:08:08.0271 2444 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
01:08:08.0303 2444 Wlansvc - ok
01:08:08.0381 2444 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
01:08:08.0381 2444 wlcrasvc - ok
01:08:08.0505 2444 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:08:08.0568 2444 wlidsvc - ok
01:08:08.0646 2444 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
01:08:08.0693 2444 WmiAcpi - ok
01:08:08.0739 2444 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:08:08.0771 2444 wmiApSrv - ok
01:08:08.0817 2444 WMPNetworkSvc - ok
01:08:08.0864 2444 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:08:08.0864 2444 WPCSvc - ok
01:08:08.0911 2444 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:08:08.0927 2444 WPDBusEnum - ok
01:08:08.0958 2444 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:08:08.0973 2444 ws2ifsl - ok
01:08:09.0036 2444 [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(1) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
01:08:09.0036 2444 WsAudio_DeviceS(1) - ok
01:08:09.0083 2444 [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(2) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
01:08:09.0083 2444 WsAudio_DeviceS(2) - ok
01:08:09.0098 2444 [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(3) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
01:08:09.0098 2444 WsAudio_DeviceS(3) - ok
01:08:09.0114 2444 [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(4) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
01:08:09.0129 2444 WsAudio_DeviceS(4) - ok
01:08:09.0161 2444 [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(5) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
01:08:09.0161 2444 WsAudio_DeviceS(5) - ok
01:08:09.0176 2444 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
01:08:09.0207 2444 wscsvc - ok
01:08:09.0254 2444 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
01:08:09.0254 2444 WSDPrintDevice - ok
01:08:09.0317 2444 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
01:08:09.0348 2444 WSDScan - ok
01:08:09.0348 2444 WSearch - ok
01:08:09.0426 2444 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
01:08:09.0504 2444 wuauserv - ok
01:08:09.0535 2444 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
01:08:09.0582 2444 WudfPf - ok
01:08:09.0629 2444 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
01:08:09.0660 2444 WUDFRd - ok
01:08:09.0722 2444 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:08:09.0738 2444 wudfsvc - ok
01:08:09.0769 2444 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
01:08:09.0800 2444 WwanSvc - ok
01:08:09.0847 2444 ================ Scan global ===============================
01:08:09.0878 2444 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
01:08:09.0925 2444 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
01:08:09.0941 2444 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
01:08:09.0972 2444 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
01:08:10.0003 2444 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
01:08:10.0003 2444 [Global] - ok
01:08:10.0003 2444 ================ Scan MBR ==================================
01:08:10.0003 2444 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
01:08:10.0003 2444 Suspicious mbr (Forged): \Device\Harddisk0\DR0
01:08:10.0065 2444 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
01:08:10.0065 2444 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
01:08:10.0128 2444 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
01:08:10.0128 2444 \Device\Harddisk0\DR0 - detected TDSS File System (1)
01:08:10.0128 2444 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
01:08:12.0390 2444 \Device\Harddisk1\DR1 - ok
01:08:12.0390 2444 ================ Scan VBR ==================================
01:08:12.0405 2444 [ 56474B715FE83F8F865E3A557D102766 ] \Device\Harddisk0\DR0\Partition1
01:08:12.0405 2444 \Device\Harddisk0\DR0\Partition1 - ok
01:08:12.0405 2444 [ 1244D90F8DF38E7D2171382101FC79CA ] \Device\Harddisk1\DR1\Partition1
01:08:12.0405 2444 \Device\Harddisk1\DR1\Partition1 - ok
01:08:12.0405 2444 ============================================================
01:08:12.0405 2444 Scan finished
01:08:12.0405 2444 ============================================================
01:08:12.0437 2436 Detected object count: 6
01:08:12.0437 2436 Actual detected object count: 6
01:08:35.0478 2436 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
01:08:35.0478 2436 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
01:08:35.0478 2436 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
01:08:35.0478 2436 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:08:35.0494 2436 Olympus DVR Service ( UnsignedFile.Multi.Generic ) - skipped by user
01:08:35.0494 2436 Olympus DVR Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:08:35.0509 2436 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
01:08:35.0509 2436 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:08:36.0367 2436 \Device\Harddisk0\DR0\# - copied to quarantine
01:08:36.0367 2436 \Device\Harddisk0\DR0 - copied to quarantine
01:08:36.0414 2436 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
01:08:36.0414 2436 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
01:08:36.0430 2436 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
01:08:36.0430 2436 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
01:08:36.0445 2436 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
01:08:36.0445 2436 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
01:08:36.0461 2436 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
01:08:36.0461 2436 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
01:08:36.0476 2436 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
01:08:36.0476 2436 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
01:08:36.0476 2436 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
01:08:36.0476 2436 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
01:08:36.0476 2436 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
01:08:36.0476 2436 \Device\Harddisk0\DR0 - ok
01:08:36.0508 2436 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
01:08:36.0508 2436 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
01:08:36.0508 2436 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
01:09:52.0074 2228 Deinitialize success

01:12:32.0608 4452 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
01:12:32.0982 4452 ============================================================
01:12:32.0982 4452 Current date / time: 2012/11/26 01:12:32.0982
01:12:32.0982 4452 SystemInfo:
01:12:32.0982 4452
01:12:32.0982 4452 OS Version: 6.1.7601 ServicePack: 1.0
01:12:32.0982 4452 Product type: Workstation
01:12:32.0982 4452 ComputerName: MIKI-PC
01:12:32.0982 4452 UserName: Owner
01:12:32.0982 4452 Windows directory: C:\Windows
01:12:32.0982 4452 System windows directory: C:\Windows
01:12:32.0982 4452 Running under WOW64
01:12:32.0982 4452 Processor architecture: Intel x64
01:12:32.0982 4452 Number of processors: 2
01:12:32.0982 4452 Page size: 0x1000
01:12:32.0982 4452 Boot type: Normal boot
01:12:32.0982 4452 ============================================================
01:12:35.0431 4452 BG loaded
01:12:37.0803 4452 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:12:37.0818 4452 Drive \Device\Harddisk1\DR1 - Size: 0x1DE000000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:12:37.0834 4452 ============================================================
01:12:37.0834 4452 \Device\Harddisk0\DR0:
01:12:37.0834 4452 MBR partitions:
01:12:37.0834 4452 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000
01:12:37.0834 4452 \Device\Harddisk1\DR1:
01:12:37.0834 4452 MBR partitions:
01:12:37.0834 4452 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x8D8, BlocksNum 0xEEF728
01:12:37.0834 4452 ============================================================
01:12:38.0052 4452 C: <-> \Device\Harddisk0\DR0\Partition1
01:12:38.0052 4452 ============================================================
01:12:38.0052 4452 Initialize success
01:12:38.0052 4452 ============================================================
01:13:55.0160 4432 Deinitialize success

#13
mikison

Posted 26 November 2012 - 12:56 AM

Member

Topic Starter
Member
94 posts

I'm assuming you've gone to bed or are off work and getting some much needed rest.

I will head to bed and look forward to hearing from you tomorrow.
Thanks again for all your help so far!

#14
CompCav

Posted 26 November 2012 - 06:24 AM

Member 5k

Expert
12,454 posts

Thanks again for all your help so far!

You are welcome!

Please rerun TDSSKiller and follow the same instructions except

Select Delete for this line:

\Device\Harddisk0\DR0 ( TDSS File System )

Please post:

TDSSKiller log

Any BSOD info if BSOD's occur.

Regards,

CompCav

#15
mikison

Posted 26 November 2012 - 07:25 AM

Member

Topic Starter
Member
94 posts

I ran TDSS Killer again and below is the log. By the way, I do not see a PayPal link to your name to make a donation. Do I just make one to the company and earmark it for you?

08:15:20.0262 3532 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
08:15:22.0264 3532 ============================================================
08:15:22.0264 3532 Current date / time: 2012/11/26 08:15:22.0264
08:15:22.0265 3532 SystemInfo:
08:15:22.0265 3532
08:15:22.0265 3532 OS Version: 6.1.7601 ServicePack: 1.0
08:15:22.0265 3532 Product type: Workstation
08:15:22.0265 3532 ComputerName: MIKI-PC
08:15:22.0265 3532 UserName: Owner
08:15:22.0265 3532 Windows directory: C:\Windows
08:15:22.0266 3532 System windows directory: C:\Windows
08:15:22.0266 3532 Running under WOW64
08:15:22.0266 3532 Processor architecture: Intel x64
08:15:22.0266 3532 Number of processors: 2
08:15:22.0266 3532 Page size: 0x1000
08:15:22.0266 3532 Boot type: Normal boot
08:15:22.0266 3532 ============================================================
08:15:26.0108 3532 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:15:26.0120 3532 ============================================================
08:15:26.0120 3532 \Device\Harddisk0\DR0:
08:15:26.0141 3532 MBR partitions:
08:15:26.0142 3532 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000
08:15:26.0142 3532 ============================================================
08:15:26.0250 3532 C: <-> \Device\Harddisk0\DR0\Partition1
08:15:26.0250 3532 ============================================================
08:15:26.0251 3532 Initialize success
08:15:26.0251 3532 ============================================================
08:15:56.0371 3100 ============================================================
08:15:56.0371 3100 Scan started
08:15:56.0371 3100 Mode: Manual; SigCheck; TDLFS;
08:15:56.0371 3100 ============================================================
08:16:02.0469 3100 ================ Scan system memory ========================
08:16:02.0469 3100 System memory - ok
08:16:02.0471 3100 ================ Scan services =============================
08:16:04.0524 3100 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:16:05.0088 3100 1394ohci - ok
08:16:05.0243 3100 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:16:05.0306 3100 ACPI - ok
08:16:05.0450 3100 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:16:05.0857 3100 AcpiPmi - ok
08:16:06.0257 3100 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
08:16:06.0303 3100 adp94xx - ok
08:16:06.0477 3100 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
08:16:06.0566 3100 adpahci - ok
08:16:06.0681 3100 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
08:16:06.0704 3100 adpu320 - ok
08:16:06.0750 3100 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:16:07.0774 3100 AeLookupSvc - ok
08:16:08.0069 3100 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
08:16:08.0315 3100 AFD - ok
08:16:08.0430 3100 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
08:16:08.0533 3100 agp440 - ok
08:16:10.0379 3100 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
08:16:10.0379 3100 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
08:16:10.0388 3100 Akamai ( HiddenFile.Multi.Generic ) - warning
08:16:10.0389 3100 Akamai - detected HiddenFile.Multi.Generic (1)
08:16:10.0523 3100 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
08:16:10.0640 3100 ALG - ok
08:16:10.0774 3100 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
08:16:10.0880 3100 aliide - ok
08:16:11.0134 3100 [ 8F6C0FF277DBFE5EBED24E3543DA7BFA ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
08:16:11.0392 3100 AMD External Events Utility - ok
08:16:11.0507 3100 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
08:16:11.0575 3100 amdide - ok
08:16:11.0737 3100 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
08:16:12.0004 3100 AmdK8 - ok
08:16:13.0571 3100 [ 9673319070166E26660EBA4EDF316FA2 ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
08:16:13.0840 3100 amdkmdag - ok
08:16:13.0982 3100 [ 430D06D63952848E64CBBF23B5C1479E ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
08:16:14.0074 3100 amdkmdap - ok
08:16:14.0146 3100 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
08:16:14.0179 3100 AmdPPM - ok
08:16:14.0234 3100 [ 53D8D46D51D390ABDB54ECA623165CB7 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
08:16:14.0247 3100 amdsata - ok
08:16:14.0348 3100 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
08:16:14.0515 3100 amdsbs - ok
08:16:14.0601 3100 [ 75C51148154E34EB3D7BB84749A758D5 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
08:16:14.0653 3100 amdxata - ok
08:16:14.0970 3100 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
08:16:16.0658 3100 AppID - ok
08:16:16.0755 3100 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:16:16.0887 3100 AppIDSvc - ok
08:16:17.0039 3100 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
08:16:17.0155 3100 Appinfo - ok
08:16:17.0518 3100 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:16:17.0560 3100 Apple Mobile Device - ok
08:16:17.0680 3100 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
08:16:17.0739 3100 arc - ok
08:16:17.0790 3100 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
08:16:17.0852 3100 arcsas - ok
08:16:18.0156 3100 aspnet_state - ok
08:16:18.0315 3100 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:16:18.0486 3100 AsyncMac - ok
08:16:18.0611 3100 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
08:16:18.0699 3100 atapi - ok
08:16:18.0944 3100 [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
08:16:18.0986 3100 AtiPcie - ok
08:16:19.0356 3100 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:16:19.0505 3100 AudioEndpointBuilder - ok
08:16:19.0568 3100 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:16:19.0621 3100 AudioSrv - ok
08:16:19.0972 3100 [ 3D1FFAA3358CA0D8A298DEA8BECFC468 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6a.sys
08:16:20.0012 3100 Avgfwfd - ok
08:16:23.0810 3100 [ 733D86815BEB34E2982BC7F561C35AE3 ] avgfws C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
08:16:24.0221 3100 avgfws - ok
08:16:39.0014 3100 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
08:16:40.0815 3100 AVGIDSAgent - ok
08:16:41.0031 3100 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
08:16:41.0102 3100 AVGIDSDriver - ok
08:16:41.0350 3100 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
08:16:41.0406 3100 AVGIDSHA - ok
08:16:42.0123 3100 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
08:16:42.0179 3100 Avgldx64 - ok
08:16:42.0338 3100 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
08:16:42.0446 3100 Avgloga - ok
08:16:42.0586 3100 [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
08:16:42.0655 3100 Avgmfx64 - ok
08:16:42.0859 3100 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
08:16:42.0958 3100 Avgrkx64 - ok
08:16:43.0151 3100 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
08:16:43.0221 3100 Avgtdia - ok
08:16:43.0550 3100 [ 371428CF0F71934CB0F2344823ADFA32 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
08:16:43.0591 3100 avgtp - ok
08:16:43.0719 3100 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
08:16:43.0774 3100 avgwd - ok
08:16:43.0982 3100 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:16:44.0074 3100 AxInstSV - ok
08:16:44.0305 3100 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
08:16:44.0444 3100 b06bdrv - ok
08:16:44.0605 3100 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
08:16:44.0717 3100 b57nd60a - ok
08:16:44.0793 3100 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
08:16:44.0872 3100 BDESVC - ok
08:16:45.0014 3100 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
08:16:45.0229 3100 Beep - ok
08:16:45.0700 3100 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
08:16:45.0877 3100 BFE - ok
08:16:47.0959 3100 [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen C:\Windows\SysWOW64\bgsvcgen.exe
08:16:48.0038 3100 bgsvcgen - ok
08:16:48.0395 3100 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
08:16:48.0578 3100 BITS - ok
08:16:48.0673 3100 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
08:16:48.0806 3100 blbdrive - ok
08:16:49.0417 3100 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:16:49.0476 3100 Bonjour Service - ok
08:16:49.0658 3100 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:16:49.0808 3100 bowser - ok
08:16:49.0923 3100 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:16:50.0490 3100 BrFiltLo - ok
08:16:50.0548 3100 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:16:50.0667 3100 BrFiltUp - ok
08:16:50.0730 3100 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
08:16:50.0821 3100 Browser - ok
08:16:50.0930 3100 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:16:51.0032 3100 Brserid - ok
08:16:51.0065 3100 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:16:51.0196 3100 BrSerWdm - ok
08:16:51.0266 3100 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:16:51.0336 3100 BrUsbMdm - ok
08:16:51.0348 3100 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:16:51.0383 3100 BrUsbSer - ok
08:16:51.0492 3100 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
08:16:51.0582 3100 BTHMODEM - ok
08:16:51.0696 3100 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
08:16:51.0834 3100 bthserv - ok
08:16:54.0487 3100 [ 12E44CBF45E914B7124EBC0CBFDCCC10 ] CarboniteService C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
08:16:55.0085 3100 CarboniteService - ok
08:16:55.0125 3100 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:16:55.0239 3100 cdfs - ok
08:16:55.0533 3100 [ 9EDD76D0800A022AE10B9243D0224E72 ] cdrbsdrv C:\Windows\system32\drivers\cdrbsdrv.sys
08:16:55.0614 3100 cdrbsdrv - ok
08:16:55.0764 3100 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
08:16:55.0838 3100 cdrom - ok
08:16:55.0961 3100 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
08:16:56.0050 3100 CertPropSvc - ok
08:16:56.0245 3100 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
08:16:56.0340 3100 circlass - ok
08:16:56.0424 3100 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
08:16:56.0492 3100 CLFS - ok
08:16:56.0542 3100 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:16:56.0626 3100 clr_optimization_v2.0.50727_32 - ok
08:16:56.0843 3100 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:16:56.0906 3100 clr_optimization_v2.0.50727_64 - ok
08:16:57.0372 3100 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:16:57.0627 3100 clr_optimization_v4.0.30319_32 - ok
08:16:57.0902 3100 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:16:58.0000 3100 clr_optimization_v4.0.30319_64 - ok
08:16:58.0138 3100 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
08:16:58.0225 3100 CmBatt - ok
08:16:58.0291 3100 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:16:58.0336 3100 cmdide - ok
08:16:58.0594 3100 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
08:16:58.0769 3100 CNG - ok
08:16:58.0879 3100 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
08:16:58.0960 3100 Compbatt - ok
08:16:59.0072 3100 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
08:16:59.0201 3100 CompositeBus - ok
08:16:59.0256 3100 COMSysApp - ok
08:16:59.0289 3100 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
08:16:59.0360 3100 crcdisk - ok
08:16:59.0517 3100 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:16:59.0604 3100 CryptSvc - ok
08:16:59.0779 3100 [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
08:16:59.0839 3100 dc3d - ok
08:17:00.0039 3100 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:17:00.0149 3100 DcomLaunch - ok
08:17:00.0326 3100 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
08:17:00.0448 3100 defragsvc - ok
08:17:00.0581 3100 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:17:00.0798 3100 DfsC - ok
08:17:01.0085 3100 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
08:17:01.0217 3100 Dhcp - ok
08:17:01.0258 3100 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
08:17:01.0371 3100 discache - ok
08:17:01.0493 3100 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
08:17:01.0557 3100 Disk - ok
08:17:01.0647 3100 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:17:01.0781 3100 Dnscache - ok
08:17:01.0866 3100 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
08:17:02.0004 3100 dot3svc - ok
08:17:02.0082 3100 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
08:17:02.0199 3100 DPS - ok
08:17:02.0345 3100 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:17:02.0502 3100 drmkaud - ok
08:17:02.0863 3100 [ 3EEF0B3489EDBF725564E17C77CABAFD ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys
08:17:03.0133 3100 dsNcAdpt - ok
08:17:03.0828 3100 [ 824C188936FDC1B20FB32192B57CDEBA ] dsNcService C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
08:17:03.0956 3100 dsNcService - ok
08:17:04.0528 3100 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:17:04.0599 3100 DXGKrnl - ok
08:17:04.0699 3100 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
08:17:04.0811 3100 EapHost - ok
08:17:06.0001 3100 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
08:17:06.0292 3100 ebdrv - ok
08:17:06.0345 3100 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
08:17:06.0518 3100 EFS - ok
08:17:07.0019 3100 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:17:07.0120 3100 ehRecvr - ok
08:17:07.0213 3100 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
08:17:07.0306 3100 ehSched - ok
08:17:07.0448 3100 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
08:17:07.0495 3100 elxstor - ok
08:17:07.0564 3100 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:17:07.0670 3100 ErrDev - ok
08:17:07.0977 3100 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
08:17:08.0119 3100 EventSystem - ok
08:17:08.0238 3100 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
08:17:08.0342 3100 exfat - ok
08:17:08.0456 3100 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:17:08.0602 3100 fastfat - ok
08:17:08.0988 3100 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
08:17:09.0124 3100 Fax - ok
08:17:09.0208 3100 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
08:17:09.0335 3100 fdc - ok
08:17:09.0422 3100 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
08:17:09.0546 3100 fdPHost - ok
08:17:09.0568 3100 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
08:17:09.0685 3100 FDResPub - ok
08:17:09.0709 3100 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:17:09.0721 3100 FileInfo - ok
08:17:09.0728 3100 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:17:09.0779 3100 Filetrace - ok
08:17:09.0822 3100 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
08:17:09.0896 3100 flpydisk - ok
08:17:09.0994 3100 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:17:10.0032 3100 FltMgr - ok
08:17:10.0293 3100 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
08:17:10.0437 3100 FontCache - ok
08:17:10.0525 3100 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:17:10.0555 3100 FontCache3.0.0.0 - ok
08:17:10.0598 3100 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:17:10.0621 3100 FsDepends - ok
08:17:10.0745 3100 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
08:17:10.0782 3100 fssfltr - ok
08:17:11.0148 3100 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
08:17:11.0206 3100 fsssvc - ok
08:17:11.0254 3100 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:17:11.0276 3100 Fs_Rec - ok
08:17:11.0454 3100 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:17:11.0491 3100 fvevol - ok
08:17:11.0589 3100 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
08:17:11.0629 3100 gagp30kx - ok
08:17:11.0895 3100 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
08:17:11.0994 3100 GamesAppService - ok
08:17:12.0119 3100 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:17:12.0166 3100 GEARAspiWDM - ok
08:17:12.0405 3100 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
08:17:12.0441 3100 GoogleDesktopManager-051210-111108 - ok
08:17:12.0666 3100 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
08:17:12.0750 3100 gpsvc - ok
08:17:13.0086 3100 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
08:17:13.0143 3100 Greg_Service - ok
08:17:13.0262 3100 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:17:13.0287 3100 gupdate - ok
08:17:13.0361 3100 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:17:13.0376 3100 gupdatem - ok
08:17:13.0452 3100 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:17:13.0489 3100 hcw85cir - ok
08:17:13.0528 3100 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:17:13.0581 3100 HdAudAddService - ok
08:17:13.0627 3100 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
08:17:13.0674 3100 HDAudBus - ok
08:17:13.0702 3100 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
08:17:13.0739 3100 HidBatt - ok
08:17:13.0747 3100 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
08:17:13.0845 3100 HidBth - ok
08:17:13.0870 3100 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
08:17:13.0947 3100 HidIr - ok
08:17:13.0978 3100 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
08:17:14.0009 3100 hidserv - ok
08:17:14.0088 3100 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:17:14.0491 3100 HidUsb - ok
08:17:14.0540 3100 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:17:14.0692 3100 hkmsvc - ok
08:17:14.0747 3100 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:17:14.0825 3100 HomeGroupListener - ok
08:17:14.0901 3100 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:17:14.0983 3100 HomeGroupProvider - ok
08:17:15.0097 3100 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:17:15.0124 3100 HpSAMD - ok
08:17:15.0187 3100 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:17:15.0276 3100 HTTP - ok
08:17:15.0328 3100 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:17:15.0352 3100 hwpolicy - ok
08:17:15.0413 3100 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
08:17:15.0509 3100 i8042prt - ok
08:17:15.0776 3100 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:17:15.0845 3100 iaStorV - ok
08:17:16.0260 3100 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
08:17:16.0309 3100 IDriverT ( UnsignedFile.Multi.Generic ) - warning
08:17:16.0309 3100 IDriverT - detected UnsignedFile.Multi.Generic (1)
08:17:16.0480 3100 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:17:16.0660 3100 idsvc - ok
08:17:16.0723 3100 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
08:17:16.0735 3100 iirsp - ok
08:17:16.0982 3100 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
08:17:17.0118 3100 IKEEXT - ok
08:17:17.0350 3100 [ E80469090249F7D6D64BE772CFA8C4C1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
08:17:17.0414 3100 IntcAzAudAddService - ok
08:17:17.0607 3100 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
08:17:17.0633 3100 intelide - ok
08:17:17.0683 3100 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:17:17.0753 3100 intelppm - ok
08:17:17.0832 3100 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:17:17.0906 3100 IPBusEnum - ok
08:17:17.0970 3100 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:17:18.0055 3100 IpFilterDriver - ok
08:17:18.0188 3100 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:17:18.0349 3100 iphlpsvc - ok
08:17:18.0413 3100 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:17:18.0506 3100 IPMIDRV - ok
08:17:18.0552 3100 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:17:18.0663 3100 IPNAT - ok
08:17:19.0018 3100 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:17:19.0062 3100 iPod Service - ok
08:17:19.0128 3100 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:17:19.0236 3100 IRENUM - ok
08:17:19.0325 3100 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:17:19.0336 3100 isapnp - ok
08:17:19.0370 3100 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:17:19.0410 3100 iScsiPrt - ok
08:17:19.0480 3100 [ 8D990A44B4F2B68E2C56A3724EC3EB84 ] itecir C:\Windows\system32\DRIVERS\itecir.sys
08:17:19.0494 3100 itecir - ok
08:17:19.0547 3100 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
08:17:19.0564 3100 kbdclass - ok
08:17:19.0623 3100 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
08:17:19.0658 3100 kbdhid - ok
08:17:19.0695 3100 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
08:17:19.0706 3100 KeyIso - ok
08:17:19.0774 3100 [ 07071C1E3CD8F0F9114AAC8B072CA1E5 ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
08:17:19.0785 3100 KMWDFILTER - ok
08:17:19.0853 3100 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:17:19.0896 3100 KSecDD - ok
08:17:19.0962 3100 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:17:20.0007 3100 KSecPkg - ok
08:17:20.0046 3100 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:17:20.0112 3100 ksthunk - ok
08:17:20.0161 3100 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
08:17:20.0258 3100 KtmRm - ok
08:17:20.0374 3100 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
08:17:20.0465 3100 LanmanServer - ok
08:17:20.0501 3100 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:17:20.0605 3100 LanmanWorkstation - ok
08:17:20.0680 3100 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:17:20.0764 3100 lltdio - ok
08:17:20.0897 3100 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:17:20.0992 3100 lltdsvc - ok
08:17:21.0002 3100 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:17:21.0053 3100 lmhosts - ok
08:17:21.0169 3100 [ 5DCD36FC4A6ECBF6E7F9B3BF7E0D0F55 ] LPDSVC C:\Windows\system32\lpdsvc.dll
08:17:21.0226 3100 LPDSVC - ok
08:17:21.0282 3100 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
08:17:21.0327 3100 LSI_FC - ok
08:17:21.0393 3100 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
08:17:21.0460 3100 LSI_SAS - ok
08:17:21.0492 3100 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:17:21.0505 3100 LSI_SAS2 - ok
08:17:21.0549 3100 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:17:21.0563 3100 LSI_SCSI - ok
08:17:21.0631 3100 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
08:17:21.0723 3100 luafv - ok
08:17:21.0781 3100 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\Windows\system32\drivers\MBfilt64.sys
08:17:21.0838 3100 MBfilt - ok
08:17:21.0869 3100 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:17:21.0934 3100 Mcx2Svc - ok
08:17:21.0957 3100 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
08:17:21.0983 3100 megasas - ok
08:17:22.0061 3100 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
08:17:22.0108 3100 MegaSR - ok
08:17:22.0328 3100 Microsoft SharePoint Workspace Audit Service - ok
08:17:22.0384 3100 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
08:17:22.0461 3100 MMCSS - ok
08:17:22.0494 3100 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
08:17:22.0550 3100 Modem - ok
08:17:22.0645 3100 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:17:22.0737 3100 monitor - ok
08:17:22.0796 3100 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:17:22.0827 3100 mouclass - ok
08:17:22.0930 3100 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:17:23.0013 3100 mouhid - ok
08:17:23.0050 3100 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:17:23.0063 3100 mountmgr - ok
08:17:23.0116 3100 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
08:17:23.0130 3100 mpio - ok
08:17:23.0153 3100 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:17:23.0201 3100 mpsdrv - ok
08:17:23.0232 3100 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:17:23.0411 3100 MpsSvc - ok
08:17:23.0450 3100 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:17:23.0497 3100 MRxDAV - ok
08:17:23.0541 3100 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:17:23.0646 3100 mrxsmb - ok
08:17:23.0830 3100 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:17:23.0911 3100 mrxsmb10 - ok
08:17:23.0942 3100 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:17:23.0997 3100 mrxsmb20 - ok
08:17:24.0043 3100 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
08:17:24.0093 3100 msahci - ok
08:17:24.0159 3100 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:17:24.0207 3100 msdsm - ok
08:17:24.0255 3100 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
08:17:24.0289 3100 MSDTC - ok
08:17:24.0397 3100 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:17:24.0508 3100 Msfs - ok
08:17:24.0530 3100 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:17:24.0661 3100 mshidkmdf - ok
08:17:24.0705 3100 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:17:24.0786 3100 msisadrv - ok
08:17:24.0926 3100 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:17:25.0024 3100 MSiSCSI - ok
08:17:25.0028 3100 msiserver - ok
08:17:25.0168 3100 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:17:25.0231 3100 MSKSSRV - ok
08:17:25.0265 3100 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:17:25.0424 3100 MSPCLOCK - ok
08:17:25.0480 3100 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:17:25.0570 3100 MSPQM - ok
08:17:25.0722 3100 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:17:25.0778 3100 MsRPC - ok
08:17:25.0856 3100 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
08:17:25.0887 3100 mssmbios - ok
08:17:26.0043 3100 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:17:26.0185 3100 MSTEE - ok
08:17:26.0220 3100 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
08:17:26.0276 3100 MTConfig - ok
08:17:26.0345 3100 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
08:17:26.0415 3100 Mup - ok
08:17:26.0589 3100 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
08:17:26.0674 3100 napagent - ok
08:17:26.0879 3100 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:17:26.0956 3100 NativeWifiP - ok
08:17:27.0248 3100 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
08:17:27.0294 3100 NDIS - ok
08:17:27.0428 3100 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:17:27.0554 3100 NdisCap - ok
08:17:27.0600 3100 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:17:27.0708 3100 NdisTapi - ok
08:17:27.0854 3100 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:17:28.0034 3100 Ndisuio - ok
08:17:28.0141 3100 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:17:28.0271 3100 NdisWan - ok
08:17:28.0335 3100 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:17:28.0579 3100 NDProxy - ok
08:17:29.0171 3100 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
08:17:29.0413 3100 Nero BackItUp Scheduler 4.0 - ok
08:17:29.0517 3100 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:17:29.0605 3100 NetBIOS - ok
08:17:29.0703 3100 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:17:29.0815 3100 NetBT - ok
08:17:29.0854 3100 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
08:17:29.0865 3100 Netlogon - ok
08:17:29.0955 3100 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
08:17:30.0064 3100 Netman - ok
08:17:30.0209 3100 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
08:17:30.0306 3100 netprofm - ok
08:17:30.0642 3100 [ 6B605ADC90A1DD4A9BD94FC23EF52884 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
08:17:30.0692 3100 netr28x - ok
08:17:30.0753 3100 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:17:30.0783 3100 NetTcpPortSharing - ok
08:17:30.0845 3100 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
08:17:30.0913 3100 nfrd960 - ok
08:17:30.0975 3100 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:17:31.0012 3100 NlaSvc - ok
08:17:31.0046 3100 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:17:31.0114 3100 Npfs - ok
08:17:31.0140 3100 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
08:17:31.0189 3100 nsi - ok
08:17:31.0207 3100 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:17:31.0237 3100 nsiproxy - ok
08:17:31.0447 3100 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:17:31.0532 3100 Ntfs - ok
08:17:31.0589 3100 [ 4C08A14D04E62963E96E0BB57BBC953B ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
08:17:31.0599 3100 NuidFltr - ok
08:17:31.0633 3100 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
08:17:31.0728 3100 Null - ok
08:17:31.0776 3100 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:17:31.0807 3100 nvraid - ok
08:17:31.0883 3100 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:17:31.0936 3100 nvstor - ok
08:17:32.0002 3100 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:17:32.0045 3100 nv_agp - ok
08:17:32.0078 3100 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:17:32.0090 3100 ohci1394 - ok
08:17:32.0278 3100 [ 3CE1890BDBEAC17F804C25036BBF5329 ] Olympus DVR Service C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe
08:17:32.0315 3100 Olympus DVR Service ( UnsignedFile.Multi.Generic ) - warning
08:17:32.0315 3100 Olympus DVR Service - detected UnsignedFile.Multi.Generic (1)
08:17:32.0401 3100 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:17:32.0428 3100 ose - ok
08:17:32.0708 3100 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:17:32.0865 3100 osppsvc - ok
08:17:32.0930 3100 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:17:32.0966 3100 p2pimsvc - ok
08:17:33.0080 3100 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
08:17:33.0153 3100 p2psvc - ok
08:17:33.0183 3100 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
08:17:33.0240 3100 Parport - ok
08:17:33.0283 3100 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:17:33.0308 3100 partmgr - ok
08:17:33.0332 3100 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:17:33.0372 3100 PcaSvc - ok
08:17:33.0409 3100 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
08:17:33.0450 3100 pci - ok
08:17:33.0484 3100 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
08:17:33.0519 3100 pciide - ok
08:17:33.0543 3100 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
08:17:33.0558 3100 pcmcia - ok
08:17:33.0562 3100 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
08:17:33.0575 3100 pcw - ok
08:17:33.0585 3100 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:17:33.0647 3100 PEAUTH - ok
08:17:33.0893 3100 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:17:33.0989 3100 PerfHost - ok
08:17:34.0148 3100 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
08:17:34.0277 3100 pla - ok
08:17:34.0424 3100 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:17:34.0473 3100 PlugPlay - ok
08:17:34.0491 3100 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:17:34.0531 3100 PNRPAutoReg - ok
08:17:34.0546 3100 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:17:34.0559 3100 PNRPsvc - ok
08:17:34.0617 3100 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
08:17:34.0645 3100 Point64 - ok
08:17:34.0828 3100 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:17:34.0889 3100 PolicyAgent - ok
08:17:34.0942 3100 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
08:17:35.0037 3100 Power - ok
08:17:35.0086 3100 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:17:35.0116 3100 PptpMiniport - ok
08:17:35.0164 3100 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
08:17:35.0219 3100 Processor - ok
08:17:35.0267 3100 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
08:17:35.0295 3100 ProfSvc - ok
08:17:35.0320 3100 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:17:35.0331 3100 ProtectedStorage - ok
08:17:35.0404 3100 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:17:35.0478 3100 Psched - ok
08:17:35.0549 3100 [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
08:17:35.0579 3100 PSI_SVC_2 - ok
08:17:35.0700 3100 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
08:17:35.0761 3100 ql2300 - ok
08:17:35.0788 3100 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
08:17:35.0801 3100 ql40xx - ok
08:17:35.0877 3100 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
08:17:35.0966 3100 QWAVE - ok
08:17:35.0971 3100 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:17:35.0992 3100 QWAVEdrv - ok
08:17:35.0996 3100 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:17:36.0037 3100 RasAcd - ok
08:17:36.0085 3100 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:17:36.0134 3100 RasAgileVpn - ok
08:17:36.0163 3100 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
08:17:36.0196 3100 RasAuto - ok
08:17:36.0236 3100 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:17:36.0292 3100 Rasl2tp - ok
08:17:36.0329 3100 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
08:17:36.0377 3100 RasMan - ok
08:17:36.0404 3100 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:17:36.0454 3100 RasPppoe - ok
08:17:36.0475 3100 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:17:36.0523 3100 RasSstp - ok
08:17:36.0643 3100 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:17:36.0716 3100 rdbss - ok
08:17:36.0746 3100 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
08:17:36.0824 3100 rdpbus - ok
08:17:36.0829 3100 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:17:36.0864 3100 RDPCDD - ok
08:17:36.0871 3100 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:17:36.0918 3100 RDPENCDD - ok
08:17:36.0927 3100 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:17:36.0971 3100 RDPREFMP - ok
08:17:37.0097 3100 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
08:17:37.0138 3100 RdpVideoMiniport - ok
08:17:37.0212 3100 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:17:37.0368 3100 RDPWD - ok
08:17:37.0407 3100 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:17:37.0436 3100 rdyboost - ok
08:17:37.0458 3100 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:17:37.0489 3100 RemoteAccess - ok
08:17:37.0544 3100 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:17:37.0687 3100 RemoteRegistry - ok
08:17:37.0758 3100 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
08:17:37.0821 3100 RimUsb - ok
08:17:37.0871 3100 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
08:17:37.0897 3100 RimVSerPort - ok
08:17:37.0928 3100 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
08:17:38.0027 3100 ROOTMODEM - ok
08:17:38.0087 3100 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:17:38.0140 3100 RpcEptMapper - ok
08:17:38.0179 3100 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
08:17:38.0221 3100 RpcLocator - ok
08:17:38.0323 3100 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
08:17:38.0393 3100 RpcSs - ok
08:17:38.0480 3100 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:17:38.0563 3100 rspndr - ok
08:17:38.0626 3100 [ 3CEEE53BBF8BA284FF44585CEC0162FE ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
08:17:38.0752 3100 RSUSBSTOR - ok
08:17:38.0828 3100 [ 66F9F7161D147B6486A22FEB9425930D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
08:17:38.0876 3100 RTL8167 - ok
08:17:38.0912 3100 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
08:17:38.0922 3100 SamSs - ok
08:17:38.0960 3100 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:17:39.0002 3100 sbp2port - ok
08:17:39.0075 3100 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:17:39.0159 3100 SCardSvr - ok
08:17:39.0186 3100 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:17:39.0234 3100 scfilter - ok
08:17:39.0307 3100 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
08:17:39.0469 3100 Schedule - ok
08:17:39.0519 3100 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
08:17:39.0572 3100 SCPolicySvc - ok
08:17:39.0634 3100 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:17:39.0715 3100 SDRSVC - ok
08:17:39.0752 3100 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:17:39.0840 3100 secdrv - ok
08:17:39.0876 3100 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
08:17:39.0966 3100 seclogon - ok
08:17:40.0023 3100 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
08:17:40.0104 3100 SENS - ok
08:17:40.0143 3100 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:17:40.0177 3100 SensrSvc - ok
08:17:40.0186 3100 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
08:17:40.0197 3100 Serenum - ok
08:17:40.0237 3100 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
08:17:40.0266 3100 Serial - ok
08:17:40.0301 3100 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
08:17:40.0340 3100 sermouse - ok
08:17:40.0394 3100 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
08:17:40.0424 3100 SessionEnv - ok
08:17:40.0453 3100 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:17:40.0484 3100 sffdisk - ok
08:17:40.0517 3100 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:17:40.0546 3100 sffp_mmc - ok
08:17:40.0565 3100 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:17:40.0599 3100 sffp_sd - ok
08:17:40.0603 3100 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
08:17:40.0619 3100 sfloppy - ok
08:17:40.0665 3100 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:17:40.0715 3100 SharedAccess - ok
08:17:40.0769 3100 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:17:40.0842 3100 ShellHWDetection - ok
08:17:40.0896 3100 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:17:40.0921 3100 SiSRaid2 - ok
08:17:40.0927 3100 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
08:17:40.0943 3100 SiSRaid4 - ok
08:17:40.0976 3100 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:17:41.0023 3100 Smb - ok
08:17:41.0058 3100 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:17:41.0093 3100 SNMPTRAP - ok
08:17:41.0097 3100 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
08:17:41.0108 3100 spldr - ok
08:17:41.0269 3100 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
08:17:41.0323 3100 Spooler - ok
08:17:41.0595 3100 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
08:17:41.0767 3100 sppsvc - ok
08:17:41.0796 3100 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:17:41.0854 3100 sppuinotify - ok
08:17:41.0983 3100 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
08:17:42.0038 3100 srv - ok
08:17:42.0072 3100 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:17:42.0129 3100 srv2 - ok
08:17:42.0161 3100 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:17:42.0206 3100 srvnet - ok
08:17:42.0226 3100 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:17:42.0295 3100 SSDPSRV - ok
08:17:42.0341 3100 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:17:42.0414 3100 SstpSvc - ok
08:17:42.0485 3100 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
08:17:42.0511 3100 stexstor - ok
08:17:42.0580 3100 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
08:17:42.0629 3100 stisvc - ok
08:17:42.0661 3100 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
08:17:42.0706 3100 swenum - ok
08:17:42.0840 3100 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
08:17:42.0897 3100 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
08:17:42.0898 3100 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
08:17:43.0012 3100 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
08:17:43.0095 3100 swprv - ok
08:17:43.0192 3100 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
08:17:43.0311 3100 SysMain - ok
08:17:43.0359 3100 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:17:43.0411 3100 TabletInputService - ok
08:17:43.0442 3100 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
08:17:43.0495 3100 TapiSrv - ok
08:17:43.0524 3100 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
08:17:43.0555 3100 TBS - ok
08:17:43.0724 3100 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:17:43.0802 3100 Tcpip - ok
08:17:43.0851 3100 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:17:43.0885 3100 TCPIP6 - ok
08:17:43.0937 3100 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:17:43.0997 3100 tcpipreg - ok
08:17:44.0057 3100 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:17:44.0081 3100 TDPIPE - ok
08:17:44.0104 3100 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:17:44.0226 3100 TDTCP - ok
08:17:44.0277 3100 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:17:44.0360 3100 tdx - ok
08:17:44.0851 3100 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
08:17:44.0972 3100 TeamViewer7 - ok
08:17:45.0111 3100 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
08:17:45.0148 3100 TermDD - ok
08:17:45.0264 3100 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
08:17:45.0360 3100 TermService - ok
08:17:45.0423 3100 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
08:17:45.0492 3100 Themes - ok
08:17:45.0535 3100 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
08:17:45.0589 3100 THREADORDER - ok
08:17:45.0632 3100 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
08:17:45.0723 3100 TrkWks - ok
08:17:45.0814 3100 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:17:45.0895 3100 TrustedInstaller - ok
08:17:45.0955 3100 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:17:46.0026 3100 tssecsrv - ok
08:17:46.0098 3100 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:17:46.0248 3100 TsUsbFlt - ok
08:17:46.0293 3100 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:17:46.0329 3100 tunnel - ok
08:17:46.0436 3100 [ 711561440FDC396CB6E4C69C13375A38 ] tvnserver C:\Program Files (x86)\TightVNC\tvnserver.exe
08:17:46.0499 3100 tvnserver - ok
08:17:46.0538 3100 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
08:17:46.0550 3100 uagp35 - ok
08:17:46.0599 3100 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:17:46.0663 3100 udfs - ok
08:17:46.0722 3100 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:17:46.0782 3100 UI0Detect - ok
08:17:46.0820 3100 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:17:46.0843 3100 uliagpkx - ok
08:17:46.0891 3100 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
08:17:46.0919 3100 umbus - ok
08:17:46.0938 3100 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
08:17:46.0985 3100 UmPass - ok
08:17:47.0056 3100 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
08:17:47.0096 3100 Updater Service - ok
08:17:47.0165 3100 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
08:17:47.0237 3100 upnphost - ok
08:17:47.0272 3100 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
08:17:47.0317 3100 USBAAPL64 - ok
08:17:47.0348 3100 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:17:47.0498 3100 usbccgp - ok
08:17:47.0524 3100 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:17:47.0551 3100 usbcir - ok
08:17:47.0578 3100 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:17:47.0620 3100 usbehci - ok
08:17:47.0661 3100 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:17:47.0721 3100 usbhub - ok
08:17:47.0772 3100 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
08:17:47.0814 3100 usbohci - ok
08:17:47.0864 3100 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:17:47.0893 3100 usbprint - ok
08:17:47.0925 3100 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
08:17:47.0992 3100 usbscan - ok
08:17:48.0014 3100 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:17:48.0042 3100 USBSTOR - ok
08:17:48.0072 3100 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
08:17:48.0084 3100 usbuhci - ok
08:17:48.0210 3100 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
08:17:48.0295 3100 usbvideo - ok
08:17:48.0336 3100 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
08:17:48.0408 3100 UxSms - ok
08:17:48.0437 3100 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
08:17:48.0447 3100 VaultSvc - ok
08:17:48.0520 3100 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:17:48.0570 3100 vdrvroot - ok
08:17:48.0614 3100 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
08:17:48.0681 3100 vds - ok
08:17:48.0730 3100 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:17:48.0782 3100 vga - ok
08:17:48.0804 3100 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
08:17:48.0865 3100 VgaSave - ok
08:17:48.0944 3100 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:17:48.0990 3100 vhdmp - ok
08:17:49.0008 3100 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
08:17:49.0035 3100 viaide - ok
08:17:49.0065 3100 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:17:49.0077 3100 volmgr - ok
08:17:49.0111 3100 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:17:49.0127 3100 volmgrx - ok
08:17:49.0173 3100 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:17:49.0225 3100 volsnap - ok
08:17:49.0260 3100 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
08:17:49.0273 3100 vsmraid - ok
08:17:49.0322 3100 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
08:17:49.0401 3100 VSS - ok
08:17:49.0425 3100 vToolbarUpdater13.2.0 - ok
08:17:49.0431 3100 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
08:17:49.0450 3100 vwifibus - ok
08:17:49.0456 3100 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
08:17:49.0477 3100 vwififlt - ok
08:17:49.0498 3100 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
08:17:49.0512 3100 vwifimp - ok
08:17:49.0550 3100 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
08:17:49.0625 3100 W32Time - ok
08:17:49.0632 3100 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
08:17:49.0664 3100 WacomPen - ok
08:17:49.0712 3100 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:17:49.0780 3100 WANARP - ok
08:17:49.0793 3100 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:17:49.0823 3100 Wanarpv6 - ok
08:17:50.0212 3100 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
08:17:50.0314 3100 WatAdminSvc - ok
08:17:50.0361 3100 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
08:17:50.0465 3100 wbengine - ok
08:17:50.0505 3100 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:17:50.0552 3100 WbioSrvc - ok
08:17:50.0600 3100 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:17:50.0632 3100 wcncsvc - ok
08:17:50.0654 3100 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:17:50.0686 3100 WcsPlugInService - ok
08:17:50.0748 3100 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
08:17:50.0812 3100 Wd - ok
08:17:50.0937 3100 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:17:51.0021 3100 Wdf01000 - ok
08:17:51.0042 3100 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:17:51.0073 3100 WdiServiceHost - ok
08:17:51.0076 3100 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:17:51.0093 3100 WdiSystemHost - ok
08:17:51.0123 3100 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
08:17:51.0167 3100 WebClient - ok
08:17:51.0220 3100 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:17:51.0302 3100 Wecsvc - ok
08:17:51.0340 3100 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:17:51.0418 3100 wercplsupport - ok
08:17:51.0455 3100 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
08:17:51.0521 3100 WerSvc - ok
08:17:51.0571 3100 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:17:51.0616 3100 WfpLwf - ok
08:17:51.0620 3100 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:17:51.0631 3100 WIMMount - ok
08:17:51.0678 3100 WinDefend - ok
08:17:51.0684 3100 WinHttpAutoProxySvc - ok
08:17:51.0828 3100 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:17:51.0884 3100 Winmgmt - ok
08:17:52.0060 3100 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
08:17:52.0148 3100 WinRM - ok
08:17:52.0221 3100 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
08:17:52.0255 3100 WinUsb - ok
08:17:52.0287 3100 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
08:17:52.0322 3100 Wlansvc - ok
08:17:52.0401 3100 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:17:52.0423 3100 wlcrasvc - ok
08:17:52.0576 3100 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:17:52.0670 3100 wlidsvc - ok
08:17:52.0727 3100 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:17:52.0768 3100 WmiAcpi - ok
08:17:52.0802 3100 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:17:52.0838 3100 wmiApSrv - ok
08:17:52.0873 3100 WMPNetworkSvc - ok
08:17:52.0887 3100 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:17:52.0903 3100 WPCSvc - ok
08:17:52.0956 3100 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:17:52.0986 3100 WPDBusEnum - ok
08:17:53.0014 3100 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:17:53.0044 3100 ws2ifsl - ok
08:17:53.0112 3100 [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(1) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
08:17:53.0122 3100 WsAudio_DeviceS(1) - ok
08:17:53.0155 3100 [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(2) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
08:17:53.0165 3100 WsAudio_DeviceS(2) - ok
08:17:53.0185 3100 [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(3) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
08:17:53.0194 3100 WsAudio_DeviceS(3) - ok
08:17:53.0213 3100 [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(4) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
08:17:53.0222 3100 WsAudio_DeviceS(4) - ok
08:17:53.0251 3100 [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(5) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
08:17:53.0260 3100 WsAudio_DeviceS(5) - ok
08:17:53.0278 3100 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
08:17:53.0322 3100 wscsvc - ok
08:17:53.0370 3100 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
08:17:53.0402 3100 WSDPrintDevice - ok
08:17:53.0457 3100 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
08:17:53.0497 3100 WSDScan - ok
08:17:53.0502 3100 WSearch - ok
08:17:53.0681 3100 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
08:17:53.0793 3100 wuauserv - ok
08:17:53.0871 3100 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:17:53.0908 3100 WudfPf - ok
08:17:53.0936 3100 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:17:53.0962 3100 WUDFRd - ok
08:17:54.0000 3100 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:17:54.0061 3100 wudfsvc - ok
08:17:54.0100 3100 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
08:17:54.0138 3100 WwanSvc - ok
08:17:54.0179 3100 ================ Scan global ===============================
08:17:54.0213 3100 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
08:17:54.0237 3100 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
08:17:54.0254 3100 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
08:17:54.0281 3100 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
08:17:54.0308 3100 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
08:17:54.0312 3100 [Global] - ok
08:17:54.0313 3100 ================ Scan MBR ==================================
08:17:54.0325 3100 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:17:55.0011 3100 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
08:17:55.0011 3100 \Device\Harddisk0\DR0 - detected TDSS File System (1)
08:17:55.0013 3100 ================ Scan VBR ==================================
08:17:55.0020 3100 [ 56474B715FE83F8F865E3A557D102766 ] \Device\Harddisk0\DR0\Partition1
08:17:55.0023 3100 \Device\Harddisk0\DR0\Partition1 - ok
08:17:55.0026 3100 ============================================================
08:17:55.0026 3100 Scan finished
08:17:55.0026 3100 ============================================================
08:17:55.0049 5380 Detected object count: 5
08:17:55.0049 5380 Actual detected object count: 5
08:18:32.0763 5380 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
08:18:32.0763 5380 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
08:18:32.0763 5380 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
08:18:32.0764 5380 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:18:32.0766 5380 Olympus DVR Service ( UnsignedFile.Multi.Generic ) - skipped by user
08:18:32.0766 5380 Olympus DVR Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:18:32.0768 5380 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
08:18:32.0768 5380 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:18:32.0909 5380 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
08:18:32.0912 5380 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
08:18:32.0967 5380 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
08:18:33.0009 5380 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
08:18:33.0010 5380 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
08:18:33.0014 5380 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
08:18:33.0015 5380 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
08:18:33.0017 5380 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
08:18:33.0019 5380 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
08:18:33.0020 5380 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
08:18:33.0021 5380 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
08:18:33.0022 5380 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
08:18:33.0022 5380 \Device\Harddisk0\DR0\TDLFS - deleted
08:18:33.0022 5380 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
08:20:21.0177 5428 Deinitialize success